Job Opportunities

Cloud & Infrastructure Engineer (Firewall, SAP, PAM)

We’re seeking a hands-on engineer with proven experience in cloud infrastructure, network security/firewall configuration, a practical understanding of SAP landscapes, and Privileged Access Management (PAM) operations. You will design, secure, and optimize hybrid environments, enforce least-privilege across critical systems, and support SAP availability, performance, and compliance requirements.

Key Responsibilities:
Cloud Infrastructure (AWS/Azure/GCP)
Design, deploy, and maintain cloud landing zones using IaC (Terraform/CloudFormation/Bicep) and CI/CD pipelines.
Implement network segmentation (VPC/VNet), routing, security groups/NSGs, and hybrid connectivity (VPN/ExpressRoute/Direct Connect).
Monitor and optimize performance, cost, and reliability; apply autoscaling, backup/restore, DR strategies, and patching baselines.
Enforce cloud security best practices (identity, key management, encryption at rest/in transit, logging/monitoring).

Firewall & Network Security:
Configure, harden, and maintain enterprise firewalls (e.g., Palo Alto, Fortinet, Check Point) including policies, NAT, routing, zones, and objects.
Implement content inspection (App-ID, IPS/IDS), SSL decryption where appropriate, and micro-segmentation.
Conduct rule reviews, cleanup, and change management aligned to least-privilege; respond to and remediate security incidents.
Integrate firewalls with SIEM/SOAR for monitoring and automated response.

SAP (Basis & Infrastructure Perspective):
Support SAP system landscape (DEV/QA/PRD) from infra side: sizing, OS/DB basics, HA/DR, backups, and performance troubleshooting.
Coordinate with SAP Basis/application teams on transport strategy, interface connectivity, and secure network paths to SAP services.
Implement and validate SAP-specific network and identity controls (e.g., secure RFCs, SNC, SAPRouter hardening, certificate management).
Ensure infrastructure changes do not impact SAP SLAs; participate in cutovers and maintenance windows.

Privileged Access Management (PAM):
Deploy and administer PAM solutions (e.g., CyberArk, BeyondTrust, Delinea), vaulting privileged credentials, onboarding target systems, and managing session recording.
Implement least-privilege policies, JIT access, MFA/strong authentication, and periodic access reviews with audit-ready evidence.
Integrate PAM with directories/IDP and critical platforms (firewalls, servers, databases, SAP).
Monitor PAM logs/alerts, remediate misconfigurations, and run continuous improvement cycles.

Governance, Risk & Compliance:
Document architectures, runbooks, and standard operating procedures.
Maintain compliance with internal policies and external frameworks (e.g., ISO 27001, NIST CSF, SOC 2); support audits with evidence.
Participate in security assessments, threat modeling, and incident response drills.
Drive continuous improvement: automation, standardization, and measurable risk reduction.

Required Qualifications:
Experience: 3–5 years in cloud infrastructure & network security, including hands-on firewall configuration; exposure to SAP landscapes; operational experience with a PAM tool.

Technical Skills:
Cloud: VPC/VNet, IAM, KMS, security groups/NSGs, load balancers, autoscaling, backup/DR, IaC (Terraform/CloudFormation/Bicep), CI/CD.
Network/Firewall: L3/L4/L7 policy design, NAT, routing, VPN, site-to-site, SSL decryption, IPS/IDS, log forwarding/SIEM.
SAP: Basic Basis/infrastructure understanding (S/4HANA or ECC), SAPRouter/SNC, OS/DB fundamentals, HA/DR, performance troubleshooting.
PAM: Vaulting, policy setup, session management/recording, onboarding systems, access reviews, integrations with AD/IDP.

Scripting/Automation: Python/PowerShell/Bash for ops automation and API integrations.
Methodologies: Change management, incident/problem management (ITIL concepts), RBAC/least-privilege.
Soft Skills: Clear communication, documentation, stakeholder engagement, and on-call readiness.


Preferred/“Nice-to-Have”:
Certifications: AWS/Azure/Professional; Palo Alto PCNSA/PCNSE; Fortinet NSE; CyberArk Trustee/Defender; SAP Technology Associate; ISO 27001 Lead Implementer/Auditor.
Experience with Kubernetes, container security, WAF, Web gateways, ZTNA/SASE.
Familiarity with SIEM (e.g., Splunk, Sentinel), vulnerability management (Qualys/Nessus), and EDR/XDR.
Experience with regulatory requirements in [your region], and audit support.

Key Competencies:
Security-by-design mindset; strong troubleshooting and root-cause analysis.
Structured documentation and runbook creation; change control discipline.
Cross-functional collaboration with application, security, and infrastructure teams.
Ownership and accountability for uptime, performance, and security outcomes.

Performance Indicators (KPIs):
Firewall rule hygiene (e.g., reduction in overly-permissive rules by X%).
Mean time to detect/respond (MTTD/MTTR) for infra/security incidents.
PAM onboarding coverage (percent of privileged accounts/systems vaulted).
SAP infra change success rate and SLA adherence.
Cost optimization and reliability metrics in cloud (e.g., rightsizing savings, backup/DR test success).
Audit readiness: evidence quality and number of nonconformities.