Senior Information Security Engineer

• Design, implement, and operate cloud-native security controls across AWS, Azure, GCP, and Oracle.
• Strengthen IAM, network security, and cloud posture using services like GuardDuty, Azure Security Center and others.
• Partner with platform teams to secure VPCs, security groups, and cloud access patterns.

• Embed security into the SDLC through threat modeling, secure code reviews, and security-by-design practices.
• Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
• Secure infrastructure-as-code and containerized workloads using Terraform, CloudFormation, ARM, Docker, and Kubernetes.

• Monitor security alerts and investigate potential threats across cloud and application layers.
• Lead or support incident response efforts, root-cause analysis, and corrective actions.
• Plan and execute

  VAPT and penetration testing

  engagements (internal and external), track remediation, and validate fixes.
• Conduct

  red teaming activities and tabletop exercises

  to test detection, response readiness, and cross-team coordination.
• Continuously improve detection, response, and testing maturity.

• Manage and optimize security tooling including firewalls, SIEM, EDR, DLP, IDS/IPS, CSPM, and vulnerability management platforms.
• Ensure tools are we'll-integrated, actionable, and aligned with operational needs.

• Support compliance with industry standards and frameworks such as SOC2, HIPAA, ISO 27001, NIST, CIS, and GDPR.
• Promote secure engineering practices through training, documentation, and ongoing awareness programs.
• Act as a trusted security advisor to engineering and product teams.

• Stay ahead of emerging threats, cloud vulnerabilities, and evolving security best practices.
• Continuously raise the bar on Xoxoday s security posture through automation and process improvement.

• Provide guidance on endpoint security tooling such as SentinelOne and Microsoft Defender when required.

• Strong hands-on experience in

  cloud security across AWS and Azure

  .
• Practical exposure to CSPM tools (eg, Prisma Cloud, Wiz, Orca) and SIEM / IDS / IPS platforms.
• Experience securing containerized and Kubernetes-based environments.
• Familiarity with CI/CD security integrations (eg, Snyk, GitHub Advanced Security, or similar).
• Solid understanding of network security, encryption, identity, and access management.
• Experience with application security testing tools (SAST, DAST, SCA).
• Working knowledge of security frameworks and standards such as ISO 27001, NIST, and CIS.
• Strong analytical, troubleshooting, and problem-solving skills.

• Experience with DevSecOps automation and security-as-code practices.
• Exposure to threat intelligence and cloud security monitoring solutions.
• Familiarity with incident response frameworks and forensic analysis.
• Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+.

• High ownership and a security-first mindset.
• Clear communicator who can translate risk into practical guidance.
• Comfortable working in fast-paced, evolving environments.
• Curious, proactive, and committed to continuous learning.

Why This Role Matters

• Work with modern, cloud-native security technologies at scale.
• Collaborate closely with strong engineering and platform teams.
• Flexible work policies, comprehensive health benefits, and modern tooling.
• Clear growth path toward

  Security Architect

  or

  Security Engineering Lead

  roles.