Cloud Security Engineer

Lead Consultant - Lead Cloud Security Engineer Management Plane (L2/L3 SME)

Location: Hyderabad & Delhi NCR

Experience: 6-12 years

Immediate Joiners

Please share your resumes to Radhika.Upadhyay1@genpact.com with Sub of "Cloud Security Engineer" along with notice period.

Responsibilities

Cloud Security Platform Operations

• Operate and maintain Microsoft Defender for Cloud in accordance with Client policies.
• Monitor cloud security posture and remediate configuration issues as directed.
• Administer Defender for Cloud Apps to monitor SaaS application security controls.
• Maintain Azure native security controls within defined scope.

Access Governance & Least Privilege Enforcement

• Perform periodic permissions reviews for cloud subscriptions and SaaS applications.
• Implement custom RBAC roles as directed by approved design.
• Administer Privileged Identity Management (PIM) workflows.
• Monitor privileged access assignments and enforce approval policies.
• Support remediation of excessive permissions identified through reviews.

SaaS Security Operations

• Monitor SaaS application access and security posture via Defender for Cloud Apps.
• Support implementation of access control and session control mechanisms where applicable.
• Investigate cloud application access anomalies and escalate when necessary.

Vulnerability & Exposure Coordination (Operational Scope)

• Support vulnerability scanning coordination where cloud assets are in scope.
• Assist in remediation tracking and validation of security posture findings.
• Coordinate with infrastructure or application teams for remediation closure.

E. Service Request & Change Management

• Fulfill cloud security-related service requests within SLA.
• Execute approved configuration changes following Client change control processes.
• Validate changes post-implementation and document testing evidence.
• Coordinate changes with IAM, Network, and Data Security teams where dependencies exist.

Incident & Problem Management

• Participate in cloud security incident investigations.
• Provide technical inputs for RCA documentation.
• Support restoration procedures during cloud security control disruptions.
• Identify recurring misconfiguration patterns and propose corrective actions via formal channels.

Audit, Logging & Compliance Support

• Maintain sufficient operational artifacts to support audit requirements.
• Support requests for information/evidence for compliance certifications.
• Ensure relevant cloud security logs are available for SIEM ingestion where directed.
• Maintain updated SOPs and configuration documentation.
• Provide inputs for monthly service performance reporting.

Explicit Role Boundaries

• This role does not own cloud architecture design or cloud migration strategy.
• Infrastructure-as-Code engineering and DevSecOps transformation ownership are out of scope.
• Strategic cloud security framework decisions remain with Client governance.

Qualifications we seek in you!

Minimum Qualifications

• Bachelors degree in Computer Science, Information Security, or equivalent experience.
• Preferred certifications:
• Microsoft Azure Security Engineer (AZ-500)
• CISSP (preferred but not mandatory)
• Experience in regulated enterprise environments preferred.

Preferred Qualifications/ Skills

• Good years of exp on enterprise security engineering experience.
• Strong hands-on operational expertise in:
• Microsoft Defender for Cloud
• Microsoft Defender for Cloud Apps (CASB)
• Azure native security controls
• Privileged Identity Management (PIM)
• Azure RBAC configuration and governance
• Experience performing:
• Cloud permissions reviews
• Access monitoring and entitlement validation
• Least-privilege enforcement
• SaaS security configuration monitoring
• Familiarity with vulnerability management concepts (Qualys integration awareness).
• Experience supporting regulated enterprise environments.
• Strong understanding of formal Change Management processes.
• Familiarity with log forwarding and SIEM ingestion (operational level).