Penetration Testing Methodologies Jobs in Bengaluru

Security Operations Engineer FalconX Location: Bangalore Experience: 3+ Years Education: Bachelor s degree in Cybersecurity, Computer Science, Information Technology, or related field About FalconX FalconX is a pioneering team of operators, investors, and builders transforming institutional access to the crypto markets. Operating at the intersection of traditional finance and cutting-edge technology, FalconX simplifies the complex and fragmented digital asset ecosystem. Our platform empowers clients to navigate the crypto landscape seamlessly, providing access, liquidity, and tools to execute institutional strategies from start to scale. Role Overview We are looking for a Security Operations Engineer to strengthen our cybersecurity posture and protect our systems, data, and clients. In this role, you will monitor, detect, and respond to threats across on-premise and cloud environments, conduct investigations, perform threat hunting, and automate security operations. Key Responsibilities Monitor, detect, and respond to security incidents across cloud and on-premise environments. Analyze security alerts from various tools to identify potential threats and anomalies. Conduct forensic investigations and deep-dive analysis to identify trends and attack techniques. Perform proactive threat hunting across endpoints, networks, and cloud environments. Analyze security logs and behavioral patterns to detect Indicators of Compromise (IOCs). Investigate security incidents and provide actionable mitigation and remediation recommendations. Develop and refine threat hunting methodologies using frameworks like MITRE ATT&CK. Automate threat detection and response processes using scripting languages such as Python, PowerShell, or Bash. Continuously monitor emerging threats, vulnerabilities, and attack trends to improve strategies. Required Qualifications Bachelor s degree in Cybersecurity, Computer Science, Information Technology, or related field. 3+ years of experience in Security Operations, Threat Hunting, or a similar cybersecurity role. Hands-on experience working with log data for detection and response (Cloud, EDR, Network, etc.). Experience developing and deploying detection rules (Yara, Sigma, SQL-based rules, etc.). Strong understanding of network security monitoring, packet analysis, and log correlation. Deep knowledge of advanced threat detection methodologies and threat intelligence. Proficiency in analyzing attacker TTPs using frameworks like MITRE ATT&CK. Skilled in scripting and automation for security operations (Python, PowerShell, Bash). Familiarity with endpoint security, identity management, cloud security, and incident response. Protect critical systems, data, and client assets from emerging cyber threats. Play a key role in detecting, investigating, and responding to security incidents. Collaborate with cross-functional teams to strengthen security posture and operational resilience. Drive proactive threat hunting and automation to improve efficiency and effectiveness. Qualification : Bachelors degree in Cybersecurity, Computer Science, Information Technology, or related field

IT System and Security Engineer Location: Bengaluru Work Type: Full-Time Company Overview Locus is a battle-tested, agentic Transportation Management System powering logistics across 30+ countries. In 2025, Locus joined the Ingka Group (IKEA Retail), combining high-growth tech agility with the scale of a global enterprise while continuing to operate independently. Role Overview We are seeking an IT System and Security Engineer to manage core IT operations, strengthen endpoint security, and ensure compliance. This hands-on role requires technical expertise to maintain a secure, compliant, and efficient environment across Google Workspace, Okta, and Jamf. Key Responsibilities Operations Management: Oversee user onboarding/offboarding, hardware provisioning, and complex troubleshooting. Security Administration: Monitor Okta, Jamf Pro, and Jamf Protect to ensure MFA enforcement and device encryption. Remediation: Proactively review and fix security vulnerabilities and compliance findings. Automation: Streamline routine tasks using Python, Bash, or Google Apps Script. Compliance & Audits: Maintain asset inventories and prepare evidence for SOC2 and ISO27001 readiness. Skills & Qualifications 2 5 years of experience in IT administration or security operations. Expertise: Google Workspace security and Identity Management (Okta). MDM Platforms: Proven experience with Jamf Pro, Intune, or equivalent tools. Scripting: Ability to write automation scripts in Python or Bash. Frameworks: Familiarity with SOC2 / ISO27001 compliance processes. What We Value Global Mindset: Curiosity about diverse markets. Driven: Energized by complex challenges. Thoughtful: Analytical and deliberate approach. Exact in Craft: Commitment to detail and excellence. Help redefine logistics through innovation. We offer competitive compensation, a supportive work environment, and the opportunity to scale IT security within the IKEA ecosystem.

Security Research Engineer Security Research Experience: 5 8 Years | Location: Bangalore | Employment Type: Full-Time About SecPod SecPod is a SaaS-based cybersecurity products company focused on prevention-first security. Our Saner Cloud platform is a unified CNAPP solution that combines AI-driven threat intelligence, automated vulnerability detection, and Cloud Security Posture Management (CSPM) to secure multi-cloud environments. Role Summary We are seeking a highly skilled Security Research Engineer to join our Security Research team. This role focuses on researching emerging cloud security threats, developing security intelligence feeds, building proof-of-concepts (PoCs) for misconfigurations, and creating automated remediation and compliance content. Key Responsibilities Threat Research: Conduct security research to develop intelligence feeds and checks with a strong emphasis on cloud security. Vulnerability & Risk Analysis: Identify and create PoCs for emerging cloud misconfigurations and security risks. Automation: Develop automation for research and validation tasks using Python or other scripting languages. Compliance & Remediation: Build remediation feeds for cloud misconfigurations and compliance benchmarks. Lifecycle Management: Manage the end-to-end lifecycle of research outputs, from initial development through production release. Required Qualifications & Skills Professional Experience: 5 8 years in security research or engineering, with at least 3 years in a senior technical role. Cloud Infrastructure: Hands-on experience with AWS, Azure, or GCP. Technical Fundamentals: Strong understanding of operating systems, networking, and computer science security. Programming: Proficiency in languages such as Python, C, C++, or Java. Environment Expertise: Experience across Linux/Unix, Windows, and virtualization environments. Compliance: Solid knowledge of cloud security and security benchmark compliance. Education Bachelor s degree (or equivalent) in Computer Science or a related field. Qualification : Bachelors degree (or equivalent) in Computer Science or a related field

