Cloud Security Engineer SSr

About the Role

We are looking for a Senior Cloud Security Engineer to join the security team, focusing on securing the AWS infrastructure through robust controls, automation, and best practices.

The role works transversally with infrastructure, development, and DevOps teams, driving an integrated security culture (DevSecOps).

Tasks

Infrastructure Security (AWS)

• Design and implement security controls in AWS (IAM, network, compute).
• Ensure principles of least privilege, segmentation, and defense in depth.

Infrastructure as Code (IaC)

• Develop and review Terraform/Terragrunt with a focus on security baselines.
• Perform IaC code reviews from a security perspective.

Identities and Access

• Design and maintain IAM policies.

Workload Security

• Secure services such as Lambda, ECS, EKS, Fargate, EC2, API Gateways, Load Balancers, WAF, RDS, Elasticache, etc.
• Define and implement secure architectures in VPC (Security Groups, NACLs, segmentation, VPC endpoints).

Encryption and Secrets

• Manage KMS, ACM, and secrets management.
• Ensure encryption in transit and at rest, with automation.

DevSecOps & Automation

• Design and integrate security steps into pipelines (GitHub Actions) to strengthen various products.
• Define security controls for deployments on Mobile platforms.

Automate processes for:

• User access management (creation, modification, deletion) across various company tools.
• Secure deployments.
• Security validations.

Detection and Response (Operations)

• Maintain and optimize:
  • GuardDuty
  • Security Hub
  • Inspector
  • CloudTrail
• Define alerts and monitoring in CloudWatch.
• Continuously improve security posture.

Requirements

Technical Stack

• AWS (IAM, VPC, Lambda, ECS, EKS, Fargate)
• Terraform / Terragrunt
• KMS / ACM
• GuardDuty, Security Hub, Inspector, CloudTrail
• CloudWatch
• GitHub Actions
• SAST / DAST
• Python / Bash (automation)

Desired Profile

Experience

• 3-5 years in Cloud Security / DevSecOps.
• Hands-on experience in AWS, DevSecOps, Penetration Testing (plus), SOC and IRT (plus).
• Desirable: AWS Security Specialty certification.

Skills

• Risk-oriented thinking (not just technical).
• Good communication with technical and non-technical teams.
• Focus on automation and continuous improvement.

Benefits

• 💻 100% remote work (hybrid option available if preferred)
• 🌟 Be part of a fast-growing, innovative company
• 🤝 Collaborative and dynamic team environment
• 🌎 Professional development opportunities in a multicultural setting

Ready to take the next big step in your professional career? 🚀

Join a team with purpose that is transforming financial access across borders. If you are passionate about building and scaling solutions with real impact, apply now and be part of Retorna's journey.