Cloud Security Specialist

Synerise is a technology company delivering an all-in-one AI-enhanced data platform used in over 30 markets across industries such as Retail, Banking, eCommerce, Automotive, Insurance, and Telco, processing more than 150 billion transactions annually. They are also developing the Base Model platform, a foundation model for behavioral data aimed at enterprise Data Science teams to innovate in AI.

• At least 3 years of experience in IT security focused on cloud-native environments.
• In-depth knowledge of Kubernetes security (RBAC, network policies, pod security standards) and experience managing microservices architectures.
• Proven experience implementing DevSecOps solutions securing CI/CD pipelines (GitLab CI/CD, ArgoCD) and using tools for code security and vulnerability scanning.
• Strong expertise in Azure and Google Cloud Platform security features and tools (Azure Security Center, Google Cloud Security Command Center).
• Strong understanding of security threats and attack techniques relevant to containerized and cloud-native environments.
• Proficiency in scripting languages such as Python and Bash to automate security processes.
• Familiarity with monitoring and logging tools including Elastic Stack, Prometheus, and Grafana.
• Knowledge of security frameworks and best practices (OWASP SAMM, NIST CSF) and compliance regulations such as GDPR.
• Preferred certifications: CKS, CISSP, Azure/GCP Security Specialty, CEH, or similar.
• Fluency in Polish (C2) and English (C1).

• Monitor and secure cloud environments, primarily on Azure and Google Cloud Platform (GCP), using built-in security tools and custom controls for self-hosted IaaS components.
• Implement and manage security measures for containerized platforms using Kubernetes and Docker, focusing on microservices architectures.
• Design, implement, and maintain DevSecOps solutions in CI/CD pipelines, integrating tools for code security analysis, vulnerability management, software composition analysis, and security testing.
• Collaborate with DevOps and development teams to embed "security by design" principles throughout the product development lifecycle.
• Conduct security audits including penetration tests and vulnerability scans for applications and infrastructure.
• Analyze security incidents, perform root cause investigations, and implement remediation strategies.
• Develop, implement, and maintain security policies and standards based on best practices such as ISO 27001, NIST CSF, and CIS Benchmarks.
• Provide education and training for teams on application and infrastructure security.