7,894 Security Engineer jobs in India

Job Summary:

We are seeking a highly motivated and independent Information Security Engineer to join

our information security team. The ideal candidate will possess a broad range of technical and compliance expertise across various information security domains. This role requires an individual who can work autonomously, manage multiple projects, and take ownership of security initiatives with minimal supervision. You will be instrumental in safeguarding our assets, ensuring regulatory compliance, and driving the continuous improvement of our security posture.

Key Responsibilities:

● Third-Party Risk Management (TPRM):

○ Conduct thorough due diligence and risk assessments of new and existing third-party

vendors and partners.

○ Review vendor security documentation, questionnaires, and audit reports to identify and

mitigate potential risks.

○ Collaborate with legal and procurement teams to ensure security requirements are

integrated into vendor contracts.

● Technical Risk Assessments:

○ Perform comprehensive technical risk assessments of security tools and infrastructure,

including SIEM (Security Information and Event Management) and SOC (Security

Operations Center) processes.

○ Analyze security logs, alerts, and incident data to identify vulnerabilities and recommend

remediation strategies.

○ Evaluate the effectiveness of security controls and provide recommendations for

enhancement.

● IT General Controls (ITGC):

○ Assess and ensure the effectiveness of IT General Controls relevant to financial reporting

and operational integrity.

○ Develop and implement ITGC frameworks and processes.

○ Support internal and external audits related to ITGC.

● Cloud Security:

○ Contribute to the design, implementation, and maintenance of secure cloud environments

(e.g., AWS, Azure, GCP).

○ Assess cloud security configurations, identify misconfigurations, and recommend best

practices.

○ Stay abreast of emerging cloud security threats and technologies.

● Regulatory Compliance:

○ Ensure adherence to information security guidelines and mandates from key regulators such

as SEBI, NSE, BSE, CDSL, etc.

○ Translate regulatory requirements into actionable security controls and processes.

○ Assist in preparing for and responding to regulatory audits and inquiries.

● Information Security Management System (ISMS):

○ Support the implementation and maintenance of our ISO 27001 certified Information Security

Management System (ISMS).

○ Participate in risk assessments, control selection, and internal audit activities related to ISO

27001.

○ Develop and update security policies, standards, and procedures in line with best practices.

● Project Management & Ownership Independence:

○ Lead and manage information security projects from inception to completion with minimal

guidance.

○ Prioritize tasks, manage timelines, and communicate progress effectively to stakeholders.

○ Proactively identify security gaps, propose solutions, and drive their implementation.

○ Ability to work independently, take initiative, and deliver high-quality results in a fast-paced

environment.

● General Information Security:

○ Assist in incident response planning and execution.

○ Conduct security awareness training.

○ Stay current with industry trends, threats, and security technologies.

Qualifications:

● Bachelor's degree in Computer Science, Information Security, or a related field.

● 4-6 years of progressive experience in information security roles.

● Proven experience across multiple information security domains, including TPRM, technical risk

assessments, cloud security, and regulatory compliance.

● Solid understanding of IT General Controls (ITGC).

● Demonstrable knowledge of regulatory requirements from bodies like SEBI, NSE, BSE, CDSL.

● Hands-on experience with ISO 27001 implementation and maintenance.

● Familiarity with SIEM/SOC operations and security monitoring tools.

● Excellent analytical, problem-solving, and decision-making skills.

● Strong written and verbal communication skills, with the ability to articulate complex security

concepts to both technical and non-technical audiences.

● Ability to work independently, manage multiple priorities, and meet deadlines.

Preferred Qualifications (Bonus Points):

● Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP certifications are a plus but not

mandatory).

● Prior experience in the SEBI regulated sector.

Operational security automation is the process of automating some or all aspects of SOC or VOC operations. Replacing manual workflows with automated ones.

A fundamental building block of automation is the security playbook. A playbook defines a workflow by outlining the steps teams will take to handle different types of security alerts or events. By developing playbooks ahead of time, teams avoid having to make a response plan every time an alert or event occurs.

