Cloud Platform Engineer

Project Role : Cloud Platform Engineer
Project Role Description : Designs, builds, tests, and deploys cloud application solutions that integrate cloud and non-cloud infrastructure. Can deploy infrastructure and platform environments, creates a proof of architecture to test architecture viability, security and performance.
Must have skills : Cloud Security Architecture
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education

Role Overview
The Cloud Security Engineer is a senior technical leader responsible for designing, governing, and leading the implementation of enterprise-grade cloud security solutions across hybrid and multi-cloud environments including AWS, Azure, GCP, and OpenShift (OCP).
Building on strong hands-on cloud-native security expertise, this role acts as a security design authority, embedding Zero Trust, DevSecOps, cloud-native controls, and AI-driven automation into platforms, pipelines, and runtime environments. The role leverages Generative AI and Agentic AI frameworks to enhance threat detection, incident response, posture management, and compliance automation.

Key Responsibilities
- Lead end-to-end implementation of cloud security architectures aligned with enterprise standards and regulatory requirements.
- Review and validate High-Level Designs (HLDs) and translate them into secure, scalable Low-Level Designs (LLDs).
- Govern rollout of:
- Cloud-native security services
- Identity & Zero Trust frameworks
- Security automation and DevSecOps pipelines
- Act as technical authority and escalation point for complex security incidents.
- Drive adoption of AI-assisted security capabilities across detection, response, and remediation.
- Mentor senior and junior engineers and uplift cloud security maturity across delivery teams.

Cloud Security Architecture & Design
- Lead implementation of secure architecture patterns for Hybrid cloud (private + public),Multi-cloud workloads
- Validate designs against CIS Benchmarks, NIST, Zero Trust Architecture
- Design security patterns for Kubernetes & container platforms (EKS, AKS, GKE, OpenShift), Data, storage, and AI/ML workloads
- Provide architectural feedback to cloud and enterprise architects on risk posture and feasibility.

Cloud-Native Security Services (Design & Governance)
- Architect and govern use of cloud-native security services:
AWS
- IAM, KMS, CloudTrail, GuardDuty, Security Hub, Shield, WAF, Inspector, Macie
Azure
- Entra ID (Azure AD), Defender for Cloud, Sentinel, Key Vault, Azure Firewall, WAF, DDoS Protection
GCP
- IAM, Cloud KMS, Security Command Center, Cloud Armor, Cloud IDS, VPC Service Controls
- Ensure consistent implementation of identity, network, compute, storage, and data security controls across platforms.

Security Tooling & Platform Integration
- Lead integration of advanced security platforms:
- SIEM / SOAR (Splunk, Sentinel, QRadar, Elastic)
- CSPM, CWPP, CNAPP
- Vulnerability scanners and EDR/XDR platforms
- Define enterprise integration patterns using APIs and log pipelines.
- Embed security tooling into CI/CD and runtime environments.

Identity, Network & Zero Trust Security
- Architect and govern:
- IAM federation, SSO, adaptive MFA
- Just-In-Time (JIT) and least-privilege access
- Lead Zero Trust adoption across hybrid and multi-cloud platforms.
- Design and validate:
- Micro-segmentation strategies
- Secure service-to-service communication
- Lead troubleshooting of complex IAM, firewall, VPN, service mesh, and workload identity issues.

Security Monitoring, Incident Readiness & Response
- Design SOC detection and response use cases.
- Lead major security incidents:
- Threat containment
- Forensics coordination
- Post-incident reviews and systemic fixes
- Validate SIEM/SOAR correlation rules and response playbooks.
- Improve MTTR using AI-assisted detection and prioritization.

Governance, Risk & Compliance
- Ensure security controls align with:
- ISO 27001, SOC 2, PCI-DSS, HIPAA, GDPR, RBI (as applicable)
- Define automated evidence collection for audits.
- Validate security readiness for production workloads.
- Act as sign-off authority from a security and compliance perspective.

AI / GenAI & Agentic Security Engineering
- Design AI-enabled cloud security solutions, including:
- Anomaly detection
- Threat prioritization
- Automated remediation workflows
- Use Generative AI to:
- Analyze security telemetry
- Assist in threat modeling
- Accelerate investigations and RCA
- Apply Agentic AI frameworks for:
- Self-healing security workflows
- Policy orchestration and enforcement
- Strong understanding of:
- AI lifecycle
- ML fundamentals (supervised & unsupervised)
- NLP concepts for security analytics
- Define guardrails for responsible, compliant AI usage in security platforms.

Automation, IaC & Scripting
- Lead security automation using:
- Terraform (preferred)
- Ansible
- Define reusable security modules and policy-as-code patterns.
- Advanced scripting using:
- Python (mandatory)
- Bash / PowerShell
- Integrate security into CI/CD pipelines (DevSecOps).

Mandatory Skills
- Python (Programming Language) automation, API integration, AI workflows
- Agentic AI framework understanding (multi-agent orchestration, decision logic)
- Terraform & Ansible for cloud security automation
- Advanced cloud security across AWS, Azure, GCP, OpenShift
- Deep expertise in IAM, Zero Trust, SIEM/SOAR, CSPM/CNAPP

Experience & Qualifications
- 8 10 years of experience in cloud security engineering.
- Proven leadership in enterprise-scale cloud security implementations.
- Hands-on experience with AI/GenAI-enabled security platforms.
- Experience supporting SI-led and managed services environments

Certifications
Mandatory Certifications (Minimum 2 Specialty / Professional Level)
The certifications can be across different cloud providers.
AWS
- AWS Certified Security Specialty
- AWS Certified Advanced Networking Specialty
- AWS Certified Solutions Architect Professional
Microsoft Azure
- Azure Security Engineer Associate (AZ-500)
- Azure Solutions Architect Expert (AZ-305)
Google Cloud Platform (GCP)
- Google Professional Cloud Security Engineer
- Google Professional Cloud Architect

Good to have certification
- Security & Governance
- CISSP
- CCSP
- CISM
- ISO 27001 Lead Implementer / Auditor
- Kubernetes & Cloud-Native Security
- Certified Kubernetes Security Specialist (CKS)
- Certified Kubernetes Administrator (CKA)
- Red Hat OpenShift Security / Specialist
- DevSecOps & Automation
- Azure DevOps Engineer Expert (AZ-400)
- GitHub Actions (GH-200)
- Ansible Automation Platform Certification
- AI / GenAI & Emerging Security
- AWS Certified Machine Learning Specialty
- Google Professional Machine Learning Engineer
- Azure AI Engineer Associate
- GenAI / LLM Security certifications (DeepLearning.AI, OpenAI, vendor-neutral programs)

15 Year of Education to be completed
- Resource needs to be AI Ready.