Security Operations (SecOps) Engineer

About Josys

Job Summary

Key Responsibilities

1. Cloud Security Monitoring & Compliance

• Configure and optimize

  AWS-native security tools

  like Security Hub, GuardDuty, Config, CloudTrail for real-time detection and compliance.
• Drive

  Cloud Gap Assessments

  and

  security posture reviews

  across multi-account AWS environments.
• Ensure alignment with standards like

  CIS, ISO 27001, SOC 2

  , and regulatory requirements including

  GDPR and data residency controls

  .

2. Incident Response & Remediation

• Lead investigation and remediation efforts in partnership with

  L1 support and SRE teams

  .
• Perform

  root cause analysis

  , implement fixes, and establish preventive controls.
• Build runbooks, define escalation processes, and improve

  incident response automation

  .

3. Secure DevOps & CI/CD Integration

• Integrate

  automated security tools

  in CI/CD for both infrastructure and applications (e.g., SAST, DAST, IaC scanning).
• Implement

  IaC policy enforcement

  using tools such as

  tfsec, Checkov, or OPA

  .
• Embed security gates and practices early in the software development lifecycle.

4. Penetration Testing & Vulnerability Management

• Conduct or coordinate

  regular penetration testing

  using tools like

  Burp Suite, OWASP ZAP

  , or via third-party assessors.
• Manage end-to-end

  vulnerability lifecycle

  , from discovery through remediation.
• Translate findings into developer-friendly guidance and track fixes to closure.

5. Continuous Improvement & Security Awareness

• Stay current with

  cloud security trends, vulnerabilities, and threats

  .
• Drive

  security awareness training

  and contribute to improving engineering security hygiene.
• Influence architectural decisions by embedding security principles into project planning.

Required Qualifications

• 5 8 years

  of experience in

  cloud security, application security, or security operations

  roles.
• Deep knowledge of

  AWS security architecture, IAM, networking, and encryption practices

  .

• Hands-on experience with security testing tools

  like

  Burp Suite, OWASP ZAP

  , Nmap, and cloud-native monitoring tools.
• Strong grasp of

  compliance frameworks

  including

  GDPR, SOC 2, ISO 27001

  , and

  data residency considerations

  .
• Solid scripting or automation skills (e.g., Python, Bash, Terraform).

• Must hold at least one

  relevant certification:

  • AWS Certified Security Specialty

  • CISSP (Certified Information Systems Security Professional)

  • CCSP (Certified Cloud Security Professional)

Nice to Have

• Experience with

  container security (e.g., EKS, Docker)

  and

  runtime protection tools

  .
• Familiarity with security operations platforms (e.g.,

  Splunk, ELK, or SIEM tools

  ).
• Experience working in

  fast-paced SaaS or DevOps-centric environments

  .

Why Join Us

• Work on a global SaaS platform at the cutting edge of IT automation and cloud security.
• Lead initiatives that shape how modern enterprises manage risk.
• Join a culture of ownership, innovation, and collaboration.
• Remote-friendly work culture with high-impact opportunities.