692 Security Engineer jobs in Bengaluru

Job Summary:

We are seeking a highly motivated and independent Information Security Engineer to join

our information security team. The ideal candidate will possess a broad range of technical and compliance expertise across various information security domains. This role requires an individual who can work autonomously, manage multiple projects, and take ownership of security initiatives with minimal supervision. You will be instrumental in safeguarding our assets, ensuring regulatory compliance, and driving the continuous improvement of our security posture.

Key Responsibilities:

● Third-Party Risk Management (TPRM):

○ Conduct thorough due diligence and risk assessments of new and existing third-party

vendors and partners.

○ Review vendor security documentation, questionnaires, and audit reports to identify and

mitigate potential risks.

○ Collaborate with legal and procurement teams to ensure security requirements are

integrated into vendor contracts.

● Technical Risk Assessments:

○ Perform comprehensive technical risk assessments of security tools and infrastructure,

including SIEM (Security Information and Event Management) and SOC (Security

Operations Center) processes.

○ Analyze security logs, alerts, and incident data to identify vulnerabilities and recommend

remediation strategies.

○ Evaluate the effectiveness of security controls and provide recommendations for

enhancement.

● IT General Controls (ITGC):

○ Assess and ensure the effectiveness of IT General Controls relevant to financial reporting

and operational integrity.

○ Develop and implement ITGC frameworks and processes.

○ Support internal and external audits related to ITGC.

● Cloud Security:

○ Contribute to the design, implementation, and maintenance of secure cloud environments

(e.g., AWS, Azure, GCP).

○ Assess cloud security configurations, identify misconfigurations, and recommend best

practices.

○ Stay abreast of emerging cloud security threats and technologies.

● Regulatory Compliance:

○ Ensure adherence to information security guidelines and mandates from key regulators such

as SEBI, NSE, BSE, CDSL, etc.

○ Translate regulatory requirements into actionable security controls and processes.

○ Assist in preparing for and responding to regulatory audits and inquiries.

● Information Security Management System (ISMS):

○ Support the implementation and maintenance of our ISO 27001 certified Information Security

Management System (ISMS).

○ Participate in risk assessments, control selection, and internal audit activities related to ISO

27001.

○ Develop and update security policies, standards, and procedures in line with best practices.

● Project Management & Ownership Independence:

○ Lead and manage information security projects from inception to completion with minimal

guidance.

○ Prioritize tasks, manage timelines, and communicate progress effectively to stakeholders.

○ Proactively identify security gaps, propose solutions, and drive their implementation.

○ Ability to work independently, take initiative, and deliver high-quality results in a fast-paced

environment.

● General Information Security:

○ Assist in incident response planning and execution.

○ Conduct security awareness training.

○ Stay current with industry trends, threats, and security technologies.

Qualifications:

● Bachelor's degree in Computer Science, Information Security, or a related field.

● 4-6 years of progressive experience in information security roles.

● Proven experience across multiple information security domains, including TPRM, technical risk

assessments, cloud security, and regulatory compliance.

● Solid understanding of IT General Controls (ITGC).

● Demonstrable knowledge of regulatory requirements from bodies like SEBI, NSE, BSE, CDSL.

● Hands-on experience with ISO 27001 implementation and maintenance.

● Familiarity with SIEM/SOC operations and security monitoring tools.

● Excellent analytical, problem-solving, and decision-making skills.

● Strong written and verbal communication skills, with the ability to articulate complex security

concepts to both technical and non-technical audiences.

● Ability to work independently, manage multiple priorities, and meet deadlines.

Preferred Qualifications (Bonus Points):

● Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP certifications are a plus but not

mandatory).

● Prior experience in the SEBI regulated sector.

Job Summary:

We are seeking a highly motivated and independent Information Security Engineer to join

our information security team. The ideal candidate will possess a broad range of technical and compliance expertise across various information security domains. This role requires an individual who can work autonomously, manage multiple projects, and take ownership of security initiatives with minimal supervision. You will be instrumental in safeguarding our assets, ensuring regulatory compliance, and driving the continuous improvement of our security posture.

Key Responsibilities:

● Third-Party Risk Management (TPRM):

○ Conduct thorough due diligence and risk assessments of new and existing third-party

vendors and partners.

○ Review vendor security documentation, questionnaires, and audit reports to identify and

mitigate potential risks.

