Engineering Infrastructure Security Manager

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About the Role We are seeking an experienced Engineering Infrastructure Security Manager to lead the security of our production and non-production engineering systems. This is a critical leadership role responsible for securing the infrastructure that powers the software development lifecycle, including source control systems, CI/CD pipelines, build environments, deployment platforms, developer tools, and associated cloud resources. The ideal candidate will bring deep technical expertise in infrastructure security, strong leadership capabilities, and a solid understanding of modern engineering and DevSecOps practices.   Key Responsibilities Engineering Systems Security Design and implement security controls across development, staging, testing, and production environments Secure CI/CD pipelines, build systems, and deployment automation against supply chain threats Manage security for source control systems, code repositories, and secrets management platforms Oversee security of containerized environments (Docker, Kubernetes) and IaC ecosystems Ensure security across multi-cloud environments (AWS, GCP, Azure) and hybrid infrastructure Security Architecture & Technical Leadership Design and implement security frameworks aligned with engineering workflows and developer productivity Implement zero-trust architecture and least-privilege access models Secure API gateways, service meshes, and microservices architectures Lead security initiatives across observability, logging, and monitoring platforms Strengthen network security posture including firewalls, VPCs, and segmentation Risk Management & Vulnerability Response Conduct security assessments and penetration testing across engineering systems Manage vulnerability scanning and remediation programs Develop threat models for critical systems and deployment pipelines  Lead incident response for infrastructure security events Track and analyze security metrics (deployment security, configuration compliance, infra drift) Team Leadership & Collaboration Build, mentor, and manage a high-performing team of security engineers Drive a “security as code” culture across engineering teams Collaborate with platform, SRE, and development teams to embed security into SDLC Provide training and guidance on secure infrastructure practices Foster a culture of security awareness and proactive risk reporting Policy, Compliance & Governance Define and enforce security policies aligned with SOC 2, ISO 27001, NIST, PCI-DSS Ensure compliance with data protection regulations (GDPR, CCPA) Implement strong access control mechanisms and RBAC (must-have) Conduct regular audits and maintain compliance documentation Manage security for production data access and handling Automation & Continuous Improvement Drive automation of security monitoring, controls, and incident response Implement security-as-code using Terraform, CloudFormation, and policy frameworks Integrate automated security testing into CI/CD pipelines (SAST, DAST, container scans) Maintain infrastructure security baselines and automated compliance checks Continuously reduce security technical debt Business Continuity & Disaster Recovery Design and test disaster recovery plans for engineering infrastructure Implement backup strategies for source code, artifacts, and configurations Ensure high availability and resilience of critical systems Support incident response and business continuity planning from a security perspective   Basic Qualifications Technical Expertise 8–12 years of experience in infrastructure security or related fields, with 3+ years in a leadership role Strong expertise in cloud security (AWS, GCP, Azure) and cloud-native architectures Hands-on experience with Kubernetes, containers, and orchestration platforms Deep understanding of CI/CD security, supply chain security, and DevSecOps practices Proficiency with Infrastructure-as-Code tools (Terraform, Ansible, CloudFormation) Experience with security tools: SIEM, vulnerability scanners, IDS/IPS, endpoint protection Strong knowledge of network security, encryption, IAM, and secrets management Leadership & Collaboration Proven experience building and managing high-performing security teams Experience driving cross-functional initiatives across engineering, operations, and product teams Strong project management and execution skills Ability to mentor and grow security talent Communication & Strategic Thinking Strong communication skills with ability to explain complex concepts to technical and non-technical stakeholders Experience presenting security strategies and risk insights to leadership Ability to translate business needs into security solutions Strong documentation and process definition skills Compliance & Risk Management Experience with compliance frameworks: SOC 2, ISO 27001, NIST, PCI-DSS Strong understanding of risk assessment and security frameworks Knowledge of data privacy and regulatory requirements   Preferred Qualifications Bachelor’s or Master’s degree in Computer Science, Information Security, or related field Security certifications such as CISSP, CISM, CCSP, CEH, or cloud security certifications Experience with GitOps workflows and tools like GitHub Advanced Security or GitLab Security Proficiency in scripting/programming (Python, Go, Bash) for automation Experience in regulated industries (finance, healthcare, government) Background in SRE or DevOps practices Experience securing microservices and serverless architectures Strong interest in security research and evolving threat landscapes Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted. Offices: Pune, Maharashtra, India (Pune);