P
Lead Specialist, Cybersecurity
Accepting applicationsPearson · Bengaluru East, Karnataka, India
Full-Time Mid_senior PythonSOC
Estimated market salary
₹25-44 LPA
This is a SiliconBoard market estimate, not an employer-posted salary.
Posted
4d ago
Category
Design
Experience
Mid_senior
Country
India
Job Title: Lead Specialist, Cybersecurity
Position Overview
We are seeking an Infrastructure Security Engineer to partner with SRE and infrastructure teams to embed security into our infrastructure deployment and operations. This role will be responsible for creating and validating secure configuration and deployment templates, building audit and detection automation, and ensuring our infrastructure is protected against evolving threats. The ideal candidate combines deep technical expertise in infrastructure technologies with security automation skills and a collaborative approach to working with engineering teams.
Key Responsibilities
SRE & Infrastructure Team Collaboration
Partner with SRE and infrastructure teams to integrate security into infrastructure workflows, deployment pipelines, and operational practices
Create and validate secure configuration templates for Terraform, CloudFormation, Ansible, and other infrastructure automation tools
Develop deployment templates that embed security controls by default for common infrastructure patterns (VPCs, security groups, IAM roles, compute instances)
Review and approve infrastructure code providing security guidance and validation before production deployment
Conduct security assessments of infrastructure designs and deployment patterns in collaboration with SRE teams
Establish security guardrails that enable infrastructure teams to move quickly while maintaining security standards
Audit & Detection Automation
Build automated audit systems to continuously validate infrastructure configurations against security baselines and compliance requirements
Develop detection automation for identifying security misconfigurations, policy violations, and anomalous infrastructure changes
Implement policy-as-code frameworks using Open Policy Agent (OPA), AWS Config Rules, Azure Policy, or Sentinel to enforce security standards
Create automated remediation workflows for common security violations and configuration drift
Build compliance validation automation to continuously assess infrastructure against CIS benchmarks, SOC 2, and other frameworks
Develop security metrics and dashboards providing visibility into infrastructure security posture and trends
Security Architecture & Design
Design and implement security architectures for hybrid and multi-cloud environments (AWS, Azure, GCP)
Develop network security architectures including network segmentation, zero trust principles, and micro-segmentation strategies
Build security baselines and hardening standards for servers, endpoints, containers, and cloud resources based on CIS benchmarks and industry best practices
Design secure landing zones and account structures for cloud environments with appropriate guardrails and security controls
Implement defense-in-depth strategies across network, host, application, and data layers
Conduct security architecture reviews for infrastructure changes, new deployments, and technology adoption
Cloud & Infrastructure Security
Implement and manage cloud security controls including security groups, NACLs, WAF, cloud firewalls, and encryption services
Configure cloud security posture management (CSPM) tools to continuously assess and remediate misconfigurations
Deploy and manage container security for Docker, Kubernetes, and container orchestration platforms
Implement infrastructure-as-code security scanning and policy enforcement for Terraform, CloudFormation, and other IaC tools
Secure cloud-native services including serverless functions, managed databases, object storage, and API gateways
Manage secrets and encryption keys using vaults, KMS, and secure key management practices
Security Automation & Infrastructure as Code
Develop and maintain security automation using Python, PowerShell, Bash, or Go for audit, detection, and remediation tasks
Create reusable IaC security modules and templates for Terraform, CloudFormation, or Pulumi that SRE teams can leverage
Implement IaC scanning and validation in CI/CD pipelines using tools like Checkov, Terrascan, tfsec, or custom validators
Build security policy as code using tools like Open Policy Agent (OPA), Sentinel, AWS Config Rules, or Azure Policy
Automate security testing of infrastructure deployments including configuration validation and compliance checks
Collaborate with SRE teams to integrate security automation into GitOps workflows and deployment pipelines
Compliance & Governance
Support compliance initiatives for SOC 2, ISO 27001, PCI-DSS, HIPAA, or other frameworks
Conduct infrastructure security audits and assessments against security standards
Document security architectures and maintain system security plans (SSPs)
Develop runbooks and procedures for security operations and incident response
Generate compliance reports demonstrating security control effectiveness
Collaboration & Advisory
Work embedded with SRE teams to understand infrastructure patterns, deployment workflows, and operational needs
Partner with infrastructure teams on architecture reviews, technology evaluations, and capacity planning with security considerations
Provide security guidance on infrastructure projects, deployment strategies, and architectural decisions in real-time
Train SRE and infrastructure staff on secure configuration practices, security tooling, and threat awareness
Enable self-service security by creating documentation, runbooks, and templates that infrastructure teams can use independently
Collaborate with peer security teams on application security, identity management, and security operations to ensure holistic coverage
Required Qualifications
Experience
5+ years of hands-on experience in infrastructure security, network security, or systems engineering with security focus
