Browse
···
Log in / Register
Job Summary: We are seeking a professional with a risk and compliance mindset to define and evolve cloud security standards, operating in governance and supporting development teams. Key Highlights: 1. Lead change governance with a security focus 2. Define and evolve security standards for cloud environments 3. Support development teams in adopting secure best practices **Start Date:** As soon as approved. **Duration:** Indefinite — join the consulting firm's team. Profile We Seek: Risk- and compliance-oriented mindset Ability to structure policies and translate them into technical controls Systemic view of architecture and security Strong communication skills with both technical and executive teams Proactive stance in building organizational maturity **Key Responsibilities:** Define and evolve security standards for cloud environments Lead change governance with a security focus Support development teams in adopting secure best practices Identify risks preventively Participate in architectural reviews with a security focus Ensure traceability and auditability of changes **Requirements:** **Education:** Completed or ongoing undergraduate degree in Information Technology, Software Engineering, Computer Science, or related fields. **Requirements:** **Solid AWS experience, including:** Governance and Access Management IAM policy definition and review (principle of least privilege) Access model structuring (roles, groups, federation, STS) Strategies for environment and account segregation Audit & Monitoring CloudTrail GuardDuty Security Hub Security event monitoring and correlation Frameworks and Controls OWASP CIS Benchmarks ISO 27001 NIST Architecture Security APIs (AWS WAF, API Gateway) Networking (VPC, Subnets, Security Groups, NACLs) Workload and database hardening Risk management and data classification Containers & Kubernetes Access control (RBAC) Container security standards (image scanning, vulnerability and secret management) DevSecOps SAST and DAST Dependency scanning Security gates in CI/CD pipelines **Nice-to-Have:** Implementation of corporate cloud security policies Experience with internal or external audits Zero Trust Architecture Security incident management AWS certification (especially Security Specialty) DevOps & Technical Architecture Docker and Kubernetes (EKS) **AWS Architecture:** EC2, RDS, ECS, S3, Auto Scaling API Gateway, Load Balancer Lambda, SNS CloudWatch Infrastructure as Code (Terraform) CI/CD (GitHub Actions or similar) Observability (Grafana, Prometheus, structured logs)
