Cloud Security в IT — рынок СНГ и Европы

Медиана Cloud Security Engineer — $7980/мес по данным Zorky CRM (37 активных вакансий — растущий premium-сегмент за счёт cloud adoption mainstream + multi-cloud reality). Premium-сегмент за счёт rare-skill combination (cloud expertise + security expertise + DevOps skills). Senior с production CSPM/CNAPP deployment (Wiz / Prisma Cloud / Lacework / Orca) + multi-cloud governance — $7500-11000. Senior в банках РФ + Russian cloud providers — $7000-11000. Аутсорсеры (EPAM Cloud Security Practice / Luxoft) — $8000-12000 Senior на US enterprise. CSPM/CNAPP vendor companies (Wiz + Prisma Cloud Palo Alto + Lacework + Orca Security + Sysdig + Aqua Security + Snyk Cloud + Tenable Cloud Security) — full-remote $10000-16000+ Senior. Cloud-native security companies (HashiCorp Vault + Cloudflare Zero Trust + Zscaler) — $9500-15000+ Senior. Big Tech Cloud Security (AWS Security / GCP Security / Azure Security / Apple Cloud Security / Meta Production Engineering Security) — $14000-22000+ Senior + RSU. Премиум-доплаты: AWS Security Specialty (SCS-C02) + Azure SC-100 / AZ-500 + GCP Professional Cloud Security Engineer +10-20% каждая, CCSP (ISC²) +10-15%, CCSK (Cloud Security Alliance) +5-10%.

Junior — typical entry: 1) Cloud Engineer Middle + interest в security (cloud expertise уже есть, нужны security techniques), 2) Security Engineer Middle + interest в cloud-specific deep, 3) DevSecOps Middle + cloud focus. Скачок Junior → Middle — после первого CSPM tool deployment (Wiz / Prisma Cloud / native AWS Security Hub) + первого multi-account IAM remediation initiative. Middle → Senior — multi-cloud governance + landing zone security architecture + CNAPP tooling mastery + compliance frameworks automation (FedRAMP / SOC 2 / ISO 27001 cloud-specific evidence). Senior → Cloud Security Architect — org-wide cloud security strategy + multi-cloud Zero Trust + executive advisory. Career-flow: Cloud Engineer Senior (3-5 лет) + interest → Cloud Security Engineer Junior (1-2 года) → Middle (2-3 года) → Senior → либо Cloud Security Architect, либо CNAPP/CSPM tooling specialist (Wiz CSE / Prisma Cloud expert), либо CISO Cloud track, либо переход в native cloud-provider security team (AWS / GCP / Azure — premium tier).

Москва Senior Cloud Security Engineer — $7000-10500/мес (банки доминируют — Сбер.Tech / Тинькофф / ВТБ / Газпромбанк / Альфа / Райффайзен / МКБ + Russian cloud providers — Yandex.Cloud Security + VK Cloud Security + SberCloud Security + МТС Cloud Security; Russian security vendors — Лаборатория Касперского Container Security + Positive Technologies Cloud Security + BI.ZONE Cloud Security; Яндекс internal security; Ozon / VK / Wildberries / X5 Group / МТС Cloud Security teams). СПб $6500-10000. Минск/Киев $6000-9500 Senior. Польша €7500-12000 gross Senior. Германия €85-130K/год Senior. 70.0% — удалёнка. Аутсорсеры (EPAM Cloud Security Practice / Luxoft Cloud / Andersen / DataArt Cloud Security) — почти всегда remote, $8000-12000 Senior на US-проектах. CSPM/CNAPP vendor companies (Wiz — премиум 2026 + Prisma Cloud + Lacework + Orca + Sysdig + Snyk Cloud + Tenable Cloud Security) — full-remote $10000-16000+ Senior. Cloud-native security: HashiCorp (Vault leader + Boundary), Cloudflare (Zero Trust + Cloudflare One), Zscaler. Big Tech Cloud Security (AWS Security / GCP Security team / Azure Security / Apple Cloud Security / Meta Production Engineering Security) — $14000-22000+ Senior + RSU. Премиум для multi-cloud certs (AWS Security Specialty + Azure SC-100 + GCP Professional Cloud Security combination) — $11000-17000+ Senior.

