DevsecOps Engineer

Role: DevSecOps Engineer – Cloud & AI Security

Location: Thane / Mumbai, India

Start Date: ASAP

Reporting to: Technical Project Manager

About Quantanite

Quantanite is a customer experience (CX) and digital outsourcing solutions company helping fast-growing businesses and global brands rethink their operations. Through intelligent automation, GenAI, and exceptional people, we deliver measurable transformation and seamless service delivery across every touchpoint. Our global teams are passionate about innovation, agility, and purpose-driven results.

About the Role

We are seeking a DevSecOps Engineer – Cloud & AI Security to take ownership of security implementation across Quantanite's application and cloud infrastructure estate. This is a hands-on, engineering-first role — the person we hire will be equally fluent in application-layer security controls, Azure cloud hardening, and the emerging discipline of AI security.

As Quantanite builds and deploys AI-powered applications and platforms on Azure, security must be robust and embedded into the development lifecycle, the deployment pipeline, and the infrastructure design. You will be the person who makes that happen: designing, implementing, and continuously improving security controls across software, data, and cloud infrastructure layers.

The ideal candidate is not a policy writer but a practitioner — someone who can threat-model an AI system, harden a Kubernetes cluster, build a secure CI/CD pipeline, and advise engineering teams on secure coding practices, all with equal confidence.

Key Responsibilities

1. Application & Software Security

• Embed security controls throughout the software development lifecycle (SDLC) — from design reviews and threat modelling to code scanning, testing, and post-deployment monitoring.
• Implement and manage SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tooling within CI/CD pipelines.
• Define and enforce secure coding standards and conduct security-focused code reviews across application teams.
• Implement and manage secrets management, certificate lifecycle management, and key rotation practices.
• Design and enforce authentication and authorisation frameworks: OAuth 2.0, OIDC, RBAC, and least-privilege access patterns across applications.
• Own vulnerability assessment and remediation across application components — identifying, prioritising, and tracking fixes to closure.
• Implement and maintain Web Application Firewall (WAF) rules, API security gateways, and input validation controls.

2. AI Security Controls

• Define and implement security controls specific to AI/ML systems: model access controls, prompt injection defences, adversarial input handling, and output validation.
• Implement data security for AI pipelines — including per-tenant data isolation, encryption-at-rest and in-transit (AES-256, TLS 1.3/mTLS), and secure data ingestion from external client sources.
• Design and enforce data governance controls for AI training and inference environments: data lineage, access logging, and retention policy enforcement.
• Assess and mitigate risks specific to LLM and GenAI deployments: model inversion attacks, data leakage through model outputs, jailbreak vectors, and supply chain risks in AI frameworks.
• Establish security review processes for AI model deployment, including model signing, registry security, and inference endpoint hardening.
• Collaborate with AI/ML engineers to ensure RAG pipelines, vector databases, and agentic workflows are built with security-first design principles.
• Stay current with evolving AI security standards and frameworks (e.g. OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF) and translate these into actionable controls.

3. Azure Cloud Infrastructure Security

• Design and implement a secure Azure landing zone: VNet architecture, Network Security Groups (NSGs), Azure Firewall, Private Endpoints, and subnet segmentation.
• Implement and manage Azure Security Centre / Microsoft Defender for Cloud — continuously monitoring posture, alerts, and compliance scores.
• Harden Azure PaaS services: Azure App Service, Azure Kubernetes Service (AKS), Azure Container Registry, Azure API Management, Azure SQL, and Azure Data Lake Storage.
• Manage Azure Active Directory / Entra ID: Conditional Access policies, Privileged Identity Management (PIM), managed identities, and service principal governance.
• Implement and maintain Azure Key Vault for secrets, certificates, and encryption key management across all environments.
• Design and enforce Infrastructure as Code (IaC) security practices — security policy-as-code, automated scanning of Terraform/Bicep/ARM templates, and drift detection.
• Establish cloud security posture management (CSPM) processes and remediation workflows for misconfigurations and policy violations.
• Design and implement DDoS protection, rate limiting, and bot mitigation controls at the network and application layers.

4. DevSecOps Pipeline & Automation

• Build and maintain security gates within CI/CD pipelines (Azure DevOps / GitHub Actions) — integrating security scanning, compliance checks, and automated approval workflows.
• Implement container security scanning (image vulnerability scanning, runtime security) for Docker and Kubernetes workloads.
• Automate security compliance checks and reporting against standards including ISO 27001, SOC 2, and GDPR using Azure Policy and custom automation.
• Establish security monitoring, alerting, and incident response pipelines using Azure Monitor, Microsoft Sentinel (SIEM), and Log Analytics.
• Define and test incident response runbooks for cloud and application security events, including breach containment and recovery procedures.

