Skill-Profil

Cloud Security

IAM policies, security groups, encryption at rest/transit, GuardDuty, CloudTrail

Security Infrastructure Security

Rollen

wo dieser Skill vorkommt

Stufen

strukturierter Entwicklungspfad

Pflichtanforderungen

die anderen 11 optional

Domäne

Security

skills.group

Infrastructure Security

Zuletzt aktualisiert

17.3.2026

Verwendung

Wählen Sie Ihr aktuelles Level und vergleichen Sie die Erwartungen.

Was wird auf jedem Level erwartet

Die Tabelle zeigt, wie die Tiefe von Junior bis Principal wächst.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Understands basic Cloud Infrastructure Security concepts. Follows security guidelines. Recognizes typical code vulnerabilities.
Cloud Engineer		Understands the fundamentals of Cloud Security. Applies basic practices in daily work. Follows recommendations from the team and documentation.
DevSecOps Engineer	Pflicht	Studies AWS Security Hub, IAM best practices, S3 bucket policies. Configures MFA for root account and IAM users. Applies AWS Config rules for basic compliance. Uses ScoutSuite for automated cloud account security audit and misconfiguration detection.
Infrastructure Engineer		Understands basic cloud security principles: IAM users and roles, principle of least privilege, MFA for console access. Knows why security groups and NACLs are needed, can verify S3 bucket public accessibility and follows basic AWS/GCP security recommendations.
Network Engineer		Knows basic cloud security concepts for network engineering and can apply them in typical tasks. Uses standard tools and follows established team practices. Understands when and why this approach is used.
Penetration Testing Engineer	Pflicht	Understands basic Cloud Infrastructure Security concepts. Follows security guidelines. Recognizes common vulnerabilities in code.
QA Security Engineer		Tests cloud security basics: IAM policies audit, public S3 buckets detection, security group review. Uses ScoutSuite/Prowler for cloud security assessment.
Security Analyst	Pflicht	Understands basic Cloud Infrastructure Security concepts. Follows security guidelines. Recognizes common code vulnerabilities.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Applies cloud security principles to application workloads. Conducts security reviews of cloud-native apps using CSPM tools. Performs container image scanning and serverless function analysis to identify misconfigurations and vulnerabilities in deployment pipelines.
Cloud Engineer		Implements security best practices: IAM roles instead of access keys, SCPs for guardrails, VPC Flow Logs for monitoring. Configures AWS Config Rules, SecurityHub, GuardDuty for automated threat detection. Implements encryption at rest and in transit for all services.
DevSecOps Engineer	Pflicht	Introduces AWS Security Hub with CIS and PCI DSS standards enabled. Configures GuardDuty for threat detection, AWS Config for continuous compliance. Implements landing zone with Control Tower and SCPs. Manages IAM through Terraform with enforced MFA and session policies.
Infrastructure Engineer		Configures cloud security through IaC: IAM policies with conditions and boundaries, SCPs for Organization, encryption at rest through KMS. Configures CloudTrail for auditing, AWS Config Rules for compliance checks, sets up VPC Flow Logs for network traffic monitoring.
Network Engineer		Confidently applies cloud security for network engineering in non-standard tasks. Independently selects the optimal approach and tools. Analyzes trade-offs and proposes improvements to existing solutions.
Penetration Testing Engineer	Pflicht	Performs cloud penetration testing across AWS, Azure, and GCP environments. Conducts security reviews targeting IAM misconfigurations and exposed services. Uses cloud-specific exploitation tools and techniques to identify privilege escalation paths and data exfiltration vectors.
QA Security Engineer		Conducts cloud security assessment: multi-service audit (IAM, networking, encryption, logging), compliance checks (CIS Benchmarks). Configures automated scanning with Prowler/Checkov.
Security Analyst	Pflicht	Monitors cloud environments using SIEM platforms and CloudTrail analysis. Conducts security reviews of cloud resource configurations. Uses cloud-native detection tools to identify suspicious activity, analyze security events, and escalate confirmed threats for incident response.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Designs security solutions with Cloud Infrastructure Security. Conducts threat modeling. Implements security practices in SDLC. Mentors the team.
Cloud Engineer	Pflicht	Designs security architecture: centralized security account, cross-account CloudTrail and Config aggregation, automated remediation. Introduces infrastructure security scanning in CI/CD, compliance-as-code through AWS Config Conformance Packs. Conducts security review of architectural decisions.
DevSecOps Engineer	Pflicht	Designs multi-account cloud security architecture with AWS Organizations. Configures centralized logging (CloudTrail, VPC Flow Logs) in Security Account. Introduces Cloud Security Posture Management (Prisma Cloud/Wiz). Develops custom Config rules with automated remediation.
Infrastructure Engineer	Pflicht	Designs cloud infrastructure security architecture: multi-account strategy with security hub, centralized logging through CloudTrail + S3 + Athena, GuardDuty for threat detection. Implements CSPM (Cloud Security Posture Management), configures automatic remediation through Lambda and designs cross-account access patterns.
Network Engineer		Expertly applies cloud security for network engineering to design complex systems. Optimizes existing solutions and prevents architectural mistakes. Conducts code reviews and trains colleagues on best practices.
Penetration Testing Engineer	Pflicht	Designs cloud penetration testing methodologies for complex multi-account AWS/Azure/GCP environments. Conducts threat modeling of cloud architectures to identify attack surfaces. Integrates offensive security findings into SDLC processes and mentors junior pentesters on cloud exploitation techniques.
QA Security Engineer	Pflicht	Designs cloud security testing program: continuous compliance monitoring, infrastructure-as-code security (tfsec, Checkov), multi-cloud assessment. Implements custom checks.