Топ-5: azure, go, aws, rust, k8s. One cloud platform deeply + basics двух других. AWS Security mastery: GuardDuty + Security Hub + Macie + Inspector + Detective + Config + IAM Access Analyzer + KMS + Secrets Manager + WAF + Shield + Network Firewall + VPC Flow Logs + Security Lake (2024+ — security data lake). AWS Security Specialty (SCS-C02) cert. GCP Security mastery: Security Command Center (SCC Enterprise — flagship) + Cloud Armor (WAF + DDoS) + Cloud DLP + Cloud KMS + Secret Manager + Cloud Identity + Web Risk + Chronicle (Google's SIEM — premium). GCP Professional Cloud Security Engineer cert. Azure Security mastery: Defender for Cloud (CSPM + CWPP integrated) + Sentinel (cloud-native SIEM) + Key Vault + Front Door WAF + Microsoft Defender for Endpoint + Microsoft Purview (DLP + data governance). Azure SC-100 (Cybersecurity Architect Expert) + AZ-500 (Security Engineer Associate). Russian cloud security: Yandex.Cloud Security Center + VK Cloud Security + SberCloud Security + МТС Cloud Security. CSPM mastery: Wiz (leader 2026 — premium pricing, agentless architecture — must знать для frontier-cloud-security roles) + Prisma Cloud (Palo Alto enterprise) + Lacework + Orca Security (agentless Wiz competitor) + Sysdig Secure + Aqua Cloud Security + Check Point CloudGuard + Tenable Cloud Security (Ermetic — CIEM-strong) + Datadog Cloud Security Management + Zscaler Posture Control. Open-source: Prowler (AWS leader — must для AWS shops) + Cloud Custodian (multi-cloud policy engine) + ScoutSuite + CloudSploit + Steampipe (SQL queries cloud resources). CIEM: Wiz CIEM + Tenable Cloud Security (Ermetic — CIEM leader) + SailPoint + Saviynt + CyberArk Secure Cloud Access. Pacu (offensive AWS exploitation). CNAPP: Wiz (defined category) + Prisma Cloud + CrowdStrike Falcon Cloud Security + Lacework + Orca + Sysdig + SentinelOne Cloud Security + Aqua CNAPP. DSPM rising 2024+: BigID (leader) + Cyera + Symmetry Systems + Sentra + Securiti. Container / K8s security: Falco runtime + Cilium Tetragon + Tracee + Trivy/Grype/Snyk Container image scanning + OPA Gatekeeper / Kyverno admission controllers + Sigstore cosign image signing + Kubescape (CNCF K8s posture) + kube-bench (CIS) + kube-hunter (pentesting). Serverless security: Snyk Function Scanning + Lambda least-privilege + dependency security. IaC scanning: Checkov (best для Terraform/CFN) + tfsec + KICS + Terrascan + Snyk IaC. Cloud secrets: HashiCorp Vault (industry standard) + cloud-native (Secrets Manager/Parameter Store + Secret Manager + Key Vault) + Doppler/Akeyless/1Password Secrets Automation + External Secrets Operator для K8s. Cloud encryption: KMS envelope encryption + HSM (CloudHSM/Cloud HSM/Dedicated HSM) + BYOK/HYOK. Cloud-native SIEM/detection: AWS Security Lake + Detective / Google Chronicle / Azure Sentinel / Datadog Security / Sumo Logic Cloud SIEM. Compliance frameworks: SOC 2 + ISO 27001 + PCI-DSS + HIPAA + FedRAMP + GDPR + 152-ФЗ + 187-ФЗ + CIS AWS/Azure/GCP Benchmarks. Languages: Python primary + Terraform IaC security + bash + PowerShell + Go bonus.

