Are you an experienced Senior Cloud Security Engineer (AWS) looking for your next career move, join our client onsite in Limassol, Cyprus. Emerald Zebra is waiting to hear from you, APPLY now!
About the Company –
Our client is a global leader in trading, with more than 15 years of success, a strong international footprint, and a team of highly skilled professionals. As a pioneer in FinTech innovation, the company continues to drive growth through advanced technologies and a collaborative culture. This is your opportunity to join a forward-thinking environment where innovation meets excellence.
The Role –
We are seeking a Senior Cloud Security Engineer (AWS) to spearhead the design, implementation, and enforcement of advanced security controls. You will be instrumental in building Zero Trust architectures across multi-region AWS deployments, securing EKS/ECS clusters, virtualized workloads, and hybrid environments – all while aligning with regulatory compliance frameworks. This is a hands-on, high-impact role shaping the next generation of financial cloud security.
Key Responsibilities –
Network & VPC Segmentation:
- Design and implement multi-VPC architectures with subnet micro-segmentation and Transit Gateway routing.
- Enforce Zero Trust segmentation between workloads, users, and external partners.
- Apply strict ingress/egress controls using AWS Network Firewall, Security Groups, and NACLs.
Firewalling, DNS & Threat Prevention:
- Deploy AWS Network Firewall with custom Suricata/DPI rules.
- Apply AWS WAF protections for APIs, trading platforms, and client portals.
- Harden DNS with Route 53 DNS Firewall to prevent tunneling and spoofing.
- Define and monitor DLAP/DLP policies for data protection.
- Integrate EDR tools (e.g., CrowdStrike, SentinelOne) across workloads.
Encryption & Data Security:
- Enforce encryption at rest, in transit, and in use with KMS, ACM, HSM, TLS 1.3, and Nitro Enclaves.
- Automate key lifecycle management and cross-region rotation.
- Apply confidential computing protections for sensitive workloads.
Kubernetes & Virtualization Security:
- Secure EKS, ECS, and Kubernetes clusters (RBAC/ABAC, pod policies, runtime security).
- Implement container image scanning and vulnerability pipelines.
- Deploy admission controllers and native firewalls for Zero Trust enforcement.
- Harden VMs, WorkSpaces, and VMware workloads with monitoring and micro-segmentation.
- Establish runtime anomaly detection with tools like Falco, GuardDuty, and Datadog.
Anomaly Detection & Attack Prevention:
- Implement AI/ML-based anomaly detection across networks and workloads.
- Define playbooks for insider threats, tunneling, and privilege escalation.
- Correlate findings from GuardDuty, WIZ, Inspector, and SIEM platforms.
- Lead threat modeling and red team exercises.
Infrastructure as Code & Automation:
- Build secure Terraform modules for AWS and Kubernetes.
- Embed compliance-as-code in CI/CD pipelines (OPA, Sentinel).
- Automate posture drift detection with Terraform + WIZ/Security Hub.
- Drive GitOps workflows for immutable deployments.
Observability & Incident Response
- Design SIEM dashboards with OpenSearch, CloudWatch, Grafana, and Loki.
- Integrate alerting into Jira, Slack, and PagerDuty workflows.
- Lead incident response for AWS, Kubernetes, and virtualized workloads.
- Automate containment pipelines for compromised assets.
Your Profile
Qualifications:
- 6-8+ years of Cloud Security Engineering, with AWS specialization.
- Deep knowledge of VPC segmentation, Zero Trust, and firewalling.
- Proven expertise in Kubernetes/EKS security.
- Experience with EDR, DLP/DLAP, DNS protection.
- Strong Terraform and IaC security automation background.
- Advanced knowledge of encryption in all states (at rest, transit, in use).
- Hands-on with SIEM, anomaly detection, and ML-based prevention.
- Familiarity with compliance frameworks (CIS, NIST, ISO 27001, SOC2, GDPR, ASIC, ESMA).
Preferred Certifications:
- AWS Certified Security Specialty (required)
- AWS Solutions Architect Professional
- AWS Advanced Networking Specialty
- Certified Kubernetes Security Specialist (CKS)
- HashiCorp Terraform Associate
- CISSP / CCSP
- SANS GIAC Cloud Security certifications (GCSA, GCLD, GDSA)
- ISO 27001 Lead Implementer/Auditor
Why Join?
Experience rewards because you matter!
- Salary Range – EUR 65,000 – 85,000 gross/year (depending on level of experience)
- Career Growth -ongoing learning and clear advancement opportunities.
- Work Life Balance – 22 days of annual leave.
- Wellness & Healthcare – 12 paid sick days + full medical insurance after 6 months.
- Future Security – Provident fund access after 6 months.
- Snack Hub – Fresh fruit, snacks, and beverages available daily.
- Lunch on the company – Daily buffet lunch with your team.
- Paid Overtime – Extra effort recognized and rewarded.
- Learning & Development – Dedicated budget for your upskilling.
- Team Spirit – Regular events and team-building activities.
- Fitness & Recreation – Gym access, sports, and spa treatments.
- Unwind Fridays – Close the week with a relaxed team drink.
- Working Schedule -Onsite in Limassol – Monday to Friday, 09:00 – 17:00
If you are interested in this job opportunity and meet the above requirements APPLY at the link below. For more information email georgia.michaelides@emeraldzebra.cy