Industry/Sector

Not Applicable

Specialism

Cybersecurity & Privacy

Management Level

Senior Associate

Job Description & Summary

- Design scalable security processes and governance for private, hybrid, and multi-cloud environments (AppSec/DevSecOps aligned)
- Build and implement cloud, container, and application security strategy, including SSDLC practices
- Identify security vulnerabilities on web applications, infrastructure systems, network equipment, Wi-Fi systems, mobile applications, API, etc.
- Provision secure landing zones and cloud infrastructure using Terraform/IaC across AWS, Azure, and GCP
- Embed security scanning into CI/CD (IaC, images, secrets, SAST, DAST, dependency/SCA) including Pipeline Hardening, Artifact repository ( JFrog,Nexus) and Binary provenance
- Implement automated governance and policy enforcement (policy-as-code, tagging, preventive guardrails, CI/CD security gates, and CNAPP controls)
- Implement API security - API gateways security, OAuth and/JWT misconfigurations
- Conduct cloud security assessments, source code reviews to detect security flaws and propose mitigation/remediation plans
- Develop proof-of-concept (PoC) exploits for validated vulnerabilities.
- Harden software supply chain and runtime workloads (signing/integrity, access controls, configuration management, EDR/runtime protection)
- Enable monitoring and response by integrating logs with SIEM/SOAR and defining detection/remediation workflows
- Conduct posture assessments and security reviews (config, code, permissions, and logs) and coach teams on remediation
- Provide guidance/training and support continuous upskilling (cloud security and DevSecOps)
Qualifications
- Proven experience in DevSecOps and Application Security technologies
- Experience working with cloud platforms such as AWS/Azure/GCP
- Strong understanding of secure SDLC, threat modeling, and vulnerability management.
- Hands-on experience with application security tools in SAST, DAST, SCA, and API security testing Eg: Burp Suite, Metasploit, Nmap, Nessus, Wireshark, Kali Linux, Nikto, Fortify, ZAP, MobSF
- Proficiency in common programming languages (Git, Java, JavaScript, Python, Rust, Go, C#, etc.)
- Strong hands-on experience with Terraform and Infrastructure-as-Code practices
- Experience with CI/CD tools such as Jenkins, GitHub Actions, GitLab CI, or Azure DevOps
- Good understanding of OWASP Top 10, secure coding practices, and common vulnerabilities
- Experience with AI tools-Copilots, Agents building use cases as per project requirements
- Good to have experience with the below tools
  • CNAPP (Prisma, Wiz, Orca)
  • SAST (Checkmarx, Fortify, Veracode)
  • Secrets scanning (TruffleHog, GitGuardian)
- Strong analytical, problem-solving, and communication skills
Preferred Qualifications
- Bachelor’s degree in computer science, Computer/Systems Engineering, or a related field
- Cloud certifications :
- Azure (AZ-500, AZ-400, AI-102)
- AWS- AWS Certified SecurityEngineer/ AWS Certified DevOps Engineer
- GCP - Professional Cloud Security Engineer, Professional Cloud DevOps Engineer)

Travel Requirements

Not Specified

Job Posting End Date

CDTR-Cybersecurity - Cloud Security-Senior Associate -Bangalore

Design scalable security processes and governance for private, hybrid, and multi-cloud environments (AppSec/DevSecOps aligned)

Build and implement cloud, container, and application security strategy, including SSDLC practices

Identify security vulnerabilities on web applications, infrastructure systems, network equipment, Wi-Fi systems, mobile applications, API, etc.

Provision secure landing zones and cloud infrastructure using Terraform/IaC across AWS, Azure, and GCP

Embed security scanning into CI/CD (IaC, images, secrets, SAST, DAST, dependency/SCA) including Pipeline Hardening, Artifact repository ( JFrog,Nexus) and Binary provenance

Implement automated governance and policy enforcement (policy-as-code, tagging, preventive guardrails, CI/CD security gates, and CNAPP controls)

Implement API security - API gateways security, OAuth and/JWT misconfigurations

Conduct cloud security assessments, source code reviews to detect security flaws and propose mitigation/remediation plans

Develop proof-of-concept (PoC) exploits for validated vulnerabilities.

