Role- Information Security Engineer
Location- Bangalore Hybrid 2 Days Onsite
Company- InCred
Job Description
● Evaluating, Testing, and integrating security tools, standards, and associated processes as per thesecurity framework.● Identify, prioritize, and track security incidents and manage related platforms such as SIEM ( Wazuh, Blusapphire, Qualys ) , DLP ( Email and Application), EDR and other security tools● Ability to run automated and manual scans on tools like – Burpsuite and Nessus Improving andsupporting application security tool deployments including static analysis and runtime testing tools.● Assist in creating and managing the framework for Information Security in alignment withindustry best practices (ISO 27001, NIST CSF, OWASP top 10)● Improve the cyber security program governance processes including cyber security riskreporting (recommending new report formats, reporting technologies and collaborating withteam members to build-out reports/dashboards) and governance committee● Develop of cyber security standards, including incorporating industry practices andapplicable compliance requirements● Monitor and report compliance with cyber security standards and security rules of relevantcyber security and regulatory privacy requirements● Improving and supporting application security tool deployments including static analysis and runtimetesting tools.● Create and manage process to guide development and testing teams on proactively findingapplication security risks● Improving and maintaining secure development standards.● Supporting the application architecture/design review processes whenever application securityexpertise is needed.● Oversee and improve third-party information security risk management programs to assessrisks associated with the usage of third-parties/vendors. Assist in 3rd party security due-diligence reviews● Conduct periodic penetration testing services of application and Network related infrastructure.Closure of open risks by actively following-up with stakeholders.● Assess application, design threat models, risk, document potential risk vectors, recommend relativecontrols and ensure risk is addressed● Maintain security risk register to track the identified risks and produce metrics to report the state ofapplication security program and risk status.● Additional responsibilities to this role include:○ Recommend cybersecurity assessment methodology and support purple team exerciseswhen required○ Assessing cloud security risk (AWS, Google, and Azure) and recommending appropriatesecurity controls
● Assist in imparting security awareness training and executing phishing simulation exercisesto employees.● Track and report security metrics to higher management on a regular basis● Define hardening standard for various technology and assess compliance levels● Identify, prioritize, and track security incidents and manage related platforms such as SIEM, DLP,EDR and other security tools● Provide clear communication on the issue to application owners and verify the efficacy ofvulnerability remediation● Should have ability to drive VAPT engagements end to end for Web, Mobile and Infra with Internalstakeholders and external agencies if required
● Basic understanding of regulatory requirements of Indian Fintech ecosystem like RBI, SEBI, NSE,BSE others
Key Areas: ISO 27001, security governance, evaluating and implementing security tools (SIEM, DLP,endpoint protection), security reviews and assessment, preparation of security checklist, securityawareness/phishing simulation, cloud security, Application security.Keywords in the line of priority – Information security , SOC (Security Operations centre), SIEM ,Application security, Technical risk assessment, Cloud Security , Third party risk management, Securityreviews , Security checklist, Internal and external audits, Awareness trainings, RBI , ISO 27001, CEH,Certifications: good to have – ISO 27001, CEH or CC ( Not Mandatory )
Experience
● Should have 3-4 years of experience in the information security domain● Must have sound knowledge in security vulnerabilities, remediation and mitigation techniques.● Ability to document and explain technical details in a concise & understandable manner● Industry recognized certificates relevant to the roles such as CISM, CISSP, CISA, ISO 27001 LA ,CEH and CC are desired● Ability to lead complex, cross-functional projects, and problem-solving initiatives.● Passionate about information security and update knowledge on daily basis to support theorganization● Candidates must have excellent verbal and written communication skills● Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, toconcerned stakeholders and discuss effective defensive techniques.● Familiarity with industry standards and regulations including RBI Master directionsPCI, ISO27001,CIS, NIST is desired.● Good understanding of the Docker, Kubernetes, and security models● Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their securityimplicationsSkills:● Candidate should be a good team player● Should have good interpersonal skills● Good written communication skills including ability to develop process documentation and securityguidelines.● Ability to apply critical thinking and logic to a wide range of intellectual and practical problems● Ability to maintain composure under pressure and work calmly during an emergency● Ability to manage multiple tasks and schedules
…