Cyber Security Engineer

About Us: At Catalyst Labs, catalytic growth isn't just a concept, it's our driving force. Our mission is to help businesses soar to new heights by building exceptional offshore teams. Specializing in both Business Process Outsourcing (BPO) and Knowledge Process Outsourcing (KPO), our expertise transcends traditional boundaries, creating teams that excel in diverse work environments across any domain.

Location: Remote - Within Sri Lanka.

Work type: Part time, Flexible hours.

We are looking for a skilled and motivated Cyber security Engineer to join our remote team part-time, based in Sri Lanka. You will play a pivotal role in ensuring security for our generative AI applications and perform in-depth security audits.

Experience: 3+ years of experience in Cyber Security Engineering or a similar role.

Roles & Responsibilities:

• Ensure AWS infrastructure is configured securely, focusing on IAM roles, security groups, VPC configurations, and networking policies.

• Conduct security reviews of Kubernetes (EKS) clusters, ensuring adherence to best practices.

• Implement container security solutions, including vulnerability scanning and runtime protection for Docker containers.

• Implement and maintain monitoring, logging, and alerting solutions to detect and respond to security incidents.

• Develop playbooks and processes for incident response, including handling vulnerabilities and threats.

• Ensure compliance with relevant standards such as ISO 27001, SOC 2, GDPR, or other applicable regulations.

• Automate security tasks using tools and scripting languages such as Python or Bash.

• Integrate security checks into CI/CD workflows, leveraging tools like Aqua Security, Twistlock, or Trivy.

• Work with DevOps and development teams to embed security in the development lifecycle.

• Provide training and guidance on secure coding and best practices.

• Maintain clear documentation.

Technical requirements:

• Strong knowledge of AWS security practices, including IAM, encryption (KMS), WAF, Shield, and CloudTrail.

• Proficiency in securing Kubernetes environments, including experience with EKS.

• Familiarity with container security tools

• Proficiency in Terraform and IaC for secure infrastructure provisioning.

• Scripting skills (e.g., Python, Bash) for automation.

• Familiarity with security frameworks and compliance standards.

Non technical requirements:

• Communicate security concepts effectively to both technical and non-technical audiences.

• Identify potential vulnerabilities and resolve them before they become risks.

• Demonstrate a proactive approach to securing infrastructure and applications.

• Advocate for and implement improvements in security practices, tooling, and awareness across the organization.