Senior Security Engineer

Webellian is a well-established Digital Transformation and IT consulting company committed to creating a positive impact for our clients. We strive to make a meaningful difference in diverse sectors such as insurance, banking, healthcare, retail, and manufacturing. Our passion for cutting-edge and disruptive technologies, as well as our shared values and strong principles, are what motivate us. We are a community of engineers and senior advisors who work with our clients across industries, playing a deep and meaningful role in accelerating and realizing their vision and strategy.

• 5+ years professional experience in cloud security, infrastructure security, or security engineering roles.
• Strong Azure security services experience: Azure Defender for Cloud, Sentinel, Azure Policy, Key Vault, Private Endpoints, and Entra ID.
• Kubernetes security expertise: RBAC design, network policies, pod security admission, Workload Identity, and namespace-level security isolation.
• Container security experience: image scanning tooling (Trivy, Grype or equivalent), supply chain security practices (signing, provenance), and container runtime hardening.
• IAM and identity depth: managed identities, service principals, OIDC federation, and least-privilege design patterns across cloud and Kubernetes environments.
• Network security fundamentals: private networking architecture, ingress and egress controls, TLS management, and firewall policy governance.
• Vulnerability management process experience: from scanning pipeline integration through CVE triage to tracked remediation.
• Security compliance fundamentals: GDPR principles, audit logging design, data residency requirements, and access control frameworks.
• Scripting proficiency in Python or bash for security automation and tooling integration.

Nice to have:

• Cloud security certifications: AZ-500 (Azure Security Engineer), SC-100 (Cybersecurity Architect), or CISSP.
• Policy-as-code experience: OPA/Gatekeeper or Azure Policy for automated compliance enforcement.
• SIEM and SOAR experience: Azure Sentinel rule authoring, playbook automation, and incident orchestration.
• Experience in regulated industries (insurance, finance, healthcare) where security controls must meet external audit and regulatory standards.
• Exposure to zero-trust architecture patterns and their practical implementation in cloud-native environments.
• Experience with secrets scanning and pre-commit security tooling integrated into developer workflows.
• Comfortable in agile, iterative delivery environments; able to ship security improvements incrementally without blocking product teams.
• Clear communicator across technical and non-technical stakeholders; translates security risk into business terms for Governance and leadership audiences.
• Proactive learner with pragmatic adoption of AI-assisted developer tools (e.g., GitHub Copilot, Claude Code) to improve security automation and coverage.

• Design and implement cloud security controls across the platform: network policies, private endpoints, Zone 4 compliance configurations, and Azure Policy enforcement.
• Own workload identity and IAM for AKS: Azure Managed Identity, OIDC Workload Identity federation, RBAC scoping per namespace, and least-privilege access patterns for all platform services.
• Manage secrets infrastructure: Azure Key Vault integration, secrets rotation policies, Kubernetes secrets standards, and audit logging for secrets access.
• Implement and maintain container security controls: image scanning pipelines (Trivy), pod security admission, runtime security standards, and supply chain security (image signing and provenance).
• Operate network security across the platform: private networking design, ingress controls, TLS certificate lifecycle management, and firewall rule governance.
• Run vulnerability management: integrate scanning into CI/CD pipelines, triage CVEs across base images and platform dependencies, prioritize remediation, and track to closure.
• Harden baseline configurations for AKS clusters, ACR, and Azure services; maintain documented security baselines and review them against CIS benchmarks and Azure Security Center recommendations.
• Support audit and compliance requirements: design audit logging coverage, manage log retention, and produce evidence packages for GDPR and regulatory reviews in coordination with the Governance team.
• Integrate threat detection: configure Azure Defender and Sentinel alerting for security events across the platform; own the security alerting runbook.
• Translate compliance requirements from the Governance team into concrete technical controls; own the implementation — Governance owns the policy, you own the execution.