Senior SecOps Engineer (Libra - Legal AI Assistant)

Salary

Core Qualifications

Preferred Qualifications

Key Responsibilities

• •Own end-to-end security for internal and external traffic across Open Telekom Cloud (OTC) and Microsoft Azure, including network segmentation, mTLS, WAF, and IDS/IPS.
• •Define and operate IAM and RBAC: role design, SSO/SCIM provisioning, least-privilege policies, and periodic access reviews across cloud, SaaS, and internal systems.
• •Govern access to sensitive data and operational databases with policy-based controls, approval workflows, data masking, and query auditing.
• •Implement and manage secrets and key management (e.g., vaulting, KMS/HSM), including rotation, revocation, and encryption standards.
• •Build and operate audit logging and SIEM pipelines: log collection, correlation rules, alert tuning, dashboards, and on-call runbooks.
• •Lead incident response readiness and execution: playbooks, tabletop exercises, forensics coordination, post-incident reviews, and continuous improvement.
• •Drive vulnerability and patch management: integrate SCA/SAST/DAST into CI/CD, container/OS hardening, and remediation tracking.
• •Secure endpoints, containers, and runtime systems using EDR, admission policies, baseline configurations, and sandboxing.
• •Conduct security reviews and threat modeling for architecture changes, releases, and third-party integrations; ensure secure-by-default guardrails.
• •Partner with DevOps and engineering to embed security controls into Terraform/Ansible, CI/CD pipelines, and the SDLC.
• •Champion a security-first culture through clear standards, training, and pragmatic guidance.