○ Collaborate with legal and procurement teams to ensure security requirements are

integrated into vendor contracts.

● Technical Risk Assessments:

○ Perform comprehensive technical risk assessments of security tools and infrastructure,

including SIEM (Security Information and Event Management) and SOC (Security

Operations Center) processes.

○ Analyze security logs, alerts, and incident data to identify vulnerabilities and recommend

remediation strategies.

○ Evaluate the effectiveness of security controls and provide recommendations for

enhancement.

● IT General Controls (ITGC):

○ Assess and ensure the effectiveness of IT General Controls relevant to financial reporting

and operational integrity.

○ Develop and implement ITGC frameworks and processes.

○ Support internal and external audits related to ITGC.

● Cloud Security:

○ Contribute to the design, implementation, and maintenance of secure cloud environments

(e.g., AWS, Azure, GCP).

○ Assess cloud security configurations, identify misconfigurations, and recommend best

practices.

○ Stay abreast of emerging cloud security threats and technologies.

● Regulatory Compliance:

○ Ensure adherence to information security guidelines and mandates from key regulators such

as SEBI, NSE, BSE, CDSL, etc.

○ Translate regulatory requirements into actionable security controls and processes.

○ Assist in preparing for and responding to regulatory audits and inquiries.

● Information Security Management System (ISMS):

○ Support the implementation and maintenance of our ISO 27001 certified Information Security

Management System (ISMS).

○ Participate in risk assessments, control selection, and internal audit activities related to ISO

27001.

○ Develop and update security policies, standards, and procedures in line with best practices.

● Project Management & Ownership Independence:

○ Lead and manage information security projects from inception to completion with minimal

guidance.

○ Prioritize tasks, manage timelines, and communicate progress effectively to stakeholders.

○ Proactively identify security gaps, propose solutions, and drive their implementation.

○ Ability to work independently, take initiative, and deliver high-quality results in a fast-paced

environment.

● General Information Security:

○ Assist in incident response planning and execution.

○ Conduct security awareness training.

○ Stay current with industry trends, threats, and security technologies.

Qualifications:

● Bachelor's degree in Computer Science, Information Security, or a related field.

● 4-6 years of progressive experience in information security roles.

● Proven experience across multiple information security domains, including TPRM, technical risk

assessments, cloud security, and regulatory compliance.

● Solid understanding of IT General Controls (ITGC).

● Demonstrable knowledge of regulatory requirements from bodies like SEBI, NSE, BSE, CDSL.

● Hands-on experience with ISO 27001 implementation and maintenance.

● Familiarity with SIEM/SOC operations and security monitoring tools.

● Excellent analytical, problem-solving, and decision-making skills.

● Strong written and verbal communication skills, with the ability to articulate complex security

concepts to both technical and non-technical audiences.

● Ability to work independently, manage multiple priorities, and meet deadlines.

Preferred Qualifications (Bonus Points):

● Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP certifications are a plus but not

mandatory).

● Prior experience in the SEBI regulated sector.

We are looking for a Security Engineer to join our cybersecurity team and strengthen redBus

defence against evolving cyber threats. This role involves monitoring, analysing, and responding

to security incidents while continuously improving our security framework. The ideal candidate

will have 7–10 years of experience in Security Operations, with deep expertise in Endpoint

Security, Network Security Controls, and Application/Data Security, hands-on experience with

relevant tools, and strong scripting skills.

Key Responsibilities:

• Monitor and analyse security events across endpoints, networks, cloud environments, and applications.
• Implement, manage, and optimize security controls using industry-leading security technologies.
• Ensure strong endpoint protection and proactively respond to vulnerabilities, incidents, and suspicious activities.
• Implement and manage CNAPP/DSPM solutions to identify, classify, and protect sensitive data across cloud and hybrid environments
• Manage and enhance email security to prevent phishing, malware, and other email-borne threats.
• Apply Zero Trust principles to strengthen access controls and identity security.
• Lead and support security incident detection, investigation, and remediation.
• Conduct application security assessments, including static (SAST) and dynamic (DAST) testing, to identify and remediate vulnerabilities.
• Collaborate with development teams to integrate security into the SDLC and promote secure coding practices.
• Develop and maintain security policies, procedures, and compliance documentation.
• Collaborate with IT, cloud, and product teams to improve the overall security posture.
• Automate security workflows and threat detection using Python, PowerShell, or Bash.
• Stay updated on emerging threats, vulnerabilities, and evolving security technologies.

