Cybersecurity Engineer responsible for designing and implementing security solutions at NTT DATA Romania. Collaborating with international teams and ensuring robust security architectures across projects.
Responsibilities
- Lead the Cloud App Security team technically, acting as a reference for secure architecture, standardization and best practices.
- Design, review and approve cloud architectures with a focus on security, high availability, resilience and cost, following the principles of the Well-Architected Framework.
- Define the security strategy across multiple accounts/subscriptions (landing zone, organizations, security baseline, governance and compliance).
- Design and implement secure networks (VPC/VNet, subnetting, TGW/peering/VPN/PrivateLink), segregate environments, configure and test contingency (multi-AZ/region).
- Collaborate with Engineering, Platform and Application teams to integrate security into the lifecycle (shift-left, SAST/DAST/IAST/SCAs, secrets management).
- Automate security as code: OPA/Conftest, preventive rules in CI/CD, pre-commit hooks, pipelines with quality & security gates.
- Apply scripts and Lambdas/Functions/Cloud Functions for automatic remediation (e.g., close public S3, revoke old keys, isolate a suspicious instance).
- Protect containers/Kubernetes (EKS/AKS/GKE): policies, admission controllers, signed images, secrets, network policies, CIS Benchmarks.
- Run vulnerability scans and perform remediations (EC2/VM, container, serverless), prioritizing by risk level.
- Document and version standards, runbooks and reference architectures; train and pair with the team during deliveries.
Requirements
- +Experience:
- Practical experience (5–8+ years) in Cloud Security, with hands-on deliveries: building Landing Zones, writing IaC, configuring native controls, automating remediation and operating incident response (IR).
- +Technical expertise (AWS – preferred):
- Organizations/Control Tower, IAM/SCPs, KMS, CloudTrail/Config, GuardDuty, Security Hub, Inspector, WAF, Macie, Detective, S3, VPC/TGW/PrivateLink, EKS.
- +Automation and Integration:
- Programming with Python, Bash and PowerShell.
- Use of provider APIs/SDKs for integration and automated response.
- +Networks and Cryptography (practical):
- VPC/VNet, routing, NAT, peering/TGW/VPN, TLS, KMS/HSM, key rotation and key management.
- +Kubernetes Security (EKS/AKS/GKE):
- RBAC, PSP/OPA Gatekeeper/Kyverno, supply chain security (SBOM/signing), registries (ECR/ACR/GAR).
- +Vulnerability Management and Observability:
- Experience in hardening (hosts/containers/serverless) and tools such as:
- CloudWatch/Logs Insights, Athena/Glue,
- Kusto/Sentinel, Chronicle.
- +Compliance and Frameworks:
- Practical application of frameworks:
- CIS (Foundations/Benchmarks),
- NIST CSF / 800-53,
- ISO 27001,
- SOC 2,
- LGPD — including producing evidence and closing gaps.
- +Communication and Professional Demeanor:
- Objective communication (technical and executive).
- Ownership to get things done — from PoC to a production runbook.
- Technical English for reading documentation and interacting with vendors/providers.
- +Desirable / Nice-to-have:
- AWS SA Professional, CISSP / CCSP,
- Azure Security Engineer / Architect,
- GCP Professional Cloud Security Engineer.
- +Advanced Tools and Technologies:
- Experience with CNAPP, CSPM, CIEM, SOAR,
- Secret management (HashiCorp Vault / AWS Secrets Manager),
- SAST / DAST / IAST / SCAs,
- XDR / EDR.
- +IaC and CI/CD with a security focus:
- Terraform (required); bonus: CloudFormation, CDK, Bicep, Deployment Manager.
- CI/CD with security gates: GitHub Actions, GitLab, CodePipeline, Azure DevOps.
- +Incident Response:
- Track record of responding to real cloud incidents and automating remediation at scale.
- +Education:
- Bachelor's degree in Information Security, Computer Science, Systems Analysis, Information Systems or related fields.
- +Certifications:
- AWS certifications: CCP, SAA and Security Specialty.
Benefits
- 🏢 On-site or Remote
- ⏰ Flexible hours
- 📚 Educational incentives (partnerships with educational institutions)
- 🌴 Paid vacation
- 🏋️ TotalPass
- 🎂 Birthday off
- 🏥 Health insurance
- 🦷 Dental insurance
- 🤰 Maternity leave
- 👨👩👧👦 Paternity leave
- 🌟 Reimbursement for AWS certifications
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cyber Security Manager leading end - to - end cybersecurity services and operations across the region. Ensuring quality delivery and managing a multidisciplinary cybersecurity team.
Cybersecurity Infrastructure Monitoring Engineer designing and improving security solutions at NTT DATA Romania. Managing cloud infrastructure and collaborating with international teams to deliver robust security architectures.
Information Security Engineer working collaboratively to ensure the protection of IT environments. Critical role focusing on threat identification, incident response, and security operations.
Providing security consultancy to technical and business stakeholders at Trendyol Tech. Driving improvements in security practices while assessing new projects and establishing security standards.
Administrative Business Partner supporting leadership within Palantir’s Security function. Providing comprehensive administrative support while handling confidential matters in a fast - paced environment.
Administrative Business Partner supporting leaders within Security function at Palantir Technologies. Managing diverse responsibilities to enhance productivity and support leadership teams.
Entra ID Security Specialist developing identity and access management solutions focused on Microsoft Entra ID at cyberunity AG. Responsible for strategic development and compliance in security architecture.
Red Team Security Engineer at Xcel Energy performing authorized testing to expose security weaknesses. Collaborating with internal teams and external vendors for effective security technology implementation.
Manager I overseeing Cyber Security engineering functions at NFCU. Leading and supporting the Cybersecurity Technology Engineering team in implementing security protocols.