Senior Cloud Security Engineer

1GLOBAL is a technology-driven global mobile communications provider dedicated to empowering enterprises worldwide to unlock the full growth potential of mobile connectivity. With a best-in-class telecom technology platform, a comprehensive suite of globally viable regulatory licenses, and privileged access to the telecom wholesale market, 1GLOBAL is uniquely positioned to deliver seamless compliance and connectivity solutions. Serving the world's leading banks, corporations, and digital-first businesses—including neo-banks, travel companies, and payment service providers—1GLOBAL connects over 43 million devices globally.

With 2024 full-year revenue exceeding US$100 million, 1GLOBAL is a profitable business generating significant cash flows to fund its ongoing investments in infrastructure, transformation, and growth. 2024 saw major client wins and marked 1GLOBAL's evolution from a multi-market telecommunication provider to a global technology-driven mobile connectivity powerhouse.

Established in 2022 by experienced tech founders and entrepreneurs Hakan Koç and Pyrros Koussios, 1GLOBAL is a European technology leader driving digital transformation in the global telecommunications market. It operates as a fully regulated Mobile Virtual Network Operator ("MVNO") in nine countries and as a regulated telecommunications operator in an additional 31 countries. Headquartered in the Netherlands, with world-class R&D hubs in Lisbon, Berlin, and São Paulo, 1GLOBAL employs over 400 experts across 13 countries.

Position Overview

We are looking for a talented Senior DevSecOps / Cloud Security Engineer to join our Technology Department, with a focus on strengthening and automating our security posture across cloud and hybrid infrastructure.

We are open to hiring this role in Lisbon, Portugal, or São Paulo, Brazil.

As a DevSecOps / Cloud Security Engineer, you will be responsible for embedding security into every stage of our infrastructure lifecycle, from design to deployment. You will lead the implementation of cloud-native security controls in AWS, harden Kubernetes environments, and drive best practices across CI/CD pipelines. Your role includes continuous vulnerability management, network protection, monitoring for threats, and working with development, DevOps and IP teams to ensure secure-by-default practices. You'll also proactively identify risks, secure network perimeters, and automate remediation wherever possible.

A new hire in Sao Paulo would spend their first week in Lisbon/Berlin for onboarding.

Key responsibilities

• Design and implement scalable cloud security controls in AWS multi-account environments
• Lead Kubernetes security architecture, including PodSecurity, RBAC, and network policies
• Enforce zero trust network architecture and secure segmentation across cloud and hybrid environments
• Integrate security automation into CI/CD pipelines (image scanning, SAST, IaC analysis)
• Deploy and manage CrowdStrike, Tenable, and similar endpoint and vulnerability management tools
• Continuously monitor infrastructure for vulnerabilities, threats, and misconfigurations
• Enforce least privilege IAM policies and secure secrets management
• Conduct regular audits, penetration testing, and hardening of cloud workloads and host systems
• Conduct network traffic inspection using tools like VPC Flow Logs, packet capture, or NetFlow
• Collaborate with DevOps and IP teams on security-as-code principles
• Maintain compliance with internal policies and external standards (e.g. CIS, NIST, ISO 27001)
• Tune and respond to alerts from WAF, IDS/IPS, and SIEM systems
• Document security controls, incident response playbooks, and operational runbooks
• Champion a security-first culture through collaboration, training, and awareness

Requirements

• A minimum of 5 years in DevSecOps, Cloud Security, or Infrastructure Security roles
• Strong expertise in AWS security services (IAM, KMS, GuardDuty, Config, Security Hub, etc.)
• In-depth understanding of network security principles (firewalls, routing, segmentation, VPNs, IPsec, etc.)
• Proven hands-on experience with Kubernetes security (RBAC, NetworkPolicies, OPA/Gatekeeper, Admission Controllers)
• Experience operating CrowdStrike Falcon and Tenable Nessus / Tenable.io
• Experience with WAFs, DDoS protection, NIDS/NIPS, and threat intelligence integrations
• Comfortable with packet inspection, flow analysis, and traffic monitoring (tcpdump, Wireshark, Suricata, etc.)
• Proficiency in Infrastructure as Code (Terraform, Terragrunt) and configuration management (Ansible, Packer)
• Strong scripting/programming skills (Python, Go, or Bash) for automation and tooling
• Solid understanding of Linux security hardening and secure cloud networking
• Familiarity with service mesh security in Istio or similar
• Experience with GitOps workflows using tools like Argo CD or Flux
• Understanding of vulnerability management, secure software development lifecycle (SSDLC), and security controls for containers
• Exposure to compliance frameworks like ISO 27001, SOC2, NIST, PCI-DSS is a plus
• Excellent analytical and problem-solving skills with a proactive mindset
• Certifications such as AWS Certified Security Specialty, CKS, OSCP, or CISSP is a plus
• Experience with multi-cloud security (Azure/GCP)
• Background in ethical hacking, bug bounty programs, or red teaming
• Familiarity with tools like Falco, Sysdig, Trivy, or eBPF-based runtime security tools

Benefits

• Growth Opportunities: Advance your career in one of the fastest growing telecommunications companies, expanding over 40% year-on-year under the leadership of successful tech entrepreneurs
• Major Transaction Exposure: Be in the driver's seat for transactions that will have an impact on the future telco industry
• Work with a Talented Team: From the Board and the Founders to the Senior Management Team, you will collaborate daily with the most capable and renowned external advisors, and constantly being exposed to talented and driven individuals
• Dynamic Work Environment: Thrive in a collaborative, fast-paced workplace where innovation is encouraged, and every contribution counts
• Professional Development: Work alongside industry experts to enhance your skills and knowledge in a cutting-edge field
• International Experience: Gain opportunities to work in different 1GLOBAL offices around the world as you grow within the company
• Open Communication Culture: Join a team where your ideas are heard, and open dialogue is encouraged, fostering a supportive and transparent work environment
• Get Things Done Attitude: Be part of a results-driven team that values efficiency, creativity, and the drive to make a tangible impact in the industry

1GLOBAL is an equal opportunity employer, we value your character as much as your talent. Diversity drives our innovation, and we offer a collaborative, dynamic, and international work environment. We are excited for you to join our mission to revolutionise connectivity globally.

• Mid-Senior level

• Full-time

• Industries: Non-profit Organizations and Primary and Secondary Education