Cloud and AI Security Engineer (m/k)

Wymagania: - Bachelor’s degree in Information Security, Computer Science, Engineering, or related field, or equivalent practical experience. - 3+ years of experience in security engineering, cloud security, or related engineering roles. - Hands-on experience implementing security controls in at least one major cloud platform (AWS, Azure, or GCP). - Familiarity with cloud security concepts (shared responsibility model, logging/monitoring, identity controls). - Working knowledge of IAM and privileged access concepts; experience supporting IAM/PAM tooling is a plus. - Experience with data protection fundamentals (encryption, key management/KMS, data classification). - Ability to write basic automation scripts (Python/PowerShell/Bash) and work effectively across engineering teams. Mile widziane: - Exposure to AI/ML or GenAI services security controls (e.g., Azure OpenAI, AWS Bedrock, Vertex AI). - Familiarity with CSPM tools and cloud logging/monitoring workflows. - Exposure to Infrastructure-as-Code (Terraform/CloudFormation/ARM) and CI/CD pipelines. - Exposure to containers/Kubernetes security concepts. - Security certifications are a plus (CCSP, AWS/Azure security certs, Security+). O firmie: - Bausch + Lomb (NYSE/TSX: BLCO) is a leading global eye health company dedicated to protecting and enhancing the gift of sight for millions of people around the world—from the moment of birth through every phase of life. Our mission is simple, yet powerful: helping you see better, to live better. - Our comprehensive portfolio of over 400 products is fully integrated and built to serve our customers across the full spectrum of their eye health needs throughout their lives. Our iconic brand is built on the deep trust and loyalty of our customers established over our 170-year history. We have a significant global research, development, manufacturing and commercial footprint of approximately 13,000 employees and a presence in approximately 100 countries , extending our reach to billions of potential customers across the globe. We have long been associated with many of the most significant advances in eye health, and we believe we are well positioned to continue leading the advancement of eye health in the future. Zakres obowiązków: - Cloud Security Implementation & Operations - • Implement and maintain cloud security controls across one primary cloud platform (AWS or Azure or GCP), including identity, network configuration, logging, monitoring, and guardrails. - • Configure and operate cloud security monitoring and posture management tools (e.g., CSPM / workload protection) to identify misconfigurations, vulnerabilities, and risky behavior, and coordinate remediation with engineering teams. - • Support secure configuration of cloud services (e.g., storage, managed databases, PaaS services, serverless) by applying approved security baselines and patterns. - • Assist with secure design reviews for cloud workloads and provide practical implementation guidance to infrastructure and application teams. - AI & Data Security Support - • Implement security controls for AI/ML platforms and GenAI services by applying established requirements for data protection, access controls, and monitoring. - • Support security reviews of AI solutions to reduce common risks (e.g., data exposure, over-permissive access, insecure integrations) and coordinate remediation actions with responsible teams. - • Help protect sensitive data used by AI systems through encryption, key management, data classification, and DLP controls aligned to approved standards. - Identity & Access (IAM) - • Implement and maintain IAM controls in cloud environments, including role-based access, least privilege, and access lifecycle practices. - • Support privileged access management (PAM) operations such as onboarding privileged accounts, enforcing controls, and assisting with audits/recertifications as needed. - • Assist with implementation of authentication and authorization controls (MFA, SSO, OAuth/OIDC/SAML) in partnership with platform teams. - Automation & Continuous Improvement - • Build or enhance automation scripts (Python, PowerShell, Bash) to reduce manual effort in security operations (e.g., checks, reporting, configuration validation). - • Document configurations, runbooks, and standard operating procedures; participate in improving repeatable security processes.