Skip to main content
Back to job search
E

Cloud Security Engineer

Ensono

Bengaluru, KarnatakaPosted Jun 26, 2026
Senior
full_time

Job Description

About the Role

DevSecOps Engineer

We are looking for a hands-on DevSecOps Engineer to own our end-to-end vulnerability management process and drive security across our cloud-native platform. This is a technical, ownership-heavy role sitting at the intersection of security engineering and platform engineering.

You will be responsible for identifying, triaging, remediating, and reporting on vulnerabilities across our application stack, container images, and cloud infrastructure. You will work closely with our Compliance Manager to ensure our security posture meets compliance requirements and that risk is understood, documented, and managed appropriately.

This is not a monitoring-only role. We expect you to roll up your sleeves, open pull requests, fix Dockerfiles, bump package versions, modify CI/CD pipelines, and own the fix through to deployment and verification.

), updating base images, fixing misconfigurations • Update and harden Dockerfiles — base image selection, multi-stage builds, non-root users, minimal attack surface • Work within our Git-based workflow — raise PRs, participate in code review, deploy and verify your own fixes end to end 1 Container & Application Security • Integrate and maintain container image scanning in CI/CD pipelines (Trivy, Snyk, Grype or equivalent) • Integrate Software Composition Analysis (SCA) and Static Application Security Testing (SAST) tooling into pipelines • Define and enforce quality gates that prevent vulnerable or non-compliant images from reaching production • Identify vulnerable third-party dependencies and work through remediation with engineering teams Kubernetes & AWS EKS Security • Harden and maintain the security configuration of our AWS EKS clusters • Implement and maintain Kubernetes RBAC, Pod Security Standards, Network Policies, and admission controls • Manage secrets securely — AWS Secrets Manager, External Secrets Operator, or equivalent • Ensure IAM roles for service accounts (IRSA) are correctly scoped and maintained • Monitor and respond to runtime security events using tooling such as Falco Cloud Infrastructure Security • Maintain and improve AWS security posture across the platform • Work with AWS-native security tooling — Security Hub, GuardDuty, Inspector, IAM Access Analyzer • Identify and remediate misconfigurations in Infrastructure as Code (Terraform, Helm) • Apply least-privilege principles consistently across IAM, service accounts, and workload identities CI/CD Pipeline Security • Own and evolve the security gates within our CI/CD pipelines • Implement automated scanning for containers, dependencies, IaC, and secrets • Ensure pipelines enforce policy as code — fail fast on critical findings • Be comfortable modifying pipeline configuration (GitHub Actions, GitLab CI or equivalent) to introduce or improve security controls Compliance & Risk • Work alongside the Compliance Manager to translate technical vulnerability findings into compliancerelevant language and evidence • Produce and maintain risk assessments for identified vulnerabilities and infrastructure risks • Contribute to audit evidence collection and compliance reporting cycles • Support the maintenance of security policies and standards documentation 2 What We Are Looking For Essential Skills &amp

Job Details

Experience: • 4+ years of experience in a DevSecOps, Cloud Security, or Security-focused SRE role • Demonstrable hands-on experience with vulnerability management — not just tooling but owning the full lifecycle • Strong experience with container security — image scanning, Dockerfile hardening, base image management • Real-world AWS EKS and Kubernetes security experience — RBAC, Network Policies, Pod Security Standards, admission controllers, IRSA • Confident working with AWS security services — Security Hub, GuardDuty, Inspector, IAM, KMS, ECR

Experience: integrating security tooling into CI/CD pipelines and defining security quality gates • Ability to make direct code and configuration changes — comfortable opening PRs to fix dependency versions, Dockerfiles, and IaC • Understanding of CVSS scoring, exploitability context, and risk-based prioritisation

Experience: writing or contributing to risk assessments and risk acceptance documentation • Strong communication skills — able to translate technical findings for a compliance or non-technical audience Desirable Skills &amp

Experience: with Kubernetes policy engines — Kyverno, OPA/Gatekeeper

Experience: with runtime security tooling such as Falco • Familiarity with GRC or compliance platforms — Drata, Vanta, or similar

Experience: with secrets management tooling — External Secrets Operator, HashiCorp Vault, AWS Secrets Manager • AWS certifications — Security Specialty, Solutions Architect, or equivalent • Exposure to compliance frameworks — SOC 2, ISO 27001, CIS Benchmarks Technologies You Will Work With Area Tools / Technologies Vulnerability Scanning Trivy, Snyk, Grype, AWS Inspector, Dependabot SAST / SCA Snyk Code, Semgrep, Checkov, KICS 3 Area Tools / Technologies Kubernetes Security Falco, Kyverno, OPA/Gatekeeper, kube-bench AWS Security Security Hub, GuardDuty, IAM Access Analyzer, KMS, ECR CI/CD GitHub Actions, GitLab CI, ArgoCD or Flux Infrastructure as Code Terraform, Helm Secrets Management AWS Secrets Manager, External Secrets Operator Ticketing / Reporting Jira, and a GRC platform

Benefits

• A genuinely ownership-heavy role — you will drive security decisions, not just implement them • Close collaboration with engineering, platform, and compliance teams • A modern, cloud-native stack built on AWS EKS • A culture that treats security as an engineering problem, not a checkbox • Competitive salary and benefits package • [Add your specific benefits here]

How to Apply

We are an equal opportunities employer and welcome applications from all backgrounds

Required Skills

AWS
Git
Go
Jira
Kubernetes

Job Details

Stipend / SalaryDisclosed Upon Apply
Job Typefull_time
Role LevelSenior
Experience4+ YearsFrom original posting
Location ModeOn-site

Apply Carefully

Review the official source before sharing personal information or payment details.

GradWorks saves this role to your candidate dashboard first, then lets you continue to the official source when you are ready.

Start Application