4.0 - 9.0 years

6 - 11 Lacs

Bengaluru

Work from Office

Job Summary: We are seeking a passionate and experienced Security & Compliance Engineer to join our team. This role is pivotal in ensuring our cloud services meet the highest standards of security and compliance. You will work cross-functionally with engineering teams, project managers, and compliance stakeholders to identify, implement, and monitor security controls and processes. Your work will directly contribute to the protection of our infrastructure, data, and services. The service you will be joining is Key Protect, IBM’s key management system https://www.ibm.com/products/key-protect. Key Responsibilities: Support security and compliance initiatives across Key Protect & Security Services. Collaborate with development and operations teams to mitigate security risks. Implement, and monitor security controls and compliance processes. Contribute to risk assessments, gap analyses, and remediation planning. Support internal and external audits by providing evidence and documentation. Support adherence to regulatory standards such as FedRAMP, HIPAA, GDPR, SOC 2, PCI, ISO27K, NIST, ISMAP, ENS, HITRUST, etc. Drive improvements in patch management, vulnerability management, and access control. Maintain accurate asset inventories and ensure configuration management best practices. Monitor logs and systems for anomalies and respond to incidents. Participate in penetration testing and threat modeling exercises. Communicate security requirements and findings to technical and non-technical stakeholders. Ideal Candidate Traits: Growth mindset and eagerness to learn. Strong problem-solving and critical thinking abilities. Self-starter, ability to work independently. Ability to translate complex security concepts into actionable guidance. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Experience: 4+ years in security engineering, compliance, DevOps or related roles. Experience with cloud technologies and infrastructure. Hands-on experience with compliance frameworks (e.g., FedRAMP, HIPAA, GDPR, SOC 2, PCI, ISO, NIST). Knowledge of end-to-end Security and Compliance activities such as Threat Models, Security Privacy by Design. Knowledge of Security scanning tools such as Nessus scanner, SonarQube, NMap. Knowledge of Security concepts (includes understanding of identity mgmt./authentication, authorization, firewall, auditing, secure communication, managing certificates, password management) Understanding of cryptographic key management and its lifecycle. Strong understanding of access management, data protection, and secure system configuration. Experience on Kubernetes/ OpenShift deployments, Container Tools such as Docker, Podman, Rancher Excellent communication and documentation skills. Ability to work independently and collaboratively across teams. Preferred technical and professional experience Experience with tools such as GitHub and ServiceNow. Experience with microservice architectures and Restful API development Familiarity using Container Security tools such as Prisma Cloud & AquaSec Experience in DevSecOps pipelines - Jenkins, Tekton Toolchains Scripting and automation skills (Python, Bash, Terraform, etc.)

Posted 2 days ago

Apply

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.