Senior Cloud Security Engineer

About NopalCyber

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Through Managed Extended Detection and Response (MXDR), Attack Surface Management (ASM), Breach and Attack Simulation (BAS), and Advisory Services, we fortify our clients' cybersecurity across both offense and defence.

Our AI-driven Nopal360° platform, NopalGo mobile app, and proprietary Cyber Intelligence Quotient (CIQ) enable organizations to quantify, track, and visualize their cybersecurity posture in real time. We democratize enterprise-grade security operations for organizations of all sizes by lowering the barrier to entry while raising the bar for security and service.

Location
: Nopal Cyber, Hyderabad (Work from Office, 5 Days a Week)

Employment Type
: Full-time

Key Responsibilities

Cloud Security (Azure / AWS / GCP)

• Lead in-depth manual and automated reviews of cloud configurations for security and compliance against industry benchmarks (CIS, NIST, custom policies).
• Identify and remediate identity misconfigurations, over-permissioned roles, insecure network exposures, and unencrypted resources in cloud environments.
• Provide expert guidance on Azure and AWS security services: IAM, VPC/network security, KMS, logging/monitoring, workload protection.
• Use cloud-native security tools such as Azure Policy, Microsoft Defender for Cloud, AWS Config, Guard Duty, Security Hub, Macie, Inspector, and optionally GCP Security Command Centre.
• Evaluate and manage CSPM/CWPP platforms (Prisma Cloud, Wiz, Orca, Lacework) for continuous posture management and runtime protection.
• Experience integrating or using IaC security scanning tools (e.g., tfsec, Checkov, kics, Terrascan) within CI/CD pipelines or pre-deployment reviews.
• Sound understanding of cloud threat models, attack paths (e.g., lateral movement, privilege escalation), and applying relevant controls to mitigate risks.
• Plan and execute Vulnerability Assessment and Penetration Testing (VAPT) for cloud-hosted infrastructure, web applications, APIs, and serverless workloads.
• Run Dynamic Application Security Testing (DAST) scans (authenticated and unauthenticated) on client URLs, interpret results, validate findings, and provide prioritized remediation guidance.
• Combine manual penetration testing techniques with automated scanning to identify business-logic flaws, cloud misconfigurations, and complex attack paths.
• Map vulnerabilities to cloud-native controls and ensure findings are integrated into remediation and hardening activities.

Required Skills & Experience

• 8–12 years of experience in cybersecurity with at least 3+ years focused on cloud security (Azure, AWS, or GCP).
• Strong understanding of cloud security architecture and shared responsibility models across Azure/AWS/GCP.
• Hands-on experience with identity & access management (IAM), network security, key management, logging/monitoring, and workload protection in cloud environments.
• Proficiency in using cloud-native security tools (Azure Policy, Defender for Cloud, AWS Config, GuardDuty, Security Hub, Macie, Inspector, GCP SCC).
• Working knowledge of CSPM/CWPP platforms (Prisma Cloud, Wiz, Orca, Lacework, etc.).
• Working knowledge of security architecture frameworks (e.g., SABSA) and threat modeling methodologies (e.g., STRIDE, attack trees) to support risk-based cloud security design and assessment.
• Ability to plan and execute Vulnerability Assessments & Penetration Testing (VAPT) of cloud-hosted infrastructure, web apps, APIs, and serverless workloads.
• Familiarity with DAST tools and manual verification of vulnerabilities, including business-logic flaws and complex attack paths.
• Experience correlating vulnerabilities with cloud-native controls and producing actionable remediation guidance.
• Ability to develop and present detailed cloud security assessment reports, remediation plans, and compliance-aligned hardening guidance across Azure, AWS, and GCP.
• Strong communication skills to convey technical findings to technical and executive stakeholders.

Preferred Qualifications

• Bachelor's degree in engineering, Computer Science, or related discipline.
• CEH Certification (Mandatory) plus one or more advanced certifications:
• AWS Security Specialty
• Azure Security Engineer
• Google Professional Cloud Security Engineer
• Vendor-neutral certifications like CCSP.

Personal Attributes:

• Self-starter and quick learner requiring minimal ramp-up
• Excellent written, oral, and interpersonal communication skills
• Highly self-motivated, self-directed, and attentive to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment