Job Opportunities

Security Engineer

We are seeking a skilled and proactive Security Engineer with strong experience in Secure Development Lifecycle (SDLC), Vulnerability Assessment & Penetration Testing (VAPT), Governance Risk & Compliance (GRC), Blue Team and Red Team operations, and Infrastructure / Network Security.

The candidate will work closely with application teams, infrastructure teams, SOC, DevOps, and management to strengthen the organization’s overall cyber security posture.

Responsibilities:
1. Secure SDLC / Application Security
● Participate in Secure Development Lifecycle (SDLC / SSDLC / ASDLC) activities
● Perform security reviews during:
○ Requirement phase
○ Design phase
○ Development phase
○ Testing phase
○ Production deployment
● Conduct:
○ Threat Modeling (STRIDE)
○ Secure design reviews
○ API security assessments
○ Code review coordination
● Validate remediation of security findings
● Review application architecture for security weaknesses
● Work with development teams to implement secure coding practices
● Verify security controls for APIs, web applications, mobile applications, and integrations
2. Vulnerability Assessment & Penetration Testing (VAPT)
● Perform:
○ Web application VAPT
○ API security testing
○ Mobile application testing
○ Network VAPT
○ Infrastructure security assessment
● Identify:
○ OWASP Top 10 vulnerabilities
○ Authentication and authorization flaws
○ IDOR/BOLA issues
○ Misconfigurations
○ Business logic flaws
● Validate remediation effectiveness
● Prepare detailed VAPT reports with risk ratings and mitigation recommendations
● Coordinate with development and infrastructure teams for closure
3. Governance, Risk & Compliance (GRC)
● Support implementation of security governance processes
● Assist in:
○ Risk assessments
○ Security audits
○ Compliance reviews
○ Exception management
● Work on compliance alignment with:
○ ISO 27001
○ RBI guidelines
○ OWASP ASVS
○ CIS benchmarks
○ CERT-In advisories
● Review SOPs, standards, policies, and security baselines
● Track security risks and remediation status
4. Blue Team Activities
● Monitor and analyze security alerts and incidents
● Work with SOC and SIEM teams
● Investigate:
○ Suspicious activities
○ Security incidents
○ WAF alerts
○ Endpoint threats
● Support incident response activities
● Perform log analysis and threat detection
● Validate security monitoring use cases
● Assist in hardening activities

5. Red Team Activities
● Perform adversarial security testing
● Simulate attack scenarios
● Conduct:
○ Privilege escalation testing
○ Internal security testing
○ External attack surface testing
○ API abuse testing
● Support purple-team exercises
● Identify attack paths and security gaps
6. Infrastructure & Network Security
● Review security configurations for:
○ Linux / Windows servers
○ Firewalls
○ WAF
○ VPN
○ Load balancers
○ Kubernetes / Containers
○ Cloud infrastructure
● Conduct hardening validation
● Perform vulnerability scanning and remediation tracking
● Validate network segmentation and access controls
● Review firewall rules and exposure risk

Required work experience:
 Experience in Secure SDLC activities, including security reviews, threat modelling, secure design reviews, API security assessments, and remediation validation.
 Experience performing web application, API, mobile application, network, and infrastructure VAPT assessments.
 Experience identifying OWASP Top 10 vulnerabilities, authentication and authorization flaws, IDOR/BOLA issues, misconfigurations, and business logic flaws.
 Experience preparing detailed VAPT reports, risk assessments, and mitigation recommendations.
 Experience supporting governance, risk, compliance, security audits, and compliance review activities.
 Experience working with SOC teams, SIEM platforms, security monitoring, incident investigation, and threat detection activities.
 Experience performing adversarial security testing, attack simulation exercises, and red team activities.
 Experience in infrastructure and network security assessments, vulnerability scanning, hardening
validation, and remediation tracking.
 Experience collaborating with development, DevOps, infrastructure, and management teams on security initiatives.

Must have technical skills:
Strong understanding of:
 SDLC / SSDLC
 OWASP Top 10
 API Security
 Network Security
 Infrastructure Security
 Authentication & Authorization
 Threat Modeling
 Secure Design Principles
2. Hands-on experience with:
 Burp Suite

Good to have technical skills:
1. Experience in Banking / NBFC / Financial Sector Security.
2. Exposure to DevSecOps practices.
3. Knowledge of Container Security and
Kubernetes Security.
4. Experience with SAST / DAST / SCA tools.
5. Knowledge of MITRE ATT&CK Framework.

Educational qualification:
Bachelor’s Degree in Computer Science / Information Technology / Cyber Security or equivalent.
Preferred Certifications
● CEH
● eJPT / PNPT / OSCP
● ISO 27001
● Security+
● CISSP (preferred)

Experience Range : 2-4