Senior Infosec Engineer – Cloud & Security Solutions

About IDfy

IDfy is Asias leading TrustStack, trusted by the best, with global expertise and enterprise-grade tech, were solving trust challenges, making compliance easy, fraud detection smarter, and onboarding seamless.

Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry.

IDfys three platforms- OnboardIQ, OneRisk, and Privy - come together to form one seamless solution enabling trust.

About the Role

As an Information Security Engineer at IDfy, youll be the go-to guardian of our security and compliance framework. Youll own everything from ISO 27001 and SOC 2 audits (Internal and External) to Customer third-party risk assessments, customer security requests, and internal ISMS management.

Youll work across product, engineering, and legal teams to ensure were not just compliantbut security by design . If youre someone who knows how to manage an audit without breaking a sweat and gets a kick out of spotting gaps in security systems, this ones for you.

We Are the Perfect Match If You

• 3+ years of hands-on experience in Information Security Engineering roles.
• Strong expertise in VAPT methodologies, threat modelling frameworks (STRIDE, PASTA, etc.).
• Hands-on experience with SIEM , SOAR, CNAPP/CSPM, EDR/XDR, IDS/IPS, WAF, and ASM tools, leveraging threat intelligence for SOC operations, incident management, and proactive attack surface reduction.
• Solid understanding of Cloud Security (GCP, AWS, or Azure), DevSecOps integration, and cloud-native security solutions.
• Ability to create use cases, alerts, and automation playbooks for real-time threat detection and incident response. In-depth knowledge of OWASP Top 10 (Web, API, LLM, etc.), MITRE ATT&CK, SANS Top 25, and secure coding practices.
• Proven ability to mentor junior engineers and act as a subject matter expert (SME) for VAPT, cloud, and DevSecOps.
• Experience supporting internal/external audits, compliance initiatives, and security assessments.
• Strong understanding of CIS/NIST benchmarks for hardening infrastructure, monitoring compliance, and defining security best practices.
• Skilled in developing and maintaining security guidelines, standards, best practices, and delivering security training/awareness. Strong proficiency in scripting (Python,Bash, PowerShell)for security automation and tooling.

Heres What Your Day Will Look Like

• Own and manage security solutions (SIEM, EDR/XDR, WAF, CSPM/CNAPP), ensuring optimal configuration and continuous improvement.
• Lead cloud security posture managementmonitor misconfigurations, enforce CIS/NIST baselines, and drive remediation with engineering teams.
• Build and maintain automated security workflows and integrations to enhance detection, response, and compliance.
• Conduct targeted VAPT and threat modelling to identify risks and validate effectiveness of security controls.
• Partner with engineering, DevOps, and compliance teams to embed security-by-design into cloud architectures and services.

Preferred Certification

• OSCP / OSWE / CEH Cloud Security Certifications: AWS Security Specialty, GCP
• Professional Security Engineer, Azure Security Engineer Associate

Whats it like working at IDfy?

We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, its critical. Youll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch.

Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies.

We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities.