Leega

Senior Cloud Security Engineer, AWS

Leega

full-time

Posted on:

Location Type: Hybrid

Location: São PauloBrazil

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSCloudDynamoDBKubernetesSDLCTerraform

About the role

  • Develop and implement AuthN/AuthZ mechanisms for APIs, microservices, and enterprise integrations using mTLS and OAuth2
  • Design and implement security solutions integrated with the cloud and DevOps pipelines
  • Automate deployment of security resources and solutions using Infrastructure as Code (IaC) — Terraform and GitHub Actions
  • Integrate security analysis tools (SAST, DAST, SCA, IAST) into CI/CD pipelines
  • Apply and automate hardening for EKS, Istio, Lambda, and infrastructure provisioned via Terraform
  • Implement security policies and encryption controls for S3, DynamoDB, and other AWS services
  • Manage digital certificates via ACM and secrets via Secrets Manager
  • Support development teams in adopting secure patterns and remediating vulnerabilities
  • Automate security validations and drive continuous improvement
  • Document technical standards and security best practices

Requirements

  • Strong experience in AWS Cloud Security, including IAM (RBAC/ABAC), KMS, Secrets Manager, Certificate Manager (ACM), CloudTrail, GuardDuty, WAF, Macie, and Security Hub
  • Experience developing and implementing security solutions, including building reusable components, automating controls, and securing integrations between systems
  • Hands-on experience with DevSecOps, integrating SAST, DAST, SCA, IAST, and IaC security into CI/CD pipelines (GitHub Actions)
  • Knowledge of Authentication and Authorization (AuthN/AuthZ) for APIs and enterprise integrations, using OAuth2, OpenID Connect, JWT, JWE, and mTLS
  • Experience securing APIs and microservices
  • Experience with AWS services: API Gateway, Cognito, Lambda, DynamoDB, S3, and Load Balancers (ALB/NLB)
  • Knowledge of Kubernetes (EKS) and Istio, including mTLS between services, network policies, access control, and workload hardening
  • Experience with Infrastructure as Code (Terraform), applying policy-as-code, automated validation, and secure configurations
  • Strong knowledge of cryptography, digital certificates (PKI), TLS/mTLS, and protection of data in transit and at rest
  • Experience with SDLC/SSDLC and secure development practices
  • Intermediate/advanced English and Spanish
  • AWS or security certifications (AWS Security Specialty, Solutions Architect, DevOps Engineer, Security+, or similar) — desirable
  • Experience with Threat Modeling and MITRE ATT&CK — desirable
  • Development of internal security frameworks or libraries — desirable
  • Use of AI applied to security automation and analysis — desirable
  • Experience in regulated environments (financial sector) — desirable
Benefits
  • Porto Seguro medical insurance
  • Porto Seguro dental insurance
  • Profit Sharing (PLR)
  • Childcare assistance
  • Alelo meal and food vouchers
  • Home office allowance
  • Partnerships with educational institutions
  • Support for certifications, including cloud certifications
  • Livelo points
  • Total Pass membership
  • Mindself
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
AuthN/AuthZmTLSOAuth2Infrastructure as CodeTerraformGitHub ActionsSASTDASTSCAIAST
Soft Skills
communicationcollaborationproblem-solvingdocumentationcontinuous improvement
Certifications
AWS Security SpecialtySolutions ArchitectDevOps EngineerSecurity+