3+ years working with cloud platforms (AWS, Azure, or GCP) with focus on security architecture and implementation
Proven experience implementing security controls across hybrid environments (on-premises and cloud)
Strong background in network security including firewalls, segmentation, VPNs, and network monitoring
Experience with security hardening of Windows and Linux systems
Technical Skills
Cloud Platforms: Deep knowledge of AWS, Azure, or GCP security services, IAM, networking, and security architecture
Infrastructure as Code: Strong experience with Terraform, CloudFormation, Ansible, or similar tools including module/template development
Policy as Code: Proficiency with Open Policy Agent (OPA), Sentinel, AWS Config Rules, Azure Policy, or similar frameworks
Scripting & Automation: Strong skills in Python, PowerShell, Bash, or Go for building security automation and tooling
Network Security: Expertise with firewalls (Palo Alto, Cisco, Fortinet), network segmentation, VPNs, and IDS/IPS
Operating Systems: Strong knowledge of Windows and Linux administration, security hardening, and system internals
Container Security: Knowledge of Docker, Kubernetes security, and container orchestration
CI/CD Pipelines: Experience integrating security tools into GitLab CI, GitHub Actions, Jenkins, or similar platforms
Security Tools: Hands-on experience with vulnerability scanners (Nessus, Qualys), CSPM tools (Wiz, Prisma Cloud), EDR/XDR platforms
Monitoring & Logging: Experience with SIEM, log aggregation (Splunk, ELK), and security monitoring platforms
Knowledge & Competencies
Security Architecture: Understanding of defense-in-depth, zero trust, and security architecture principles
Security Frameworks: Familiarity with NIST Cybersecurity Framework, CIS Controls, MITRE ATT&CK
Compliance: Knowledge of SOC 2, ISO 27001, PCI-DSS, HIPAA, or other regulatory frameworks
TCP/IP & Networking: Strong understanding of networking protocols, routing, switching, and network architecture
Threat Landscape: Current knowledge of infrastructure threats, attack vectors, and defensive techniques
Soft Skills
Communication: Excellent ability to explain security concepts to technical and non-technical audiences
Collaboration: Strong partnership skills to work effectively with infrastructure, operations, and development teams
Problem-Solving: Analytical mindset with ability to troubleshoot complex security and infrastructure issues
Project Management: Ability to manage security projects from design through implementation
Adaptability: Flexibility to work in dynamic environments and adjust to changing priorities
Education & Certifications
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)
Who we are:
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.
Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.
Job: Security
Job Family: TECHNOLOGY
Organization: Corporate Strategy & Technology
Schedule: FULL_TIME
Workplace Type: Hybrid
Req ID: 23016
Show more Show less
Position Overview
We are seeking an Infrastructure Security Engineer to partner with SRE and infrastructure teams to embed security into our infrastructure deployment and operations. This role will be responsible for creating and validating secure configuration and deployment templates, building audit and detection automation, and ensuring our infrastructure is protected against evolving threats. The ideal candidate combines deep technical expertise in infrastructure technologies with security automation skills and a collaborative approach to working with engineering teams.
Key Responsibilities
SRE & Infrastructure Team Collaboration
Partner with SRE and infrastructure teams to integrate security into infrastructure workflows, deployment pipelines, and operational practices
Create and validate secure configuration templates for Terraform, CloudFormation, Ansible, and other infrastructure automation tools
Develop deployment templates that embed security controls by default for common infrastructure patterns (VPCs, security groups, IAM roles, compute instances)
Review and approve infrastructure code providing security guidance and validation before production deployment
Conduct security assessments of infrastructure designs and deployment patterns in collaboration with SRE teams
Establish security guardrails that enable infrastructure teams to move quickly while maintaining security standards
Audit & Detection Automation
Build automated audit systems to continuously validate infrastructure configurations against security baselines and compliance requirements
Develop detection automation for identifying security misconfigurations, policy violations, and anomalous infrastructure changes
Implement policy-as-code frameworks using Open Policy Agent (OPA), AWS Config Rules, Azure Policy, or Sentinel to enforce security standards
Create automated remediation workflows for common security violations and configuration drift
Build compliance validation automation to continuously assess infrastructure against CIS benchmarks, SOC 2, and other frameworks
Develop security metrics and dashboards providing visibility into infrastructure security posture and trends
Security Architecture & Design
Design and implement security architectures for hybrid and multi-cloud environments (AWS, Azure, GCP)
Develop network security architectures including network segmentation, zero trust principles, and micro-segmentation strategies
Build security baselines and hardening standards for servers, endpoints, containers, and cloud resources based on CIS benchmarks and industry best practices
Design secure landing zones and account structures for cloud environments with appropriate guardrails and security controls
Implement defense-in-depth strategies across network, host, application, and data layers
Conduct security architecture reviews for infrastructure changes, new deployments, and technology adoption
Cloud & Infrastructure Security
Implement and manage cloud security controls including security groups, NACLs, WAF, cloud firewalls, and encryption services
