Cloud Security

Experience
: years

Salary
: INR / year (based on experience)

Shift
: (GMT+05:30) Asia/Kolkata (IST)

Opportunity Type
: Hybrid (Chennai)

Placement Type
: Full time Permanent Position

**(*Note: This is a requirement for one of Uplers' client - Forbes Advisor)

**What do you need for this opportunity?

Must have skills required:
AWS, OWASP, CI/CD

Forbes Advisor is Looking for:*
*Cloud Security Engineer
Job Description Forbes Advisor is a new initiative for consumers under the Forbes Marketplace umbrella that provides journalist- and expert-written insights, news and reviews on all things personal finance, health, business, and everyday life decisions. We do this by providing consumers with the knowledge and research they need to make informed decisions they can feel confident in, so they can get back to doing the things they care about most. We are looking for a Cloud Security Engineer to join our organization. The ideal candidate will have strong hands-on experience in ensuring robust security controls across both applications and organizational data. This candidate is expected to work closely with multiple stakeholders to architect, implement, and monitor effective safeguards. The ideal candidate will champion secure design, conduct risk assessments, drive vulnerability management, and promote data protection best practices for the organization.

Responsibilities

• Design and implement security measures for website and API applications.
• Conduct security-first code reviews, vulnerability assessments, and posture audits for business-critical applications.
• Conduct security testing activities like SAST & DAST by integrating them within the project's CI/CD pipelines and development workflows.
• Manage all penetration testing activities including working with external vendors for security certification of business-critical applications.
• Develop and manage data protection policies and RBAC controls for sensitive organizational data like PII, revenue, secrets, etc.
• Oversee encryption, key management, and secure data storage solutions.
• Monitor threats and respond to incidents involving application and data breaches.
• Collaborate with engineering, data, product and compliance teams to achieve security-by-design principles.
• Ensure compliance with regulatory standards (GDPR, HIPAA, etc.) and internal organizational policies.
• Automate recurrent security tasks using scripts and security tools.
• Maintain documentation around data flows, application architectures, and security controls.

Requirements

• 10+ years' experience in application security and/or data security engineering.
• Strong understanding of security concepts including zero trust architecture, threat modeling, security frameworks (like SOC 2, ISO 27001), and best practices in corporate security environments.
• Strong knowledge of modern web/mobile application architectures and common vulnerabilities (like OWASP Top 10, etc.)
• Proficiency in secure coding practices and code reviews for major programming languages including Java, .NET, Python, JavaScript, Typescript, React, etc.
• Hands-on experience in at-least two Software tooling in areas of vulnerability scanning and static/dynamic analysis. Software tooling can include Checkmarx, Veracode, SonarQube, Burp Suite, AppScan, etc.
• Advanced understanding of data encryption, key management, and secure storage (SQL, NoSQL, Cloud) and secure transfer mechanisms.
• Working experience in Cloud Environments like AWS & GCP and familiarity with the recommended security best practices.
• Familiarity with regulatory frameworks such as GDPR, HIPAA, PCI DSS and the controls needed to implement them.
• Experience integrating security into DevOps/CI/CD processes.
• Hands-on experience with automation in any of the scripting languages (Python, Bash, etc.)
• Ability to conduct incident response and forensic investigations related to application/data breaches.
• Excellent communication and documentation skills.

Good To Have

• Cloud Security certifications in either one of the below
• AWS Certified Security – Specialty
• GCP Professional Cloud Security
• Experience with container security (Docker, Kubernetes) and cloud security tools (AWS, Azure, GCP).
• Experience in safeguard data storage solutions like GCP GCS, BigQuery, etc.
• Hands-on work with any SIEM/SOC platforms for monitoring and alerting.
• Knowledge of data loss prevention (DLP) solutions and IAM (identity and access management) systems.

Perks:

• Day off on the 3rd Friday of every month (one long weekend each month)
• Monthly Wellness Reimbursement Program to promote health well-being
• Monthly Office Commutation Reimbursement Program
• Paid paternity and maternity leaves

How to apply for this opportunity?

• Step 1: Click On Apply And Register or Login on our portal.
• Step 2: Complete the Screening Form & Upload updated Resume
• Step 3: Increase your chances to get shortlisted & meet the client for the Interview

About Uplers:
Our goal is to make hiring reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant contractual onsite opportunities and progress in their career. We will support any grievances or challenges you may face during the engagement.

(Note: There are many more opportunities apart from this on the portal. Depending on the assessments you clear, you can apply for them as well).

So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you