Head of Security

Summary

Join EXUS, a leading enterprise software company, as their new Head of Security! This fully remote role reports to the CTO and focuses on DevSecOps practices for their Financial Suite (EFS), used by risk professionals globally. You will lead the cloud security strategy, manage a security team, and collaborate with various departments to ensure secure service delivery. The position requires implementing and monitoring security benchmarks, automating compliance processes, and integrating security controls into CI/CD pipelines. You will also design threat detection mechanisms and provide security guidance to development teams. EXUS offers a competitive salary, a remote work setup, and various benefits.

Requirements

• BSc degree in Computer Science, Cybersecurity, or a related field (MSc degree is a plus)
• 8+ years of experience in DevOps, Security Engineering, or DevSecOps
• Deep expertise in: Cloud security (AWS, Azure, or GCP)
• Infrastructure as Code (e.g. Terraform, Ansible) and related security tooling (e.g. trivy, Checkov)
• CI/CD security practices and tools
• Identity and access management (IAM)
• Proficiency with scripting (e.g. Python, Bash) for automation tasks
• Strong experience with: Compliance frameworks (PCI-DSS, ISO 27001)
• Security monitoring, alerting, and SIEM tools
• Excellent knowledge of English language (both verbal & written)
• Strong problem-solving skills and analytical thinking
• Team player, self-motivated, constantly seeking new knowledge
• Fulfilled military obligations

Responsibilities

• Lead Cloud Security Strategy for Managed Services
• Lead a security team supporting cloud services, including DevSecOps engineers and cloud security architects
• Collaborate with cloud operations, DevOps, compliance, and client success teams to ensure secure delivery of managed services
• Secure cloud and on-premises infrastructure, containerized workloads, and Kubernetes clusters
• Implement and monitor compliance with industry security benchmarks (e.g. CIS, NIST)
• Automate auditing and evidence collection for compliance certifications such as PCI-DSS and ISO 27001
• Implement a shift-left security strategy by integrating security controls and scanning tools into CI/CD pipelines (e.g. SAST, DAST, container image scanning)
• Design and implement threat detection, prevention, and response mechanisms (e.g. IDS, runtime security)
• Collaborate closely with the IT team to secure and automate internal systems, endpoints, and services
• Establish and enforce Kubernetes security policies (e.g. RBAC, network policies, Pod Security Standards)
• Provide security guidance to development teams and help enforce secure coding and deployment practices

Preferred Qualifications

• Certifications such as CISSP, GCPN, or CKS
• Experience with Zero Trust architecture and endpoint security
• Knowledge of container security platforms and tools (e.g. Aqua, Prisma Cloud, Sysdig, Falco)
• Experience participating in or leading incident response efforts

Benefits

• Fully remote work setup
• Competitive salary
• Inclusive work environment & Well-being Program
• A clear induction program & a mentoring buddy to help you
• Private health insurance allowance
• Unlimited time off