21 Security Engineer Vapt jobs in Kolkata

Who We Are:

We are a Digital Customer Experience organization, with a comprehensive coverage of IT Services from Traditional Services to Next Gen Digital Services. At TELUS Digital, we focus on lean, agile, human-centered design. We have been in the technology business since 2002, with HQs in California, USA. TELUS Digital also investment in R&D where innovators, researchers and visionaries collaborate to explore emerging customer experience tech to disrupt the future.

We are about 70,000 employees working across 35 delivery centers across Asia, Europe, North America & Near shore in Central America & Canada.

We are focused on enabling Digital Transformation for our customers by driving Innovation & Automation through self-service options like AI Bots, Robotic Process Automation etc. for hyper personalized, secure, on demand, and elastic solutions. Our workforce is connected to drive customer experience in Media & Communications, Travel & Hospitality, eCommerce, Technology, Fintech & Financial services & Healthcare domains.

How we Help you Grow:

Our development programmers are designed to promote technical growth, enhance leadership and relationship skills across individuals. To stimulate your career growth, a vast array of in-house training programs which are listed below, but not limited to:-

Role: Application Security Engineer

Location: Noida (Hybrid)

Shift Timing: 2 pm to 11 pm

Preferred Skills & Experience:

• Strong verbal communication skills. Must be comfortable speaking in front of audiences including technical teams and senior leaders, including VPs.
• Strong written communication skills with the ability to produce quality literature and technical documentation.
• The ability to collaborate with technical teams to define, improve, and document procedures to meet compliance requirements.
• Diligence in tracking and following up on action items and inquiries across multiple efforts and teams.
• Strong knowledge in security standards and practices for both on-premises and AWS environments; CCSP, CISSP, or other cloud-focused application security certifications are a big plus.
• Familiarity with Data Center and AWS infrastructure, including data center network architectures, virtualization, containerization, and AWS products/offerings.
• Ability to perform analysis and tests to validate findings and remediation claims.
• A strong knowledge of ITIL operations and agile development practices. Experience working in a DevSecOps culture is a plus. The ability to quickly navigate matrixed environments is a must.
• Experience in a software engineering, delivery manager, or a project manager role is strongly desired.

Responsibilities:

To be successful, this person must possess a strong understanding of the wide array of AppSec and InfoSec tools, protocols, and best practices applicable to application platforms, including their infrastructure. This person must have experience maintaining team documentation, leading meetings, escalating issues, and driving teams to deliver work.

The ideal person will have a minimum of 8 years of experience in software engineering, cybersecurity, and/or cyber-audit, and will clearly express the following characteristics and competencies:

• Clearly defining and developing new policies, processes, training documents, and best practices.
• Collaborating with technical teams to improve observability.
• Reviewing risk findings, assigning them to fixed teams, and reporting remediation efforts and related challenges.
• Gathering key information for exception requests, including risk details, action plans, and remediation dependencies.
• Partnering with security teams to improve data quality in security tools and external reports.
• Hosting meetings with members of application, security, and leadership teams to communicate updates and changes to security postures.
• Validating submitted evidence meets requirements to resolve risks and compliance issues.
• Educating application teams on security subject matter.

How will this opportunity be a catalyst in your career graph?

To stimulate your career growth, a vast array of in-house training programs which are listed below, but not limited to:-

Trending technical skills

Business domain & customer interaction

Behavioral & effective communication

Transparent work culture to lift your ideas & initiatives at enterprise level & investment to execute successfully.

Equal Opportunity Employer:

At TELUS Digital, we are proud to be an equal opportunity employer and are committed to creating a diverse and inclusive workplace. All aspects of employment, including the decision to hire and promote, are based on applicants’ qualifications, merits, competence, and performance without regard to any characteristic related to diversity.

Job Title: Senior Security Engineer

Department: Information Security and Compliance

Status of role: Permanent Full-time Role

Salary Range- 25 - 28 LPA MAX

100% Remote

Overview of the Department/Section:

The organization’s Information Security and Compliance department is responsible for building, implementing, operating, and maintaining the technology controls associated with information security.

