Key skills
AWSAzureCloudCyber SecurityDockerGoogle Cloud PlatformJenkinsKubernetesMicroservicesPrometheusPythonTerraformTypeScriptVaultGoBashGCPGoogle CloudGitHub ActionsGitLab CIPulumiEKSAKSGKEArgoCDCloudFormationIAMOAuthDatadogELK StackOpenTelemetryGitHubGitLabIstioLinkerdService MeshCI/CDTrivyOWASPCloud SecurityZero Trust
About this role
Role Overview
- Own the end-to-end security architecture for our AWS/Azure cloud environments, including networking, IAM, data encryption, and logging.
- Embed security controls into CI/CD pipelines, including automated SAST/DAST scanning, software composition analysis (SCA), and container image scanning in Kubernetes.
- Design and implement a Zero Trust architecture, including micro-segmentation, least-privilege access, and continuous device posture validation.
- Conduct threat modeling for new product features and microservices using the STRIDE or OWASP threat modeling frameworks.
- Build and maintain security-as-code using Terraform, CloudFormation, or Pulumi, ensuring all cloud resources are deployed with hardened baselines.
- Select, deploy, and manage security tooling such as CSPM, CWPP, SIEM, and SOAR platforms, integrating them with existing DevOps workflows.
- Lead the response to security incidents by performing forensic analysis on cloud workloads and recommending architectural fixes to prevent recurrence.
- Partner with legal and compliance teams to map technical controls to requirements for SOC 2, HIPAA, PCI-DSS, and GDPR.
- Design secrets management solutions using HashiCorp Vault or cloud-native key management services (KMS).
- Create and maintain architecture diagrams, runbooks, and threat models for all critical systems.
- Mentor software engineers on secure coding practices and conduct regular architecture review sessions.
- Participate in an on-call rotation for security emergencies and critical patch deployments.
Requirements
- Experience in cybersecurity roles, with at least 4 years specifically architecting security solutions in a cloud-native environment.
- Strong programming or scripting experience in Python, Go, TypeScript, or Bash.
- Hands-on experience with container orchestration (Kubernetes, EKS, AKS, or GKE) and service mesh technologies (Istio, Linkerd).
- Deep expertise in at least one major cloud provider (AWS, Azure, or GCP), including native security services (Security Hub, GuardDuty, Sentinel, Policy as Code).
- Infrastructure as Code: Terraform, CloudFormation, or ARM templates.
- CI/CD Tools: GitHub Actions, GitLab CI, Jenkins, or ArgoCD.
- Container Security: Docker, Kubernetes security contexts, admission controllers (OPA/Gatekeeper), and image scanning (Trivy, Clair).
- Identity & Access: OIDC, OAuth 2.0, workload identity, and conditional access policies.
- Monitoring & Logging: Prometheus, OpenTelemetry, ELK Stack, or Datadog.
- Certifications (Nice to have, not required): Certified Kubernetes Security Specialist (CKS), AWS Certified Security – Specialty or Azure Security Engineer Associate, GIAC Cloud Security Essentials (GCLD), Certified DevSecOps Professional (CDP)
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Docker
- Google Cloud Platform
- Jenkins
- Kubernetes
- Microservices
- Prometheus
- Python
- Terraform
- TypeScript
- Vault
- Go
Benefits
- Clear scope with no ambiguity over deliverables
- Opportunity for repeat engagements based on performance