CDTR-Cybersecurity - Cloud Security-Senior Associate -Bangalore

At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In cloud security at PwC, you will be responsible for designing, implementing and elevating the security posture across our clients’ cloud environments, covering IaaS, PaaS and SaaS. Your work will involve having a deep technical knowledge of cloud security and you will work with one or more Cloud Service Providers (CSP) to implement security protocols, monitor for potential security breaches, conduct risk assessments and vulnerability testing of cloud-based systems, and stay up to date with the latest security threats and trends in cloud technology.

• Design security processes, controls, and governance approaches that scale across private, hybrid, and multi-cloud environments
• Development and implementation of comprehensive cloud, container, and application security strategies with a strong emphasis on DevSecOps principles
• Configure and deploy cloud resources, cloud topologies, landing zones in infrastructure-as-code (IaC) formats
• Strategize and design automated enforcement mechanisms for cloud security governance, including policy-as-code, preventative CSP guardrails, resource tagging, CI/CD pipeline gates, and CNAPP-enabled response playbooks
• Configure custom policy and control frameworks within CNAPP technologies to adhere to industry standard and apply consistent compliance measurement across cloud environments
• Instrument in-line security scanning technologies into CI/CD workflows to enable secure software delivery, inclusive of IaC scanning, image scanning, secrets scanning, code scanning, dynamic interface scanning, and dependency scanning platforms
• Instrument agent-based security technologies onto application, container, serverless, and cloud workloads to enable runtime protection, logging, vulnerability scanning, and EDR functions
• Harden software supply chains and infrastructure through configuration management workflows, software integrity mechanisms (e.g., code/image signing), segregation of duties, network settings, and access controls
• Perform data-driven security posture or forensic assessments of cloud environments and critical applications through configuration, code, permission, and log reviews
• Develop cloud-native or pipeline-triggered workflows to enable access provisioning, SecOps alerting, infrastructure remediation, and incident response procedures
• Integrate cloud and pipeline logging mechanisms with SIEM/SOAR platforms and design detection use cases to enable mature logging and monitoring programs
• Provide guidance and training to development and operations teams on best practices for secure coding and cloud security
• Qualifications:
• Bachelor’s degree in Computer Science, Computer/Systems Engineering, or a related field; advanced degree preferred
• Proven experience in cloud security management, with a strong focus on DevSecOps.
• In-depth knowledge of cloud platforms such as AWS, Azure, or Google Cloud, and their security features.
• Experience with security tools and technologies such as SIEM, WAFs, IAM, SAST/DAST, and container security.
• Familiarity with DevOps tools and practices including Jenkins, Docker, Kubernetes, and Terraform.
• Strong understanding of software development methodologies and secure coding practices.
• Excellent leadership and communication skills, with the ability to educate and influence teams on security best practices
• Qualifications:
• Bachelor’s degree in Computer Science, Computer/Systems Engineering, or a related field; advanced degree preferred
• Proven experience in cloud security management, with a strong focus on DevSecOps.
• In-depth knowledge of cloud platforms such as AWS, Azure, or Google Cloud, and their security features.
• Experience with security tools and technologies such as SIEM, WAFs, IAM, SAST/DAST, and container security.
• Familiarity with DevOps tools and practices including Jenkins, Docker, Kubernetes, and Terraform.
• Strong understanding of software development methodologies and secure coding practices.
• Excellent leadership and communication skills, with the ability to educate and influence teams on security best practices
  
  

• Extensive experience in Linux/Windows administration and VMWare virtualization
• Proficiency in scripting languages (Bash, PowerShell, Python, Ruby, Perl, etc.)
• Proficiency in common programming languages (Git, Java, JavaScript, Python, Rust, Go, C#, etc.)
• Kubernetes and container orchestration platform administration experience