Senior Lead Infosec Engineer

Job Title: Senior Lead Infosec Engineer

Location: Trivandrum

Experience Range: 7+ yrs

Type: Full Time

Department: Information Security

Position Summary

The Senior Lead Infosec Engineer supports the Enterprise Security Architect by applying client's security architecture and controls day to day, with emphasis on network security, Azure cloud security, hardening, and risk-based reviews. This role reviews and decides on network rule and flow requests, cloud workload configurations, baseline exceptions, and integration requests, partnering with IT, engineering, operations, risk, and compliance.

Qualifications Required

• 5+ years in information security, including 2+ years in network security/engineering or hands-on architecture support in mid-to-large enterprises.

• Bachelor's in computer science, Information Security, or related field (or equivalent experience).

• Working knowledge of encryption, authentication/authorization, access control, and network security fundamentals.

• Hands-on experience reviewing/managing firewall rules and access controls in on-prem and cloud environments.

• Practical familiarity with OS, network device, and cloud workload hardening baselines (e.g., CIS).

• Hands-on Azure security experience (workload configuration reviews, RBAC, and platform controls such as Defender for Cloud, Azure Policy, Key Vault).

• Understanding of segmentation and Zero Trust principles.

• Familiarity with SIEM, IDS/IPS, DLP, EDR, and vulnerability management tools.

• Familiarity with NIST CSF/800-53, ISO 27001, CIS, and common regulatory regimes (e.g., GDPR, HIPAA, PCI DSS, NYDFS 500).

• Strong analytical/problem-solving skills with clear risk documentation.

• Strong written/verbal communication skills; ability to work across global teams and time zones

Responsibilities

Network Security

• Review and decide on network rule requests (new/changes/exceptions) for on-prem and cloud; validate business need, least privilege, tight scoping, and alignment to segmentation/Zero Trust; document approve/modify/deny rationale.

• Review proposed network flows for new apps/integrations; confirm required paths only and remove unnecessary connectivity.

• Support firewall/rule recertification; identify stale, unused, overly permissive, shadowed, or duplicate rules; coordinate cleanup and track exceptions/expirations.

• Apply and validate hardening baselines (e.g., CIS) for network devices, operating systems, and supporting infrastructure; drive remediation of deviations with platform/operations teams.

• Support segmentation and Zero Trust initiatives by reviewing segment boundaries, microsegmentation needs, east-west controls, and inter-zone policies.

• Contribute to network telemetry, logging, and inspection designs to improve visibility and control effectiveness.

Risk Assessment and Management

• Support risk assessments of services, applications, and integrations; collect evidence, document findings, and recommend mitigations.

• Assist with proportional threat modeling (e.g., STRIDE) based on data sensitivity and business risk. • Apply least privilege, aggregate risk, and compensating controls when reviewing permissions, integrations, and configuration changes.

Security Tool Evaluation and Integration

• Support security technology evaluations (POCs, vendor comparisons, control coverage mapping). • Support integration of security solutions into infrastructure, pipelines, and workflows.

• Identify alternatives and mitigating controls when primary controls are not feasible.

Azure Cloud Security

• Review Azure workloads against Landing Zone guardrails, security baselines, and CIS benchmarks; partner with owners to remediate deviations.

• Assess Azure RBAC and Entra ID role/permission requests; enforce least privilege and separation of duties.

• Triage and prioritize posture findings (Defender for Cloud, Azure Policy, etc.) and track remediation to closure.

• Review Conditional Access, managed identity usage, and secrets/key management (e.g., Key Vault) for workload access patterns.

• Validate secure-by-default configurations for common Azure services (storage, compute, databases, PaaS, networking) and identify gaps.

• Support Azure telemetry coverage (Sentinel/Log Analytics/diagnostic settings) and validate logging and alerting for critical resources.

Collaboration and Communication

• Partner with IT, engineering, operations, risk, compliance, and regional teams (including UK and MENA) to deliver security initiatives.

• Communicate findings, risks, and recommendations clearly; produce audit-ready documentation. • Serve as a security SME on initiatives, supporting the Enterprise Security Architect and senior architects.