Home › Companies › Quantanite › DevsecOps Engineer

DevsecOps Engineer

Quantanite · Mumbai, India, 400604, India · Active · BambooHR

Job facts

Field	Value
Company	Quantanite
Title	DevsecOps Engineer
Normalized title	-
Department / team	IT
Location	Mumbai, India
Work model	-
Employment type	Full Time
Salary	-
Status	active
ATS provider	BambooHR
Posted / first seen	2026-06-01 / 2026-06-01
Changed / last seen	2026-06-01 / 2026-06-06

Related slices

Page	What it contains	Open
Company jobs	Active postings from Quantanite.	Open
Company breakdowns	Role, location, ATS, and work model facets for this company.	Open
ATS provider jobs	Active postings observed through BambooHR.	Open
Provider filtered search	The same provider as a filtered job collection.	Open
City jobs	Active postings in Mumbai.	Open
Department jobs	Active postings in IT.	Open
Lifecycle events	Open, update, close, and reopen events for this posting.	Open
Original posting	Canonical source or apply URL captured from the ATS.	Open

Linked records

Company	Quantanite
Source	af209076-fa8e-4c9f-8d28-829093d8d2d1
ATS provider	BambooHR

Description

Role: DevSecOps Engineer – Cloud & AI Security Location : Thane / Mumbai, India Start Date : ASAP Reporting to : Technical Project Manager About Quantanite Quantanite is a customer experience (CX) and digital outsourcing solutions company helping fast-growing businesses and global brands rethink their operations. Through intelligent automation, GenAI, and exceptional people, we deliver measurable transformation and seamless service delivery across every touchpoint. Our global teams are passionate about innovation, agility, and purpose-driven results. About the Role We are seeking a DevSecOps Engineer – Cloud & AI Security to take ownership of security implementation across Quantanite's application and cloud infrastructure estate. This is a hands-on, engineering-first role — the person we hire will be equally fluent in application-layer security controls, Azure cloud hardening, and the emerging discipline of AI security. As Quantanite builds and deploys AI-powered applications and platforms on Azure, security must be robust and embedded into the development lifecycle, the deployment pipeline, and the infrastructure design. You will be the person who makes that happen: designing, implementing, and continuously improving security controls across software, data, and cloud infrastructure layers. The ideal candidate is not a policy writer but a practitioner — someone who can threat-model an AI system, harden a Kubernetes cluster, build a secure CI/CD pipeline, and advise engineering teams on secure coding practices, all with equal confidence. Key Responsibilities 1. Application & Software Security Embed security controls throughout the software development lifecycle (SDLC) — from design reviews and threat modelling to code scanning, testing, and post-deployment monitoring. Implement and manage SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tooling within CI/CD pipelines. Define and enforce secure coding standards and conduct security-focused code reviews across application teams. Implement and manage secrets management, certificate lifecycle management, and key rotation practices. Design and enforce authentication and authorisation frameworks: OAuth 2.0, OIDC, RBAC, and least-privilege access patterns across applications. Own vulnerability assessment and remediation across application components — identifying, prioritising, and tracking fixes to closure. Implement and maintain Web Application Firewall (WAF) rules, API security gateways, and input validation controls. 2. AI Security Controls Define and implement security controls specific to AI/ML systems: model access controls, prompt injection defences, adversarial input handling, and output validation. Implement data security for AI pipelines — including per-tenant data isolation, encryption-at-rest and in-transit (AES-256, TLS 1.3/mTLS), and secure data ingestion from external client sources. Design and enforce data governance controls for AI training and inference environments: data lineage, access logging, and retention policy enforcement. Assess and mitigate risks specific to LLM and GenAI deployments: model inversion attacks, data leakage through model outputs, jailbreak vectors, and supply chain risks in AI frameworks. Establish security review processes for AI model deployment, including model signing, registry security, and inference endpoint hardening. Collaborate with AI/ML engineers to ensure RAG pipelines, vector databases, and agentic workflows are built with security-first design principles. Stay current with evolving AI security standards and frameworks (e.g. OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF) and translate these into actionable controls. 3. Azure Cloud Infrastructure Security Design and implement a secure Azure landing zone: VNet architecture, Network Security Groups (NSGs), Azure Firewall, Private Endpoints, and subnet segmentation. Implement and manage Azure Security Centre / Microsoft Defender for Cloud — continuously monitoring posture, alerts, and compliance scores. Harden Azure PaaS services: Azure App Service, Azure Kubernetes Service (AKS), Azure Container Registry, Azure API Management, Azure SQL, and Azure Data Lake Storage. Manage Azure Active Directory / Entra ID: Conditional Access policies, Privileged Identity Management (PIM), managed identities, and service principal governance. Implement and maintain Azure Key Vault for secrets, certificates, and encryption key management across all environments. Design and enforce Infrastructure as Code (IaC) security practices — security policy-as-code, automated scanning of Terraform/Bicep/ARM templates, and drift detection. Establish cloud security posture management (CSPM) processes and remediation workflows for misconfigurations and policy violations. Design and implement DDoS protection, rate limiting, and bot mitigation controls at the network and application layers. 