Senior Product & Cloud Security Engineer​/Manager

Location: Bengaluru

About the Company

We are seeking a high-skilled, hands-on Senior Product and Cloud Security Specialist who will serve as a Subject Matter Expert within Morae’s Information Security Team. Product & Cloud Security Engineer/Manager will contribute to Morae success by developing, implementing, and maintaining technical safeguards and controls deployed in our hybrid multi-cloud environment.

About the Role

Senior Product & Cloud Security Engineer will engage with Security Operations, Information Technology and Product Development teams to develop secure products, maintain and improve further our cloud cyber security posture, security monitoring and response toolset, global security process and technology-oriented controls to implement a standardised, and optimised security approach. The role will be responsible for cloud security strategy, product & cloud security internal consulting, product security testing, and security incident response.

Responsibilities

Perform both (1) Business as usual and (2) Project activities related to cloud and product security process and toolset.
IAM/MFA/Identity/Zero-Trust/Conditional access/Security Key Management
Security Incident Management Process implementation & monitoring
Cloud Security Posture and Toolset Implementation and Management
Security Event & Incident Management technology implementation & monitoring
XDR/MDR/SIEM Implementation & monitoring
DLP/Data Classification/Information Protection
Email Filtering and Protection
External Threat Monitoring
Red/Blue Team Exercises & external Penetration testing support
Manages Security Project activities related to the implementation of the Security Operations Toolset
Provides input to security risk analysis, mitigation, and remediation plans.
Communicates information security incidents & response activities with IT & business.
Conducts application security reviews and recommends improvements
Lead the development of cloud security standards and procedures
Ensures appropriate and effective cloud security metrics and reporting.
ISO & SOC 2 Compliance-oriented technical control set operations.
Together with the wider Information Security & Technology leadership, implements and oversees technological upgrades, improvements, and major changes to the security environment.
Identifies and classifies security risks related to new implementations or existing infrastructure and application solutions, and provides guidance for remediation.
Recommends solutions for managing and improving current technology architecture vulnerabilities and weaknesses.
Conducts Research, monitoring and analysis of trends related to cybersecurity.
Act as Subject Matter Expert in client and organisational engagements with executive management.
Develop Client-Facing Security Operational Capabilities Management
Establishes the Security Operations process and drives prioritisation of security operations workload across the Information Security team and with dependent stakeholders.
Coach, Support, and Mentor 2 Associate-level Security Analysts reporting into the role.
Manages the security incident response program (policy, procedure, toolset, analysis, documentation, reporting).
Manages investigations of any actual or potential security violations, manages escalation of security events, prepare security incident reports.
Oversees management of security vendors, contracts, and related documentation
Provide Security Technical expertise at all levels in the organization including executive management and clients.

Qualifications

A degree or postgraduate degree in IT, software engineering, or equivalent.
8+ years of experience technical product/client security roles
Professional level technical security management certifications (GIAC, Microsoft AZ-500/ SC-100, AWS Security Specialist, SANS, Offensive Security)

Required Skills

Expertise in Cloud Security (Azure, AWS) - Microsoft Unified Security Hub (Defender/Sentinel Suite/Security Copilot), Power Shell/Bash Scripting, ARM/Biceps, KQL, Azure Networking/DNS, AWS Security Hub, Guard Duty, Microsoft Purview, Sentinel One, Arctic Wolf, Tenable/Nessus, Microsoft MCRA/MCSB, AWS Well-Architected Framework.
Expertise in Application/Product Security…