eInfochips - Cloud Security Specialist - IoT (5-8 yrs)

eInfochips (An Arrow Company) :

eInfochips, an Arrow company (A $30B, NASDAQ listed (ARW); Ranked #109 on the Fortune List), is a leading global provider of product engineering and semiconductor design services.

25+ years of proven track record, with a team of over 2500+ engineers, the team has been instrumental in developing over 500+ products and 40M deployments in 140 countries.

Company's service offerings include Silicon Engineering, Embedded Engineering, Hardware Engineering & Digital Engineering services.

eInfochips services 7 of the top 10 semiconductor companies and is recognized by NASSCOM, Zinnov and Gartner as a leading Semiconductor service provider.

Job Description :

As a Cloud and IoT Product Security Specialist, primarily focus on securing cloud infrastructures that support IoT products and services.

This role involves designing, implementing, and managing cloud security measures to ensure the protection of sensitive data and system integrity across the product lifecycle.

This expertise will help safeguard IoT ecosystems connected to cloud environments while ensuring compliance with industry standards.

Key Responsibilities :

- Cloud Security Architecture : Design, implement, and manage robust cloud security architectures that integrate IoT devices and services.

- Cloud Security Audits : Conduct security audits and assessments of cloud infrastructure, identifying vulnerabilities and providing recommendations for remediation.

- Data Protection & Encryption : Ensure the secure transmission and storage of data in cloud environments, utilizing encryption techniques and other data protection mechanisms.

- Cloud Access & Identity Management : Implement and manage Identity and Access Management (IAM) solutions for cloud platforms to secure user access and ensure least-privilege policies.

- Cloud Compliance & Governance : Ensure compliance with cloud security standards and regulations, including GDPR, ISO 27001, and NIST, as well as specific industry-related standards.

- DevSecOps Integration : Work closely with DevOps teams to integrate security into cloud deployment pipelines (CI/CD), automating security testing and vulnerability scanning in the cloud.

- Vulnerability Management : Perform vulnerability management, patching, and configuration hardening for cloud platforms (AWS, Azure, GCP), ensuring that cloud environments are secure and resilient.

- Cloud Security Best Practices : Develop and enforce security policies and best practices for the use of cloud platforms in IoT product development.

- Threat Modeling : Conduct threat modeling specific to cloud environments and IoT integration to proactively identify risks and propose mitigation strategies.

- Security Incident Handling : Lead cloud-related incident investigations, implementing containment, eradication, and recovery plans as necessary.

- Collaboration with Cross-functional Teams : Work with product developers, IoT engineers, and cloud architects to ensure secure integration of IoT devices and services into cloud platforms.

- Continuous Improvement : Stay up to date with the latest cloud security technologies, threats, and best practices, continuously improving security postures and strategies.

Qualifications :

- Bachelor's degree in Computer Science, Information Security, or a related field.

- 5+ years of experience in cloud security, specifically in securing cloud platforms (AWS, Azure, GCP).

- Strong knowledge of cloud-native security tools and technologies (e.g, AWS KMS, Azure Security Center, GCP Cloud Security Command Center).

- Experience with Identity and Access Management (IAM) in cloud platforms.

- Deep understanding of encryption, data protection, and secure data transmission in cloud environments.

- Hands-on experience with security automation and cloud-based DevSecOps practices.

- Proficiency in performing cloud security assessments, audits, and implementing remediation plans.

- Knowledge of IoT security fundamentals and integration with cloud services.

- Familiarity with OWASP Top 10 for web, API, and cloud security.

- Certifications such as AWS Security Specialty, CISSP, CCSP, or CEH are a plus.