Senior Security Consultant

Key Responsibilities:

• DevSecOps & Security Automation:Integrate security best practices into CI/CD pipelines using tools like Azure DevOps, GitHub Actions, and Jenkins
• Automate security scanning for SAST, DAST, and SCA (e
• , SonarQube, Checkmarx, Veracode)
• Implement Infrastructure as Code (IaC) security for Azure using Terraform, Ansible, and ARM templates
• Develop and maintain automated security testing frameworks for applications and cloud workloads
• Governance, Risk & Compliance (GRC):Ensure compliance with industry security standards (NIST, ISO 27001, CIS, SOC 2, GDPR, HIPAA)
• Develop and implement security policies, frameworks, and risk assessment strategies
• Conduct security audits and vulnerability assessments to identify compliance gaps
• Provide security guidance for third-party risk management and vendor security reviews
• Cloud Security (Azure & Hybrid Environments):Secure Azure workloads, including Azure Security Center, Defender for Cloud, and Sentinel SIEM
• Implement Zero Trust security models for cloud-native applications and microservices
• Enforce IAM, RBAC, and Conditional Access Policies in Azure
• Monitor and mitigate cloud security threats, ensuring continuous compliance
• Application Security:Secure web and API applications using OWASP best practices
• Implement API security measures (OAuth, JWT, WAF, mTLS)
• Perform threat modeling and secure code reviews
• Collaborate with development teams to embed Shift Left security principles
• Incident Response & Threat Management:Develop and implement Incident Response Plans (IRP) and Security Playbooks
• Investigate security breaches and coordinate forensic analysis
• Utilize SIEM, SOAR, and XDR tools for threat detection and response
• Educate DevOps and Engineering teams on secure coding practices

Required Skills & Experience:

• 8+ years of experience in DevSecOps, Cloud Security, and Application Security
• Strong expertise in Azure Security Services (Defender, Sentinel, Key Vault, RBAC)
• Hands-on experience with DevSecOps pipelines (Azure DevOps, GitHub, Jenkins)
• Experience with security automation tools (Terraform, Ansible, Python, PowerShell)
• Deep knowledge of Application Security (SAST, DAST, SCA, OWASP, API Security)
• Strong understanding of GRC frameworks (NIST, ISO 27001, CIS Benchmarks)
• Experience with Container Security (Docker, Kubernetes, Istio)

Preferred Qualifications (Nice to Have):

• Certifications: CISSP, CCSP, CEH, AZ-500, CRISC, OSCP
• Experience with SIEM & SOAR platforms (Splunk, Azure Sentinel, QRadar)
• Familiarity with Blockchain Security & Zero Trust architectures
• Knowledge of AI/ML-based security automation