Job Description
This role is for one of Zepcruit's clients.
About the Role:
We are seeking a hands-on Senior Information Security Engineer to embed security into our engineering DNA. You will be pivotal in protecting our global, multi-cloud SaaS platform by designing robust security controls, integrating security into CI/CD pipelines, and leading incident response. This is a foundational role for a builder who thrives at the intersection of security, cloud, and development.
Key Responsibilities:
Design and implement cloud-native security controls across AWS, Azure, and GCP.
Integrate SAST, DAST, and SCA tools into CI/CD pipelines and secure Infrastructure-as-Code (Terraform, Kubernetes).
Manage CSPM (e.g., Prisma Cloud, Wiz), SIEM, and other security platforms.
Lead security monitoring, incident response, VAPT activities, and root-cause analysis.
Partner with engineering teams on threat modeling, secure design, and remediation.
Support compliance with frameworks like SOC2, ISO 27001, and GDPR.
Mandatory Requirements (Must Have):
5+ years of hands-on InfoSec experience with a cloud security focus (AWS, Azure, GCP).
Proven Experience In a B2B SaaS Product Company.
Strong hands-on expertise with: CSPM tools, Kubernetes/container security, CI/CD security integration (Snyk, GitHub Advanced Security), and Application Security Testing (SAST, DAST, SCA).
Experience securing infrastructure using Terraform, CloudFormation, and Docker/K8s.
Practical experience in security operations: monitoring, IR, RCA, and managing VAPT.
Working knowledge of ISO 27001, NIST, CIS and exposure to SOC2/GDPR/HIPAA.
Ideal Candidate:
You are a proactive engineer with a security-first ownership mindset.
You excel at communicating technical risks in clear business language.
You enjoy solving real-world problems close to the code and systems.
