Platform Security Engineer a venture between Thales and Google

Thales is a global technology leader trusted by governments institutions and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of defence and security aerospace and space cybersecurity and digital identity were driven by a mission to build a future we can all trust.

In Romania we are advancing innovation through software engineering research and development delivering solutions in key markets in which Thales Group operates. Our engineers design develop and integrate solutions that impact global industries from fully operational systems and subsystems for naval warfare and maritime security operations to air traffic management systems satellite-based solutions tactical indoor simulations identity and biometric technologies and more.

Bucharest - Hybrid (3 office / 2 remote) Occasional travel to Paris
Start: ASAP English-speaking team

In most jobs security is bolted on.
In this one you design what after looks like before theres an after.

THE PROJECT

A trusted sovereign Google Cloud region - operated end-to-end from within Europe by the joint venture between Thales and Google Cloud.

Same Google Cloud power you know (GKE compute data Vertex AI).
European jurisdiction. European operators. Thales-grade cybersecurity.

In the last 6 months alone the platform:
Achieved a world-first regulatory qualification - IaaS CaaS PaaS in a single decision
Named 2026 Google Cloud Partner of the Year - Sovereign Cloud
Runs 3 data centres 10000 devices H100 GPU clusters in production

Your job: design how every credential every key every identity flows through the platform - at regulator-grade.

WHAT YOULL OWN

Operate HashiCorp Vault as a platform-wide secrets service
Maintain Identity Providers (Keycloak Workspace) and access control
Design credential management for humans and machines
Drive encryption & key management (KMS HSM rotation BYOK/HYOK)
Secure communication patterns - TLS certificates trust boundaries mTLS
Bake security-by-design into every deployment
Lead hardening & compliance - audit evidence regulator-facing docs

WHAT WERE LOOKING FOR

Must-have:
7 years in Security / DevSecOps / Platform Security
Strong hands-on with HashiCorp Vault (or equivalent enterprise secrets management)
Solid IAM / Identity Providers (Keycloak Workspace)
Hands-on KMS / encryption key management - design and ops
Cloud security best practices Linux fundamentals
Network security (TLS proxies segmentation)
Experience in high-security or regulated environments

Nice to have:
Kubernetes secrets patterns (ESO sealed-secrets CSI driver)
Terraform / IaC
SIEM exposure (ELK)
Sovereign cloud experience

WHY THIS ROLE IS DIFFERENT

Identity and secrets ARE the security perimeter of a sovereign cloud.
One leaked key one misconfigured IDP - and the regulatory posture collapses.
You design the patterns that prevent that. Greenfield real stakes real ownership.

WHAT YOU GET

Competitive package standard Thales benefits (private medical meal vouchers sport). Real ownership in a Bucharest team protecting European critical infrastructure.

SOUND LIKE YOU

If youve operated Vault at scale designed KMS rotation strategies in anger and treat security-by-design as a real engineering discipline - lets talk.

#LI-AB3

At Thales were committed to fostering a workplace where respect trust collaboration and passion drive everything we do. Here youll feel empowered to bring your best self thrive in a supportive culture and love the work you do. Join us and be part of a team reimagining technology to create solutions that truly make a difference for a safer greener and more inclusive world.