Required Skills & Qualifications:

• 6–10 years of experience in cybersecurity, with a strong focus on endpoint, network, cloud,
• and application/data security.
• Hands-on expertise with:
• Endpoint Security: EDR, XDR, Incident Response, Malware Analysis, Threat Hunting
• Network Security: NAC, Firewalls, IDS/IPS, Network Segmentation, Zero Trust Access
• Cloud & Web Security: CNAPP, DSPM, CASB, Secure Web Gateway, DLP
• Application Security: SAST, DAST, API security testing, secure coding review, OWASP Top 10
• Email Security: Email analysis, authentication protocols, modern email threat defence, and
• threat intelligence integration
• Knowledge of security frameworks and compliance standards (NIST, ISO 27001, CIS, etc.).
• Experience in threat intelligence, vulnerability management, incident investigation, and
• application security risk assessment.
• Familiarity with SIEM platforms and log analysis techniques.
• Strong problem-solving skills, proactive learning attitude, and excellent communication/documentation capabilities.

Location : Remote / Bangalore

Employment Type : Full-time

Department : Security & Risk Management

Industry : IT Services & Consulting

Role Category : Cybersecurity, Information Security, Threat Management

As a Cybersecurity Engineer , you will play a critical role in safeguarding our systems, applications, and data against cyber threats. Your core responsibilities will include:

• Threat Detection & Prevention : Implement security measures to proactively identify and mitigate security vulnerabilities and threats across systems, applications, and networks.
• Incident Response : Respond to security incidents and breaches, conducting thorough investigations and implementing recovery and containment strategies.
• Security Monitoring : Set up and maintain security monitoring tools (e.G., SIEM , IDS/IPS ) to detect and analyze security events in real-time.
• Vulnerability Assessment & Penetration Testing : Conduct vulnerability assessments and penetration testing to identify weaknesses in systems and recommend remediation actions.
• Security Architecture & Design : Assist in designing and implementing secure architecture for IT infrastructure, ensuring compliance with industry standards and security best practices.
• Policy & Compliance : Develop and enforce security policies, procedures, and guidelines to ensure regulatory compliance (e.G., GDPR, HIPAA, PCI-DSS).
• Security Awareness Training : Provide training and guidance to teams on best practices for data protection, secure coding, and general security hygiene.
• Collaboration & Reporting : Collaborate with IT, DevOps, and development teams to ensure security is embedded throughout the software development lifecycle and infrastructure operations.
  

• Experience : 1–2 years of experience in Cybersecurity , Information Security , or related roles, with a focus on threat detection , incident response , and vulnerability management .
• Technical Skills :
• Experience with security monitoring tools like SIEM (e.G., Splunk, ELK Stack) and IDS/IPS (e.G., Snort, Suricata).
• Familiarity with network security protocols, firewalls, VPNs, and endpoint protection solutions.
• Knowledge of vulnerability assessment tools (e.G., Nessus, OpenVAS) and experience in performing penetration testing .
• Understanding of encryption , identity & access management (IAM) , and multi-factor authentication (MFA).
• Proficiency in network protocols and familiarity with secure network design.
• Familiarity with cloud security frameworks and best practices (e.G., AWS, Azure, GCP).
• Experience with incident management and forensics tools.
• Knowledge of security frameworks and standards (e.G., NIST , CIS , ISO 27001 , OWASP ).
• Education :
• B.E/B.Tech/M.E/M.Tech/MCA or equivalent in Computer Science, Information Security, or a related field.
  

• Cybersecurity
• Threat Detection & Prevention
• Incident Response
• Vulnerability Assessment & Penetration Testing
• SIEM Tools : Splunk, ELK Stack
• IDS/IPS : Snort, Suricata
• Network Security
• Encryption
• IAM & MFA
• Security Frameworks : NIST, OWASP, ISO 27001, CIS
• Cloud Security : AWS, Azure, GCP
• Security Architecture & Design
• Security Compliance : GDPR, HIPAA, PCI-DSS
• Penetration Testing Tools : Nessus, OpenVAS
• Incident Management
• Forensics Tools
• Security Awareness Training
  

• Immediate to 30 days preferred .

