Security Engineer

Experience : 36 Years

Role Overview : We are looking for a Security Engineer ( Cloud, Application & Compliance) who will own and strengthen the organization's overall security posture across cloud infrastructure, networks,

web applications, APIs, and compliance frameworks. This role is ideal for someone who

understands how modern SaaS systems operate in production, can design security into every

layer, and has hands-on experience with regulatory and compliance standards such as PCI-DSS,

ISO 27001, GDPR, and SOC 2.

You will work closely with DevOps, Backend, and Leadership teams to ensure that security is

embedded into design, development, deployment, and operations.

Key Responsibilities :

Cloud & Infrastructure Security (Primary)

Design and implement security controls for cloud environments (GCP/AWS/Azure).

Secure VPCs, IAM, firewalls, load balancers, and private networking.

Implement secrets management, encryption at rest & in transit, and key management

(KMS/Vault).

Monitor cloud environments for misconfigurations and vulnerabilities.

Perform regular risk assessments and threat modeling.

Application & API Security

Secure Web Applications and REST APIs against OWASP Top 10 threats.

Implement authentication & authorization (OAuth2, OIDC, SSO, MFA).

Review code and architectures for security weaknesses.

Support secure CI/CD pipelines with SAST, DAST, and dependency scanning.

Work with engineering teams to fix vulnerabilities and improve secure coding practices.

Network Security

Design secure network architectures (VPCs, subnets, firewalls, IDS/IPS).

Manage perimeter security, WAF, DDoS protection, and traffic monitoring.

Ensure secure connectivity between services and environments.

Compliance & Governance

Own and maintain compliance efforts for:

PCI-DSS

ISO 27001

GDPR

SOC 2

Prepare documentation, policies, and procedures for audits.

Lead internal and external security audits and VAPT activities.

Implement security awareness and best practices across the organization.

Monitoring, Incident Response & Operations

Set up logging, monitoring, and alerting for security events.

Investigate incidents and lead root cause analysis.

Develop and maintain incident response playbooks.

Required Skills : Must-Have-

Strong hands-on experience in Cloud Security & Infrastructure Security

Deep understanding of Web App & API Security

Experience with PCI-DSS, ISO 27001, GDPR, SOC 2 compliance

Knowledge of IAM, encryption, key management, secrets management

Familiarity with OWASP Top 10 and secure SDLC

Experience with vulnerability scanning, VAPT, and security tooling

Understanding of networking fundamentals (VPC, firewalls, routing, DNS)

Good-to-Have

Experience with GCP/AWS security services

DevSecOps experience (SAST, DAST, container security, CI/CD security)

Knowledge of Kubernetes security

Experience with SIEM tools and WAF

Background working with SaaS production systems

Ideal Candidate

36 years of experience in Security / Cloud Security / DevSecOps

Comfortable owning organization-wide security posture

Strong audit & compliance mindset

Hands-on, proactive, and detail-oriented

Excellent problem-solving and risk analysis skills

• Passion for building secure, compliant, and scalable systems