Platform Eng(Security n FinOps)
Job Title: Security, Vulnerability & FinOps Engineer (Offshore)
Role Overview
This is an offshore role combining two complementary governance functions for an enterprise Agentic AI platform on Microsoft Azure: security and vulnerability management, and cloud cost (FinOps) management with monthly reporting. The role maintains the platform’s security posture and drives vulnerability remediation, while also tracking cloud spend, identifying optimisation opportunities, and producing recurring reporting. It works hands-on with the Azure platform and Infrastructure-as-Code across non-production and production within a follow-the-sun delivery model.
Key Responsibilities
Operate cloud security tooling including Microsoft Defender for Cloud, Wiz (cloud and AI security posture management), and endpoint/workload protection (CrowdStrike).
Run and track vulnerability scans (Qualys) across platform services, maintain a vulnerability register, and drive remediation against SLAs.
Monitor SIEM detection content, triage security alerts, and support detection-rule tuning using KQL.
Review identity security — RBAC, managed identities, and OAuth/token configurations — against least-privilege standards, and maintain CMDB security attributes.
Implement and maintain security guardrails and resource tagging using Terraform and policy-as-code, and support CI/CD security gates.
Produce monthly FinOps reporting covering spend by service, environment, and cost centre, with trends and variance against budget and forecast.
Identify cost-optimisation opportunities — right-sizing, reservations and savings plans, idle and orphaned resources, and log-ingestion and storage optimisation — and track realised savings.
Analyse Azure billing and usage data using Cost Management and billing exports, and build cost dashboards (for example in Power BI).
Partner with platform and engineering teams to action security and cost recommendations, and provide audit and compliance evidence.
Qualifications & Experience
4+ years experience spanning cloud security / vulnerability management and cloud cost (FinOps) management.
Hands-on experience with Azure security services such as Microsoft Defender for Cloud and Microsoft Entra.
Experience with vulnerability scanning tools such as Qualys, and with remediation tracking.
Familiarity with SIEM and detection concepts, including KQL or an equivalent query language.
Strong experience with Azure Cost Management, billing-data analysis, and cost-allocation models (showback/chargeback).
Exposure to Terraform Infrastructure-as-Code and policy-as-code for guardrails and tagging.
Proficiency with reporting and BI tools such as Power BI, and with scripting in Python or PowerShell.
Strong understanding of OAuth 2.0 / OpenID Connect, RBAC, and least-privilege principles.
Bachelor’s degree in Information Technology, Cyber Security, Finance, or a related discipline.
Job Title: Security, Vulnerability & FinOps Engineer (Offshore)
Role Overview
This is an offshore role combining two complementary governance functions for an enterprise Agentic AI platform on Microsoft Azure: security and vulnerability management, and cloud cost (FinOps) management with monthly reporting. The role maintains the platform’s security posture and drives vulnerability remediation, while also tracking cloud spend, identifying optimisation opportunities, and producing recurring reporting. It works hands-on with the Azure platform and Infrastructure-as-Code across non-production and production within a follow-the-sun delivery model.
Key Responsibilities
Operate cloud security tooling including Microsoft Defender for Cloud, Wiz (cloud and AI security posture management), and endpoint/workload protection (CrowdStrike).
Run and track vulnerability scans (Qualys) across platform services, maintain a vulnerability register, and drive remediation against SLAs.
Monitor SIEM detection content, triage security alerts, and support detection-rule tuning using KQL.
Review identity security — RBAC, managed identities, and OAuth/token configurations — against least-privilege standards, and maintain CMDB security attributes.
Implement and maintain security guardrails and resource tagging using Terraform and policy-as-code, and support CI/CD security gates.
Produce monthly FinOps reporting covering spend by service, environment, and cost centre, with trends and variance against budget and forecast.
Identify cost-optimisation opportunities — right-sizing, reservations and savings plans, idle and orphaned resources, and log-ingestion and storage optimisation — and track realised savings.
Analyse Azure billing and usage data using Cost Management and billing exports, and build cost dashboards (for example in Power BI).
Partner with platform and engineering teams to action security and cost recommendations, and provide audit and compliance evidence.
Qualifications & Experience
4+ years experience spanning cloud security / vulnerability management and cloud cost (FinOps) management.
Hands-on experience with Azure security services such as Microsoft Defender for Cloud and Microsoft Entra.
Experience with vulnerability scanning tools such as Qualys, and with remediation tracking.
Familiarity with SIEM and detection concepts, including KQL or an equivalent query language.
Strong experience with Azure Cost Management, billing-data analysis, and cost-allocation models (showback/chargeback).
Exposure to Terraform Infrastructure-as-Code and policy-as-code for guardrails and tagging.
Proficiency with reporting and BI tools such as Power BI, and with scripting in Python or PowerShell.
Strong understanding of OAuth 2.0 / OpenID Connect, RBAC, and least-privilege principles.
Bachelor’s degree in Information Technology, Cyber Security, Finance, or a related discipline.