Incred-Infosec Engineer
Job Title: Senior Information Security Engineer
Experience Required: 3-6 years in Information Security
Location: Whitefield, Bengaluru
Senior Information Security Engineer
Job Description
As InCred operates in the regulatory space, this role requires interpreting and helping implement regulations related to cyber security by Reserve Bank of India (RBI), IRDAI and SEBI, as well as any other applicable regulatory guidance related to the service offerings issued by relevant institutions.
ensure on-going monitoring and tech-compliance with existing regulatory expectations across these dimensions
Ensuring that information security principles, policies, frameworks, standards and controls are defined, implemented and managed effectively.
Partner and collaborate extensively with cross-functional teams, such as Engineering, Infrastructure, IT, Legal, and help minimize information security risks
Architect and deliberate on the solutions that are compliant with relevant regulatory cybersecurity requirements
Conduct and review results of Technology Risk Assessment, VAPTs recommending mitigation strategies to bring the Risk to appropriate levels
Ensure readiness of the organization for internal and external audits by keeping all documents, evidences, ready
Conduct Security awareness programs, train personnel on data security & privacy related processes and responsibilities
Review / conduct Third Party Risk Assessments & Vendor assessments before onboarding
Review security solutions / controls implemented by Tech / Engineering teams, controls at data center,
cyber / information security incidents, IT BCP and DR drills, cloud security controls
Identify and define Security KPIs including weekly, monthly reports and update Security Dashboards
Evaluating, Testing, and integrating security tools, standards, and associated processes as per the security framework.
Assist in creating and managing the framework for Information Security in alignment with industry best practices (ISO 27001)
Improve the cyber security program governance processes including cyber security risk reporting (recommending new report formats, reporting technologies and collaborating with team members to build-out reports/dashboards) and governance committee
Develop of cyber security standards, including incorporating industry practices and applicable compliance requirements
Monitor and report compliance with cyber security standards and security rules of relevant cyber security and regulatory privacy requirements
Improving and supporting application security tool deployments including static analysis and runtime testing tools.
Create and manage process to guide development and testing teams on proactively finding application security risks
Improving and maintaining secure development standards.
Supporting the application architecture/design review processes whenever application security expertise is needed.
Conduct periodic penetration testing services of application and related infrastructure. Closure of open risks by actively following-up with stakeholders.
Assess application, design threat models, risk, document potential risk vectors, recommend relative controls and ensure risk is addressed
Maintain security risk register to track the identified risks and produce metrics to report the state of application security program and risk status.
Additional responsibilities to this role include:
Recommend cybersecurity assessment methodology and support purple team exercises when required
Assessing cloud security risk (AWS, Google, and Azure) and recommending appropriate security controls
Assist in imparting security awareness training and executing phishing simulation exercises to employees.
Track and report security metrics to higher management on a regular basis
Define hardening standard for various technology and assess compliance levels
Identify, prioritize, and track security incidents and manage related platforms such as SIEM, DLP, EDR and other security tools
Provide clear communication on the issue to application owners and verify the efficacy of vulnerability remediation
Should have ability to drive VAPT engagements end to end for Web, Mobile and Infra with Internal stakeholders and external agencies if required
Basic understanding of regulatory requirements of Indian Fintech ecosystem like RBI, SEBI, NSE, BSE others
Key Areas: ISO 27001, security governance, evaluating and implementing security tools (SIEM, DLP, endpoint protection), security reviews and assessment, preparation of security checklist, security awareness/phishing simulation, cloud security, Application security. Certifications: good to have - ISO 27001, CISM, or CISSP ( Not Mandatory But good to have)
Experience
Should have 3-5 years of experience in the information security/Cybersecurity domain
Prior experience in the Fintech/Startup industry and knowledge of one of the regulatory compliances like PCI DSS, RBI Master Directives, IRDA, SEBI cyber security guideline is preferred.
Experience with Information Security & Risk Management frameworks like ISO27001, NIST SP 800-37, etc Cyber Kill Chain, MITRE ATT&CK, or other relevant frameworks
Must have sound knowledge in security vulnerabilities, remediation and mitigation techniques.
Ability to document and explain technical details in a concise & understandable manner
Ability to lead complex, cross-functional projects, and problem-solving initiatives.
Passionate about information security and update knowledge on daily basis to support the organization
Candidates must have excellent verbal and written communication skills
Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, to concerned stakeholders and discuss effective defensive techniques.
Familiarity with industry standards and regulations including PCI, ISO27001, CIS, NIST is desired.
Good understanding of the Docker, Kubernetes, and security models
Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security implications
Skills:
Candidate should be a good team player
Should have good interpersonal skills
Good written communication skills including ability to develop process documentation and security guidelines.
Ability to apply critical thinking and logic to a wide range of intellectual and practical problems
Ability to maintain composure under pressure and work calmly during an emergency
Ability to manage multiple tasks and schedules
About Incred:
InCred is a new-age financial services group that leverages technology & data-science to make lending quick & easy.
InCred is credit for Incredible India. We use technology & data-science to make lending quick, simple & hassle-free. We believe traditional ways of lending can exclude those most in need because of outdated, rigid & often inefficient processes. At InCred, we have simplified the lending process with a sharp focus on serving our borrowers' unique needs & circumstances.
Our Products:
Personal Loans:
At InCred, we understand that "life happens" & that our bank accounts are often unprepared for unexpected financial needs. From medical emergencies to happy events like weddings, InCred's consumer business focuses on providing unsecured personal loans that are both convenient to process as well as fairly priced.
Student Loans:
InCred aims to support the India growth story & to aid current & future generations of Indians embark on their personal nation-building journeys - by removing the biggest hurdle our students face when dreaming of higher education - financing.
Secured Business Loans:
InCred believes in India's potential to emerge as the fastest growing economy in the world. With over 50 Million SMEs in India & their numbers growing every day,India's growth will be driven by these businesses. However, some of the biggest hurdles in the growth and expansion of these SMEs are financing & inadequate access to credit. InCred aims to help such businesses overcome these obstacles by providing working capital, growth capital & tailor-made financing solutions.
Specialised MSME Loans
