Cloud & Infrastructure Security Engineer

Join our dynamic team at
IC Markets
as a
Cloud & Infrastructure Security Engineer
and help shape the future of FinTech innovation. This full-time, on-site opportunity based in Limassol offers you the chance to make a real impact in a fast-paced and forward-thinking environment. Apply now and take the next step in your career with us

Who We Are:

IC Markets
, a global leader in trading with over 15 years of success, a strong international presence, and a team of skilled professionals, remains at the forefront of financial technology innovation. As an agile company that values growth and collaboration, we offer an exciting opportunity to be part of a dynamic industry where innovation meets excellence.

What You'll Do:

As a
Cloud & Infrastructure Security Engineer
, you will be responsible for the security of cloud platforms, on-premises infrastructure, networks, and endpoints. The role focuses on designing and implementing secure architectures, hardening services, operating security tooling, and running day-to-day detection and response. You will be working closely with Cloud/DevOps, IT Operations, Networking, Application Security, and other technology teams to ensure the environment is secure-by-design, observable, and resilient.

What We're Looking For:

Key Responsibilities

Security Architecture & Design

• Participate in architecture review boards and design discussions for new systems and significant changes.

• Assess technical designs for alignment with security requirements in areas such as network segregation, identity and access management, logging, monitoring, encryption, backup, and disaster recovery.

• Create and maintain security reference architectures and standard patterns for cloud

environments, internet-facing solutions, and internal services.

• Contribute to threat modelling and design risk assessments for new products and infrastructure changes.

Cloud Security

• Secure and harden cloud platforms and services, including identity, storage, network configurations, encryption, and key management.

• Configure and operate cloud security posture management and related cloud security tools, including:

• Policy and control configuration.

• Management of exceptions and risk justifications.

• Preparation of clear dashboards and reports for technology and management stakeholders.

• Collaborate with Cloud/DevOps teams to ensure infrastructure-as-code templates are secure by default and follow agreed security patterns and controls.

• Support security for container platforms and other cloud-native services where in scope.

On-Prem, Endpoint & Identity Security

• Operate and improve endpoint and server protection platforms, data loss prevention tooling, and device management platforms:

• Tune policies and detection use cases.

• Coordinate roll-out to servers, workstations, and mobile devices.

• Track coverage, health, and remediation activities.

• Define, document, and maintain hardening baselines for operating systems, directory services, databases, and network devices, aligned with recognized security benchmarks.

• Support identity and access management by:

• Integrating systems and applications with single sign-on and central identity providers.

• Enforcing multi-factor authentication, conditional access controls, and device-based policies.

• Assisting with privileged access management design and operation.

Network & Perimeter Security

• Manage and tune network and perimeter security controls, including firewalls, application-layer protection, remote access solutions, web proxies and wide area network technologies.

• Implement and refine network segmentation and Zero Trust principles, ensuring clear separation of environments and restricted access to management and critical networks.

• Maintain and improve domain name system security, email authentication records and anti-phishing protection in cooperation with messaging and network teams.

Detection & Incident Response (SecOps)

• Handle day-to-day security alert triage across infrastructure-related sources, including endpoint protection, cloud security platforms, application-layer protection, email security, logging platforms and cloud-native services.

• Tune detection content to reduce false positives and strengthen coverage in areas where threats are observed.

• Lead initial investigation and containment for infrastructure-related incidents:

• Isolate affected systems and devices.Disable or adjust accounts, tokens and keys.

• Disable or adjust accounts, tokens and keys.

• Update network and security controls to block malicious activity.

• Coordinate with application security and other specialists for complex incidents.

• Maintain incident response runbooks and contribute to incident documentation and evidence collection for compliance, audit and regulatory needs.

Logging, SIEM & Observability

• Ensure that critical systems, platforms and services send relevant security logs to a central logging or security monitoring platform.

• Define and maintain log retention standards and access controls in line with policy and regulatory requirements.

• Build and maintain security dashboards and detection content covering:

• Authentication behaviour and anomalies.

• Changes to sensitive roles, groups, policies and configurations.

• Network activity that indicates lateral movement, data exfiltration or other suspicious behaviour.

• Collaborate with operations and reliability teams to align security observability with broader monitoring practices.

Vulnerability & Patch Management

• Run or coordinate vulnerability assessments on infrastructure, networks and platforms in both cloud and on-premises environments.

• Classify and prioritise findings and define service level targets for remediation based on severity and asset criticality.

• Work with system owners and operations teams to plan, track, and verify remediation activities, including configuration changes and patch deployment.

• Feed recurring findings into secure configuration baselines, reference architectures, and infrastructure-as-code templates to reduce repeat issues

Qualifications/Skills/Competencies:

• Education and Certifications:
  Bachelor's degree in Computer Science, Engineering, or a related field.
• AWS certifications such as
  AWS Certified Security – Specialty
  or AWS Certified Solutions Architect – Associate are highly preferred.
• Experience:
  Minimum of 7
  + years in cloud security or infrastructure roles
  , with
  3+ years
  focused on
  AWS security engineering
  .
• Proven experience in designing and managing security for
  .NET Microservices
  in distributed, high-volume environments.
• Strong expertise in cloud network security, application security, and security governance/compliance.
• Technical Expertise:
  Proficiency in key AWS security services, including
  IAM, VPC, Security Hub, GuardDuty, WAF, Shield, KMS, CloudTrail, and Config
  .
• Advanced knowledge of network security concepts, including zero-trust architectures, intrusion detection/prevention, and advanced firewalls.
• Hands-on experience with configuration management tools (e.g., Terraform, CloudFormation) and security automation frameworks.
• In-depth understanding of cloud security best practices, vulnerability management, and threat modeling.

Working Schedule:

Hybrid Model (3 days from the Office, 2 days from home)

Monday to Friday: 09:00 – 17:00

Why Join Us? Experience Rewards Beyond Just a Job Because You Matter.

• Competitive Pay
  – We value
  you
  , not just your role. Our compensation reflects the skills and experience you bring to the table.
• Career Growth
  – Your journey is important. We're here to support your development with ongoing learning and clear paths to advancement.
• Work-Life Balance
  – Time to rest is time to thrive. With 22 days of annual leave, your personal life is respected and prioritized.
• Wellness & Healthcare
  – Health comes first. Enjoy 12 paid sick days and full medical insurance coverage after 6 months—because your well-being is our priority.
• Future Security
  – We're invested in your tomorrow. Access our provident fund after 6 months for peace of mind down the road.
• Snack Hub
  – We care about your daily comfort. Our fully stocked kitchen keeps you energized with fresh fruit, snacks, and beverages.
• Lunch on Us
  – Nourishment and connection matter. Enjoy a delicious daily lunch buffet with teammates.
• Paid Overtime
  – Your extra effort doesn't go unnoticed. We recognize and reward the time you put in.
• Learning & Development
  – We believe in your potential. Dedicated budgets support your upskilling and curiosity.
• Referral Bonus
  – People matter here. Bring in great talent and get rewarded for growing our community.
• Team Spirit
  – Culture is everything. Join a team that celebrates together through events and team-building activities.
• Fitness & Recreation
  – Stay active and refreshed with access to gym facilities, organized sports, and relaxing spa treatments.
• Unwind Fridays
  – We're human too. Enjoy a relaxed Friday drink with colleagues to close the week on a high note.

Our culture is built on empathy, respect, and trust, because at the heart of everything we do is
you
.

Your next big opportunity starts here

• Apply now at and let's build something incredible together
• Thank you for your interest in joining IC Markets. Due to the high volume of applications, only candidates under consideration will be contacted. All applications are handled with the strictest confidentiality.