Security Operations (SecOps) Engineer

Job Description

Location: Bangalore Team: Security & Compliance Reports to: Engineering Manager ? Platform & Security About Josys Josys is on a mission to redefine enterprise IT operations through automation, visibility, and security. As we continue to scale globally, securing our cloud-native infrastructure and application ecosystem is more critical than ever. We are looking for a passionate Security Operations Engineer to join our security team and help strengthen our defenses and practices across the cloud. Job Summary As a Senior SecOps Engineer , you'll lead the design and implementation of security controls across cloud infrastructure, CI/CD pipelines, and application layers. You?ll act as a subject matter expert in both preventive and detective controls, vulnerability management, and compliance enforcement. We are looking for someone hands-on with a deep understanding of cloud and application security ? especially across AWS, data privacy, and regulatory frameworks . Key Responsibilities Cloud Security Monitoring & Compliance Configure and optimize AWS-native security tools like Security Hub, GuardDuty, Config, CloudTrail for real-time detection and compliance. Drive Cloud Gap Assessments and security posture reviews across multi-account AWS environments. Ensure alignment with standards like CIS, ISO 27001, SOC 2, and regulatory requirements including GDPR and data residency controls. Incident Response & Remediation Lead investigation and remediation efforts in partnership with L1 support and SRE teams. Perform root cause analysis, implement fixes, and establish preventive controls. Build runbooks, define escalation processes, and improve incident response automation. Secure DevOps & CI/CD Integration Integrate automated security tools in CI/CD for both infrastructure and applications (e.g., SAST, DAST, IaC scanning). Implement IaC policy enforcement using tools such as tfsec, Checkov, or OPA. Embed security gates and practices early in the software development lifecycle. Penetration Testing & Vulnerability Management Conduct or coordinate regular penetration testing using tools like Burp Suite, OWASP ZAP, or via third-party assessors. Manage end-to-end vulnerability lifecycle, from discovery through remediation. Translate findings into developer-friendly guidance and track fixes to closure. Continuous Improvement & Security Awareness Stay current with cloud security trends, vulnerabilities, and threats. Drive security awareness training and contribute to improving engineering security hygiene. Influence architectural decisions by embedding security principles into project planning. Required Qualifications 5?8 years of experience in cloud security, application security, or security operations roles. Deep knowledge of AWS security architecture, IAM, networking, and encryption practices. Hands-on experience with security testing tools like Burp Suite, OWASP ZAP, Nmap, and cloud-native monitoring tools. Strong grasp of compliance frameworks including GDPR, SOC 2, ISO 27001, and data residency considerations. Solid scripting or automation skills (e.g., Python, Bash, Terraform). Must hold at least one relevant certification: AWS Certified Security ? Specialty CISSP (Certified Information Systems Security Professional) CCSP (Certified Cloud Security Professional) Nice to Have Experience with container security (e.g., EKS, Docker) and runtime protection tools. Familiarity with security operations platforms (e.g., Splunk, ELK, or SIEM tools). Experience working in fast-paced SaaS or DevOps-centric environments. Why Join Us? Work on a global SaaS platform at the cutting edge of IT automation and cloud security. Lead initiatives that shape how modern enterprises manage risk. Join a culture of ownership, innovation, and collaboration. Remote-friendly work culture with high-impact opportunities.