Job Description

1. Core Responsibilities

Lead the design, implementation, and optimization of Cloud-based DevSecOps processes, tools, and security measures in Azure and multi-Cloud environments, ensuring the secure, efficient, and reliable delivery of products. Collaborate closely with Cloud Security Architects, SecOps teams, and other stakeholders to define security objectives and implement solutions that align with both business goals and functional requirements. Champion security integration throughout the development lifecycle by embedding security best practices, compliance standards (e.g., CIS, NIST, GDPR, ISO, CSA CCM), and risk management procedures within the Cloud environment. Drive the development, testing, and deployment of security-as-code across various Public Cloud platforms, Containerized environments, and CI/CD pipelines, leveraging Cloud-native tools and services. Ensure strict compliance with industry-standard security frameworks and regulatory controls, guiding teams through their adoption and implementation in Cloud environments. Advise Cloud Architects and engineering teams on design decisions that balance security, scalability, and maintainability, ensuring secure and robust architecture for Cloud services and CI/CD pipelines. Facilitate the integration of Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST) into development pipelines, advocating secure coding practices. Foster a culture of continuous improvement, cross-functional collaboration, and knowledge sharing across technical and business teams to advance Cloud security initiatives. Lead efforts to remediate security vulnerabilities in Cloud infrastructure and applications, providing guidance on the resolution of identified risks. Continuously evaluate and integrate new technologies and industry best practices to improve the organization's Cloud security posture and maintain compliance with evolving security standards. Design and implement solutions for Cloud-based Key Management Services (KMS) integration with various tools and applications to ensure secure data management. Leverage automation to enforce security and compliance policies throughout the development lifecycle, integrating them within CI/CD processes. Proactively monitor and refine the security posture of the organization's Cloud environments using Cloud-native tools, security guardrails, and continuous monitoring practices.

2. Experience Requirements

Technical Expertise:

Extensive hands-on experience with Azure DevOps and other Cloud platforms, with a primary focus on Azure. Strong proficiency with Helm, Terraform, Kubernetes, and Azure Kubernetes Service (AKS), with the ability to design, deploy, and manage scalable, secure Cloud infrastructure. Proven experience building, enhancing, and optimizing CI/CD pipelines using Azure DevOps, GitHub Actions, or GitLab, with integrated security tools like SAST, DAST, and SCA to enforce secure development practices. Expertise with Azure Repos, Git repositories, Azure Pipelines, Azure Artifacts, Azure Key Vault, and Azure Container Registry to manage source code, build, and deploy Cloud-native applications. Experience automating security scanning and compliance checks within pipelines using tools like SonarQube, OWASP ZAP, Checkov, Jib, Trivy, and Snyk to ensure robust security and compliance. Advanced knowledge in developing and enforcing Infrastructure as Code (IaC) security policies using tools like Terraform, Bicep, or ARM templates to ensure security controls are embedded in infrastructure provisioning. In-depth experience enabling Secrets management and key rotation using Azure Key Vault and related tooling to maintain secure Cloud environments. Strong collaboration skills with Security teams to align security posture with enterprise guidelines, ensuring consistency in security practices across projects. Expertise in integrating Identity and Access Management (IAM) practices into CI/CD workflows, leveraging Azure AD, RBAC, and Conditional Access Policies to enforce secure access controls. Experience monitoring, assessing, and responding to security alerts, performing vulnerability assessments, and providing remediation solutions across Cloud environments. Deep experience with Azure security services, including Azure Key Vault, Defender for Cloud, Azure Sentinel, App Gateway, APIM, and Azure AD PIM, to configure and manage security across infrastructure and services. Proven experience in maintaining logging, monitoring, and threat detection systems using tools like Microsoft Defender for Cloud, Sentinel, and Log Analytics to detect, investigate, and respond to threats.

Container & Kubernetes Expertise:

Demonstrated leadership in owning the full lifecycle of Azure Kubernetes Service (AKS) clusters, including provisioning, upgrading, scaling, monitoring, patching, and ensuring cluster health. Expertise in managing and securing AKS clusters, including node pools, network policies, and pod security standards to enforce security best practices. Ability to implement RBAC, network policies, and service mesh configurations (e.g., Istio) to enforce zero-trust architectures within AKS and across Cloud environments. Skilled in performing regular AKS upgrades, patching, and ensuring version compatibility to maintain operational excellence and security in Kubernetes environments. Knowledge in implementing and managing container security controls within AKS, enforcing policies using tools like OPA/Gatekeeper or Azure Policy to ensure containerized workloads are secure. Experience implementing Istio service mesh for traffic routing, security policies (mTLS, ingress/egress), and observability across AKS workloads to ensure secure and efficient service communication.

Security and Risk Management:

Expertise in integrating Terraform-based security-as-code modules to provision secure infrastructure and services across Cloud environments. Ability to perform threat modeling using frameworks like STRIDE or MITRE ATT&CK and defining application controls/mitigations to proactively address potential security risks in Cloud applications. Understanding of Apache Kafka and related microservices integration patterns, including topic-level security and broker configurations, to secure event-driven architectures.

Leadership & Collaboration:

Proven ability to lead and mentor cross-functional teams, guiding both technical and business teams in adopting secure DevSecOps practices and shift-left security principles. Act as a key liaison between engineering teams and security teams to ensure secure and scalable Cloud architecture, while fostering collaboration, knowledge sharing, and continuous improvement. Strong advocacy for secure coding practices, providing DevSecOps training and hands-on support to development teams to implement security by design throughout the software development lifecycle.

3. Knowledge Requirements

Knowledge of the following would be highly desirable:

DevSecOps process and Principles SAST & DAST tools integration Knowledge on Kafka * Schema registry , management of schemas