Senior DevSecOps Engineer (Cloud) in Cinc Systems

• Operate and optimize cloud-native security tools (e.g., Orca Security, AWS Security Hub, Azure Security Center, Microsoft Defender, Purview/Priva) to safeguard data, detect cloud threats, secure SaaS & AI usage, and enforce secure configurations.
• Develop and enforce cloud security policies, standards, and automation scripts to ensure scalable, consistent security practices.
• Lead vulnerability and patch management across cloud infrastructure, partnering with Cloud Infrastructure to harden externally exposed services, validate remediation effectiveness, and reduce false positives.
• Strengthen secure cloud architecture by collaborating on backup resiliency, integrating security into CI/CD pipelines, and tuning protective platforms including WAF, bot mitigation, and DDoS tools.
• Collaborate with managed NOC/SOC partners to ensure telemetry data from cloud infrastructure and endpoints integrates into SIEM and IDS platforms.
• Deliver actionable insights by developing security dashboards, reports, and KPIs for risk management, executive leadership, and board-level readouts.
• Automate compliance and enforcement using policy-as-code, integrating cloud telemetry with the GRC platform to streamline evidence collection and regulatory workflows.
• Enhance secure access through VPNs, zero-trust, IAM integration, and continuous monitoring across AWS, Azure, and SaaS environments.
• Lead proactive risk management activities, including penetration testing, threat modeling, and regular risk assessments.
• Champion a security-first culture by partnering with Corporate IT, cloud engineers, and developers to embed secure design principles.
• Ensure regulatory compliance with SOC 2, ISO 27001, GDPR, and other frameworks.
• Communicate effectively with distributed teams (U.S. and LATAM) in English, fostering collaboration and knowledge sharing.
• Support incident response by participating in on-call rotations and providing after-hours coverage when required.

Professional certifications such as AWS Security Specialty, CCSP, CCSK, or similar are advantageous. Experience with enterprise firewalls (e.g., Palo Alto, Fortinet), IaC and automation tools (Terraform, Ansible, CloudFormation), and container runtime security with RBAC controls is highly valued. Hands-on knowledge of implementing secure baselines across AWS and containerized environments, and integrating them into CI/CD and IaC workflows, is a plus.