Security Analyst	Pflicht	Designs cloud threat detection strategies using advanced SIEM correlation rules and CloudTrail analytics. Conducts threat modeling for cloud-hosted services. Integrates cloud incident response playbooks into the SDLC and mentors analysts on cloud forensics and threat hunting techniques.
Solutions Architect	Pflicht	Designs secure cloud architectures following the Well-Architected Framework security pillar and zero-trust principles. Conducts threat modeling of distributed cloud systems. Integrates security guardrails into infrastructure-as-code pipelines and mentors teams on secure cloud design patterns.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Defines cloud application security strategy incorporating CSPM, container security, and serverless protection standards. Establishes security policies for cloud-native development workflows. Coordinates incident response for application-layer cloud breaches and trains teams on secure cloud coding practices.
Cloud Engineer	Pflicht	Defines cloud platform security strategy: security baseline for new accounts, incident response runbooks, vulnerability management program. Introduces CSPM (Cloud Security Posture Management), trains teams on secure-by-default approach. Manages security exceptions and risk acceptance.
DevSecOps Engineer	Pflicht	Defines cloud security strategy for multi-cloud environment (AWS, GCP, Azure). Manages Cloud Security team. Builds Cloud Governance Framework with automated enforcement. Integrates CSPM, CWPP and CIEM into unified platform. Reports to CISO on cloud risk posture.
Infrastructure Engineer	Pflicht	Defines cloud security standards for the organization: baseline security controls for each account type, IAM role standards, data encryption policies. Reviews team security architectures, implements security guardrails through SCPs and Terraform modules, defines SLO for vulnerability time-to-remediate.
Network Engineer		Establishes cloud security standards for the network engineering team and makes architectural decisions. Defines the technical roadmap incorporating this skill. Mentors senior engineers and influences practices of adjacent teams.
Penetration Testing Engineer	Pflicht	Defines offensive cloud security strategy across AWS, Azure, and GCP attack surfaces. Establishes penetration testing policies and red team engagement rules for cloud infrastructure. Coordinates response to critical cloud vulnerabilities discovered during assessments and trains teams on cloud exploitation frameworks.
QA Security Engineer	Pflicht	Defines cloud security testing standards: mandatory assessments per account, compliance framework (SOC2, ISO 27001), reporting requirements. Coordinates with cloud engineering.
Security Analyst	Pflicht	Defines cloud security monitoring strategy using SIEM, CloudTrail, and cloud-native detection services. Establishes cloud security policies and alert triage procedures. Coordinates cloud incident response across distributed teams and trains analysts on cloud threat intelligence and forensic investigation methods.
Solutions Architect	Pflicht	Defines secure cloud architecture strategy based on zero-trust principles and the Well-Architected Framework security pillar. Establishes security policies for multi-cloud deployments. Coordinates incident response at the infrastructure level and trains engineering teams on secure cloud design and compliance requirements.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Defines enterprise cloud application security strategy spanning CSPM, container orchestration, and serverless platforms. Shapes security architecture standards for cloud-native ecosystems. Coordinates compliance with SOC 2, ISO 27001 for cloud workloads and represents the organization at cloud security conferences and working groups.
Cloud Engineer	Pflicht	Shapes enterprise-level cloud security strategy: Zero Trust Architecture, cloud-native SIEM (CloudTrail Lake, Chronicle), supply chain security. Defines compliance frameworks (SOC2, ISO 27001, PCI DSS), designs security reference architecture for multi-cloud.
DevSecOps Engineer	Pflicht	Architecturally defines enterprise cloud security approach. Develops Cloud Security Reference Architecture. Defines Zero Trust strategy for cloud workloads. Influences cloud provider selection considering compliance and data sovereignty requirements.
Infrastructure Engineer	Pflicht	Shapes company cloud security strategy: Security Operations Center architecture for cloud, compliance framework (SOC2, ISO27001, PCI DSS), vendor risk management. Defines roadmap for CNAPP, zero-trust architecture and cloud-native SIEM, coordinates with auditors and regulators.
Network Engineer		Shapes cloud security strategy for network engineering at the organizational level. Defines best practices and influences technology choices beyond their own team. Is a recognized expert in this area.
Penetration Testing Engineer	Pflicht	Defines enterprise offensive security strategy for cloud environments across all major providers. Shapes red team architecture and advanced cloud exploitation research programs. Coordinates compliance of penetration testing practices with regulatory frameworks and represents the organization in offensive security communities and conferences.
QA Security Engineer	Pflicht	Designs cloud security assurance: continuous compliance platform, multi-cloud security governance, automated remediation. Defines organizational cloud security strategy.
Security Analyst	Pflicht	Defines enterprise cloud security monitoring and detection strategy across multi-cloud environments. Shapes security operations architecture including SOC modernization for cloud workloads. Coordinates compliance with industry security standards and represents the organization in cloud security threat intelligence sharing communities.
Solutions Architect	Pflicht	Defines enterprise secure cloud architecture strategy with zero-trust frameworks across multi-cloud and hybrid environments. Shapes organization-wide security architecture governance and reference designs. Coordinates compliance with regulatory and industry security standards and represents the organization in cloud security architecture forums.

