cloud secops

Cloud Security / SECOPS Architect

Company Description

BitSecTech specializes in providing robust security solutions, including security architecture design, compliance, cloud security, and virtual CISO services. Our offerings also include managed security operations with 24/7 monitoring and incident response services to handle breaches swiftly. We secure both IT and industrial environments and our team is trusted by organizations for our hands-on expertise, flexible service models, and rapid response capabilities.

Core Responsibilities

o  Architecture & Strategy

· Develop secure blueprints for AWS / Azure / GCP environments (network, IAM, secrets management, KMS, data protection).

· Define reference architectures for managed services (EKS/AKS/GKE, Serverless, Databases, Data Lakes).

· Build a Cloud Security Roadmap: Zero Trust, risk mapping, prioritization, and Security by Design in the SDLC.

o  SECOPS & Detection / Response

· Design and implement SIEM/SOAR solutions (detection rules, playbooks, triage, automation).

· Deploy and manage sensors and logging (CloudTrail/Activity Logs, VPC Flow, DNS, EDR, Container/Runtime monitoring).

· Lead incident response in the cloud: create and maintain IR runbooks, coordinate communication, conduct post-mortems, and drive security hardening.

o  Automation & Infrastructure as Code (IaC)

· Implement automated guardrails using Terraform/CloudFormation/Bicep and Policy as Code (OPA/Conftest).

· Build secure CI/CD pipelines with integrated security gates, SAST/DAST/SCA, and container scanning.

o  Identity & Access Management

· Design a multi-layer IAM architecture: RBAC/ABAC, role mapping, least privilege, PAM/JIT.

· Integrate with IdPs (SSO, MFA), workload identities, and cross-account/project access.

o  Data Security

· Define and enforce data classification and encryption (KMS/HSM), manage keys/secrets, apply tokenization and masking.

· Implement DLP controls, audits, and data residency compliance.

o  Compliance & Governance

· Map and align security controls to standards such as ISO 27001/27701, SOC 2, PCI DSS, HIPAA, etc.

· Establish CSPM/CNAPP programs and continuous compliance frameworks (CIS Benchmarks, NIST, CSA CCM).

o  Cross-Organizational Partnerships

· Collaborate closely with DevOps/Platform, Engineering, Data, IT, Legal, and Privacy teams.

· Promote awareness and provide mentoring (Security Champions programs, targeted training).

Role Description

This is a full-time on-site role located in the Tel Aviv District, Israel, for a Cloud SecOps professional. The successful candidate will be responsible for monitoring cloud environments, responding to security incidents, managing security tools, performing vulnerability assessments, and ensuring compliance with security protocols. Day-to-day tasks include designing and implementing security measures, analyzing and mitigating threats, managing SIEM tools, and collaborating with other departments to secure cloud infrastructure.

Qualifications

• Experience with cloud security, monitoring, and incident response
• Proficiency in security tools such as SIEM, EDR, vulnerability management systems
• Knowledge of compliance frameworks such as ISO, NIST, GDPR
• Strong analytical and problem-solving skills
• Excellent written and verbal communication skills
• Ability to work on-site in Tel Aviv District, Israel
• Bachelor's degree in Computer Science, Information Security, or related field, or equivalent work experience
• Certifications such as CISSP, CISM, or CEH are a plus

Required Skills

• Experience: 5–8 years in information security, including at least 3+ years in cloud architecture and hands-on SECOPS.
• Cloud Platforms: Strong expertise in at least one major cloud provider (AWS / Azure / GCP) with solid knowledge of the others.
• Security Operations: Building SIEM use cases, writing detection rules, and investigating cloud security incidents.
• Infrastructure as Code (IaC): Proficiency with Terraform / CloudFormation / Bicep, GitOps workflows, and secure code reviews.
• Containers / Kubernetes: Experience with Network Policies, Admission Controllers, and runtime security.
• Automation: Scripting in Python / Bash, API integrations, and building SOAR playbooks.
• Privacy & Compliance: Gap assessments, continuous compliance monitoring, and preparing controls for audits.
• Soft Skills: Leadership without direct authority, strong interpersonal communication, prioritization, and systems thinking.