Main purpose of the role:

In order to comply with various organizational policies and regulatory mandates related to Information Security/Privacy, Our client Information Security and Compliance department is in the process of implementing a new Information Security Program and Risk Management framework based on various well know information security standards and frameworks such as ISO/NIST, which includes requirements for a Secure Systems Development Lifecycle (S-SDLC). In order to effectively imbed an S-SDLC into the Satschel’s development processes, the Information Security and Compliance department requires a dedicated Application Security Risk Analyst to work hands-on with the development teams to develop, roll-out and provide oversight for a comprehensive S-SDLC program, including secure coding guidelines, architectural design reviews, static code analysis, dynamic testing, and penetration testing.

As a senior security engineer , you will be expected to contribute both on an individual basis as well as a member of the Information Security and Compliance department to raise the application security posture across the organization, by developing an application security framework, including S-SDLC development, standards and guidelines for application developers, helping the development teams identify application security vulnerabilities through a combination of security assessment techniques, and disseminate specialist application security knowledge to the development communities.

Key Responsibilities :

• Work with various senior IT leaders and application development areas to develop and implement SSDLC Program according to the organization’s unique information security risk management, governance, risk, and compliance processes;

• Provides oversight/governance of the S-SDLC Program and communicates progress and issues to the CISO, Senior Business / IT Leadership and Application Development teams;

• Serves as a consultant to disseminate specialist application security knowledge to the development communities;

• Researches and evaluates solutions and recommends the most efficient and cost-effective solutions for ensuring that security is built-in to all phases of the S-SDLC;

• Research and assess the latest BlockChain security vulnerabilities and events

• Leads demonstrations of application security tools to business and application development teams;

• Responsible to integrate & manage feeds from application security tools, vulnerability scans & penetration testing tools into organization’s GRC platform;

• Responsible for the implementation and maintenance of Static, Dynamic, Interactive, and API application security testing tools (such as Veracode, Checkmarx, Synopsys, and Netsparker), scanning policies, user provisioning and security strategy documents, and any other related documentation;

• Initiates and develops innovative concepts to solve complex challenges in the Code Analysis Tools environment with little or no precedent; creates new opportunities to enable the use of new solutions. Provides conceptual guidance to other senior and high-level technical experts;

• Hands-on experience with Static, Dynamic, Interactive, and API application security testing tools such as Veracode, IBM AppScan, Fortify, Web Inspect, Checkmarx, Synopsys, and Netsparker

• Experience in testing and assessing the security of mobile applications

• Experience with web services (API) architecture, security reviews, and testing.

• Experience in integrating application security tools and processes in CI/CD pipelines

• Coding experience with at least one of .NET, J2E, Python, C++ etc.

• Knowledge of cryptographic tools and security APIs

• Knowledge of microservice architecture

• Knowledge of BlockChain, Smart Contracts, DApps etc.

• Solid understanding of networking concepts

• Solid understanding of operating system security concepts

• Solid understanding of Encryption, Certificate & Key Management Services (CM, KMS, HSM etc.)

• Understanding of malware, emerging threats, attacks, and vulnerability management

• Experience assisting in the development and maintenance of tools, procedures, and documentation

Personal Requirements :

• Required: Bachelor’s Degree from a four-year college or university in Engineering, Business Administration, Computer Science, Management Information Systems, Information Security.

• Certifications Required: CPT, CEH

• Certifications Optional: CISSP, AWS Certified Solutions Architect, AWS Certified Security Specialist, Google Cloud Architect, Google Cloud Security Engineer, CCSP (Certified Cloud Security Professional)

To design, implement, and maintain robust cybersecurity and information security frameworks that protect Sol-Millennium’s global digital infrastructure and sensitive data assets. The position plays a critical role in enabling secure digital transformation, maintaining compliance with international data protection regulations, and protecting the trust of customers and stakeholders through proactive threat management and governance.