Junior 8 Anforderungen

Application Security Engineer
Pflicht

Understands basic Cloud Infrastructure Security concepts. Follows security guidelines. Recognizes typical code vulnerabilities.
Cloud Engineer

Understands the fundamentals of Cloud Security. Applies basic practices in daily work. Follows recommendations from the team and documentation.
DevSecOps Engineer
Pflicht

Studies AWS Security Hub, IAM best practices, S3 bucket policies. Configures MFA for root account and IAM users. Applies AWS Config rules for basic compliance. Uses ScoutSuite for automated cloud account security audit and misconfiguration detection.

Infrastructure Engineer

Understands basic cloud security principles: IAM users and roles, principle of least privilege, MFA for console access. Knows why security groups and NACLs are needed, can verify S3 bucket public accessibility and follows basic AWS/GCP security recommendations.
Network Engineer

Knows basic cloud security concepts for network engineering and can apply them in typical tasks. Uses standard tools and follows established team practices. Understands when and why this approach is used.
Penetration Testing Engineer
Pflicht

Understands basic Cloud Infrastructure Security concepts. Follows security guidelines. Recognizes common vulnerabilities in code.
QA Security Engineer

Tests cloud security basics: IAM policies audit, public S3 buckets detection, security group review. Uses ScoutSuite/Prowler for cloud security assessment.
Security Analyst
Pflicht

Understands basic Cloud Infrastructure Security concepts. Follows security guidelines. Recognizes common code vulnerabilities.

Middle 8 Anforderungen

Application Security Engineer
Pflicht

Applies cloud security principles to application workloads. Conducts security reviews of cloud-native apps using CSPM tools. Performs container image scanning and serverless function analysis to identify misconfigurations and vulnerabilities in deployment pipelines.
Cloud Engineer

Implements security best practices: IAM roles instead of access keys, SCPs for guardrails, VPC Flow Logs for monitoring. Configures AWS Config Rules, SecurityHub, GuardDuty for automated threat detection. Implements encryption at rest and in transit for all services.
DevSecOps Engineer
Pflicht

Introduces AWS Security Hub with CIS and PCI DSS standards enabled. Configures GuardDuty for threat detection, AWS Config for continuous compliance. Implements landing zone with Control Tower and SCPs. Manages IAM through Terraform with enforced MFA and session policies.

