Ankercloud Technologies - Senior Cloud Security Engineer - DevSecOps (1-2 yrs)

Company Description :

Ankercloud is a cloud and technology partner specializing in data-driven digital transformation. We offer consulting, implementation services, and industry-specific analytics solutions to deliver cost-effective and high-impact business value through data processing.

Our AI/ML platforms, accelerated Go-to-Market strategy, improved data consistency, and results-driven methodology help businesses succeed in today's competitive landscape.

We are looking for a Security Engineer in Cloud Security and DevSecOps. The ideal candidate will possess a strong understanding of security requirements, workflows, and tools specific to cloud-based infrastructure.

In this role, you will design, implement, and maintain security measures to protect our organization from cyber threats while ensuring compliance with industry standards.

As an integral member of our cybersecurity team, you will also play a critical role in raising security awareness across the organization, training employees, and actively contributing to the company's overall security strategy.

Position : Security Engineer (Cloud).

Experience : 3 6 years.

Work Location : HRBR Layout (Kalyan Nagar), Bengaluru.

Responsibilities :

- Implement security measures and tools to protect AWS, Azure, and GCP infrastructures, including identity and access management, network security, DDoS protection, encryption, and data protection.

- Applications, APIs, and cloud platforms (AWS, GCP, etc.) to identify vulnerabilities and potential attack vectors.

- Identify Security design gaps in new and existing cloud architectures and Collaborate with other teams to craft solutions to mitigate the issues.

- Perform Cloud Security Assessment, and evaluate security controls of cloud platforms and cloud deployment.

- Lead and Oversee the Security Team to ensure high-quality deliverables to our clients.

- Collaborate across teams to enhance the organization's cloud security stance, integrating security into DevSecOps practices and CI/CD pipelines.

- Lead incident response efforts in the event of security breaches or incidents.

- Investigate and respond to security incidents, conducting root cause analysis and implementing practical solutions.

- Document findings, methodologies, and exploitation techniques in clear and actionable reports for technical and non-technical stakeholders.

- Troubleshoot and resolve security issues, working with cross-functional teams to develop effective solutions.

- Document and report on GCP infrastructure security posture, providing stakeholders with insights and recommendations.

- Provide training and guidance to teams on security best practices, ensuring awareness and adherence to security policies.

- Stay informed on the latest security trends, vulnerabilities, and technologies to continuously improve security practices.

- Perform threat modeling on the cloud-based scenarios and able to apply the principles to secure the cloud platforms.

- Plan and execute social engineering assessments to evaluate the organization's susceptibility to phishing, pretexting, and other manipulation techniques.

- Demonstrate a deep understanding of cloud security concepts and best practices, advising clients on how to secure their cloud effectively.

- Define and develop Build & Release best practices by working within teams and educating the other stakeholder teams.

- Collaborate with the team to implement security controls, defenses, and countermeasures to intercept and prevent internal or external attacks on cloud environments.

Staying up-to-date and ahead of what is happening in AppSec and CloudSec : Researching and Investigating new attack vectors and security flaws in cloud and web, etc.

Requirements :

- Bachelor's Degree in Computer Science, Cyber Security, or a related field.

- Strong understanding of cloud security best practices, tools, and technologies (AWS, Azure, and GCP).

- Solid knowledge of compliance frameworks such as ISO 27001, SOC 2, HIPAA, and GDPR.

- Relevant certifications (i.e., CISSP, CEH, CISM, CCSP, SCS-C02, PCSE) are a plus.

- Hands-on experience with cloud security tools, VPC network security, IAM, DDoS protection, and endpoint security.

- Proficiency in scripting languages like Python or Bash is advantageous.

- Experience with infrastructure-as-code tools like Terraform and CloudFormation.

- Familiarity with container security (Docker, Kubernetes) and serverless architectures is a plus.

- Good communication skills for effective collaboration with team members.