Skip to the main content.
SCHEDULE DEMO
SCHEDULE DEMO
Partner Programs
Technology Partners
Featured Report

Pause GIF image

We're hiring!

Cloud Security Architect

Experience: 8-12 Years    Hyderabad / Bhimavaram

About Netenrich, Inc.

Netenrich delivers complete Resolution Intelligence to transform digital operations into smarter business outcomes. With fifteen years’ innovation across IT, NetOps and SecOps, Netenrich applies a dynamic mix of machine and expert intelligence across a wide range of products and SaaS-based offerings. The solutions integrate with more than 140 market-leading IT and security applications to drive digital transformation, mitigate brand exposure, increase efficiencies, and bridge skills gaps. More than 6,000 customers and organizations worldwide rely on Netenrich to gain increased visibility and actionable intelligence across their IT and cloud networks. The company is privately owned and based in Santa Clara, CA.

Apply Now

Job Role:

We are looking for an experienced and hands-on Cloud Security Architect to join our team in Hyderabad/Bhimavaram. The role requires a deep understanding of cloud-native application protection platforms (CNAPP) such as Wiz, and a strong technical foundation in securing production environments at scale. The candidate must be able to design, implement, and continuously improve security across operating systems, applications, and multi-cloud services (AWS, Azure, GCP).

This role will act as a bridge between security, infrastructure, DevOps, and application teams, ensuring that security is embedded across the entire lifecycle — from architecture and design to deployment and operations — while aligning with industry best practices and compliance frameworks.

Key Responsibilities:

Cloud Security Architecture & Design

  • Architect secure, scalable, resilient multi-cloud solutions; assess and uplift existing landing zones (AWS Control Tower, Azure ALZ, GCP LZ) with zero-trust patterns and segmentation.
  • Lead adoption and tuning of CNAPP (Wiz preferred) for posture, vulnerability, CIEM, container, and compliance monitoring; integrate into incident/change workflows.
  • Publish reference architectures and guardrails for IaaS, PaaS, containers/Kubernetes, serverless, and SaaS; embed least-privilege IAM, KMS/Key Vault/Cloud KMS, encryption in transit/at rest, tokenization, and secrets management.
  • Partner with platform, SRE, and app teams to embed security by design (threat modeling, architecture reviews, security NFRs).

Managed Cloud Security Operations (Posture, Enforcement & Optimization)

  • Operate and continuously improve CNAPP (Wiz preferred) across AWS/Azure/GCP: tune posture policies, de-duplicate/suppress noise, drive risk-based remediation at scale.
  • Run CSPM/CWPP/CIEM day-to-day: policy tuning, guardrails, exceptions with expiry, auto remediation via IaC/SSM/Runbooks; integrate with ticketing (Jira/ServiceNow) and track SLAs.
  • Continuous compliance: implement policy-as-code and evidence automation; maintain dashboards/mappings for ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, NIST CSF/CIS; manage POA&Ms to closure.
  • Identity & access guardrails: enforce least-privilege baselines, conditional access, access reviews/recertifications, break-glass controls; manage secrets/keys rotation (KMS/Key Vault/Cloud KMS, HSM).
  • Kubernetes & container runtime ops: admission policies (OPA/Gatekeeper), image signing/verification, registry controls, runtime protections (eBPF/agents), and baseline hardening for EKS/AKS/GKE.
  • Vulnerability & patch orchestration: coordinate OS/app/container scanning, set patch SLAs and maintenance windows, handle risk-accepted exceptions with review cadences.
  • Data protection posture: encryption at rest/in transit, tokenization, DLP/DSPM (where applicable), data residency/sovereignty checks, and key lifecycle hygiene.
  • SIEM/SOAR/XDR integration: normalize CNAPP/CSPM/CWPP signals, build alerting & playbooks, measure MTTD/MTTR, and lead RCA with durable fixes and control improvements.
  • FinOps-aware security: right-size agents and telemetry, optimize license/ingest costs, and balance risk reduction with performance and spend.
  • Reporting & stakeholder comms: weekly risk burndowns, compliance status, executive scorecards, and remediation progress across product/infra teams.

Ops success metrics (examples): ≥90% critical misconfigurations remediated in top accounts within 90 days; patch-SLA compliance ≥95%; MTTR reduced ≥30%; audit findings closed on plan.

Governance, Risk & Compliance

  • Establish and maintain policies, baselines, and control mappings to ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, NIST CSF/800-53, CIS Benchmarks.
  • Enable continuous compliance via CNAPP/cloud config rules and automated evidence collection.
  • Lead/assist audits and security questionnaires; produce risk assessments, gap analyses, POA&Ms, and executive readouts.

Threat Management & Incident Response

  • Conduct threat modeling and attack-surface analysis (cloud, container, API); run red/blue/purple exercises for cloud scenarios.
  • Build playbooks/integrations with SIEM/SOAR/XDR; lead/assist incident triage, forensics, RCA, and post-incident hardening.
  • Track and mitigate evolving threats (supply chain, container/runtime exploits, misconfigurations, API abuse).

Requirements:

Technical Expertise

  • Proven hands-on experience with CNAPP solutions (preferably Wiz; experience with Prisma Cloud, Orca Security, or Lacework is a plus).
  • Strong knowledge of cloud provider security services (AWS IAM, KMS, GuardDuty, Security Hub; Azure Defender, Sentinel, Key Vault; GCP Security Command Center, IAM).
  • Expertise in Kubernetes and container security (admission controllers, pod security policies, runtime protection, image scanning).
  • Proficiency in operating system hardening (Linux, Windows) and application-level security.
  • Hands-on scripting/automation experience (Python, PowerShell, Bash, Terraform, or similar).
  • Familiarity with identity federation, secrets management, encryption, PKI, and key rotation practices.

Professional Background

  • 8–12 years of IT/security experience, with at least 4–6 years in cloud security architecture and engineering.
  • Demonstrated track record of securing large-scale, production-grade cloud environments.
  • Certifications strongly preferred:

    1. Cloud: AWS Certified Security Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer
    2. Security: CISSP, CCSP, CISM, or equivalent

Soft Skills

  • Strong analytical and problem-solving abilities with a hands-on, solution-oriented mindset.
  • Excellent communication and documentation skills to effectively engage senior leadership, engineers, and auditors.
  • Ability to balance practical security with business enablement.
  • Team player who can influence without authority and drive cross-functional initiatives.

Preferred Qualifications

  • Experience with SIEM, SOAR, and XDR solutions for cloud monitoring and incident management.
  • Knowledge of DevSecOps pipelines with tools like GitHub Actions, Jenkins, GitLab CI/CD, or Azure DevOps.
  • Contributions to cloud security research, open-source projects, or community forums.

Apply Now

If not you, know anyone who is good for this role? If yes, please refer to fathima.khanam@netenrich.com