Configure cloud security posture management (CSPM) tools to continuously assess and remediate misconfigurations
Deploy and manage container security for Docker, Kubernetes, and container orchestration platforms
Implement infrastructure-as-code security scanning and policy enforcement for Terraform, CloudFormation, and other IaC tools
Secure cloud-native services including serverless functions, managed databases, object storage, and API gateways
Manage secrets and encryption keys using vaults, KMS, and secure key management practices
Security Automation & Infrastructure as Code
Develop and maintain security automation using Python, PowerShell, Bash, or Go for audit, detection, and remediation tasks
Create reusable IaC security modules and templates for Terraform, CloudFormation, or Pulumi that SRE teams can leverage
Implement IaC scanning and validation in CI/CD pipelines using tools like Checkov, Terrascan, tfsec, or custom validators
Build security policy as code using tools like Open Policy Agent (OPA), Sentinel, AWS Config Rules, or Azure Policy
Automate security testing of infrastructure deployments including configuration validation and compliance checks
Collaborate with SRE teams to integrate security automation into GitOps workflows and deployment pipelines
Compliance & Governance
Support compliance initiatives for SOC 2, ISO 27001, PCI-DSS, HIPAA, or other frameworks
Conduct infrastructure security audits and assessments against security standards
Document security architectures and maintain system security plans (SSPs)
Develop runbooks and procedures for security operations and incident response
Generate compliance reports demonstrating security control effectiveness
Collaboration & Advisory
Work embedded with SRE teams to understand infrastructure patterns, deployment workflows, and operational needs
Partner with infrastructure teams on architecture reviews, technology evaluations, and capacity planning with security considerations
Provide security guidance on infrastructure projects, deployment strategies, and architectural decisions in real-time
Train SRE and infrastructure staff on secure configuration practices, security tooling, and threat awareness
Enable self-service security by creating documentation, runbooks, and templates that infrastructure teams can use independently
Collaborate with peer security teams on application security, identity management, and security operations to ensure holistic coverage
Required Qualifications
Experience
5+ years of hands-on experience in infrastructure security, network security, or systems engineering with security focus
3+ years working with cloud platforms (AWS, Azure, or GCP) with focus on security architecture and implementation
Proven experience implementing security controls across hybrid environments (on-premises and cloud)
Strong background in network security including firewalls, segmentation, VPNs, and network monitoring
Experience with security hardening of Windows and Linux systems
Technical Skills
Cloud Platforms: Deep knowledge of AWS, Azure, or GCP security services, IAM, networking, and security architecture
Infrastructure as Code: Strong experience with Terraform, CloudFormation, Ansible, or similar tools including module/template development
Policy as Code: Proficiency with Open Policy Agent (OPA), Sentinel, AWS Config Rules, Azure Policy, or similar frameworks
Scripting & Automation: Strong skills in Python, PowerShell, Bash, or Go for building security automation and tooling
Network Security: Expertise with firewalls (Palo Alto, Cisco, Fortinet), network segmentation, VPNs, and IDS/IPS
Operating Systems: Strong knowledge of Windows and Linux administration, security hardening, and system internals
Container Security: Knowledge of Docker, Kubernetes security, and container orchestration
CI/CD Pipelines: Experience integrating security tools into GitLab CI, GitHub Actions, Jenkins, or similar platforms
Security Tools: Hands-on experience with vulnerability scanners (Nessus, Qualys), CSPM tools (Wiz, Prisma Cloud), EDR/XDR platforms
Monitoring & Logging: Experience with SIEM, log aggregation (Splunk, ELK), and security monitoring platforms
Knowledge & Competencies
Security Architecture: Understanding of defense-in-depth, zero trust, and security architecture principles
Security Frameworks: Familiarity with NIST Cybersecurity Framework, CIS Controls, MITRE ATT&CK
Compliance: Knowledge of SOC 2, ISO 27001, PCI-DSS, HIPAA, or other regulatory frameworks
TCP/IP & Networking: Strong understanding of networking protocols, routing, switching, and network architecture
Threat Landscape: Current knowledge of infrastructure threats, attack vectors, and defensive techniques
Soft Skills
Communication: Excellent ability to explain security concepts to technical and non-technical audiences
Collaboration: Strong partnership skills to work effectively with infrastructure, operations, and development teams
Problem-Solving: Analytical mindset with ability to troubleshoot complex security and infrastructure issues
Project Management: Ability to manage security projects from design through implementation
Adaptability: Flexibility to work in dynamic environments and adjust to changing priorities
Education & Certifications
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)
Who we are:
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.
Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.
Job: Security
Job Family: TECHNOLOGY
Organization: Corporate Strategy & Technology
Schedule: FULL_TIME
Workplace Type: Hybrid
Req ID: 23016
Show more Show less
Similar Jobs
M
MTS, Analog Design Engineering
Micron · Boise, United States, North America
M
Senior Engineer, STPG PE (FDV-Verilog)
Micron · Singapore, Singapore, Asia
M
Digital IC Design Engineer - Early Career
Marvell · Westborough, United States, North America
M
Staff Firmware/Software Engineer- Embedded SoC/Microcontroller/DSP/SERDES/AEC/Microled/ODSP/PHY/AI Connectivity
Marvell · Santa Clara, United States, North America