Cloud Security Engineer (DevSecOps)

About Trafilea

Trafilea is a dynamic and innovative Tech E-commerce Group that operates multiple direct-to-consumer brands in the intimate apparel and beauty sectors, with a focus on using data-driven strategies to scale their businesses. In addition to our products, we have our own online community dedicated to promoting body positivity. As a rapidly growing global player, Trafilea is committed to creating high-quality products and services that enhance the customer experience and drive long-term growth.

At Trafilea, we foster a culture of collaboration, innovation, and continuous learning. We believe in investing in our people and providing them with the support and development opportunities they need to grow both personally and professionally. With our remote-first approach, you'll have the freedom to work from anywhere in the world, surrounded by a diverse and talented team that spans the globe.

🌟 Role Mission

The Cloud Security Engineer (DevSecOps) is responsible for implementing and maintaining security controls in our AWS cloud environment, ensuring compliance with industry best practices and protecting our infrastructure from cyber threats. You will work closely with DevOps, engineering, and security teams to embed security in all stages of development and operations, driving a shift-left security culture.

Your mission is to proactively identify and mitigate security risks, enforce secure infrastructure design, and ensure our cloud environment remains resilient, compliant, and secure.

🛠️ Responsibilities

🔹 Cloud Security Architecture & Compliance

• Design and implement secure cloud architectures in AWS, ensuring best practices for network security, IAM, and data protection.

• Define and enforce security policies, guardrails, and compliance frameworks (SOC 2, ISO 27001, GDPR).

• Monitor and mitigate security vulnerabilities across cloud services, applications, and networks.

🔹 DevSecOps & Automation

• Integrate security tools into CI/CD pipelines to automate security scanning, vulnerability management, and compliance checks.

• Develop and maintain Infrastructure as Code (IaC) security policies using Terraform, CloudFormation, or CDK.

• Automate security controls, monitoring, and remediation using Python, Bash, or similar scripting languages.

🔹 Threat Detection & Incident Response

• Implement SIEM, IDS/IPS, and security monitoring tools to detect and respond to threats.

• Define incident response plans and lead investigations for security incidents.

• Perform cloud security assessments, penetration testing, and risk analysis.

🔹 Identity & Access Management (IAM) Security

• Design secure authentication and authorization models using IAM best practices.

• Implement least privilege access controls, role-based access control (RBAC), and multi-factor authentication (MFA).

• Enforce AWS security policies, service control policies (SCPs), and permissions boundaries.

🔹 Security Awareness & Collaboration

• Work closely with DevOps and engineering teams to foster a security-first mindset.

• Conduct training sessions on secure coding, cloud security best practices, and threat mitigation.

• Document security processes, standards, and best practices.

What we offer

• Collaborate with world-class talents in a data-driven, dynamic, energetic work environment.

• Opportunity to grow and develop both professionally and personally.

• Safe space to be who you truly are, with a commitment to diversity, equity, and inclusion.

• Openness to new ideas and initiatives.

• Great benefits package including remote work, 15 working days of paid holidays, Learning subsidy, and more!

We've been recognized by Forbes and FlexJobs as one of the Top 25 Companies for Remote Workers. Apply now!

Requirements

🎓 Qualifications

✅ Must-Have Skills

✔️ 3+ years of experience in cloud security, DevSecOps, or cybersecurity roles.

✔️ Strong expertise in AWS security (IAM, Security Groups, KMS, WAF, GuardDuty, Config, Inspector, etc.).

✔️ Experience securing CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI/CD) and integrating security tools (SAST, DAST, SCA).

✔️ Strong knowledge of cloud networking security (VPC, NACLs, VPN, Firewalls, Zero Trust principles).

✔️ Experience with Infrastructure as Code (Terraform, CloudFormation, AWS CDK) and security policy automation.

✔️ Proficiency in threat detection, incident response, and security monitoring tools.

✔️ Hands-on experience with scripting and automation (Python, Bash, PowerShell, or similar).

✅ Nice-to-Have Skills

➕ Experience with Kubernetes and container security (EKS, Istio, Falco, Aqua Security, or similar).

➕ Knowledge of AWS Organizations, SCPs, and Landing Zone security best practices.

➕ Experience with Cloud Security Posture Management (CSPM) tools (Prisma Cloud, AWS Security Hub, Wiz).

➕ Familiarity with compliance frameworks (SOC 2, ISO 27001, PCI-DSS, GDPR, NIST 800-53).

➕ Experience conducting red teaming, penetration testing, or cloud security assessments.