Job Description
1. Cloud Security: Design, implement, and manage cloud-native security controls across AWS and Azure (IAM, security groups, VPC security, Guard Duty, Azure Security Center).
2. Application Security: Collaborate with development teams to embed security into the SDLC (secure code reviews, threat modeling, SAST/DAST/SCA integration).
3. DevSecOps: Partner with DevOps to integrate security in CI/CD pipelines, IaC templates (Terraform, CloudFormation, ARM), and containerized workloads (Docker, Kubernetes).
4. Security Monitoring & Response: Monitor and respond to security alerts across cloud and application environments, investigate incidents, and implement corrective actions.
5. Security Tools Management: Manage and maintain security tools such as firewalls, SIEM, IDS/IPS, CSPM, and vulnerability management platforms.
6. Compliance & Best Practices: Ensure systems adhere to regulatory and industry standards (ISO 27001, NIST, CIS, GDPR).
7. Awareness & Training : Promote security awareness within engineering teams, and ensure secure practices in design and deployment.
8. Continuous Improvement: Stay updated on emerging threats, cloud vulnerabilities, and evolving security best practices.
9. Endpoint Security (Secondary): Provide guidance on endpoint security practices and tools (Sentinel One, Microsoft Defender)
as needed.
Technologies & Skills Required
1.Strong knowledge of cloud security principles (AWS & Azure).
2.Hands-on experience with CSPM tools (e.g., Prisma Cloud, Wiz, Orca) and SIEM/IDS/IPS platforms.
3.Familiarity with container and Kubernetes security.
4.Experience with CI/CD security integrations (Snyk, GitHub Advanced Security, or equivalent).
5.Strong understanding of network security, encryption, and identity/access management.
6.Experience with application security testing tools (SAST, DAST, SCA).
7.Knowledge of security frameworks and standards (ISO 27001, NIST, CIS).
8.Familiarity with endpoint security tools (Sentinel One, Microsoft Defender) is a plus.
9.Excellent analytical and problem-solving skills.
10.Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+ are a plus.
Job Classification
Industry: IT Services & Consulting
Functional Area / Department: IT & Information Security
Role Category: IT Security
Role: Security Engineer / Analyst
Employement Type: Full time
Contact Details:
Company: Xoxoday
Location(s): Delhi, NCR
Keyskills:
SAN
ORCA
Testing tools
Access management
Information security
ISO 27001
Network security
microsoft
IPS
SDLC