Cloud Engineer — focus на cloud infrastructure provisioning + cost optimization + multi-account governance. Не security-specific. См. Cloud Engineer. Зарплаты $4500-9000. DevSecOps Engineer — focus на security в CI/CD pipelines + IaC security + container runtime + supply chain. Infrastructure-side. См. DevSecOps. Зарплаты $5500-10000. Security Engineer (general) — broad coverage всех security-domains. См. Security Engineer (general). Зарплаты $4500-9500. Cloud Security Engineer (эта страница) — focus на cloud-specific security: AWS/GCP/Azure native services + CSPM/CIEM/CNAPP + cloud compliance + cloud-specific IAM mastery + multi-account governance + cloud encryption. Sweet spot premium-сегмент за счёт hybrid skills. Зарплаты $5500-10500. Reality 2026 (overlap heatmap): Cloud Security ↔ Cloud Engineer: 60% (both deep в одной cloud, но focus different). Cloud Security ↔ DevSecOps: 50% (overlap в container security + IaC + supply chain). Cloud Security ↔ Security Engineer general: 40% (Cloud Security deep на cloud domain, Security Engineer breadth). Career-pivots: Cloud Engineer Senior → Cloud Security Junior — 4-8 месяцев (need to add security techniques + CSPM tools + IAM mastery + compliance frameworks). Security Engineer Middle → Cloud Security — 4-8 месяцев (need cloud-deep). DevSecOps Senior → Cloud Security — 2-4 месяца (much overlap). Reality 2026: рынок Cloud Security растёт быстрее чем общий security за счёт continued cloud adoption (89% companies use 2+ clouds per Flexera) + multi-cloud governance pain + regulatory pressure (FedRAMP / SOC 2 / CIS Benchmarks).

Decision tree для CSPM/CNAPP choice 2026: 1) Wiz (leader 2026 — defined CNAPP category) — premium pricing ($200-500K+/year typical), best UX, agentless architecture (no installation на workloads — uses cloud APIs для scanning), unified CSPM + CIEM + CWPP + DSPM. Use case: enterprises с budget + multi-cloud + want best-in-class. Won most recent gartner MQ 2024. 2) Prisma Cloud (Palo Alto Networks) — enterprise comprehensive — Twistlock + RedLock + PureSec acquisitions consolidated. Strengths: deep container/K8s security (Twistlock heritage), broad coverage. Weaknesses: heavier deployment, complex pricing. Use case: existing Palo Alto Networks customer + want unified platform. 3) Lacework — behavior-based detection (Polygraph data platform) + multi-cloud. Strengths: anomaly detection без custom rules. Weaknesses: less mature UI чем Wiz. Use case: mid-market + want behavior-driven detection. 4) Orca Security — agentless competitor Wiz (similar architecture — uses cloud APIs). Strengths: side-scanning patented technology — no agents, less performance impact. Cheaper чем Wiz typically. Use case: similar to Wiz but budget-constrained. 5) Sysdig Secure — runtime-focused (eBPF-based) + container-strong. Strengths: deep runtime security (Falco heritage — Sysdig invented Falco), best для container-heavy workloads. Weaknesses: less broad CSPM coverage. Use case: Kubernetes-heavy + want runtime security depth. 6) Aqua Cloud Security — container-first vendor (Trivy creators) + CNAPP. Strengths: container security depth + open-source heritage (Trivy widely used). Use case: container-mature shops + want vendor stewarding open-source. 7) CrowdStrike Falcon Cloud Security — extension от EDR leader CrowdStrike. Strengths: integrated с EDR + Falcon platform. Use case: existing CrowdStrike customer wanting cloud security extension. 8) Snyk Cloud — extension от SCA/SAST leader Snyk. Strengths: developer-friendly + IDE integration. Use case: existing Snyk customer wanting cloud security. 9) Cloud-native (free / cheap): AWS Security Hub + GuardDuty + Macie + IAM Access Analyzer + Config / GCP Security Command Center / Azure Defender for Cloud + Sentinel. Use case: budget-constrained + ok с vendor lock + small cloud footprint. 10) Open-source CSPM: Prowler (AWS — leader, used by Wiz themselves для AWS scanning), Cloud Custodian (multi-cloud policy engine), ScoutSuite, CloudSploit, Steampipe (SQL queries для cloud resources). Use case: budget-zero + technical team able to operate. Default 2026 рекомендации: Enterprise + multi-cloud + budget ok → Wiz или Prisma Cloud. Container-heavy → Sysdig Secure или Aqua. Existing CrowdStrike/Snyk customer → Falcon Cloud Security / Snyk Cloud extension. Budget-constrained → cloud-native + Prowler / Cloud Custodian open-source. Best UX agentless → Wiz или Orca. Russian market (post-AWS/GCP departure) → cloud-provider-native (Yandex.Cloud Security Center / SberCloud Security / VK Cloud Security) + Russian security vendors (Касперский Container Security / PT Cloud Security / BI.ZONE).

