Azure Cloud Security Oeiras

Azure Cloud Security
Oeiras
Oeiras, Distrito de Lisboa, Portugal

Job Title: Azure Cloud Security & Compliance Architect

Location: Oeiras, Lisbon, Portugal

Work Regime: Full-time & Hybrid (3x office per week)

Overview / Summary:

We are looking for a Cloud Security & Compliance Architect to join our team, in a project from the banking sector. As a senior member of the Cloud Co
E you will own the security and compliance strategy for our partners Microsoft Azure and Oracle Cloud Infrastructure (OCI) estates. You will translate the Azure & OCI Well-Architected Frameworks, the Azure Security Benchmark/Baseline, CIS Foundations Benchmark v2. 0, NIST SP
- security guidance, and other industry standards into practical, automated controls—designing, building and continuously improving the secure landing zones that power our business‐critical workloads.

Responsibilities and Tasks:

• Propose and follow up with the various teams, the necessary improvements to increase the Security Score in Defender;
• Design secure
  - subscription /
  - tenant landing zones in Azure and OCI, aligned to the five Well-Architected pillars (Security, Reliability, Performance Efficiency, Operational Excellence, Cost);
• Drive
  - security reference architectures (AKS, OKE, ACI, OCI Containers, Kubernetes on Iaa
  S) that satisfy NIST SP and NSA/CISA hardening guidance;
• Map regulatory and internal requirements to the Azure Security Benchmark/Baseline, CIS Azure/OCI 2. 0 controls, PCI DSS, ISO 27001 and SOC 2;
• Build automated policy as code (Azure Policy, OCI Guardrails, Terraform Sentinel, OPA/Gatekeeper) to enforce guardrails and generate evidence for auditors;
• Develop and maintain Ia
  C modules (Bicep/Terraform/OCI Resource Manager) with integrated security controls, reusable across product teams;
• Integrate static/dynamic Ia
  C security scans (Azure Defender for cloud, Oracle Guard tfsec, Trivy, Dockle) and container image signing into the CI/CD pipeline (Git
  Hub Actions/Azure Dev
  Ops/Argo
  CD);
• Configure Azure Security Center/Defender, Microsoft Sentinel, and OCI Cloud Guard to detect, triage and respond to threats;
• Establish KPIs/KRIs and
  - time dashboards for cloud posture, vulnerability debt and compliance drift;
• Act as a trusted advisor to engineering teams, running
  - model workshops, training on secure coding, and championing a "paved-road" Dev
  Sec
  Ops culture;
• Evaluate emerging controls (Confidential Computing, SBOM, DICE-based attestation) and present recommendations to the Architecture Review Board.

Benefits

Important:

• Our company does not sponsor work visas or work permits. All applicants must have the legal right to work in the country where the position is based.
  Only candidates who meet the required qualifications and match the profile requested by our clients will be contacted.

#Visionary
Future - Build the future, join our living ecosystem