Cloud Security Engineer

Position: Cloud & Security Engineer

Location: Pune

Experience: minimum 4 years

Compensation: As per market standards

Report to: Lead AI Engineer

Start: Within 6 weeks

Language: Fluent English — non-negotiable

Job Overview:

We are seeking an experienced Cloud & Security Engineer to design, implement, and manage a secure, scalable, and enterprise-grade cloud infrastructure for a multi-tenant AI SaaS platform. The role is critical in ensuring customer data isolation, regulatory compliance, cloud security, and certification readiness before onboarding enterprise customers operating in regulated industries.

The successful candidate will be responsible for building production-ready Azure infrastructure, implementing robust security controls, supporting compliance initiatives, and ensuring secure deployment of AI-powered applications.

Roles & Responsibilities:

Cloud infrastructure

•    Azure production deployment — containerisation (Docker, Kubernetes), CI/CD pipelines

•    Multi-tenant SaaS architecture — data isolation patterns, tenant onboarding, dedicated vs shared tenancy

•    Secrets management — Azure Key Vault or equivalent

•    Minimum 4 years in cloud infrastructure or security engineering in production

Security engineering

•    2FA, RBAC, SSO, session management, audit logging — production implementation

•    ISO 27001 — implementation or audit experience. Certification path knowledge essential.

•    GDPR and UK GDPR — practical implementation, not awareness

•    Penetration testing coordination — commissioning, managing findings, verifying remediation

AI & Pipeline Knowledge - Required

•    Understanding of how LLM API calls, vector database queries, and blob storage interact in a production cloud environment

•    Ability to secure AI application infrastructure — API key management, call logging, prompt injection awareness

•    Experience securing systems that process sensitive proprietary documents at scale

•    Familiarity with LLM provider data processing agreements and what they mean for customer data isolation

What you will own -

•    Azure deployment architecture — containerised, scalable, production-ready infrastructure for a multi-tenant SaaS platform

•    Multi-tenant data isolation — every customer in a fully dedicated environment. No shared databases, no shared vector storage, no shared blob storage, no possibility of cross-customer data exposure

•    Authentication — 2FA mandatory, four-level RBAC, SSO with Azure AD, Okta, Google Workspace

•    Encryption — TLS 1.3 in transit, AES-256 at rest across all layers

•    Data residency — UK, EU, US regions. No transfer outside customer's chosen region without explicit consent

•    Audit logging — every login, file view, and download logged with timestamp, user identity, and IP

•    Penetration testing — third-party OWASP testing, vulnerability management, remediation tracking

•    ISO 27001 — gap analysis, remediation, and certification path to commercial launch

•    GDPR and UK GDPR — data processing agreements, right to erasure, breach notification

•    SOC 2 Type II — preparation and audit coordination

8th June 2026

CT Automotive India