Да, 70.0% Cloud Security Engineer-вакансий — full-remote или гибрид. Cloud Security work fully cloud-based (вся работа via consoles + dashboards + SaaS tools). Аутсорсеры (EPAM Cloud Security Practice / Luxoft / Andersen / DataArt Cloud Security) — почти всегда remote на US-проектах. Российские банки (Сбер / Тинькофф / ВТБ / Альфа) — гибрид/офис за счёт regulatory + cloud-data sovereignty mandate. Russian cloud providers (Yandex.Cloud / SberCloud / VK Cloud / МТС Cloud Security teams) — гибрид или remote после security background-check. Russian security vendors (Касперский / PT / BI.ZONE) — гибрид. Госкомпании — гибрид/офис обязательный за счёт air-gapped + clearances. CSPM/CNAPP vendor companies (Wiz / Prisma Cloud / Lacework / Orca / Sysdig / Aqua / Snyk Cloud) — full-remote standard, премиум сегмент для русскоязычных Senior с английским. Cloud-native security (HashiCorp / Cloudflare / Zscaler) — full-remote. Big Tech Cloud Security (AWS Security team / GCP Security / Azure Security / Apple Cloud / Meta Production Engineering Security) — гибрид-standard. Релокант-хабы: Польша (Cloud Security-friendly EU) / Германия (Berlin + Munich) / Канада / Сербия / ОАЭ. Английский для international Cloud Security-remote — must (vendor docs Wiz / Prisma / Snyk + community + conferences fwd.cloudsec / RSA / Black Hat — англоязычные).

Senior Cloud Security Engineer — hands-on owner cloud security implementations. Day-to-day: tune CSPM tool policies (Wiz / Prisma Cloud rules), respond к security findings, IAM remediation, vulnerability triage, automation (Python для cloud security scripts), compliance evidence collection. Programming-moderate. Cloud Security Architect — designs org-wide cloud security strategy + multi-cloud Zero Trust architecture + landing zone security patterns + compliance framework selection. Day-to-day: ADRs writing для cloud security decisions, design reviews для product team cloud security proposals, multi-cloud governance strategy, executive advisory к CISO / CTO, vendor evaluations (Wiz vs Prisma vs Orca decision), budget defense. Programming меньше. Career path: Senior Cloud Security Engineer (4-6 лет) → Cloud Security Architect → Principal Cloud Security Architect / Distinguished / CISO Cloud track. Зарплаты Architect — $10000-15000 (~25-40% выше Senior). CSPM/CNAPP Engineer specialist (sub-specialty) — deep expertise в один CSPM tool deeply (Wiz CSE — Certified Security Engineer / Prisma Cloud Certified Engineer / Lacework). Часто работает в vendor companies или premium consultancies (PwC Cloud Security / Deloitte Cloud Security). Зарплаты сопоставимы с Senior Cloud Security + премиум на vendor cert. AWS / GCP / Azure Security Engineer (cloud-specific specialist) — deep expertise в одной cloud's security services natively (not generalized cloud security). Часто внутри cloud-provider team (AWS Security / GCP Security / Azure Security) или в companies single-cloud heavy. Career-выбор: Senior Engineer if hands-on интересен, Architect if strategy + cross-team, CSPM specialist if tooling deep, Single-cloud specialist if want premium tier в native cloud-provider team.

