IT Specialist ensuring smooth IT operations in a growing beauty company. Collaborate with external service providers and support internal teams with compliance and documentation.
Responsibilities
- Lead the Cloud App Security team technically, acting as a reference for secure architecture, standardization and best practices.
- Design, review and approve cloud architectures with a focus on security, high availability, resilience and cost, following the principles of the Well-Architected Framework.
- Define the security strategy across multiple accounts/subscriptions (landing zone, organizations, security baseline, governance and compliance).
- Design and implement secure networks (VPC/VNet, subnetting, TGW/peering/VPN/PrivateLink), segregate environments, configure and test contingency (multi-AZ/region).
- Collaborate with Engineering, Platform and Application teams to integrate security into the lifecycle (shift-left, SAST/DAST/IAST/SCAs, secrets management).
- Automate security as code: OPA/Conftest, preventive rules in CI/CD, pre-commit hooks, pipelines with quality & security gates.
- Apply scripts and Lambdas/Functions/Cloud Functions for automatic remediation (e.g., close public S3, revoke old keys, isolate a suspicious instance).
- Protect containers/Kubernetes (EKS/AKS/GKE): policies, admission controllers, signed images, secrets, network policies, CIS Benchmarks.
- Run vulnerability scans and perform remediations (EC2/VM, container, serverless), prioritizing by risk level.
- Document and version standards, runbooks and reference architectures; train and pair with the team during deliveries.
Requirements
- +Experience:
- Practical experience (5–8+ years) in Cloud Security, with hands-on deliveries: building Landing Zones, writing IaC, configuring native controls, automating remediation and operating incident response (IR).
- +Technical expertise (AWS – preferred):
- Organizations/Control Tower, IAM/SCPs, KMS, CloudTrail/Config, GuardDuty, Security Hub, Inspector, WAF, Macie, Detective, S3, VPC/TGW/PrivateLink, EKS.
- +Automation and Integration:
- Programming with Python, Bash and PowerShell.
- Use of provider APIs/SDKs for integration and automated response.
- +Networks and Cryptography (practical):
- VPC/VNet, routing, NAT, peering/TGW/VPN, TLS, KMS/HSM, key rotation and key management.
- +Kubernetes Security (EKS/AKS/GKE):
- RBAC, PSP/OPA Gatekeeper/Kyverno, supply chain security (SBOM/signing), registries (ECR/ACR/GAR).
- +Vulnerability Management and Observability:
- Experience in hardening (hosts/containers/serverless) and tools such as:
- CloudWatch/Logs Insights, Athena/Glue,
- Kusto/Sentinel, Chronicle.
- +Compliance and Frameworks:
- Practical application of frameworks:
- CIS (Foundations/Benchmarks),
- NIST CSF / 800-53,
- ISO 27001,
- SOC 2,
- LGPD — including producing evidence and closing gaps.
- +Communication and Professional Demeanor:
- Objective communication (technical and executive).
- Ownership to get things done — from PoC to a production runbook.
- Technical English for reading documentation and interacting with vendors/providers.
- +Desirable / Nice-to-have:
- AWS SA Professional, CISSP / CCSP,
- Azure Security Engineer / Architect,
- GCP Professional Cloud Security Engineer.
- +Advanced Tools and Technologies:
- Experience with CNAPP, CSPM, CIEM, SOAR,
- Secret management (HashiCorp Vault / AWS Secrets Manager),
- SAST / DAST / IAST / SCAs,
- XDR / EDR.
- +IaC and CI/CD with a security focus:
- Terraform (required); bonus: CloudFormation, CDK, Bicep, Deployment Manager.
- CI/CD with security gates: GitHub Actions, GitLab, CodePipeline, Azure DevOps.
- +Incident Response:
- Track record of responding to real cloud incidents and automating remediation at scale.
- +Education:
- Bachelor's degree in Information Security, Computer Science, Systems Analysis, Information Systems or related fields.
- +Certifications:
- AWS certifications: CCP, SAA and Security Specialty.
Benefits
- 🏢 On-site or Remote
- ⏰ Flexible hours
- 📚 Educational incentives (partnerships with educational institutions)
- 🌴 Paid vacation
- 🏋️ TotalPass
- 🎂 Birthday off
- 🏥 Health insurance
- 🦷 Dental insurance
- 🤰 Maternity leave
- 👨👩👧👦 Paternity leave
- 🌟 Reimbursement for AWS certifications
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Strategic leader focused on Cyber Security and Fraud analytics at Sun Life. Establishing centralized functions and driving proactive detection and response efforts.
Manager Infrastructure & Security driving IT infrastructure and security landscape for semiconductor firm. Collaborating with teams to build scalable systems and innovative security strategies.
Residential Security Agent managing physical security for clients in California and Nevada, ensuring compliance with safety protocols and quick response to emergencies.
Senior Cyber Security Consultant at HvS - Consulting focusing on ISMS development and team leadership. Engaging clients in ISO 27001 compliance and strategic cybersecurity improvements.
Security Operations Consultant analyzing security alerts and managing security incidents. Supporting operational platforms and contributing to the delivery of cyber defense services.
Lead customer security workstream while aligning it with ICEYE's operational security. Collaborate with teams to ensure compliance and effective security practices.
Senior Information Security Consultant involved in compliance assessments and IT audits for various security standards. Based in Athens, Greece with a focus on Information Security Policies and Risk Assessment.
Project Manager overseeing Enterprise Security Compliance initiatives at MTM. Managing compliance and security activities, ensuring project completion within budget and scope.