Senior Cloud Security Engineer in SoftServe

WE ARESoftServe is a global digital solutions company with headquarters in Austin, Texas, founded in 1993. Our associates work on 2,000+ projects with clients in the USA, Europe, and APAC region.Critical Services Center of Excellence (CoE), the subdivision of SoftServe, is a team of highly professional folks, primarily focusing on technology covering software architecture, startups, and enterprise technologies. SoftServe transforms business through various levels of security assessment, creating and executing threat scenarios, identifying security risks, and filling the gaps.By analyzing, designing, and implementing security-related controls, we improve the security state of many clients. We have a proactive approach while consulting our clients on security management and analyzing the entire infrastructure on multiple layers. In this way, we design an efficient security strategy following the security standards (ISO27k, CIS Benchmarks, NIST, SOC2, HIPAA, PCI DSS, etc.) and considering the client’s short- and long-term goals.Our comprehensive solution provides exceptional visibility of analyzed security risks, complies with international standards, helps to pass compliance certification audits, and gives instructions to achieve the desired level of data protection. As a part of the SoftServe Cybersecurity team, we provide reliable security solutions identify security gaps, and guide clients through each step of the improvement process.Being experts in a range of technologies, we find the approach fitting different clients’ needs best in terms of security. We work with experts in application security, security engineering, and governance risk and compliance. Cybersecurity team members are located in Poland, Ukraine, Spain, and other European countries.IF YOU AREAn expert with 4+ years of experience in DevOps and security engineeringPassionate about building secure cloud infrastructure (AWS, Azure, GCP) for software development lifecycle needsA specialist in implementing AWS-native security services (e.g., IAM, GuardDuty, Security Hub, CloudTrail) and hardening cloud-based infrastructure (e.g., EC2, RDS, S3, Lambda)Skilled in automating security best practices using AWS Config and Infrastructure-as-Code tools (e.g., Terraform)Knowledgeable in conducting vulnerability assessments, managing remediation processes, securing networks, containers, and APIsStrong in understanding software development lifecycles (SDLC) and Agile methodologiesIn-depth with knowledge of DevOps practices, tools, and technologies, such as CI/CD pipelines, configuration management, and containerizationProficient in scripting languages (e.g., Python, Bash) and experienced with infrastructure automation tools (e.g., Ansible, Puppet, Chef)An expert in ensuring compliance with industry standards (e.g., ISO 27001, GDPR, SOC 2, NIST)Skilled in designing and implementing security controls for cloud-native and containerized environments, conducting regular audits and security assessmentsA specialist in securing Kubernetes clusters with proper configuration of Role-Based Access Control (RBAC), network policies, and pod security settingsA professional in integrating security tools into the container pipeline (e.g., vulnerability scanning with Trivy, Clair, container image signing), managing containerized applications securely, ensuring image trust, runtime protection, and adherence to Kubernetes and container security benchmarksAND YOU WANT TODevelop and implement security measures throughout the software development lifecycle, including requirements gathering, design, development, testing, and deployment phasesIntegrate security tools and technologies into the CI/CD pipeline to automate security checks, vulnerability scanning, and code analysisCollaborate with development teams to identify and remediate security vulnerabilities, implement secure coding practices and provide guidance on secure application designImplement and maintain infrastructure as code (IaC) frameworks, ensuring that security controls and best practices are incorporated into the provisioning and management of cloud resourcesPerform security assessments and penetration testing on applications and infrastructure to identify vulnerabilities and recommend appropriate remediation measuresMonitor and analyze security events and incidents, responding promptly to security breaches and conducting forensic investigations when necessaryDevelop and enforce security policies, standards, and procedures, ensuring compliance with relevant regulations and industry best practicesStay up to date with the latest security threats, vulnerabilities, and industry trends, and provide recommendations on security enhancements and risk mitigation strategiesCollaborate with cross-functional teams to educate and promote security awareness, conducting training sessions and workshops on secure coding practices and security-related topicsTOGETHER WE WILLWork with the world-leading companies and engineersOperate on a wide range of projects and clients around the worldHave a variety of projects with different types of challenges and requirementsDevelop your cybersecurity skills, leadership, communication, and negotiation skillsHave access to strong educational and mentorship programsMake this world more secure SoftServe is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment regardless of race, color, religion, age, sex, nationality, disability, sexual orientation, gender identity and expression, veteran status, and other protected characteristics under applicable law. Let’s put your talents and experience in motion with SoftServe Show more Show less Посадовий рівень Старший середній рівень Тип зайнятості Повний робочий день Посадові обов’язки Інформаційні технології, Консалтинг і Служба підтримки ГалузіIT services and IT consulting