Staff Security Engineer
Pearson · Bengaluru East, Karnataka, India
- On site
- Full-time
- $150,000 / year
- Bengaluru East, Karnataka, India
Job highlights
- Secure infrastructure in hybrid and multi-cloud environments.
- Automate security audits, detections, and remediation.
- Design and implement network security architectures.
- Collaborate with SRE and infrastructure teams.
- Ensure compliance with security standards and frameworks.
About the role
Staff Security Engineer
Pearson is seeking an experienced Infrastructure Security Engineer to collaborate with SRE and infrastructure teams. Your primary focus will be embedding security into infrastructure deployment and operations, creating secure configuration templates, building audit and detection automation, and defending against evolving threats. This role requires a blend of deep technical expertise in infrastructure, security automation skills, and a collaborative spirit.
Key Responsibilities
SRE & Infrastructure Team Collaboration
- Partner with SRE and infrastructure teams to integrate security into infrastructure workflows, deployment pipelines, and operational practices.
- Create and validate secure configuration templates for Terraform, CloudFormation, Ansible, and other infrastructure automation tools.
- Develop deployment templates that embed security controls by default for common infrastructure patterns (VPCs, security groups, IAM roles, compute instances).
- Review and approve infrastructure code providing security guidance and validation before production deployment.
- Conduct security assessments of infrastructure designs and deployment patterns in collaboration with SRE teams.
- Establish security guardrails that enable infrastructure teams to move quickly while maintaining security standards.
Audit & Detection Automation
- Build automated audit systems to continuously validate infrastructure configurations against security baselines and compliance requirements.
- Develop detection automation for identifying security misconfigurations, policy violations, and anomalous infrastructure changes.
- Implement policy-as-code frameworks using Open Policy Agent (OPA), AWS Config Rules, Azure Policy, or Sentinel to enforce security standards.
- Create automated remediation workflows for common security violations and configuration drift.
- Build compliance validation automation to continuously assess infrastructure against CIS benchmarks, SOC 2, and other frameworks.
- Develop security metrics and dashboards providing visibility into infrastructure security posture and trends.
Security Architecture & Design
- Design and implement security architectures for hybrid and multi-cloud environments (AWS, Azure, GCP).
- Develop network security architectures including network segmentation, zero trust principles, and micro-segmentation strategies.
- Build security baselines and hardening standards for servers, endpoints, containers, and cloud resources based on CIS benchmarks and industry best practices.
- Design secure landing zones and account structures for cloud environments with appropriate guardrails and security controls.
- Implement defense-in-depth strategies across network, host, application, and data layers.
- Conduct security architecture reviews for infrastructure changes, new deployments, and technology adoption.
Cloud & Infrastructure Security
- Implement and manage cloud security controls including security groups, NACLs, WAF, cloud firewalls, and encryption services.
- Configure cloud security posture management (CSPM) tools to continuously assess and remediate misconfigurations.
- Deploy and manage container security for Docker, Kubernetes, and container orchestration platforms.
- Implement infrastructure-as-code security scanning and policy enforcement for Terraform, CloudFormation, and other IaC tools.
- Secure cloud-native services including serverless functions, managed databases, object storage, and API gateways.
- Manage secrets and encryption keys using vaults, KMS, and secure key management practices.
Security Automation & Infrastructure as Code
- Develop and maintain security automation using Python, PowerShell, Bash, or Go for audit, detection, and remediation tasks.
- Create reusable IaC security modules and templates for Terraform, CloudFormation, or Pulumi that SRE teams can leverage.
- Implement IaC scanning and validation in CI/CD pipelines using tools like Checkov, Terrascan, tfsec, or custom validators.
- Build security policy as code using tools like Open Policy Agent (OPA), Sentinel, AWS Config Rules, or Azure Policy.
- Automate security testing of infrastructure deployments including configuration validation and compliance checks.
- Collaborate with SRE teams to integrate security automation into GitOps workflows and deployment pipelines.
Compliance & Governance
- Support compliance initiatives for SOC 2, ISO 27001, PCI-DSS, HIPAA, or other frameworks.
- Conduct infrastructure security audits and assessments against security standards.
- Document security architectures and maintain system security plans (SSPs).
- Develop runbooks and procedures for security operations and incident response.
- Generate compliance reports demonstrating security control effectiveness.
Collaboration & Advisory
- Work embedded with SRE teams to understand infrastructure patterns, deployment workflows, and operational needs.
- Partner with infrastructure teams on architecture reviews, technology evaluations, and capacity planning with security considerations.
- Provide security guidance on infrastructure projects, deployment strategies, and architectural decisions in real-time.
- Train SRE and infrastructure staff on secure configuration practices, security tooling, and threat awareness.
- Enable self-service security by creating documentation, runbooks, and templates that infrastructure teams can use independently.
- Collaborate with peer security teams on application security, identity management, and security operations to ensure holistic coverage.
Required Qualifications & Experience
- 5+ years of hands-on experience in infrastructure security, network security, or systems engineering with security focus.
- 3+ years working with cloud platforms (AWS, Azure, or GCP) with focus on security architecture and implementation.
- Proven experience implementing security controls across hybrid environments (on-premises and cloud).
- Strong background in network security including firewalls, segmentation, VPNs, and network monitoring.
- Experience with security hardening of Windows and Linux systems.
Technical Skills
- Cloud Platforms: Deep knowledge of AWS, Azure, or GCP security services, IAM, networking, and security architecture.
- Infrastructure as Code: Strong experience with Terraform, CloudFormation, Ansible, or similar tools including module/template development.