4. DevSecOps Pipeline & Automation Build and maintain security gates within CI/CD pipelines (Azure DevOps / GitHub Actions) — integrating security scanning, compliance checks, and automated approval workflows. Implement container security scanning (image vulnerability scanning, runtime security) for Docker and Kubernetes workloads. Automate security compliance checks and reporting against standards including ISO 27001, SOC 2, and GDPR using Azure Policy and custom automation. Establish security monitoring, alerting, and incident response pipelines using Azure Monitor, Microsoft Sentinel (SIEM), and Log Analytics. Define and test incident response runbooks for cloud and application security events, including breach containment and recovery procedures. 5. Governance, Compliance & Collaboration Conduct regular vulnerability assessments and penetration testing — managing external testing engagements and remediating findings. Provide technical security inputs for client due diligence, RFP responses, and compliance audit evidence (ISO 27001, SOC 2, GDPR, client-specific requirements). Work closely with the InfoSec Leader on aligning technical controls with the organisation's information security policy framework. Act as a security advisor and enabler to engineering teams — running secure design workshops, threat modelling sessions, and developer security awareness training. Maintain security documentation: architecture decision records, control evidence, risk registers, and remediation tracking. Required Skills & Qualifications Education & Experience Bachelor's degree in Computer Science, Information Security, Software Engineering, or a related field. 5–8 years of experience in a DevSecOps, Cloud Security, or Application Security engineering role. Demonstrable hands-on experience across both application security and cloud infrastructure security — not just one or the other. Prior experience in a security role supporting AI/ML or data-intensive platforms is a strong advantage. Application & AI Security Proficiency with SAST/DAST/SCA tools: Snyk, Checkmarx, OWASP ZAP, or equivalent. Strong understanding of OWASP Top 10 (web), OWASP API Security Top 10, and OWASP LLM Top 10. Hands-on experience with secrets management tools: Azure Key Vault, or equivalent. Experience securing APIs: authentication (OAuth 2.0, API keys, mTLS), rate limiting, input validation, and API gateway configuration. Understanding of AI/ML security risks — prompt injection, data poisoning, model exfiltration, and adversarial attacks — and practical mitigation approaches. Familiarity with data encryption standards: AES-256 encryption at rest, TLS 1.3 and mTLS in transit, envelope encryption, and key management. Azure Cloud Security Hands-on expertise with Azure security services: Microsoft Defender for Cloud, Microsoft Sentinel, Azure Firewall, Azure DDoS Protection, Azure Policy, Azure Key Vault. Strong working knowledge of Azure networking security: VNets, NSGs, UDRs, Private Endpoints, Application Gateway with WAF, Azure Front Door. Experience hardening Azure PaaS services and AKS (Kubernetes) workloads, including pod security, network policies, and image scanning. Proficiency with Azure Active Directory / Entra ID: Conditional Access, PIM, managed identities, and RBAC. Familiarity with cloud security benchmarks: CIS Azure Foundations, Microsoft Cloud Security Benchmark (MCSB). DevSecOps & Infrastructure as Code Experience building security into CI/CD pipelines using Azure DevOps or GitHub Actions. Proficiency with Infrastructure as Code tools: Terraform, Bicep, or ARM — including IaC security scanning. Scripting skills in Python, PowerShell, or Bash for automation of security tasks and compliance checks. Experience with container security: Docker image hardening, Kubernetes security policies, container runtime protection. Familiarity with Git-based workflows, branch protection, signed commits, and dependency security management. Preferred Experience Relevant security certifications: AZ-500 (Azure Security Engineer), SC-200 (Security Operations Analyst), CISSP, CEH, OSCP, or equivalent. Experience working in a BPO, contact centre, or digital services environment handling client data under strict confidentiality requirements. Familiarity with multi-tenant SaaS security architecture — per-tenant data isolation, encryption key segregation, and audit logging. Experience preparing for and supporting external security audits and penetration testing engagements. Familiarity with regulatory frameworks relevant to BPO and data processing: GDPR, CCPA, ISO 27001, SOC 2 Type II. Exposure to AI governance frameworks such as NIST AI RMF or MITRE ATLAS. Experience with SIEM platforms: Microsoft Sentinel, Splunk, or equivalent — including custom detection rule authoring. Soft Skills Strong analytical and problem-solving skills — comfortable owning security issues end to end, from discovery through to remediation. Excellent communication skills: able to articulate security risks and controls clearly to both technical teams and non-technical stakeholders. Collaborative and advisory mindset — you secure by enabling, not blocking. High ownership, proactive, and delivery-focused — you do not wait to be asked. Ability to work effectively in a fast-paced environment where technology stacks and threats evolve rapidly. High personal resilience and achievement orientation. Benefits At Quantanite, we ask a lot of our associates, which is why we give so much in return. In addition to your compensation, our perks include: Dress: Wear anything you like to the office. We want you to feel as comfortable as when working from home. Employee Engagement: Experience our family community and embrace our culture where we bring people together to laugh and celebrate our achievements. Professional Development: We love giving back and ensure you have opportunities to grow with us and even travel on occasion. Events: Regular team and organisation-wide get-togethers and events. Value Orientation: Everything we do at Quantanite is informed by our Purpose and Values. We Build Better. Together. Future Development At Quantanite, you'll have a personal development plan to help you improve in the areas you're looking to develop over the coming years. Your manager will dedicate time and resources to supporting you in getting to the next level. You'll also have the opportunity to progress internally. As a fast-growing organisation, our teams are growing, and you'll have the chance to take on more responsibility over time. So, if you're looking for a career full of purpose and potential, we'd love to hear from you!

