Security & Compliance Engineer / Architect (Azure & OCI) (f/m)
3 days ago Be among the first 25 applicants
Get AI-powered advice on this job and more exclusive features.
Direct message the job poster from GRUPO SOLUTIO
From SOLUTIO, we are seeking to recruit a highly motivated and skilled Cloud Security & Compliance Engineer / Architect (Azure & OCI) (f/m) with more than 5 years of experience in a similar position.
As a senior member of the Cloud CoE you will own the security and compliance strategy for our Microsoft Azure and Oracle Cloud Infrastructure (OCI) estates. You will translate the Azure & OCI Well‐Architected Frameworks, the Azure Security Benchmark/Baseline, CIS Foundations Benchmark v2.0, NIST SP 800‐190 container‐security guidance, and other industry standards into practical, automated controls—designing, building and continuously improving the secure landing zones that power our business‐critical workloads.
We are looking for a freelance interested in working from Lisbon. The two first weeks would be onsite (3 days a week). From the third week, it would be 100% remote.
Key Responsibilities
- Propose and follow up with the various teams, the necessary improvements to increase the Security Score in Defender.
- Design secure multi‐subscription / multi‐tenant landing zones in Azure and OCI, aligned to the five Well‐Architected pillars (Security, Reliability, Performance Efficiency, Operational Excellence, Cost).
- Drive container‐security reference architectures (AKS, OKE, ACI, OCI Containers, Kubernetes on IaaS) that satisfy NIST SP 800‐190 and NSA/CISA hardening guidance.
- Map regulatory and internal requirements to the Azure Security Benchmark/Baseline, CIS Azure/OCI 2.0 controls, PCI DSS, ISO 27001 and SOC 2.
- Build automated policy as code (Azure Policy, OCI Guardrails, Terraform Sentinel, OPA/Gatekeeper) to enforce guardrails and generate evidence for auditors.
- Develop and maintain IaC modules (Bicep/Terraform/OCI Resource Manager) with integrated security controls, reusable across product teams.
- Integrate static/dynamic IaC security scans (Azure Defender for cloud, Oracle Guard tfsec, Trivy, Dockle) and container image signing into the CI/CD pipeline (GitHub Actions/Azure DevOps/ArgoCD).
- Configure Azure Security Center/Defender, Microsoft Sentinel, and OCI Cloud Guard to detect, triage and respond to threats.
- Establish KPIs/KRIs and real‐time dashboards for cloud posture, vulnerability debt and compliance drift.
- Act as a trusted advisor to engineering teams, running threat‐model workshops, training on secure coding, and championing a "paved‐road" DevSecOps culture.
- Evaluate emerging controls (Confidential Computing, SBOM, DICE‐based attestation) and present recommendations to the Architecture Review Board.
- Hands‐on experience in improving the Security Score in Defender, through configuring Microsoft Security tools (Microsoft Defender for Cloud CSPM/CWPP, Defender for Endpoint, Defender for Cloud Apps, Microsoft DLP, Microsoft for Identity)
Qualifications
- 5+ years in infrastructure or security engineering, with 5+ years focused on public cloud (Azure and/or OCI).
- Proven design and delivery of secure landing zones at scale, including micro‐segmentation, identity & access boundary, logging pipeline, data‐classification and encryption strategy.
- Deep knowledge of Azure Well‐Architected Framework, Azure Security Benchmark/Baseline, CIS Foundations Benchmark v2.0 (Azure & OCI), NIST SP 800‐190, NIST CSF/800‐53, and MITRE ATT cloud tactics.
- Hands‐on mastery with Terraform/Bicep, Kubernetes security (RBAC, network policies, PodSecurity standards), container registry hardening and image‐signing (Cosign/Notary v2).
- Experience integrating cloud workloads with SIEM/SOAR platforms (Sentinel, Splunk, QRadar), EDR and CSPM tools (Wiz, Prisma Cloud, Microsoft Defender CSPM).
- Scripting / coding proficiency (PowerShell, Python, Go or similar) for automation and custom control development.
- Preferably with Cloud Oracle knowledge.
Competences
- Portuguese: minimum a C1 (direct interaction in Portuguese with Client and Teams)
- English: high level spoken.
What do we offer?
- Contract as a freelance.
- A collaborative and supportive work environment.
- Opportunities for professional growth and development.
- The chance to contribute to a leading company in the seafood sector.
Solutio is committed to equal treatment and opportunities for women and men, and therefore, we implement non‐discriminatory selection processes.
Referrals increase your chances of interviewing at GRUPO SOLUTIO by 2x
Get notified about new Compliance Engineer jobs in Lisbon, Portugal.
If you're looking for a career change and want to participate in innovative projects with cutting‐edge technologies, go ahead and send us your CV!
#J-18808-Ljbffr