Job Description

We are a fast-growing software product company building cloud-native applications on AWS. We are looking for an experienced Cloud Security Engineer to strengthen our security posture across our cloud infrastructure, applications, and development pipelines.

The role will focus on cloud security architecture, application security testing, vulnerability management, and regulatory compliance. The ideal candidate should have strong experience in AWS security services, DevSecOps practices, security testing (SAST/DAST), container security, and compliance frameworks such as SOC2, GDPR, and HIPAA.

You will work closely with engineering, DevOps, and product teams to identify security risks, implement security controls, run security assessments, and ensure our platform meets industry security standards.

Key Skills & Responsibilities

1. AWS Cloud Security

Strong knowledge of AWS security services including AWS Inspector, AWS CloudTrail, GuardDuty, Security Hub, IAM, and VPC security, with the ability to monitor, detect, and remediate cloud security risks.

2. Application Security

Good understanding of OWASP Top 10 vulnerabilities, secure API design, authentication and authorization mechanisms such as OAuth and JWT, and best practices for securing web applications and APIs.

3. Static Security Testing (SAST)

Experience implementing and running static code analysis tools such as SonarQube, Snyk, or Checkmarx to detect vulnerabilities early in the development lifecycle.

4. Dynamic Security Testing (DAST)

Hands-on experience performing dynamic application security testing using tools like OWASP ZAP or Burp Suite to identify runtime vulnerabilities in web applications and APIs.

5. Container Security

Experience securing Docker-based workloads, performing container image vulnerability scanning using tools such as Black Duck, Prisma Cloud, and implementing container security best practices.

6. Compliance & Security Audits

Experience supporting or implementing controls required for SOC2, GDPR, and HIPAA compliance, including security documentation, audit readiness, and risk assessments.

7. Penetration Testing & Vulnerability Management

Experience conducting VAPT assessments, analyzing security findings, prioritizing vulnerabilities based on risk, and coordinating remediation with development and infrastructure teams.

Preferred Qualifications

• Experience: 3–5 Years
• Experience working in cloud-native or SaaS product companies.
• Familiarity with DevSecOps practices and CI/CD security integration.
• Knowledge of API security, encryption standards, and secure architecture design.

Location: Bangalore

(Open for relocation after few months to Bangalore)