Full job record

Job ID	7c8ed22388928d59a7402416341f6e91ad2cc5f6
Org ID	1f378762-0614-4644-b3a3-b570a786fe80
Source ID	af209076-fa8e-4c9f-8d28-829093d8d2d1
Board ID	af209076-fa8e-4c9f-8d28-829093d8d2d1
Provider	bamboohr
Provider Job Key	795
Title	DevsecOps Engineer
Normalized Title	—
Status	active
Active	yes
Location Text	Mumbai, India, 400604, India
Department	IT
Team	—
Employment Type	full_time
Workplace Type	—
Remote Policy	—
Country	—
Region	India
City	Mumbai
Salary Raw	—
Salary Min	—
Salary Max	—
Salary Currency	—
Salary Period	—
Source URL	https://quantanite.bamboohr.com/careers/795
Apply URL	https://quantanite.bamboohr.com/careers/795
First Seen At	2026-06-01 12:14:29Z
Last Seen At	2026-06-06 08:51:04Z
Last Checked At	2026-06-06 08:51:04Z
Last Changed At	2026-06-01 12:14:29Z
Inactive At	—
Source Posted At	2026-06-01 00:00:00Z
Source Updated At	—
Raw Payload Uri	s3://job-postings-prod-raw-590183727216/raw/provider=bamboohr/board=quantanite/date=2026-06-06/2026-06-06T08-50-59-809Z-47f824d14b8f4dd2ced8b31a6a2a42af2342ccc918c53b2f7d843e2e6985d6b2.json

Event Fields

{
  "content_hash": "5aff103092aa4001131c8303d09d3575a9f717ee9580187c1ff479937cc6ad85",
  "source_hash": "5c8251b7f86b479f0bba42f8104ef0539335a234e3700dd0eceab81b116fa59e",
  "last_changed_at": "2026-06-01T12:14:29.468Z",
  "active_status": "active"
}

