Senior Security Analyst

31516BR

Hyderabad

Job Description

Job Summary:We are seeking a highly skilled Senior DevSecOps Engineer with expertise in Governance, Risk, and Compliance (GRC), Microsoft Azure Security, and Application Security. The ideal candidate will be responsible for integrating security into DevOps processes, automating security controls, and ensuring compliance with security policies in cloud-native and hybrid environments. Key Responsibilities:1. DevSecOps & Security Automation:Integrate security best practices into CI/CD pipelines using tools like Azure DevOps, GitHub Actions, and Jenkins.Automate security scanning for SAST, DAST, and SCA (e.g., SonarQube, Checkmarx, Veracode).Implement Infrastructure as Code (IaC) security for Azure using Terraform, Ansible, and ARM templates.Develop and maintain automated security testing frameworks for applications and cloud workloads.2. Governance, Risk & Compliance (GRC):Ensure compliance with industry security standards (NIST, ISO 27001, CIS, SOC 2, GDPR, HIPAA).Develop and implement security policies, frameworks, and risk assessment strategies.Conduct security audits and vulnerability assessments to identify compliance gaps.Provide security guidance for third-party risk management and vendor security reviews.3. Cloud Security (Azure & Hybrid Environments):Secure Azure workloads, including Azure Security Center, Defender for Cloud, and Sentinel SIEM.Implement Zero Trust security models for cloud-native applications and microservices.Enforce IAM, RBAC, and Conditional Access Policies in Azure.Monitor and mitigate cloud security threats, ensuring continuous compliance.4. Application Security:Secure web and API applications using OWASP best practices.Implement API security measures (OAuth, JWT, WAF, mTLS).Perform threat modeling and secure code reviews.Collaborate with development teams to embed Shift Left security principles.5. Incident Response & Threat Management:Develop and implement Incident Response Plans (IRP) and Security Playbooks.Investigate security breaches and coordinate forensic analysis.Utilize SIEM, SOAR, and XDR tools for threat detection and response.Educate DevOps and Engineering teams on secure coding practices. Required Skills & Experience:✅ 8+ years of experience in DevSecOps, Cloud Security, and Application Security.✅ Strong expertise in Azure Security Services (Defender, Sentinel, Key Vault, RBAC).✅ Hands-on experience with DevSecOps pipelines (Azure DevOps, GitHub, Jenkins).✅ Experience with security automation tools (Terraform, Ansible, Python, PowerShell).✅ Deep knowledge of Application Security (SAST, DAST, SCA, OWASP, API Security).✅ Strong understanding of GRC frameworks (NIST, ISO 27001, CIS Benchmarks).✅ Experience with Container Security (Docker, Kubernetes, Istio). Preferred Qualifications (Nice to Have):➕ Certifications: CISSP, CCSP, CEH, AZ-500, CRISC, OSCP.➕ Experience with SIEM & SOAR platforms (Splunk, Azure Sentinel, QRadar).➕ Familiarity with Blockchain Security & Zero Trust architectures.➕ Knowledge of AI/ML-based security automation.

Qualifications

B.E/B Tech

Range of Year Experience-Min Year

5

Range of Year Experience-Max Year

8