Lead Cloud Security Engineer

About the job

What does the team do?

Opportunity is part of the evolving cybersecurity group, which is laser-focused on setting up industry benchmarks in managing & guarding against digital risks in a “Cloud Native- DevOps Only” environment. It is a lean-mean-special action group where every cyber sentinel gets an opportunity to work across domains, has the independence to challenge the status quo & evolve cyber practices to the next level of maturity. Our core competencies revolve around “Product & Platform security”, “Cloud Native Risk Management”, and “Detection & Response”.

What will you be doing?

The ideal candidate is familiar with information security industry best practices, modern automation tools, and a Cloud environment. We are looking for someone with a security mindset who "thinks like an attacker".

• Own the cloud security posture management program (CSPM) and concentrate efforts on continuous improvement of the cloud security configurations aligned to global standards like NIST CSF, ISO 27001, ISO 31000, Cloud Security Alliance, etc.
• Uplift & evolve detection policies on CSPM to optimize detection capabilities and draft technical standards for remediation on vulnerabilities identified on the cloud stack.
• Own & manage an integrated vulnerability management dashboard to bring visibility on technical debt.
• Evolve & mature security stack to support a multi-cloud strategy in a high-density containerised environment.
• Ability to refer CIS benchmarks & customise hardening standards as per the evolution of the technology stack.
• Engineer & uplift adoption of Infra as a Code program in pre-provisioning phase & PaaC (Policy as a code) to continuous monitoring of risk configuration changes.
• Perform risk assessment of proposed and existing cloud architecture, adhering to cloud security policies, procedures, and standards, for recommending technical and administrative controls to mitigate identified risks.
• Design and develop frameworks and solutions to secure CI/CD pipelines.
• Test, review, and implement container security on GKE, EKS, or AKS.
• Work in synergy with infra/product engineering teams in defining baseline security configuration, build continuous visibility for detecting misconfigurations/ vulnerabilities reported by CSPM and mature remediation practices.
• Provide SME in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks.
• Work with cloud vendors and external security researchers to resolve security gaps in InMobi’s Cloud.
• Develop, monitor, and manage cloud performance & hygiene metrics (KCI, KPI, KRI).
• Prepare and deliver training and security awareness activities to the Engineering teams.

What is expected of you?

• 7 years of experience in the Cloud security domain.
• Hands-on experience with Azure/AWS/GCP security best practices and services.
• Strong knowledge of virtualization, Docker, containers, and their orchestration with its challenges.
• Hands-on knowledge of Kubernetes (PSP, N/W policy, admission controller, etc.)
• Strong understanding of network concepts and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, TLS, DDoS detection/prevention).
• Hands-on experience with the infrastructure automation tools like Terraform.
• Knowledge of common and industry-standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc).
• Experience reviewing and understanding cloud architecture and security best practices.
• Ability to work independently with little direction and/or supervision.
• Superior communication skills with the ability to ask questions, escalate roadblocks early, and interact effectively at multiple levels in the organization.
• Keen attention to detail with the ability to correct on the fly and work independently.
• Curiosity to learn & adopt emerging technologies
• Knowledge of Security Operations Centre /Incident Management (good to have, not mandatory).
• Holds Associate or Professional-level Cloud and Kubernetes certification(s), GCP/CKA/CKS preferred.
• A Degree In Information Systems, Information Technology, Computer Science, or Engineering from an accredited college or university.