Cloud Security Engineer
Maybank
Job Description
About the RoleDefine, maintain, assess and govern cloud security related framework, policies, processes for MSL.Configure, test, implement and maintain cloud security related infrastructure/tools deployed.Implement and maintain data classification and labeling (Purview Information Protection), govern auto-labeling policies and testing.Test, Implement and tune DLP to MSL/Singapore data categories to minimise false positives with stakeholder sign-off.Test and perform key and certificate governance and rotation operationsProduce regulatory evidence (label adoption, DLP effectiveness, incident handling artefacts) and run user awareness for sensitive data handling.L2 technical and incident response for cloud related security incident / compromise, and coordinate with SOC/Sentinel.
Key Responsibilities1. Cloud security tooling and platform control implementationConfigure/test/maintain security tools (e.g., Purview, DLP, Defender for Cloud, Sentinel connectors, CASB features as applicable).Define runbooks, monitoring, alert tuning.Implement change management, rollback plans, and BAU maintenance.
- Cloud security governanceMaintain documentation (e.g. policies, procedures, etc.) on cloud security, Azure/M365/AWS. Run periodic control reviews and gap assessments on cloud security. Maintain traceability to regulatory and internal requirements.Management reporting
- L2 engineering support and incident responseL2 triage for cloud security incidentsInvestigate (logs, alerts, Purview/DLP events) Contain/remediate with SOC/Sentinel and platform teams; Control improvements
- Implement data classification and labelingImplement sensitivity labelsConfigure auto-labeling policiesCreate test plans and UAT with business ownersManage label lifecycle (changes, deprecation, communications)
You are someone with:Bachelor's degree in Information Security, Computer Science, Engineering, Information Technology, or related field.Minimum of 5 years relevant experience in Microsoft Azure, AWS, cloud security, security and/or engineering. Microsoft certifications relevant to identity/security such as:> SC-400 (Information Protection)> SC-100 (Cybersecurity Architect)> AZ-500 (Azure Security Engineer)> CCSP or CISSP or CISM or CompTIA SecurityRelevant working experience in regulated environments (e.g. banking, FSIs) and/or audit/regulatory engagements is an advantage.Cloud security engineering in Azure / M365, secure configuration, monitoring and logging.Defender/Sentinel integrations (or equivalent SOC tooling)Hands-on with Microsoft Purview Information Protection, and DLP across relevant workloads.Scripting/automation for operations and evidence. E.g.
PowerShell (strongly preferred).Ability to translate requirements into practical standards and enforceable baselines.Strong documentation discipline.Strong stakeholder management.Incident mindset on structured triage, root cause thinking, and continual control improvement.