Cloud Security Engineer

Location MoscavideLisbonPortugal
Type Other
Seniority Mid-Level
Posted Mar 16, 2026
Apply Now

Richemont seeks a Cloud Security Engineer in Moscavide, Portugal to lead cloud security architecture, IAM and detection for its luxury maisons.

Overview

Richemont is a leading Swiss luxury goods group that manages a portfolio of prestigious maisons across jewellery, watches, leather goods and writing instruments. Renowned for craftsmanship and creative excellence, the group combines heritage savoir‑faire with an expanding global digital and retail footprint. Richemont offers an international, multidisciplinary environment where technology and information security are integral to protecting brands, customers and operations.

Role & Responsibilities

  • Design, implement and maintain cloud security architecture and controls across public cloud environments (IaaS/PaaS/SaaS).
  • Define and enforce secure Infrastructure-as-Code practices and automate security guardrails using tools such as Terraform and CloudFormation.
  • Implement and manage identity and access management solutions, including federation (SAML/OIDC), privileged access and directory integrations (Azure AD/Okta).
  • Conduct threat modelling, cloud vulnerability assessments and secure design reviews for new services and platform changes.
  • Develop and operate detection and response capabilities in the cloud, integrating signals into SIEM and monitoring stacks (e.g., Splunk, Elastic).
  • Operate secrets management and key lifecycle solutions (e.g., HashiCorp Vault, cloud KMS) and enforce encryption best practices.
  • Create security automation, runbooks and CI/CD pipeline integrations to shift security left and improve time-to-remediation.
  • Collaborate with platform, DevOps and application teams to embed security controls, compliance frameworks and secure deployment patterns.
  • Drive compliance mapping against relevant standards and perform technical implementation to meet audit and regulatory requirements.

Qualifications

  • Bachelor’s degree in Computer Science, Information Security, Engineering or equivalent practical experience.
  • Professional experience designing and operating security controls in one or more public cloud providers (AWS, Azure, GCP).
  • Proven experience with Infrastructure-as-Code (Terraform, CloudFormation) and container orchestration technologies (Kubernetes, Docker).
  • Strong scripting or programming ability (Python, Bash) to automate security tasks and integrations.
  • Familiarity with identity federation, IAM best practices and protocols (SAML, OAuth2, OIDC); experience with Azure AD or Okta.
  • Knowledge of logging, monitoring and SIEM solutions (Splunk, Elastic Stack) and cloud-native detection tooling.
  • Relevant security certifications (CISSP, CCSP, AWS/Azure/GCP security certifications) preferred.

Skills

AWS Azure GCP Terraform CloudFormation Kubernetes Docker HashiCorp Vault Azure AD Okta SAML OAuth2 OIDC Python Bash Splunk Elastic Stack SIEM

Experience

Approximately 4–6 years of professional experience in information security or cloud engineering, with at least 2 years focused on cloud security design, implementation and operations.

Education

Bachelor’s degree in Computer Science, Information Security, Computer Engineering or equivalent professional experience.

Culture

Richemont cultivates a culture that blends artisanal heritage with forward‑looking innovation. Teams operate in a collaborative, cross‑disciplinary environment where technical excellence, attention to detail and discretion are highly valued. The organisation supports global mobility and cross‑brand collaboration while maintaining high standards of quality and integrity.