Job Description for Security Engineer position
Location: India (Bangalore )
Department: PD&T
Reports To: Business Information Security Officer/Liaison
Job Type: Full-Time
Job Overview:
The Security Engineer will play a critical role in ensuring the security, compliance, and resilience of applications and infrastructure across the organisation. This role is responsible for integrating security controls from the early stages of the Software Development Lifecycle (SDLC), overseeing security tool onboarding, and ensuring adherence to cybersecurity policies. Key responsibilities include identifying and mitigating security risks, implementing DevSecOps best practices, securing cloud environments, and enhancing automation within CI/CD pipelines. Additionally, the Security Engineer monitors vulnerabilities, drives risk management initiatives, and supports governance processes to align with Cybersecurity paved road services.
Key Responsibilities:
Ensure compliance with critical security requirements, including CMDB updates, access control, threat modelling, WAF implementation, secrets management, and penetration testing, to secure cybersecurity approval before go-live.
Lead security tool onboarding, infrastructure management, application log monitoring, and data security to uphold organisational security standards.
Collaborate with application product teams from the early stages of the SDLC to define and implement security controls, conducting comprehensive architecture reviews.
Assist development teams in integrating security tools and agents to achieve full coverage, including SCA, SAST, DAST, container scanning, IaaC, and infrastructure security.
Strengthen the security of containers, Kubernetes, and microservices.
Serve as a technical support and IAM administrator, overseeing user roles, permissions, and service accounts for data lake projects on GCP.
Identify and assess security risks, document them in risk registers, and work with the Governance, Risk, and Compliance (GRC) team to drive risk mitigation or acceptance.
Deliver comprehensive security and compliance solutions through DevSecOps, covering risk assessment, mitigation strategies, vulnerability management, and patch management.
Strong understanding of automation, scripting, and DevOps pipeline integration.
Integrate security tools into CI/CD pipelines to enable automated vulnerability detection and resolution.
Enforce quality gates in blocking mode for critical and high vulnerabilities to ensure secure deployments.
Implement the Secure Software Development Lifecycle (S-SDLC) for applications hosted across AWS and Azure in multiple regions.
Monitor and analyse vulnerability scan reports, conducting false-positive assessments to enhance risk management accuracy.
Provide administrative and product support to internal and external users for security-related concerns.
Maintain and enhance the security posture of both legacy and business-as-usual (BAU) applications to ensure continuous compliance.
Lead cross-functional teams to foster secure and compliant product lifecycles while optimising security processes.
Develop and maintain JIRA dashboards to monitor security requirements and track project progress.
Generate weekly security dashboards and scorecards, offering leadership clear insights into application security status.
Self-motivated and proactive, with the ability to take initiative, work independently, and engage with stakeholders across multiple time zones as needed.
Qualifications:
Education: Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.
Experience:
4+ years of experience in cybersecurity, DevSec Ops or related fields.
2+ years of experience of leading the project or similar task within a security focused role.
Proven track record of aligning security strategies with business objectives.
Certifications: Relevant certifications such as CISSP, CISM, CRISC, CISA or equivalent are highly desirable but not required.
Skills:
Technical Expertise: Strong understanding of cybersecurity frameworks, CI/CD pipelines, technologies, and best practices.
Business Acumen: Ability to understand and align with the business’s strategic objectives and challenges.
Communication: Excellent verbal and written communication skills, with the ability to translate technical concepts into business language.
Problem-Solving: Strong analytical and problem-solving skills, with a proactive approach to identifying and mitigating risks.
Relationship Management: Ability to build strong relationships with stakeholders and various teams, fostering trust and collaboration.
Preferred Qualifications:
Experience in coding, automation, cloud security, and DevOps practices is highly desirable.
Knowledge of regulatory requirements relevant to the industry, such as GDPR, HIPAA, PCI-DSS, etc.
Familiar with various NIST frameworks including NIST, NIST 800-30 and NIST RMF.
Experience working in a matrixed organization with multiple lines of business.
Key Attributes:
Proactive & Self-Driven – Takes initiative, works independently, and engages stakeholders without requiring supervision.
Technical Expertise – Strong knowledge of security tools, cloud security, DevSec Ops, and automation.
Risk & Compliance Focused – Ensures alignment with cybersecurity policies, governance frameworks, and regulatory requirements.
Effective Stakeholder Management – Collaborates with cross-functional teams and communicates security risks clearly.
Adaptable & Solution-Oriented – Quickly addresses security challenges and supports multiple time zones as needed.
What We Offer:
Competitive salary and benefits package.
Opportunities for professional development and growth.
A collaborative, inclusive work environment where your ideas and contributions are valued.
How to Apply:
Interested candidates should submit their resume and a cover letter detailing their experience and qualifications for the role to [Insert Application Method]