#CyberSecurity #InfoSec #SecurityEngineer #ThreatDetection #IncidentResponse #PenTesting #VulnerabilityManagement #SIEM #NetworkSecurity #IAM #MFA #CloudSecurity #AWS #Azure #GCP #NIST #ISO27001 #OWASP #Splunk #SecurityCompliance #IncidentManagement #SecurityFrameworks #TechJobs #RemoteJobs #BangaloreJobs #ITSecurity #DevSecOps #SecurityBestPractices

• Design, implement, and manage comprehensive information security strategies and architectures.
• Lead the development and execution of security policies, standards, and procedures.
• Conduct in-depth risk assessments and vulnerability analyses of systems and networks.
• Develop and deploy advanced security solutions, including intrusion detection/prevention systems, firewalls, and SIEM platforms.
• Lead incident response efforts, including investigation, containment, eradication, and recovery.
• Perform security audits and penetration testing to identify and remediate security weaknesses.
• Stay current with emerging security threats, vulnerabilities, and technologies.
• Mentor and guide junior security engineers and analysts.
• Collaborate with IT and development teams to ensure security is integrated into the software development lifecycle (SDLC).
• Develop and deliver security awareness training programs for employees.
• Contribute to the strategic planning and roadmap for information security.

• Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• Minimum of 8 years of progressive experience in information security engineering.
• Deep expertise in network security, endpoint security, cloud security (AWS, Azure, GCP), and application security.
• Proficiency in scripting languages (e.g., Python, Bash) for security automation.
• Experience with SIEM tools, IDS/IPS, EDR solutions, and cryptographic protocols.
• Strong understanding of security frameworks such as NIST, ISO 27001, and CIS Controls.
• Excellent analytical, problem-solving, and critical thinking skills.
• Exceptional communication, leadership, and teamwork abilities.
• Relevant security certifications such as CISSP, CISM, or CEH are highly desirable.
• Ability to work independently and manage complex projects in a remote environment.

We are looking for a Security Engineer to join our cybersecurity team and strengthen redBus

defence against evolving cyber threats. This role involves monitoring, analysing, and responding

to security incidents while continuously improving our security framework. The ideal candidate

will have 7–10 years of experience in Security Operations, with deep expertise in Endpoint

Security, Network Security Controls, and Application/Data Security, hands-on experience with

relevant tools, and strong scripting skills.

Key Responsibilities:

• Monitor and analyse security events across endpoints, networks, cloud environments, and applications.
• Implement, manage, and optimize security controls using industry-leading security technologies.
• Ensure strong endpoint protection and proactively respond to vulnerabilities, incidents, and suspicious activities.
• Implement and manage CNAPP/DSPM solutions to identify, classify, and protect sensitive data across cloud and hybrid environments
• Manage and enhance email security to prevent phishing, malware, and other email-borne threats.
• Apply Zero Trust principles to strengthen access controls and identity security.
• Lead and support security incident detection, investigation, and remediation.
• Conduct application security assessments, including static (SAST) and dynamic (DAST) testing, to identify and remediate vulnerabilities.
• Collaborate with development teams to integrate security into the SDLC and promote secure coding practices.
• Develop and maintain security policies, procedures, and compliance documentation.
• Collaborate with IT, cloud, and product teams to improve the overall security posture.
• Automate security workflows and threat detection using Python, PowerShell, or Bash.
• Stay updated on emerging threats, vulnerabilities, and evolving security technologies.

Required Skills & Qualifications:

• 6–10 years of experience in cybersecurity, with a strong focus on endpoint, network, cloud,
• and application/data security.
• Hands-on expertise with:
• Endpoint Security: EDR, XDR, Incident Response, Malware Analysis, Threat Hunting
• Network Security: NAC, Firewalls, IDS/IPS, Network Segmentation, Zero Trust Access
• Cloud & Web Security: CNAPP, DSPM , CASB, Secure Web Gateway, DLP
• Application Security: SAST, DAST, API security testing, secure coding review, OWASP Top 10
• Email Security: Email analysis, authentication protocols, modern email threat defence, and
• threat intelligence integration
• Knowledge of security frameworks and compliance standards (NIST, ISO 27001, CIS, etc.).
• Experience in threat intelligence, vulnerability management, incident investigation, and
• application security risk assessment.
• Familiarity with SIEM platforms and log analysis techniques.
• Strong problem-solving skills, proactive learning attitude, and excellent communication/documentation capabilities.