Senior Azure AI Security Engineer
Location: Thane / Mumbai, India
Start Date: ASAP
Reporting to: Technical Project Manager
About Quantanite
Quantanite is a customer experience & digital outsourcing solutions company helping fast-growing businesses & global brands transform operations through intelligent automation, GenAI, & exceptional people.
About the Role
We are seeking a Senior Azure AI Security Engineer to lead hands-on security implementation across Quantanite's application, cloud, & AI infrastructure estate.
As we build & deploy AI-powered platforms on Azure, this role will ensure security is embedded across the development lifecycle, deployment pipelines, & infrastructure design. You'll design, implement, & continuously improve controls across software, data, cloud, & AI layers.
This is an engineering-first role for a practitioner who can threat-model AI systems, harden Kubernetes & Azure environments, build secure CI/CD pipelines, & guide engineering teams on secure coding practices.
Key Responsibilities
1. Application & Software Security
- Embed security controls throughout the software development lifecycle (SDLC) — from design reviews & threat modelling to code scanning, testing, & post-deployment monitoring.
- Implement & manage SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), & SCA (Software Composition Analysis) tooling within CI/CD pipelines.
- Define & enforce secure coding standards & conduct security-focused code reviews across application teams.
- Implement & manage secrets management, certificate lifecycle management, & key rotation practices.
- Design & enforce authentication & authorisation frameworks: OAuth 2.0, OIDC, RBAC, & least-privilege access patterns across applications.
- Own vulnerability assessment & remediation across application components — identifying, prioritising, & tracking fixes to closure.
- Implement & maintain Web Application Firewall (WAF) rules, API security gateways, & input validation controls.
2. AI Security Controls
- Define & implement security controls specific to AI/ML systems: model access controls, prompt injection defences, adversarial input handling, & output validation.
- Implement data security for AI pipelines — including per-tenant data isolation, encryption-at-rest & in-transit (AES-256, TLS 1.3/mTLS), & secure data ingestion from external client sources.
- Design & enforce data governance controls for AI training & inference environments: data lineage, access logging, & retention policy enforcement.
- Assess & mitigate risks specific to LLM & GenAI deployments: model inversion attacks, data leakage through model outputs, jailbreak vectors, & supply chain risks in AI frameworks.
- Establish security review processes for AI model deployment, including model signing, registry security, & inference endpoint hardening.
- Collaborate with AI/ML engineers to ensure RAG pipelines, vector databases, & agentic workflows are built with security-first design principles.
- Stay current with evolving AI security standards & frameworks (e.g. OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF) & translate these into actionable controls.
3. Azure Cloud Infrastructure Security
- Design & implement a secure Azure landing zone: VNet architecture, Network Security Groups (NSGs), Azure Firewall, Private Endpoints, & subnet segmentation.
- Implement & manage Azure Security Centre / Microsoft Defender for Cloud — continuously monitoring posture, alerts, & compliance scores.
- Harden Azure PaaS services: Azure App Service, Azure Kubernetes Service (AKS), Azure Container Registry, Azure API Management, Azure SQL, & Azure Data Lake Storage.
- Manage Azure Active Directory / Entra ID: Conditional Access policies, Privileged Identity Management (PIM), managed identities, & service principal governance.
- Implement & maintain Azure Key Vault for secrets, certificates, & encryption key management across all environments.
- Design & enforce Infrastructure as Code (IaC) security practices — security policy-as-code, automated scanning of Terraform/Bicep/ARM templates, & drift detection.
- Establish cloud security posture management (CSPM) processes & remediation workflows for misconfigurations & policy violations.
- Design & implement DDoS protection, rate limiting, & bot mitigation controls at the network & application layers.
4. DevSecOps Pipeline & Automation
- Build & maintain security gates within CI/CD pipelines (Azure DevOps / GitHub Actions) — integrating security scanning, compliance checks, & automated approval workflows.
- Implement container security scanning (image vulnerability scanning, runtime security) for Docker & Kubernetes workloads.
- Automate security compliance checks & reporting against standards including ISO 27001, SOC 2, & GDPR using Azure Policy & custom automation.
- Establish security monitoring, alerting, & incident response pipelines using Azure Monitor, Microsoft Sentinel (SIEM), & Log Analytics.
- Define & test incident response runbooks for cloud & application security events, including breach containment & recovery procedures.
5. Governance, Compliance & Collaboration
- Conduct regular vulnerability assessments & penetration testing — managing external testing engagements & remediating findings.
