About NopalCyber
NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense.
AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time.
Our service packages are tailored to client needs and budgets, with external threat analysis provided at no cost - democratizing access to enterprise-grade cybersecurity for all.
Role Purpose
The Associate vCISO is a technical consulting lead responsible for translating security strategy into actionable solutions across client environments. This role combines architecture-level expertise, hands-on security knowledge, and client advisory, with the ability to engage across cloud, application, and enterprise security domains.
The role also acts as an embedded SME layer, driving architecture assessments, solution design, and implementation alignment without heavy dependency on separate specialist teams.
Key OutcomesWithin the first 6 months, the Associate will:
- Deliver architecture and security assessments across cloud, applications, and infrastructure.
- Drive implementation of security controls aligned to modern architectures (microservices, cloud-native)
- Act as technical advisor to client engineering and infrastructure teams.
- Improve security posture across key domains (cloud, IAM, AppSec, network)
Reduce dependency on external SMEs for standard engagements.
Requirements
Key Responsibilities- Perform security architecture reviews across cloud, on-prem, and hybrid environments
- Assess and secure modern application architectures, including microservices and APIs
- Provide hands-on advisory for cloud security (AWS/Azure/GCP), including configurations and posture improvements
- Drive implementation and validation of security controls across infrastructure, applications, and identity layers
- Work closely with engineering, DevOps, and infrastructure teams to embed security into design and deployment
- Identify security gaps, misconfigurations, and architectural risks, and define remediation approaches
- Support secure design patterns for IAM, network segmentation, data protection, and workload security
- Act as a technical escalation point for complex security issues, incidents, and design decisions
- Guide clients on tool selection, integration, and optimization across security domains
- Coordinate and, where required, directly contribute to areas such as AppSec, IAM, cloud security, and SOC improvements
- Reduce reliance on external SMEs by providing cross-domain expertise for common use cases
- Support client engagements including solution discussions, technical workshops, and advisory sessions.
- Translate technical findings into clear, actionable recommendations for stakeholders
- Collaborate with vCISO and Analysts to ensure alignment between strategy, execution, and technical implementation
Qualifications & Experience
Education
- Bachelor's degree in engineering, IT, or related field
Preferred Certifications
- AWS / Azure Security Certifications (Associate or Specialty)
- CISSP / CCSP / CISM (preferred)
- Kubernetes / Container Security certifications (good to have)
Professional Experience
- 5–10 years in cybersecurity with strong technical depth
- Experience in cloud security, application security, or security architecture roles
- Background in consulting, MSSP, or multi-client environments preferred
- Hands-on experience with modern architectures (cloud-native, microservices, APIs)
Core Skills & Technical Expertise
- Cloud security (AWS / Azure / GCP)
- Application security (SAST, DAST, API security)
- Microservices and container security (Docker, Kubernetes)
- IAM and Zero Trust architectures
- Network security (segmentation, firewalls, WAF)
- Security architecture design and reviews
- DevSecOps and CI/CD security integration
- Vulnerability management and remediation strategies
Personal Attributes
- Ability to engage with technical and engineering teams
- Strong problem-solving capability
- Ability to translate security requirements into implementable solutions
- Experience conducting technical workshops and advisory sessions
- Strong technical ownership and hands-on mindset
- Ability to operate across multiple domains without silos
- Structured and solution-oriented thinking
- Comfortable in client-facing and advisory roles
- Ability to balance depth with speed in delivery
