Cloud Security & Compliance Engineer / Architect (Azure & OCI) Lisboa, 11 Direct Hire 6/26/2025 Lisboa

Location: Lisbon, Portugal (on-site 3 days/week – Oeiras/Taguspark)

Work Arrangement: Hybrid

Start Date: ASAP

We are seeking a seasoned professional for the position of Cloud Security & Compliance Engineer / Architect with expertise in Azure and Oracle Cloud Infrastructure (OCI). This role involves contributing to a leading financial sector client’s Cloud Center of Excellence. You will be instrumental in shaping and implementing security and compliance strategies within
- cloud environments.

Role Overview:

As a senior member of the team, you will design, develop, and optimize secure landing zones across
- cloud platforms, ensuring alignment with international security standards and benchmarks. You will engage directly with technical and business teams, actively participating in Dev
Sec
Ops initiatives and the architecture of scalable secure solutions.

Key Responsibilities:

• Propose and oversee enhancements to improve the Security Score using Microsoft Defender.
• Design secure
  - subscription and
  - tenant architectures for Azure and OCI.
• Develop policies as code utilizing Azure Policy, Terraform Sentinel, OCI Guardrails, and OPA.
• Ensure security within CI/CD pipelines by integrating tools like Trivy, Dockle, and tfsec.
• Configure and manage tools such as Azure Defender, Microsoft Sentinel, and OCI Cloud Guard.
• Establish and monitor cloud posture dashboards, KPIs/KRIs, and compliance metrics.
• Conduct workshops on threat modeling, Dev
  Sec
  Ops best practices, and application security for technical teams.
• Evaluate and recommend emerging controls such as Confidential Computing and SBOM.

Qualifications:

• Minimum of 5 years of experience in infrastructure or security engineering with a focus on public cloud (Azure and/or OCI).
• Proven experience enhancing Security Scores with Microsoft Defender for Cloud and related services.
• Strong knowledge of frameworks like Azure Well-Architected, CIS v2. 0, NIST SP 800-190, ISO 27001, SOC 2.
• Experience with Terraform, Bicep, Kubernetes Security, CI/CD pipelines, and image signing (Cosign/Notary v2).
• Proficient in scripting languages such as Power
  Shell, Python, or Go.
• Experience with SIEM/SOAR tools (Sentinel, Splunk, QRadar) and CSPM tools (Wiz, Prisma Cloud, Microsoft Defender).
• Valued certifications include: AZ-305, AZ-500, OCI Architect Professional, CCSP, CISSP-ISSAP.
• Fluency in Portuguese (minimum C1) and technical English (minimum B1).

Desirable Experience:

• Experience with confidential VMs, Azure Arc, Zero Trust, and hybrid workloads.
• Understanding of regulated environments such as banking, healthcare, and public administration.
• Contributions to
  - source security tools or benchmarks.

If you are ready to take on a new challenge in cloud security and wish to join a team that makes a significant impact in highly regulated environments, we encourage you to apply.