Cloud Security Subject Matter Expert – Cloud-Native Security

Embrace the future of cybersecurity — lead innovation with cloud-native expertise!

Krakow-based opportunity with hybrid work model (up to 3 remote days per week).

As a Cloud Security Subject Matter Expert – Cloud-Native Security, you will be working for our client, a global leader in cybersecurity within the banking industry. You will play a pivotal role in supporting HSBC’s Cloud-Native Application Protection Platform (CNAPP), enhancing cloud and container security, and embedding best practices across banking operations. This is an excellent chance to drive digital transformation and strengthen security frameworks on a global scale.

Your main responsibilities:

• Lead requirement gathering and analysis by collaborating with stakeholders to capture and document functional and non-functional needs.
• Serve as the cloud and container security SME, providing expert guidance on security controls and architecture.
• Define and prioritize epics within agile sprints, outlining goals and dependencies with clear technical details.
• Coordinate with CNAPP engineering and broader teams to ensure traceability from requirements to finished features.
• Conduct workshops, demos, and validations to align stakeholder expectations and approve design solutions.
• Map integrations and APIs between CNAPP components and HSBC systems, including data lakes and reporting tools.
• Stay updated on regulatory frameworks and best practices, ensuring compliance and optimal security posture.

You're ideal for this role if you have:

• 5+ years’ experience as a cloud security SME, particularly in cloud projects, security, and compliance platforms (SaaS/on-premise).
• Hands-on knowledge of vulnerability scanning, cloud security posture management (CSPM), configuration baselines, and compliance.
• Proven experience with agile methodologies, writing epics, features, and user stories.
• Familiarity with data engineering platforms such as Databricks (preferred).
• Strong stakeholder management, facilitation, and communication skills.
• Experience with API integrations, microservices, Kubernetes, cloud services (AWS, GCP), and DevOps processes.

It is a strong plus if you have:

• Knowledge of regulatory standards such as PCI-DSS, CIS benchmarks.
• Relevant certifications (e.g., AWS, GCP, other cloud or security certifications).

Language Required for the role:

• Fluent English (both written and verbal).

Eligibility for the role:

• Only candidates with an existing legal right to work in the European Union will be considered for this role.

#MAKEYourCareerBETTER

Interested? Apply now and include your CV (preferably in English) along with a statement confirming your consent to the processing and storage of your personal data.