Cloud Security Lead (Azure / GCP)

Job Details

$1000 per day
Job Type
over 2 years ago
  • Large financial institution
  • Massive large-scale cloud migration and security project
  • Long term contract opportunity, market leading rates
Outstanding opportunity to join one of Australia’s largest financial institutions embarking on a large cloud migration project.

Client Details

Our client is one of the leading financial institutions in Australia and are a household name. They are currently undergoing a massive and thorough technology upgrade to position the business competitively for the future.

This position is a highly visible and influential role, with an enterprise wide scope and the ability to have a tangible impact within the organisation, as well as an opportunity to build a strong and resilient cloud security function.


In order to improve customer experience and overall security, our client is currently conducting a very large transfer of company and client data to the cloud, requiring an experienced Cloud Security specialist to help them to achieve this.

For each new cloud service (Azure & GCP) responsibilities will include:
  • Manage the overall delivery and status reporting to the project and Cyber Defense management
  • Work with the Cyber Threat Intelligence team to ensure the new Azure/GCP service’s impacts to intelligence requirements, collection plans and the intelligence life-cycle are understood, and necessary changes implemented
  • Perform and document attack modelling with input from Azure/GCP SMEs (HIP, CloudSecOps, Security Architects) and Cyber Defence stakeholders (Red Team, Detection, Cyber Response) to identify threats, possible attack scenarios, TTPs, adversary actions and points of exposure
  • Convert attack modelling outputs into Detection Use Cases and incorporate into the Cyber Defence use case model
  • Where possible, existing Use Cases, service provider Use Cases, and any public / available Use Cases 
  • Liaise with Azure SMEs and internal Splunk resources to ensure appropriate logs are identified/created, on boarded and appropriately ingested into Splunk ES, CIM and ES Data Models
  • Implement Splunk ES content/rules and changes to broader detection tools (as required for non-log centric Detection Use Cases) to ensure Detection Use Cases are achieved
  • Implement alerting with adequate context / information for Cyber Response teams to investigate and respond
  • Document triage / response playbooks to guide an Analyst on how to respond to alerts. This also includes identifying opportunities for automation and orchestration for subsequent SOAR playbook development
  • Identify and document necessary controls (technical & process) that allow Analysts to investigate, contain, eradicate, remediate threats
  • Ensure risks and issues are called out and escalated appropriately, including risks/issues with the security model and with delivery/execution
  • Document and maintain the critical elements of the Azure/GCP service in the Cyber Defence Wiki, run information and training sessions with the Cyber Defence team and ensure operational acceptance


• 6+ years of experience with cloud security overall, Azure preferred. Any level of GCP experience will be prioritized

• Ability to think like an attacker, and build detection and response mechanisms accordingly

• Splunk experience highly preferred

• Experience with the assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes

• General knowledge of secure software development, identity and access management (IAM), data protection, cryptography, network security, and key management

• Experience across SaaS, IaaS, PaaS, and other cloud environments

• Experience working with cloud security and governance tools, server virtualization technologies, and CASBs

• Ability to design and implement cloud security controls that are in line with agreed strategies, business direction and security risk appetite

• Experience with common and industry standard cloud-native/cloud-friendly authentication mechanisms

• Industry certifications such as GPEN, OSCP, OSCE are beneficial

Our client will offer a highly competitive daily rate commensurate with experience. This is a long-term contracting engagement, with a high probability of permanent employment for exceptional candidates.

To apply for this position, please click the 'Apply Now' button below. For a confidential discussion, please contact Stuart van Heerden on 03 8547 1333.