Job Description

We are looking for a Cloud Security Engineer with mandatory experience in banking, fintech, or regulated sectors to lead the design and implementation of secure, compliant cloud infrastructures The candidate must have a strong understanding of regulatory frameworks and enterprise-grade security controls, with the ability to operate in high-compliance environments.

Key Responsibilities:

• Own and implement cloud security architectures and landing-zone guardrails across network, identity, data, and logging layers.
• Secure configurations for databases, storage, serverless, and other cloud-native services.
• Design and enforce least-privilege IAM, including SSO (SAML/OIDC) and PAM workflows.
• Implement key and credential lifecycle management, including MFA, short-lived tokens, and machine identity governance.
• Ensure data protection via encryption at rest and in transit, along with tokenization where required.
• Define and enforce network segmentation, private connectivity, secure egress, and API security.
• Implement protections such as WAF, DDoS mitigation, and bot defense mechanisms.
• Establish and manage Zero Trust access models for users and services.
• Integrate security scanning tools (SAST, DAST, Secrets, IaC) into CI/CD pipelines.
• Maintain compliance and audit readiness for SAMA, NCA, ISO 27001, PCI DSS, SWIFT CSP.
• Develop and enforce policies-as-code, tagging standards, and exception workflows.
• Integrate and manage cloud logs within SIEM platforms (e.g., Splunk).
• Orchestrate cloud and container security scanning, track remediation SLAs, and collaborate with engineering teams.

Requirements

• 7–12 years of experience in cybersecurity, including 3+ years securing public cloud environments (GCP or OCI preferred).
• Mandatory experience in fintech, banking, or highly regulated industries.
• Strong expertise in IAM/SSO/PAM, KMS/HSM, PKI, and key rotation strategies.
• Hands-on experience with cloud security platforms CSPM, CNAPP, CWPP, CIEM, and native tools (e.g., GCP SCC, OCI Cloud Guard).
• Deep understanding of network and web security VPC/VNet, routing, private link, TLS/mTLS, API gateways.
• Experience with container and Kubernetes security, including runtime protection and network policies.
• Proficiency in DevSecOps tools Terraform, CI/CD pipelines, scripting (Python/PowerShell), and log analysis (SQL/Regex).

• Strong familiarity with regulatory frameworks

1. SAMA Cybersecurity Framework
2. NCA ECC
3. ISO 27001
4. PCI DSS
5. SWIFT CSP

• Experience integrating security monitoring with SIEM tools (Splunk preferred).

Preferred Qualifications:

• Cloud certifications (GCP, OCI, AWS, or Azure Security)
• Experience in banking, fintech, or regulated environments
• Strong documentation, communication, and stakeholder management skills

What We’re Looking For:

• Strong problem-solving mindset with a security-first approach
• Ability to work cross-functionally with DevOps, Engineering, and Compliance teams
• Ownership-driven individual who can design and implement scalable security solutions