Pune District
Role Overview
To lead and drive the end-to-end Vulnerability Management and Remediation program across multi-cloud environments, with primary focus on Microsoft Azure and secondary exposure to Google Cloud Platform (GCP), ensuring proactive identification, prioritization, and resolution of security vulnerabilities while mentoring and managing a high-performing team.
This role supports and secures the customer's public cloud environments as the firm evolves from a predominantly Azure-based footprint into a multi-cloud operating model, with increasing adoption of Google Cloud Platform (GCP) and — as a longer-term.
The Vulnerability Management Lead / Public Cloud Security Engineer serves as a technical leader responsible for identifying, engineering, and operating cloud-native vulnerability and exposure management capabilities across public cloud platforms — reducing systemic risk by detecting control breaks, insecure configurations, and exploitable vulnerabilities before they result in incidents, while ensuring security tooling scales with cloud adoption rather than slowing it down.
This position sits at the intersection of cloud engineering, security engineering, and reliability, with accountability for designing, onboarding, and operating security platforms that protect cloud workloads in a highly regulated environment.
Location
• Pune (Work from Offshore Development Center — ODC)
• Chennai (Client location)
Key Responsibilities
• Lead the Vulnerability Management function across cloud and hybrid environments
• Define strategy, roadmap, and operating model for vulnerability management
• Lead the engineering, onboarding, and production support of cloud security and vulnerability management platforms
• Own the architecture, deployment, and lifecycle management of cloud security platforms
• Design and operate security controls that support Azure today while scaling into GCP
• Perform vulnerability scanning, assessment, prioritization, and remediation
• Detect, analyze, and remediate cloud vulnerabilities, misconfigurations, and control gaps
• Engineer control-break detection techniques to identify systemic security failures early
• Ensure closure of vulnerabilities within defined Service Level Agreements (SLAs)
• Manage the vulnerability lifecycle: Discovery → Assessment → Remediation → Reporting
• Define and measure security-focused SLIs and SLOs in partnership with stakeholders
• Drive automation and reporting dashboards
• Act as escalation point for critical vulnerabilities; contribute to incident response, mitigation, and post-incident reviews from a cloud security perspective
• Partner with cloud engineering teams to embed security controls into platform design
• Research, evaluate, and recommend cloud security technologies aligned to the customer's risk posture
• Lead, mentor, and guide the vulnerability management team; develop junior security engineers, promoting strong engineering discipline and operational excellence
• Prioritize team tasks and workload
Cloud Environment & Security Scope
• Microsoft Azure (primary / incumbent platform) — heavy hands-on exposure, approximately 70%
• Google Cloud Platform (GCP) for emerging data, platform, and AI workloads — working exposure, approximately 30%
• Multi-region cloud architectures supporting production, pre-production, and development environments
• Shared responsibility security models across infrastructure, platform, and application layers
Cloud Security Focus Areas
• Cloud vulnerability management across compute, container, platform, and managed services
• Identify, prioritize, and remediate cloud misconfigurations and vulnerabilities across Azure and GCP, including via Microsoft Defender for Cloud, Azure Security Center, Azure Policy, Azure Resource Graph, and cloud security posture management (CSPM)
• GCP-side visibility via Security Command Center, Cloud Asset Inventory, and Identity and Access Management (IAM)
• Detection of misconfigurations, control drift, and insecure cloud patterns
• Exposure management spanning identity, network, data, and workload layers
• Reducing systemic risk through automation, standardization, and preventative controls
Security Platforms & Tooling
• Vulnerability management tools: Qualys, Tenable (Nessus), Rapid7, and cloud-native security tools across Azure and GCP
• Cloud-native and enterprise security platforms, including vulnerability scanning and posture management tools; SIEM and centralized logging platforms; endpoint and workload protection technologies (EDR/XDR); packet capture and network visibility tooling where required
• Integration of security platforms via APIs into cloud and DevOps workflows
• Configuration management and automation across large-scale security platforms
• Working knowledge of network, operating system, endpoint, application, and cloud security
Infrastructure & Automation
• Infrastructure as Code (IaC) and configuration management for security controls
• Terraform and cloud-native tooling to enforce secure-by-default patterns
• CI/CD and DevSecOps integrations to shift vulnerability detection left (basic DevSecOps understanding required)
• Python-based scripting and automation for control validation and response
Reliability, Operations & Risk
• Apply Site Reliability Engineering (SRE) principles to security platforms to reduce outages and operational friction
• Participate in system design, platform management, and capacity planning
• Ensure audit-ready documentation, operational hygiene, and clear escalation paths
• Maintain a strong understanding of enterprise risk culture, control frameworks, and risk reduction techniques
Experience & Required Qualifications
• 10–12+ years of overall experience in Cybersecurity, Infrastructure Security, Cloud Security, or Vulnerability Management
• Majority of that experience must be in Vulnerability Management, Vulnerability Assessment, Remediation Governance, and Security Operations
• Bachelor's degree in Computer Science, Information Systems, or equivalent engineering experience
• Senior-level experience engineering and operating security platforms in public cloud environments
• Strong hands-on Microsoft Azure experience (~70%), with working knowledge of Google Cloud Platform (~30%)
• Deep experience in vulnerability management, configuration assessment, and exposure reduction
• Proficiency in Python for security automation and tooling
• Experience operating large-scale distributed systems in regulated environments
• Strong understanding of UNIX/Linux internals, networking, and cloud infrastructure
• Proven leadership experience managing vulnerability management programs, remediation tracking, stakeholder governance, and technical teams
Preferred Qualifications
• Financial services or highly regulated industry experience
• Experience integrating security platforms using APIs
• Familiarity with SIEM query languages (e.g., Splunk SPL, SQL-based analytics)
• Experience with DevSecOps and CI/CD security integrations
• Exposure to containerized and Kubernetes-based environments
• Experience applying AI/ML techniques to security analytics or detection
Key Competencies
• Strong problem-solving and remediation mindset
• Excellent communication and stakeholder management
• Leadership with ownership-driven accountability
• Self-starter and motivated
Success Criteria (KPIs)
• Reduction in high and critical vulnerabilities
• Improvement in remediation SLAs
• High-quality candidate validation and team product
Budget - Upto 40LPA
Please do not send resumes if having 3 months or 2 months notice period 15 day to 25 days would work.
Only those profiles would be considered who are sent on [email protected]