Infrastructure Security Leader Location: Bengaluru About Us: Observe.AI Observe.AI is the leading AI-powered platform for customer experience, enabling enterprises to automate customer interactions using AI agents. Our platform ensures natural conversations, delivering predictable outcomes, and is trusted by top companies like DoorDash, Affordable Care, Signify Health, and Verida. Observe.AI blends advanced speech understanding, workflow automation, and enterprise-grade governance to deliver end-to-end AI solutions that optimize both human and AI interactions, providing insights for coaching and quality management. At Observe.AI, we re on a mission to transform customer experiences through AI. As a founding member of our Infrastructure/Cloud Security team, you will have the opportunity to shape and design cloud security from the ground up for a platform trusted by over 80 million users. Reporting directly to the VP of Information Security, you will drive a defense-in-depth approach across infrastructure, IAM, and networks. This is a unique, zero-to-one role where you ll define security strategy, mentor the team, and make a long-lasting impact in a fast-growing AI company. What You ll Be Doing: Security Strategy Development: Design and document security policies, reference architectures, design patterns, and roadmaps to protect our platform. Secure Access & Network Design: Lead efforts to design secure access controls and networks for production environments. Cross-Department Leadership: Collaborate with Corporate IT to implement security measures within the corporate environment. Defense-in-Depth: Implement network segmentation, firewall configurations, VPNs, and deep packet inspection to minimize impact from security incidents. AWS Infrastructure Security: Re-architect AWS infrastructure to enhance security, ensuring that networks, VPCs, and security configurations are optimized. Vulnerability Management: Identify tools and technologies to scan networks, OS, and infrastructure for vulnerabilities, and work with SRE teams to remediate identified risks. Security Compliance: Represent Infrastructure Security in PCI, SOC, ISO, HITRUST, and other regulatory audits, ensuring compliance. Collaborative Design: Partner with engineering teams and architects to ensure infrastructure designs meet both business and security requirements. Stakeholder Collaboration: Work with other teams to integrate up-to-date security features and infrastructure designs across the organization. What You ll Bring to the Role: 9+ years of experience in Software Engineering, Network Security, and AWS Security. Proven track record in designing and implementing secure Cloud Infrastructure, Network Security, and Corporate IT Security. Experience at a SaaS product company with hands-on knowledge of cloud security. Leadership experience in managing Infrastructure Security teams or Security-Focused SRE teams. Strong understanding of network designs, protocols, and certifications like CCNA (or similar). Ability to handle multiple, high-priority projects simultaneously while maintaining focus and quality. Comfort with working off-hours to handle security incidents in a dynamic, fast-paced environment. First-hand experience with major cloud providers, specifically AWS. Deep understanding of large-scale systems and N-tier architectures. Excellent communication skills, able to effectively influence and collaborate with stakeholders across the organization. Perks & Benefits: Medical Insurance: Comprehensive options, including free online doctor consultations. Leave Policies: Yearly privilege and sick leaves as per Karnataka S&E Act, along with generous national, festive, and parental leave. Learning & Development: Access to a fund that supports continuous learning and professional growth. Flexible Benefits: Tax exemptions for meals, PF, etc., along with other flexible benefit plans. Team Culture: Fun events to foster collaboration and culture across the organization.

Job Title: Information Security Engineer Location: Bengaluru Company: Altisource (NASDAQ: ASPS) About Altisource At Altisource, we develop cutting-edge technologies and services for the mortgage and real estate industry. We re a trusted partner to 7 of the top 10 U.S. mortgage servicers, operate one of the leading real estate auction platforms, and support a cooperative with over 15% market share in the $1.8 trillion U.S. originations market. If you're passionate about cybersecurity and want to make an impact in a high-growth, tech-driven environment this is the role for you. Position Summary We re looking for a highly motivated Information Security Engineer to support our growing security operations. You will play a vital role in identifying and mitigating security risks across applications, systems, and networks. This role involves vulnerability assessments, code reviews, and automation of security tasks ensuring Altisource remains secure and compliant in a fast-paced environment. Key Responsibilities Conduct vulnerability assessments on applications, networks, and systems. Perform manual verification to reduce false positives and validate security fixes. Communicate identified vulnerabilities and recommend remediation steps to internal teams. Perform secure code reviews and assist development teams in fixing identified issues. Identify and mitigate risks throughout the software development lifecycle. Leverage commercial and open-source tools for vulnerability detection (e.g., Qualys, Nessus, Burp Suite). Assist in internal penetration testing initiatives. Develop internal tools and automate security tasks, leveraging AI where applicable. Stay updated on the latest threats, tools, and best practices in cybersecurity. Create detailed assessment reports and present findings to technical and non-technical stakeholders. Train and mentor team members on vulnerability management processes and tools. Required Qualifications Bachelor s degree in Computer Science, Engineering, or a related field. 3 to 5 years of hands-on experience in information security or related roles. Relevant certifications such as CEH, GIAC, or similar. Solid experience in: Network vulnerability assessments Application scanning and secure code review Windows, Linux, and Unix operating systems Familiarity with OWASP tools, methodologies, and security best practices. Strong communication skills both written and verbal. Preferred Skills Experience with tools like: Qualys, Nessus, Nexpose, SAINT Burp Suite Pro, HP WebInspect Static analysis tools (e.g., IBM AppScan Source, Fortify) Proficiency in one or more programming languages: Java, C, C++, .NET (C#, VB). Experience delivering training or presenting technical content to teams. Background in technical writing or web development is a plus. Be part of a team securing technologies used by top players in the mortgage and real estate space. Work with modern tools and frameworks. Enjoy a collaborative environment that supports innovation, growth, and learning. Qualification : Bachelors degree in Computer Science, Engineering, or a related field

Position: Security Engineer-2 Location: Bengaluru Employment Type: Full-Time Department: Engineering Job Description: We are seeking a proactive and skilled Security Engineer-2 to identify vulnerabilities, collaborate with development teams on mitigation strategies, and promote secure coding practices within the organization. You will play a critical role in ensuring the security and resilience of our products against emerging threats. Key Responsibilities: Conduct in-depth security assessments of products to discover vulnerabilities and demonstrate their exploitability and risk impact. Stay updated on emerging vulnerabilities and threats relevant to our products through independent research. Collaborate with developers to develop and implement mitigation and workaround plans according to security policies. Lead threat modeling and secure design review sessions with development teams to identify threats and define mitigation strategies. Conduct workshops to educate developers on threat modeling and secure coding principles. Prioritize and ensure mitigation of critical security defects during development sprints. Integrate and automate Static Application Security Testing (SAST) within the DevOps pipeline. Advocate and propagate secure coding principles across the development community. Serve as the primary point of contact for developers on critical secure development issues. Develop and deliver security training programs and technical workshops for developers and QA teams. Promote security awareness through tech talks and other knowledge-sharing activities. Required Qualifications and Skills: Strong knowledge of common vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), cryptographic weaknesses, and code injection. Proficiency in programming/scripting languages like Java, Ruby, and Python. Experience with cloud technologies and services. Ability to automate security testing processes and improve assessment productivity. Excellent communication skills to articulate security risks to both technical and non-technical audiences. Familiarity with industry-standard threat modeling, risk assessment, and vulnerability classification methodologies. Experience conducting white-box and grey-box security assessments, including architectural and API analysis. Knowledge of Secure Software Development Lifecycle (S-SDLC) and CI/CD integration. Bachelor s degree in Computer Science, Electrical Engineering, Computer Engineering, or equivalent experience in software engineering or security. Minimum 3 years of experience in application security or related security assessment roles. Deep understanding of attack vectors, exploits, and mitigation techniques, including chained attacks. Experience with languages such as Java, Go, Python, or Node.js (knowledge of multiple is a plus). Experience assessing cloud-native services, service meshes, and Kubernetes-based microservices. Strong problem-solving skills, able to think both offensively (like a hacker) and defensively (product security evaluation). Ability to learn new technologies and apply unconventional thinking to complex security challenges. Qualification : Bachelors degree in Computer Science, Electrical Engineering, Computer Engineering, or equivalent experience in software engineering or security