В топе: Сбер.Tech, Wiz, Яндекс.Cloud. Российские банки (крупнейший channel за счёт regulatory + cloud-data sovereignty mandate): Сбер.Tech, Тинькофф, ВТБ, Газпромбанк, Альфа-Банк, Райффайзен, МКБ. Russian cloud providers (own cloud security teams): Yandex.Cloud Security (Yandex Cloud Security Center development), VK Cloud Security, SberCloud Security, МТС Cloud Security. Russian security vendors (Cloud Security products): Лаборатория Касперского Container Security + Kaspersky Hybrid Cloud Security, Positive Technologies Cloud Security (PT Cloud), BI.ZONE Cloud Security, InfoWatch ARMA Cloud. Яндекс (internal security + Yandex Cloud security engineering). Ozon / VK / Wildberries / X5 Group / МТС / Авито Cloud Security teams. JetBrains (Cloud Security для JetBrains Cloud IDE + AI Assistant infra). Госкомпании: Ростелеком Solar / Газпром / Роснефть / Атомэнергопроект. Аутсорсеры с Cloud Security Practice: EPAM Cloud Security Practice (крупнейший в СНГ для US AWS/GCP/Azure Security projects), Luxoft Cloud Security, Andersen Cloud, DataArt Cloud Security, Itransition. CSPM/CNAPP vendor companies (full-remote премиум 2026): Wiz (leader — premium tier), Prisma Cloud (Palo Alto Networks), Lacework, Orca Security (agentless), Sysdig (container-strong), Aqua Security (Trivy creators), Check Point CloudGuard, Tenable Cloud Security (Ermetic — CIEM leader), Datadog Cloud Security, Zscaler (Zero Trust + cloud security), CrowdStrike Falcon Cloud Security, SentinelOne Cloud Security, Snyk Cloud. Cloud-native security: HashiCorp (Vault leader + Boundary), Cloudflare (Zero Trust + Cloudflare One), Akamai Cloud Security. DSPM rising 2024+ vendors: BigID / Cyera / Symmetry Systems / Sentra / Securiti. Y Combinator cloud security startups — премиум remote. Big Tech Cloud Security (топ-tier salary): AWS Security (largest cloud security team) / GCP Security / Azure Security / Apple Cloud Security / Meta Production Engineering Security — $14000-22000+ Senior + RSU.