Infrastructure Engineer

Configures cloud security through IaC: IAM policies with conditions and boundaries, SCPs for Organization, encryption at rest through KMS. Configures CloudTrail for auditing, AWS Config Rules for compliance checks, sets up VPC Flow Logs for network traffic monitoring.
Network Engineer

Confidently applies cloud security for network engineering in non-standard tasks. Independently selects the optimal approach and tools. Analyzes trade-offs and proposes improvements to existing solutions.
Penetration Testing Engineer
Pflicht

Performs cloud penetration testing across AWS, Azure, and GCP environments. Conducts security reviews targeting IAM misconfigurations and exposed services. Uses cloud-specific exploitation tools and techniques to identify privilege escalation paths and data exfiltration vectors.
QA Security Engineer

Conducts cloud security assessment: multi-service audit (IAM, networking, encryption, logging), compliance checks (CIS Benchmarks). Configures automated scanning with Prowler/Checkov.
Security Analyst
Pflicht

Monitors cloud environments using SIEM platforms and CloudTrail analysis. Conducts security reviews of cloud resource configurations. Uses cloud-native detection tools to identify suspicious activity, analyze security events, and escalate confirmed threats for incident response.

Senior 9 Anforderungen

Application Security Engineer
Pflicht

Designs security solutions with Cloud Infrastructure Security. Conducts threat modeling. Implements security practices in SDLC. Mentors the team.
Cloud Engineer
Pflicht

Designs security architecture: centralized security account, cross-account CloudTrail and Config aggregation, automated remediation. Introduces infrastructure security scanning in CI/CD, compliance-as-code through AWS Config Conformance Packs. Conducts security review of architectural decisions.
DevSecOps Engineer
Pflicht

Designs multi-account cloud security architecture with AWS Organizations. Configures centralized logging (CloudTrail, VPC Flow Logs) in Security Account. Introduces Cloud Security Posture Management (Prisma Cloud/Wiz). Develops custom Config rules with automated remediation.

Infrastructure Engineer
Pflicht

Designs cloud infrastructure security architecture: multi-account strategy with security hub, centralized logging through CloudTrail + S3 + Athena, GuardDuty for threat detection. Implements CSPM (Cloud Security Posture Management), configures automatic remediation through Lambda and designs cross-account access patterns.
Network Engineer

Expertly applies cloud security for network engineering to design complex systems. Optimizes existing solutions and prevents architectural mistakes. Conducts code reviews and trains colleagues on best practices.
Penetration Testing Engineer
Pflicht

Designs cloud penetration testing methodologies for complex multi-account AWS/Azure/GCP environments. Conducts threat modeling of cloud architectures to identify attack surfaces. Integrates offensive security findings into SDLC processes and mentors junior pentesters on cloud exploitation techniques.
QA Security Engineer
Pflicht

Designs cloud security testing program: continuous compliance monitoring, infrastructure-as-code security (tfsec, Checkov), multi-cloud assessment. Implements custom checks.
Security Analyst
Pflicht

Designs cloud threat detection strategies using advanced SIEM correlation rules and CloudTrail analytics. Conducts threat modeling for cloud-hosted services. Integrates cloud incident response playbooks into the SDLC and mentors analysts on cloud forensics and threat hunting techniques.
Solutions Architect
Pflicht

Designs secure cloud architectures following the Well-Architected Framework security pillar and zero-trust principles. Conducts threat modeling of distributed cloud systems. Integrates security guardrails into infrastructure-as-code pipelines and mentors teams on secure cloud design patterns.

Lead / Staff 9 Anforderungen

Application Security Engineer
Pflicht

Defines cloud application security strategy incorporating CSPM, container security, and serverless protection standards. Establishes security policies for cloud-native development workflows. Coordinates incident response for application-layer cloud breaches and trains teams on secure cloud coding practices.
Cloud Engineer
Pflicht

Defines cloud platform security strategy: security baseline for new accounts, incident response runbooks, vulnerability management program. Introduces CSPM (Cloud Security Posture Management), trains teams on secure-by-default approach. Manages security exceptions and risk acceptance.
DevSecOps Engineer
Pflicht

Defines cloud security strategy for multi-cloud environment (AWS, GCP, Azure). Manages Cloud Security team. Builds Cloud Governance Framework with automated enforcement. Integrates CSPM, CWPP and CIEM into unified platform. Reports to CISO on cloud risk posture.

