Job description
Role- Information Security Engineer
Location- Bangalore Hybrid 2 Days Onsite
Company- InCred
Job Description
● Evaluating, Testing, and integrating security tools, standards, and associated processes as per the
security framework.
● Identify, prioritize, and track security incidents and manage related platforms such as SIEM ( Wazuh
, Blusapphire, Qualys ) , DLP ( Email and Application), EDR and other security tools
● Ability to run automated and manual scans on tools like - Burpsuite and Nessus Improving and
supporting application security tool deployments including static analysis and runtime testing tools.
● Assist in creating and managing the framework for Information Security in alignment with
industry best practices (ISO 27001, NIST CSF, OWASP top 10)
● Improve the cyber security program governance processes including cyber security risk
reporting (recommending new report formats, reporting technologies and collaborating with
team members to build-out reports/dashboards) and governance committee
● Develop of cyber security standards, including incorporating industry practices and
applicable compliance requirements
● Monitor and report compliance with cyber security standards and security rules of relevant
cyber security and regulatory privacy requirements
● Improving and supporting application security tool deployments including static analysis and runtime
testing tools.
● Create and manage process to guide development and testing teams on proactively finding
application security risks
● Improving and maintaining secure development standards.
● Supporting the application architecture/design review processes whenever application security
expertise is needed.
● Oversee and improve third-party information security risk management programs to assess
risks associated with the usage of third-parties/vendors. Assist in 3rd party security due-
diligence reviews
● Conduct periodic penetration testing services of application and Network related infrastructure.
Closure of open risks by actively following-up with stakeholders.
● Assess application, design threat models, risk, document potential risk vectors, recommend relative
controls and ensure risk is addressed
● Maintain security risk register to track the identified risks and produce metrics to report the state of
application security program and risk status.
● Additional responsibilities to this role include:
○ Recommend cybersecurity assessment methodology and support purple team exercises
when required
○ Assessing cloud security risk (AWS, Google, and Azure) and recommending appropriate
security controls
● Assist in imparting security awareness training and executing phishing simulation exercises
to employees.
● Track and report security metrics to higher management on a regular basis
● Define hardening standard for various technology and assess compliance levels
● Identify, prioritize, and track security incidents and manage related platforms such as SIEM, DLP,
EDR and other security tools
● Provide clear communication on the issue to application owners and verify the efficacy of
vulnerability remediation
● Should have ability to drive VAPT engagements end to end for Web, Mobile and Infra with Internal
stakeholders and external agencies if required
● Basic understanding of regulatory requirements of Indian Fintech ecosystem like RBI, SEBI, NSE,
BSE others
Key Areas: ISO 27001, security governance, evaluating and implementing security tools (SIEM, DLP,
endpoint protection), security reviews and assessment, preparation of security checklist, security
awareness/phishing simulation, cloud security, Application security.
Keywords in the line of priority - Information security , SOC (Security Operations centre), SIEM ,
Application security, Technical risk assessment, Cloud Security , Third party risk management, Security
reviews , Security checklist, Internal and external audits, Awareness trainings, RBI , ISO 27001, CEH,
Certifications: good to have - ISO 27001, CEH or CC ( Not Mandatory )
Experience
● Should have 3-4 years of experience in the information security domain
● Must have sound knowledge in security vulnerabilities, remediation and mitigation techniques.
● Ability to document and explain technical details in a concise & understandable manner
● Industry recognized certificates relevant to the roles such as CISM, CISSP, CISA, ISO 27001 LA ,
CEH and CC are desired
● Ability to lead complex, cross-functional projects, and problem-solving initiatives.
● Passionate about information security and update knowledge on daily basis to support the
organization
● Candidates must have excellent verbal and written communication skills
● Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, to
concerned stakeholders and discuss effective defensive techniques.
● Familiarity with industry standards and regulations including RBI Master directionsPCI, ISO27001,
CIS, NIST is desired.
● Good understanding of the Docker, Kubernetes, and security models
● Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security
implications
Skills:
● Candidate should be a good team player
● Should have good interpersonal skills
● Good written communication skills including ability to develop process documentation and security
guidelines.
● Ability to apply critical thinking and logic to a wide range of intellectual and practical problems
● Ability to maintain composure under pressure and work calmly during an emergency
● Ability to manage multiple tasks and schedules
