Job Description

Office Location:

Uttar Pradesh, Noida

Experience Required: 8-12 Years

Max Notice Period: 30 Days

Outstation Candidates Allowed

Role & Responsibilities:

We are hiring a Senior DevSecOps / Security Engineer with 8+ years of experience securing AWS cloud, on-prem infrastructure, DevOps platforms, MLOps environments, CI/CD pipelines, container orchestration, and data/ML platforms. This role is responsible for creating and maintaining a unified security posture across all systems used by DevOps and MLOps teams -- including AWS, Kubernetes, EMR, MWAA, Spark, Docker, GitOps, observability tools, and network infrastructure.

Key Responsibilities:

1. Cloud Security (AWS)-

Secure all AWS resources consumed by DevOps/MLOps/Data Science: EC2, EKS, ECS, EMR, MWAA, S3, RDS, Redshift, Lambda, CloudFront, Glue, Athena, Kinesis, Transit Gateway, VPC Peering. Implement IAM least privilege, SCPs, KMS, Secrets Manager, SSO & identity governance. Configure AWS-native security: WAF, Shield, GuardDuty, Inspector, Macie, CloudTrail, Config, Security Hub. Harden VPC architecture, subnets, routing, SG/NACLs, multi-account environments. Ensure encryption of data at rest/in transit across all cloud services.

2. DevOps Security (IaC, CI/CD, Kubernetes, Linux)-

Infrastructure as Code & Automation Security:

Secure Terraform, CloudFormation, Ansible with policy-as-code (OPA, Checkov, tfsec). Enforce misconfiguration scanning and automated remediation.

CI/CD Security:

Secure Jenkins, GitHub, GitLab pipelines with SAST, DAST, SCA, secrets scanning, image scanning. Implement secure build, artifact signing, and deployment workflows.

Containers & Kubernetes:

Harden Docker images, private registries, runtime policies. Enforce EKS security: RBAC, IRSA, PSP/PSS, network policies, runtime monitoring. Apply CIS Benchmarks for Kubernetes and Linux.

Monitoring & Reliability:

Secure observability stack: Grafana, CloudWatch, logging, alerting, anomaly detection. Ensure audit logging across cloud/platform layers.

3. MLOps Security (Airflow, EMR, Spark, Data Platforms, ML Pipelines)-

Pipeline & Workflow Security:

Secure Airflow/MWAA connections, secrets, DAGs, execution environments. Harden EMR, Spark jobs, Glue jobs, IAM roles, S3 buckets, encryption, and access policies.

ML Platform Security:

Secure Jupyter/JupyterHub environments, containerized ML workspaces, and experiment tracking systems. Control model access, artifact protection, model registry security, and ML metadata integrity.

Data Security:

Secure ETL/ML data flows across S3, Redshift, RDS, Glue, Kinesis. Enforce data versioning security, lineage tracking, PII protection, and access governance.

ML Observability:

Implement drift detection (data drift/model drift), feature monitoring, audit logging. Integrate ML monitoring with Grafana/Prometheus/CloudWatch.

4. Network & Endpoint Security-

Manage firewall policies, VPN, IDS/IPS, endpoint protection, secure LAN/WAN, Zero Trust principles. Conduct vulnerability assessments, penetration test coordination, and network segmentation. Secure remote workforce connectivity and internal office networks.

5. Threat Detection, Incident Response & Compliance-

Centralize log management (CloudWatch, OpenSearch/ELK, SIEM). Build security alerts, automated threat detection, and incident workflows. Lead incident containment, forensics, RCA, and remediation. Ensure compliance with ISO 27001, SOC 2, GDPR, HIPAA (as applicable). Maintain security policies, procedures, RRPs (Runbooks), and audits.
Ideal Candidate

8+ years in DevSecOps, Cloud Security, Platform Security, or equivalent. Proven ability securing AWS cloud ecosystems (IAM, EKS, EMR, MWAA, VPC, WAF, GuardDuty, KMS, Inspector, Macie). Strong hands-on experience with Docker, Kubernetes (EKS), CI/CD tools, and Infrastructure-as-Code. Experience securing ML platforms, data pipelines, and MLOps systems (Airflow/MWAA, Spark/EMR). Strong Linux security (CIS hardening, auditing, intrusion detection). Proficiency in Python, Bash, and automation/scripting. Excellent knowledge of SIEM, observability, threat detection, monitoring systems. Understanding of microservices, API security, serverless security. Strong understanding of vulnerability management, penetration testing practices, and remediation plans.

Education-

Master's degree in Cybersecurity, Computer Science, Information Technology, or related field. Relevant certifications (AWS Security Specialty, CISSP, CEH, CKA/CKS) are a plus.
Perks, Benefits and Work Culture

Competitive Salary Package Generous Leave Policy Flexible Working Hours Performance-Based Bonuses Health Care Benefits
Job Types: Full-time, Permanent

Pay: ₹5,600,000.00 - ₹7,500,000.00 per year

Benefits:

Flexible schedule
Application Question(s):

Strong DevSecOps / Cloud Security profile Mandatory (Experience 1) - Must have 8+ years total experience in DevSecOps / Cloud Security / Platform Security roles securing AWS workloads and CI/CD systems. Mandatory (Experience 2) - Must have strong hands-on experience securing AWS services (including but not limited to) KMS, WAF, Shield, CloudTrail, AWS Config, Security Hub, Inspector, Macie and IAM governance Mandatory (Experience 3) - Must have hands-on expertise in Identity & Access Security including RBAC, IRSA, PSP/PSS, SCPs and IAM least-privilege enforcement Mandatory (Experience 4) - Must have hands-on experience with security automation using Terraform and Ansible for configuration hardening and compliance Mandatory (Experience 5) - Must have strong container & Kubernetes security experience including Docker image scanning, EKS runtime controls, network policies, and registry security Mandatory (Experience 6) - Must have strong CI/CD pipeline security expertise including SAST, DAST, SCA, Jenkins Security, artifact integrity, secrets protection, and automated remediation Mandatory (Experience 7) - Must have experience securing data & ML platforms including databases, data centers/on-prem environments, MWAA/Airflow, and sensitive ETL/ML workflows Mandatory (Company) - Product companies preferred; Exception for service company candidates with strong MLOps + AWS depth Preferred (Experience 1) - Experience with CIS hardening, VAPT processes, compliance frameworks (HIPAA / SOC2 / ISO), and dynamic/static scanning governance Preferred (Experience 2) - Hands-on security for observability / SIEM: CloudWatch, Grafana, Prometheus, OpenSearch/ELK -- with alerting & anomaly detection Preferred (Experience 3) - Experience securing GitOps and IaC policy-as-code (OPA / Checkov / tfsec) Preferred (Experience 4) - Experience in securing end-to-end data flows and ML infrastructure across S3, Redshift, RDS, Glue, Kinesis, Snowflake Preferred (Experience 5) - Hands-on security for AWS networking including VPC Peering, Transit Gateway, NACLs, Zero-Trust segmentation, and CloudFront protection Are you okay for F2F round?
Work Location: In person