Senior Cybersecurity Engineer

Nexus Analytica

About the Role

We are seeking an experienced and proactive Senior Cybersecurity Engineer to lead the design, implementation, and enforcement of security practices across our software systems, infrastructure, and development lifecycle.

In this role, you will take ownership of end-to-end cybersecurity, from secure architecture and DevSecOps integration to cloud security, incident response, and compliance alignment. You will collaborate closely with development, DevOps, and management teams to ensure our platforms built on Python/Django, React.js, and Azure meet the highest standards of security, privacy, and resilience.

This is a critical role in a mission-driven company developing digital solutions for high-impact sectors. The ideal candidate is hands-on, threat-aware, and highly experienced in both cloud security (Azure) and application security.

Key Responsibilities ???? Security Architecture & Risk Management

• Define and enforce security standards and architecture across cloud and software systems.
• Perform threat modeling and security risk assessments for applications, infrastructure, and new features.
• Establish secure development lifecycle practices (e.g., secure coding, code review, static analysis).
• Collaborate with the software architect and DevOps team to integrate security into design decisions.

???? Cloud & Infrastructure Security (Azure)

• Secure Azure cloud environments including networking, storage, compute, and identity management.
• Implement and manage security controls using Azure Security Center, Azure Defender, and Microsoft Entra (AD).
• Monitor cloud security posture and respond to threats using Azure Sentinel or other SIEM tools.

???? Application & API Security

• Conduct vulnerability assessments, static and dynamic code analysis (SAST/DAST), and penetration testing.
• Identify and remediate OWASP Top 10 vulnerabilities in backend (Django REST) and frontend (React.js) codebases.
• Review API authentication/authorization, session management, and data protection controls.

???? DevSecOps & Automation

• Integrate security tools into CI/CD pipelines (e.g., Snyk, Checkmarx, SonarQube).
• Automate secrets management, scanning, and compliance checks.
• Work with DevOps to harden Docker images, Kubernetes (AKS), and CI/CD workflows.
• Collaborate with backend, frontend, DevOps, and Architecture teams to enforce up-to-date security protocols and measures.

???? Incident Response & Monitoring

• Define and maintain security incident response procedures and playbooks.
• Monitor for suspicious activity across systems, endpoints, and cloud infrastructure.
• Lead investigations and forensics for potential breaches or suspicious activity.
• Conduct regular security drills and post-incident reviews.

???? Compliance & Governance

• Support compliance efforts (e.g., ISO 27001, SOC 2, GDPR, among others) by implementing and documenting controls.
• Maintain asset inventories, security policies, and audit logs.
• Conduct internal security training and awareness programs.