Harden software supply chain and runtime workloads (signing/integrity, access controls, configuration management, EDR/runtime protection)

Enable monitoring and response by integrating logs with SIEM/SOAR and defining detection/remediation workflows

Conduct posture assessments and security reviews (config, code, permissions, and logs) and coach teams on remediation

Provide guidance/training and support continuous upskilling (cloud security and DevSecOps)

Proven experience in DevSecOps and Application Security technologies

Experience working with cloud platforms such as AWS/Azure/GCP

Strong understanding of secure SDLC, threat modeling, and vulnerability management.

Hands-on experience with application security tools in SAST, DAST, SCA, and API security testing Eg: Burp Suite, Metasploit, Nmap, Nessus, Wireshark, Kali Linux, Nikto, Fortify, ZAP, MobSF

Proficiency in common programming languages (Git, Java, JavaScript, Python, Rust, Go, C#, etc.)

Strong hands-on experience with Terraform and Infrastructure-as-Code practices

Experience with CI/CD tools such as Jenkins, GitHub Actions, GitLab CI, or Azure DevOps

Good understanding of OWASP Top 10, secure coding practices, and common vulnerabilities

Experience with AI tools-Copilots, Agents building use cases as per project requirements

Good to have experience with the below tools

Strong analytical, problem-solving, and communication skills

Preferred Qualifications

Cloud certifications :

Azure (AZ-500, AZ-400, AI-102)

AWS- AWS Certified SecurityEngineer/ AWS Certified DevOps Engineer

GCP - Professional Cloud Security Engineer, Professional Cloud DevOps Engineer)

Job Details

Tools & Tech

Preferred Certs

CDTR-Cybersecurity - Cloud Security-Senior Associate -Bangalore

Design scalable security processes and governance for private, hybrid, and multi-cloud environments (AppSec/DevSecOps aligned)

Build and implement cloud, container, and application security strategy, including SSDLC practices

Identify security vulnerabilities on web applications, infrastructure systems, network equipment, Wi-Fi systems, mobile applications, API, etc.

Provision secure landing zones and cloud infrastructure using Terraform/IaC across AWS, Azure, and GCP

Embed security scanning into CI/CD (IaC, images, secrets, SAST, DAST, dependency/SCA) including Pipeline Hardening, Artifact repository ( JFrog,Nexus) and Binary provenance

Implement automated governance and policy enforcement (policy-as-code, tagging, preventive guardrails, CI/CD security gates, and CNAPP controls)

Implement API security - API gateways security, OAuth and/JWT misconfigurations

Conduct cloud security assessments, source code reviews to detect security flaws and propose mitigation/remediation plans

Develop proof-of-concept (PoC) exploits for validated vulnerabilities.

Harden software supply chain and runtime workloads (signing/integrity, access controls, configuration management, EDR/runtime protection)

Enable monitoring and response by integrating logs with SIEM/SOAR and defining detection/remediation workflows

Conduct posture assessments and security reviews (config, code, permissions, and logs) and coach teams on remediation

Provide guidance/training and support continuous upskilling (cloud security and DevSecOps)

Proven experience in DevSecOps and Application Security technologies

Experience working with cloud platforms such as AWS/Azure/GCP

Strong understanding of secure SDLC, threat modeling, and vulnerability management.

Hands-on experience with application security tools in SAST, DAST, SCA, and API security testing Eg: Burp Suite, Metasploit, Nmap, Nessus, Wireshark, Kali Linux, Nikto, Fortify, ZAP, MobSF

Proficiency in common programming languages (Git, Java, JavaScript, Python, Rust, Go, C#, etc.)

Strong hands-on experience with Terraform and Infrastructure-as-Code practices

Experience with CI/CD tools such as Jenkins, GitHub Actions, GitLab CI, or Azure DevOps

Good understanding of OWASP Top 10, secure coding practices, and common vulnerabilities

Experience with AI tools-Copilots, Agents building use cases as per project requirements

Good to have experience with the below tools

Strong analytical, problem-solving, and communication skills

Preferred Qualifications

Bachelor’s degree in computer science, Computer/Systems Engineering, or a related field

Cloud certifications :

Azure (AZ-500, AZ-400, AI-102)

AWS- AWS Certified SecurityEngineer/ AWS Certified DevOps Engineer

GCP - Professional Cloud Security Engineer, Professional Cloud DevOps Engineer)

Job Details

Tools & Tech

Preferred Certs