Sr. Cloud Security Engineer

Job Function Description:

As a Senior Cloud Security Engineer, you will be responsible for designing, implementing, and optimizing security controls across cloud environments. You will work closely with infrastructure, product, and engineering teams to ensure workloads, identities, data, and networks are securely architected, monitored, and maintained. This includes building scalable security automation, enforcing policy-as-code, strengthening identity and access practices, and enabling secure-by-default cloud operations.

Exp: 8+ Years

Location: Hyderabad

NP: Immediate to 60 days

You will be responsible for:

• Cloud Architecture & Design Designing secure-by-default cloud architectures and integrations, ensuring all new infrastructure meets rigorous security standards before deployment.
• Identity & Access Management (IAM) Designing and reviewing cloud IAM strategies by defining roles, least-privilege policies, service accounts, and access boundaries across AWS, Azure, and GCP.
• Cloud Configuration Hardening Locking down storage buckets, network security groups, load balancers, databases, and managed services to prevent accidental exposure and ensure compliance.
• DevSecOps & CI/CD Security Securing the software supply chain by reviewing pipeline permissions, secrets handling, and artifact signing to prevent unauthorized deployments to production.
• Threat Modeling & Risk Assessment Conducting threat modeling sessions with architects to identify structural risks (e.g., compromised roles) and defining security requirements for new features.
• Security Automation & Policy-as-Code AWScentric security automation by developing Terraform guardrails, enforcing Policy-as-Code through OPA/Conftest and AWS Service Control Policies (SCPs), and building AWS-native autoremediation workflows using AWS Config, EventBridge, Lambda, and SSM Automation to ensure continuous compliance and enforcement of cloud security standards.
• Security Monitoring & Alert Triage Managing the intake of alerts from CSPM, SIEM, and cloud-native tools (GuardDuty, Defender, SCC), distinguishing real threats from operational noise.
• Cloud Incident Response Leading investigations into cloud-specific incidents, including compromised credentials, suspicious API calls, crypto-mining activity, or exposed resources.
• Vulnerability Management Running and analyzing scans for cloud workloads (VMs, containers, serverless) and prioritizing remediation based on contextual risk rather than generic CVSS scores.
• Logging & Audit Readiness Ensuring cloud audit logs are enabled, immutable, centralized, and readily available for forensic investigations and compliance audits.
• Cross-Functional Advisory Serving as a subject matter expert for developer, infrastructure, and platform teams, translating complex security requirements into practical, engineering-focused guidance.

Let's talk about your skills/expertise:

• Minimum of 8 years of experience in information security, with a demonstrated focus on Cloud Security Architecture, Engineering, and Posture Management.
• In-depth knowledge of CIS Benchmarks, Cloud Security Alliance (CSA) CCM, and NIST 800-53 as they apply to cloud environments.
• Extensive experience with CSPM and CNAPP tools (e.g., Wiz, Prisma Cloud, AWS Security Hub), including their deployment, tuning, and integration into ticketing workflows.
• Deep expertise in AWS security services (IAM, GuardDuty, KMS, SCPs, WAF) and experience securing Kubernetes (EKS) and serverless architectures.
• Proven experience implementing Infrastructure as Code (IaC) security scans and Policy-as-Code (using Terraform, OPA, or CloudFormation) to enforce security guardrails.
• Knowledge and experience with development and implementation of security controls for AI/ML infrastructure, including securing data pipelines and LLM integrations.
• Experience collaborating with DevOps teams to secure CI/CD pipelines and supply chain workflows (Github Actions, GitLab, Jenkins).
• Strong analytical skills with the ability to conduct cloud forensics and support incident response for complex infrastructure compromises.
• Excellent communication skills, with the ability to translate technical security risks into practical guidance for developers and platform engineers.
• Relevant certifications such as AWS Certified Security Specialty, ISC2 CCSP (Certified Cloud Security Professional), CSA CCSK, or CISSP are highly desirable.