Secops engineer

Security Operations (Sec Ops) EngineerLocation: BangaloreTeam: Security & ComplianceReports to: Engineering Manager – Platform & SecurityAbout JosysJosys is on a mission to redefine enterprise IT operations through automation, visibility, and security. As we continue to scale globally, securing our cloud-native infrastructure and application ecosystem is more critical than ever. We are looking for a passionate Security Operations Engineer to join our security team and help strengthen our defenses and practices across the cloud.Job SummaryAs a Senior Sec Ops Engineer, you'll lead the design and implementation of security controls across cloud infrastructure, CI/CD pipelines, and application layers. You’ll act as a subject matter expert in both preventive and detective controls, vulnerability management, and compliance enforcement. We are looking for someone hands-on with a deep understanding of cloud and application security — especially across AWS, data privacy, and regulatory frameworks.Key Responsibilities1. Cloud Security Monitoring & ComplianceConfigure and optimize AWS-native security tools like Security Hub, Guard Duty, Config, Cloud Trail for real-time detection and compliance.Drive Cloud Gap Assessments and security posture reviews across multi-account AWS environments.Ensure alignment with standards like CIS, ISO 27001, SOC 2, and regulatory requirements including GDPR and data residency controls.2. Incident Response & RemediationLead investigation and remediation efforts in partnership with L1 support and SRE teams.Perform root cause analysis, implement fixes, and establish preventive controls.Build runbooks, define escalation processes, and improve incident response automation.3. Secure Dev Ops & CI/CD IntegrationIntegrate automated security tools in CI/CD for both infrastructure and applications (e.g., SAST, DAST, Ia C scanning).Implement Ia C policy enforcement using tools such as tfsec, Checkov, or OPA.Embed security gates and practices early in the software development lifecycle.4. Penetration Testing & Vulnerability ManagementConduct or coordinate regular penetration testing using tools like Burp Suite, OWASP ZAP, or via third-party assessors.Manage end-to-end vulnerability lifecycle, from discovery through remediation.Translate findings into developer-friendly guidance and track fixes to closure.5. Continuous Improvement & Security AwarenessStay current with cloud security trends, vulnerabilities, and threats.Drive security awareness training and contribute to improving engineering security hygiene.Influence architectural decisions by embedding security principles into project planning.Required Qualifications5–8 years of experience in cloud security, application security, or security operations roles.Deep knowledge of AWS security architecture, IAM, networking, and encryption practices.Hands-on experience with security testing tools like Burp Suite, OWASP ZAP, Nmap, and cloud-native monitoring tools.Strong grasp of compliance frameworks including GDPR, SOC 2, ISO 27001, and data residency considerations.Solid scripting or automation skills (e.g., Python, Bash, Terraform).Must hold at least one relevant certification:AWS Certified Security – SpecialtyCISSP (Certified Information Systems Security Professional)CCSP (Certified Cloud Security Professional)Nice to HaveExperience with container security (e.g., EKS, Docker) and runtime protection tools.Familiarity with security operations platforms (e.g., Splunk, ELK, or SIEM tools).Experience working in fast-paced Saa S or Dev Ops-centric environments.Why Join Us?Work on a global Saa S platform at the cutting edge of IT automation and cloud security.Lead initiatives that shape how modern enterprises manage risk.Join a culture of ownership, innovation, and collaboration.Remote-friendly work culture with high-impact opportunities.