Cloud & Container Security Engineer

Key Responsibilities

1. Platform Security Architecture

• Design secure multi-cloud architectures with clearly defined Trust boundaries, Identity and access flows, and telemetry pipelines
• Implement Least privilege access models, Private networking strategies, encryption, and key management solutions
• Define and enforce policy-driven security controls across infrastructure and runtime environments

2. Infrastructure Security

• Build and manage secure landing zones using Terraform
• Develop reusable, scalable Terraform modules
• Enforce remote state security, Access controls, and policy validation checks
• Ensure all infrastructure is provisioned, managed, and governed via Infrastructure as Code (IaC)

3. Kubernetes & Container Security

• Secure and harden Kubernetes clusters across EKS and AKS
• Implement admission controllers and runtime policies, Namespace isolation and workload identity
• Enforce Secure container images, Prevention of privilege escalation, Runtime behavior controls
• Manage secrets securely using externalised secret management systems

4. DevSecOps & Supply Chain Security

• Design and implement secure CI/CD pipelines with Code scanning, Artifact signing, and Release governance controls
• Enforce Branch protection rules, Approval workflows, Artifact integrity validation
• Eliminate static credentials via identity federation
• Enable safe deployment practices, Controlled promotion across environments, and Rollback mechanisms

5. Monitoring & Detection

• Aggregate telemetry across AWS, Azure, Kubernetes, and CI/CD pipelines
• Build dashboards and alerting systems using ELK Stack, Grafana
• Develop high-quality detections with minimal false positives
• Own alert quality, tuning, and response readiness

6. Incident Response

• Lead security incident investigations and containment efforts
• Build detailed timelines using telemetry and logs
• Perform impact analysis and root cause identification
• Implement long-term fixes via code and policy updates
• Maintain and improve incident response runbooks

Mandatory Requirements

Certifications 

•  AWS Certified Security – Speciality
• Microsoft Azure Security Engineer (AZ-500)
• Certified Kubernetes Security Specialist (CKS)
• CISSP or CCSP (with strong hands-on engineering experience)

Experience

• 10 years+ in Cloud Security, DevSecOps, Platform Engineering
• Hands-on experience with AWS and Azure environments
• Strong expertise in Terraform at production scale
• Deep knowledge of Kubernetes security (admission & runtime)
• Experience implementing secure CI/CD pipelines with scanning and signing
• Proven track record in incident response with measurable outcomes

Technical Skills: 

·      Cloud & Infrastructure: AWS & Azure security architecture, Identity and Access Management (IAM), Encryption and Key Management

·      Infrastructure as Code: Terraform modules and environment design, Policy enforcement and governance

·      Container & Platform Security: Kubernetes security policies and runtime controls, Container hardening and vulnerability scanning

·      DevSecOps: Secure CI/CD pipeline implementation, Software supply chain security

·      Observability: ELK Stack, Grafana, Log normalisation, and detection engineering

·      Incident Response: Threat detection and analysis, Containment and remediation, forensics, and root cause analysis