Roadmap: 1) Cloud fundamentals solid — pick один cloud deeply (AWS / GCP / Azure) и пройти Foundation cert (AWS Cloud Practitioner / GCP Cloud Digital Leader / Azure Fundamentals AZ-900). 2) Cloud Engineer base — Associate-level cert (AWS SA Associate / GCP Associate Cloud Engineer / Azure AZ-104). IAM mastery + VPC design + cloud-native services overview. 3) Security fundamentals — OWASP Top 10 + CIA Triad + cryptography basics + network protocols (TCP / TLS / VPN). 4) Security+ cert (CompTIA — foundation). 5) Cloud Security-specific cert: AWS Security Specialty (SCS-C02) — must для AWS Security track (premium cert + recognized industry-wide). Или Azure SC-100 (Cybersecurity Architect Expert) + AZ-500 (Security Engineer). Или GCP Professional Cloud Security Engineer. 6) IaC mastery: Terraform + cloud-native IaC (AWS CDK / Azure Bicep). Hands-on с Checkov / tfsec для IaC security scanning. 7) Open-source CSPM hands-on: Prowler (AWS — must) + Cloud Custodian + ScoutSuite. Run на own AWS Free Tier account. Understand misconfiguration patterns. 8) Container security: Falco runtime + Trivy image scanning + OPA Gatekeeper или Kyverno admission. Set up на own K8s cluster (kind / k3s). 9) HashiCorp Vault deep: industry standard for secrets management. Setup self-hosted Vault + integration с K8s (External Secrets Operator). 10) Cloud-native SIEM hands-on: AWS Security Lake setup или GCP Chronicle или Azure Sentinel. Build basic detection rules. 11) CSPM/CNAPP vendor tools (если budget или employer-provided): try Wiz / Prisma Cloud / Snyk Cloud trial / Lacework demos. Understand reporting outputs. 12) Compliance frameworks deep: CIS AWS Benchmarks / CIS Azure / CIS GCP — automate compliance checks (Prowler уже implements CIS). FedRAMP / SOC 2 / ISO 27001 cloud-specific requirements. 13) Premium certs path: CCSP (Certified Cloud Security Professional — ISC²) или CCSK (Certificate of Cloud Security Knowledge — Cloud Security Alliance) — premium Cloud Security certs. Multi-cloud trio: AWS Security Specialty + Azure SC-100 + GCP Professional Cloud Security — premium-tier resume signal. 14) Pet-проект portfolio: a) full Cloud Security architecture для AWS account (multi-account governance + Control Tower + Security Hub + GuardDuty + custom Prowler rules); b) Wiz / Prisma Cloud demo deployment (use trial); c) K8s security setup (Falco + Kyverno policies + Sigstore signing). Document на GitHub + blog post. Курсы РФ: BI.ZONE Cybersecurity Academy (cloud security track), Positive Technologies Education, Otus «Cloud Security», SkillFactory Cloud Security. International (eng): SANS courses (SEC540 Cloud Security & DevOps Automation — premium expensive but best), «Practical DevSecOps» courses, A Cloud Guru / Cloud Academy Security tracks, AWS Skill Builder Security learning paths. Books-must: «Cloud Native Security» Liz Rice, «Container Security» Liz Rice, «Practical Cloud Security» Chris Dotson, «AWS Security Cookbook» Heartin Kanikathottu. Communities: fwd:cloudsec conference (annual cloud security gathering), Cloud Security Alliance (CSA — community + research), r/AWS, r/cybersecurity, Telegram @cloud_security_ru, @cybersec_jobs. Cloud Engineer Middle + interest → Cloud Security Junior — 4-8 месяцев.

37 активных открытых Cloud Security Engineer-вакансий — растущий segment за счёт cloud adoption mainstream + multi-cloud reality + regulatory pressure (FedRAMP / SOC 2 / CIS Benchmarks). География: 🇵🇱 Польша, EN, 🇺🇦 Украина. Источники: hh.ru (особенно банки + Russian cloud providers + Russian security vendors active), Habr Career, getmatch, Djinni, LinkedIn (огромный международный Cloud Security сегмент через Wiz / Prisma Cloud / Lacework / Orca / Sysdig / Snyk / Big Tech Cloud Security), NoFluffJobs / JustJoin.it (Польша cloud-friendly), Telegram (@cloud_security_ru, @cybersec_jobs, @security_ru, @devops_jobs (overlap)), карьерные сайты EPAM Cloud Security Practice / Luxoft / Andersen / DataArt, специализированные борды (cybersecjobs.com, infosec-jobs.com, cloud-careers.com, cloudnativejobs.com), Y Combinator cloud security startups, CSPM/CNAPP vendor careers (wiz.io / panw.com / lacework.com / orca.security / sysdig.com / aquasec.com / snyk.com), Russian cloud provider careers (yandex.com/cloud / sbercloud.ru / vk.com/cloud), Russian security vendor careers (kaspersky.com / ptsecurity.com / bi.zone), fwd:cloudsec conference hiring, Cloud Security Alliance (CSA) community job board. Реальный рынок шире за счёт международного remote-сегмента (CSPM/CNAPP vendors — full-remote-friendly) + Big Tech Cloud Security teams (AWS Security largest + GCP Security + Azure Security teams). Время закрытия Senior Cloud Security Engineer — 6-12 недель (longer чем general DevOps за счёт rare-skill combination — cloud expertise + security expertise + multi-cloud сертификации).

