Security Operations

Location:
Bangalore

Team:
Security & Compliance

Reports to:
Engineering Manager – Platform & Security

About Josys
Josys is on a mission to redefine enterprise IT operations through automation, visibility, and security. As we continue to scale globally, securing our cloud-native infrastructure and application ecosystem is more critical than ever. We are looking for a passionate
Security Operations Engineer
to join our security team and help strengthen our defenses and practices across the cloud.

Job Summary
As a
Senior SecOps Engineer
, you'll lead the design and implementation of security controls across cloud infrastructure, CI/CD pipelines, and application layers. You'll act as a subject matter expert in both preventive and detective controls, vulnerability management, and compliance enforcement. We are looking for someone hands-on with a deep understanding of cloud and application security — especially across
AWS, data privacy, and regulatory frameworks
.

Key Responsibilities

• Cloud Security Monitoring & Compliance
• Configure and optimize AWS-native security tools like Security Hub, GuardDuty, Config, CloudTrail for real-time detection and compliance.
• Drive Cloud Gap Assessments and security posture reviews across multi-account AWS environments.
• Ensure alignment with standards like CIS, ISO 27001, SOC 2, and regulatory requirements including GDPR and data residency controls.
• Incident Response & Remediation
• Lead investigation and remediation efforts in partnership with L1 support and SRE teams.
• Perform root cause analysis, implement fixes, and establish preventive controls.
• Build runbooks, define escalation processes, and improve incident response automation.
• Secure DevOps & CI/CD Integration
• Integrate automated security tools in CI/CD for both infrastructure and applications (e.g., SAST, DAST, IaC scanning).
• Implement IaC policy enforcement using tools such as tfsec, Checkov, or OPA.
• Embed security gates and practices early in the software development lifecycle.
• Penetration Testing & Vulnerability Management
• Conduct or coordinate regular penetration testing using tools like Burp Suite, OWASP ZAP, or via third-party assessors.
• Manage end-to-end vulnerability lifecycle, from discovery through remediation.
• Translate findings into developer-friendly guidance and track fixes to closure.
• Continuous Improvement & Security Awareness
• Stay current with cloud security trends, vulnerabilities, and threats.
• Drive security awareness training and contribute to improving engineering security hygiene.
• Influence architectural decisions by embedding security principles into project planning.

Required Qualifications

• 5–8 years of experience in cloud security, application security, or security operations roles.
• Deep knowledge of AWS security architecture, IAM, networking, and encryption practices.
• Hands-on experience with security testing tools like Burp Suite, OWASP ZAP, Nmap, and cloud-native monitoring tools.
• Strong grasp of compliance frameworks including GDPR, SOC 2, ISO 27001, and data residency considerations.
• Solid scripting or automation skills (e.g., Python, Bash, Terraform).

• Must hold at least one relevant certification:

• AWS Certified Security – Specialty

• CISSP (Certified Information Systems Security Professional)
• CCSP (Certified Cloud Security Professional)

Nice to Have

• Experience with container security (e.g., EKS, Docker) and runtime protection tools.
• Familiarity with security operations platforms (e.g., Splunk, ELK, or SIEM tools).
• Experience working in fast-paced SaaS or DevOps-centric environments.

Why Join Us?

• Work on a global SaaS platform at the cutting edge of IT automation and cloud security.
• Lead initiatives that shape how modern enterprises manage risk.
• Join a culture of ownership, innovation, and collaboration.
• Remote-friendly work culture with high-impact opportunities.