Job Description
Job Title: Infra & Cloud Security Engineer (L3) – Overall Infrastructure & Cloud Security
Role Summary:
The L3 Infra & Cloud Security Engineer provides end-to-end senior engineering ownership for overall infrastructure security and overall cloud security across CLIENT environments. The role leads secure engineering, standards implementation, design reviews, and complex escalations spanning network security, endpoint security, email/web protection, and cloud security controls.
In-Scope Technologies
• Cloud Security / CSPM: Wiz; AWS native security; Azure native security
• Firewalls / VPN: Palo Alto, Cisco, Check Point; VPN (Palo Alto, Cisco)
• WAF / ADC: Cloudflare WAF; Citrix NetScaler
• Email Security: Area1, Cofense, PhishMe
• Endpoint / FIM: ManageEngine EDR; CrowdStrike FileVantage (FIM)
• Web Proxy / Gateway: Fortinet WebProxy
• SASE / Edge: Zscaler SASE; VMware Velocloud
Key Responsibilities: Overall Security Engineering Ownership (Infra + Cloud)
• Lead L3 engineering delivery for security controls across infrastructure and cloud, ensuring alignment with CLIENT security requirements, change practices, and service expectations.
• Drive secure configuration and hardening standards, and support continuous improvement of security tools, practices, and procedures.
Infrastructure Security Engineering
• Provide L3 engineering ownership for network and endpoint security controls, including firewall policy engineering, tuning, exception handling, and periodic review to reduce noise and improve protection.
• Support secure operations for endpoint protection and compliance enforcement expectations (policy enforcement, compliance checks, and remediation guidance).
• Support WAF security event handling and policy hygiene (alerts feed, anomaly escalation, certificate coordination, and rule/policy updates as requested).
• Support web proxy/internet gateway security control implementation activities including URL categorization decisions, allow/block lists, user-based rules, and log routing to security monitoring platforms where applicable.
• Support email security control tuning and operational effectiveness improvements (configuration, policy enhancements, and phishing campaign support where required).
Cloud Security Engineering (AWS & Azure)
• Provide L3 engineering for cloud security controls: secure connectivity, segmentation, encryption monitoring, access control governance, and vulnerability scanning expectations for cloud workloads
• Own CSPM/CNAPP engineering outcomes: onboarding cloud accounts/subscriptions, tuning detections, ensuring integrations to operational platforms, and supporting compliance scanning functionality.
Logging, Reporting & Control Evidence Support:
• Ensure security tooling and platforms produce required operational data (alerts/logs) and support reporting needs for stakeholders (dashboards and periodic reporting expectations).
• Support audit and assessment evidence readiness for implemented controls (documentation, configuration proof points, and control validation
Required Skills & Experience:
• 8–12+ years in infrastructure and cloud security engineering (enterprise scale)
• Strong experience in firewalls, VPN, WAF/ADC, proxy, endpoint security, plus AWS/Azure cloud security
• Proven ability to lead L3 escalations, perform secure design reviews, and drive engineering standardization
͏
Areas of responsibility
Monitoring and Incident Detection-Analyse attack trends and correlate logs across systems to identify advance threats. Enhance monitoring processes and implement improvements for faster detection, to ensure compliance with security frameworks and regulatory standards.
Incident Handling and Analysis-Perform root cause analysis, create incident response plans and implement disaster recovery measures to minimize business disruption
Threat Assessment and Analytics-Undertake forensic analysis using advanced analytics tools and implement mitigation measures to align with compliance requirements.
Stakeholder Coordination and Audit Assistance-"Liaise with cross functional teams, external vendors and auditors to ensure compliance with security frameworks.
Maintain audit documentation and ensure its accuracy while implementing processes that support audit readiness and continuous compliance."
Training and Awareness-Assist in creating and delivering cybersecurity awareness sessions, including guidance on phishing and malicious emails.
͏
͏
͏
Experience: 5-8 Years .
Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention.