Cloud Security Engineer

Job Title: Cloud Security Engineer

Location: Bangalore

Department: Technology

Reports to: Head of Cloud Infra

TookiTaki, the global leader building the Trust Layer for Financial Services, is strengthening its cloud security foundation as we scale our AI-driven AML and fraud-detection platforms across global banks and fintechs. We are looking for a Cloud Security Engineer who blends deep cloud expertise with uncompromising security standards — someone who can design, harden, and defend the cloud environments that power our mission. If secure, resilient, and scalable infrastructure is your playground, welcome home.

Roles & Responsibilities

1. Cloud Security Architecture

• Design and implement secure cloud architectures across AWS
• Ensure systems meet enterprise-grade security, availability, and performance requirements.
• Drive secure-by-default principles across deployments, services, and automation pipelines.

2. Security Hardening & Compliance

• Own and maintain PCI-DSS–aligned cloud security controls.
• Lead infrastructure hardening across compute, data, storage, network, and IAM.
• Implement end-to-end compliance guardrails, auditing, and continuous monitoring.
• Drive patching, vulnerability management, and threat exposure reduction.

3. Threat Detection & Incident Response

• Develop runtime threat detection and alerting frameworks (SIEM/SOAR, IDS, CSPM).
• Conduct compromise assessments and respond to potential breaches with speed and clarity.
• Act as the primary escalation point for security incidents and lead root cause analysis.
• Continuously enhance detection logic using emerging threats from the AFC ecosystem.

4. Security Automation & DevSecOps

• Integrate security tooling into CI/CD workflows (SAST, SCA, DAST, secrets scanning).
• Automate policies using IaC (Terraform/CloudFormation) and policy-as-code frameworks.
• Build automated remediation playbooks to reduce manual intervention.

5. Identity, Access & Secrets Management

• Implement and govern IAM standards across cloud environments.
• Build least-privilege, zero-trust access frameworks.
• Maintain secure secrets management via Vault, KMS, or similar tooling.

6. Disaster Recovery & Business Continuity

• Lead DR planning and execution with clear RTO/RPO targets.

OKRs

• Achieve 99.9% secure and compliant uptime for all cloud infrastructure.
• Reduce high-risk vulnerabilities by 90% within the first 6 months.
• Implement full Cloud Security Monitoring & Alerting within 90 days.
• Shift-left security across CI/CD pipelines with 100% automated checks.
• Reduce mean time to detect (MTTD) and mean time to respond (MTTR) for security incidents by 50%.

Requirements

Education:

• Required: Bachelor's degree in Computer Science, Engineering, Cybersecurity, or equivalent.
• Preferred: Master's degree in Cybersecurity or Cloud Security.

Experience:

• 5–7 years in cloud engineering or cloud security roles.
• Proven hands-on experience securing cloud platforms AWS at scale.
• Experience in regulated or compliance-heavy environments (fintech, banking, regtech) preferred.

Technical Expertise:

• Strong understanding of cloud security frameworks (CIS, NIST, PCI-DSS).
• Expertise with IaC tools: Terraform, CloudFormation.
• Hands-on experience with Kubernetes security (EKS).
• Ability to detect, triage and prevent network-level vulnerabilities and misconfigurations in the cloud infrastructure.
• Hands-on with container security (Docker, Kubernetes, EKS/GKE).
• Experience with cloud-native security tools (GuardDuty, Security Hub, GCP SCC, Prisma, Wiz, etc.).
• Strong knowledge of monitoring & logging stacks (ELK, Prometheus, Grafana).
• Proficiency in Python, Go, or Java for security automation.