Security SME

9 - 12 Years

1 Opening

Trivandrum

Role Proficiency

Provide technical leadership and expertise in cloud security, with a focus on GCP Security Architecture and compliance frameworks. Responsible for resolving complex security incidents, defining strategy for security controls, and mentoring team members in delivering secure and resilient infrastructure.

Outcomes

• Define and implement GCP security architecture (KMS, IAM/SoD, VPC-SC).

• Ensure compliance with PCI and other regulatory controls.

• Govern encryption (in transit and at rest), secrets management (Secret Manager), and audit logging to SIEM.

• Drive vulnerability management (VA, Fortify) and ensure timely remediation.

• Design and enforce network segmentation and firewall policies.

• Lead incident response and post-incident root cause analysis.

• Mentor team members on cloud security best practices and compliance requirements.

• Identify opportunities for continued security improvements and risk reduction.

Measures of Outcomes

• SLA adherence for incident and escalation handling.

• % of security incidents resolved within agreed OLAs.

• Number of vulnerabilities identified and remediated within defined timelines.

• Number of successful security audits with minimal findings.

• % encryption and logging coverage across all GCP assets.

• Number of automation scripts, runbooks, or KB articles created for security processes.

• % completion of mandatory security training and certifications.

Outputs Expected

Resolution

• Resolve escalated security incidents within agreed SLAs.
• Lead incident response for GCP security events, perform RCA, and implement corrective/preventive actions.

Troubleshooting

• Investigate misconfigurations, access anomalies, and vulnerabilities in GCP environments.
• Perform security tool integrations and testing (SIEM, Fortify, VA tools).

Escalation/Elevation

• Escalate critical risks to leadership and regulatory stakeholders as per OLA.
• Act as SME for elevated incidents across L2/L3 security teams.

Compliance

• Ensure PCI controls and audit requirements are met.
• Coordinate internal/external audit readiness, remediation, and evidence gathering.

Collaboration

• Work with DevOps, Networking, and Application teams to embed security in CI/CD.
• Collaborate with vendors and customers on incident response and security reviews.

Strategic

• Define roadmap for cloud security controls (GCP focus, but extendable to AWS/Azure if needed).
• Establish metrics and dashboards for security posture tracking.

Skills (Examples)

• Strong expertise in GCP security architecture – KMS, IAM/SoD, VPC-SC.

• Hands-on experience with encryption mechanisms (in transit/at rest).

• Experience with PCI DSS and other compliance frameworks.

• Strong knowledge of secrets governance (Secret Manager).

• Proficiency with audit logging, SIEM integrations, and monitoring.

• Vulnerability assessment and remediation using Fortify/VA tools.

• Strong incident response skills including forensics, containment, and RCA.

• Network security skills – segmentation, firewall policies, IDS/IPS.

• Familiarity with DevSecOps practices, CI/CD pipeline security, and automation.

• Strong stakeholder communication and leadership skills.

Knowledge (Examples)

• ITIL foundation and incident/change management processes.

• Security standards and frameworks – PCI DSS, NIST, ISO 27001.

• Cloud-native security services in GCP, and working knowledge of AWS/Azure.

• Hands-on knowledge of Linux and Windows hardening.

• Familiarity with scripting (Python, Bash, PowerShell) for automation.

• Deep understanding of audit processes and governance models.

• Knowledge of vulnerability management lifecycle and secure coding principles.

Additional Comments

• Looking for a Security SME with 10+ years of experience, specializing in GCP Security Architecture and enterprise compliance.
• Should be able to balance technical expertise with process adherence, stakeholder management, and continuous improvement initiatives.

gcp security architecture,Pci,siem,va

UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world's best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients' organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.