AWS Cloud Security Engineer

Job Description

Mandatory Skills: AWS Associate Certification Cloud Custodian Vulnerability & Patching expertise (Linux preferred) Azure/ Tenable experience Git

Rates including mark up - 250K/M

Location - PAN india . Preffered(Pune Hyderabad Bangalore Noida)

Shift - 2 PM - 11 PM

Exp - 8 years

Required Qualifications o6 years experience in cloud operations cloud security or governance/compliance engineering.

o Hands-on experience managing multi-account cloud environments (account lifecycle policy/guardrails centralized logging/monitoring).

o Practical experience with policy-as-code and operating enforcement tooling (e.g. Cloud Custodian) in production.

o Experience administering vulnerability management tooling and workflows (e.g. Tenable) including remediation coordination and SLA tracking.

o Scripting/automation proficiency (e.g. Python Bash PowerShell) and familiarity with IaC concepts (Terraform/CloudFormation-like).

o Strong operational discipline: documentation change management troubleshooting and stakeholder communication.

Preferred Qualifications o Experience with identity and access governance patterns (RBAC/least privilege role design access reviews). o Experience integrating security/compliance controls into CI/CD pipelines. o Familiarity with common compliance frameworks (SOC 2 ISO 27001 etc). o Cloud certifications (AWS/Azure/GCP security-focused certs) are a plus. Core Competencies o Governance & guardrails at scale o Policy operations and exception management o Vulnerability management and remediation orchestration o Automation-first mindset o Audit-ready documentation and evidence handling Working Model / On-Call (Customize as Needed) o May participate in an on-call rotation for cloud operations and security/compliance escalations. o Works cross-functionally with Security IT and Application/Product Engineering teams. Patching & Vulnerability Management: Across Linux and Windows including patch package creation with Azure/ Tenable as the primary tool. Cloud Migration: Experience in tenant-to-tenant migrations. Cloud Compliance: Governance using SCPs and Cloud Custodian (mandatory). Cost Optimization: Focus on cloud cost efficiency.

Cloud Compliance & Operations Engineer (Mid-Level) Summary The Cloud Operations & Compliance Engineer is responsible for day-to-day cloud operational support and continuous compliance across a multi-account cloud environment. This role owns cloud account provisioning OU (Organizational Unit) management Cloud Custodian policy operations and Tenable vulnerability management partnering with Security Platform Engineering and application teams to keep cloud environments secure compliant and scalable.

Key Responsibilities Cloud Account Provisioning & Lifecycle o Provision configure and decommission cloud accounts/subscriptions/projects using approved enterprise standards (naming tagging guardrails baseline monitoring logging). o Implement and maintain day-1 and day-2 readiness controls: access encryption defaults audit logging centralized security services and required integrations. o Maintain account inventory ownership metadata and operational runbooks; ensure accounts meet onboarding requirements before go-live.

OU / Organization Management (Governance at Scale) o Design maintain and optimize OU structures aligned to business units environments (prod/non-prod) and compliance boundaries. o Manage and validate guardrails and inheritance models (policies baseline controls SCP-like restrictions where applicable service enablement). o Coordinate OU moves and account restructuring with minimal disruption; assess blast radius and validate policy impacts.

Cloud Custodian Management (Policy-as-Code Operations) o Develop deploy and maintain Cloud Custodian policies to enforce governance (tagging encryption public exposure controls identity hygiene cost controls). o Operate Cloud Custodian execution pipelines/schedules; manage policy testing approvals exceptions and rollbacks. o Investigate policy findings tune rules to reduce false positives and document decisioning for auditability. o Produce compliance evidence and metrics (policy coverage remediation rates exception aging).

Tenable Management (Vulnerability & Exposure Management) o Administer Tenable integrations for cloud vulnerability visibility (asset discovery credentialing where approved scan scheduling agent coverage where applicable). o Triage vulnerability findings validate exploitability/asset criticality and coordinate remediation with service owners. o Track SLAs risk acceptance/exception workflows and recurring reporting for leadership and auditors. o Improve coverage and data quality (asset tagging alignment deduplication ownership mapping).

Compliance Operations & Audit Support o Support compliance programs by maintaining control evidence (logging monitoring vulnerability management configuration baselines). o Participate in internal and external audits: gather artifacts explain technical controls and implement corrective actions. o Maintain documentation for cloud standards baselines and operational procedures. Operations Incident Support and Continuous Improvement o Respond to cloud security/compliance incidents and operational issues; perform root cause analysis and drive corrective/preventative actions. o Automate repetitive tasks using scripting and infrastructure-as-code where possible; improve reliability and reduce manual toil. o Collaborate with engineering teams to integrate compliance controls into CI/CD and platform patterns.

Mandatory Skills: AWS Cloud Operations .

Required Skills:

AWSAWS cloud operations