LUZA Group

Cloud Security, Compliance Engineer

LUZA Group

contract

Posted on:

Location Type: Hybrid

Location: Oeiras • 🇵🇹 Portugal

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

AzureCloudGoKubernetesOraclePythonSplunkTerraform

About the role

  • Propose and follow up with the various teams, the necessary improvements to increase the Security Score in Defender;
  • Design secure multi-subscription / multi-tenant landing zones in Azure and OCI, aligned to the five Well-Architected pillars (Security, Reliability, Performance Efficiency, Operational Excellence, Cost);
  • Drive container-security reference architectures (AKS, OKE, ACI, OCI Containers, Kubernetes on IaaS) that satisfy NIST SP 800-190 and NSA/CISA hardening guidance;
  • Map regulatory and internal requirements to the Azure Security Benchmark/Baseline, CIS Azure/OCI 2.0 controls, PCI DSS, ISO 27001 and SOC 2;
  • Build automated policy as code (Azure Policy, OCI Guardrails, Terraform Sentinel, OPA/Gatekeeper) to enforce guardrails and generate evidence for auditors;
  • Develop and maintain IaC modules (Bicep/Terraform/OCI Resource Manager) with integrated security controls, reusable across product teams;
  • Integrate static/dynamic IaC security scans (Azure Defender for cloud, Oracle Guard tfsec, Trivy, Dockle) and container image signing into the CI/CD pipeline (GitHub Actions/Azure DevOps/ArgoCD);
  • Configure Azure Security Center/Defender, Microsoft Sentinel, and OCI Cloud Guard to detect, triage and respond to threats;
  • Establish KPIs/KRIs and real-time dashboards for cloud posture, vulnerability debt and compliance drift;
  • Act as a trusted advisor to engineering teams, running threat-model workshops, training on secure coding, and championing a “paved-road” DevSecOps culture;
  • Evaluate emerging controls (Confidential Computing, SBOM, DICE-based attestation) and present recommendations to the Architecture Review Board.

Requirements

  • Hands-on experience in improving the Security Score in Defender, through configuring Microsoft Security tools (Microsoft Defender for Cloud CSPM/CWPP, Defender for Endpoint, Defender for Cloud Apps, Microsoft DLP, Microsoft for Identity)
  • 5+ years in infrastructure or security engineering, with 5+ years focused on public cloud (Azure and/or OCI)
  • Proven design and delivery of secure landing zones at scale, including micro-segmentation, identity & access boundary, logging pipeline, data-classification and encryption strategy
  • Deep knowledge of Azure Well-Architected Framework, Azure Security Benchmark/Baseline, CIS Foundations Benchmark v2.0 (Azure & OCI), NIST SP 800-190, NIST CSF/800-53, and MITRE ATT cloud tactics
  • Hands-on mastery with Terraform/Bicep, Kubernetes security (RBAC, network policies, PodSecurity standards), container registry hardening and image-signing (Cosign/Notary v2)
  • Experience integrating cloud workloads with SIEM/SOAR platforms (Sentinel, Splunk, QRadar), EDR and CSPM tools (Wiz, Prisma Cloud, Microsoft Defender CSPM)
  • Scripting / coding proficiency (PowerShell, Python, Go or similar) for automation and custom control development
  • Certifications: AZ-305 / AZ-500, OCI Architect Professional, CCSP or CISSP-ISSAP (or equivalent demonstrable expertise)
  • Preferably with Cloud Oracle knowledge
  • Portuguese C1; English B1.
Benefits
  • Important : Our company does not sponsor work visas or work permits. All applicants must have the legal right to work in the country where the position is based. Only candidates who meet the required qualifications and match the profile requested by our clients will be contacted.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
Security Score improvementmulti-subscription landing zonescontainer-security architecturespolicy as codeIaC modulesstatic/dynamic IaC security scansKubernetes securityscripting proficiencymicro-segmentationdata-classification
Soft skills
trusted advisortrainingcommunicationcollaborationproblem-solvingleadershipworkshop facilitationadvocacy
Certifications
AZ-305AZ-500OCI Architect ProfessionalCCSPCISSP-ISSAP