Job Title: General Manager Network Infrastructure & Security Location: Bangalore Department: IT and Systems Employee Type: Permanent Experience Required: 10 20 years Job Summary We are seeking a seasoned and strategic IT Infrastructure and Cybersecurity Leader to oversee and drive the company s enterprise-wide infrastructure and security initiatives. This role is responsible for developing and executing the vision, strategy, and programs to ensure the availability, performance, and security of our IT systems and data. The ideal candidate will work closely with executive leadership to align technology and security efforts with organizational objectives and risk tolerance. Key Responsibilities IT Infrastructure Management Lead the planning, implementation, and management of core IT infrastructure including networks, servers, cloud platforms, storage, and enterprise systems. Ensure high availability, performance, and scalability of IT infrastructure to support business operations. Oversee disaster recovery and business continuity strategies to mitigate operational risk. Manage vendor relationships, contracts, and Service Level Agreements (SLAs). Monitor system performance and continuously implement efficiency improvements and optimizations. Cybersecurity Leadership Establish, implement, and maintain cybersecurity policies, procedures, and standards across the organization. Conduct regular risk assessments, vulnerability scans, and implement corrective actions. Oversee security tools and solutions, including firewalls, antivirus, endpoint protection, SIEM, and intrusion detection systems. Lead incident response efforts, forensic investigations, and post-event reviews. Ensure compliance with relevant cybersecurity and data privacy regulations (e.g., ISO 27001, GDPR). Leadership & Cross-functional Collaboration Lead, mentor, and manage a team of IT infrastructure and security professionals. Collaborate with stakeholders across departments to align IT and cybersecurity strategies with business goals. Provide executive-level reporting on infrastructure performance, risk posture, incident management, and compliance metrics. Drive a culture of cybersecurity awareness and operational excellence throughout the organization. Qualifications & Experience Education: Bachelor s degree in Computer Science, Information Technology, or a related field. Master s degree preferred. Certifications (Preferred): CISSP, CISM, CISA, or equivalent professional certifications. Experience: 18+ years of progressive experience in IT infrastructure, cybersecurity, and risk management. Deep knowledge of security frameworks such as ISO/IEC 27001 and regulatory standards like GDPR. Proven experience in formulating and implementing enterprise-wide security policies and managing dynamic IT environments. Key Skills: Strategic planning & execution Project & vendor management Security architecture and governance Cross-functional collaboration & stakeholder communication Managing Security Operations Centers (SOC) Preferred Skills & Competencies Strong analytical and problem-solving skills to align business needs with technology solutions. Experience in documenting and executing security architecture and strategic plans. In-depth knowledge of IT networks, infrastructure systems, and cloud environments. Ability to communicate technical concepts to both technical and non-technical audiences, including C-level stakeholders. Qualification : Bachelors degree in Computer Science, Information Technology, or a related field

Red Team Hacker / Pen Tester (Onsite, Bangalore) Who We Are ColorTokens We re on a mission to keep businesses running safe and sound even when cyber attackers try to mess things up. Our next-gen platform, ColorTokens Xshield , stops ransomware and malware from spreading sideways inside companies, so critical stuff stays locked down and working. We ve got mad skills in spotting and controlling traffic between all kinds of devices and users from your typical laptops to IoT and medical gadgets. That means we can slice and dice security zones to keep bad actors contained. Forrester calls us a Leader in Microsegmentation (Q3 2024), and we help global companies avoid big $$$ downtime. Our Vibe We re all about hustling with heart. You ll get to own your projects, work with smart teammates, and solve tough problems that actually protect people from kids in hospitals to entire cities. If you re driven, curious, and ready to make a real impact, you ll fit right in. The Gig What You ll Do Run epic red team ops that mimic real-world hackers trying to break in. Hack (ethically!) into networks, apps (web, mobile, APIs), and cloud setups to find weaknesses. Build your own scripts and tools to level up your tests and dodge detection. Team up with defenders (blue team) to boost how we spot and stop attacks. Write clear, no-fluff reports with proof-of-concept hacks and smart fixes. Keep your finger on the pulse of the latest threats and hacker tricks. Jump into purple teaming and adversary simulations to sharpen our edge. Bachelor s in Cybersecurity, CS, or you ve got real-world chops that match. 6+ years deep in red teaming, pentesting across web, APIs, infrastructure, and cloud. Pro with tools like Cobalt Strike, Metasploit, Nessus, Burp Suite, Nmap, and scripting (Python/PowerShell/Bash). Solid grasp of MITRE ATT&CK, threat modeling, and adversary emulation. Know Windows & Linux inside out, Active Directory, plus cloud platforms (AWS, Azure, GCP). Bonus points if you re into social engineering, phishing, or physical security. Skilled at writing docs that actually make sense. Must-have certifications: OSCP is a must; CRTP, OSCE, OSEP, CRTE, GPEN, GXPN are pluses. Qualification : Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

Cyber Security Analyst Bangalore, India Location: Bangalore (Bengaluru) Experience: 4 to 12 Years Industry: IT Security / Cybersecurity Job Summary: We are seeking a highly skilled Cyber Security Analyst with advanced knowledge in cybersecurity principles, risk assessment, and threat prevention. The ideal candidate will have hands-on experience with security tools, network defense, vulnerability assessments, and malware analysis to safeguard our organization s digital assets. Key Responsibilities: Analyze and mitigate cyber and IT security risks using advanced techniques and best practices Conduct vulnerability assessments and penetration testing across networks, platforms, and applications Utilize scripting and programming languages such as Python, PowerShell, Perl, HTML, and JavaScript for automation and security analysis Monitor network security devices including firewalls, proxies, NIDS/NIPS, and respond to security incidents Perform dynamic and static malware analysis and memory forensics to identify and counter threats Conduct reverse engineering of malware and apply countermeasures based on adversary tactics and protocols Apply in-depth knowledge of network protocols, network security monitoring, and incident response Ensure compliance with security standards and frameworks Collaborate with cross-functional teams to implement security improvements and ensure robust defense mechanisms Required Skills & Qualifications: Minimum 4+ years of professional experience in cybersecurity or related IT security roles Advanced understanding of cyber threats, risk management, and prevention techniques Proficiency in security system analysis, network security, and vulnerability assessment tools Experience with malware analysis, penetration testing, and reverse engineering Strong programming/scripting skills in Python, PowerShell, Perl, or similar languages In-depth knowledge of security standards, protocols, and industry best practices Hands-on experience with network security monitoring and defense technologies Preferred Certifications: Technical cybersecurity certifications from recognized bodies such as SANS, ISACA (CISA, CISM), (ISC) (CISSP), CompTIA Security+, Cisco (CCNA Security), CERT, or equivalent Work in a challenging role protecting critical digital infrastructure Collaborate with a talented cybersecurity team to combat evolving threats Access to continuous learning, professional development, and certification opportunities

