Head of Security Engineering (AWS/KMS)

Keyrock

Financial Services

Roma - Italien

Manager / Team Leader

Experteer Overview

In this role you drive the security engineering program at Keyrock, shaping secure-by-design cloud foundations and developer-friendly guardrails for a high-availability trading platform. You will lead a security-focused team and partner across engineering to embed security into the SDLC and automation. The role combines hands-on security work with technology leadership in AWS, cryptography, and key management. You will champion scalable security patterns that protect critical crypto trading infrastructure while enabling rapid, safe delivery. This is an opportunity to build durable security capabilities for a fast-growing, globally distributed fintech business.

Responsibilities

Lead and grow a security engineering team across cloud, platform, and application security, setting roadmaps and measurable outcomes.
Define and enforce secure-by-default patterns and automation-first guardrails.
Own AWS cloud security architecture including landing zones, multi-account strategy, network segmentation, IAM design, and logging baselines.
Develop and promote infrastructure-as-code and policy-as-code for preventative controls.
Manage the enterprise encryption program in AWS, with KMS policy design, rotation, and governance.
Define safe grant usage patterns and cross-account access designs; manage key lifecycle and recovery considerations.
Design cross-account access patterns aligned to Keyrock's cloud operating model.
Embed security in the SDLC through threat modeling, secure coding guidance, and build-release gates.
Partner with Platform Engineering to harden runtimes (containers, CI/CD, secrets management, service-to-service auth).
Collaborate with Security Operations to ensure high-signal detections, incident readiness, and secure configurations.

Key requirements

8+ years in security engineering (cloud, platform, and/or product security) with 3+ years in leadership
Expert AWS security experience in production environments (multi-account, high availability)
Deep AWS KMS expertise: policies, grants, rotation, cross-account usage
Strong knowledge of IAM and least-privilege access controls in cloud environments
Proven ability to build security automation (IaC, CI/CD integration, policy enforcement, developer enablement)
Clear written communication skills for standards, runbooks, and executive influence

strong communication leadership influence across senior engineers and executives AWS security architecture (multi-account, landing zones, logging)AWS KMS key management and governance Identity and access management in cloud environments

Description

In this role you drive the security engineering program at Keyrock, shaping secure-by-design cloud foundations and developer-friendly guardr…

Weltweit über 1 Mio. Spitzenpositionen mit Gehaltsbenchmark
Lassen Sie sich diskret von Headhuntern finden und kontaktieren
Exklusiv für Senior Professionals und Executives

Bereits Mitglied?

Experteer Gehaltsbenchmark: