Senior Information Security Engineer

Job Description

Company: Cimpress India

Location: Chittoor, IN

About Cimpress: Led by founder and CEO Robert Keane, Cimpress invests in and helps build customer-focused, entrepreneurial mass customization businesses. Through the personalized physical (and digital) products these companies create,we empower over 17 million global customers to make an impression. Last year, Cimpress generated $3.5B in revenue through customized print products, signage, apparel, packaging and more.

The Cimpress family includes a dynamic, international group of businesses and central teams, all working to solve problems, build businesses, innovate and improve. As a National Pen brand, Pens.com provides custom marketing solutions to 22 countries worldwide, fostering global connections between businesses and their customers. We specialize in personalized promotional products, including writing instruments, stationery, drinkware, bags, gifts, and trade show accessories.

Our operations are supported by a network of 9 facilities across North America, Europe, Africa, and India. This global presence underscores our commitment to the timely delivery of our products and services to customers across the markets we serve.

About the Role: We are looking for a Senior Information Security Engineer who is hands-on, takes full ownership, and delivers results independently. This is not a role where you wait for instructions. You will be expected to lead security initiatives across cloud environments, drive incident response from detection to resolution, manage vulnerabilities end to end, and provide practical security architecture guidance that teams can actually implement.

You will work across multiple InfoSec domains and coordinate with cross-functional stakeholders, and be the go-to person the organisation relies on when security matters. You will be part of a lean security team that collectively owns and operates across all of these domains, so the ability to wear multiple hats, switch context quickly, and contribute wherever needed is essential. The ideal candidate brings deep technical expertise across cloud security, SOC operations, incident response, digital forensics, vulnerability management, and threat intelligence.

You should be equally comfortable investigating a P1 incident whenever such situation arises. If you thrive in environments that demand ownership, independent execution, and practical problem-solving over checkbox compliance, this role is built for you.

Mandatory Skills & Requirements: All of the following are mandatory requirements for this role. Candidates must demonstrate hands-on, practical experience in each of these areas. Theoretical knowledge alone is not sufficient.

Cloud

Security and Security Architecture – Perform hands-on security architecture reviews for workloads deployed across AWS, OCI, Azure, and GCP, ensuring alignment with CIS Benchmarks, CSA Cloud Controls Matrix (CCM), and the NIST Cybersecurity Framework (CSF).

• Evaluate and provide actionable security recommendations for IaaS, PaaS, and SaaS environments, covering but not limited to network segmentation, identity and access management (IAM), encryption, logging, and data protection.
• Review cloud & application resource configurations, threat modelling, infrastructure-as-code templates, and deployment pipelines to identify security gaps before they reach production.
• Collaborate with engineering and DevOps teams to embed security controls into the software development lifecycle (SDLC) and cloud deployment workflows, following the principles of the AWS Well-Architected Framework Security Pillar and Azure Security Benchmark.

Vulnerability

Management – Own the end-to-end vulnerability management lifecycle: identification, assessment, prioritisation, tracking, remediation coordination, and stakeholder reporting.

• Operate and manage vulnerability assessment tools, specifically Orca Security, Microsoft Defender Security Posture Management, and Azure Security Posture Management, to maintain continuous visibility across the cloud estate.
• Coordinate remediation of findings from annual external penetration tests, working directly with application and infrastructure teams to drive timely closure within agreed SLAs, and independently validate fixes through retesting.
• Produce vulnerability trend reports, communicate remediation progress and residual risk to technical and non-technical stakeholders.
• Apply CVSS, EPSS, and risk-based prioritisation methodologies (aligned with frameworks such as NIST SP 800-40 and OWASP Risk Rating) to ensure remediation efforts are focused on what matters most. SOC, Incident Response, and Digital Forensics – Perform Security Operations Center (SOC) activities, including alert triage, threat hunting, and investigation of security events across the environment.
• Lead and coordinate end-to-end incident response for security incidents, followi

Source: BeBee