Responsibilities:

• Scripting and workflow development, follow proper engineering and integration lifecycles (design, create, test, document, integrate, monitor, maintain) and are designed to be reusable. Creating and integrating APIs to create orchestrated workflows.
• Autonomously plan security automation daily operations to ensure targets are being met.
• Identify and recommend necessary changes to the operational security teams to ensure automation and orchestration, maximize team talent and reduce routine tasks.
• Ensure operational security automations meet business and technical requirements, are maintainable, scalable and meet performance standards
• Bring external perspective and ideas from relevant sources, keep current with technology and industry best practices of the security industry threat landscape
• Communicate technical and functional requirements using an effective, efficient, and creative approach with a high degree of collaboration and influence.
• Work with in-house teams to identify the right mix of tools, techniques, and procedures to translate our needs and future goals into a plan that will enable secure and effective solutions.

Required Skills:

• 10+years of experience working in Information Security with focus in operational security.
• Experience with agile project management processes and methodologies
• Mandatory 3 years experiences with one of the following SOAR vendor platforms (Tines, Swimlane)
• Being autonomous.
• Advanced research, analytical, and problem-solving skills
• Masters degree in Computer Science, Information Security, or related field

• Design, implement, and manage security solutions and infrastructure.
• Perform vulnerability assessments and penetration testing.
• Configure and maintain firewalls, IDS/IPS, VPNs, and other security devices.
• Develop and enforce security policies and procedures.
• Respond to and investigate security incidents.
• Integrate security controls into the software development lifecycle.
• Conduct security training and awareness programs for employees.
• Monitor security alerts and analyze security data.
• Ensure compliance with industry security standards and regulations.
• Stay updated on the latest cybersecurity threats and technologies.

• Bachelor's or Master's degree in Computer Science, Information Technology, or a related field.
• Proven experience in information security engineering or a similar role.
• Strong knowledge of network security principles and protocols.
• Proficiency with security tools and technologies (firewalls, IDS/IPS, SIEM).
• Experience with cloud security concepts (AWS, Azure, GCP) is a strong plus.
• Familiarity with security frameworks and compliance standards.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal abilities.
• Ability to work collaboratively in a hybrid work environment.
• Relevant security certifications (e.g., Security+, CISSP) are beneficial.

• Design, deploy, and manage security technologies such as firewalls, VPNs, IDS/IPS, SIEM, and endpoint protection solutions.
• Develop and automate security processes and workflows to enhance efficiency and effectiveness.
• Conduct regular security assessments, vulnerability scans, and penetration testing.
• Monitor security alerts and events, performing analysis and responding to security incidents promptly.
• Implement and manage security controls in cloud environments (AWS, Azure, GCP).
• Develop and maintain security documentation, including policies, procedures, and architectural diagrams.
• Collaborate with development and operations teams to ensure secure coding practices and infrastructure deployment.
• Research and evaluate new security technologies and solutions to address emerging threats.
• Participate in security incident response activities, including investigation, containment, and remediation.
• Ensure compliance with relevant security standards and regulations.
• Provide technical guidance and support to other IT teams on security matters.
• Develop and maintain security monitoring and reporting dashboards.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master's degree preferred.
• Minimum of 5 years of experience in information security engineering, with a focus on infrastructure security.
• Strong hands-on experience with various security technologies and platforms.
• In-depth knowledge of network security, cloud security, and system security principles.
• Proficiency in scripting languages (e.g., Python, Bash) for automation and tooling.
• Experience with SIEM tools (e.g., Splunk, ELK Stack) and log analysis.
• Familiarity with security best practices for DevOps and CI/CD pipelines.
• Relevant certifications such as CISSP, CCSP, CEH, or CompTIA Security+ are highly desirable.
• Excellent analytical, problem-solving, and troubleshooting skills.
• Ability to work independently and effectively in a remote team environment.
• Strong communication and documentation skills.
• Experience with threat modeling and risk assessment is a plus.

• Design, deploy, and manage security solutions such as firewalls, VPNs, intrusion detection systems, and antivirus software.
• Monitor security alerts and logs to detect and respond to potential security incidents in a timely manner.
• Conduct regular vulnerability assessments and penetration tests to identify and remediate security weaknesses.
• Develop and update security policies, procedures, and guidelines to ensure compliance with industry standards and regulations.
• Implement and maintain security controls for cloud environments (AWS, Azure, GCP).
• Assist in the development and delivery of security awareness training programs.
• Collaborate with IT teams to ensure secure configurations of servers, networks, and applications.
• Participate in security audits and ensure the organization meets its security objectives.
• Research and evaluate new security technologies and solutions.
• Contribute to the development and maintenance of disaster recovery and business continuity plans.