- Provide technical security inputs for client due diligence, RFP responses, & compliance audit evidence (ISO 27001, SOC 2, GDPR, client-specific requirements).
- Work closely with the InfoSec Leader on aligning technical controls with the organisation's information security policy framework.
- Act as a security advisor & enabler to engineering teams — running secure design workshops, threat modelling sessions, & developer security awareness training.
- Maintain security documentation: architecture decision records, control evidence, risk registers, & remediation tracking.
Required Skills & Qualifications
Education & Experience
- Bachelor's degree in Computer Science, Information Security, or a related field.
- 5–8 years of experience in a DevSecOps, Cloud Security, or Application Security engineering role.
- Demonstrable hands-on experience across both application security & cloud infrastructure security.
- Prior experience in a security role supporting AI/ML or data-intensive platforms is a strong advantage.
Application & AI Security
- Proficiency with SAST/DAST/SCA tools: Snyk, Checkmarx, OWASP ZAP, or equivalent.
- Strong understanding of OWASP Top 10 (web), OWASP API Security Top 10, & OWASP LLM Top 10.
- Hands-on experience with secrets management tools: Azure Key Vault, or equivalent.
- Experience securing APIs: authentication (OAuth 2.0, API keys, mTLS), rate limiting, input validation, & API gateway configuration.
- Understanding of AI/ML security risks — prompt injection, data poisoning, model exfiltration, & adversarial attacks & practical mitigation approaches.
- Familiarity with data encryption standards: AES-256 encryption at rest, TLS 1.3 & mTLS in transit, envelope encryption, & key management.
Azure Cloud Security
- Hands-on expertise with Azure security services: Microsoft Defender for Cloud, Microsoft Sentinel, Azure Firewall, Azure DDoS Protection, Azure Policy, Azure Key Vault.
- Strong working knowledge of Azure networking security: VNets, NSGs, UDRs, Private Endpoints, Application Gateway with WAF, Azure Front Door.
- Experience hardening Azure PaaS services & AKS (Kubernetes) workloads, including pod security, network policies, & image scanning.
- Proficiency with Azure Active Directory / Entra ID: Conditional Access, PIM, managed identities, & RBAC.
- Cloud security benchmarks: CIS Azure Foundations, Microsoft Cloud Security Benchmark (MCSB).
DevSecOps & Infrastructure as Code
- Experience building security into CI/CD pipelines using Azure DevOps or GitHub Actions.
- Proficiency with Infrastructure as Code tools: Terraform, Bicep, or ARM — including IaC security scanning.
- Scripting skills in Python, PowerShell, or Bash for automation of security tasks & compliance checks.
- Experience with container security: Docker image hardening, Kubernetes security policies, container runtime protection.
- Familiarity with Git-based workflows, branch protection, signed commits, & dependency security management
Preferred Experience
- Relevant security certifications: AZ-500 (Azure Security Engineer), SC-200 (Security Operations Analyst), CISSP, CEH, OSCP, or equivalent.
- Experience working in a BPO, contact centre, or digital services environment handling client data under strict confidentiality requirements.
- Familiarity with multi-tenant SaaS security architecture — per-tenant data isolation, encryption key segregation, & audit logging.
- Experience preparing for & supporting external security audits & penetration testing engagements.
- Familiarity with regulatory frameworks relevant to BPO & data processing: GDPR, CCPA, ISO 27001, SOC 2 Type II.
- Exposure to AI governance frameworks such as NIST AI RMF or MITRE ATLAS.
- Experience with SIEM platforms: Microsoft Sentinel, Splunk, or equivalent — including custom detection rule authoring.
Soft Skills
- Strong analytical & problem-solving skills — comfortable owning security issues from discovery through to remediation.
- Excellent communication skills: able to articulate security risks & controls clearly to both technical & non-technical stakeholders.
- Collaborative & advisory mindset
- High ownership, proactive, & delivery-focused
- Ability to work effectively in a fast-paced environment where technology stacks & threats evolve rapidly.
- High personal resilience & achievement orientation.
Benefits & Development
At Quantanite, we offer a flexible & engaging work environment, development opportunities, regular team events, & a culture shaped by our Purpose & Values. You'll have a personal development plan & manager support to help you grow in the areas that matter to you, & . As our organisation continues to expand, you'll also have opportunities to progress internally.
If you're looking for a career full of purpose & potential, we'd love to hear from you.