Cloud Security Architect

Wiser Technology is a leading software development company. Our team of 600 engineers across Europe excels in web and mobile software development, video streaming, defense, machine learning, automotive, e-commerce, and AI. We leverage top-tier technologies and expertise driven by a passion for innovation to drive progress.

We are in the process of developing a new scalable and secure private cloud platform OpenStack, Kubernetes, and OpenShift. The Security Architect will be a pivotal member of the team, responsible for designing and implementing a comprehensive, cloud-native security framework for the entire PaaS ecosystem. This role involves establishing the security vision and strategy, embedding  Zero Trust principles, and enabling Security as Code to ensure the platform's integrity, confidentiality, and availability.

WHAT YOU WILL DO:

⦁    Collaborate with stakeholders, architects, and engineering teams to define and implement a security strategy for the private cloud platform.
⦁    Develop and maintain security architecture blueprints, design documents (HLD/LLD), and threat models, considering hybrid-cloud integration points with public cloud providers (e.g., AWS, Azure, GCP).
⦁    Design and govern a central Key Management Service (KMS) to manage cryptographic keys for data-at-rest encryption and application secrets.
⦁    Architect security controls for core OpenStack services, including block storage (Cinder) and Load Balancing as a Service (Amphora), ensuring proper isolation and data protection.
⦁    Lead the implementation of Policy as Code using OPA (Open Policy Agent) to automate the enforcement of security guardrails across the platform and CI/CD pipelines.
⦁    Define and implement a Zero Trust network security architecture at the CNI layer, specifically leveraging Cilium for eBPF-based policy enforcement and transparent inter-pod traffic encryption.
⦁    Architect and oversee robust Identity and Access Management (IAM) solutions built on technologies like Java, ensuring the segregation of duties and least-privilege access for all service principals and user identities.
⦁    Conduct security reviews of custom platform components and operators written in Go for Kubernetes, identifying potential vulnerabilities in the codebase.
⦁    Integrate security into automated platform provisioning processes (i.e., "Account Vending Machines") to ensure new projects are created with secure-by-default configurations.
⦁    Design the foundational security architecture for platform services, including the principles of isolated logging, backup, and security tooling accounts to ensure non-repudiation and tamper-resistance.
⦁    Oversee the platform's security information and event management (SIEM) strategy and its integration with a centralized Security Lake for advanced threat hunting.

WHAT YOU WILL NEED:

⦁    Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Engineering, or a related technology discipline.
⦁    7+ years of experience in a senior cybersecurity role, with 5+ years in a cloud security architecture capacity.
⦁    Deep understanding of Zero Trust architecture and practical experience implementing its principles in a cloud or containerized environment.
⦁    Proven experience with public cloud security models (AWS, Azure, or GCP), including their IAM, policy enforcement, and security services.
⦁    Expertise in securing containerized environments, including Kubernetes and RedHat OpenShift.
⦁    Hands-on experience with advanced Container Network Interfaces (CNI), specifically Cilium, and its eBPF-based security and encryption capabilities.
⦁    Deep expertise in designing and managing Key Management Service (KMS) solutions for cloud environments.
⦁    Practical knowledge of OpenStack security, including securing components like Cinder and Octavia (Amphora load balancers).
⦁    Experience with Policy as Code tools, specifically Opa (OPA/Rego), and embedding security controls into Infrastructure as Code (IaC) tools like Terraform and Ansible.
⦁    Familiarity with the security implications of applications written in Java and Go, especially in a cloud-native context.
⦁    Strong communication skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
⦁    Relevant security and cloud certifications are highly advantageous (e.g., CISSP, CCSP, CKS, or public cloud security certifications).

WHAT’S IN IT FOR YOU?

Culture & Development:

Friendly Environment: We take pride in our culture and love spending time together.
Team Spirit: Be part of a supportive team that uplifts each other.
Mentorship and coaching: Our colleagues are experts in their field, and you can expect to have a solid team to rely on.
Personalized Development Program: We realize that one size doesn’t fit all, so you'll receive an individual development plan tailored to your career aspirations.

Social Benefits:

Work Flexibility: Embrace flexible working hours and choose from remote, hybrid, or onsite work models. Multiple Office Locations: In Sofia, Plovdiv, Stara Zagora, and Nis, you can choose where you would like to work.
A Suite of Perks: Enjoy food vouchers, additional health insurance, and more.
Community and Connections: Engage in exciting social events and team initiatives.

At Wiser, every role is instrumental. You will have the power to make a difference!

Ready to advance your career with a tech leader passionately driven by innovation?

Join Wiser - Become Wiser