Description: \+Experience: * Practical experience (58\+ years) in Cloud Security, with hands\-on deliveries: building Landing Zones, writing IaC, configuring native controls, automating remediation, and operating incident response (IR). \+Technical expertise (AWS preferred): * Organizations/Control Tower, IAM/SCPs, KMS, CloudTrail/Config, GuardDuty, Security Hub, Inspector, WAF, Macie, Detective, S3, VPC/TGW/PrivateLink, EKS. \+Automation and Integration: * Programming with Python, Bash, and PowerShell. * Use of provider APIs/SDKs for integration and automated response. \+Networking and Cryptography (practical): * VPC/VNet, routing, NAT, peering/TGW/VPN, TLS, KMS/HSM, key rotation and management. \+Kubernetes Security (EKS/AKS/GKE): * RBAC, PSP/OPA Gatekeeper/Kyverno, supply chain security (SBOM/signing), registries (ECR/ACR/GAR). \+Vulnerability Management and Observability: * Experience in hardening (hosts/containers/serverless) and tools such as: * CloudWatch/Logs Insights, Athena/Glue, * Kusto/Sentinel, Chronicle. \+Compliance and Frameworks: * Practical application of frameworks * CIS (Foundations/Benchmarks), * NIST CSF / 800\-53, * ISO 27001, * SOC 2, * LGPD, including evidence production and gap closure. \+Communication and Professional Attitude: * Objective communication (technical and executive). * Ownership to drive initiatives from PoC to production runbooks. * Technical English for reading documentation and interacting with vendors/providers. \+Desirable Differentiators * AWS SA Professional, CISSP / CCSP, * Azure Security Engineer / Architect, * GCP Professional Cloud Security Engineer. \+Advanced Tools and Technologies: * Experience with CNAPP, CSPM, CIEM, SOAR, * Secret management (HashiCorp Vault / AWS Secrets Manager), * SAST / DAST / IAST / SCAs, * XDR / EDR. \+IaC and CI/CD with security focus: * Terraform (mandatory); bonus: CloudFormation, CDK, Bicep, Deployment Manager. * CI/CD with security gates: GitHub Actions, GitLab, CodePipeline, Azure DevOps. \+Incident Response: * History of responding to real cloud incidents and automating large\-scale remediation. \+Education: * Bachelor's degree in Information Security, Computer Science, Systems Analysis, Information Systems, or related fields. \+Certifications: * AWS certifications: CCP, SAA, and Security Specialty. * Technically lead the Cloud App Security team, acting as a reference in secure architecture, standardization, and best practices. * Design, review, and approve cloud architectures with focus on security, high availability, resilience, and cost, following Well\-Architected Framework principles. * Define security strategy across multiple accounts/subscriptions (landing zone, organizations, security baseline, governance, and compliance). * Design and implement secure networks (VPC/VNet, subnetting, TGW/peering/VPN/PrivateLink), segregate environments, configure and test contingency (multi\-AZ/region). * Collaborate with Engineering, Platforms, and Applications teams to integrate security into the lifecycle (shift\-left, SAST/DAST/IAST/SCAs, secrets management). * Automate security as code: OPA/Conftest, preventive rules in CI/CD, pre\-commit hooks, pipelines with quality \& security gates. * Apply scripts and Lambdas/Functions/Cloud Functions for automated remediation (e.g., close public S3, revoke old keys, isolate suspicious instance). * Secure containers/Kubernetes (EKS/AKS/GKE): policies, admission controllers, signed images, secrets, network policies, CIS Benchmarks. * Run vulnerability scans and execute fixes (EC2/VM, container, serverless), prioritizing by risk level. * Document and version standards, runbooks, and reference architectures; train and pair with the team during deliveries. 2510090202491797707