Cloud & Container Security Engineer

We are seeking a highly skilled Cloud & Container Security Engineer to design, build, and operate secure multi-cloud platforms across AWS and Azure. This role requires a code-first mindset and deep expertise in cloud security, Kubernetes, DevSecOps, and incident response within regulated environments.

You will be responsible for implementing zero trust principles, ensuring auditability, and maintaining high-security standards across infrastructure and application layers.

Key Responsibilities

1. Platform Security Architecture

• Design secure multi-cloud architectures with clearly defined Trust boundaries, Identity and access flows, Telemetry pipelines
• Implement Least privilege access models, Private networking strategies, Encryption and key management solutions
• Define and enforce policy-driven security controls across infrastructure and runtime environments

2. Infrastructure Security

• Build and manage secure landing zones using Terraform
• Develop reusable, scalable Terraform modules
• Enforce remote state security, Access controls, Policy validation checks
• Ensure all infrastructure is provisioned, managed, and governed via Infrastructure as Code (IaC)

3. Kubernetes & Container Security

• Secure and harden Kubernetes clusters across EKS and AKS
• Implement admission controllers and runtime policies, Namespace isolation and workload identity
• Enforce Secure container images, Prevention of privilege escalation, Runtime behavior controls
• Manage secrets securely using externalized secret management systems

4. DevSecOps & Supply Chain Security

• Design and implement secure CI/CD pipelines with Code scanning, Artifact signing, Release governance controls
• Enforce Branch protection rules, Approval workflows, Artifact integrity validation
• Eliminate static credentials via identity federation
• Enable safe deployment practices Controlled promotion across environments, Rollback mechanisms

5. Monitoring & Detection

• Aggregate telemetry across AWS, Azure, Kubernetes, CI/CD pipelines
• Build dashboards and alerting systems using ELK Stack, Grafana
• Develop high-quality detections with minimal false positives
• Own alert quality, tuning, and response readiness

6. Incident Response

• Lead security incident investigations and containment efforts
• Build detailed timelines using telemetry and logs
• Perform impact analysis and root cause identification
• Implement long-term fixes via code and policy updates
• Maintain and improve incident response runbooks

Mandatory Requirements

Certifications

• AWS Certified Security – Specialty
• Microsoft Azure Security Engineer (AZ-500)
• Certified Kubernetes Security Specialist (CKS)
• CISSP or CCSP (with strong hands-on engineering experience)

Experience

• 5–10 years in Cloud Security, DevSecOps, Platform Engineering
• Hands-on experience with AWS and Azure environments
• Strong expertise in Terraform at production scale
• Deep knowledge of Kubernetes security (admission & runtime)
• Experience implementing secure CI/CD pipelines with scanning and signing
• Proven track record in incident response with measurable outcomes

Technical Skills:

• Cloud & Infrastructure: AWS & Azure security architecture, Identity and Access Management (IAM), Encryption and Key Management
• Infrastructure as Code: Terraform modules and environment design, Policy enforcement and governance
• Container & Platform Security:Kubernetes security policies and runtime controls, Container hardening and vulnerability scanning
• DevSecOps: Secure CI/CD pipeline implementation, Software supply chain security
• Observability: ELK Stack,Grafana, Log normalization and detection engineering
• Incident Response: Threat detection and analysis, Containment and remediation, Forensics and root cause analysis