Parsed Structured

{
  "language": "en",
  "location": {
    "raw": "Mumbai, India, 400604, India",
    "city": "Mumbai",
    "region": "India",
    "country": null,
    "is_remote": false,
    "confidence": 0.8
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T08:51:04.020Z",
  "launch_scope": {
    "reason": "bamboohr_production_catalog",
    "included": true,
    "location": {
      "raw": "Mumbai, India, 400604, India",
      "city": "Mumbai",
      "region": "India",
      "country": null,
      "is_remote": false,
      "confidence": 0.8
    },
    "countries": []
  },
  "remote_policy": null,
  "salary_period": null,
  "workplace_type": null,
  "salary_currency": null
}

Extensions

{}

Native Structured

{
  "list_job": {
    "id": "795",
    "isRemote": null,
    "location": {
      "city": "Mumbai",
      "state": "India"
    },
    "atsLocation": {
      "city": null,
      "state": null,
      "country": null,
      "province": null
    },
    "departmentId": "18489",
    "locationType": "2",
    "jobOpeningName": "DevsecOps Engineer",
    "departmentLabel": "IT",
    "employmentStatusLabel": "Full-Time"
  },
  "detail_errors": [],
  "detail_job_opening": {
    "location": {
      "city": "Mumbai",
      "state": "India",
      "postalCode": "400604",
      "addressCountry": "India"
    },
    "datePosted": "2026-06-01",
    "atsLocation": {
      "city": null,
      "state": null,
      "country": null,
      "countryId": null
    },
    "description": "<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">Role: DevSecOps Engineer – Cloud &amp; AI Security</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">Location</span><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">: Thane / Mumbai, India</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">Start Date</span><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">: ASAP</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">Reporting to</span><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">: Technical Project Manager<br><br></span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">About Quantanite</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Quantanite is a customer experience (CX) and digital outsourcing solutions company helping fast-growing businesses and global brands rethink their operations. Through intelligent automation, GenAI, and exceptional people, we deliver measurable transformation and seamless service delivery across every touchpoint. Our global teams are passionate about innovation, agility, and purpose-driven results.<br><br></span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">About the Role</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">We are seeking a DevSecOps Engineer – Cloud &amp; AI Security to take ownership of security implementation across Quantanite's application and cloud infrastructure estate. This is a hands-on, engineering-first role — the person we hire will be equally fluent in application-layer security controls, Azure cloud hardening, and the emerging discipline of AI security.</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">As Quantanite builds and deploys AI-powered applications and platforms on Azure, security must be robust and embedded into the development lifecycle, the deployment pipeline, and the infrastructure design. You will be the person who makes that happen: designing, implementing, and continuously improving security controls across software, data, and cloud infrastructure layers.</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">The ideal candidate is not a policy writer but a practitioner — someone who can threat-model an AI system, harden a Kubernetes cluster, build a secure CI/CD pipeline, and advise engineering teams on secure coding practices, all with equal confidence.<br><br></span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">Key Responsibilities</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">1. Application &amp; Software Security</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Embed security controls throughout the software development lifecycle (SDLC) — from design reviews and threat modelling to code scanning, testing, and post-deployment monitoring.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Implement and manage SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) tooling within CI/CD pipelines.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Define and enforce secure coding standards and conduct security-focused code reviews across application teams.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Implement and manage secrets management, certificate lifecycle management, and key rotation practices.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Design and enforce authentication and authorisation frameworks: OAuth 2.0, OIDC, RBAC, and least-privilege access patterns across applications.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Own vulnerability assessment and remediation across application components — identifying, prioritising, and tracking fixes to closure.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Implement and maintain Web Application Firewall (WAF) rules, API security gateways, and input validation controls.</span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">2. AI Security Controls</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Define and implement security controls specific to AI/ML systems: model access controls, prompt injection defences, adversarial input handling, and output validation.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Implement data security for AI pipelines — including per-tenant data isolation, encryption-at-rest and in-transit (AES-256, TLS 1.3/mTLS), and secure data ingestion from external client sources.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Design and enforce data governance controls for AI training and inference environments: data lineage, access logging, and retention policy enforcement.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Assess and mitigate risks specific to LLM and GenAI deployments: model inversion attacks, data leakage through model outputs, jailbreak vectors, and supply chain risks in AI frameworks.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Establish security review processes for AI model deployment, including model signing, registry security, and inference endpoint hardening.