Cloud Security Engineer

Position: Cloud & Security Engineer

Location: Pune

Experience: minimum 4 years

Compensation: As per market standards

Report to: Lead AI Engineer

Start: Within 6 weeks

Language: Fluent English non-negotiable

Job Overview:

We are seeking an experienced Cloud & Security Engineer to design, implement, and manage a secure, scalable, and enterprise-grade cloud infrastructure for a multi-tenant AI SaaS platform. The role is critical in ensuring customer data isolation, regulatory compliance, cloud security, and certification readiness before onboarding enterprise customers operating in regulated industries.

The successful candidate will be responsible for building production-ready Azure infrastructure, implementing robust security controls, supporting compliance initiatives, and ensuring secure deployment of AI-powered applications.

Roles & Responsibilities:

Cloud infrastructure

Azure production deployment containerisation (Docker, Kubernetes), CI/CD pipelines

Multi-tenant SaaS architecture data isolation patterns, tenant onboarding, dedicated vs shared tenancy

Secrets management Azure Key Vault or equivalent

Minimum 4 years in cloud infrastructure or security engineering in production

Security engineering

2FA, RBAC, SSO, session management, audit logging production implementation

ISO 27001 implementation or audit experience. Certification path knowledge essential.

GDPR and UK GDPR practical implementation, not awareness

Penetration testing coordination commissioning, managing findings, verifying remediation

AI & Pipeline Knowledge - Required

Understanding of how LLM API calls, vector database queries, and blob storage interact in a production cloud environment

Ability to secure AI application infrastructure API key management, call logging, prompt injection awareness

Experience securing systems that process sensitive proprietary documents at scale

Familiarity with LLM provider data processing agreements and what they mean for customer data isolation

What you will own -

Azure deployment architecture containerised, scalable, production-ready infrastructure for a multi-tenant SaaS platform

Multi-tenant data isolation every customer in a fully dedicated environment. No shared databases, no shared vector storage, no shared blob storage, no possibility of cross-customer data exposure

Authentication 2FA mandatory, four-level RBAC, SSO with Azure AD, Okta, Google Workspace

Encryption TLS 1.3 in transit, AES-256 at rest across all layers

Data residency UK, EU, US regions. No transfer outside customer's chosen region without explicit consent

Audit logging every login, file view, and download logged with timestamp, user identity, and IP

Penetration testing third-party OWASP testing, vulnerability management, remediation tracking

ISO 27001 gap analysis, remediation, and certification path to commercial launch

GDPR and UK GDPR data processing agreements, right to erasure, breach notification

SOC 2 Type II preparation and audit coordination

8th June 2026

CT Automotive India