We are seeking a highly skilled Cloud & Container Security Engineer to design, build, and operate secure multi-cloud platforms across AWS and Azure. This role requires a code-first mindset and deep expertise in cloud security, Kubernetes, DevSecOps, and incident response within regulated environments.
You will be responsible for implementing zero trust principles, ensuring auditability, and maintaining high-security standards across infrastructure and application layers.
Key Responsibilities
1. Platform Security Architecture
- Design secure multi-cloud architectures with clearly defined Trust boundaries, Identity and access flows, Telemetry pipelines
- Implement Least privilege access models, Private networking strategies, Encryption and key management solutions
- Define and enforce policy-driven security controls across infrastructure and runtime environments
2. Infrastructure Security
- Build and manage secure landing zones using Terraform
- Develop reusable, scalable Terraform modules
- Enforce remote state security, Access controls, Policy validation checks
- Ensure all infrastructure is provisioned, managed, and governed via Infrastructure as Code (IaC)
3. Kubernetes & Container Security
- Secure and harden Kubernetes clusters across EKS and AKS
- Implement admission controllers and runtime policies, Namespace isolation and workload identity
- Enforce Secure container images, Prevention of privilege escalation, Runtime behavior controls
- Manage secrets securely using externalized secret management systems
4. DevSecOps & Supply Chain Security
- Design and implement secure CI/CD pipelines with Code scanning, Artifact signing, Release governance controls
- Enforce Branch protection rules, Approval workflows, Artifact integrity validation
- Eliminate static credentials via identity federation
- Enable safe deployment practices Controlled promotion across environments, Rollback mechanisms
5. Monitoring & Detection
- Aggregate telemetry across AWS, Azure, Kubernetes, CI/CD pipelines
- Build dashboards and alerting systems using ELK Stack, Grafana
- Develop high-quality detections with minimal false positives
- Own alert quality, tuning, and response readiness
6. Incident Response
- Lead security incident investigations and containment efforts
- Build detailed timelines using telemetry and logs
- Perform impact analysis and root cause identification
- Implement long-term fixes via code and policy updates
- Maintain and improve incident response runbooks
Mandatory Requirements
Certifications
- AWS Certified Security – Specialty
- Microsoft Azure Security Engineer (AZ-500)
- Certified Kubernetes Security Specialist (CKS)
- CISSP or CCSP (with strong hands-on engineering experience)
Experience
- 10 +years in Cloud Security, DevSecOps, Platform Engineering
- Hands-on experience with AWS and Azure environments
- Strong expertise in Terraform at production scale
- Deep knowledge of Kubernetes security (admission & runtime)
- Experience implementing secure CI/CD pipelines with scanning and signing
- Proven track record in incident response with measurable outcomes
Technical Skills:
- Cloud & Infrastructure: AWS & Azure security architecture, Identity and Access Management (IAM), Encryption and Key Management
- Infrastructure as Code: Terraform modules and environment design, Policy enforcement and governance
- Container & Platform Security:Kubernetes security policies and runtime controls, Container hardening and vulnerability scanning
- DevSecOps: Secure CI/CD pipeline implementation, Software supply chain security
- Observability: ELK Stack,Grafana, Log normalization and detection engineering
- Incident Response: Threat detection and analysis, Containment and remediation, Forensics and root cause analysis
