Cloud & IOT Security Engineer at NCBA Group

Job Purpose Statement

The Cloud & IOT Security Engineer role focuses on developing, implementing, and maintaining secure solutions for cloud infrastructures and Internet of Things (IoT) ecosystems. As a mid-level technical position, it plays a pivotal role in safeguarding the bank’s cloud environments and IoT systems from evolving threats, ensuring robust security configurations, and facilitating seamless integration with organizational objectives.

Key Accountabilities (Duties and Responsibilities)

Cloud & IOT Security (40%)

• Assist in designing and deploying secure cloud architectures on platforms such as AWS & Azure
• Implement and monitor foundational security measures, including Identity and Access Management (IAM), encryption, and network segmentation
• Support the integration of security tools, such as Cloud Security Posture Management (CSPM) and vulnerability scanners, into cloud environments
• Collaborate on the development of secure IoT systems by enforcing device authentication, secure communication protocols, and data protection strategies
• Identify and mitigate security risks in IoT ecosystems, such as device vulnerabilities or insecure configurations
• Participate in the evaluation and implementation of IoT-specific security frameworks and standards

Technical Advisory & Collaboration (20%)

• Work with stakeholders to understand business requirements and translate them into technical security solutions
• Provide technical leadership in security incident response related to cloud or IoT systems
• Advise on regulatory and compliance requirements (e.g., GDPR, ISO 27001, NIST 800-53, and IoT-specific standards like ETSI EN 303 645)

Incident Response and Threat Management (20%)

• Support incident detection and response for cloud and IoT environments by analyzing alerts and assisting with investigations
• Conduct vulnerability assessments and help remediate security findings
• Contribute to threat modeling exercises to identify and address potential attack vectors

Ongoing Compliance and Audit Support (20%)

• Work closely with the Governance, Risk, and Compliance (GRC) team to ensure adherence to regulatory requirements such as GDPR, ISO 27001, PCI DSS, NIST, and IoT-specific standards like ETSI EN 303 645
• Assist in preparing documentation and evidence for internal and external audits, including risk assessments, security configurations, and incident reports
• Ensure that all cloud and IoT security practices align with ongoing compliance audits and organizational policies
• Track remediation of findings from audits and ensure timely resolution of non-compliance issues

Job Specifications

Ideal Person Specifications:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field
• 2-5 years of experience in cloud security, IoT security, cybersecurity architecture, and cybersecurity engineering
• Hands-on expertise with security tools and platforms such as IDS/IPS, firewalls, VPNs, SIEM, and cloud security solutions
• Proficiency in scripting or automation (e.g., Python, PowerShell, Ansible) is a plus
• Relevant certifications such as AWS Certified Security Specialty, Azure Security Engineer Associate, Google Professional Cloud Security Engineer, CompTIA Security+, Certified Ethical Hacker (CEH), Cisco CyberOps Associate, ISO 27001 Lead Implementer/Auditor, or other governance-related certifications are preferred.

Behavioral Competencies:

• Strong analytical and problem-solving skills with a technical mindset
• A proactive approach to ensuring security and compliance in cloud and IoT environments
• Effective communication and collaboration abilities, with a focus on teamwork
• Commitment to continuous learning and professional growth