Senior Cloud Security Engineer

Position: Senior Cloud Security Engineer– Bengaluru (Hybrid)

Job Details

We are seeking a Senior Cloud Security Engineer with 6 to 8 years of experience to join our DevSecOps team. In this role, you will be responsible for architecting, implementing, and automating security controls across our cloud-native infrastructure. You will bridge the gap between infrastructure engineering and security, ensuring that our AWS environment—and our broader cloud-agnostic strategy—is resilient against evolving threats.

The ideal candidate has a deep technical background in Kubernetes (K8S), identity systems, and automation, and is prepared to secure next-generation technologies like Agentic AI and RAG-based systems. The person views security as an enabler rather than a gatekeeper, favouring automated policy-as-code over manual checklists.

Key Responsibilities

• Secure Container Orchestration: Hardened K8S/EKS cluster configurations, implementing network policies, admission controllers, and image signing.
• Infrastructure as Code (IaC): Integrate security linting and policy-as-code into CI/CD pipelines and Terraform templates.
• Identity & Access Governance: Lead the design of Identity Federation and Workload Identity to move toward a zero-trust architecture.
• Automated Security & Compliance: Build automated guardrails to detect and remediate configuration drift; manage cloud security posture through tools like Wiz.
• Cryptography & PKI: Manage the full lifecycle of TLS certificates, secrets, and encryption keys, ensuring no manual intervention is required for renewals.
• Incident Response: Serve as a technical lead during security incidents, performing root cause analysis and forensic investigations in containerized environments.
• Monitoring: Build and maintain security dashboards to monitor for drift, unauthorized access, and anomalous behaviour.

Technical Skills

• Cloud & Orchestration: AWS (IAM, VPC, EKS, KMS), Kubernetes, Docker.
• Identity & Access: Okta, OIDC/OAuth2, SAML, RBAC/ABAC, Identity Federation.
• Security Tooling: Wiz, SAST/DAST (Snyk, SonarQube), Secret Management.
• Network & Transit: Protocols (TCP/IP, HTTP/S, gRPC), mTLS, TLS 1.3, VPNs, WAF.
• Automation & DevOps: CI/CD pipelines, GitOps (ArgoCD), Python/Go, Terraform.

Functional & Domain Expertise

• Data Security: Implementation of encryption at rest and in transit using AES-256, RSA, and ECC.
• Endpoint & Perimeter: Securing the Edge through API Gateways and ensuring endpoint protection for cloud-based virtual machines and containers.
• AI Security Posture: Understanding of the OWASP Top 10 for LLMs, specifically regarding Prompt Injection, Data Poisoning in RAG pipelines, and Model Context Protocol (MCP) server security.
• Compliance Frameworks: Experience mapping technical controls to SOC2, ISO 27001, or NIST frameworks.

Experience Requirements

• 6–8 years in a dedicated Security Engineering role within a DevSecOps or Cloud Infrastructure team.
• Proven track record of managing security for production-grade Kubernetes environments.
• Strong understanding of Public PKI and private certificate authority (CA) management.

Preferred Qualifications

• Certifications: AWS Certified Security Specialty, Certified Kubernetes Security Specialist (CKS), or CISSP.
• Experience: 5+ years in a dedicated Security Engineering or DevOps role.
• Mindset: Strong understanding of the Software Development Life Cycle (SDLC) and the Shift Left security philosophy.

Why Join This Team

You will not just be checking boxes. You will be building a secure, automated path for developers to deploy code at scale. From securing Agent-to-Agent (A2A) communication to managing the secrets of 70+ microservices, your work will be at the cutting edge of cloud security.

Note to Candidates: We value a Shift Left mindset. If you prefer building automated security systems over writing manual reports, you will thrive here