Title: Technical Lead-Cloud & Infra Engg

Description:

Area(s) of responsibility

Job Description – Security Engineer / DevSecOps Engineer

Core Security Expertise

Secure SDLC: Implement and embed security practices across all phases of the software development lifecycle—from design through deployment.
Threat Modeling: Use frameworks such as STRIDE, DREAD, or PASTA to proactively identify and mitigate architectural and implementation risks.
Vulnerability Management: Conduct vulnerability assessments using tools like Nessus, Qualys, or OpenVAS and deliver actionable remediation plans.
Application Security: Strong understanding of OWASP Top 10 risks and hands‑on experience with SAST, DAST, IAST, and RASP tools.
Identity & Access Management: Implement IAM principles such as least privilege, RBAC/ABAC, SSO, and MFA.

Development & Automation

Programming/Scripting: Proficiency in Python, Bash, Go, or JavaScript.
CI/CD Security: Secure and harden pipeline tools including Jenkins, GitHub Actions, GitLab CI, and Azure DevOps. Integrate automated security testing into CI/CD workflows.
Infrastructure‑as‑Code Security: Experience with Terraform, CloudFormation, and Ansible. Familiarity with security scanners such as Checkov, tfsec, Terrascan, and Policy‑as‑Code (OPA/Conftest).
Container & Orchestration Security: Practical experience securing Docker, Kubernetes, and Helm ecosystems. Exposure to Trivy, Anchore, Falco, and Kyverno.

Cloud & Platform Security

Cloud Security: Strong understanding of AWS, Azure, or GCP security components (IAM, VPC, KMS, WAF, Secrets Manager). Experience with CSPM or CWPP tools.
Secrets Management: Hands‑on experience with Vault, AWS Secrets Manager, SOPS, or equivalent secret‑management solutions.

Monitoring, Detection & Incident Response

Security Monitoring & SIEM: Experience using Splunk, ELK, Sentinel, Panther, or Datadog for anomaly detection and alert triage.
Incident Response & Forensics: Ability to analyze logs, investigate breaches, respond to incidents, and implement long‑term mitigation.

Governance, Risk & Compliance

Knowledge of frameworks like NIST, ISO 27001, CIS Benchmarks, SOC 2, and PCI‑DSS.

Collaboration & Communication

Ability to work cross‑functionally with developers, operations teams, and business stakeholders to drive a security‑first culture.
Strong documentation and communication skills.

Nice to Have

Experience with Semarchy xDM or Semarchy deployment workflows—beneficial for teams leveraging Semarchy as part of their application deployment lifecycle. (The platform is used in deployment processes across certain projects, making familiarity a plus.)

Apply now »

Provider	Description	Enabled
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions