BXB Digital, A Brambles Company
Website:
bxbdigital.com
Job details:
Position: Senior Cloud Security Engineer– Bengaluru (Hybrid)
Job Details
We are seeking a Senior Cloud Security Engineer with 6 to 8 years of experience to join our DevSecOps team. In this role, you will be responsible for architecting, implementing, and automating security controls across our cloud-native infrastructure. You will bridge the gap between infrastructure engineering and security, ensuring that our AWS environment—and our broader cloud-agnostic strategy—is resilient against evolving threats.
The ideal candidate has a deep technical background in Kubernetes (K8S), identity systems, and automation, and is prepared to secure next-generation technologies like Agentic AI and RAG-based systems. The person views security as an enabler rather than a gatekeeper, favouring automated policy-as-code over manual checklists.
Key Responsibilities
- Secure Container Orchestration: Hardened K8S/EKS cluster configurations, implementing network policies, admission controllers, and image signing.
- Infrastructure as Code (IaC): Integrate security linting and policy-as-code into CI/CD pipelines and Terraform templates.
- Identity & Access Governance: Lead the design of Identity Federation and Workload Identity to move toward a zero-trust architecture.
- Automated Security & Compliance: Build automated "guardrails" to detect and remediate configuration drift; manage cloud security posture through tools like Wiz.
- Cryptography & PKI: Manage the full lifecycle of TLS certificates, secrets, and encryption keys, ensuring no manual intervention is required for renewals.
- Incident Response: Serve as a technical lead during security incidents, performing root cause analysis and forensic investigations in containerized environments.
- Monitoring: Build and maintain security dashboards to monitor for drift, unauthorized access, and anomalous behaviour.
Technical Skills
- Cloud & Orchestration: AWS (IAM, VPC, EKS, KMS), Kubernetes, Docker.
- Identity & Access: Okta, OIDC/OAuth2, SAML, RBAC/ABAC, Identity Federation.
- Security Tooling: Wiz, SAST/DAST (Snyk, SonarQube), Secret Management.
- Network & Transit: Protocols (TCP/IP, HTTP/S, gRPC), mTLS, TLS 1.3, VPNs, WAF.
- Automation & DevOps: CI/CD pipelines, GitOps (ArgoCD), Python/Go, Terraform.
Functional & Domain Expertise
- Data Security: Implementation of encryption at rest and in transit using AES-256, RSA, and ECC.
- Endpoint & Perimeter: Securing the "Edge" through API Gateways and ensuring endpoint protection for cloud-based virtual machines and containers.
- AI Security Posture: Understanding of the OWASP Top 10 for LLMs, specifically regarding Prompt Injection, Data Poisoning in RAG pipelines, and Model Context Protocol (MCP) server security.
- Compliance Frameworks: Experience mapping technical controls to SOC2, ISO 27001, or NIST frameworks.
Experience Requirements
- 6–8 years in a dedicated Security Engineering role within a DevSecOps or Cloud Infrastructure team.
- Proven track record of managing security for production-grade Kubernetes environments.
- Strong understanding of Public PKI and private certificate authority (CA) management.
Preferred Qualifications
- Certifications: AWS Certified Security Specialty, Certified Kubernetes Security Specialist (CKS), or CISSP.
- Experience: 5+ years in a dedicated Security Engineering or DevOps role.
- Mindset: Strong understanding of the Software Development Life Cycle (SDLC) and the "Shift Left" security philosophy.
Why Join This Team?
You will not just be "checking boxes." You will be building a secure, automated path for developers to deploy code at scale. From securing Agent-to-Agent (A2A) communication to managing the secrets of 70+ microservices, your work will be at the cutting edge of cloud security.
Note to Candidates: We value a "Shift Left" mindset. If you prefer building automated security systems over writing manual reports, you will thrive here
Click on Apply to know more.