Security Engineer

Role: Security Engineer / Cybersecurity

Experience: 4-6 years

Location: Bangalore

Skills: vulnerability assessments, penetration testing, and security audits, cloud security (AWS/Azure/GCP), conducting audits, scripting (Python/Bash/PowerShell)

Relevant certifications: OSCP, CEH, CISSP, CISM, CCSP, GIAC (GPEN/GWAPT), AWS/Azure Security Specialty.

JD:

Key Responsibilities

Lead end-to-end security audits (internal/external), compliance assessments (ISO 27001, SOC 2, PCI-DSS, DPDP Act, GDPR), and regulatory reporting.

Design and execute vulnerability assessment programs: schedule/conduct scans, analyze results, prioritize findings by risk/impact, and track remediation SLAs.

Perform and coordinate penetration testing (manual/automated), red team exercises, ethical hacking, and attack simulations to uncover exploitable weaknesses.

Manage vulnerability lifecycle: triage findings from scanners/tools, validate exploits, recommend fixes, and verify remediation effectiveness.

Conduct risk assessments, threat modeling, and gap analysis for new systems, cloud migrations, APIs, and third-party integrations.

Implement and tune security tools: vulnerability scanners (Qualys, Tenable, Rapid7), penetration testing frameworks (Burp Suite, Metasploit, OWASP ZAP), SIEM, EDR, and cloud security posture tools (Prisma, Wiz, Azure Defender).

Develop security policies, secure baselines, hardening guides, and remediation playbooks; provide guidance to dev, ops, and engineering teams.

Collaborate with stakeholders (CISO, app teams, auditors, vendors) to communicate risks, present findings/reports, and drive remediation efforts.

Mentor junior engineers and contribute to security awareness/training initiatives.

Monitor emerging threats, CVEs, and zero-days; participate in incident response when vulnerabilities are exploited.

Must-Have Skills & Experience

46+ years in cybersecurity, with 3+ years leading vulnerability assessments, penetration testing, and security audits.

Proven expertise in vulnerability management tools (Qualys/Tenable/Nessus, Rapid7 InsightVM, OpenVAS) and pentest suites (Burp Suite, Metasploit, Nmap, Wireshark).

Strong knowledge of OWASP Top 10, CVSS scoring, secure SDLC, and common attack vectors (web, API, cloud misconfigs).

Hands-on with cloud security (AWS/Azure/GCP): IAM, encryption, logging, CSPM tools.

Experience conducting audits and preparing reports for compliance frameworks (ISO 27001, SOC 2, RBI guidelines, DPDP).

Proficiency in scripting (Python/Bash/PowerShell) for automation of scans, reporting, and remediation checks.

Excellent analytical, reporting, and communication skills able to translate technical risks to business impact.

Strong Differentiators

Relevant certifications: OSCP, CEH, CISSP, CISM, CCSP, GIAC (GPEN/GWAPT), AWS/Azure Security Specialty.

Experience leading red/purple teaming, bug bounty programs, or third-party pentest coordination.

Familiarity with container/Kubernetes security, DevSecOps tools (SAST/DAST like Snyk, Checkmarx), and threat intelligence platforms.

Prior work in fintech, cloud-native, or regulated environments (BFSI, healthcare).

Qualifications

Bachelors/Masters in Computer Science, Cybersecurity, or related field (or equivalent experience).

Proactive mindset, detail-oriented, with strong problem-solving under pressure.