Cloud Security Engineer ( CAC Verification Automation and Release)

Insight Global is looking for a Cloud Security Engineer for one of the leading banks in Toronto. We are looking for a detailed-oriented Cloud Security Engineer to join our team. This individual will focus on automating and validating compliance as code (CaC) policies across multi cloud environments including GCP, Azure and AWS. This role involves creating and implementing automated test cases to ensure these policies function as intended.The engineer will integrate these tests into GitHub based CI CD pipelines using GitHub workflows and GitHub actions and leverage Terraform, Python, PowerShell.

Mainly responsibilities include the below:

· Design, develop, implement and maintain automated test frameworks for the behavior of existing compliance as a code policy across cloud environments (GCP/AWS/Azure) in alignment with banking regulations.

· Develop comprehensive positive negative and edge exception test cases to validate policy enforcement logic.

· Build automated test pipelines integrated with CI CD workflows to ensure continuous validation of CAC changes

· Collaborate with CaC policy developers and security architects and Cloud Service Owners to understand intended behavior and failure conditions

· Implement mock cloud environments/services/IAM for to simulate realistic scenarios for policy testing

· Maintain a test suite library and ensure traceability between compliance requirements validation cases and artifacts

Continuous testing & CI/CD integration

· Integrate compliance validation tests into CI CD pipelines GitHub actions GitHub workflows and terraform to enforce continuous compliance checks before deployment.

· Automate security scanning and validation of terraform deployments with PowerShell, and Python

· Validate the enforcement of banking cloud security policies by embedding automated compliance checks into DevSecOps workflows and actions.

Cloud Security and Regulatory Compliance enforcement

· Work closely with Banking security, DevSecOps teams, and Cloud Compliance governance teams to define and enforce cloud security controls in accordance with regulatory mandates.

· Validate cloud resource configurations against financial industry standards, (NIST, ISO 27001, SOC 2)

Reporting & Audit Readiness

· Implement/test logging and monitoring solutions to detect compliance violations in real time.

· Automate/validate the generation of compliance reports and dashboards using tools like SonarQube, Wiz.IO, Splunk

· Ensure that all Standards & STIG requirements for IAAS, PaaS, SaaS CaC development, and testing activities are traceable and auditable for internal risk assessments and external regulatory audits.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

-Strong Knowlege of GCP, Azure, AWS.
-4+ years in Cloud Security, DevSecOps, or Cloud Engineering roles.
-Cloud infrastructure as a code - experience with Terraform, Helm, ARM, JSON, YAML
-Compliance as Code (CaC)- Hands on experience with HashiCorp Sentinel, Azure policy, Wiz policy, GCP Org policy and Open Policy Agent, Kubernetes
-CI/CD Pipelines- Experience with GitHub actions, Jenkins
-Scripting and Automation- Proficiency in Python, Bash, Go, PowerShell, terraform and automate testing framework.
-Cloud Security & Compliance – Understanding of CIS benchmarks, NIST standards and security frameworks.
-

-Specifications; Azure fundamentals certification Azure security engineer associate, GCP fundamentals certification

-Experience with multi cloud security testing GCP, Azure and AWS

-Experience with Container security and Kubernetes policy enforcement

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.