5. Governance, Compliance & Collaboration

• Conduct regular vulnerability assessments and penetration testing — managing external testing engagements and remediating findings.
• Provide technical security inputs for client due diligence, RFP responses, and compliance audit evidence (ISO 27001, SOC 2, GDPR, client-specific requirements).
• Work closely with the InfoSec Leader on aligning technical controls with the organisation's information security policy framework.
• Act as a security advisor and enabler to engineering teams — running secure design workshops, threat modelling sessions, and developer security awareness training.
• Maintain security documentation: architecture decision records, control evidence, risk registers, and remediation tracking.
  
  

Required Skills & Qualifications

Education & Experience

• Bachelor's degree in Computer Science, Information Security, Software Engineering, or a related field.
• 5–8 years of experience in a DevSecOps, Cloud Security, or Application Security engineering role.
• Demonstrable hands-on experience across both application security and cloud infrastructure security — not just one or the other.
• Prior experience in a security role supporting AI/ML or data-intensive platforms is a strong advantage.

Application & AI Security

• Proficiency with SAST/DAST/SCA tools: Snyk, Checkmarx, OWASP ZAP, or equivalent.
• Strong understanding of OWASP Top 10 (web), OWASP API Security Top 10, and OWASP LLM Top 10.
• Hands-on experience with secrets management tools: Azure Key Vault, or equivalent.
• Experience securing APIs: authentication (OAuth 2.0, API keys, mTLS), rate limiting, input validation, and API gateway configuration.
• Understanding of AI/ML security risks — prompt injection, data poisoning, model exfiltration, and adversarial attacks — and practical mitigation approaches.
• Familiarity with data encryption standards: AES-256 encryption at rest, TLS 1.3 and mTLS in transit, envelope encryption, and key management.

Azure Cloud Security

• Hands-on expertise with Azure security services: Microsoft Defender for Cloud, Microsoft Sentinel, Azure Firewall, Azure DDoS Protection, Azure Policy, Azure Key Vault.
• Strong working knowledge of Azure networking security: VNets, NSGs, UDRs, Private Endpoints, Application Gateway with WAF, Azure Front Door.
• Experience hardening Azure PaaS services and AKS (Kubernetes) workloads, including pod security, network policies, and image scanning.
• Proficiency with Azure Active Directory / Entra ID: Conditional Access, PIM, managed identities, and RBAC.
• Familiarity with cloud security benchmarks: CIS Azure Foundations, Microsoft Cloud Security Benchmark (MCSB).

DevSecOps & Infrastructure as Code

• Experience building security into CI/CD pipelines using Azure DevOps or GitHub Actions.
• Proficiency with Infrastructure as Code tools: Terraform, Bicep, or ARM — including IaC security scanning.
• Scripting skills in Python, PowerShell, or Bash for automation of security tasks and compliance checks.
• Experience with container security: Docker image hardening, Kubernetes security policies, container runtime protection.
• Familiarity with Git-based workflows, branch protection, signed commits, and dependency security management.
  
  

Preferred Experience

• Relevant security certifications: AZ-500 (Azure Security Engineer), SC-200 (Security Operations Analyst), CISSP, CEH, OSCP, or equivalent.
• Experience working in a BPO, contact centre, or digital services environment handling client data under strict confidentiality requirements.
• Familiarity with multi-tenant SaaS security architecture — per-tenant data isolation, encryption key segregation, and audit logging.
• Experience preparing for and supporting external security audits and penetration testing engagements.
• Familiarity with regulatory frameworks relevant to BPO and data processing: GDPR, CCPA, ISO 27001, SOC 2 Type II.
• Exposure to AI governance frameworks such as NIST AI RMF or MITRE ATLAS.
• Experience with SIEM platforms: Microsoft Sentinel, Splunk, or equivalent — including custom detection rule authoring.
  
  

Soft Skills

• Strong analytical and problem-solving skills — comfortable owning security issues end to end, from discovery through to remediation.
• Excellent communication skills: able to articulate security risks and controls clearly to both technical teams and non-technical stakeholders.
• Collaborative and advisory mindset — you secure by enabling, not blocking.
• High ownership, proactive, and delivery-focused — you do not wait to be asked.
• Ability to work effectively in a fast-paced environment where technology stacks and threats evolve rapidly.
• High personal resilience and achievement orientation.
  
  

Benefits

At Quantanite, we ask a lot of our associates, which is why we give so much in return. In addition to your compensation, our perks include:

• Dress: Wear anything you like to the office. We want you to feel as comfortable as when working from home.
• Employee Engagement: Experience our family community and embrace our culture where we bring people together to laugh and celebrate our achievements.
• Professional Development: We love giving back and ensure you have opportunities to grow with us and even travel on occasion.
• Events: Regular team and organisation-wide get-togethers and events.
• Value Orientation: Everything we do at Quantanite is informed by our Purpose and Values. We Build Better. Together.
  
  

Future Development

At Quantanite, you'll have a personal development plan to help you improve in the areas you're looking to develop over the coming years. Your manager will dedicate time and resources to supporting you in getting to the next level.

You'll also have the opportunity to progress internally. As a fast-growing organisation, our teams are growing, and you'll have the chance to take on more responsibility over time. So, if you're looking for a career full of purpose and potential, we'd love to hear from you!