Architect - Cyber Security | Bengaluru, India Location: Bangalore (Bengaluru) Experience: 12 to 20 Years Industry: IT Security / Cybersecurity Architecture Job Summary: We are looking for a seasoned Cyber Security Architect with over 12 years of experience designing and managing security architectures across multiple industries. The ideal candidate will bring strong expertise in secure design principles, SSDLC implementation, and cloud security especially within Azure environments. Key Responsibilities: Lead the development and management of enterprise-wide security architectures for global, multinational organizations Participate in Security Architecture Review Boards and drive secure coding practices along with Software Security Development Life Cycle (SSDLC) implementation Develop and enforce secure design principles and security standards across platforms Create and maintain current and future state architecture diagrams, supporting the technical roadmap with a comprehensive understanding of the technology market Deliver security solution architectures aligned with the enterprise architecture framework Provide expert guidance on securing multi-tenant cloud environments, with a focus on Microsoft Azure Collaborate with cross-functional teams to align security strategies with business goals and compliance requirements Required Skills & Qualifications: Minimum 12+ years of experience in security architecture across at least two different industries, preferably including cloud service providers Proven track record with security architecture development and governance in large-scale multinational companies Experience with secure coding, SSDLC, and security architecture review processes Strong proficiency in cloud security architecture, especially Azure multi-tenant environments Bachelor s or Master s degree in Information Security, Computer Science, or related field Must hold CISSP certification (Certified Information Systems Security Professional) Experience with architecture certification such as CISSP-ISSAP is highly preferred Additional certifications or memberships in SANS, ISACA, or similar cybersecurity organizations are a plus Azure Architecture or Azure Security certifications highly desirable Lead cybersecurity architecture in a global, dynamic enterprise environment Work with cutting-edge cloud technologies and secure multi-cloud ecosystems Grow professionally with access to industry-leading certifications and training Influence enterprise security strategy at the highest level Qualification : Bachelors or Masters degree in Information Security, Computer Science, or related field

Job Title: Senior Systems Software Engineer Location: Bengaluru, Karnataka, India Team Overview: Join a team of Application Security experts at Cloud Software Group, where we focus on securing web applications and services. Our team is passionate about application layer attacks, protection mechanisms, threat intelligence, and protecting against OWASP threats. We re constantly evolving, staying at the forefront of emerging security trends. Job Description: As a Senior Systems Software Engineer, you will be responsible for implementing, configuring, and maintaining Web Application Firewalls (WAFs) to secure web applications and services from potential threats, including bot attacks. This role involves ensuring the effective operation of WAFs to prevent common vulnerabilities and unauthorized access, conducting security assessments, and collaborating with other security and development teams to enhance the security posture of our web applications. Key Responsibilities: WAF Implementation & Maintenance: Implement, configure, and maintain Web Application Firewalls (WAFs) to protect against security threats like OWASP-Top-10 vulnerabilities, unauthorized access, data breaches, and bot attacks. Security Policy & Rule Development: Develop and manage security policies and rules for WAFs to enhance their effectiveness in preventing security incidents. Penetration Testing & Security Assessments: Perform security assessments and penetration testing of web applications and services to identify vulnerabilities and recommend remediation actions. Collaboration: Work closely with other security teams, developers, and stakeholders to ensure security best practices are followed in the design, development, and deployment of features for web applications and bot management. Stay Updated on Security Trends: Keep informed about emerging security threats and technologies, continually improving security mechanisms to safeguard against new threats for WAF and API. Incident Response: Participate in incident response and investigations to understand the root cause of security breaches and implement corrective actions to prevent future incidents. Process Improvement: Lead initiatives for improving processes, systems, and products to optimize the performance and effectiveness of security measures. Qualifications: Education: Bachelor's (BE/B.Tech) or Master s degree in Computer Science, Information Security, or related fields, or equivalent professional experience. Experience: At least 5 years of experience working with network protocols like TCP, UDP, HTTP, DNS, SSL/TLS, and web application security, particularly in WAF and bot mitigation. Technical Skills: Proficiency with industry-leading WAF solutions like Citrix NetScaler AppFirewall, Imperva, ModSecurity, or F5 BIG-IP ASM. Experience in programming languages such as C, C++, and scripting languages like Python or Perl. Problem-Solving Skills: Strong analytical and problem-solving abilities to identify, assess, and mitigate security threats quickly. Communication & Collaboration: Excellent communication skills, with the ability to effectively collaborate with stakeholders across teams. About Us: Cloud Software Group is one of the world s largest providers of cloud solutions, empowering more than 100 million users globally. At Cloud Software Group, we re building the future of work, enabling people to get things done from anywhere. Our team thrives on passion for technology, embracing the courage to take risks and innovate. We re on the brink of another significant leap in technology evolution and we need experts like you to help us get there. If you're passionate about cybersecurity and eager to drive innovations, this is the perfect time to join us and be part of something transformative. Qualification : Bachelor's (BE/B.Tech) or Masters degree in Computer Science, Information Security, or related fields, or equivalent professional experience.

Job Title: Senior Incident Response Manager Location: Bengaluru, Karnataka, India About This Team: The Critical Situation Management team plays a pivotal role in maintaining customer trust and satisfaction in CSG Citrix BU products. We ensure swift resolution of production-impacting issues, collaborating closely with Technical Support and Product teams to maintain high uptime Service Level Targets (SLTs). Our team is dedicated to delivering rapid, effective solutions, making us essential to the continued success and reputation of the Citrix platform. Job Description / Responsibilities: Primary Duties / Responsibilities: Incident Management: Lead and manage timely, professional communication with internal and external stakeholders during critical incidents. Utilize your deep technical knowledge and strong communication skills to drive effective resolutions. Customer Sentiment Management: Assess and manage customer sentiments, and ensure appropriate resources are mobilized to mitigate production-impacting situations. Lead discussions with Citrix Customers and internal stakeholders with confidence and clarity. Collaboration: Facilitate cross-departmental collaboration to resolve customer issues, and coordinate the end-to-end customer experience, owning internal and, when necessary, external communications. Escalation Management: Act as the primary contact for Citrix Customers and Account teams during critical situations, collaborating with technical specialists (SMEs) to manage escalations and resolve incidents quickly. 24x7 Coverage: Provide 24x7 support, including weekends and holidays, on a rostered shift basis. Continuous Improvement: Actively participate in feedback processes, leading continuous improvement initiatives and ensuring the team adapts quickly to feedback. Lead and participate in projects aimed at improving incident response and service efficiency. Technical Knowledge: Utilize your technical know-how to manage the escalation process, lead calls, and effectively assess the situation to provide timely solutions. Qualifications (Knowledge, Skills, Abilities): Experience: 6 - 10 years of relevant experience in Incident Response, preferably in a Technical Support environment. Demonstrated ability to manage customer escalations in high-pressure scenarios. Communication Skills: Exceptional verbal and written communication skills. Ability to engage with customers and internal leadership clearly and professionally. Proficiency in creating concise incident reports and Root Cause Analysis (RCA) documents. Customer Advocacy: Strong customer advocacy skills, with the ability to understand, articulate, and manage customer expectations effectively. Technical Expertise: Broad knowledge in technologies such as Cloud, Virtualization, Networking, Operating Systems, and Remoting, with a focus on Virtualization, Networking, and Storage. Experience with Microsoft OS and End-User Computing is a plus. Collaboration Skills: Ability to manage and facilitate cross-team collaboration to solve complex customer issues. Comfortable leading critical calls and guiding teams through escalations. Process Knowledge: Knowledge of ITIL, Project Management, and Six Sigma methodologies is a plus. Familiarity with the Software Development Lifecycle (SDLC) and defect tracking processes is beneficial. Education: B.E. / B.Tech. or a Bachelor s degree in a related field with at least 5+ years of relevant experience. Additional Skills: Scripting, automation, and programming skills are an advantage. Experience in leading formal customer meetings, including those with C-level or Senior Management. About Us: Cloud Software Group is one of the largest cloud solution providers globally, serving over 100 million users. Joining us means making a tangible difference for people around the world who rely on our cloud-based products to perform their work efficiently, from anywhere. We foster a culture of innovation, learning, and growth. As we prepare for an exciting new phase of growth, we need your skills and expertise to continue evolving and building the future of work. Qualification : B.E. / B.Tech. or a Bachelors degree in a related field with at least 5+ years of relevant experience.

