Decision Foundry is a cloud-native, AppSec-first data and decisioning organization operating across the US, India, and Canada. As Principal Security & Cloud Engineer, you are our most senior hands-on technical authority across cloud infrastructure, application and AI security, and the engineering side of Governance, Risk, Compliance & Privacy (GRC).
About Role:
This is a deep, hands-on technical-lead role. You set technical direction and build secure cloud and AI systems yourself, and you also carry full operational ownership of the IT Department — running day-to-day IT operations and service delivery end to end. You raise the bar across the engineering organization through mentorship and reusable standards, leading by expertise and influence rather than formal people management.
Design and build secure, cost-aware cloud infrastructure on AWS (ECS, Lambda, Amplify, VPC, Aurora/RDS, S3, CloudFront), with Azure/Microsoft 365 secondary.
Define Infrastructure-as-Code (Terraform/CloudFormation) and secure CI/CD (GitHub Actions) so secure configuration is the default.
Keep cloud services reliable and observable, and act as the senior technical escalation point for infrastructure incidents.
Security and Application Security
Own Decision Foundry’s three-layer AppSec framework and keep it embedded in how teams build.
Run cloud and application security tooling (CSPM/CNAPP, SAST/DAST, vulnerability management) and software supply-chain security (SBOM via CycloneDX, Trivy/Syft, Dependency-Track).
Lead threat modeling, secure design reviews, and VAPT cycles across web, standalone, and agentic AI applications.
AI & LLM Security
Secure Decision Foundry’s AI/LLM footprint across AWS Bedrock and direct-provider integrations.
Defend against AI-specific threats (prompt injection, jailbreaks, data/model exfiltration, RAG poisoning), aligned to the OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS, and ISO 42001.
Implement AI guardrails, RAG security, and model/prompt governance, and validate AI data-residency claims (e.g. PHI in US and Canada regions).
Governance, Risk, Compliance & Privacy
Provide the hands-on technical implementation behind ISO 27001, SOC 2, GDPR, DPDP, and HIPAA.
Lead internal and external audits and certification programs, and own the technical answers to client security questionnaires.
Maintain data flow diagrams, security dashboards, IT & security metrics, and risk registers.
IT Operations & Department Ownership
Hold end-to-end ownership of the IT Department — IT operations, service delivery, and SLA compliance across all locations.
Own the service desk / ITSM platform and processes, ensuring adequate coverage during business hours and timely resolution.
Manage endpoints, identity, email (Microsoft 365 / Entra ID), networks, and servers, including user onboarding/offboarding and access lifecycle.
Own IT asset lifecycle, software licensing, vendor relationships, and IT procurement, and plan the annual IT budget and capacity for assigned locations.
Maintain IT & security policies and standards, and report IT & security program status, metrics, and risks to the business.
Technical Leadership & Monitoring
Raise the engineering bar through design reviews, reusable standards, and runbooks — leading by influence.
Mentor IT and security engineers on cloud, AppSec, and AI-security practices.
Deliver security awareness and technical enablement, and act as the senior technical point of contact for vendors and stakeholders.
Requirements
Core Technical Skills
Deep, hands-on cloud engineering expertise on AWS (ECS, Lambda, Amplify, VPC, IAM, Aurora/RDS, S3, CloudFront), with working knowledge of Azure / Microsoft 365.
Strong networking, Linux/Windows, and systems fundamentals, plus production experience with Infrastructure-as-Code (Terraform/CloudFormation) and CI/CD (GitHub Actions).
Proven application and cloud security engineering: IAM and least-privilege design, secrets management, SAST/DAST/CSPM tooling, VAPT, threat modeling, and software supply-chain security (SBOM).
Practical experience securing AI/LLM systems — Bedrock or comparable platforms, prompt-injection defenses, guardrails, and RAG security — mapped to OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS, and ISO 42001.
Hands-on GRC engineering experience implementing and evidencing ISO 27001, SOC 2, GDPR, DPDP, and HIPAA controls in a cloud-native environment.
Experience managing service desk / ITSM systems and tools, and a working knowledge of relevant industry standards, best practices, and legal/regulatory requirements.
Strong written and verbal English for policy, standards, and design documentation, and an interest in clear technical communication and content related to information security.
Flexibility to collaborate across US, India, and Canada time zones as required (no night shifts).
Experience & Qualifications
13–15 years in IT/cloud engineering and IT service delivery, with deep expertise in information security — ideally including cloud security, application security, and GRC.
A track record as a senior hands-on technical lead who both builds systems directly and owns IT operations / service delivery end to end.
Degree or Diploma in IT, Computer Science, or a related field.
All Job Ads are subject to GrabJobs’s Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by GrabJobs moderation team. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.
Be the first to receive the latest Others Full-Time Jobs in India.
Setup your job alert:
By activating job alerts, I agree to GrabJobs Terms & Privacy Policy. I can unsubscribe to job alerts anytime.
Skip