Overview

We are seeking a highly skilled Cloud Security Engineer to join our Security team in India. This role is critical in enhancing and maintaining the security posture of our cloud infrastructure and services. You will work closely with engineering, DevOps, and fulfillment teams to embed best security practices into our cloud-native environments. Your primary focus will be on cloud posture management, secure configuration, identity and access management, and cloud-native security controls.

Responsibilities:

• Collaborate with engineering and fulfillment teams to integrate security best practices into cloud applications and infrastructure to reduce risk and ensure security is embedded across the SDLC.
• Review cloud architecture designs (GCP) to identify and mitigate security vulnerabilities and compliance gaps.
• Design, implement, and maintain cloud-native security monitoring tools (e.g., AWS CloudWatch, GuardDuty, Azure Sentinel).
• Define and enforce cloud security guardrails (e.g., disallow public S3 buckets, enforce encryption standards).
• Configure alerts, dashboards, and automated responses to cloud-specific security events.
• Design and manage secure IAM policies, roles, and permission models aligned with least-privilege principles.
• Perform regular audits of IAM roles and service permissions to identify and remove excessive privileges.
• Partner with DevOps teams to help define and support consistent identity practices across all environments.
• Manage GitHub security configurations and enforce secure code collaboration workflows, including GitHub Advanced Security features, branch protection rules, signed commits, codeowners, PR approvals, and dependency scanning.
• Scan Infrastructure-as-Code (e.g., Terraform, CloudFormation) for misconfigurations.
• Review secrets management strategies in CI/CD pipelines and enforce secure handling of credentials.
• Identify, track, and support remediation of vulnerabilities in cloud configurations and applications.
• Coordinate with engineering teams to triage findings and prioritize remediation efforts.
• Integrate cloud scanning tools into pipelines and remediation workflows.
• Deploy and manage container security controls across Kubernetes and Docker environments.
• Scan container images for known vulnerabilities and misconfigurations before deployment.
• Monitor runtime container security and ensure isolation and namespace boundaries.
• Ensure adherence to frameworks such as CIS Benchmarks, NIST, SOC 2, ISO 27001, or GDPR as applicable.
• Continuously evaluate emerging cloud security threats and recommend mitigation strategies.
• Participate in internal and external audits as required.

Qualifications Needed:

• Required
• Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience.
• 4+ years of experience in cloud security, DevSecOps, or infrastructure security.
• Proven hands-on experience with Google Cloud Platform (GCP) is required.
• Strong knowledge of IAM, VPC design, logging/monitoring, encryption, and cloud-native firewalls.
• Experience with Infrastructure-as-Code tools, preferably Terraform or Pulumi, in GCP environments.
• Familiarity with container technologies and orchestration tools (Docker, Kubernetes).
• Strong scripting experience (Python, Bash, or similar) for automation and tooling.
• Understanding of security monitoring and SIEM integration in cloud environments.
• Excellent communication skills, both written and verbal
• Bonus:
• Certifications: GCP Professional Cloud Security Engineer, or similar are a plus.
• Experience with GitHub Advanced Security features and secure software development lifecycle (SSDLC).
• Familiarity with secret management tools like HashiCorp Vault or GCP Secret Manager.
• Familiarity with zero trust architectures or cloud workload protection platforms (CWPP).
• Contributions to open-source security tools or participation in CTFs/security communities.