Position: Analyst - SecOps (SOC Level 2) Job Overview: We are looking for a skilled SOC Level 2 Analyst to join our global Cyber Operations team. This critical role ensures the security of our organization by monitoring, detecting, and responding to security incidents. The Analyst will work on a rotating 24x7 shift schedule, including night shifts. The ideal candidate will have strong experience in SOC operations, incident response, and proficiency with cybersecurity tools and technologies. Key Responsibilities: Threat Detection and Incident Response: Monitor, analyze, and respond to global security alerts using SIEM/SOAR tools. Perform triage and analysis with sandboxing technologies and threat intelligence platforms. Investigate security events, implement containment and recovery strategies, and expedite workflows with AI/ML capabilities. Query and correlate security data using KQL (Kusto Query Language) to identify and address threats. Develop and manage automated detection rules and playbooks in Microsoft Sentinel. Enhance endpoint protection and data security using Microsoft Defender and MS Purview Data Loss Prevention (DLP) tools. Threat Hunting and Data Forensics: Perform proactive threat hunting and data forensics to identify and investigate potential threats. Use advanced threat intelligence platforms to refine detection strategies. Develop and execute SOC playbooks to improve response times and operational efficiency. Team Collaboration and Leadership: Provide assistance with complex incidents and investigations. Collaborate with USA security escalation teams and other departments to improve the organization s overall security posture. Contribute to the development and refinement of SOC procedures and best practices. Career Development: Opportunities for progression to roles like SOC Lead or SOC Architect. Access to continuous learning, certifications, and professional development resources. Regular performance reviews to discuss career growth and advancement. Qualifications: Bachelor s degree in Computer Science, Cybersecurity, or related field (preferred). 3-5 years of experience as a SOC Analyst, with lead responsibilities being a plus. Strong proficiency in KQL (Kusto Query Language) for querying and analyzing security data. Hands-on experience with Microsoft Sentinel (including rule creation, playbook implementation, and workbooks). Proficiency in Microsoft Defender and MS Purview DLP for endpoint protection and data security. Certifications such as CISSP, CEH, or CompTIA Security+ are a plus. Core Technologies and Expertise: Microsoft Sentinel: Expertise with SIEM, rule creation, playbooks, and workbooks. KQL (Kusto Query Language): Proficiency in querying and data correlation. Microsoft Defender: Strong knowledge of endpoint protection and threat detection. MS Purview DLP: Experience in data loss prevention strategies. Incident Response Tools: Knowledge of containment and recovery strategies. Vulnerability Management: Familiarity with assessments, penetration testing, and monitoring. Threat Intelligence Platforms: Ability to leverage and analyze threat intelligence. Network Security: Working knowledge of firewalls, IDS/IPS, and network security protocols. Data Forensics: Skilled in forensic analysis and investigation. SOC Playbooks: Ability to create and manage effective SOC playbooks. Additional Skills: Strong understanding of incident response processes and procedures. Excellent analytical, problem-solving, and communication skills. Ability to work collaboratively within a well-managed team. Rotational 24x7 shift coverage. Location: Bangalore, India (SKAV Seethalakshmi, GESC) Employment Type: Full-time Job Category: Information Technology Qualification : Bachelors degree in Computer Science, Cybersecurity, or related field (preferred).

Job Title: Security Engineer - II Location: Bangalore (On-site; full-time) About Locus: At Locus, we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastogi and Geet Garg, Locus has evolved from a women s safety geo-tracking app into a globally recognized logistics optimization platform. Our technology has empowered enterprises such as Unilever and Nestl to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers. Join us at Locus and be part of a team shaping the future of global logistics. Job Overview: Key Responsibilities: Conduct comprehensive threat modeling for applications, cloud infrastructure, and overall systems architecture. Perform secure code reviews and security assessments for web, Android, and iOS applications, with a strong focus on cloud infrastructure security. Proactively identify and mitigate vulnerabilities across platforms, collaborating with development and DevOps teams to implement secure solutions. Automate and streamline security processes, aligning with the principle that Complexity is the enemy of Security. Oversee Vulnerability Management and Patch Management processes, ensuring timely remediation. Design and implement robust security measures and contribute to Red Team activities, including assessments of cloud, network, wireless, physical, and social engineering scenarios. Take ownership of assigned tasks and drive the continuous improvement of security practices across the organization. Assist in setting up and maintaining monitoring systems to identify and respond to potential incidents in real time. Develop custom tools, scripts, and scanners to address unique security challenges and automate repetitive tasks. Provide architectural guidance for securing cloud-based applications and DevOps pipelines. Continuously stay updated on emerging security technologies and techniques, sharing knowledge with the team. Qualifications: 3-5 yrs experienced Sr security engineer. Expertise in cloud security (AWS, Azure, or GCP) with a strong understanding of securing applications and infrastructure in cloud environments. Proficiency in DevOps and DevSecOps practices, including secure CI/CD pipeline integration and automation. Strong knowledge of OWASP and SANS testing methodologies for identifying and mitigating security vulnerabilities. Good understanding of software security weaknesses, architecture vulnerabilities, and mitigation strategies. Hands-on experience in threat modeling, vulnerability assessments, and penetration testing. Proficiency in any scripting language - Python. Experience in developing or customizing tools, scanners, or extenders for specific security needs. Ability to work independently and collaboratively within a team to solve complex security challenges. Experience in implementing security monitoring systems for early incident detection. Strong problem-solving skills and the ability to think creatively to simulate attack scenarios. Certification in security-related fields (e.g., AWS Certified Security, CISSP, CEH, OSCP). Experience with container security and orchestration platforms like Kubernetes and Docker. Knowledge of Infrastructure as Code (IaC) tools like Terraform or CloudFormation. Familiarity with modern DevOps tools (e.g., Jenkins, GitLab, Ansible). Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization. Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.

