Bestkaam Logo
Back to Jobs
Inception42

Cyber Security Engineer

Actively Reviewing

Inception42

India Full-Time 4–8 yrs exp Posted 8 hours ago  · Apply by Sep 14, 2026

Inception, a G42 company, is the region’s leading innovator of AI-powered domain-specific as well as industry-agnostic products, built on a rich heritage of research and development. Within the G42 ecosystem, Inception functions as the core intelligence layer – transforming data and compute infrastructure into real-world, applied AI solutions. Beyond its commercial endeavors, Inception is committed to creating positive societal impact. For more information, please visit www.inceptionai.ai


Role Overview


The Cybersecurity Engineer is responsible for proactive threat detection, security operations, and the technical enforcement of Inception AI's cybersecurity controls across its Azure-native environment. Whereas the Security Engineer — InfoSec focuses on compliance and DevSecOps integration, this role has a stronger orientation toward offensive security awareness, threat hunting, SOC operations, and technical security assurance. Operating in an AI product company, this engineer must also contend with emerging threat vectors specific to LLM deployments, AI APIs, and GPU workloads — including adversarial attacks, model exfiltration, and AI supply chain risks.


This role is a full-time position based in India (remote).


Key responsibilities

  • Operate Microsoft Sentinel as the primary SIEM: build detection rules, KQL analytics queries, and automated playbooks (Logic Apps / Sentinel SOAR).
  • Lead threat hunting activities — proactively search for indicators of compromise across Azure resources, AKS workloads, and AI endpoints.
  • Manage the full security incident lifecycle: detection, triage, containment, eradication, recovery, and postmortem.
  • Conduct internal vulnerability assessments and coordinate penetration testing engagements — reviewing findings and driving remediation.
  • Assess the attack surface of AI/LLM deployments: prompt injection, model inversion, membership inference, and API abuse patterns.
  • Configure and tune Microsoft Defender suite: Defender for Cloud, Defender for Containers, Defender for Endpoint, and Defender for Identity.
  • Manage threat intelligence feeds and integrates IoCs into Sentinel and Defender policies.
  • Enforce and audit zero-trust controls: conditional access, PIM, network segmentation, and privileged access workstations.
  • Perform security assurance reviews on infrastructure changes — IaC, container deployments, network changes, and new service integrations.
  • Support red team / purple team exercises, producing findings reports and remediation plans.
  • Contribute to the development of the security operations runbook, incident playbooks, and detection engineering backlog.


Qualifications

Security Operations & SIEM

  • Microsoft Sentinel: workspace configuration, analytics rules, incident management, SOAR playbooks
  • KQL (Kusto Query Language): advanced threat hunting queries across Log Analytics workspaces
  • Azure Monitor: diagnostic settings, log routing, and alert rules
  • MITRE ATT&CK framework: mapping detections to TTPs and identifying coverage gaps


Threat Detection & Response

  • Incident response procedures: triage, containment, forensic evidence preservation, and recovery
  • Malware analysis fundamentals and indicator of compromise (IoC) extraction
  • Threat intelligence platforms and feed integration (e.g. MISP, Microsoft Threat Intelligence)
  • Security automation: Logic Apps, Azure Functions, or Python-based SOAR playbooks


Azure Security Controls

  • Microsoft Defender for Cloud: CSPM posture management, regulatory compliance dashboards, Defender plans
  • Defender for Containers: image scanning, runtime threat detection, and AKS integration
  • Entra ID Protection: risk policies, sign-in risk, and identity threat detection
  • Azure Key Vault: access auditing, soft-delete enforcement, and certificate expiry monitoring


Offensive Security Awareness

  • Familiarity with penetration testing methodologies (OWASP, PTES, NIST)
  • Web application security: OWASP Top 10, API security testing, and WAF bypass awareness
  • Container and Kubernetes security testing: CIS Kubernetes benchmark, kube-bench
  • Cloud security posture assessment: cloud misconfiguration risks and common attack paths


AI & LLM Security

  • Understanding of LLM-specific threats: prompt injection, jailbreaks, indirect injection via RAG, data poisoning
  • API gateway security for AI endpoints: authentication, rate limiting, input validation
  • Awareness of model supply chain risks: third-party model provenance, fine-tuning data integrity


Good to Have

  • Active security certifications: SC-200 (Microsoft Security Operations Analyst), CEH, OSCP, or CISSP
  • Experience with AI Red Teaming or LLM adversarial testing tools
  • Familiarity with OWASP LLM Top 10 and emerging AI security frameworks
  • Exposure to data loss prevention (DLP) controls in a SaaS multi-tenant context
  • Experience operating in ISO 27001 or SOC 2 audited environments
  • Cloudflare Security features: Bot Management, Rate Limiting, and WAF custom rules


The successful candidate will be engaged via an external workforce partner in line with Inception’s operating model in the region.