Job Title

Sr. Engineer, Cloud SecurityLocation: BangloreExperience: 4+ YearsAbout Pocket FMPocket FM, founded in 2018, is India’s leading audio storytelling platform, transforming the way millions consume stories. Offering high-quality serialized content across genres such as Romance, Drama, Thriller, Fantasy, Sci-Fi, and Mythology in eight languages, Pocket FM has built a strong global presence with over 200 million listeners worldwide. With users spending an average of 120 minutes daily on the platform, it has emerged as one of the fastest-growing audio platforms, rapidly expanding its reach across the US, Europe, LATAM, and Southeast Asia.Role Overview:As a Senior Analyst in Cloud Security, you will be responsible for securing Pocket FM's multi-cloud infrastructure at scale. You will work hands-on across our AWS and GCP environments, collaborate closely with DevOps, SRE, and engineering teams, and play a critical role in hardening our cloud footprint against evolving threats. This role is ideal for someone who thinks in terms of attack surfaces and misconfigurations, loves automating security guardrails, and wants to protect the infrastructure that serves millions of daily listeners.Key Responsibilities:Cloud Security Posture Management: Continuously assess and improve the security posture across Pocket FM's AWS and GCP environments by identifying misconfigurations, enforcing security baselines, and driving remediation across projects, accounts, and services.Infrastructure-as-Code (IaC) Security: Review and secure IaC templates (Terraform, CloudFormation, Deployment Manager) to ensure infrastructure is provisioned securely from the start. Integrate security checks into CI/CD pipelines.Identity & Access Management: Design, review, and enforce IAM policies, roles, and permissions following the principle of least privilege across both cloud providers. Manage and monitor access across AWS accounts, GCP projects, SSO, and federated identity setups.Network Security: Configure and maintain cloud network security controls including VPCs, security groups, firewall rules, WAF policies, and CDN configurations across AWS and GCP. Identify and close network-level exposure risks.Threat Detection & Monitoring: Deploy and tune cloud-native and third-party security monitoring tools (e.g., AWS GuardDuty, Security Hub, GCP Security Command Center, Chronicle) to detect anomalous activity, unauthorized access, and potential breaches.Container & Workload Security: Secure containerized workloads (ECS, EKS, GKE, Cloud Run, Docker) by implementing image scanning, runtime protection, secrets management, and pod-level security policies.Automation & Tooling: Build automated security workflows, custom serverless remediations (Lambda, Cloud Functions), and internal tooling (Python/Bash) to scale cloud security operations and reduce manual effort.Vulnerability Management: Partner with engineering teams to manage cloud infrastructure vulnerabilities end-to-end — from discovery and prioritization to remediation tracking and verification.Incident Response: Participate in cloud security incident investigations, perform root cause analysis using cloud-native logging (CloudTrail, GCP Audit Logs), and contribute to runbooks and playbooks for cloud-specific incident scenarios.Compliance Support: Support cloud-related audit and compliance requirements (SOC 2, ISO 27001) by maintaining evidence, documenting controls, and ensuring alignment with security frameworks (CIS Benchmarks for AWS & GCP, Cloud Well-Architected Frameworks).Security Architecture Reviews: Provide security input on new architecture designs, service adoptions, and cloud migration or multi-cloud expansion initiatives to ensure security is considered from day one.Required Qualifications:4–5+ years of experience in cloud security, infrastructure security, or a related security engineering role.Strong hands-on expertise with at least one major cloud provider (AWS or GCP) and working familiarity with the other. Key areas include identity & access management, network security, compute and storage security, encryption and key management, and cloud-native security tooling.Solid understanding of cloud security architecture patterns, including network segmentation, encryption at rest and in transit, secrets management, and zero-trust principles — applied in a cloud-agnostic or multi-cloud context.Experience securing CI/CD pipelines and reviewing Infrastructure-as-Code (Terraform strongly preferred; CloudFormation or Deployment Manager a plus).Proficiency in scripting and automation using Python, Bash, or Go for building security tools and automated remediation workflows.Working knowledge of container security (Docker, Kubernetes, and managed container services like EKS/GKE) including image scanning, runtime security, and orchestration-level controls.Familiarity with cloud security benchmarks and frameworks such as CIS Foundations Benchmarks (AWS & GCP), Well-Architected / Architecture Frameworks, and NIST CSF.Experience with CSPM tools (e.g., Wiz, Prisma Cloud, Orca, or cloud-native equivalents like Security Hub / Security Command Center) and SIEM platforms for cloud log analysis and alerting.Solid understanding of networking fundamentals — TCP/IP, DNS, TLS, load balancing, and how they map to cloud constructs across providers.Strong communication and collaboration skills, with the ability to work effectively with DevOps, SRE, and software engineering teams and drive security outcomes without being a bottleneck.A proactive, builder mindset — comfortable working in a fast-paced start-up environment with evolving priorities.Preferred Qualifications:Cloud security certifications such as AWS Security Specialty, Google Professional Cloud Security Engineer, CKS (Certified Kubernetes Security Specialist), or CompTIA Security+.Experience managing security across multi-cloud or hybrid environments.Familiarity with service mesh security (Istio, Envoy) and API gateway security patterns.Exposure to DRM, content protection, or media streaming infrastructure security.Familiarity with chaos engineering or adversarial simulation in cloud environments.Prior experience in a consumer tech, media, or high-scale platform company.You can get more updates, insights and everything behind the scenes at Pocket FM here - Pocket FM