Pubblicato il 17 giugno
Mansioni della posizione
About the Role
Cap4 Lab is seeking a skilled Cloud Security expert to lead the end-to-end security architecture of our PaaS platform. In this role, you will bridge the gap between high-level strategic design and hands-on cloud-native engineering. You will be responsible for building a secure, automated, and compliant environment using Infrastructure-as-Code (IaC) and modern DevSecOps practices.
As part of a lean, automation-driven team reporting directly to the CISO, you will have significant ownership over our security roadmap, focusing on multi-tenant isolation, zero-trust principles, and automated compliance. We are looking for a security leader who prefers code over spreadsheets. At Cap4 Lab, you won't just be managing security, you will be building it.
You will own the end-to-end architecture of our PaaS, ensuring that our multi-tenant environment is resilient, automated, and compliant by design.
Key Responsibilities
- Security Architecture & Design: Perform threat modeling (STRIDE); define security baselines; and design robust controls for IAM, WAF, KMS, Kubernetes, and network segmentation.
- Automation & Implementation: Deploy and maintain cloud infrastructure using IaC (Terraform); enforce multi-tenant isolation; and manage certificate lifecycles, WAF/TLS termination, and Cloud Security Gateways.
- Resilience & Operations: Automate backup/DR workflows and cross-region replication; monitor configuration drift; and integrate telemetry into SIEM/EDR systems.
- Compliance & Governance: Map technical controls to SOC 2/ISO 27001 frameworks; guide penetration testing efforts; and implement automated evidence collection for audit readiness.
- Security Enablement: Mentor engineering teams on secure design patterns, review CI/CD pipeline security, and maintain comprehensive architecture decision records (ADRs).
Required Qualifications
- Experience: 2+ years of experience in Security Architecture and Cloud-Native Engineering (AWS, Azure, Alibaba Cloud or GCP).
- Technical Expertise: hands-on experience with Kubernetes (K8s), container security, multi-tenancy, and Zero Trust architecture.
- Tools & Workflow: Proficiency in IaC (Terraform or CloudFormation) and Policy-as-Code within GitOps workflows.
- Security Controls: background in WAF, PKI/TLS, KMS, and SIEM/EDR integration.
- Compliance Knowledge: experience with threat modeling and frameworks like SOC 2 or ISO 27001.
- Certifications: cloud-specific security certifications (e.g., AWS Certified Security Specialty) are highly preferred.
- Experience securing PaaS/SaaS platforms.
- Experience designing client-facing security/trust centers.
Retribuzione: €28.000,00 - €36.000,00 all'anno
Agevolazioni
- Assicurazione sanitaria
- Buoni pasto
- Cellulare aziendale
- Computer aziendale
- Convenzioni aziendali
Sede di lavoro: Ibrido/da remoto (87036 Rende)