• Develop, enforce, and maintain information security policies, standards, and controls aligned with industry best practices (e.g., NIST, ISO 27001).
• Identify, evaluate, and remediate system and application vulnerabilities, prioritizing the resolution of known opportunities.
• Configure and maintain core security infrastructure, including firewalls, SIEM, IDS/IPS, endpoint protection, and identity access controls.
• Monitor threat intelligence feeds and respond to real-time threats; support the implementation of a 24/7 Security Operations Center (SOC) or SIEM platform.
• Conduct risk assessments, security audits, and compliance reviews across cloud, on-premises, and hybrid environments.
• Ensure adherence to international security and privacy regulations such as GDPR, HIPAA, and other applicable regional standards.
• Lead phishing simulation exercises and drive end-user cybersecurity awareness programs.
• Collaborate with DevOps and IT teams to embed security controls into CI/CD pipelines (DevSecOps).
• Support compliance audits and maintain regulatory remediation tracking.
• Identify and mitigate risks related to:
• Legacy systems and misconfigurations , which expose critical attack surfaces.
• Delayed breach detection , which can significantly increase operational and reputational impact.
• Unpatched known vulnerabilities , which leave extended exposure windows for attackers.
• Outdated software components , often exploited in ransomware attacks across endpoints and servers.
• Database vulnerabilities , ensuring proper hardening and access control.
• Third-party SaaS platforms , enforcing secure configurations and vendor risk management.
• Evaluate third-party vendors for alignment with internal data security and privacy standards.
• Develop and operationalize incident response know how. Coordinate the design or vendor selection of a 24/7 Security Operations Center and SIEM platform.
• Lead remedy efforts for legacy applications and infrastructure with a focus on misconfigurations and technical debt reduction
• Establish and report on key security metrics, phishing simulation failure rates, and policy audit results
• Assess and monitor third-party platforms and SaaS tools for security risks, and enforce secure vendor onboarding standards

Essential tools hands on,

1. Qualys/Nessus/Rapid7
2. Microsoft Sentinel
3. Metasploit Framework/Burp Suite/Nmap
4. Microsoft Defender for Endpoint
5. Wireshark
6. Azure Active Directory/Ping Identity
7. Microsoft Defender for Cloud
8. Microsoft Purview Compliance Manager
9. Microsoft Threat Intelligence
10. Microsoft Defender XDR

Qualifications:

• Minimum 5 years of experience in both Information Security and Cybersecurity roles
• Hands-on experience with SIEM tools, endpoint protection, firewalls, and network security
• Solid understanding of security governance, data classification, IAM, and compliance frameworks
• Demonstrated ability to handle incident response and lead vulnerability remediation efforts

Title: Sr Cyber security Engineer

Location: Bangalore, India

Type: Full Time with client

Salary: Market

Specific Accountability Vulnerability Assessment

§ Understand the schedule, SLA and scope of the activity, and ensure that Vulnerability Assessment / Baseline Assessment activities are initiated accordingly.

§ Gather relevant status from team members and prepare the SLA Trackers and provide updates to the Team Lead.

§ Responsible for working on new projects, test activities etc. with minimal guidance.

§ Responsible for Quality review of Vulnerability Assessment / Baseline Assessment Reports & other deliverables of Team Members.

§ Responsible for guiding team to ensure all Vulnerability Assessment challenges are highlighted and being tracked for closure.

§ Gather IT Asset Inventory details for all the assigned scope and schedule Vulnerability scans as per schedule.

§ Analyze the Vulnerability Assessment / Baseline Assessment Scan results and provide VA Scan coverage statistics to respective stakeholders.

§ Analyze the Vulnerability Assessment / Baseline Assessment Scan results and highlight any issue or concerns with respective stakeholders and work with them to resolve scanning issues such as authentication failure, reachability issues etc.

§ Ensure to track the Vulnerability Assessment / Baseline Assessment scan challenges through tickets or email follow-ups and see it to closure.

§ Prepared risk-based vulnerability assessment reports.

§ Rescan systems based on the confirmation of vulnerability fixture from GIT team and respond back with the updated status of the vulnerability results.

§ Ensure all Nessus scanners to ensure they are always having update to plugins, latest software version.

§ Troubleshooting the scanners in case of any issues or errors.

§ Review of False positives highlighted by IT. Use manual testing techniques and methods to gain a better understanding of the environment and the issues highlighted.

§ Raise tickets with tenable support and co-ordination and follow up with Team to resolve issues.

§ Provide feedback and updates to the team for enhancing the process documents wherever applicable.

§ Review Threat Intel feeds and identify affected assets, inform IT on remediation.

§ Conduct Vulnerability Assessment / Baseline Assessment Scans based on Ad-hoc requirements from the Team