Infrastructure Engineer
Pflicht

Defines cloud security standards for the organization: baseline security controls for each account type, IAM role standards, data encryption policies. Reviews team security architectures, implements security guardrails through SCPs and Terraform modules, defines SLO for vulnerability time-to-remediate.
Network Engineer

Establishes cloud security standards for the network engineering team and makes architectural decisions. Defines the technical roadmap incorporating this skill. Mentors senior engineers and influences practices of adjacent teams.
Penetration Testing Engineer
Pflicht

Defines offensive cloud security strategy across AWS, Azure, and GCP attack surfaces. Establishes penetration testing policies and red team engagement rules for cloud infrastructure. Coordinates response to critical cloud vulnerabilities discovered during assessments and trains teams on cloud exploitation frameworks.
QA Security Engineer
Pflicht

Defines cloud security testing standards: mandatory assessments per account, compliance framework (SOC2, ISO 27001), reporting requirements. Coordinates with cloud engineering.
Security Analyst
Pflicht

Defines cloud security monitoring strategy using SIEM, CloudTrail, and cloud-native detection services. Establishes cloud security policies and alert triage procedures. Coordinates cloud incident response across distributed teams and trains analysts on cloud threat intelligence and forensic investigation methods.
Solutions Architect
Pflicht

Defines secure cloud architecture strategy based on zero-trust principles and the Well-Architected Framework security pillar. Establishes security policies for multi-cloud deployments. Coordinates incident response at the infrastructure level and trains engineering teams on secure cloud design and compliance requirements.

Principal 9 Anforderungen

Application Security Engineer
Pflicht

Defines enterprise cloud application security strategy spanning CSPM, container orchestration, and serverless platforms. Shapes security architecture standards for cloud-native ecosystems. Coordinates compliance with SOC 2, ISO 27001 for cloud workloads and represents the organization at cloud security conferences and working groups.
Cloud Engineer
Pflicht

Shapes enterprise-level cloud security strategy: Zero Trust Architecture, cloud-native SIEM (CloudTrail Lake, Chronicle), supply chain security. Defines compliance frameworks (SOC2, ISO 27001, PCI DSS), designs security reference architecture for multi-cloud.
DevSecOps Engineer
Pflicht

Architecturally defines enterprise cloud security approach. Develops Cloud Security Reference Architecture. Defines Zero Trust strategy for cloud workloads. Influences cloud provider selection considering compliance and data sovereignty requirements.

Infrastructure Engineer
Pflicht

Shapes company cloud security strategy: Security Operations Center architecture for cloud, compliance framework (SOC2, ISO27001, PCI DSS), vendor risk management. Defines roadmap for CNAPP, zero-trust architecture and cloud-native SIEM, coordinates with auditors and regulators.
Network Engineer

Shapes cloud security strategy for network engineering at the organizational level. Defines best practices and influences technology choices beyond their own team. Is a recognized expert in this area.
Penetration Testing Engineer
Pflicht

Defines enterprise offensive security strategy for cloud environments across all major providers. Shapes red team architecture and advanced cloud exploitation research programs. Coordinates compliance of penetration testing practices with regulatory frameworks and represents the organization in offensive security communities and conferences.
QA Security Engineer
Pflicht

Designs cloud security assurance: continuous compliance platform, multi-cloud security governance, automated remediation. Defines organizational cloud security strategy.
Security Analyst
Pflicht

Defines enterprise cloud security monitoring and detection strategy across multi-cloud environments. Shapes security operations architecture including SOC modernization for cloud workloads. Coordinates compliance with industry security standards and represents the organization in cloud security threat intelligence sharing communities.
Solutions Architect
Pflicht

Defines enterprise secure cloud architecture strategy with zero-trust frameworks across multi-cloud and hybrid environments. Shapes organization-wide security architecture governance and reference designs. Coordinates compliance with regulatory and industry security standards and represents the organization in cloud security architecture forums.

Community

👁 Beobachten ✏️ Aenderung vorschlagen

Kommentare werden geladen...