Senior Cloud Security Engineer владеет полным циклом cloud security + multi-cloud governance + technical leadership. One cloud Pro-level Security cert: AWS Security Specialty (SCS-C02) или Azure SC-100 / AZ-500 или GCP Professional Cloud Security Engineer — на real production scale. Multi-cloud basics: знание других двух clouds на Associate level minimum. IAM mastery deep: multi-account least-privilege design + automation (AWS Organizations SCPs + GCP Organization Policy + Azure Management Groups), service-to-service IAM patterns (IRSA для EKS / Workload Identity для GKE / Managed Identity для Azure), privileged access management (PAM tools — CyberArk / BeyondTrust / HashiCorp Boundary), JIT (Just-In-Time) access patterns. CSPM tooling mastery: один из Wiz / Prisma Cloud / Lacework / Orca / Sysdig deeply — custom policy authoring, finding triage workflows, remediation automation, multi-account onboarding strategy. Native cloud security services mastery: AWS Security Hub + GuardDuty + Macie + Inspector + Config + IAM Access Analyzer advanced (custom detectors, automated remediation) или GCP Security Command Center advanced или Azure Defender for Cloud advanced. Cloud-native SIEM: AWS Security Lake + Detective или Google Chronicle или Azure Sentinel — custom detection rules, multi-cloud log aggregation. Container / K8s security mastery: Falco custom rules + Kyverno / OPA Gatekeeper policy advanced + Sigstore cosign signing workflows + Kubescape posture management + multi-cluster security strategies. IaC security mastery: Checkov custom checks development, Terraform security patterns, cloud-native IaC security (AWS CDK + Azure Bicep security). Cloud encryption mastery: KMS envelope encryption patterns advanced, HSM integration (CloudHSM / Dedicated HSM), BYOK / HYOK for compliance, key rotation automation. Secrets management mastery: HashiCorp Vault advanced (Transit / KV / Database / PKI / cloud-native auth methods), External Secrets Operator для K8s, multi-cloud secrets strategy. Compliance frameworks mastery: SOC 2 + ISO 27001 + PCI-DSS + HIPAA + FedRAMP + GDPR + 152-ФЗ + 187-ФЗ + CIS Benchmarks automation. Design automated evidence collection systems (Drata / Vanta / Secureframe). Threat modeling для cloud: cloud-specific attack vectors (IAM privilege escalation paths, cross-account attacks, lambda exploitation, container escape, supply chain in cloud), MITRE ATT&CK Cloud Matrix. System design для cloud security: design multi-cloud Zero Trust architecture на whiteboard, design landing zone security patterns, design multi-region key management strategy, design Zero Trust Network Access (ZTNA). Programming: Python deep (cloud SDK mastery — boto3 + google-cloud + azure-sdk) для custom security automation, Terraform для IaC, bash + PowerShell. Soft: ADRs writing для cloud security decisions, technical writing (cloud security design docs + audit reports), executive communication (cloud security posture к CISO / CTO / Board), vendor evaluations (Wiz vs Prisma vs Orca decision), mentoring Middle Cloud Security Engineers. Английский для Senior+ MUST — Cloud Security community (fwd:cloudsec / RSA Cloud Security track / CSA) + vendor docs (Wiz / Prisma / Snyk / HashiCorp) полностью англоязычные. Optional bonus: open-source contributions в cloud security tools (Prowler / Cloud Custodian / Falco / OPA / Kyverno) — резко повышают market value для Big Tech Cloud Security + CSPM/CNAPP vendors hiring. Public speaking на fwd:cloudsec / RSA Cloud Security track — премиум для frontier-cloud-security companies.

Данные собраны автоматически из 1000+ источников — Telegram-каналов вакансий и сайтов работы СНГ и Восточной Европы (HH, Habr Career, Djinni, DOU, NoFluffJobs, JustJoin.it, Pracuj.pl и других). Парсинг работает круглосуточно, дубликаты фильтруются по описанию и URL, аномальные значения зарплат отсекаются. Подробная методология — на странице «Как работает».