SS
Lead Information Security projects, focusing on Cyber Essentials assessments for clients in the Not - for - Profit sector. Oversee delivery, team leadership, and client communication in the London area.
Responsibilities
- Lead the Cloud App Security team technically, acting as a reference for secure architecture, standardization and best practices.
- Design, review and approve cloud architectures with a focus on security, high availability, resilience and cost, following the principles of the Well-Architected Framework.
- Define the security strategy across multiple accounts/subscriptions (landing zone, organizations, security baseline, governance and compliance).
- Design and implement secure networks (VPC/VNet, subnetting, TGW/peering/VPN/PrivateLink), segregate environments, configure and test contingency (multi-AZ/region).
- Collaborate with Engineering, Platform and Application teams to integrate security into the lifecycle (shift-left, SAST/DAST/IAST/SCAs, secrets management).
- Automate security as code: OPA/Conftest, preventive rules in CI/CD, pre-commit hooks, pipelines with quality & security gates.
- Apply scripts and Lambdas/Functions/Cloud Functions for automatic remediation (e.g., close public S3, revoke old keys, isolate a suspicious instance).
- Protect containers/Kubernetes (EKS/AKS/GKE): policies, admission controllers, signed images, secrets, network policies, CIS Benchmarks.
- Run vulnerability scans and perform remediations (EC2/VM, container, serverless), prioritizing by risk level.
- Document and version standards, runbooks and reference architectures; train and pair with the team during deliveries.
Requirements
- +Experience:
- Practical experience (5–8+ years) in Cloud Security, with hands-on deliveries: building Landing Zones, writing IaC, configuring native controls, automating remediation and operating incident response (IR).
- +Technical expertise (AWS – preferred):
- Organizations/Control Tower, IAM/SCPs, KMS, CloudTrail/Config, GuardDuty, Security Hub, Inspector, WAF, Macie, Detective, S3, VPC/TGW/PrivateLink, EKS.
- +Automation and Integration:
- Programming with Python, Bash and PowerShell.
- Use of provider APIs/SDKs for integration and automated response.
- +Networks and Cryptography (practical):
- VPC/VNet, routing, NAT, peering/TGW/VPN, TLS, KMS/HSM, key rotation and key management.
- +Kubernetes Security (EKS/AKS/GKE):
- RBAC, PSP/OPA Gatekeeper/Kyverno, supply chain security (SBOM/signing), registries (ECR/ACR/GAR).
- +Vulnerability Management and Observability:
- Experience in hardening (hosts/containers/serverless) and tools such as:
- CloudWatch/Logs Insights, Athena/Glue,
- Kusto/Sentinel, Chronicle.
- +Compliance and Frameworks:
- Practical application of frameworks:
- CIS (Foundations/Benchmarks),
- NIST CSF / 800-53,
- ISO 27001,
- SOC 2,
- LGPD — including producing evidence and closing gaps.
- +Communication and Professional Demeanor:
- Objective communication (technical and executive).
- Ownership to get things done — from PoC to a production runbook.
- Technical English for reading documentation and interacting with vendors/providers.
- +Desirable / Nice-to-have:
- AWS SA Professional, CISSP / CCSP,
- Azure Security Engineer / Architect,
- GCP Professional Cloud Security Engineer.
- +Advanced Tools and Technologies:
- Experience with CNAPP, CSPM, CIEM, SOAR,
- Secret management (HashiCorp Vault / AWS Secrets Manager),
- SAST / DAST / IAST / SCAs,
- XDR / EDR.
- +IaC and CI/CD with a security focus:
- Terraform (required); bonus: CloudFormation, CDK, Bicep, Deployment Manager.
- CI/CD with security gates: GitHub Actions, GitLab, CodePipeline, Azure DevOps.
- +Incident Response:
- Track record of responding to real cloud incidents and automating remediation at scale.
- +Education:
- Bachelor's degree in Information Security, Computer Science, Systems Analysis, Information Systems or related fields.
- +Certifications:
- AWS certifications: CCP, SAA and Security Specialty.
Benefits
- 🏢 On-site or Remote
- ⏰ Flexible hours
- 📚 Educational incentives (partnerships with educational institutions)
- 🌴 Paid vacation
- 🏋️ TotalPass
- 🎂 Birthday off
- 🏥 Health insurance
- 🦷 Dental insurance
- 🤰 Maternity leave
- 👨👩👧👦 Paternity leave
- 🌟 Reimbursement for AWS certifications
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Technical Support Specialist in Cybersecurity at Hornetsecurity diagnosing and resolving client technical issues. Engaging with clients through various channels while providing exceptional customer experience.
Information Security Manager guiding and supporting customers on security solutions. Collaborating with teams to improve security posture and implement controls.
Cloud Security Engineer responsible for securing cloud infrastructure at Matillion. Focused on AI workloads and building automation for security enhancements.
Security Manager protecting systems and shaping the future of security for cloud hosting at Contabo. Manage security tools, assess threats, and lead incident responses at a leading infrastructure service provider.
Security Architect at Banco ABC Brasil focusing on cloud and network security. Responsible for developing security solutions and strategies aligning with business objectives.
Network Security Analyst ensuring digital safety and innovation at ISH. Collaborating with cross - functional teams to mitigate risks through advanced network security solutions.
Security Specialist focused on information security practices for Riachuelo's products and services. Design and implement secure systems architecture while mitigating risks and ensuring compliance.
Intern assisting in workplace safety at Bernhoeft consulting for over 28 years. Engaging in practical learning experiences under close supervision and collaboration.
ZA
Technical Business Analyst role evaluating state - of - the - art technology solutions for Zantech. Support Enterprise Services project with a focus on optimization and system improvement efforts.