DevOps Security Engineer – Customer IAM (Location: Pune)

DevOps Security Engineer – Customer IAM

Location: Pune

Experience: 8+ Years

JD:

1. CIAM Deployment & Operations

• Build and operate highly available CIAM infrastructure and applications using IaC.
• Automate the deployment and configuration of identity services (e.g., Transmit Security, Azure AD B2C, Auth0, ForgeRock, etc.).
• Integrate reverse proxies, WAFs (e.g., F5, Azure Front Door), and API gateways for internet-facing identity endpoints.
• Deploy and manage secure CIAM workloads in Azure (App Services, Kubernetes, Azure Functions, Key Vault, App Gateway).

1. Security Engineering & Hardening

• Implement and enforce secure defaults for CIAM components (e.g., rate limiting, MFA enforcement, token protection).
• Automate secrets management and certificate rotation for CIAM services and dependencies.
• Integrate identity protection signals (risk-based access, fraud detection) with application workflows.
• Monitor infrastructure using native and bespoke tools and building custom dashboards for Engineering and Operations duties.

1. DevOps & CI/CD

• Harden CI/CD pipelines for CIAM service delivery, including shift-left security scanning.
• Create reusable deployment patterns and modules for secure multi-region or multi-tenant CIAM deployments.
• Support developers in securely integrating with OAuth2, OIDC, SAML, and federation patterns.

1. Collaboration & Incident Support

• Participate in security reviews for new customer-facing features or identity integrations.
• Act as an SME in CIAM-related incident response and postmortem analysis.
• Collaborate with product, development, and compliance teams to align on secure identity practices.

Required Qualifications

• 8+ years in DevOps, Cloud Engineering, or Platform Security roles, ideally with CIAM experience.
• Hands-on experience with public cloud deployments (Azure preferred) and CI/CD automation.
• Deep understanding of internet-facing app security: TLS, WAFs, reverse proxies, JWT/OAuth token handling.
• Strong experience with infrastructure as code and scripting (Python, PowerShell, Bash).
• Familiarity with modern identity standards (OAuth2, OIDC, SAML) and threat models.
• Experience managing authentication and authorization services at scale for external users.

Preferred Qualifications

• Experience with CIAM platforms like Transmit, ForgeRock, Auth0, Ping, or Azure AD B2C.
• Understanding of Zero Trust architectures.
• Familiarity with DDoS mitigation and secure web gateway integration.
• Exposure to cloud-native observability stacks and runtime security.

Azure and IT security certifications.