Cloud Security & Compliance Engineer Architect
About Us
BySix Engineers the future and drives innovation. We are more than just a standard software engineering company, we believe that true impact comes from combining technical expertise with human values.
That's why we reflect that in our approach - technology is not the end goal, but the enabler.
Why Us?
๐ซธ Multidisciplinary team
๐ Training on demand
๐ด Attractive salary and benefits package
๐ Career progression plans
๐ And amazing get together events
What are we looking for?
We are looking for an Cloud Security & Compliance Engineer Architect with:
- 5+ years in infrastructure or security engineering, with 5+ years focused on public cloud (Azure and/or OCI).
- Proven design and delivery of secure landing zones at scale, including micro-segmentation, identity & access boundary, logging pipeline, data-classification and encryption strategy.
- Deep knowledge of Azure Well-Architected Framework, Azure Security Benchmark/Baseline, CIS Foundations Benchmark v2.0 (Azure & OCI), NIST SP 800-190, NIST CSF/800-53, and MITRE ATT cloud tactics.
- Hands-on mastery with Terraform/Bicep, Kubernetes security (RBAC, network policies, PodSecurity standards), container registry hardening and image-signing (Cosign/Notary v2).
- Experience integrating cloud workloads with SIEM/SOAR platforms (Sentinel, Splunk, QRadar), EDR and CSPM tools (Wiz, Prisma Cloud, Microsoft Defender CSPM).
- Scripting / coding proficiency (PowerShell, Python, Go or similar) for automation and custom control development.
- Certifications: AZ-305 / AZ-500, OCI Architect Professional, CCSP or CISSP-ISSAP (or equivalent demonstrable expertise).
- Preferably with Cloud Oracle knowledge.
What do we expect from you?
- Design secure multi-subscription / multi-tenant landing zones in Azure and OCI, aligned to the five Well-Architected pillars (Security, Reliability, Performance Efficiency, Operational Excellence, Cost).
- Drive container-security reference architectures (AKS, OKE, ACI, OCI Containers, Kubernetes on IaaS) that satisfy NIST SP 800-190 and NSA/CISA hardening guidance.
- Map regulatory and internal requirements to the Azure Security Benchmark/Baseline, CIS Azure/OCI 2.0 controls, PCI DSS, ISO 27001 and SOC 2.
- Build automated policy as code (Azure Policy, OCI Guardrails, Terraform Sentinel, OPA/Gatekeeper) to enforce guardrails and generate evidence for auditors.
- Develop and maintain IaC modules (Bicep/Terraform/OCI Resource Manager) with integrated security controls, reusable across product teams.
- Integrate static/dynamic IaC security scans (Azure Defender for cloud, Oracle Guard tfsec, Trivy, Dockle) and container image signing into the CI/CD pipeline (GitHub Actions/Azure DevOps/ArgoCD).
- Configure Azure Security Center/Defender, Microsoft Sentinel, and OCI Cloud Guard to detect, triage and respond to threats.
- Establish KPIs/KRIs and real-time dashboards for cloud posture, vulnerability debt and compliance drift.
- Act as a trusted advisor to engineering teams, running threat-model workshops, training on secure coding, and championing a โpaved-roadโ DevSecOps culture.
- Evaluate emerging controls (Confidential Computing, SBOM, DICE-based attestation) and present recommendations to the Architecture Review Board.
Are you ready?
If you're ready to make a real impact by leveraging cutting-edge technology and fostering human-centric solutions, BySix is the place for you. Together, we'll drive innovation and create lasting business value.
Note: BySix is an equal opportunity employer. All applicants will be considered and analyzed regardless of ethnicity, religion, gender identity, sexual orientation, national origin, age, or disability status.
person_pinLocation
Lisboa
historyExperience
Min. 5 years
architectureMain skills