- Senior
- Office in Bangalore
Description
- Serve as a security subject matter expert with in-depth knowledge of cloud security.
- Provide technical leadership to continually improve the security posture of Xperi cloud infrastructure and services.
- Secure enterprise information by determining security requirements; planning, implementing, and testing security systems; reviewing security standards, policies, and procedures.
- Perform threat modeling and risk assessment, document and present the findings to business leaders.
- Establish collaborative working relationships with IT and business development teams to ensure cloud solutions are securely integrated with existing software and infrastructure.
- Design, develop, and deploy scalable cloud-based security solutions.
- Perform vulnerability testing, risk analyses, and security assessments.
- Conduct cloud security audits and ensure necessary security controls are in place.
- Monitor and respond to security incidents and breaches.
- Keep abreast of the latest security issues, regulatory changes, and industry trends.
- Conduct security training and awareness programs to educate staff about cloud security risks and responsibilities.
- Regularly report on the status of cloud security, including any breaches or vulnerabilities.
- Work with third-party vendors to ensure that security requirements are met.
- Maintain compliance with all relevant security and privacy laws and regulations.
- Champion the integration of security practices within the DevOps lifecycle, ensuring security is embedded from development through deployment.
- Collaborate with development, operations, and QA teams to implement automated security checks in CI/CD pipelines.
- Define and enforce secure coding standards and conduct code reviews to identify vulnerabilities early in the development process.
- Utilize tools for static and dynamic application security testing (SAST/DAST), software composition analysis (SCA), and container security.
- Monitor and respond to security alerts from DevOps toolchains and cloud-native environments.
- Drive the adoption of Infrastructure as Code (IaC) security practices and ensure compliance with security policies in automated deployments.
- Provide guidance on secure configuration management and secrets handling across development and production environments.
- Continuously evaluate and improve DevSecOps processes to align with evolving threat landscapes and compliance requirements.
- Work closely with business owners to understand their security needs and requirements.
- Provide guidance and recommendations to business owners on best practices for cloud security.
- Ensure that security measures align with business objectives and do not hinder business operations.
- Communicate security risks and mitigation strategies to business owners in a clear and understandable manner.
- Assist business owners in developing and implementing security policies and procedures that meet their specific needs.
- Minimum of 5–7 years of experience in IT security, with at least 3 years focused on cloud infrastructure.
- Deep understanding of cloud platforms (AWS, Azure, GCP) and their native security tools and services.
- Strong experience with infrastructure-as-code (IaC) security (e.g., Terraform, CloudFormation).
- Proficiency in scripting languages (Python, Bash, PowerShell) for automation and tooling.
- Solid grasp of networking concepts, firewalls, VPNs, and secure communication protocols.
- Experience with container security (e.g., Docker, Kubernetes) and CI/CD pipeline security.
- Familiarity with compliance frameworks such as NIST, ISO 27001, SOC 2, and GDPR.
- Hands-on experience with SIEM, EDR, and vulnerability management platforms.
- Strong analytical and problem-solving skills with attention to detail.
- Excellent communication skills with the ability to influence and educate stakeholders at all levels.
- Relevant certifications such as CISSP, CISM, CCSP, AWS Certified Security – Specialty, or Azure Security Engineer Associate are highly desirable.
- Competitive compensation (salary, equity and bonuses) and comprehensive benefits designed to foster work-life balance, care for your health, protect your finances and help you save and invest for the future.
- Generous paid time away from work, including flexible time off, holidays and sick time, health and wellness initiatives, and a charitable match program to help you give back to your community.
- Great perks, which vary by location and can be site-specific: employee discounts, transportation reimbursements, subsidized cafes and fitness facilities.
- A flexible, hybrid work environment combining the best of in-office collaboration and community-building along with the benefits of working from home.