Senior Cloud Security Engineer

New

PortugalFull-TimeSenior

Salary not disclosed

Apply NowOpens the employer's application page

Job Details

Required Skills: AWSPythonBashGCPKubernetesTerraformHIPAA

Requirements

Strong technical depth in cloud security
Sound security judgment
Ability to translate risk into practical, business-aligned controls in a highly regulated environment (HIPAA, GDPR)
Experience with AWS
Experience with GCP
Knowledge of CSPM capabilities
Knowledge of CWPP capabilities
Knowledge of CNAPP capabilities
Subject matter expert in Identity and Access Management (IAM)
Experience with RBAC design
Experience with least-privilege models
Experience with service accounts
Experience with workload identities
Experience with role lifecycle management
Experience with access reviews across cloud environments
Experience monitoring cloud environments for security threats, vulnerabilities, and misconfigurations
Experience in timely and effective detection and response
Experience leading and supporting incident response activities
Proficiency in log analysis
Proficiency in forensic support
Proficiency in root cause analysis (RCA)
Proficiency in post-incident reviews
Proficiency in long-term remediation planning
Ability to evaluate, design, and ensure availability and quality of logging, monitoring, and traceability data sources
Experience with vulnerability management lifecycle
Experience with Wiz cloud security platform
Experience with Google Security Command Center
Experience with Python scripting
Experience with n8n
Experience with Bash scripting
Experience with Terraform-based controls
Experience with Kubernetes security configurations
Experience with CLI-driven workflows

Responsibilities

Design, implement, and maintain secure cloud infrastructure and configurations across AWS and GCP, aligned with HIPAA, GDPR, and internal security standards.
Own and continuously improve Sword’s cloud security posture, leveraging CSPM, CWPP, and CNAPP capabilities.
Act as a subject matter expert in Identity and Access Management (IAM), including RBAC design, least-privilege models, service accounts, workload identities, role lifecycle management, and access reviews.
Monitor cloud environments for security threats, vulnerabilities, and misconfigurations, ensuring timely and effective detection and response.
Lead and support incident response activities, including log analysis, forensic support, root cause analysis (RCA), post-incident reviews, and long-term remediation planning.
Evaluate, design, and ensure the availability and quality of logging, monitoring, and traceability data sources required for effective security operations and investigations.
Provide guidance on compensatory and mitigative controls, applying risk-based decision-making.
Own the end-to-end vulnerability management lifecycle, applying risk-based judgment and driving vulnerabilities to closure in close collaboration with engineering teams.
Lead and operate key cloud security platforms and services, including Wiz, Google Security Command Center, and related detection and posture management tooling.
Partner with Infrastructure and Engineering teams to build security automation, infrastructure-as-code controls, and scalable security guardrails using scripting and automation (Python, n8n, Bash, etc.), including Terraform-based controls, Kubernetes security configurations, and CLI-driven workflows.
Define, track, and report security metrics and KPIs, such as cloud posture maturity, vulnerability remediation SLAs, detection coverage, IAM hygiene, and incident response effectiveness.
Develop, document, and evangelize cloud security standards, patterns, and best practices, driving consistent adoption across teams.
Operate with an engineering-first, efficiency-oriented mindset, continuously seeking ways to reduce toil, automate controls, and scale security without unnecessary friction.

View Full Description & ApplyYou'll be redirected to the employer's site