Senior Cloud Security Engineer

Cloud Security (Azure / AWS / GCP)

• Perform advanced Vulnerability Assessment and Penetration Testing (VAPT) of cloud-hosted infrastructure, web applications, APIs, containers, and serverless workloads.
• Conduct manual exploitation and attack path validation to uncover misconfigurations, privilege escalation opportunities, insecure network exposures, and lateral movement risks in cloud environments.
• Execute Dynamic Application Security Testing (DAST) and combine results with manual penetration testing to identify complex business-logic flaws and multi-step attack chains.
• Simulate real-world adversary techniques (e.g., privilege escalation, persistence, data exfiltration) in Azure, AWS, and GCP environments to validate resilience against cloud-native threats.
• Use and customize cloud-native security tools (Azure Defender, AWS GuardDuty, GCP SCC, Microsoft Defender for Cloud, AWS Config, Security Hub, Macie, Inspector) to support penetration testing and validate detection capabilities.
• Lead manual and automated reviews of cloud configurations for security and compliance against industry benchmarks (CIS, NIST, custom policies).
• Identify and remediate identity misconfigurations, over-permissioned roles, insecure network exposures, and unencrypted resources in cloud environments.
• Provide expert guidance on Azure and AWS security services: IAM, VPC/network security, KMS, logging/monitoring, and workload protection.
• Evaluate and manage CSPM/CWPP platforms (Prisma Cloud, Wiz, Orca, Lacework) for continuous posture management and runtime protection.
• Integrate or use IaC security scanning tools (tfsec, Checkov, kics, Terrascan) within CI/CD pipelines or pre-deployment reviews.
• Apply a sound understanding of cloud threat models and attack paths to design and implement relevant controls that mitigate risks.
• Map vulnerabilities to cloud-native controls and ensure findings are integrated into remediation and hardening activities.

Required Skills & Experience

• 4-10 years of experience in cybersecurity with at least 2+ years focused on cloud penetration testing (Azure, AWS, or GCP).
• Strong expertise in cloud attack surfaces: IAM exploitation, network pivoting, insecure storage, exposed APIs, and misconfigured serverless workloads.
• Strong understanding of cloud security architecture and shared responsibility models across Azure/AWS/GCP.
• Proficiency in manual exploitation techniques combined with automated scanning tools (DAST, SAST, CSPM/CWPP).
• Proficiency in using cloud-native security tools (Azure Policy, Defender for Cloud, AWS Config, GuardDuty, Security Hub, Macie, Inspector, GCP SCC).
• Working knowledge of CSPM/CWPP platforms (Prisma Cloud, Wiz, Orca, Lacework, etc.).
• Ability to plan and execute Vulnerability Assessments & Penetration Testing (VAPT) of cloud-hosted infrastructure, web apps, APIs, and serverless workloads.
• Familiarity with manual verification of vulnerabilities, including business-logic flaws and complex attack paths.
• Experience correlating vulnerabilities with cloud-native controls and producing actionable remediation guidance.
• Ability to develop and present detailed cloud security assessment reports, remediation plans, and compliance-aligned hardening guidance across Azure, AWS, and GCP.
• Strong communication skills to convey technical findings to technical and executive stakeholders.