REMOTEFULLTIME
Cyber Security Engineer
Inception42
Remote · remote · Posted 6d ago
Your match
Sign in to see your match score, skill gaps & tailored resume.
Section · 01
About this role
Inception, a G42 company, is the region’s leading innovator of AI-powered domain-specific as well as industry-agnostic products, built on a rich heritage of research and development. Within the G42 ecosystem, Inception functions as the core intelligence layer – transforming data and compute infrastructure into real-world, applied AI solutions. Beyond its commercial endeavors, Inception is committed to creating positive societal impact. For more information, please visit www.inceptionai.ai
Role Overview The Cybersecurity Engineer is responsible for proactive threat detection, security operations, and the technical enforcement of Inception AI's cybersecurity controls across its Azure-native environment. Whereas the Security Engineer — InfoSec focuses on compliance and DevSecOps integration, this role has a stronger orientation toward offensive security awareness, threat hunting, SOC operations, and technical security assurance. Operating in an AI product company, this engineer must also contend with emerging threat vectors specific to LLM deployments, AI APIs, and GPU workloads — including adversarial attacks, model exfiltration, and AI supply chain risks.
This role is a full-time position based in India (remote). Key responsibilities
- Operate Microsoft Sentinel as the primary SIEM: build detection rules, KQL analytics queries, and automated playbooks (Logic Apps / Sentinel SOAR).
- Lead threat hunting activities — proactively search for indicators of compromise across Azure resources, AKS workloads, and AI endpoints.
- Manage the full security incident lifecycle: detection, triage, containment, eradication, recovery, and postmortem.
- Conduct internal vulnerability assessments and coordinate penetration testing engagements — reviewing findings and driving remediation.
- Assess the attack surface of AI/LLM deployments: prompt injection, model inversion, membership inference, and API abuse patterns.
- Configure and tune Microsoft Defender suite: Defender for Cloud, Defender for Containers, Defender for Endpoint, and Defender for Identity.
- Manage threat intelligence feeds and integrates IoCs into Sentinel and Defender policies.
- Enforce and audit zero-trust controls: conditional access, PIM, network segmentation, and privileged access workstations.
- Perform security assurance reviews on infrastructure changes — IaC, container deployments, network changes, and new service integrations.
- Support red team / purple team exercises, producing findings reports and remediation plans.
- Contribute to the development of the security operations runbook, incident playbooks, and detection engineering backlog.
Qualifications Security Operations & SIEM
- Microsoft Sentinel: workspace configuration, analytics rules, incident management, SOAR playbooks
- KQL (Kusto Query Language): advanced threat hunting queries across Log Analytics workspaces
- Azure Monitor: diagnostic settings, log routing, and alert rules
- MITRE ATT&CK framework: mapping detections to TTPs and identifying coverage gaps
Threat Detection & Response
- Incident response procedures: triage, containment, forensic evidence preservation, and recovery
- Malware analysis fundamentals and indicator of compromise (IoC) extraction
- Threat intelligence platforms and feed integration (e.g. MISP, Microsoft Threat Intelligence)
- Security automation: Logic Apps, Azure Functions, or Python-based SOAR playbooks
Azure Security Controls
- Microsoft Defender for Cloud: CSPM posture management, regulatory compliance dashboards, Defender plans
- Defender for Containers: image scanning, runtime threat detection, and AKS integration
- Entra ID Protection: risk policies, sign-in risk, and identity threat detection
- Azure Key Vault: access auditing, soft-delete enforcement, and certificate expiry monitoring
Offensive Security Awareness
- Familiarity with penetration testing methodologies (OWASP, PTES, NIST)
- Web application security: OWASP Top 10, API security testing, and WAF bypass awareness
- Container and Kubernetes security testing: CIS Kubernetes benchmark, kube-bench
- Cloud security posture assessment: cloud misconfiguration risks and common attack paths
AI & LLM Security
- Understanding of LLM-specific threats: prompt injection, jailbreaks, indirect injection via RAG, data poisoning
- API gateway security for AI endpoints: authentication, rate limiting, input validation
- Awareness of model supply chain risks: third-party model provenance, fine-tuning data integrity
Good to Have
- Active security certifications: SC-200 (Microsoft Security Operations Analyst), CEH, OSCP, or CISSP
- Experience with AI Red Teaming or LLM adversarial testing tools
- Familiarity with OWASP LLM Top 10 and emerging AI security frameworks
- Exposure to data loss prevention (DLP) controls in a SaaS multi-tenant context
- Experience operating in ISO 27001 or SOC 2 audited environments
- Cloudflare Security features: Bot Management, Rate Limiting, and WAF custom rules The successful candidate will be engaged via an external workforce partner in line with Inception’s operating model in the region.
Sourced from linkedin · view original
Let the agent run this one for you.
Tailored resume, auto-apply, and referral lookup — in under 2 minutes.
Section · 02