Cybersecurity Architect

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Evaluate the existing cloud and infrastructure security posture within AWS environments, Kubernetes platforms, and their supporting services.

• Recognize critical vulnerabilities and establish a prioritized roadmap to enhance security maturity across identity, runtime, network, and platform layers.

• Define and implement enterprise-level security controls encompassing IAM governance, workload/runtime posture, and DNS security.

• Integrate security guardrails, standards, and policies into the Platform Engineering and Cloud Center of Excellence (CoE) frameworks right from the onset of the transformation.

• Collaborate with platform teams to create secure-by-default self-service infrastructure patterns, templates, and workflows.

• Develop identity and access governance models, including account strategies, role design, least-privilege policies, and federated access.

• Design and implement security standards for Kubernetes and containerized workloads, focusing on supply chain security, workload isolation, and runtime protection.

• Outline DNS and network security practices, covering private networking, segmentation, service discovery, and threat protection.

• Work alongside DevSecOps teams to embed automated security testing, policy enforcement, and compliance checks into CI/CD pipelines.

• Assist in establishing security observability, monitoring, incident response, and threat detection capabilities throughout the platform.

• Offer security leadership and mentoring to engineering teams to foster security ownership and best practices.

• Facilitate organizational change management and stakeholder alignment to promote security adoption across various teams.

• Continuously enhance the security framework as the platform and operating model progress.

⛳️ Requirements

• Extensive experience in cybersecurity, cloud security, or platform security roles.

• Profound knowledge of AWS security, including IAM, Organizations, SCPs, GuardDuty, Security Hub, CloudTrail, KMS, and networking security.

• Significant experience in securing Kubernetes environments, particularly with Amazon EKS, focusing on workload identity, network policies, secrets management, and runtime security.

• Proven track record in designing and implementing enterprise IAM governance and access control models.

• Practical experience with DevSecOps practices and integrating security into CI/CD pipelines.

• Strong grasp of cloud networking, DNS security, and zero-trust architectures.

• Experience in building security guardrails and policy-as-code using tools like Terraform, OPA, or similar technologies.

• Experience in conducting security posture assessments, threat modeling, and risk prioritization.

• Strong strategic thinking abilities to balance security, developer experience, and delivery speed.

• Exceptional communication and stakeholder management skills for both technical and executive audiences.

• Experience working within distributed, international teams in complex and rapidly changing environments.

🏝️ Benefits

• Health and dental insurance.

• Meal and food allowance.

• Childcare assistance.

• Extended paternity leave.

• Partnership with gyms and health and wellness professionals through Wellhub (Gympass) TotalPass.

• Profit Sharing and Results Participation (PLR).

• Life insurance.

• Continuous learning platform (CI&T University).

• Discount club.

• Free online platform dedicated to physical, mental, and overall well-being.

• Pregnancy and responsible parenting course.

• Collaborations with online learning platforms.

• Language learning platform.