Responsibilities

Vulnerability Management and Remediation

• Drive vulnerability remediation efforts by identifying, prioritizing, and coordinating fixes for software vulnerabilities across systems and applications.

• Collaborate with development and operations teams to implement patches, updates, and mitigations in a timely manner.

Cloud Posture and Configuration Remediation

• Monitor and remediate cloud misconfigurations in AWS (primary) and GCP (secondary), using tools like CrowdStrike Falcon Complete CSPM/CNAPP or equivalents for posture management and drift detection.

• Enforce governance standards through automated checks, templates, and least-privilege controls.

Secrets Management Remediation

• Identify and remediate exposed secrets, ensuring they are not stored in version control systems or publicly accessible locations.

• Promote the use of secure secrets management tools and practices, such as integrating with vaults and rotation policies.

Security Alert Response

• Respond to security alerts from tools including Web Application Firewalls (WAF), firewalls, Endpoint Detection and Response (EDR), and Secure Access Service Edge (SASE).

• Triage, investigate, and resolve incidents, escalating as needed to senior engineers or response teams.

Process Streamlining and Automation

• Identify opportunities to improve security operations by enhancing documentation for remediation and response processes.

• Collaborate with detection and response engineering SMEs to develop automated workflows and orchestrate responses, reducing manual effort over time.

Infrastructure as Code (IaC) Reviews

• Review IaC merge requests (primarily Terraform) for adherence to security best practices, including the principle of least privilege.

• Provide feedback and recommendations to ensure secure configurations in infrastructure deployments.

Identity and Access Management Support

• Assist with AWS SSO/Identity Center configurations and support the implementation of Just-In-Time (JIT) access systems to minimize standing privileges.

• Promote zero standing privilege models to eliminate long-term access where possible.

Security Hygiene Oversight

• Monitor and ensure ongoing security hygiene across key areas: vulnerabilities, cloud configurations, EDR coverage, Kubernetes security (e.g., pod policies, network segmentation), and container scanning.

• Verify that security tooling (e.g., scanning, monitoring, and detection systems) is functioning optimally, troubleshooting issues and recommending improvements.

Compliance and Governance Support

• Assist in building and automating controls for SOC 2, PCI DSS, and internal standards; support evidence collection for audits.

• Participate in assessments to identify control gaps and collaborate on remediation plans.

• Contribute to metrics and reporting on security posture.

Evangelism, Mentorship & Cross-Team Enablement

• Support the promotion of security best practices through participation in workshops, office hours, and pairing sessions with teams.

• Mentor junior engineers on secure implementation patterns and provide hands-on guidance.

• Help maintain documentation such as runbooks, guides, code samples, and checklists.

• Act as a technical resource for security implementation questions and support.

Qualifications

• 7+ years of hands-on experience in security engineering, DevOps/SRE, or security operations with demonstrated impact in remediation and response.

• Strong experience with AWS security services (e.g., IAM Identity Center, KMS) and familiarity with GCP equivalents.

• Proficiency in Terraform for infrastructure-as-code; experience with policy-as-code tools (e.g., OPA/Rego) is a plus.

• Hands-on knowledge of CNAPP/CSPM platforms (e.g., CrowdStrike Falcon, SCC-E) and detection tools like GuardDuty or Devo.

• Familiarity with multi-cloud environments, Zero Trust principles, identity management, and secure workload patterns.

• Experience supporting controls in regulated environments (SOC 2, PCI DSS, ISO 27001, etc.).

• Solid communication skills: able to teach and collaborate with engineers at various levels; enthusiastic about sharing security knowledge.

• Proven ability to mentor others and contribute to the adoption of best practices.

Work Environment

In this role, a significant aspect of the job involves working in the office for a standard 40-hour workweek. We believe that the collaborative nature of our work and the face-to-face interactions among team members are essential for fostering a dynamic and productive work environment. Being present in the office enables seamless communication, facilitates quick decision-making, and encourages spontaneous collaboration that contributes to the overall success of our projects. We value the synergy that comes from having our team members physically together, allowing for immediate problem-solving, idea exchange, and team building.

Compensation

The expected earnings for this role could be comprised of a base salary and other forms of cash compensation, such as bonus or commissions as applicable.

This pay range is just one component of MX’s total rewards package. MX takes a number of factors into account when determining individual starting pay, including job and level they are hired into, location, skillset, peer compensation.

**Please note applicants applying for this position must have the legal right to work in India without the need for sponsorship. We are unable to provide work sponsorship for this role, and candidates should be able to verify their eligibility to work in the country independently. Proof of eligibility to work in India will be required as part of the hiring process.