Security & Compliance Engineer / Architect (Azure & OCI) (f/m)

Security & Compliance Engineer / Architect (Azure & OCI) (f/m)
Santarém
Santarém, Santarém District, Portugal

From SOLUTIO , we are seeking to recruit a highly motivated and skilled Cloud Security & Compliance Engineer / Architect (Azure & OCI) (f/m) with more than 5 years of experience in a similar position.

As a senior member of the Cloud Co
E you will own the security and compliance strategy for our Microsoft Azure and Oracle Cloud Infrastructure (OCI) estates. You will translate the Azure & OCI Well-Architected Frameworks, the Azure Security Benchmark/Baseline, CIS Foundations Benchmark v2. 0, NIST SP 800-190
- security guidance, and other industry standards into practical, automated controls—designing, building and continuously improving the secure landing zones that power our business‐critical workloads.

We are looking for a freelance interested in working from Lisbon. The two first weeks would be onsite (3 days a week). From the third week, it would be 100% remote.

Which would be the key responsibilities?

• Propose and follow up with the various teams, the necessary improvements to increase the Security Score in Defender.

• Design secure
- subscription /
- tenant landing zones in Azure and OCI, aligned to the five Well-Architected pillars (Security, Reliability, Performance Efficiency, Operational Excellence, Cost).

• Drive
- security reference architectures (AKS, OKE, ACI, OCI Containers, Kubernetes on Iaa
S) that satisfy NIST SP 800-190 and NSA/CISA hardening guidance.

• Map regulatory and internal requirements to the Azure Security Benchmark/Baseline, CIS Azure/OCI 2. 0 controls, PCI DSS, ISO 27001 and SOC 2.

• Build automated policy as code (Azure Policy, OCI Guardrails, Terraform Sentinel, OPA/Gatekeeper) to enforce guardrails and generate evidence for auditors.

• Develop and maintain Ia
C modules (Bicep/Terraform/OCI Resource Manager) with integrated security controls, reusable across product teams.

• Integrate static/dynamic Ia
C security scans (Azure Defender for cloud, Oracle Guard tfsec, Trivy, Dockle) and container image signing into the CI/CD pipeline (Git
Hub Actions/Azure Dev
Ops/Argo
CD).

• Configure Azure Security Center/Defender, Microsoft Sentinel, and OCI Cloud Guard to detect, triage and respond to threats.

• Establish KPIs/KRIs and
- time dashboards for cloud posture, vulnerability debt and compliance drift.

• Act as a trusted advisor to engineering teams, running
- model workshops, training on secure coding, and championing a “paved-road” Dev
Sec
Ops culture.

• Evaluate emerging controls (Confidential Computing, SBOM, DICE-based attestation) and present recommendations to the Architecture Review Board.

• Hands-on experience in improving the Security Score in Defender, through configuring Microsoft Security tools (Microsoft Defender for Cloud CSPM/CWPP, Defender for Endpoint, Defender for Cloud Apps, Microsoft DLP, Microsoft for Identity)

• 5+ years in infrastructure or security engineering, with 5+ years focused on public cloud (Azure and/or OCI).

• Proven design and delivery of secure landing zones at scale, including
- segmentation, identity & access boundary, logging pipeline,
- classification and encryption strategy.

• Deep knowledge of Azure Well-Architected Framework, Azure Security Benchmark/Baseline, CIS Foundations Benchmark v2. 0 (Azure & OCI), NIST SP 800-190, NIST CSF/800-53, and MITRE ATT cloud tactics.

• Hands-on mastery with Terraform/Bicep, Kubernetes security (RBAC, network policies, Pod
Security standards), container registry hardening and
- signing (Cosign/Notary v2).

• Experience integrating cloud workloads with SIEM/SOAR platforms (Sentinel, Splunk, QRadar), EDR and CSPM tools (Wiz, Prisma Cloud, Microsoft Defender CSPM).

• Scripting / coding proficiency (Power
Shell, Python, Go or similar) for automation and custom control development.

• Certifications: AZ-305 / AZ-500, OCI Architect Professional, CCSP or CISSP-ISSAP (or equivalent demonstrable expertise).

• Preferably with Cloud Oracle knowledge.

Which competences would we value for our candidate?

• Portuguese: minimum a C1 (direct interaction in Portuguese with Client and Teams)

• English: high level spoken.

What do we offer?

• Contract as a freelance.

• Full time position.

• A collaborative and supportive work environment.

• Opportunities for professional growth and development.

• The chance to contribute to a leading company in the seafood sector.

If you're looking for a career change and want to participate in innovative projects with
- edge technologies, go ahead and send us your CV!

Solutio is committed to equal treatment and opportunities for women and men, and therefore, we implement
- discriminatory selection processes.