Job Title - Senior SecOps Engineer
Job Location - Pune
About Client:
Our client is a community of collaborative experts, problem solvers, and possibility seekers who believe work should be both challenging and fun. They are proud to inspire creativity, foster belonging, support collaboration, and encourage wellness. Here, you'll work with and learn from some of the best and brightest in business. Before you know it, you'll be in the middle of a rewarding career at a company headed in one direction: upward.
With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, our client is trusted by the world's leading brands to deliver solutions for the toughest challenges. The best run DevOps teams in the world choose our client.
Position Summary:
Our client, is searching for a Sr. SecOps Engineer to design and optimize the security operations for their SaaS product portfolio. In this key role, you will drive the design and implementation of automated tools and technologies to ensure the security, reliability, and high availability of our production and CI/CD environments, applications, and infrastructure. You will lead the efforts to establish SecOps best practices across the organization, ensuring that all environments adhere to the highest security standards.
Responsibilities:
- Develop and implement vulnerability management practices using tools such as Qualys, Lacework, Prisma, and Mend (SAST and SCA)
- Experience in managing operations/cadence in Vulnerability management, SIEM, and CSPM.
- Lead efforts to ensure security incident and event management (SIEM) from code repositories to operating systems, VMs, databases, networks, and applications.
- Automate security processes and workflows across CI/CD pipelines, leveraging infrastructure-as-code (IaC) and security automation tools to eliminate manual work and improve efficiency.
- Automate the detection and mitigation of security threats by integrating SIEM tools with incident response workflows.
- Drive the implementation of security hardening best practices across the infrastructure, including OS, network, application, and database layers.
- Implement and maintain secret scanning tools across CI/CD pipelines to detect and mitigate the exposure of sensitive data.
- Advocate and implement security best practices in agile SDLC methodologies and DevSecOps workflows.
- Collaborate closely with Developer and DevOps teams to ensure security is embedded at every stage of the development and deployment processes.
- Lead and maintain security sprint boards, monitor tasks, and manage risks via Jira and other collaboration tools.
- Schedule and run monthly SecOps cadence meetings to report on the organization's security posture, discuss ongoing projects, and address security incidents and mitigations.
- Prepare and present comprehensive documentation and reports on security incidents, vulnerability assessments, and audit findings to technical and non-technical stakeholders.
- Assist with incident response planning, including the triage, investigation, and remediation of security incidents.
- Stay updated on the latest security threats, tools, and methodologies, and continuously improve the security frameworks and policies
Requirements:
- Bachelor's or master's degree in computer science, Information Security, Engineering, or a related field.
- 7+ years of experience in cybersecurity, security operations, or a similar role in a SaaS/cloud environment.
- Strong hands-on experience with security automation tools and practices for CI/CD pipeline integration and infrastructure-as-code (IaC)..
- Hands-on experience with vulnerability management tools such as Qualys, Prisma, Lacework, and Mend (SAST/SCA).
- Development/Automation experience to automate the workflows, security operations/tooling by using Python/Ruby/Go..
- Proficient in automating vulnerability scanning, patch management, and compliance monitoring processes across hybrid cloud environments.
- Strong understanding of Cloud Security Posture Management (CSPM) tools and processes.
- Experience with SIEM tools and security monitoring best practices.
- Proficient with secret management and scanning in CI/CD environments.
- Familiarity with hardening techniques across various platforms (Linux, Windows, network, databases, etc.).
- Proficient in driving security sprint boards using Jira or other task management tools.
- Excellent presentation and communication skills, with experience in running security meetings and cadence discussions.
- Strong documentation skills to ensure security processes and incidents are thoroughly recorded.
- Knowledge of infrastructure-as-code frameworks such as Terraform, Ansible, or similar, with experience automating security configurations a plus.
- Strong problem-solving skills and the ability to work under pressure in a fast-paced environment.
- Continuous desire to learn and stay updated on the latest in cybersecurity practices and threats.
