Position: Security Engineer Job Description: Must Have VAPT/Penetrationtesting on Web, Network and API Exp with could domain and cloud security as well, basic scripting in bash or python, good with Linux. + Exp in Security Compliance i.e. PCI-DSS and SOC 2 standards >4 years of experience in security operations - Configuration, integration, implementation & testing of various security controls in cloud environment Deep understanding of security controls/services/tools for cloud hosted applications as per PCI-DSS & SOC2 standards Strong Experience implementing security controls in cloud hosted environments using tools and technologies (IAM, MFA, SSO, DLP systems, Firewall/IDS/IPS systems, Secure Configurations, Network/application vulnerability scanners like tenable, nessus, qualys etc Working experience on any one LINUX flavour (Red Hat, UBUNTU, DEBIAN etc) and LINUX system utilities Understanding of some of the Security Industry Standards and Compliance Frameworks, Controls and Requirements (PCI-DSS, SOC2, FedRAMP, CIS configuration Benchmarks, NIST etc Understanding of OWASP vulnerabilities and common network/application/API attacks Responsibilities Engage with customer to understand security controls, tools configuration/implementation requirements as per PCI-DSS & SOC2 standard and framework Configure, integrate and implement various security controls using tools and technologies (IAM, MFA, SSO, Firewall/IDS/IPS systems, Network/application vulnerability scanners etc) in cloud environment Understand Security Industry Standards and Compliance Frameworks and Requirements (PCI-DSS, SOC2, FedRAMP, NIST etc Build dashboards of various security controls implemented for reviews by compliance team Good analytical and problem-solving skills with ability to find root cause of issues Excellent Communication skills and ability to interact and manage customer expectations Experience in Vulnerability assessment using tools like tenable, nessus, qualys etc. Understanding of Cloud based security services, security tools, with experience in AWS and any private cloud Vulnerability management & PenTesting Key/secret management best practices Designing and implementing E2E encryption controls Access (authN/Z) management Session tracking. Layer 4 and 7 security protection Good analytical and problem-solving skills with ability to find root cause of issues and do impact analysis of defect fixes Excellent Communication skills Working experience on LINUX (Redhat, UBUNTU or DEBIAN etc) and LINUX system utilities Nice to Have Any one of the Certification like CISA, CISM, COMP TIA Security+, GSEC, CASP+ Some experience in Python/Shell Scripting