- Policy as Code: Proficiency with Open Policy Agent (OPA), Sentinel, AWS Config Rules, Azure Policy, or similar frameworks.
- Scripting & Automation: Strong skills in Python, PowerShell, Bash, or Go for building security automation and tooling.
- Network Security: Expertise with firewalls (Palo Alto, Cisco, Fortinet), network segmentation, VPNs, and IDS/IPS.
- Operating Systems: Strong knowledge of Windows and Linux administration, security hardening, and system internals.
- Container Security: Knowledge of Docker, Kubernetes security, and container orchestration.
- CI/CD Pipelines: Experience integrating security tools into GitLab CI, GitHub Actions, Jenkins, or similar platforms.
- Security Tools: Hands-on experience with vulnerability scanners (Nessus, Qualys), CSPM tools (Wiz, Prisma Cloud), EDR/XDR platforms.
- Monitoring & Logging: Experience with SIEM, log aggregation (Splunk, ELK), and security monitoring platforms.
Knowledge & Competencies
- Security Architecture: Understanding of defense-in-depth, zero trust, and security architecture principles.
- Security Frameworks: Familiarity with NIST Cybersecurity Framework, CIS Controls, MITRE ATT&CK.
- Compliance: Knowledge of SOC 2, ISO 27001, PCI-DSS, HIPAA, or other regulatory frameworks.
- TCP/IP & Networking: Strong understanding of networking protocols, routing, switching, and network architecture.
- Threat Landscape: Current knowledge of infrastructure threats, attack vectors, and defensive techniques.
Soft Skills
- Communication: Excellent ability to explain security concepts to technical and non-technical audiences.
- Collaboration: Strong partnership skills to work effectively with infrastructure, operations, and development teams.
- Problem-Solving: Analytical mindset with ability to troubleshoot complex security and infrastructure issues.
- Project Management: Ability to manage security projects from design through implementation.
- Adaptability: Flexibility to work in dynamic environments and adjust to changing priorities.
Education & Certifications
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience).
Who we are:
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are.
To learn more: We are Pearson.
Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.
Key skills/competency
- Security Engineering
- Infrastructure Security
- Cloud Security (AWS, Azure, GCP)
- Infrastructure as Code (Terraform, CloudFormation)
- Policy as Code (OPA, Sentinel)
- Security Automation (Python, Bash)
- Network Security
- Compliance and Governance
- Security Architecture
- DevSecOps
Skills & topics
- Security Engineer
- Infrastructure Security
- Cloud Security
- DevSecOps
- Security Automation
- IaC Security
- Policy as Code
- Network Security
- Cybersecurity
- Staff Engineer
How to get hired
- Tailor your resume: Highlight experience with cloud security, IaC, and automation tools relevant to Pearson.
- Showcase technical skills: Emphasize proficiency in Python, Terraform, AWS/Azure/GCP, and policy-as-code frameworks.
- Demonstrate collaboration: Provide examples of successful partnerships with SRE and infrastructure teams.
- Research Pearson's values: Align your application with Pearson's purpose of helping people realize their potential through learning.
- Prepare for behavioral questions: Be ready to discuss your problem-solving approach and adaptability in security challenges.
Technical preparation
Master cloud security controls (AWS, Azure, GCP).,Practice IaC with Terraform and CloudFormation.,Build automation scripts in Python or Go.,Implement policy-as-code with OPA.
Behavioral questions
Describe a complex security issue you solved.,How do you collaborate with SRE teams?,How do you balance speed and security?,How do you stay updated on threats?
Frequently asked questions
- What are the key technical skills for a Staff Security Engineer at Pearson?
- The Staff Security Engineer role at Pearson requires deep expertise in cloud platforms like AWS, Azure, or GCP, strong experience with Infrastructure as Code tools such as Terraform and CloudFormation, proficiency in Policy as Code frameworks like OPA or Sentinel, and solid scripting abilities in Python, PowerShell, Bash, or Go. Experience with network security, container security, and CI/CD pipeline integration is also crucial.
- How does Pearson integrate security into its infrastructure deployment and operations?
- Pearson integrates security by partnering closely with SRE and infrastructure teams to embed security controls into workflows and deployment pipelines. This involves creating secure configuration templates, developing automated audit and detection systems, establishing security guardrails, and conducting thorough security assessments of infrastructure designs.
- What kind of automation is expected for this Staff Security Engineer role at Pearson?
- This role involves building extensive automation for auditing infrastructure configurations against security baselines, detecting misconfigurations and policy violations, and creating automated remediation workflows. Policy-as-code implementation and compliance validation automation are also key components.
- What security architecture experience is needed for the Staff Security Engineer position at Pearson?
- The Staff Security Engineer should have experience designing and implementing security architectures for hybrid and multi-cloud environments, including network segmentation, zero trust principles, and secure landing zone designs. Understanding defense-in-depth strategies and conducting security architecture reviews is also essential.
- How does Pearson support compliance and governance in its infrastructure security?
- Pearson supports compliance by building automated systems to validate infrastructure against frameworks like CIS benchmarks, SOC 2, and ISO 27001. The role also involves conducting security audits, documenting security plans, and generating compliance reports to demonstrate control effectiveness.
- What are the collaboration expectations for a Staff Security Engineer at Pearson?
- Collaboration is key. You'll work embedded with SRE teams, partner on architecture reviews and technology evaluations, provide real-time security guidance, and train infrastructure staff on secure practices. You'll also work with other security teams to ensure comprehensive coverage.