Platzhalter Bild

Cloud Security Technical Team Lead at Thinkahead

Thinkahead · Gurugram, India · Remote

AWS

DevOps Automation Tools

AWS CodePipeline

Cloud

Cloud Security

Apply Now
We are seeking an experienced Cloud Security Technical Team Lead to design, implement, and manage enterprise-grade security solutions across our clients Azure/AWS/GCP cloud environments. The ideal candidate will bring deep expertise in Cloud security domains, strong leadership skills, and hands-on experience in safeguarding cloud infrastructure, applications, and data. This role requires both strategic vision and technical execution to ensure our cloud ecosystems remain secure, compliant, and resilient.


Roles and Responsibilities
  • Lead the design, implementation, and management of security solutions across multiple cloud environments.
  • Define and enforce security policies, standards, and best practices aligned with organizational goals and compliance requirements.
  • Partner with IT, Cloud, and Security teams to assess risks, recommend mitigations, and ensure security controls are consistently applied.
  • Oversee threat modeling, risk assessments, and vulnerability management in cloud workloads.
  • Monitor, analyze, and respond to security incidents in collaboration with the SOC team.
  • Drive governance initiatives around identity, access, and privileged account management.
  • Conduct regular audits of security configurations and ensure compliance with regulatory frameworks (e.g., ISO 27001, SOC2, GDPR, HIPAA).
  • Provide technical leadership and mentorship to the cloud security team.
  • Organizes and delegates workload for the team - Assigns resources to clients and Manages Utilization of the cloud security team.
  • Stay updated on evolving cloud security technologies, tools, threats, and industry trends.
  • “Point of Contact” for urgent and critical customer technical escalations


    • Core Cloud Security Domains
  • Identity & Access Management (IAM)
  • Azure: Azure Active Directory (Azure AD), Conditional Access, Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), Privileged Identity Management (PIM).
  • AWS: AWS IAM Identity Center (formerly AWS SSO), IAM Roles & Policies, Attribute-Based Access Control (ABAC), MFA, AWS Organizations for centralized access control, and AWS IAM Access Analyzer for policy validation.
  • Network Security
  • Azure: Azure Firewall, Network Security Groups (NSG), Application Security Groups (ASG), Azure DDoS Protection, Web Application Firewall (WAF), Private Link, Service Endpoints.
  • AWS: AWS Network Firewall, Security Groups, Network ACLs, AWS Shield (Standard & Advanced), AWS WAF, AWS PrivateLink, VPC Endpoints.
  • Data Protection & Encryption
  •  Azure: Azure Key Vault, Azure Disk Encryption, Transparent Data Encryption (TDE), encryption in transit and at rest, Azure Confidential Computing.
  • AWS: AWS Key Management Service (KMS), AWS CloudHSM, EBS Encryption, S3 Server-Side Encryption (SSE), AWS Nitro Enclaves for confidential computing, TLS for encryption in transit.
  • Application Security
  • Azure: Secure DevOps with Azure DevOps & GitHub Actions, API Management security, Web App security baselines, Azure Application Gateway with WAF.
  • AWS: AWS CodePipeline/CodeBuild for DevSecOps, AWS API Gateway with throttling and authorization, AWS WAF integrated with CloudFront or ALB, AWS AppConfig for safe deployments.
  • Threat Protection & Monitoring
  • Azure: Microsoft Defender for Cloud, Defender for Endpoint, Defender for Identity, Azure Sentinel (SIEM), Log Analytics.
  • AWS: Amazon GuardDuty, AWS Security Hub, AWS Inspector, AWS CloudTrail, Amazon Detective, AWS Config, and Amazon OpenSearch for SIEM-like capabilities.
  • Compliance & Governance
  • Azure: Azure Policy, Azure Blueprints, Microsoft Purview Compliance Manager, Security Center recommendations.
  • AWS: AWS Config, AWS Organizations SCPs, AWS Audit Manager, AWS Artifact for compliance reports, AWS Control Tower for governance at scale.
  • Vulnerability & Patch Management
  • Azure: Microsoft Endpoint Manager (Intune), Azure Update Management, Defender for Endpoint vulnerability assessments.
  • AWS: AWS Systems Manager Patch Manager, AWS Inspector for vulnerability scanning, AWS Systems Manager State Manager for configuration compliance.
  • Incident Response & Recovery
  • Azure: Integration with SOC workflows, Azure Automation runbooks, Azure Backup, Azure Site Recovery.
  • AWS: AWS Systems Manager Automation for runbooks, AWS Backup, AWS Elastic Disaster Recovery (DRS), integration with third-party SIEM/SOAR tools.


    • Qualifications
  • 8+ years of IT security experience, with 5+ years in cloud security.
  • Proven expertise in cloud security architecture and operations.
  • Strong knowledge of cloud-native security services and third-party integrations.
  • Hands-on experience with cloud security such as Azure Sentinel, GuardDuty, Microsoft Defender suite.
  • Familiarity with security standards and frameworks (e.g., NIST, CIS, HIPPA, FedRAMP).
  • Strong leadership and communication skills to influence stakeholders and lead a team of cloud security engineers.
  • Relevant certifications preferred, such as: AZ-500 (Azure Security Engineer), SC-100 (Cybersecurity Architect Expert), CISSP, CISM, CCSP-Value Added, AWS Certified Security Specialty.
    • Apply Now

    Other home office and work from home jobs

    Firmenlogo

    UN Women National Consultant for Coordination of PRAWAH, Bhopal, Madhya Pradesh, India (Re-Advertisement)

    United Nations Development Programme · Bhopal,

    Firmenlogo

    Senior Software Development Engineer in Test- C# .NET SPECFLOW

    Ivanti · Bengaluru,

    Firmenlogo

    Business Development Representative

    Glean · Bangalore,