In this role, you will manage the design, implementation, and ongoing management of advanced security controls across both on-premises and cloud environments, with a strong emphasis on Microsoft Azure and Amazon Web Services (AWS).

The ideal candidate combines deep technical expertise with strong analytical and problem-solving skills and can collaborate effectively with a wide range of business and technology stakeholders. A solid understanding of Cyber Security Operations, including threat detection, incident response, and security monitoring, is also essential to success in this role. The role required a close alignment and management of different managed service providers ranging from ITSM to MSSP.

Key Responsibilities:

• Develop, implement, and maintain secure cloud architectures and configurations within Azure and AWS under the supervision of the BISO.
• Manage the deployment and lifecycle of cloud security controls, including identity security, workload protection, data protection, network segmentation, and monitoring/logging.
• Manage, optimize, and tune XDR technologies to enhance threat detection, investigation, and automated response capabilities.
• Conduct indepth security incident investigations and lead root cause analysis, remediation planning, and prevention activities.
• Collaborate with engineering, architecture, and DevOps teams to embed proactive security controls into infrastructure and application designs.
• Support organizational GRC efforts, including risk assessments, compliance reviews, policy development, and audit preparation.
• Contribute to the continuous improvement of cybersecurity processes, tooling, and operational effectiveness.
• Identify emerging threats and vulnerabilities and recommend appropriate mitigation strategies.
• Mentor junior team members and act as a subject matter expert across cloud, infrastructure security, and threat detection technologies.
• Design and deliver cybersecurity exercises (i.e. tabletop games, etc.) to various stakeholders.

Required qualification:

• Minimum 4 years of experience in cybersecurity engineering, cloud security engineering, or an equivalent technical role.
• Demonstrated expertise with cloud providers such as Microsoft Azure and AWS security services, architectures, and best practices.
• Handson experience with XDR platforms such as Microsoft Defender XDR, CrowdStrike Falcon or Palo Alto Cortex XDR.
• Strong understanding of identity and access management, network security, endpoint security, SIEM/SOAR, and vulnerability management.
• Knowledge of GRC practices, including risk assessments, compliance frameworks, and security governance.
• Experience with scripting and automation (e.g. PowerShell, Python, Terraform, CloudFormation).
• Excellent analytical, troubleshooting, and communication skills.

Preferred qualifications:

• Relevant cloud architecture certifications for major platforms such as Microsoft Azure and Amazon Web Services (AWS) (e.g., AZ, AWS).
• Recognized cybersecurity certifications demonstrating expertise in security engineering, operations, and threat management (e.g., GIAC).
• Industry-standard security credentials related to cloud security, incident response, monitoring, and governance (e.g., SC).
• Advanced or specialized certifications in offensive or defensive security disciplines (e.g., OffSec).
• Additional professional certifications reflecting broad knowledge of cybersecurity best practices, risk management, and compliance.
• Experience integrating security into CI/CD pipelines and working within DevSecOps models.
• Knowledge of Kubernetes and container security (AKS, EKS, K8s).
• Experience with SSDLC, threat modeling, and secure architecture review methodologies.
• Knowledge and understanding of the maritime value chain and its cyber threat landscape.

Personal skills:

• Strong ownership mindset with the ability to operate autonomously.
• Excellent organizational and multitasking abilities.
• High degree of integrity and commitment to protecting sensitive information.
• Strong communication and interpersonal skills with the ability to engage stakeholders effectively.