Application & Infrastructure Security

• Design, implement, and maintain security controls across cloud infrastructure (AWS, Azure, or GCP), CI/CD pipelines, and on-premises environments.
• Conduct in-depth code reviews, architecture reviews, and threat modeling sessions to identify and remediate security vulnerabilities early in the SDLC.
• Build and maintain automated security scanning pipelines integrating SAST, DAST, SCA, and secrets detection tooling.
• Harden operating systems ,container environments(Docker/Kubernetes), and network configurations to reduce attack surface.

Threat Detection & Incident Response

• Develop and tune detection rules, correlation logic, and alerting across SIEM platforms (Splunk, Sentinel, or Elastic) to identify malicious activity at scale.
• Lead technical investigation and containment of security incidents — from initial triage through root cause analysis, remediation, and post-mortem.
• Build and maintain threat hunting playbooks; proactively hunt for indicators of compromise and adversarial TTPs mapped to MITRE ATT&CK.
• Develop and maintain SOAR playbooks to automate repetitive detection and response workflows, reducing mean time to respond (MTTR).

Vulnerability Management & Penetration Testing

• Own the vulnerability management lifecycle: scanning, triage, prioritization, remediation tracking, and SLA reporting across all asset classes. Confidential — Internal Use Only Page 2
• Perform internal penetration tests and red team simulations against web applications, APIs, network infrastructure, and cloud environments.
• Assess third-party vendor and supply-chain risk; conduct technical security reviews of SaaS integrations and open-source dependencies.

Security Engineering & Automation

• Write production-quality security tooling and automation scripts in Python, Go, or Bash to scale security operations and reduce manual effort.
• Integrate security controls into Terraform, Ansible, and other IaC frameworks; enforce security policy-as-code using tools such as OPA or Checkov.
• Collaborate closely with software engineering, DevOps, and platform teams to embed security practices as a force multiplier, not a gatekeeper.
• Contribute to security standards, runbooks, and documentation to elevate security awareness and capability across the engineering org.

TECHNICAL REQUIREMENTS

Candidates must demonstrate hands-on proficiency across 3-4 areas below.

QUALIFICATIONS & EXPERIENCE

• 5+ years of hands-on experience in a security engineering, detection engineering, or offensive security role — not compliance or advisory.
• Demonstrable experience securing cloud-native environments at scale (multi-account AWS, Azure, or GCP); cloud security certifications a plus.
• Proficiency in at least one scripting/programming language used to build security tools orautomate workflows (Python strongly preferred).
• Strong understanding of attacker TTPs: you think like an adversary and can articulate how attacks work at the protocol and system level.
• Experience with containerized and Kubernetes environments; understanding of container escape paths, RBAC misconfigs, and supply chain risks.
• Solid grasp of networking fundamentals: TCP/IP, DNS, HTTP/S, TLS, BGP — you can read a packet capture and know what you are looking at.
• Experience leading or significantly contributing to incident response investigations, includingpost-mortems and control improvements.

Preferred Certifications (any of the following)

• OSCP / OSED / OSEP 
• CRTO / CRTE 
• AWS Security Specialty
• GREM / GXPN / GWAPT 
• CKS (Kubernetes Security) 
• CISSP / CCSP
• Azure Security Engineer 
• GCIH / GCIA 
• Google Professional Cloud Security