SecOps Engineer

Security Operations (SecOps) Engineer

Location : Bangalore

Team :

Security & Compliance

Reports to :

Engineering Manager – Platform & Security

About Josys

Josys is on a mission to redefine enterprise IT operations through automation, visibility, and security. As we continue to scale globally, securing our cloud-native infrastructure and application ecosystem is more critical than ever. We are looking for a passionate

Security Operations Engineer

to join our security team and help strengthen our defenses and practices across the cloud.

Job Summary

As a

Senior SecOps Engineer , you'll lead the design and implementation of security controls across cloud infrastructure, CI / CD pipelines, and application layers. You’ll act as a subject matter expert in both preventive and detective controls, vulnerability management, and compliance enforcement. We are looking for someone hands-on with a deep understanding of cloud and application security — especially across

AWS, data privacy, and regulatory frameworks .

Key Responsibilities

1. Cloud Security Monitoring & Compliance

Configure and optimize

AWS-native security tools

like Security Hub, GuardDuty, Config, CloudTrail for real-time detection and compliance.

Drive

Cloud Gap Assessments

and

security posture reviews

across multi-account AWS environments.

Ensure alignment with standards like

CIS, ISO 27001, SOC 2 , and regulatory requirements including

GDPR and data residency controls .

2. Incident Response & Remediation

Lead investigation and remediation efforts in partnership with

L1 support and SRE teams .

Perform

root cause analysis , implement fixes, and establish preventive controls.

Build runbooks, define escalation processes, and improve

incident response automation .

3. Secure DevOps & CI / CD Integration

Integrate

automated security tools

in CI / CD for both infrastructure and applications (e.g., SAST, DAST, IaC scanning).

Implement

IaC policy enforcement

using tools such as

tfsec, Checkov, or OPA .

Embed security gates and practices early in the software development lifecycle.

4. Penetration Testing & Vulnerability Management

Conduct or coordinate

regular penetration testing

using tools like

Burp Suite, OWASP ZAP , or via third-party assessors.

Manage end-to-end

vulnerability lifecycle , from discovery through remediation.

Translate findings into developer-friendly guidance and track fixes to closure.

5. Continuous Improvement & Security Awareness

Stay current with

cloud security trends, vulnerabilities, and threats .

Drive

security awareness training

and contribute to improving engineering security hygiene.

Influence architectural decisions by embedding security principles into project planning.

Required Qualifications

5–8 years

of experience in

cloud security, application security, or security operations

roles.

Deep knowledge of

AWS security architecture, IAM, networking, and encryption practices .

Hands-on experience with security testing tools

like

Burp Suite, OWASP ZAP , Nmap, and cloud-native monitoring tools.

Strong grasp of

compliance frameworks

including

GDPR, SOC 2, ISO 27001 , and

data residency considerations .

Solid scripting or automation skills (e.g., Python, Bash, Terraform).

Must hold at least one

relevant certification :

AWS Certified Security – Specialty

CISSP (Certified Information Systems Security Professional)

CCSP (Certified Cloud Security Professional)

Nice to Have

Experience with

container security (e.g., EKS, Docker)

and

runtime protection tools .

Familiarity with security operations platforms (e.g.,

Splunk, ELK, or SIEM tools ).

Experience working in

fast-paced SaaS or DevOps-centric environments .

Why Join Us?

Work on a global SaaS platform at the cutting edge of IT automation and cloud security.

Lead initiatives that shape how modern enterprises manage risk.

Join a culture of ownership, innovation, and collaboration.

Remote-friendly work culture with high-impact opportunities.