Job Title

About the CompanyWe are seeking a high-skilled, hands-on Senior Product and Cloud Security Specialist who will serve as a Subject Matter Expert within Morae’s Information Security Team. Product & Cloud Security Engineer/Manager will contribute to Morae success by developing, implementing, and maintaining technical safeguards and controls deployed in our hybrid multi-cloud environment.About the RoleSenior Product & Cloud Security Engineer will engage with Security Operations, Information Technology and Product Development teams to develop secure products, maintain and improve further our cloud cyber security posture, security monitoring and response toolset, global security process and technology-oriented controls to implement a standardised, and optimised security approach. The role will be responsible for cloud security strategy, product & cloud security internal consulting, product security testing, and security incident response.ResponsibilitiesPerform both (1) Business as usual and (2) Project activities related to cloud and product security process and toolset. IAM/MFA/Identity/Zero-Trust/Conditional access/Security Key Management Security Incident Management Process implementation & monitoring Cloud Security Posture and Toolset Implementation and Management Security Event & Incident Management technology implementation & monitoring XDR/MDR/SIEM Implementation & monitoring DLP/Data Classification/Information Protection Email Filtering and Protection External Threat Monitoring Red/Blue Team Exercises & external Penetration testing support Manages Security Project activities related to the implementation of the Security Operations Toolset Provides input to security risk analysis, mitigation, and remediation plans. Communicates information security incidents & response activities with IT & business. Conducts application security reviews and recommends improvements Lead the development of cloud security standards and procedures Ensures appropriate and effective cloud security metrics and reporting. ISO & SOC 2 Compliance-oriented technical control set operations. Together with the wider Information Security & Technology leadership, implements and oversees technological upgrades, improvements, and major changes to the security environment. Identifies and classifies security risks related to new implementations or existing infrastructure and application solutions, and provides guidance for remediation. Recommends solutions for managing and improving current technology architecture vulnerabilities and weaknesses. Conducts Research, monitoring and analysis of trends related to cybersecurity. Act as Subject Matter Expert in client and organisational engagements with executive management. Develop Client-Facing Security Operational Capabilities Management Establishes the Security Operations process and drives prioritisation of security operations workload across the Information Security team and with dependent stakeholders. Coach, Support, and Mentor 2 Associate-level Security Analysts reporting into the role. Manages the security incident response program (policy, procedure, toolset, analysis, documentation, reporting). Manages investigations of any actual or potential security violations, manages escalation of security events, prepare security incident reports. Oversees management of security vendors, contracts, and related documentation Provide Security Technical expertise at all levels in the organization including executive management and clients.QualificationsA degree or postgraduate degree in IT, software engineering, or equivalent. 8+ years of experience technical product/client security roles Professional level technical security management certifications (GIAC, Microsoft AZ-500/ SC-100, AWS Security Specialist, SANS, Offensive Security)Required SkillsExpertise in Cloud Security (Azure, AWS) - Microsoft Unified Security Hub (Defender/Sentinel Suite/Security Copilot), PowerShell/Bash Scripting, ARM/Biceps, KQL, Azure Networking/DNS, AWS Security Hub, Guard Duty, Microsoft Purview, Sentinel One, Arctic Wolf, Tenable/Nessus, Microsoft MCRA/MCSB, AWS Well-Architected Framework. Expertise in Application/Product Security - OWASP, MITRE ATT&CK, DAST/SAST tools, Pen test tools, Infrastructure as code tools, container orchestration tools, CI/CD Platform tools, Python/Bash Scripting, AI Security tools. Experience in developing and deploying incident response toolset/playbooks/processes and ensuring they’re tested and formalised with different stakeholder audiences. Strong understanding of Security Incident Response process & techniques Knowledge of major information security management frameworks (ISO 27001, NIST, etc) Ability and desire to constantly learn as well as coach, train and support junior employees Experience of working in a global company with colleagues and customer around the world Strong communication and presentation skills. Collaboration and conflict management skills.Pay range and compensation packageLocation: Bangalore, with hybrid working. Reports to: Director of Information SecurityEqual Opportunity StatementWe are committed to diversity and inclusivity.