Photon Logo

Photon

AWS DevSecOps Sr. Engineer / Testers (Policy Development & Mapping) - Bangalore, India - JPMC

Posted 20 Days Ago
Be an Early Applicant
Remote
Hiring Remotely in India
Senior level
Remote
Hiring Remotely in India
Senior level
Design and automate AWS security policies, map them to IaC (Terraform/CloudFormation/CDK), embed security testing in CI/CD, perform vulnerability assessments and penetration testing, and collaborate with development/DevOps teams to enforce remediation, compliance, and continuous security improvements.
The summary above was generated by AI

About the Role:

We are seeking an experienced and highly motivated Senior AWS DevSecOps Engineer / Tester with expertise in policy development, security automation, and infrastructure-as-code (IaC). The ideal candidate will have a strong background in AWS cloud environments, DevSecOps principles, and security policy mapping and enforcement. This role will focus on creating and automating security policies, mapping them to cloud infrastructure, and ensuring that our security posture remains strong and compliant across all stages of the software development lifecycle.

You will work closely with cross-functional teams to define security requirements, integrate security tools and processes into the CI/CD pipeline, and continuously improve the security automation framework.

Key Responsibilities:

Policy Development & Mapping:

  • Design, develop, and maintain security policies for AWS environments, ensuring compliance with industry standards (e.g., NIST, CIS, ISO 27001).
  • Map and integrate security policies into infrastructure and applications deployed on AWS using Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, and AWS CDK.
  • Create automated processes for security policy enforcement, auditing, and monitoring.
  • Develop security rules and guardrails using AWS native services (AWS Config, AWS Security Hub, AWS GuardDuty, etc.) and third-party security tools.

DevSecOps Engineering:

  • Build and maintain the CI/CD pipeline with embedded security testing (SAST, DAST, IAST) and automated compliance checks.
  • Automate security vulnerability assessments and remediation in the AWS environment using tools like AWS Inspector, Qualys, and other static and dynamic analysis tools.
  • Collaborate with development teams to implement security in the software development lifecycle (SDLC), shifting security left and automating security testing.
  • Create and maintain AWS security best practices, security controls, and infrastructure standards.

Testing & Vulnerability Management:

  • Conduct manual and automated penetration testing, vulnerability assessments, and code reviews focused on AWS-based applications and infrastructure.
  • Implement automated testing frameworks that validate security policies and configurations (e.g., infrastructure misconfigurations, exposed secrets).
  • Identify security gaps or vulnerabilities in AWS deployments and work with DevOps and development teams to remediate.
  • Continuously assess new threats, vulnerabilities, and attack vectors in AWS environments.

Collaboration & Reporting:

  • Work closely with DevOps, Development, and IT teams to ensure proper integration of security into cloud infrastructure and applications.
  • Provide regular security assessments, risk analysis reports, and security findings to senior leadership and relevant stakeholders.
  • Participate in incident response planning and execution, providing expertise in security issues related to AWS environments.
  • Train development teams on secure coding practices, security testing tools, and best practices for AWS security.

Continuous Improvement & Innovation:

  • Stay current with emerging trends in DevSecOps, cloud security, and AWS services.
  • Continuously improve security policies, tools, and processes to adapt to evolving threats.
  • Contribute to the creation and implementation of security automation frameworks for improved DevSecOps practices.

Required Qualifications:

Experience:

  • 5+ years of experience in AWS cloud environments with a focus on security, DevSecOps, and automation.
  • At least 3+ years of hands-on experience in security policy development and mapping for cloud infrastructure, specifically AWS.
  • Deep knowledge of AWS security tools and services, including AWS IAM, AWS KMS, AWS Config, AWS GuardDuty, AWS Shield, AWS WAF, and others.
  • Strong experience with infrastructure-as-code tools such as Terraform, AWS CloudFormation, and AWS CDK.
  • Experience with security testing tools (e.g., static and dynamic analysis, penetration testing, vulnerability scanning) and frameworks.
  • Hands-on experience with CI/CD pipeline security integration, GitOps, and container security (e.g., Docker, Kubernetes, EKS).

Technical Skills:

  • Proficiency in programming/scripting languages such as Python, Bash, or Go.
  • Experience with AWS Security Hub, AWS Inspector, AWS Trusted Advisor, and other AWS security services.
  • Familiarity with security testing frameworks (e.g., OWASP, SANS, NIST) and cloud security best practices.
  • Experience with integrating security tools into CI/CD pipelines (e.g., Jenkins, GitLab, CircleCI, etc.).
  • Strong knowledge of common security vulnerabilities (e.g., OWASP Top 10, CVE management) and how to mitigate them in cloud environments.

Certifications (Preferred):

  • AWS Certified Security – Specialty.
  • Certified DevSecOps Professional (CDP) or other related certifications.
  • CISSP, CISM, or equivalent security certifications are a plus.

Soft Skills:

  • Excellent problem-solving and analytical skills, with a keen attention to detail.
  • Strong communication skills, able to present complex security issues to both technical and non-technical audiences.
  • Ability to work independently and collaboratively in a fast-paced, dynamic environment.
  • Proactive mindset with a passion for automation, security, and continuous improvement.
  • Strong documentation skills, with the ability to create clear, concise, and actionable security reports.

Preferred Qualifications:

  • Experience with container security tools like Aqua Security, Twistlock, or Falco.
  • Hands-on experience with serverless architectures and security concerns in AWS Lambda, API Gateway, and other serverless services.
  • Familiarity with cloud-native security architectures and concepts (e.g., Zero Trust, defense in depth).
  • Experience with compliance frameworks and regulations (e.g., GDPR, HIPAA, SOC 2, PCI DSS).

Photon Hyderabad, Telangana, IND Office

DLF Cyber City 6th Floor, Block 3 Gachibowli , Hyderabad, India, 500032

Photon Hyderabad, Telangana, IND Office

Hyderabad, India

Similar Jobs

An Hour Ago
Remote
Gujarat, IND
Senior level
Senior level
Artificial Intelligence • Hardware • Information Technology • Machine Learning
Lead and oversee soft services (housekeeping, cafeteria, landscaping, waste management, pest control), vendor/contracts/SLAs, safety/compliance audits, and workplace improvements; partner with stakeholders and apply AI-driven reviews to optimize costs and service delivery.
Top Skills: Artificial Intelligence
An Hour Ago
Remote
Gujarat, IND
Junior
Junior
Artificial Intelligence • Hardware • Information Technology • Machine Learning
Support site automation systems (AMHS, ASRS, AGV, conveyors) through installation, commissioning, troubleshooting, sustainment and project activities. Execute FAT/SAT/UAT, preventive maintenance, RCA, documentation, and cross-functional coordination with vendors and teams to improve system reliability and deploy automation solutions.
Top Skills: AgvAmhsArvAsrsConveyorsMaterial Tracking ToolsMesMotor ControllersPlcRobotsSensorsServo DrivesServosSpmVision Systems
An Hour Ago
Remote
Gujarat, IND
Mid level
Mid level
Artificial Intelligence • Hardware • Information Technology • Machine Learning
Implement and monitor manufacturing quality control procedures, analyze data to identify issues, lead investigations and corrective actions, collaborate cross-functionally to drive process improvements, and ensure compliance with industry standards and regulations.
Top Skills: Ai Supported Tools

What you need to know about the Hyderabad Tech Scene

Because of its proximity to leading research institutions and a government committed to the city's growth, Hyderabad's tech scene is booming. With plans to establish India's first "AI city," the city is on track to become one of the world's most anticipated tech hubs, with companies like TransUnion, Schrödinger and Freshworks, among others, already calling the city home.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account