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Collaborate with AI/ML engineers to ensure RAG pipelines, vector databases, and agentic workflows are built with security-first design principles.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Stay current with evolving AI security standards and frameworks (e.g. OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF) and translate these into actionable controls.</span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">3. Azure Cloud Infrastructure Security</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Design and implement a secure Azure landing zone: VNet architecture, Network Security Groups (NSGs), Azure Firewall, Private Endpoints, and subnet segmentation.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Implement and manage Azure Security Centre / Microsoft Defender for Cloud — continuously monitoring posture, alerts, and compliance scores.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Harden Azure PaaS services: Azure App Service, Azure Kubernetes Service (AKS), Azure Container Registry, Azure API Management, Azure SQL, and Azure Data Lake Storage.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Manage Azure Active Directory / Entra ID: Conditional Access policies, Privileged Identity Management (PIM), managed identities, and service principal governance.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Implement and maintain Azure Key Vault for secrets, certificates, and encryption key management across all environments.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Design and enforce Infrastructure as Code (IaC) security practices — security policy-as-code, automated scanning of Terraform/Bicep/ARM templates, and drift detection.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Establish cloud security posture management (CSPM) processes and remediation workflows for misconfigurations and policy violations.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Design and implement DDoS protection, rate limiting, and bot mitigation controls at the network and application layers.</span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">4. DevSecOps Pipeline &amp; Automation</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Build and maintain security gates within CI/CD pipelines (Azure DevOps / GitHub Actions) — integrating security scanning, compliance checks, and automated approval workflows.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Implement container security scanning (image vulnerability scanning, runtime security) for Docker and Kubernetes workloads.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Automate security compliance checks and reporting against standards including ISO 27001, SOC 2, and GDPR using Azure Policy and custom automation.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Establish security monitoring, alerting, and incident response pipelines using Azure Monitor, Microsoft Sentinel (SIEM), and Log Analytics.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Define and test incident response runbooks for cloud and application security events, including breach containment and recovery procedures.</span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">5. Governance, Compliance &amp; Collaboration</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Conduct regular vulnerability assessments and penetration testing — managing external testing engagements and remediating findings.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Provide technical security inputs for client due diligence, RFP responses, and compliance audit evidence (ISO 27001, SOC 2, GDPR, client-specific requirements).</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Work closely with the InfoSec Leader on aligning technical controls with the organisation's information security policy framework.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Act as a security advisor and enabler to engineering teams — running secure design workshops, threat modelling sessions, and developer security awareness training.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Maintain security documentation: architecture decision records, control evidence, risk registers, and remediation tracking.<br><br></span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">Required Skills &amp; Qualifications</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">Education &amp; Experience</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Bachelor's degree in Computer Science, Information Security, Software Engineering, or a related field.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">5–8 years of experience in a DevSecOps, Cloud Security, or Application Security engineering role.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Demonstrable hands-on experience across both application security and cloud infrastructure security — not just one or the other.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Prior experience in a security role supporting AI/ML or data-intensive platforms is a strong advantage.</span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">Application &amp; AI Security</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Proficiency with SAST/DAST/SCA tools: Snyk, Checkmarx, OWASP ZAP, or equivalent.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Strong understanding of OWASP Top 10 (web), OWASP API Security Top 10, and OWASP LLM Top 10.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Hands-on experience with secrets management tools: Azure Key Vault, or equivalent.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Experience securing APIs: authentication (OAuth 2.0, API keys, mTLS), rate limiting, input validation, and API gateway configuration.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Understanding of AI/ML security risks — prompt injection, data poisoning, model exfiltration, and adversarial attacks — and practical mitigation approaches.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Familiarity with data encryption standards: AES-256 encryption at rest, TLS 1.3 and mTLS in transit, envelope encryption, and key management.</span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">Azure Cloud Security</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Hands-on expertise with Azure security services: Microsoft Defender for Cloud, Microsoft Sentinel, Azure Firewall, Azure DDoS Protection, Azure Policy, Azure Key Vault.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Strong working knowledge of Azure networking security: VNets, NSGs, UDRs, Private Endpoints, Application Gateway with WAF, Azure Front Door.