Josys - Senior SecOps Engineer

Description : Security Operations (SecOps) Engineer.Location : Bangalore.Team : Security & Compliance.Reports to : Engineering Manager Platform & Security.About Josys :Josys is on a mission to redefine enterprise IT operations through automation, visibility, and security.As we continue to scale globally, securing our cloud-native infrastructure and application ecosystem is more critical than ever.We are looking for a passionate Security Operations Engineer to join our security team and help strengthen our defenses and practices across the cloud.Job Summary :As a Senior SecOps Engineer, you'll lead the design and implementation of security controls across cloud infrastructure, CI/CD pipelines, and application layers.Youll act as a subject matter expert in both preventive and detective controls, vulnerability management, and compliance enforcement.We are looking for someone hands-on with a deep understanding of cloud and application security especially across AWS, data privacy, and regulatory frameworks.Key Responsibilities :Cloud Security Monitoring & Compliance :- Configure and optimize AWS-native security tools like Security Hub, GuardDuty, Config, CloudTrail for real-time detection and compliance.- Drive Cloud Gap Assessments and security posture reviews across multi-account AWS environments.- Ensure alignment with standards like CIS, ISO 27001, SOC 2, and regulatory requirements including GDPR and data residency controls.Incident Response & Remediation :- Lead investigation and remediation efforts in partnership with L1 support and SRE teams.- Perform root cause analysis, implement fixes, and establish preventive controls.- Build runbooks, define escalation processes, and improve incident response automation.Secure DevOps & CI/CD Integration :- Integrate automated security tools in CI/CD for both infrastructure and applications (e.g., SAST, DAST, IaC scanning).- Implement IaC policy enforcement using tools such as tfsec, Checkov, or OPA.- Embed security gates and practices early in the software development lifecycle.Penetration Testing & Vulnerability Management :- Conduct or coordinate regular penetration testing using tools like Burp Suite, OWASP ZAP, or via third-party assessors.- Manage end-to-end vulnerability lifecycle, from discovery through remediation.- Translate findings into developer-friendly guidance and track fixes to closure.Continuous Improvement & Security Awareness :- Stay current with cloud security trends, vulnerabilities, and threats.- Drive security awareness training and contribute to improving engineering security hygiene.- Influence architectural decisions by embedding security principles into project planning.Required Qualifications :- 5- 8 years of experience in cloud security, application security, or security operations roles.- Deep knowledge of AWS security architecture, IAM, networking, and encryption practices.- Hands-on experience with security testing tools like Burp Suite, OWASP ZAP, Nmap, and cloud-native monitoring tools.- Strong grasp of compliance frameworks including GDPR, SOC 2, ISO 27001, and data residency considerations.- Solid scripting or automation skills (e.g., Python, Bash, Terraform).- Must hold at least one relevant certification :1. AWS Certified Security Specialty.2. CISSP (Certified Information Systems Security Professional).3. CCSP (Certified Cloud Security Professional).Nice to Have :- Experience with container security (e.g., EKS, Docker) and runtime protection tools.- Familiarity with security operations platforms (e.g., Splunk, ELK, or SIEM tools).- Experience working in fast-paced SaaS or DevOps-centric environments.Why Join Us?- Work on a global SaaS platform at the cutting edge of IT automation and cloud security.- Lead initiatives that shape how modern enterprises manage risk.- Join a culture of ownership, innovation, and collaboration.- Remote-friendly work culture with high-impact opportunities. (ref:hirist.tech)