Position: Manager & Dy Manager 
Location: Goregaon

Department: Cloud Security (Infra) Function: Information Security

JD:
The Cloud Security and WAF Specialist is responsible for designing, implementing, and managing security measures
to protect cloud infrastructure and web applications. This role involves securing cloud-based systems, configuring
and maintaining Web Application Firewalls (WAF), and addressing vulnerabilities to ensure the organization’s
systems and applications are secure from cyber threats.

Key Responsibilities
· Required experience in cloud security domain. Broad understanding of cloud technologies (SAAS, PAAS.).
· Design and implement cloud security strategies, policies, and best practices for major platforms such as
AWS, Azure, or Google Cloud.
· Monitor cloud environments for potential security threats, misconfigurations, and vulnerabilities.
· Ensure robust identity and access management (IAM) practices, including role-based access control (RBAC)
and multifactor authentication (MFA).
· Configure, deploy, and manage Web Application Firewalls (WAF) to protect web applications from
common threats (e.g., SQL injection, cross-site scripting, and DDoS attacks).
· Fine-tune WAF rules and policies to reduce false positives while maintaining robust protection.
· Perform regular WAF audits and updates to keep up with emerging threats and application changes.
· Investigate and respond to WAF-related security incidents and alerts.
· Maintain documentation for security controls, incident response, and WAF policies.
· Conduct regular security assessments of cloud environments, including vulnerability scans and penetration
testing.
· Educate internal teams on cloud and application security best practices, including secure application
development.
· Co-ordinating with Vendor for application vulnerability remediation.
· Familiar with cyber security concepts and industry-best practices.
· Management reporting (daily / weekly / monthly) with remediation plans, progress, and issues.
· Management, administration & maintenance of security devices under the purview of IT Security team
which consists of state-of-the art technologies.

Qualification and Key Competencies

· 6+ years of experience in cloud security, web application security, or a related role.
· Hands-on experience managing WAF solutions (e.g., AWS WAF, Azure WAF, Cloudflare, Akamai, or F5).
· BE-IT / B Tech /Comps
· CEH
· Certified Cloud Security Professional (CCSP) & AWS Certified Security.
Knowledge, Skills, Abilities and Worker Characteristics:
· Proficient in Incident Management and Response.
· Proficiency in WAF configuration, tuning, and management.
· Strong understanding of OWASP Top 10 and application security principles.
· Experience with tools like SIEM, vulnerability scanners, and cloud monitoring solutions.
· Familiarity with scripting and automation tools (e.g., Python, Terraform, Ansible).
· Knowledge of container and microservices security (e.g., Docker, Kubernetes).
· Experience in vulnerability assessment & mitigation.
· Excellent communication and leadership skills.
· Working knowledge and experience with MS office with proficiency in Excel.

EXP : 6-8yr