SAVP-Cyber-Cloud and Application Security at exl Service.com (India) Private Limited

Major Deliverables:

• Define and execute the security strategy for application and cloud environments, aligned to business priorities, delivery timelines, and compliance requirements
• Lead by example with a strong hands-on presence in technology, tooling, program execution
• Proactively identify, assess, and track vulnerabilities, control gaps, and architectural risks across products and cloud platforms
• Prioritize remediation efforts based on risk, business impact, and threat intelligence—partnering with engineering teams to drive resolution
• Provide real-time advisory to development teams during design, build, and release stages
• Scale security guardrails and developer-friendly tooling across hybrid and cloud-native environments (AWS, containers, IaC, etc.)
• Champion threat modeling, secure coding practices, and resilience-by-design at the feature level
• Define and govern secure reference architectures and patterns for cloud adoption, microservices, and serverless environments
• Collaborate with the Enterprise Architecture team and serve as a core member of the Security Architecture Review Board (SARB)
• Deploy and optimize a modern security tooling stack including SAST, DAST, SCA, IaC scanning, CSPM, secrets detection, and runtime protection
• Act as a key collaborator across product, engineering, infrastructure, and DevOps teams—reducing security friction and aligning controls with workflows
• Build trust through enablement, education, and repeatable guidance frameworks
• Lead, mentor, and grow a high-performing team of AppSec and CloudSec professionals
• Foster a culture of innovation, ownership, and technical excellence within the team
• Define and report on KPIs/KRIs tied to application and cloud security posture, remediation progress, and control maturity
• Support compliance, audit, and customer security assurance initiatives

Bonus Points If You Have

• Experience building or advising on AI/ML privacy practices, including model governance, training data management, or privacy risk mitigation in LLM pipelines.
• Prior experience working in high-sensitivity or regulated industries, such as security, healthcare, or fintech.
• Contributions to open source, policy working groups, or public thought leadership on privacy engineering.

Minimum Requirements:

• 10+ years in cybersecurity with a focus on application and/or cloud security
• 5+ years of team leadership, with proven experience building and scaling security engineering functions
• Execution experience and capability in a fast-paced environment
• Demonstrated ability to balance strategic direction with hands-on technical execution
• Strong expertise in secure SDLC, threat modeling, DevSecOps, and cloud-native architectures
• Experience in securing modern technology stacks including Java, Python, microservices, container orchestration, and public cloud (preferably AWS)
• Familiarity with key tooling: SAST, DAST, SCA, IaC scanning, secrets detection, CSPM, WAF, and API security platforms
• Proficiency in cloud infrastructure security (IAM, networking, data protection, KMS, etc.)
• Bachelor’s degree in computer science, Cybersecurity, or a related technical field; advanced degree or certifications (e.g., CISSP, CSSLP, CCSP, AWS Security Specialty) preferred
• Research and evaluate emerging privacy technologies from academia and industry, contributing to open-source tools and AI privacy standards
• Act as consultant and advocate for privacy best practices as central to our mission of Responsible AI 

Preferred Qualifications:

• Strong communicator with the ability to positively influence engineers, developers, architects, and business leaders alike
• Thoughtful, pragmatic, and able to execute in a high-velocity, agile environment
• Deeply collaborative and experienced at embedding security into developer culture
• Track record of reducing risk without slowing down innovation
• Being articulate and precise to the internal stakeholders who are seeking counsel on what are the risks, why are they impactful, and options on how to resolve them
• Broad knowledge across the Security domain, as well as demonstrated focus in AI security evaluations and in one (or more) areas of Cybersecurity such as Red Teaming, Purple Teaming, Vulnerability Research, and Exploitation
• Master's degree (or foreign degree equivalent) in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or related field