Job Description

Role Purpose

The Cloud Security (Wiz Admin) is responsible for administering, operating, and optimising Aviva’s Wiz Cloud Security Posture Management (CSPM/CNAPP) platform.

The administrator will drive operational excellence, support engineering teams, integrate Wiz into enterprise tooling, and maintain policy compliance and posture improvement.

Key Responsibilities:

Platform Administration & Operations

• Own day‑to‑day administration of the Wiz platform across all cloud environments.

• Maintain Wiz connectors, least‑privilege roles, integration points, and scanning configurations.

• Ensure onboarding/offboarding of cloud accounts, subscriptions, and K8s clusters.

• Monitor platform health, ingestion coverage, API integrations, and license utilisation.

Cloud Posture Management

• Review, tune, and maintain security policies, controls, and baselines (e.g., CIS, NIST, ISO).

• Validate and enhance attack path analysis, identity risk detection, and data exposure mapping.

• Prioritise findings using impact‑based and exploit‑path‑based logic.

• Partner with Cloud Platform teams to ensure guardrails remain aligned with Wiz detections.

Shift‑Left Enablement

• Work with DevOps/SRE teams to embed Wiz in CI/CD pipelines for IaC scanning.

• Run onboarding sessions for teams on using Wiz Issues, Projects, and Policy‑as‑Code.

• Validate false positives/negatives and fine‑tune policy gates for Terraform, ARM/Bicep, and CloudFormation.

Incident & Risk Handling

• Support Cloud Security, SOC, and IR teams during investigations involving publicly exposed, exploitable, or high‑risk cloud assets.

• Provide expert analysis on Wiz findings and attack paths; propose remediation and compensating controls.

• Contribute to post‑incident reviews, root‑cause analysis, and long‑term posture improvements.

Integrations & Automation

• Maintain integrations with Jira/ADO, SIEM/SOAR, Slack/Teams, and CMDB/GRC.

• Automate workflows for enrichment, prioritisation, ticketing, and reporting.

• Partner with Engineering to build auto‑remediation playbooks for safe‑to‑fix classes (e.g., public S3, permissive IAM).

Governance, Reporting & Compliance

• Produce monthly security posture reports for leadership and Risk/Compliance teams.

• Track KPIs (coverage, MTTR, SLA adherence, risk trends).

• Support external and internal audit requests using Wiz’s evidence and compliance modules.

• Manage exceptions/waivers and ensure they are reviewed and retired on schedule.

͏

Core Technical Skills Required:

• Strong understanding of AWS, Azure, and GCP security controls and architecture.

• Hands‑on experience with cloud IAM, network security, logging/monitoring, and workload security.

• Familiarity with Kubernetes security and container image scanning.

• Experience operating cloud security platforms (Wiz preferred; alternatives: Prisma, Lacework, Defender for Cloud).

• Working knowledge of Infrastructure‑as‑Code (Terraform strongly preferred).

• Understanding of identity and entitlements management (CIEM).

• Ability to analyse cloud attack paths and map misconfigurations to real exploitable risk.

Nice-to-Have Skills Required:

• Experience integrating security tools into CI/CD pipelines (Azure DevOps, GitHub, GitLab).

• Knowledge of SAST/DAST/Secret scanning tools.

• Exposure to SRE or Cloud Platform engineering.

͏

͏

͏