Cloud Security Engineer

Cloud Security Specialist PositionWe are seeking an experienced Cloud Security Specialist to join our team. The ideal candidate will have extensive knowledge of cloud security best practices and experience working with Azure Kubernetes Service (AKS).About the RoleThe primary responsibility of this role is to design, implement, and maintain secure AKS clusters. This involves hardening cluster configurations, enforcing security controls, and integrating with enterprise DevSecOps pipelines. The successful candidate will also collaborate closely with cloud, platform, and InfoSec teams to ensure secure application delivery.Key ResponsibilitiesDesign, deploy, and manage secure AKS clusters following Azure Well-Architected and CIS Kubernetes Benchmarks.Implement container security policies using Azure Policy for Kubernetes, OPA Gatekeeper, or Kyverno.Integrate Azure Defender for Containers (formerly Azure Security Center) to monitor vulnerabilities and runtime threats.Manage AKS identity and access using Azure AD and Managed Identities to enforce least-privilege access.Configure RBAC, NetworkPolicies, Pod Security Standards, and Secrets encryption within AKS.Enable image scanning via Microsoft Defender, Trivy, or Aqua integrated with CI/CD pipelines (Azure DevOps / GitHub Actions).Enforce image provenance and registry security using Azure Container Registry (ACR).Develop automation scripts using Python / PowerShell / Bash for compliance, monitoring, and policy enforcement.Configure Azure Monitor, Log Analytics, and Application Insights for proactive threat detection.Support incident response and forensics for AKS and containerized workloads.Conduct periodic security assessments, posture reviews, and cluster audits in collaboration with central security teams.Maintain documentation and playbooks for AKS hardening, patching, and compliance processes.Foster a culture of continuous learning and professional development within the team.Collaborate with cross-functional teams to identify and address security risks.Stay up-to-date with industry trends and emerging technologies related to cloud security and containerization.Prioritize tasks effectively to meet deadlines and deliver high-quality results.Maintain accurate records of project progress and accomplishments.Provide training and guidance to junior team members as needed.Mentor colleagues on cloud security best practices and latest developments in the field.Represent the company at conferences, workshops, and other events related to cloud security and containerization.Engage with external partners and vendors to stay informed about new technologies and innovations.Participate in community forums and online discussions to share expertise and learn from others.Demonstrate strong analytical skills and ability to resolve complex problems quickly and efficiently.Ability to adapt to changing priorities and circumstances without compromising quality or safety standards.Strong attention to detail and commitment to delivering high-quality results.Excellent written and verbal communication skills, including the ability to present technical information to non-technical audiences.Proven track record of successfully leading projects and achieving milestones in a timely manner.Awareness of regulatory requirements and industry standards related to cloud security and data protection.Familiarity with cloud security frameworks and compliance standards such as NIST 800-190 and CIS Benchmarks.Understanding of Kubernetes security fundamentals, including RBAC, Admission Controllers, Pod Security, SCC equivalents, and network policies.Experience with CI/CD security tools such as Azure DevOps, GitHub Actions, Jenkins, and integration with container registries like Azure Container Registry (ACR).Proficiency in scripting languages such as Python, Bash, or PowerShell for automation and workflow orchestration.Familiarity with container image scanning, vulnerability remediation, and runtime protection technologies such as Microsoft Defender, Trivy, or Aqua.Knowledge of cloud computing platforms, including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure (AZURE).Working knowledge of networking protocols, firewalls, and virtual private networks (VPNs).Familiarity with IT service management frameworks such as ITIL v4.Good understanding of data protection principles and regulations such as GDPR, HIPAA, and PCI-DSS.Understanding of cloud-based backup and disaster recovery solutions such as Azure Backup and Azure Site Recovery.Familiarity with web application security testing and OWASP top ten most critical web application security risks.Knowledge of software development lifecycle, agile methodologies, and continuous integration and delivery tools like Jira, Bitbucket, and GitLab.Good understanding of Windows Server operating system and Active Directory Domain Services (AD DS) architecture.Basic knowledge of Linux operating systems, including file system permissions, user accounts, and group management.Familiarity with DevOps practices and tools such as Docker, Kubernetes, Jenkins, and Ansible.Working knowledge of API gateways, authentication mechanisms, and authorization protocols such as OAuth, JWT, and OpenID Connect.Understand the differences between cloud-native applications and traditional monolithic applications and how they impact security considerations.Can analyze business requirements and propose secure solutions that align with organizational objectives.Experienced in creating security awareness and training programs for end-users and developers.Skilled in communicating complex technical concepts to non-technical stakeholders and ensuring alignment with organizational goals.Able to evaluate the effectiveness of existing security measures and recommend improvements based on current risk assessments.Knowledge of data loss prevention tools and techniques for identifying sensitive data within corporate networks.Experienced in managing multi-cloud environments, with a focus on security integration and hybrid deployments.Aware of emerging threats and attack vectors specific to cloud infrastructure, such as misconfigured S3 buckets, inadequate IAM roles, and unsanitized input validation.Ability to provide thought leadership on strategic initiatives related to cloud security and compliance while maintaining a customer-centric approach.Knowledge of electronic discovery procedures and e-discovery tools to help organizations navigate digital forensics investigations and litigation hold requests.Understand the importance of privileged account management and can demonstrate effective implementation strategies for safeguarding sensitive credentials.Skilled in analyzing system logs, assessing potential incidents, and implementing mitigation strategies in real-time.Has hands-on experience with SIEM solutions, such as Splunk or ELK Stack, and understands their benefits in improving threat detection and incident response capabilities.Aware of converged vs. hyperconverged architectures and their implications on security design and deployment.Must be familiar with SAN vs NAS storage paradigms and understand performance considerations for database and analytics workloads.Experience with portfolio-wide SOC and comprehensive visibility into assets, vulnerabilities, and countermeasures across the organization's infrastructure, services, and operations.Desirable but not mandatory: Proficiency in human-centered design thinking methodologies and experience incorporating empathy-driven approaches into product roadmap planning, service offerings, or go-to-market strategies. Experience designing personalized experiences using customized dashboards, augmented reality, or wearable devices as part of individualized employee engagement or customer journey mapping initiatives. Familiarity with support ticketing systems and workflow automation toolsets for scaling internal resources and reducing resolution times. Rightsizing and rationalizing contact center technology stacks using feature-rich, yet affordable channels of communication. Strong understanding of first line support models and resource capacity allocation strategies to streamline operational workflows and improve responsiveness. Hold a certification like AWS Certified Developer - Associate, AWS Certified Solutions Architect - Associate, AWS Certified SysOps Administrator - Associate, PMP, or ITIL foundation is beneficial for qualified candidates who possess these skill sets rather than raw brute force knowledge..