Start Free

Untitled Position

Kore.ai

Hyderabad, Telangana, India (ON SITE) Full Time Senior Common Shared Services
Apply on EasyApply

Create a free account to apply in seconds

Cloud & Infrastructure Security Architect

Kore.ai is a pioneering force in enterprise AI transformation, empowering organisations through our comprehensive agentic AI platform. With innovative offerings across "AI for Service," "AI for Work," and "AI for Process," we're enabling over 400+ Global 2000 companies to fundamentally reimagine their operations, customer experiences and employee productivity.

Our end-to-end platform enables enterprises to build, deploy, manage, monitor, and continuously improve agentic applications at scale. We've automated over 1 billion interactions every year with voice and digital AI in customer service, and transformed employee experiences for tens of thousands of employees through productivity and AI-driven workflow automation.

Recognised as a leader by Gartner, Forrester, IDC, ISG, and Everest, Kore.ai has secured Series D funding of $150M, including strategic investment from NVIDIA to drive Enterprise AI innovation. Founded in 2014 and headquartered in Florida, we maintain a global presence with offices in India, UK, Germany, Korea, and Japan.

POSITION / TITLE:

Cloud & Infrastructure Security Architect

Location: Hyderabad

Experience: 8–10+ years

POSITION SUMMARY:

About the Role

We are looking for a Cloud & Infrastructure Security Architect to serve as the security authority across our multi-cloud environment. You will define the security architecture standards our infrastructure must meet, govern continuous audit and assurance to ensure zero gaps, and drive measurable improvement in cloud security posture across AWS, Azure, and GCP. This is a hands-on architecture role with real ownership — you will shape how our cloud environments are secured, not just advise on it.

RESPONSIBILITIES:,

CLOUD SECURITY ARCHITECTURE & STANDARDS

• Define and own the cloud security architecture across AWS, Azure, and GCP — establishing the authoritative security baseline, guardrails, and standards the environment must meet.

• Drive secure landing zone architecture — account and subscription structure, network segmentation, logging pipelines, and security control inheritance.

• Lead security architecture reviews and sign-offs for new cloud infrastructure designs, platform changes, and cloud migration initiatives.

• Define multi-cloud IAM architecture — least privilege design, role federation, cross-account trust models, service principal governance, and privileged access management.

• Architect secrets management standards across AWS Secrets Manager, Azure Key Vault, and GCP Secret Manager — covering rotation, access governance, and audit requirements.

• Publish reusable, secure reference architectures and approved cloud service patterns that embed security into infrastructure decisions by default.

CONTINUOUS AUDIT, ASSURANCE & POSTURE MANAGEMENT

• Own the continuous cloud security audit program — systematically evaluating the live environment against defined standards to detect gaps, drift, and deviations before they become incidents.

• Govern Cloud Security Posture Management (CSPM) — interpret findings, triage by exploitability and business risk, enforce remediation SLAs, and drive posture improvement to measurable outcomes.

• Conduct deep-dive security audits — IAM privilege analysis, network exposure reviews, encryption gap assessments, logging completeness checks, and workload configuration audits.

• Define and enforce cloud security benchmarks aligned to CIS Foundations (AWS, Azure, GCP), NIST SP 800-144, and CSA CCM — with clear pass/fail criteria measured continuously.

• Maintain the cloud security risk register — open gaps, accepted risks with rationale, remediation timelines, and closure evidence — reported to the CISO on a defined cadence.

• Conduct adversarial validation using cloud attack simulation (Pacu, Stratus Red Team) to verify that controls and detection hold under real attack conditions.

KUBERNETES & CONTAINER SECURITY

• Own end-to-end Kubernetes security architecture at CKS depth — cluster hardening standards, workload isolation, admission control, network policy, secrets management, and runtime protection.

• Define and enforce Kubernetes security standards: Pod Security Admission, RBAC governance, admission controllers (OPA/Gatekeeper, Kyverno), network policies, and control plane hardening.

• Conduct regular Kubernetes security audits — CIS Kubernetes Benchmark assessments, RBAC privilege analysis, etcd security, API server reviews, and node-level gap detection.

• Define container image security standards — base image governance, vulnerability scanning (Trivy, Aqua, Snyk), image signing (Cosign/Notary), and registry access controls.

• Own runtime security architecture — deployment standards for Falco or Sysdig, coverage audits, and container escape/anomaly detection validation.

• escape/ Kubernetes CVE triage and response — assess impact on cluster configurations and drive resolution to closure.

IAC SECURITY & POLICY-AS-CODE

• Review and approve Infrastructure-as-Code templates — Terraform, AWS CDK, Bicep, and Helm charts — identifying misconfigurations, over-permissive IAM, exposed endpoints, and encryption gaps before deployment.

• Define IaC security standards and reusable secure modules — pre-approved, security-hardened building blocks that make secure deployment the default.

• Define IaC scanning standards and security gate requirements for CI/CD pipelines (Checkov, tfsec, Terrascan) with clear pass/fail criteria and remediation guidance.

• Own the policy-as-code framework — define security policies automatically evaluated against every infrastructure change and continuously audit compliance.

ZERO TRUST & NETWORK SECURITY

• Define and drive Zero Trust Architecture across cloud environments — identity-based access, micro-segmentation standards, service mesh security, and continuous verification principles.

• Design cloud network security standards — VPC/VNet architecture, security group governance, private endpoint requirements, egress controls, and east-west traffic inspection.

• Define service mesh security requirements (Istio, Linkerd) — mTLS enforcement, traffic policy standards, and observability integration

• Conduct network security audits to identify deviations from approved architecture — exposed services, missing private endpoints, segmentation gaps.

SERVERLESS & CLOUD-NATIVE SECURITY

• Define security architecture standards for serverless workloads across AWS Lambda, Azure Functions, and GCP Cloud Functions — execution role minimisation, event source trust, and data protection requirements.

• Audit serverless and cloud-native deployments — identifying SSRF-to-metadata risks, over-permissive execution roles, insecure event triggers, and dependency risks.

• Define security standards for cloud-native managed services — databases, message queues, object storage, API gateways — with mandatory encryption, access control, and audit logging requirements.

THREAT DETECTION & CLOUD INCIDENT RESPONSE

• Design the cloud threat detection architecture — define detection requirements, tool selection (GuardDuty, Defender for Cloud, GCP SCC, Falco), and alert pipeline into SIEM and SOC workflows.