*Role: DevSecOps Engineer – Cloud \& AI Security** **Location**: Thane / Mumbai, India **Start Date**: ASAP **Reporting to**: Technical Project Manager **About Quantanite** Quantanite is a customer experience (CX) and digital outsourcing solutions company helping fast\-growing businesses and global brands rethink their operations. Through intelligent automation, GenAI, and exceptional people, we deliver measurable transformation and seamless service delivery across every touchpoint. Our global teams are passionate about innovation, agility, and purpose\-driven results. **About the Role** We are seeking a DevSecOps Engineer – Cloud \& AI Security to take ownership of security implementation across Quantanite's application and cloud infrastructure estate. This is a hands\-on, engineering\-first role — the person we hire will be equally fluent in application\-layer security controls, Azure cloud hardening, and the emerging discipline of AI security. As Quantanite builds and deploys AI\-powered applications and platforms on Azure, security must be robust and embedded into the development lifecycle, the deployment pipeline, and the infrastructure design. You will be the person who makes that happen: designing, implementing, and continuously improving security controls across software, data, and cloud infrastructure layers. The ideal candidate is not a policy writer but a practitioner — someone who can threat\-model an AI system, harden a Kubernetes cluster, build a secure CI/CD pipeline, and advise engineering teams on secure coding practices, all with equal confidence. **Key Responsibilities** **1\. Application \& Software Security** * Embed security controls throughout the software development lifecycle (SDLC) — from design reviews and threat modelling to code scanning, testing, and post\-deployment monitoring. * Implement and manage SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tooling within CI/CD pipelines. * Define and enforce secure coding standards and conduct security\-focused code reviews across application teams. * Implement and manage secrets management, certificate lifecycle management, and key rotation practices. * Design and enforce authentication and authorisation frameworks: OAuth 2\.0, OIDC, RBAC, and least\-privilege access patterns across applications. * Own vulnerability assessment and remediation across application components — identifying, prioritising, and tracking fixes to closure. * Implement and maintain Web Application Firewall (WAF) rules, API security gateways, and input validation controls. **2\. AI Security Controls** * Define and implement security controls specific to AI/ML systems: model access controls, prompt injection defences, adversarial input handling, and output validation. * Implement data security for AI pipelines — including per\-tenant data isolation, encryption\-at\-rest and in\-transit (AES\-256, TLS 1\.3/mTLS), and secure data ingestion from external client sources. * Design and enforce data governance controls for AI training and inference environments: data lineage, access logging, and retention policy enforcement. * Assess and mitigate risks specific to LLM and GenAI deployments: model inversion attacks, data leakage through model outputs, jailbreak vectors, and supply chain risks in AI frameworks. * Establish security review processes for AI model deployment, including model signing, registry security, and inference endpoint hardening. * Collaborate with AI/ML engineers to ensure RAG pipelines, vector databases, and agentic workflows are built with security\-first design principles. * Stay current with evolving AI security standards and frameworks (e.g. OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF) and translate these into actionable controls. **3\. Azure Cloud Infrastructure Security** * Design and implement a secure Azure landing zone: VNet architecture, Network Security Groups (NSGs), Azure Firewall, Private Endpoints, and subnet segmentation. * Implement and manage Azure Security Centre / Microsoft Defender for Cloud — continuously monitoring posture, alerts, and compliance scores. * Harden Azure PaaS services: Azure App Service, Azure Kubernetes Service (AKS), Azure Container Registry, Azure API Management, Azure SQL, and Azure Data Lake Storage. * Manage Azure Active Directory / Entra ID: Conditional Access policies, Privileged Identity Management (PIM), managed identities, and service principal governance. * Implement and maintain Azure Key Vault for secrets, certificates, and encryption key management across all environments. * Design and enforce Infrastructure as Code (IaC) security practices — security policy\-as\-code, automated scanning of Terraform/Bicep/ARM templates, and drift detection. * Establish cloud security posture management (CSPM) processes and remediation workflows for misconfigurations and policy violations. * Design and implement DDoS protection, rate limiting, and bot mitigation controls at the network and application layers. **4\. DevSecOps Pipeline \& Automation** * Build and maintain security gates within CI/CD pipelines (Azure DevOps / GitHub Actions) — integrating security scanning, compliance checks, and automated approval workflows. * Implement container security scanning (image vulnerability scanning, runtime security) for Docker and Kubernetes workloads. * Automate security compliance checks and reporting against standards including ISO 27001, SOC 2, and GDPR using Azure Policy and custom automation. * Establish security monitoring, alerting, and incident response pipelines using Azure Monitor, Microsoft Sentinel (SIEM), and Log Analytics. * Define and test incident response runbooks for cloud and application security events, including breach containment and recovery procedures. **5\. Governance, Compliance \& Collaboration** * Conduct regular vulnerability assessments and penetration testing — managing external testing engagements and remediating findings. * Provide technical security inputs for client due diligence, RFP responses, and compliance audit evidence (ISO 27001, SOC 2, GDPR, client\-specific requirements). * Work closely with the InfoSec Leader on aligning technical controls with the organisation's information security policy framework. * Act as a security advisor and enabler to engineering teams — running secure design workshops, threat modelling sessions, and developer security awareness training. * Maintain security documentation: architecture decision records, control evidence, risk registers, and remediation tracking. **Required Skills \& Qualifications** **Education \& Experience** * Bachelor's degree in Computer Science, Information Security, Software Engineering, or a related field. * 5–8 years of experience in a DevSecOps, Cloud Security, or Application Security engineering role. * Demonstrable hands\-on experience across both application security and cloud infrastructure security — not just one or the other. * Prior experience in a security role supporting AI/ML or data\-intensive platforms is a strong advantage. **Application \& AI Security** * Proficiency with SAST/DAST/SCA tools: Snyk, Checkmarx, OWASP ZAP, or equivalent. * Strong understanding of OWASP Top 10 (web), OWASP API Security Top 10, and OWASP LLM Top 10\. * Hands\-on experience with secrets management tools: Azure Key Vault, or equivalent.…