Back to search
noon Linkedin · Posted 5d ago

Cloud Security Engineering Lead - Platform

India

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

About noon: the region's leading consumer commerce platform, spanning e-commerce, quick commerce, food, fintech, and logistics across the GCC.


Team noon has some of the fastest, smartest, and hardest-working people we've encountered. With a young, aggressive, and talented team, we're driving major missions forward.


The Cloud & Platform Security pod owns the preventive architecture for one of the largest GCP infrastructures in the region: hundreds of projects, dozens of BUs, dozens of GKE clusters, and a footprint that keeps growing. This role builds the cloud security platform every BU inherits by default: Terraform modules, landing-zone patterns, OPA/Kyverno guardrails, CNAPP/CSPM/DSPM, self-serve security tooling, and collaborate with SecOps on high-fidelity cloud-native detections.


The mandate is green-field enough to shape, mature enough to move fast, and broad enough to matter. You will work on cloud security at scale, and also help shape noon’s emerging AI/LLM cloud security surface, including model guardrails, MCP-enabled security tooling, and Vertex-based automation.


We hire engineers who build, not analysts who configure. If your instinct on a cloud misconfig - instead of filing a ticket - is authoring a Gatekeeper policy that eliminates the entire class, this role is for you. The leveling for this role will be decided depending on the profile, experience, and the outcomes of the interviews.


What you'll do

  • Lead the cloud security platform program for noon’s group infrastructure, with a focus on self-serve tooling, automation, policy-as-code, cloud guardrails, and the emerging AI/LLM security surface.
  • Build the cloud security platform surface. Shipping recurring controls as Terraform modules, internal services, MCP tools, or self-serve tools adopted across the group.
  • Build the Terraform security module library for every new BU environment, including VPC-SC, IAM boundaries and hardened security baselines.
  • Build the Day Zero hardening pipeline for new GCP projects, with drift detection, org policies enforced at org and folder scope.
  • Bring policy-as-code to life across the infra. Author custom policies for noon's risk classes, not just community packs.
  • Drive the CNAPP, CSPM, and DSPM roadmaps end-to-end whether that means using commercial tooling or helping build internal platforms.
  • Lead cloud/infrastructure threat modeling for new services, migrations, or acquisitions.
  • Own software supply chain security and the CI/CD golden pipeline.
  • Own GKE and Kubernetes security across the group, including Pod Security Standards, Workload Identity, distroless base images, and runtime security wired to SecOps.
  • Drive the DSPM program across data pipelines and analytics infra.
  • Help shape the security data lake and AI-augmented query surface that connects cloud posture, detections, inventory, ownership, and remediation context.
  • Lead automation-first IAM hygiene and secure secrets handling at group scale.
  • Work with SecOps to ship event-driven Cloud Attack Surface Monitoring and misconfiguration detections.
  • Help mature the WAF, edge, and zero-trust perimeter across Akamai, Cloud Armor, Cloudflare, VPC-SC, and access-control patterns.
  • Partner with DevOps, IT, Product Security, Offensive Security, and engineering leadership to land cloud security protections, onboard new environments, and create feedback loops that strengthen our platform and infrastructure security programs.
  • Raise the bar through design reviews and mentorship of the cloud security pod.


What you'll need

  • 8+ years, shipping cloud security engineering at scale (GCP/AWS)
  • You have run cloud security at large, multi-BU estates, dozens of clusters.
  • A platform-builder mindset: you have shipped internal security services, Terraform modules, or self-serve flows adopted by DevOps and engineering teams by default.
  • Production policy-as-code experience with Rego/Kyverno for org-specific risk classes, and self-serve flows adopted by teams.
  • Deep GCP/AWS security surface fluency alongside GKE and Kubernetes security.
  • Ownership of a CNAPP or CSPM program end-to-end across a multi-account or multi-project infra.
  • Production Cloud DSPM/data protection experience, including PII/PCI discovery, classification, DLP, data tagging across a large infrastructure.
  • Production supply chain security experience with Cosign, Binary Authorization, SBOM, SLSA, CI/CD gates, IaC scanning, secret scanning, container and image security.
  • Experience codifying multi-project or multi-account guardrails at scale using Org Policies, SCPs, landing zones, and Day Zero hardening.
  • A track record eliminating long-lived credentials as a class.
  • Threat modeling experience in infrastructure design reviews, with output turned into concrete secure designs, embedded controls and cloud-native detections.
  • Experience authoring cloud-native detections from SCC, Cloud Audit Logs, VPC Flow, or Cloud IDS, with a clean handoff to a SecOps/detection team.
  • Partner-savvy execution across DevOps, IT, Product Security, Offensive Security, and engineering leadership.
  • Ability to translate PCI-DSS and ISO 27001 cloud security requirements into automatable preventive controls.
  • Cloud and security certifications are welcome context, but not a filter. We hire on shipped work: repos, designs, systems, and controls other engineers depend on.


Preferred Qualifications

  • Shipped an AI/LLM cloud security program, data leakage guardrails.
  • Experience with MCP guardrails or agent-security tooling, including MCP server certification, internal MCP fleet controls, or ADK/MCP/n8n-based security tooling.
  • Hardened GenAI workloads in production using Model Armor, Vertex AI security, Bedrock isolation, or self-hosted inference controls.
  • Designed and shipped a security data lake with CSPM, EDR, Config, SBOM, secret-scan, PAM, and API-inventory feeds, ideally with a private LLM/MCP surface.
  • Built graph-based attack path analysis across cloud identities and resources.
  • Open-sourced or internally published a Rego/Kyverno policy library adopted by teams.
  • Fluency in Python/Go or a second systems language for internal security tooling.
  • Led a small cloud security pod as tech lead.


Who will excel?

  • We're looking for people with high standards, who understand that hard work matters.
  • You need to be relentlessly resourceful and operate with a deep bias for action.
  • We need people with the courage to be fiercely original.
  • noon is not for everyone; readiness to adapt, pivot, and learn is essential.
  • You measure your work by the classes of vulnerability you eliminated and the engineers you unblocked, not tickets closed.


Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent