DevSecOps Engineer
Confirmed live in the last 24 hours
Turing
Job Description
About Turing
Based in San Francisco, California, Turing is the world’s leading research accelerator for frontier AI labs and a trusted partner for global enterprises looking to deploy advanced AI systems. Turing accelerates frontier research with high-quality data, specialized talent, and training pipelines that advance thinking, reasoning, coding, multimodality, and STEM. For enterprises, Turing builds proprietary intelligence systems that integrate AI into mission-critical workflows, unlock transformative outcomes, and drive lasting competitive advantage.
Recognized by Forbes, The Information, and Fast Company among the world’s top innovators, Turing’s leadership team includes AI technologists from Meta, Google, Microsoft, Apple, Amazon, McKinsey, Bain, Stanford, Caltech, and MIT. Learn more at www.turing.com
Overview
We are seeking a highly skilled Cloud Security Engineer to join our Security team in India. This role is critical in enhancing and maintaining the security posture of our cloud infrastructure and services. You will work closely with engineering, DevOps, and fulfillment teams to embed best security practices into our cloud-native environments. Your primary focus will be on cloud posture management, secure configuration, identity and access management, and cloud-native security controls.
Responsibilities:
- Collaborate with engineering and fulfillment teams to integrate security best practices into cloud applications and infrastructure to reduce risk and ensure security is embedded across the SDLC.
- Review cloud architecture designs (GCP) to identify and mitigate security vulnerabilities and compliance gaps.
- Design, implement, and maintain cloud-native security monitoring tools (e.g., AWS CloudWatch, GuardDuty, Azure Sentinel).
- Define and enforce cloud security guardrails (e.g., disallow public S3 buckets, enforce encryption standards).
- Configure alerts, dashboards, and automated responses to cloud-specific security events.
- Design and manage secure IAM policies, roles, and permission models aligned with least-privilege principles.
- Perform regular audits of IAM roles and service permissions to identify and remove excessive privileges.
- Partner with DevOps teams to help define and support consistent identity practices across all environments.
- Manage GitHub security configurations and enforce secure code collaboration workflows, including GitHub Advanced Security features, branch protection rules, signed commits, codeowners, PR approvals, and dependency scanning.
- Scan Infrastructure-as-Code (e.g., Terraform, CloudFormation) for misconfigurations.
- Review secrets management strategies in CI/CD pipelines and enforce secure handling of credentials.
- Identify, track, and support remediation of vulnerabilities in cloud configurations and applications.
- Coordinate with engineering teams to triage findings and prioritize remediation efforts.
- Integrate cloud scanning tools into pipelines and remediation workflows.
- Deploy and manage container security controls across Kubernetes and Docker environments.
- Scan container images for known vulnerabilities and misconfigurations before deployment.
- Monitor runtime container security and ensure isolation and namespace boundaries.
- Ensure adherence to frameworks such as CIS Benchmarks, NIST, SOC 2, ISO 27001, or GDPR as applicable.
- Continuously evaluate emerging cloud security threats and recommend mitigation strategies.
- Participate in internal and external audits as required.
Qualifications Needed:
- Required
- Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience.
- 4+ years of experience in cloud security, DevSecOps, or infrastructure security.
- Proven hands-on experience with Google Cloud Platform (GCP) is required.
- Strong knowledge of IAM, VPC design, logging/monitoring, encryption, and cloud-native firewalls.
- Experience with Infrastructure-
