Key Responsibilities
1. Platform Security Architecture
- Design secure multi-cloud architectures with clearly defined Trust boundaries, Identity and access flows, and telemetry pipelines
- Implement Least privilege access models, Private networking strategies, encryption, and key management solutions
- Define and enforce policy-driven security controls across infrastructure and runtime environments
2. Infrastructure Security
- Build and manage secure landing zones using Terraform
- Develop reusable, scalable Terraform modules
- Enforce remote state security, Access controls, and policy validation checks
- Ensure all infrastructure is provisioned, managed, and governed via Infrastructure as Code (IaC)
3. Kubernetes & Container Security
- Secure and harden Kubernetes clusters across EKS and AKS
- Implement admission controllers and runtime policies, Namespace isolation and workload identity
- Enforce Secure container images, Prevention of privilege escalation, Runtime behavior controls
- Manage secrets securely using externalised secret management systems
4. DevSecOps & Supply Chain Security
- Design and implement secure CI/CD pipelines with Code scanning, Artifact signing, and Release governance controls
- Enforce Branch protection rules, Approval workflows, Artifact integrity validation
- Eliminate static credentials via identity federation
- Enable safe deployment practices, Controlled promotion across environments, and Rollback mechanisms
5. Monitoring & Detection
- Aggregate telemetry across AWS, Azure, Kubernetes, and CI/CD pipelines
- Build dashboards and alerting systems using ELK Stack, Grafana
- Develop high-quality detections with minimal false positives
- Own alert quality, tuning, and response readiness
6. Incident Response
- Lead security incident investigations and containment efforts
- Build detailed timelines using telemetry and logs
- Perform impact analysis and root cause identification
- Implement long-term fixes via code and policy updates
- Maintain and improve incident response runbooks
Mandatory Requirements
Certifications
- AWS Certified Security - Speciality
- Microsoft Azure Security Engineer (AZ-500)
- Certified Kubernetes Security Specialist (CKS)
- CISSP or CCSP (with strong hands-on engineering experience)
Experience
- 10 years+ in Cloud Security, DevSecOps, Platform Engineering
- Hands-on experience with AWS and Azure environments
- Strong expertise in Terraform at production scale
- Deep knowledge of Kubernetes security (admission & runtime)
- Experience implementing secure CI/CD pipelines with scanning and signing
- Proven track record in incident response with measurable outcomes
Technical Skills:
. Cloud & Infrastructure: AWS & Azure security architecture, Identity and Access Management (IAM), Encryption and Key Management
. Infrastructure as Code: Terraform modules and environment design, Policy enforcement and governance
. Container & Platform Security: Kubernetes security policies and runtime controls, Container hardening and vulnerability scanning
. DevSecOps: Secure CI/CD pipeline implementation, Software supply chain security
. Observability: ELK Stack, Grafana, Log normalisation, and detection engineering
. Incident Response: Threat detection and analysis, Containment and remediation, forensics, and root cause analysis
