Senior risk management engineer

En Clidrive buscamos un/a Senior DevSecOps Engineer con experiencia real en entornos cloud y seguridad, capaz de integrar la seguridad dentro del ciclo de desarrollo y asegurar nuestros sistemas en producción.

Buscamos a alguien con mentalidad práctica, que entienda cómo funcionan los sistemas de verdad y sea capaz de detectar, prevenir y automatizar riesgos de seguridad sin frenar el negocio.

Qué buscamos Una persona con experiencia sólida en AWS y Terraform , capaz de:

  • Pensar en seguridad desde el diseño, no solo como auditoría final.
  • Tener experiencia real en infraestructura cloud (AWS).
  • Automatizar controles de seguridad en pipelines.
  • Entender el equilibrio entre seguridad vs velocidad de desarrollo.
Contexto técnico

Nuestra infraestructura actual en AWS incluye:

  • ECS Cluster sobre EC2 (no Fargate) con Auto Scaling Group (ASG).
  • 2 Application Load Balancers:
Uno público (internet-facing).

Uno interno (service-to-service).

  • Infraestructura como código con Terraform.
  • CI/CD completo: GitHub Actions -> ECR -> ECS.
  • Secrets con AWS Secrets Manager.
  • Certificados SSL con ACM.
  • Observabilidad básica con CloudWatch.
Qué harás
  • Gestionar y evolucionar la infraestructura en AWS con Terraform como fuente de verdad.
  • Escalar y optimizar servicios en ECS (EC2): CPU, memoria, autoscaling, deployments.
  • Diseñar y añadir nuevos servicios al cluster (ALB, routing, etc.).
  • Mejorar la fiabilidad, resiliencia y seguridad del sistema.
  • Optimizar pipelines de CI/CD, incluyendo controles de seguridad.
  • Gestionar networking en AWS (VPC, subnets, security groups).
  • Definir políticas de acceso seguras (IAM, roles, least privilege).
  • Gestionar correctamente secrets, credenciales y rotación.
  • Detectar vulnerabilidades y riesgos en infraestructura y servicios.
  • Mejorar la observabilidad (logs, métricas, alertas útiles).
  • Monitorizar eventos relevantes de seguridad y acceso.
  • Proponer mejoras de arquitectura con foco en escalabilidad y seguridad.
Requisitos indispensables
  • Experiencia sólida con AWS ECS (EC2 launch type) en producción.
  • Experiencia con Terraform (módulos, estado, buenas prácticas).
  • Experiencia con Docker (build, optimización básica, ECR).
  • Conocimiento de networking en AWS (VPC, subnets, security groups, Route 53).
  • Experiencia con CI/CD (GitHub Actions o similar).
  • Experiencia en troubleshooting de sistemas en producción.
  • Conocimiento de CloudWatch (logs, métricas, alertas).
Conocimientos de seguridad
  • Gestión de accesos en AWS (IAM, roles, políticas).
  • Buenas prácticas de seguridad en cloud (principio de mínimo privilegio).
  • Manejo seguro de secrets y credenciales.
  • Configuración segura de redes (SGs, exposición pública, etc.).
  • Conocimiento básico de vulnerabilidades en contenedores e imágenes.
Nice to have
  • Experiencia integrando seguridad en pipelines (SAST, dependency scanning, etc.).
  • Experiencia con auditoría o hardening de infra.
  • Conocimiento de compliance (ISO 27001, SOC2).
  • Experiencia en arquitecturas event-driven.
  • Optimización de costes en AWS.
  • Experiencia en entorno startup.
Qué ofrecemos
  • 100% remoto y flexibilidad real.
  • Infraestructura en producción con impacto directo en negocio.
  • Margen para mejorar y tomar decisiones técnicas.
  • Rol donde la seguridad no es burocracia, sino parte del producto
Back to blog

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...