Technical Lead-Cloud & Infra Engg @ Birlasoft

Job Description Security Engineer / DevSecOps Engineer

Core Security Expertise

• Secure SDLC: Implement and embed security practices across all phases of the software development lifecycle from design through deployment.
• Threat Modeling: Use frameworks such as STRIDE, DREAD, or PASTA to proactively identify and mitigate architectural and implementation risks.
• Vulnerability Management: Conduct vulnerability assessments using tools like Nessus, Qualys, or OpenVAS and deliver actionable remediation plans.
• Application Security: Strong understanding of OWASP Top 10 risks and hands on experience with SAST, DAST, IAST, and RASP tools.
• Identity & Access Management: Implement IAM principles such as least privilege, RBAC/ABAC, SSO, and MFA.

Development & Automation

• Programming/Scripting: Proficiency in Python, Bash, Go, or JavaScript.
• CI/CD Security: Secure and harden pipeline tools including Jenkins, GitHub Actions, GitLab CI, and Azure DevOps. Integrate automated security testing into CI/CD workflows.
• Infrastructure as Code Security: Experience with Terraform, CloudFormation, and Ansible. Familiarity with security scanners such as Checkov, tfsec, Terrascan, and Policy as Code (OPA/Conftest).
• Container & Orchestration Security: Practical experience securing Docker, Kubernetes, and Helm ecosystems. Exposure to Trivy, Anchore, Falco, and Kyverno.

Cloud & Platform Security

• Cloud Security: Strong understanding of AWS, Azure, or GCP security components (IAM, VPC, KMS, WAF, Secrets Manager). Experience with CSPM or CWPP tools.
• Secrets Management: Hands on experience with Vault, AWS Secrets Manager, SOPS, or equivalent secret management solutions.

Monitoring, Detection & Incident Response

• Security Monitoring & SIEM: Experience using Splunk, ELK, Sentinel, Panther, or Datadog for anomaly detection and alert triage.
• Incident Response & Forensics: Ability to analyze logs, investigate breaches, respond to incidents, and implement long term mitigation.

Governance, Risk & Compliance

• Knowledge of frameworks like NIST, ISO 27001, CIS Benchmarks, SOC 2, and PCI DSS.

Collaboration & Communication

• Ability to work cross functionally with developers, operations teams, and business stakeholders to drive a security first culture.
• Strong documentation and communication skills.

Nice to Have

• Experience with Semarchy xDM or Semarchy deployment workflows beneficial for teams leveraging Semarchy as part of their application deployment lifecycle. (The platform is used in deployment processes across certain projects, making familiarity a plus.)