Location: Bengaluru, India Role: Cybersecurity Analyst Company: Wipro Limited In a world where data is power, protecting that data is a mission, not just a job. As a Cybersecurity Analyst at Wipro, you ll be the guardian of sensitive information, spotting threats before they strike and building a resilient security posture for the organization. What You ll Do 1 Keep Customers Safe Deliver customer-centric cybersecurity, ensuring systems are fortified and risks are minimized. Monitor logs, security events, and access patterns to detect unusual, unauthorized, or illegal activity. Safeguard log sources, security configurations, and access controls. 2 Hunt, Analyze & Respond Track, analyze, and respond to security incidents escalated by L1 teams (24x7 rotational shifts). Perform log reviews and forensic analysis to understand unauthorized access or breaches. Use advanced analytics tools to identify emerging threat patterns. Conduct detailed root cause analysis and recommend specific, actionable improvements. 3 Be the Incident Commander Lead incident response efforts, coordinating with internal teams and customers for swift resolution. Plan and refine disaster recovery strategies for potential breaches. Create incident reports, dashboards, and analysis summaries to share insights and learnings. 4 Collaborate & Educate Work closely with internal technical leads, practice teams, and external customers to manage security concerns. Assist with internal and external audits, maintaining the information security risk register. Deliver cybersecurity awareness training for colleagues, turning every employee into a security ally. Provide hands-on advice and guidance on handling malicious emails, phishing attempts, and suspicious activity. Key Relationships Stakeholder Why You ll Work Together Internal Tech & Project Leads Regular updates, security reporting, coordination Security Intelligence Team For threat intelligence sharing and practice alignment Customers Direct support during incidents, ensuring transparency & fast resolutions What You Need to Succeed Technical Mastery Deep knowledge of Network Security devices, Firewalls, Endpoints, SIEM, Application Security, IDS/IPS, Vulnerability Assessments & Penetration Testing (VA/PT). Process Excellence Solid understanding of standards, processes, and automation tools to improve consistency and reduce risk. Communication & Collaboration Clear, effective communication skills you ll be the go-to person for explaining security risks to both techies and non-techies. How Your Success Will Be Measured Performance Area Measure Customer Focus Fast, effective resolution of security incidents for internal & external users Process Adherence 90-95% SLA compliance for response & resolution times Key Competencies Effective Communication Collaborative Working Execution Excellence Analytical Thinking & Problem Solving Reinvent Cybersecurity With Wipro This isn t just a job it s your chance to reinvent how organizations protect themselves in a rapidly evolving threat landscape. Join Wipro. Own the mission. Protect the future. Applications from people with disabilities are explicitly welcome.

Job Title: Lead Engineer Software Test & Release Location: Bangalore Job Summary We are looking for a skilled Security Test and Automation Engineer with 7-9 years of experience in Security Verification and Validation, particularly on Embedded Systems. The ideal candidate will have 3-4 years of leadership experience in managing a team of security test engineers and hands-on expertise in scripting languages like Python, Java, and AI/ML-based tools. The primary responsibility will be to develop and execute security testing strategies across various domains including Devices, Automotive, Medical Devices, and Telecom Infrastructure (Wireless and Wired). Key Responsibilities Security Test Strategy: Develop and execute a comprehensive security test and automation strategy across multiple domains like Devices, Automotive, Medical Devices, and Telecom Infrastructure. Collaborate with project teams to capture best practices, share knowledge about the latest tools and technologies, and identify opportunities for new solution development. Understand client requirements for security testing and prepare proposals related to Security and Penetration Testing. Penetration Testing: Work with clients to understand their testing needs (e.g., number and types of systems for testing). Plan, create, and execute penetration methods, scripts, and tests to assess the security of systems. Perform remote or on-site security testing of a client s network or infrastructure to uncover vulnerabilities. Simulate security breaches to test system vulnerabilities and identify potential threats. Generate detailed reports outlining security issues, the level of risk, and recommendations for remediation. Team Leadership and Development: Lead and mentor a team of security test engineers, providing guidance on technical challenges and professional growth. Conduct reviews of designs, code, and test plans to identify risks and ensure quality deliverables. Identify training needs for the team and provide support for their technical development. Risk Analysis and Requirement Management: Conduct requirement analysis and feasibility studies, considering risk identification and mitigation. Perform system-level work estimation and ensure timely delivery of high-quality work. Ensure traceability of requirements from design to delivery, while optimizing code and ensuring test coverage. Continuous Improvement: Participate in technical initiatives within the project and organization, delivering training and maintaining a high level of technical competence through ongoing self-study and technical assessments. Identify and implement improvements in security testing practices and tools. Required Skills and Experience 7-9 years in Security Verification and Validation on Embedded Systems. 3-4 years of experience leading a team of security test engineers. Hands-on experience with scripting languages like Python, Java, and AI/ML-based tools. Experience in penetration testing and security assessments for embedded systems and network infrastructures. Technical Expertise: Strong knowledge of security testing methodologies, vulnerability assessments, and penetration testing. Proficiency in scripting languages (Python, Java, Perl, Shell scripts, TCL). Experience in Automation Frameworks for security testing. Understanding of network protocols (2G, 3G, LTE, 5G) and security concerns within telecommunications and embedded systems. Certifications: Bachelor s degree in Engineering or equivalent. Certifications in Security Testing (e.g., Certified Ethical Hacker - CEH) are highly desirable. Tools and Technologies: Experience with test and trace/log collection tools such as QXDM, QCAT, QPST, Prism, and other telecom instruments (e.g., Anritsu, Keysight). Familiarity with automation scripting tools like RTD (for Anritsu) or equivalent. Knowledge of Linux host platforms and network simulation tools. Specialization: Expertise in 2G, 3G, 4G, 5G, Interop Testing, and VSAT-SATCOM technologies. Understanding of 3GPP specifications and network vendor tests. Desirable Skills Strong problem-solving and analytical skills to identify vulnerabilities and assess risks in systems. Ability to provide strategic and actionable insights based on security findings. Ability to communicate complex security issues to non-technical stakeholders. Leadership and mentoring capabilities to guide junior engineers and promote team development. Work Environment Location: Bangalore Opportunity to work in a dynamic environment with the latest tools and technologies in the security testing domain. If you have a passion for security testing and automation, along with a desire to lead and contribute to impactful projects, this is the perfect opportunity for you! Apply now to join our team and make a significant impact in the field of security testing.

