Cloud Security

Cloud Security
Lisboa
Lisboa, Lisboa, Portugal

About Welvaart

On a daily basis, we assume

commitments

and present solutions to our stakeholders in order to create a structure of human values, based on

professionalism

,

honesty

and

rigor

.

With a management based on

Human Centered Design

, we take care of our professionals with consistent

career plans

, but flexible with their needs and expectations of evolution. Our management team guarantees an

empathetic

and present

leadership

that will provide superior

technological engagement

and delivery to our clients' projects and products.

Project

As a senior member of the Cloud Co
E you will own the security and compliance strategy for our Microsoft Azure and Oracle Cloud Infrastructure (OCI) estates. You will translate the Azure & OCI Well-Architected Frameworks, the Azure Security Benchmark/Baseline, CIS Foundations Benchmark v2. 0, NIST SP
- security guidance, and other industry standards into practical, automated controlsdesigning, building and continuously improving the secure landing zones that power our business‐critical workloads.

Role

• Propose and follow up with the various teams, the necessary improvements to increase the Security Score in Defender.
• Design secure
  - subscription /
  - tenant landing zones in Azure and OCI, aligned to the five Well-Architected pillars (Security,
• Reliability, Performance Efficiency, Operational Excellence, Cost).
• Drive
  - security reference architectures (AKS, OKE, ACI, OCI Containers, Kubernetes on Iaa
  S) that satisfy NIST SP and NSA/CISA hardening guidance.
• Map regulatory and internal requirements to the Azure Security Benchmark/Baseline, CIS Azure/OCI 2. 0 controls, PCI DSS, ISO 27001 and SOC 2.
• Build automated policy as code (Azure Policy, OCI Guardrails, Terraform Sentinel, OPA/Gatekeeper) to enforce guardrails and generate evidence for auditors.
• Develop and maintain Ia
  C modules (Bicep/Terraform/OCI Resource Manager) with integrated security controls, reusable across product teams.
• Integrate static/dynamic Ia
  C security scans (Azure Defender for cloud, Oracle Guard tfsec, Trivy, Dockle) and container image signing into the CI/CD pipeline (Git
  Hub Actions/Azure Dev
  Ops/Argo
  CD).
• Configure Azure Security Center/Defender, Microsoft Sentinel, and OCI Cloud Guard to detect, triage and respond to threats.
• Establish KPIs/KRIs and
  - time dashboards for cloud posture, vulnerability debt and compliance drift.
• Act as a trusted advisor to engineering teams, running
  - model workshops, training on secure coding, and championing a
  - road Dev
  Sec
  Ops culture.
• Evaluate emerging controls (Confidential Computing, SBOM, DICE-based attestation) and present recommendations to the Architecture Review Board.

We are looking for

• Hands-on experience in improving the Security Score in Defender, through configuring Microsoft Security tools (Microsoft Defender for Cloud CSPM/CWPP, Defender for Endpoint, Defender for Cloud Apps, Microsoft DLP, Microsoft for Identity)
• 5+ years in infrastructure or security engineering, with 5+ years focused on public cloud (Azure and/or OCI).
• Proven design and delivery of secure landing zones at scale, including
  - segmentation, identity & access boundary, logging pipeline,
  - classification and encryption strategy.
• Deep knowledge of Azure Well-Architected Framework, Azure Security Benchmark/Baseline, CIS Foundations Benchmark v2. 0 (Azure & OCI), NIST SP, NIST CSF/800-53, and MITRE ATT cloud tactics.
• Hands-on mastery with Terraform/Bicep, Kubernetes security (RBAC, network policies, Pod
  Security standards), container registry hardening and
  - signing (Cosign/Notary v2).
• Experience integrating cloud workloads with SIEM/SOAR platforms (Sentinel, Splunk, QRadar), EDR and CSPM tools (Wiz, Prisma Cloud, Microsoft Defender CSPM).
• Scripting / coding proficiency (Power
  Shell, Python, Go or similar) for automation and custom control development.
• Certifications: AZ-305 / AZ-500, OCI Architect Professional, CCSP or CISSP-ISSAP (or equivalent demonstrable expertise).

Preferably with Cloud Oracle knowledge.

What you can discover with us?

• Be part of a tech
  - up
• Different scopes of project in different sectors
• Structure of fairness and equity salary (Consultant Profile)
• Training & Certification
• Career Path management
• More than 30 Partnerships
• Welvaart Ambassador Program

UNLEASH THE POWER OF YOUR CAREER