Security Engineer - Azure Kubernetes Service (10-12 yrs)

Role - Security Engineer

Qualification - BE CS & IT

Experience - 8+ Year

Location - Pune, Gurugram

Industries - Information Technology

We are seeking a highly motivated and experienced Security Engineer to join our growing team. As a Security Engineer, you will play a critical role in protecting our systems and data by designing, implementing, and maintaining robust security solutions across our hybrid infrastructure and within our applications, encompassing both containerized (AKS) and serverless environments.

You will work closely with engineering, development, and operations teams to ensure the security of our cloud infrastructure, applications, and data.

This role has a strong focus on Azure, including AKS, Container Apps, Web Apps, Function Apps, Resource Groups, Virtual Networks, Infrastructure as Code (IaC) security, and identity management using Okta claims.

You also need to have a strong depth in Security Standards for Web Applications such as OWASP and the ability to enforce/implement them proactively within cloud applications and products/platforms.

While you will coordinate security testing, the primary focus will be on building and maintaining secure infrastructure and application configurations.

Must Have :

Network Security: Solid understanding of network segregation, WAFs, App Gateways, Proxies, and Firewalls.

Application Security & DevSecOps: Good understanding of application security and DevSecOps principles, including the "shift-left" culture.

Security & Privacy Principles: Good understanding of security and privacy principles, secure standards, and RFCs.

Azure Cloud Platform Experience: Hands-on experience with the Azure cloud platform and its security services.

Azure Kubernetes Service (AKS) Security: Specific experience securing Azure Kubernetes Service (AKS) environments, including ingress/egress, service mesh, and identity management.

Container and Kubernetes Security: Experience securing containerized applications and Kubernetes deployments, including conducting threat modeling exercises to identify and prioritize security risks.

Serverless Application Security: Experience securing serverless applications, including Web Apps and Function Apps.

Foundational Azure Services: Experience with Azure Resource Groups, Virtual Networks, and other foundational Azure services.

Key Responsibilities :

- Design, implement, and maintain security controls for our cloud infrastructure, with a focus on Azure, encompassing both AKS and serverless environments.

- Secure our Azure Kubernetes Service (AKS) environment, including ingress/egress controls, service mesh security, and identity management.

- Secure our serverless environment, including Web Apps, Function Apps, and related Azure services.

- Implement and manage Azure Front Door for web application security and traffic management.

- Configure and maintain Web Application Firewalls (WAFs) and Application Gateways.

- Implement and manage network segmentation strategies, firewalls, and proxies, considering both AKS and serverless architectures.

- Integrate Okta for identity and access management, including claim-based authorization, across all application environments.

- Champion DevSecOps practices and promote a "shift-left" security culture within the engineering teams.

- Work hand-in-glove with our development teams to drive the proper implementation of OWASP principles

- Drive both front-end and back-end security best practices, and their adoption within our applications

- Develop and maintain security documentation, policies, and procedures.

- Respond to security incidents and participate in incident response activities.

- Stay up-to-date with the latest security threats, vulnerabilities, and best practices, specifically related to containerized and serverless architectures.

- Collaborate with engineering, operations, and other teams to ensure security is integrated throughout the software development lifecycle.

- Coordinate security testing activities, working with dedicated security testing resources or teams. This includes defining scope, reviewing results, and driving remediation efforts.

- Ensure secure Infrastructure as Code (IaC) practices are followed for all deployments, including security scanning and validation of IaC templates.

Required Skills and Qualifications

Network Security: Solid understanding of network segregation, WAFs, App Gateways, Proxies, and Firewalls.

Application Security & DevSecOps: Good understanding of application security and DevSecOps principles, including the "shift-left" culture.

Security & Privacy Principles: Good understanding of security and privacy principles, secure standards, and RFCs.

Azure Cloud Platform Experience: Hands-on experience with the Azure cloud platform and its security services.

Azure Kubernetes Service (AKS) Security: Specific experience securing Azure Kubernetes Service (AKS) environments, including ingress/egress, service mesh, and identity management.

Container and Kubernetes Security: Experience securing containerized applications and Kubernetes deployments, including conducting threat modeling exercises to identify and prioritize security risks.

Serverless Application Security: Experience securing serverless applications, including Web Apps and Function Apps.

Foundational Azure Services: Experience with Azure Resource Groups, Virtual Networks, and other foundational Azure services.

Security Best Practices: Knowledge of security best practices for containerized applications, microservices, and serverless functions.

Problem-Solving Skills: Strong problem-solving and analytical skills.

Communication Skills: Excellent communication and collaboration skills.

Education: Bachelor's degree in computer science, Information Security, or a related field.

Preferred Qualifications :

Cloud Security Certifications: Azure AZ-500 or other relevant cloud security certifications.

Advanced Security Certifications: OSCP, OSCE, CREST, CISSP, or other recognized security certifications.

Infrastructure as Code (IaC) Security Expertise: Deep understanding of IaC and its security implications, including experience with secure IaC practices and tools.

Application Security Testing Experience: Hands-on experience with various application security testing methodologies (SAST, DAST, IAST, penetration testing) and tools.

Automated Security Testing: Experience implementing and managing automated security testing within a CI/CD pipeline, covering DevSecOps practices.

Identity and Access Management (IAM): Proficiency in implementing and managing Okta for identity and access management, including claim-based authorization.

Agile Experience: Proven experience working in an Agile environment.

Scripting and Automation: Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for security automation and orchestration.

Security Tooling: Familiarity with various security tools, such as vulnerability scanners, SIEM systems, and intrusion detection/prevention systems.