Job Title: Application Security Engineer About PhonePe Group PhonePe is India s leading digital payments company with 500 million registered users and 37 million merchants, covering over 99% of India s postal codes. Building on its leadership in digital payments, PhonePe has expanded into financial services, including insurance, mutual funds, stock broking, and lending. It has also ventured into adjacent tech-enabled businesses such as Pincode for hyperlocal shopping and Indus App Store, India s first localized app store. The PhonePe Group is a portfolio of businesses aligned with the company s vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services. Culture At PhonePe, we empower our people and trust them to do the right thing. We create an environment that enables you to give your best every day, from day one. If you are passionate about building technology that impacts millions, ideating with the brightest minds, and executing with purpose and speed, PhonePe is the place for you! Job Description We are looking for a skilled Application Security Engineer to join our team and strengthen our security posture. You will proactively identify and mitigate vulnerabilities across our web applications, APIs, and mobile apps. The ideal candidate will have a strong background in penetration testing, secure code review, and security automation. Roles & Responsibilities (What You Will Do) Penetration Testing: Perform penetration testing on web applications, APIs, and mobile apps, providing in-depth vulnerability analysis and remediation guidance. Secure Code Review: Conduct both manual and automated secure code reviews, primarily in Java, Python, and JavaScript. Security Automation: Develop security automation solutions using Python to streamline testing, improve coverage, and reduce manual effort. Collaborate with Development Teams: Work closely with development teams to ensure timely resolution of security issues within fast-paced release cycles. Threat Modeling: Create and maintain threat models, applying threat modeling techniques to proactively identify and mitigate design-level security risks. Security Education: Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities, and attack vectors. Effectively communicate security findings to stakeholders. What Makes You a Great Fit Experience: 1-5 years of experience in application security, penetration testing, or related fields. Penetration Testing Expertise: Strong penetration testing expertise with tools like Burp Suite, OWASP ZAP, semgrep, MobSF, Jadx-GUI, and other mobile security testing frameworks. DevSecOps Knowledge: Experience integrating security into the SDLC and familiarity with DevSecOps tools. Secure Coding Knowledge: Proficiency in secure coding principles, OWASP Top 10, CWE, and exploit techniques. Scripting Skills: Strong scripting skills (Python preferred) for security automation. Communication Skills: Excellent communication and stakeholder management abilities. Continuous Learning: Passion for continuous learning and staying updated on security trends. Certifications (Optional): Certifications like OSCP, OSWE, CRTP, or a proven Bug Bounty track record and/or CTF participation are a plus. PhonePe Full-Time Employee Benefits Insurance Benefits: Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance. Wellness Program: Employee Assistance Program, Onsite Medical Center, Emergency Support System. Parental Support: Maternity and Paternity Benefits, Adoption Assistance Program, Day-care Support. Mobility Benefits: Relocation Benefits, Transfer Support Policy, Travel Policy. Retirement Benefits: Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment. Other Benefits: Higher Education Assistance, Car Lease, Salary Advance Policy. Why Work at PhonePe Working at PhonePe is a rewarding experience. With great people, a work environment that thrives on creativity, and the opportunity to take on roles beyond your defined job description, PhonePe offers a chance to grow your career in an innovative, dynamic company.

Infosec Lead Experience: 5-7 Years | Location: Bengaluru About Gameskraft: Founded in 2017, Gameskraft is one of India s fastest-growing online gaming companies. Our mission is to build a safe, secure, and responsible gaming ecosystem while delivering unmatched experiences through innovation and technology. As the industry s only ISO 27001 and ISO 9001 certified company, we set the highest benchmarks in security, design, and performance. Job Summary: We are seeking an experienced Infosec Lead to drive our security strategy, ensuring robust web security, application security, and compliance across the organization. You will be responsible for leading a team of security professionals, implementing best-in-class security measures, and ensuring compliance with industry regulations such as HIPAA, PCI-DSS, ISO, and GDPR. Key Responsibilities: Security Strategy & Program Management: Develop, implement, and maintain a comprehensive security program to safeguard company assets, systems, and data. Collaborate with cross-functional teams to integrate security into product development and business operations. Conduct risk assessments and vulnerability analyses to identify and mitigate security threats. Compliance & Regulatory Adherence: Ensure compliance with HIPAA, PCI-DSS, ISO, GDPR, and other relevant security frameworks. Maintain security certifications and drive adherence to regulatory standards. Develop and enforce security policies, standards, and procedures. Incident Response & Risk Management: Lead incident response efforts, including investigation, containment, and remediation. Continuously monitor security threats, emerging trends, and vulnerabilities to strengthen cyber resilience. Provide security guidance and risk analysis during product launches and infrastructure changes. Team Leadership & Stakeholder Collaboration: Lead and mentor a team of security professionals, fostering a culture of security awareness across the organization. Work closely with engineering, IT, legal, and business teams to embed security best practices. Present regular security reports and key performance metrics to senior management. What You Bring to the Table: Education: Bachelor s or Master s degree in Computer Science, Information Security, or a related field. Experience: 5-7 years of experience in information security, with a strong focus on web security, application security, and compliance. Proven track record in leading security teams and managing enterprise security programs. Technical Expertise: Strong knowledge of security technologies such as firewalls, IDS/IPS, SIEM, encryption, authentication protocols, and penetration testing tools. Experience with cloud security (AWS, Azure, GCP) and DevSecOps methodologies. Familiarity with secure coding practices and application security frameworks (OWASP, NIST, CIS Controls). Hands-on expertise in risk assessment, vulnerability management, and security architecture design. Certifications (Preferred): CISSP, CISM, CISA, CEH, or equivalent industry-recognized security certifications. Soft Skills & Leadership: Strong analytical and problem-solving skills. Excellent communication and stakeholder management abilities. Ability to influence and drive security initiatives across multiple teams. Work Culture at Gameskraft: Startup Environment: Fast-paced, ownership-driven culture where innovation and agility thrive. Impactful Work: Direct contribution to securing one of India s largest gaming platforms. Collaboration: Work alongside some of the best minds in the gaming and consumer internet industry. Data-Driven: Leverage analytics to enhance security posture and decision-making. Compensation & Benefits: Attractive Compensation & ESOPs Competitive salary with equity options. Health Insurance 5 Lakh medical cover for you and your family. Car Lease Policy Exclusive leasing options for employees. Relocation Benefits Assistance with moving to Bengaluru. Free Lunch & Stocked Pantries Enjoy great food while you work! Performance-Based Growth Transparent appraisals and rapid career progression. Join Us & Secure the Future of Gaming! If you re passionate about cybersecurity, risk management, and building secure digital ecosystems, we d love to have you on board. Apply now and be part of an exciting journey at Gameskraft! Qualification : Bachelors or Masters degree in Computer Science, Information Security, or a related field.

