Senior Information Security Engineer

Role Overview

As a Senior Information Security Engineer, you will interpret and implement regulations related to cyber security, ensure ongoing monitoring and tech-compliance, and define, implement, and manage information security principles, policies, frameworks, standards, and controls. You will partner with cross-functional teams to minimize information security risks and architect solutions that are compliant with regulatory requirements.

What You Will Do

Your day-to-day responsibilities will include conducting and reviewing Technology Risk Assessments, reviewing security solutions and controls, conducting security awareness programs, and identifying and defining Security KPIs. You will also evaluate, test, and integrate security tools, standards, and associated processes, and assist in creating and managing the framework for Information Security.

Why It Might Be a Fit

This role requires 3-6 years of experience in Information Security, with a strong understanding of regulatory requirements, security governance, and evaluating and implementing security tools. You should have excellent verbal and written communication skills, and be able to explain technical details in a concise and understandable manner.

Requirements

• 3-5 years of experience in the information security/Cybersecurity domain
• Prior experience in the Fintech/Startup industry and knowledge of one of the regulatory compliances like PCI DSS, RBI Master Directives, IRDA, SEBI cyber security guideline
• Experience with Information Security & Risk Management frameworks like ISO27001, NIST SP 800-37, etc Cyber Kill Chain, MITRE ATT&CK, or other relevant frameworks
• Sound knowledge in security vulnerabilities, remediation and mitigation techniques
• Ability to document and explain technical details in a concise & understandable manner
• Ability to lead complex, cross-functional projects, and problem-solving initiatives
• Passionate about information security and update knowledge on daily basis to support the organization
• Excellent verbal and written communication skills
• Ability to explain all vulnerabilities and weaknesses in the OWASP Top 10, to concerned stakeholders and discuss effective defensive techniques
• Familiarity with industry standards and regulations including PCI, ISO27001, CIS, NIST
• Good understanding of the Docker, Kubernetes, and security models
• Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security implications

Benefits

• Competitive salary
• Equity
• Healthcare
• PTO
• Retirement
• Learning budget
• Parental leave
• Wellness
• Visa/relocation
• Remote flexibility
• Stipends
• Bonus/commission
• Paid holidays