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Experience hardening Azure PaaS services and AKS (Kubernetes) workloads, including pod security, network policies, and image scanning.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Proficiency with Azure Active Directory / Entra ID: Conditional Access, PIM, managed identities, and RBAC.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Familiarity with cloud security benchmarks: CIS Azure Foundations, Microsoft Cloud Security Benchmark (MCSB).</span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt; font-weight: bold\">DevSecOps &amp; Infrastructure as Code</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Experience building security into CI/CD pipelines using Azure DevOps or GitHub Actions.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Proficiency with Infrastructure as Code tools: Terraform, Bicep, or ARM — including IaC security scanning.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Scripting skills in Python, PowerShell, or Bash for automation of security tasks and compliance checks.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Experience with container security: Docker image hardening, Kubernetes security policies, container runtime protection.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Familiarity with Git-based workflows, branch protection, signed commits, and dependency security management.<br><br></span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">Preferred Experience</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Relevant security certifications: AZ-500 (Azure Security Engineer), SC-200 (Security Operations Analyst), CISSP, CEH, OSCP, or equivalent.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Experience working in a BPO, contact centre, or digital services environment handling client data under strict confidentiality requirements.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Familiarity with multi-tenant SaaS security architecture — per-tenant data isolation, encryption key segregation, and audit logging.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Experience preparing for and supporting external security audits and penetration testing engagements.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Familiarity with regulatory frameworks relevant to BPO and data processing: GDPR, CCPA, ISO 27001, SOC 2 Type II.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Exposure to AI governance frameworks such as NIST AI RMF or MITRE ATLAS.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Experience with SIEM platforms: Microsoft Sentinel, Splunk, or equivalent — including custom detection rule authoring.<br><br></span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">Soft Skills</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Strong analytical and problem-solving skills — comfortable owning security issues end to end, from discovery through to remediation.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Excellent communication skills: able to articulate security risks and controls clearly to both technical teams and non-technical stakeholders.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Collaborative and advisory mindset — you secure by enabling, not blocking.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">High ownership, proactive, and delivery-focused — you do not wait to be asked.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Ability to work effectively in a fast-paced environment where technology stacks and threats evolve rapidly.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">High personal resilience and achievement orientation.<br><br></span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">Benefits</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">At Quantanite, we ask a lot of our associates, which is why we give so much in return. In addition to your compensation, our perks include:</span></p>\n<ul>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Dress: Wear anything you like to the office. We want you to feel as comfortable as when working from home.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Employee Engagement: Experience our family community and embrace our culture where we bring people together to laugh and celebrate our achievements.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Professional Development: We love giving back and ensure you have opportunities to grow with us and even travel on occasion.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Events: Regular team and organisation-wide get-togethers and events.</span></li>\n<li><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">Value Orientation: Everything we do at Quantanite is informed by our Purpose and Values. We Build Better. Together.<br><br></span></li>\n</ul>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 12pt; font-weight: bold\">Future Development</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">At Quantanite, you'll have a personal development plan to help you improve in the areas you're looking to develop over the coming years. Your manager will dedicate time and resources to supporting you in getting to the next level.</span></p>\n<p><span style=\"font-family: Arial, sans-serif; font-size: 10pt\">You'll also have the opportunity to progress internally. As a fast-growing organisation, our teams are growing, and you'll have the chance to take on more responsibility over time. So, if you're looking for a career full of purpose and potential, we'd love to hear from you!</span></p>",
    "compensation": null,
    "departmentId": "18489",
    "locationType": "2",
    "seekPromoted": false,
    "jobCategoryId": null,
    "jobOpeningName": "DevsecOps Engineer",
    "departmentLabel": "IT",
    "jobOpeningStatus": "Open",
    "minimumExperience": "Experienced",
    "jobOpeningShareUrl": "https://quantanite.bamboohr.com/careers/795",
    "employmentStatusLabel": "Full-Time"
  }
}

Get this page with API

Rendered from the bluedoor Job Postings API. Reproduce it:

GET https://api.bluedoor.sh/job-postings/v1/jobs/7c8ed22388928d59a7402416341f6e91ad2cc5f6?include=descriptionJSON

GET https://api.bluedoor.sh/job-postings/v1/orgs/1f378762-0614-4644-b3a3-b570a786fe80JSON

GET https://api.bluedoor.sh/job-postings/v1/sources/af209076-fa8e-4c9f-8d28-829093d8d2d1JSON

GET https://api.bluedoor.sh/job-postings/v1/jobs/7c8ed22388928d59a7402416341f6e91ad2cc5f6/eventsJSON

Docs · Get an API key