At Tide, we re building a finance platform to help small businesses save time and money. We offer business accounts and banking services alongside a comprehensive set of administrative solutions, from invoicing to accounting. Launched in 2017, Tide is trusted by over 1 million small businesses worldwide and is available to SMEs in the UK, India, and Germany. Headquartered in London, we have offices in Sofia, Hyderabad, Delhi, Berlin, and Belgrade, with a global team of 2,000+ employees. As we expand into new markets, we re constantly seeking passionate individuals to help us empower small businesses. About the Team The Security Engineering Team at Tide is divided into three core areas: Product Security, Threat Detection & Response, and Identity. Product Security (this role) focuses on embedding security throughout our product lifecycle, from secure design reviews and threat modeling to penetration testing, ensuring security is baked into every stage of development. Threat Detection & Response builds a robust detection and automation platform, proactively defending against emerging threats and making Tide resilient. Identity manages Tide s staff identity platform, ensuring secure access with modern strategies like zero trust and multi-factor authentication. Collaboration is central to our work standups, shared channels, and cross-functional projects keep us aligned and cohesive. About the Role We re seeking a Senior Product Security Engineer with a passion for application security and resilient software development. You ll be responsible for hunting vulnerabilities in our web and mobile applications, collaborating with engineering teams to remediate strategically, and ensuring security is seamlessly integrated into our development process. You ll be an advocate for security across the organization, mentoring engineers, and introducing the latest security tools and trends. As a Senior Product Security Engineer, you will: Dive deep into mobile and web technologies to proactively hunt for vulnerabilities. Secure cloud-native applications, ensuring best practices across Tide s AWS cloud environment. Perform threat modeling and guide teams in secure design principles to prevent vulnerabilities. Remediate vulnerabilities through strategic initiatives and hands-on patching. Act as a subject matter expert across a range of security areas, particularly application security. Mentor and coach junior engineers, sharing your expertise to raise the security bar. Integrate security into our CI/CD pipelines, leveraging automation to catch vulnerabilities early. What We re Looking For: Extensive experience in Application Security (AppSec), with a deep understanding of concepts like Secure Enclave, URL Schemes vs. Universal Links, and presigned URLs in S3. Proficiency with tools like Burp Suite (bonus points if you ve built custom extensions). Excellent communication skills able to clearly articulate vulnerabilities and advocate for their remediation. Hands-on experience with cloud-native applications and consistently applying security best practices. Ability to write proof-of-concept (POC) scripts to demonstrate findings and their potential impact. A passion for the security community public speaking, blogging, bug bounties, or sharing your work on GitHub is a plus. Our Tech Stack: Cloud Environment: 100% containerized on AWS EKS. Infrastructure as Code (IaC): Managed via Terraform and Terragrunt. Deployment: GitOps with Argo CD, supported by Helm and Crossplane. CI/CD: GitHub Actions and all source code hosted on GitHub. What You ll Get in Return: Competitive salary Health Insurance (Self & Family) Term & Life Insurance OPD Benefits Mental Well-being Support through Plumm Learning & Development Budget WFH Setup Allowance Leave Benefits: 15 Privilege Leaves, 12 Casual Leaves, 12 Sick Leaves, 3 Paid Days Off for Volunteering or L&D Activities Stock Options Tidean Ways of Working: We support a flexible workplace model, balancing remote and in-person work to meet the needs of different teams. While remote work is encouraged, we believe in face-to-face interactions to foster innovation and strengthen team spirit. Our offices are hubs for collaboration and community-building. Diversity & Inclusion at Tide: At Tide, diversity and inclusion are at the heart of our culture. Our Tideans come from diverse backgrounds, bringing unique perspectives that help us build products that resonate with our members. We are committed to creating an environment where everyone s voice is heard, and all individuals regardless of ethnicity, gender identity, sexual orientation, or disability are welcomed and celebrated. We are One Team, fostering transparency and inclusion in everything we do.

Summary of Essential Job Functions The primary responsibility of the InfoSec Tech Lead is to ensure the organization's global information security, compliance, and risk management. The role involves collaborating with various teams to identify and implement security requirements for product applications and infrastructure. Minimum Requirements (Education & Work Experience) Education: Bachelor s/Master s degree in Computer Engineering or Information Science. Certifications (Preferred): OSCP, OSCE, ECSA|LPT, CPT, CEH. Experience: 5-7 years in Vulnerability Management, covering Application, Infrastructure, Cloud, Mobile Security, Secure Code Review, and IoT. Work Location: Bangalore, India (May require travel). Competency Requirements Hands-on experience in Network, Web-based, and Cloud Application Security Assessments including threat modeling, vulnerability assessments, and penetration testing. Knowledge of current information security trends. Familiarity with security bug classification frameworks (e.g., CVSS, DREAD) and application of classification methods. Expertise in Web Service vulnerability assessments. Understanding of Mobile Application Security (iOS/Android). Experience in code review methods and standards. Ability to develop proof-of-concept (POC) exploits for security vulnerabilities. Proficiency with web application vulnerability scanning tools (e.g., Acunetix, NTO Spider, BurpSuite Pro, WebInspect, Core Impact). Experience with network assessment tools and exploitations (e.g., Kali Framework, QualysGuard, Nessus, Nexpose, Nmap, Metasploit, Saint). Experience in static code review tools (e.g., Checkmarx, HP Fortify, IBM AppScan Source). Proficiency in at least two scripting languages (e.g., Python, Perl, PHP, Ruby, etc.). Ability to assess applications using OWASP, OSSTMM, CESG, CREST, NIST, ISSAF, PTES methodologies. Understanding of SDLC practices and adaptability to Agile methodologies. Experience in high-level programming languages (e.g., Java, C, C++, .NET (C#, VB)), with DAST code review as an added advantage. Knowledge of operating systems (Windows/Linux/UNIX IBM AIX, Sun Solaris, HP UX) and network equipment. Experience providing technical oversight to project teams to ensure quality engagements. Strong experience in mentoring, coaching, and leading teams in challenging environments. Familiarity with security compliance frameworks (PCI, SOC, GDPR). Other Requirements Strong ethics and integrity in business and information security. Proficiency in English (written and verbal communication skills). Ability to prepare professional reports and present findings to technical and executive stakeholders. Ability to interact with customers and understand security requirements. Job Responsibilities Conduct and manage Vulnerability Assessments and Penetration Testing (VAPT) for Infrastructure, Web Applications, and Web Services/APIs. Perform manual and automated security testing to identify vulnerabilities. Conduct periodic configuration audits for network devices, servers, and critical functions. Perform secure code reviews across multiple programming languages and recommend corrective actions. Assess SDLC processes for security compliance. Develop security testing scripts and procedures. Participate in security-related projects as per skillset. Continuously evaluate application architecture to enhance security processes. Analyze suspected vulnerabilities, collaborate with subject matter experts, and recommend remediation measures. Evaluate and recommend security products and solutions. Act as a security advisor for secure coding standards and security information management. Qualification : Bachelors/Masters degree in Computer Engineering or Information Science.