Principal Consultant - Lead Cloud Security Engineer Management Plane (L2/L3 SME)

Ready to build the future with AI
At Genpact, we don't just keep up with technology-we set the pace. AI and digital innovation are redefining industries, and we're leading the charge. Genpact's AI Gigafactory, our industry-first accelerator, is an example of how we're scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to agentic AI, our breakthrough solutions tackle companies most complex challenges.
If you thrive in a fast-moving, innovation-driven environment, love building and deploying cutting-edge AI solutions, and want to push the boundaries of what's possible, this is your moment.
Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions - we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation, our teams implement data, technology, and AI to create tomorrow, today. Get to know us at genpact.com and on LinkedIn, X, YouTube, and Facebook.Inviting applications for the role of Principal Consultant - Lead Cloud Security Engineer - Management Plane (L2/L3 SME)

Responsibilities
Cloud Security Platform Operations
.Operate and maintain Microsoft Defender for Cloud in accordance with Client policies.
.Monitor cloud security posture and remediate configuration issues as directed.
.Administer Defender for Cloud Apps to monitor SaaS application security controls.
.Maintain Azure native security controls within defined scope.
Access Governance & Least Privilege Enforcement
.Perform periodic permissions reviews for cloud subscriptions and SaaS applications.
.Implement custom RBAC roles as directed by approved design.
.Administer Privileged Identity Management (PIM) workflows.
.Monitor privileged access assignments and enforce approval policies.
.Support remediation of excessive permissions identified through reviews.
SaaS Security Operations
.Monitor SaaS application access and security posture via Defender for Cloud Apps.
.Support implementation of access control and session control mechanisms where applicable.
.Investigate cloud application access anomalies and escalate when necessary.
Vulnerability & Exposure Coordination (Operational Scope)
.Support vulnerability scanning coordination where cloud assets are in scope.
.Assist in remediation tracking and validation of security posture findings.
.Coordinate with infrastructure or application teams for remediation closure.
E. Service Request & Change Management
.Fulfill cloud security-related service requests within SLA.
.Execute approved configuration changes following Client change control processes.
.Validate changes post-implementation and document testing evidence.
.Coordinate changes with IAM, Network, and Data Security teams where dependencies exist.
Incident & Problem Management
.Participate in cloud security incident investigations.
.Provide technical inputs for RCA documentation.
.Support restoration procedures during cloud security control disruptions.
.Identify recurring misconfiguration patterns and propose corrective actions via formal channels.
Audit, Logging & Compliance Support
.Maintain sufficient operational artifacts to support audit requirements.
.Support requests for information/evidence for compliance certifications.
.Ensure relevant cloud security logs are available for SIEM ingestion where directed.
.Maintain updated SOPs and configuration documentation.
.Provide inputs for monthly service performance reporting.
Explicit Role Boundaries
.This role does not own cloud architecture design or cloud migration strategy.
.Infrastructure-as-Code engineering and DevSecOps transformation ownership are out of scope.
.Strategic cloud security framework decisions remain with Client governance.

Qualifications we seek in you!
Minimum Qualifications
.Bachelor's degree in Computer Science, Information Security, or equivalent experience.
.Preferred certifications:
.Microsoft Azure Security Engineer (AZ-500)
.CISSP (preferred but not mandatory)
.Experience in regulated enterprise environments preferred.

Preferred Qualifications/ Skills
.Good years of exp on enterprise security engineering experience.
.Strong hands-on operational expertise in:
.Microsoft Defender for Cloud
.Microsoft Defender for Cloud Apps (CASB)
.Azure native security controls
.Privileged Identity Management (PIM)
.Azure RBAC configuration and governance
.Experience performing:
.Cloud permissions reviews
.Access monitoring and entitlement validation
.Least-privilege enforcement
.SaaS security configuration monitoring
.Familiarity with vulnerability management concepts (Qualys integration awareness).
.Experience supporting regulated enterprise environments.
.Strong understanding of formal Change Management processes.
.Familiarity with log forwarding and SIEM ingestion (operational level).

Why join Genpact
.Lead AI-first transformation - Build and scale AI solutions that redefine industries
.Make an impact - Drive change for global enterprises and solve business challenges that matter
.Accelerate your career-Gain hands-on experience, world-class training, mentorship, and AI certifications to advance your skills
.Grow with the best - Learn from top engineers, data scientists, and AI experts in a dynamic, fast-moving workplace
.Committed to ethical AI - Work in an environment where governance, transparency, and security are at the core of everything we build
.Thrive in a values-driven culture - Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress
Come join the 140,000+ coders, tech shapers, and growth makers at Genpact and take your career in the only direction that matters: Up.
Let's build tomorrow together.Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation.
Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a %27starter kit,%27 paying to apply, or purchasing equipment or training.