Public Cloud Security Expert

Overview Title: Public Cloud Security Expert Location: [Remote / Onsite – Indore/Bangalore ] Team: Security Assurance Department Level: Mid-Senior / Senior Role Summary We are seeking a highly skilled Public Cloud Security Expert to lead the design, implementation, and continuous enhancement of security controls across our multi-cloud environments (AWS, Azure, GCP). This role is ideal for a hands-on cloud security lead who can influence architecture, enforce guardrails and ensure regulatory and risk compliance. Key Responsibilities: • Design and enforce security architectures for cloud-native and hybrid workloads. • Conduct threat modelling, risk assessments & CIS Benchmarking for cloud-native applications and infrastructure • Implement SIEM, CSPM, CWPP, CNAPP, and Zero Trust frameworks across environments. • Continuously assess and remediate misconfigurations, overly permissive IAM roles, and vulnerabilities. • Develop and enforce security policies for identity management, encryption, data protection, and logging • Drive security automation via IaC (Terraform, CloudFormation), and policy-as-code (OPA, Sentinel). • Define and manage controls for data encryption, tokenization, key management (KMS/HSM). • Collaborate with AppSec, DevOps, and GRC to maintain security and compliance (e.g., SOC 2, ISO 27001, PCI-DSS). • Respond to and investigate cloud-related incidents and participate in forensic analysis. • Evaluate and integrate third-party security tools (e.g., Prisma Cloud, Wiz, Orca, Lacework, Aqua). • Create detailed documentation and contribute to cloud security runbooks and playbooks. Required Skills & Experience: • 5+(3-4) years in cybersecurity, with 3+ in cloud-native security. • Deep understanding of AWS, Azure, or Google Cloud services and their shared responsibility models. • Proficiency in: • IAM, VPCs, WAFs, EDR/XDR, CSP logs (CloudTrail, GCP Audit Logs) • CI/CD security, DevSecOps, container security (Docker/Kubernetes, EKS/AKS/GKE) • Serverless security and workload isolation Preferred Certifications: • AWS Certified Security – Specialty • Google Professional Cloud Security Engineer • Azure Security Engineer Associate • HashiCorp Certified: Terraform Associate • GIAC Cloud Security Essentials (GCLD) Frameworks & Tools Familiarity: • NIST CSF / 800-53, MITRE ATT&CK for Cloud, CIS Benchmarks, ISO 27017 • Security tooling: ORCA, Prisma Cloud, Cloud Custodian, Checkov, Open Policy Agent (OPA), KICS, ScoutSuite • SIEM/Monitoring: Splunk, ELK, Cloud-native monitoring (AWS Security Hub, GCP SCC) Education Qualification & Soft Skills: • Graduate or Master Degree from IT related fields like Cyber Security , BSc IT, Computer Science, Cloud Computing, etc is preferred. • Clear communicator with executive reporting capabilities. • Able to balance pragmatic business decisions with security enforcement. Self-driven, collaborative with strong documentation and mentorship skills. Pen (Penetration) testing , VAPT, Vulnerability assessment, ORCA any one Responsibilities • Design and enforce security architectures for cloud-native and hybrid workloads. • Conduct threat modelling, risk assessments & CIS Benchmarking for cloud-native applications and infrastructure • Implement SIEM, CSPM, CWPP, CNAPP, and Zero Trust frameworks across environments. • Continuously assess and remediate misconfigurations, overly permissive IAM roles, and vulnerabilities. • Develop and enforce security policies for identity management, encryption, data protection, and logging • Drive security automation via IaC (Terraform, CloudFormation), and policy-as-code (OPA, Sentinel). • Define and manage controls for data encryption, tokenization, key management (KMS/HSM). • Collaborate with AppSec, DevOps, and GRC to maintain security and compliance (e.g., SOC 2, ISO 27001, PCI-DSS). • Respond to and investigate cloud-related incidents and participate in forensic analysis. • Evaluate and integrate third-party security tools (e.g., Prisma Cloud, Wiz, Orca, Lacework, Aqua). • Create detailed documentation and contribute to cloud security runbooks and playbooks. Requirements • 5+(3-4) years in cybersecurity, with 3+ in cloud-native security. • Deep understanding of AWS, Azure, or Google Cloud services and their shared responsibility models. • Proficiency in: • IAM, VPCs, WAFs, EDR/XDR, CSP logs (CloudTrail, GCP Audit Logs) • CI/CD security, DevSecOps, container security (Docker/Kubernetes, EKS/AKS/GKE) • Serverless security and workload isolation Preferred Certifications: • AWS Certified Security – Specialty • Google Professional Cloud Security Engineer • Azure Security Engineer Associate • HashiCorp Certified: Terraform Associate • GIAC Cloud Security Essentials (GCLD) Frameworks & Tools Familiarity: • NIST CSF / 800-53, MITRE ATT&CK for Cloud, CIS Benchmarks, ISO 27017 • Security tooling: ORCA, Prisma Cloud, Cloud Custodian, Checkov, Open Policy Agent (OPA), KICS, ScoutSuite • SIEM/Monitoring: Splunk, ELK, Cloud-native monitoring (AWS Security Hub, GCP SCC) Education Qualification & Soft Skills: • Graduate or Master Degree from IT related fields like Cyber Security , BSc IT, Computer Science, Cloud Computing, etc is preferred. • Clear communicator with executive reporting capabilities. • Able to balance pragmatic business decisions with security enforcement. Self-driven, collaborative with strong documentation and mentorship skills. Pen (Penetration) testing , VAPT, Vulnerability assessment, ORCA any one