Information Security Engineer

Vermont Information Processing:
Security Engineer Company: Vermont Information Processing India Pvt. Ltd. VIP is the leading technology supplier for brewers, distributors, wineries, soda bottlers, and other companies in the beverage industry. From helping distributors improve their warehouse, delivery, and sales operations, to empowering suppliers to know where their products are and how they are selling, VIP has the technology and expertise to help your business thrive. Visit us at: Headquarters: Colchester, VT, USA Company Location in India: Santacruz East, Mumbai Company Strength: 900+ Position: Security Engineer Department: Information Security Reports To: Information Security Officer Job Location: Mumbai, India (Overlap with US East coast) Role Overview: We are looking for a hands-on Security Engineer who can design, build, and continuously improve security controls across our environment. You will own automation initiatives, guide teams on hardening best practices, and mature the overall posture of the organization using available technologies. The ideal candidate has deep cloud security expertise, network security experience, and a passion for automation.
Vermont Information Processing.
Key Responsibilities:
What Youll Do:
Cloud & Infrastructure Security:

• Recommend, design, and implement security controls in public cloud infrastructure.
• Configure/manage CNAPP and similar tooling to surface misconfigurations, drift, and drive remediation with product and DevOps teams.
• Harden cloud resources to align with best practices and company policy.
• Actively guide and participate in threat modeling and secure architecture reviews. Automation & Tooling
• Develop scripts, IaC, and/or playbooks to automate security capabilities & configuration.
• Build/maintain CI/CD security gates using IaC scanning, SCA/SAST, and secrets-detection tools. Network Security
• Tune and optimize network segmentation, firewalls, and WAF rulesets.
• Build and improve threat prevention strategies utilizing network security technologies. Identity & Access Management
• Enforce least-privilege and Zero Trust principles across Active Directory and cloud IdPs.
• Champion MFA, JIT/PIM workflows, PAM, and periodic access reviews. Guidance & Enablement
• Translate security requirements into clear remediation guidance for developers and infrastructure teams.
• Produce knowledge articles, runbooks, and conduct sessions to upskill peers. Vermont Information Processing

Minimum Qualifications:
Technical Skills:

• 5+ years in a Security Engineer, Cloud Security Engineer, or related role supporting and securing production public cloud workloads.
• Expert-level AWS services knowledge (compute, storage, networking, IAM, CloudTrail, GuardDuty, AWS Security Hub); working knowledge of Azure or GCP is a plus.
• Strong knowledge of best practices for securing cloud resources and implementing robust controls that consider business needs.
• Experience using CNAPP platforms (Wiz, Orca, Prisma Cloud, CrowdStrike), CSPM integrations, and related cloud security toolsets.
• Strong understanding of IP networking concepts (TCP/IP, routing, VPN, DNS, load balancing, Zero Trust architecture).
• Proficiency in at least one scripting language (Python, PowerShell, Bash) and familiarity with solutions like Terraform or CloudFormation.
• Solid grasp of IAM for both on-prem AD and cloud IdPs.

Education:

• Bachelors degree in Cybersecurity, Computer Science, Information Systems, or related field (preferred; equivalent experience considered).
• Certifications (preferred in each category; not required)
• Networking: CCNA/CCNP, CCIE, CompTIA Network+, etc.
• Security: GIAC Cloud Security Certifications, GCIH, GNFA, CISSP, etc.
• Cloud: AWS Solutions Architect Associate/Professional or Security Specialty

Soft Skills:

• Clear, concise communicator able to translate technical risk to non-technical stakeholders.
• Proven collaborator across technical, operations, and compliance teams.
• Comfortable leading cross-functional projects.
• Self-starter who thrives in a fast-moving, high-autonomy environment.
• Vermont Information Processing

Nice-to-Have Experience:

• Security testing familiarity: bug bounty management, red team coordination, and/or penetration testing.
• Application security experience with SAST, SCA, and DAST familiarity.
• Experience interpreting forensic artifacts using a variety of security toolsets.
• Good understanding of the IR process and able to assist in incident response (e.g.: experience on IR teams or DFIR responsibilities).