Job Description

Job Title:
Senior Cloud Security Engineer / Lead - Cloud Security
About NopalCyber
NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Through Managed Extended Detection and Response (MXDR), Attack Surface Management (ASM), Breach and Attack Simulation (BAS), and Advisory Services, we fortify our clients' cybersecurity across both offense and defence.
Our AI-driven Nopal360 platform, NopalGo mobile app, and proprietary Cyber Intelligence Quotient (CIQ) enable organizations to quantify, track, and visualize their cybersecurity posture in real time. We democratize enterprise-grade security operations for organizations of all sizes by lowering the barrier to entry while raising the bar for security and service.
Key Responsibilities
Cloud Security (Azure / AWS / GCP)
Perform advanced Vulnerability Assessment and Penetration Testing (VAPT) of cloud-hosted infrastructure, web applications, APIs, containers, and serverless workloads.
Conduct manual exploitation and attack path validation to uncover misconfigurations, privilege escalation opportunities, insecure network exposures, and lateral movement risks in cloud environments.
Execute Dynamic Application Security Testing (DAST) and combine results with manual penetration testing to identify complex business-logic flaws and multi-step attack chains.
Simulate real-world adversary techniques (e.g., privilege escalation, persistence, data exfiltration) in Azure, AWS, and GCP environments to validate resilience against cloud-native threats.
Use and customize cloud-native security tools (Azure Defender, AWS GuardDuty, GCP SCC, Microsoft Defender for Cloud, AWS Config, Security Hub, Macie, Inspector) to support penetration testing and validate detection capabilities.
Lead manual and automated reviews of cloud configurations for security and compliance against industry benchmarks (CIS, NIST, custom policies).
Identify and remediate identity misconfigurations, over-permissioned roles, insecure network exposures, and unencrypted resources in cloud environments.
Provide expert guidance on Azure and AWS security services: IAM, VPC/network security, KMS, logging/monitoring, and workload protection.
Evaluate and manage CSPM/CWPP platforms (Prisma Cloud, Wiz, Orca, Lacework) for continuous posture management and runtime protection.
Integrate or use IaC security scanning tools (tfsec, Checkov, kics, Terrascan) within CI/CD pipelines or pre-deployment reviews.
Apply a sound understanding of cloud threat models and attack paths to design and implement relevant controls that mitigate risks.
Map vulnerabilities to cloud-native controls and ensure findings are integrated into remediation and hardening activities.
Requirements
Required Skills & Experience
8-12 years of experience in cybersecurity with at least 3+ years focused on cloud penetration testing (Azure, AWS, or GCP).
Strong expertise in cloud attack surfaces: IAM exploitation, network pivoting, insecure storage, exposed APIs, and misconfigured serverless workloads.
Strong understanding of cloud security architecture and shared responsibility models across Azure/AWS/GCP.
Proficiency in manual exploitation techniques combined with automated scanning tools (DAST, SAST, CSPM/CWPP).
Proficiency in using cloud-native security tools (Azure Policy, Defender for Cloud, AWS Config, GuardDuty, Security Hub, Macie, Inspector, GCP SCC).
Working knowledge of CSPM/CWPP platforms (Prisma Cloud, Wiz, Orca, Lacework, etc.).
Ability to plan and execute Vulnerability Assessments & Penetration Testing (VAPT) of cloud-hosted infrastructure, web apps, APIs, and serverless workloads.
Familiarity with manual verification of vulnerabilities, including business-logic flaws and complex attack paths.
Experience correlating vulnerabilities with cloud-native controls and producing actionable remediation guidance.
Ability to develop and present detailed cloud security assessment reports, remediation plans, and compliance-aligned hardening guidance across Azure, AWS, and GCP.
Strong communication skills to convey technical findings to technical and executive stakeholders.
Preferred Qualifications
Bachelor's degree in engineering, Computer Science, or related discipline.
CEH Certification (Mandatory) plus one or more advanced certifications:
AWS Security Specialty
Azure Security Engineer
Google Professional Cloud Security Engineer
Vendor-neutral certifications like CCSP.
Preferred Qualifications
Self-starter and quick learner requiring minimal ramp-up
Excellent written, oral, and interpersonal communication skills
Highly self-motivated, se

Skills Required