Senior Cloud Security Engineer (AWS) at IC Markets (CY) Ltd

Join our dynamic team at IC Markets as a Senior Cloud Security Engineer (AWS) and help shape the future of FinTech innovation. This full-time, on-site opportunity based in Limassol offers you the chance to make a real impact in a fast-paced and forward-thinking environment. Apply now and take the next step in your career with us!

Who We Are:

IC Markets, a global leader in trading with over 15 years of success, a strong international presence, and a team of skilled professionals, remains at the forefront of financial technology innovation. As an agile company that values growth and collaboration, we offer an exciting opportunity to be part of a dynamic industry where innovation meets excellence.

What You’ll Do:

We are seeking a Senior Cloud Security Engineer to lead the design, implementation, and enforcement of advanced AWS and container security controls under the IC First Global Security Program. This role spans VPC segmentation, firewalls, encryption, DLAP/DLP, EDR, DNS protection, Kubernetes hardening, and virtualization security, with a heavy emphasis on Terraform-driven automation, anomaly detection, and attack prevention at scale.

The successful candidate will be instrumental in building global Zero Trust architectures across multi-region AWS deployments, securing EKS/ECS clusters, virtualization workloads, and hybrid integrations while ensuring full alignment with compliance frameworks in regulated financial environments.

What We’re Looking For:

Network & VPC Segmentation

• Design and implement multi-VPC architectures with subnet micro-segmentation and Transit Gateway routing enforcement.
• Enforce Zero Trust network segmentation between workloads, users, and external partners.
• Apply strict ingress/egress controls with AWS Network Firewall, Security Groups, and NACLs.

Firewalling, DNS & Threat Prevention

• Deploy AWS Network Firewall with custom Suricata/DPI rulesets.
• Apply AWS WAF Advanced Protections for APIs, trading platforms, and client portals.
• Harden DNS with Route 53 Resolver DNS Firewall, enforcing global anti-tunneling and anti-spoofing policies.
• Define and monitor DLAP/DLP prevention policies to prevent data exfiltration across all workloads.
• Integrate EDR (CrowdStrike, SentinelOne) for all EC2, container, and serverless workloads.

Encryption & Data Security

• Enforce encryption at rest, in transit, and in use (KMS, ACM, HSM, TLS 1.3, Nitro Enclaves).
• Automate key lifecycle management and cross-region rotation.
• Apply confidential computing protections for financial and trading workload.

Kubernetes & Virtualization Security

• Secure EKS, ECS, and Kubernetes clusters with pod-level network policies, RBAC/ABAC, and runtime security.
• Implement container image scanning (ECR, third-party registries) and vulnerability management pipelines.
• Deploy Kubernetes-native firewalls and admission controllers for Zero Trust enforcement.
• Harden virtualized workloads (VMs, WorkSpaces, VMware on AWS) with endpoint monitoring and network micro-segmentation.
• Establish runtime anomaly detection for containerized and virtualized workloads (Falco, GuardDuty for EKS, Datadog).

Anomaly Detection & Attack Prevention

• Implement AI/ML-based anomaly detection for network, DNS, and workload behaviors.
• Define preventive playbooks for insider threats, DNS tunneling, and privilege escalation.
• Correlate findings from GuardDuty, WIZ, Inspector, and SIEM platforms to predict and prevent attacks.
• Lead threat modeling and red team exercises across cloud and container environments.

Infrastructure as Code & Automation

• Build secure Terraform modules for AWS, Kubernetes, and firewall policies.
• Embed compliance-as-code into CI/CD pipelines (OPA, Sentinel).
• Automate posture drift detection with Terraform + WIZ/Security Hub integrations.
• Drive adoption of GitOps workflows for immutable security deployment.

Observability & Incident Response

• Design multi-region SIEM dashboards (AWS OpenSearch, CloudWatch, Grafana, Loki).
• Integrate ISeeFirst alerting into Jira, Slack, and PagerDuty workflows.
• Lead incident response and containment for anomalies in AWS, Kubernetes, and virtualized workloads.
• Build automated response pipelines (e.g., isolate compromised containers or VPC subnets automatically).

Qualifications:

• 6–8+ years in Cloud Security Engineering, with AWS specialization.
• Deep knowledge of VPC segmentation, subnets, firewalling, and Zero Trust architectures.
• Strong expertise in Kubernetes/EKS security (network policies, admission controllers, pod runtime security).
• Proven track record implementing EDR, DLAP/DLP, and DNS protection strategies.
• Strong experience with Terraform and IaC security automation.
• Advanced knowledge of encryption-in-transit, -at-rest, and -in-use (KMS, TLS, Nitro, Enclaves).
• Hands-on with SIEM, anomaly detection, and ML-based attack prevention.
• Familiarity with compliance frameworks (CIS, NIST 800-53, ISO 27001, SOC2, GDPR, ASIC, ESMA).

Preferred Certifications

• AWS Certified Security – Specialty (required)
• AWS Solutions Architect – Professional
• AWS Advanced Networking – Specialty
• Certified Kubernetes Security Specialist (CKS)
• HashiCorp Terraform Associate (with security modules focus)
• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Professional)
• SANS GIAC Cloud Security Certifications (GCSA, GCLD, GDSA)
• ISO 27001 Lead Implementer/Auditor (plus for regulatory readiness)

Working Schedule:

• Monday to Friday: 09:00 – 17:00

Why Join Us? Experience Rewards Beyond Just a Job! Because You Matter.

• Competitive Pay – We value you, not just your role. Our compensation reflects the skills and experience you bring to the table.
• Career Growth – Your journey is important. We’re here to support your development with ongoing learning and clear paths to advancement.
• Work-Life Balance – Time to rest is time to thrive. With 22 days of annual leave, your personal life is respected and prioritized.
• Wellness & Healthcare – Health comes first. Enjoy 12 paid sick days and full medical insurance coverage after 6 months—because your well-being is our priority.
• Future Security – We’re invested in your tomorrow. Access our provident fund after 6 months for peace of mind down the road.
• Snack Hub – We care about your daily comfort. Our fully stocked kitchen keeps you energized with fresh fruit, snacks, and beverages.
• Lunch on Us – Nourishment and connection matter. Enjoy a delicious daily lunch buffet with teammates.
• Paid Overtime – Your extra effort doesn’t go unnoticed. We recognize and reward the time you put in.
• Learning & Development – We believe in your potential. Dedicated budgets support your upskilling and curiosity.
• Referral Bonus – People matter here. Bring in great talent and get rewarded for growing our community.
• Team Spirit – Culture is everything. Join a team that celebrates together through events and team-building activities.
• Fitness & Recreation – Stay active and refreshed with access to gym facilities, organized sports, and relaxing spa treatments.
• Unwind Fridays – We’re human too. Enjoy a relaxed Friday drink with colleagues to close the week on a high note.

Our culture is built on empathy, respect, and trust, because at the heart of everything we do is you.

Your next big opportunity starts here!

• Apply now at icmarkets.bamboohr.com/careers and let’s build something incredible together!
• Thank you for your interest in joining IC Markets. Due to the high volume of applications, only candidates under consideration will be contacted. All applications are handled with the strictest confidentiality.

Job Tags: MS Office, Κύπρος, Λεμεσός