Job Title:
Cloud Security Engineer
Company: Tata Consultancy Services
Location: Bangalore, Karnataka
Created: 2026-01-06
Job Type: Full Time
Job Description:
Role: Cloud Security EngineerLocation: Bengaluru/Chennai/Pune/HyderabadType: FulltimeExperience range: 4+ YearsWalk-in Interview on 10th Jan 2026 (Saturday)Chennai: TCS Sholinganallur Kumaran Nagar, 415/21-24, TNHB Main Rd, Chennai, Tamil Nadu 600119Bangalore: TCS PSN Office, PRESTIGE SHANTINIKETAN, Crescent-3,Sadaramanagala Village & Sy.No.129/2 & 130,Krishnarajapuram Hobli, Bangalore East Taluk, Bangalore - 560066,Karnataka,Hyderabad: TCS Deccan Park, Madhapur, Hyderabad, Telangana 500081Pune: Tata Consultancy Services, Sahyadri Park 1, Rajiv Gandhi Infotech Park, Hinjewadi Phase 3, Pune - 411057Roles and responsibilities:Senior Azure Cloud Security Engineer to architect, implement, and operate security controls across Microsoft Azure and Microsoft 365 ecosystems.Microsoft Defender XDRMicrosoft Cloud security stackMicrosoft Defender for Cloud Apps (MDCA/CASB)Cloud Workload Protection (CWPP)Cloud Security Posture Management (CSPM)Microsoft Defender XDRMicrosoft Defender for Cloud Apps (MDCA/CASB)Defender for Cloud (CSPM & CWPP)Prisma SASE, Cisco ISEmulti-cloud securityDesign Azure landing zones and security reference architectures aligned to Zero Trust.Establish enterprise guardrails using Azure Policy, Management Groups, and RBAC with Privileged Identity Management (PIM).Own CSPM posture via Microsoft Defender for CloudOperate and optimize Microsoft Defender XDR for end-to-end detection and response.Manage Microsoft Sentinel (SIEM/SOAR): KQL analytics, hunting, UEBA, playbooks (Logic Apps), and incident workflows.Lead incident response: triage, containment, forensics (Log Analytics, snapshots), root cause analysis, stakeholder communication.Administer Microsoft Defender for Cloud Apps (MDCA) for app discovery, OAuth app governance, session controls, DLP, and data protection.Implement Conditional Access + MDCA session policies for inline control across key SaaS applications.Secure workloads using Defender for Cloud plans (VMs, Storage, SQL, AKS, App Services): hardening, vulnerability management, agent coverage.Drive AKS security: network policies, identity, secrets, image scanning, admission controls; secure ACR and supply chain flows.Implement controls: Azure Firewall, NSGs, DDoS Protection, Bastion, JIT VM access.Protect applications via Azure WAF (App Gateway/Front Door), TLS cert lifecycle, and bot management.