SecOps Engineer

Security Operations (SecOps) Engineer Location:Bangalore Team:Security & Compliance Reports to:Engineering Manager – Platform & SecurityAbout Josys Josys is on a mission to redefine enterprise IT operations through automation, visibility, and security. As we continue to scale globally, securing our cloud-native infrastructure and application ecosystem is more critical than ever. We are looking for a passionateSecurity Operations Engineerto join our security team and help strengthen our defenses and practices across the cloud.Job Summary As aSenior SecOps Engineer , you'll lead the design and implementation of security controls across cloud infrastructure, CI/CD pipelines, and application layers. You’ll act as a subject matter expert in both preventive and detective controls, vulnerability management, and compliance enforcement. We are looking for someone hands-on with a deep understanding of cloud and application security — especially acrossAWS, data privacy, and regulatory frameworks .Key Responsibilities 1. Cloud Security Monitoring & Compliance Configure and optimizeAWS-native security toolslike Security Hub, GuardDuty, Config, CloudTrail for real-time detection and compliance. DriveCloud Gap Assessmentsandsecurity posture reviewsacross multi-account AWS environments. Ensure alignment with standards likeCIS, ISO 27001, SOC 2 , and regulatory requirements includingGDPR and data residency controls . 2. Incident Response & Remediation Lead investigation and remediation efforts in partnership withL1 support and SRE teams . Performroot cause analysis , implement fixes, and establish preventive controls. Build runbooks, define escalation processes, and improveincident response automation . 3. Secure DevOps & CI/CD Integration Integrateautomated security toolsin CI/CD for both infrastructure and applications (e.g., SAST, DAST, IaC scanning). ImplementIaC policy enforcementusing tools such astfsec, Checkov, or OPA . Embed security gates and practices early in the software development lifecycle. 4. Penetration Testing & Vulnerability Management Conduct or coordinateregular penetration testingusing tools likeBurp Suite, OWASP ZAP , or via third-party assessors. Manage end-to-endvulnerability lifecycle , from discovery through remediation. Translate findings into developer-friendly guidance and track fixes to closure. 5. Continuous Improvement & Security Awareness Stay current withcloud security trends, vulnerabilities, and threats . Drivesecurity awareness trainingand contribute to improving engineering security hygiene. Influence architectural decisions by embedding security principles into project planning.Required Qualifications 5–8 yearsof experience incloud security, application security, or security operationsroles. Deep knowledge ofAWS security architecture, IAM, networking, and encryption practices . Hands-on experience with security testing toolslikeBurp Suite, OWASP ZAP , Nmap, and cloud-native monitoring tools. Strong grasp ofcompliance frameworksincludingGDPR, SOC 2, ISO 27001 , anddata residency considerations . Solid scripting or automation skills (e.g., Python, Bash, Terraform). Must hold at least onerelevant certification: AWS Certified Security – Specialty CISSP (Certified Information Systems Security Professional) CCSP (Certified Cloud Security Professional)Nice to Have Experience withcontainer security (e.g., EKS, Docker)andruntime protection tools . Familiarity with security operations platforms (e.g.,Splunk, ELK, or SIEM tools ). Experience working infast-paced SaaS or DevOps-centric environments . Why Join Us? Work on a global SaaS platform at the cutting edge of IT automation and cloud security. Lead initiatives that shape how modern enterprises manage risk. Join a culture of ownership, innovation, and collaboration. Remote-friendly work culture with high-impact opportunities.