EXUS is hiring a Head of Security to lead the security strategy for our managed services, reporting directly to the CTO. This fully remote role is central to securing our platforms that revolutionize credit risk management, with a strong emphasis on DevSecOps practices.
What You'll Do
- Lead Cloud Security Strategy for Managed Services.
- Lead a security team supporting cloud services, including DevSecOps engineers and cloud security architects.
- Collaborate with cloud operations, DevOps, compliance, and client success teams to ensure secure delivery of managed services.
- Secure cloud and on-premises infrastructure, containerized workloads, and Kubernetes clusters.
- Implement and monitor compliance with industry security benchmarks (e.g. CIS, NIST).
- Automate auditing and evidence collection for compliance certifications such as PCI-DSS and ISO 27001.
- Implement a shift-left security strategy by integrating security controls and scanning tools into CI/CD pipelines (e.g. SAST, DAST, container image scanning).
- Design and implement threat detection, prevention, and response mechanisms (e.g. IDS, runtime security).
- Collaborate closely with the IT team to secure and automate internal systems, endpoints, and services.
- Establish and enforce Kubernetes security policies (e.g. RBAC, network policies, Pod Security Standards).
- Provide security guidance to development teams and help enforce secure coding and deployment practices.
What We're Looking For
- BSc degree in Computer Science, Cybersecurity, or a related field.
- 8+ years of experience in DevOps, Security Engineering, or DevSecOps.
- Deep expertise in Cloud security (AWS, Azure, or GCP).
- Deep expertise in Infrastructure as Code (e.g. Terraform, Ansible) and related security tooling (e.g. trivy, Checkov).
- Deep expertise in CI/CD security practices and tools.
- Deep expertise in Identity and access management (IAM).
- Proficiency with scripting (e.g. Python, Bash) for automation tasks.
- Strong experience with Compliance frameworks (PCI-DSS, ISO 27001).
- Strong experience with Security monitoring, alerting, and SIEM tools.
- Excellent knowledge of English language (both verbal & written).
- Strong problem-solving skills and analytical thinking.
- Team player, self-motivated, constantly seeking new knowledge.
- Fulfilled military obligations.
Nice to Have
- MSc degree in Computer Science, Cybersecurity, or a related field.
- Certifications such as CISSP, GCPN, or CKS.
- Experience with Zero Trust architecture and endpoint security.
- Knowledge of container security platforms and tools (e.g. Aqua, Prisma Cloud, Sysdig, Falco).
- Experience participating in or leading incident response efforts.
Technical Stack
- Cloud: AWS, Azure, GCP
- Infrastructure as Code: Terraform, Ansible
- Security Tooling: trivy, Checkov
- Orchestration: Kubernetes
- Scripting: Python, Bash
- Security Practices: SAST, DAST, SIEM
Team & Environment
You will lead a security team supporting cloud services, including DevSecOps engineers and cloud security architects, and report directly to the CTO.
Benefits & Compensation
- Fully remote work setup
- Competitive salary
- Inclusive work environment & Well-being Program
- A clear induction program & a mentoring buddy
- Private health insurance allowance
- Unlimited time off
Work Mode
This is a fully remote position open to global candidates.
EXUS is an equal opportunity employer.
