Algotale ( InCred ) - Information Security Engineer

Role- Information Security Engineer

Location- Bangalore Hybrid 2 Days Onsite

Company- InCred

Job Description

Evaluating, Testing, and integrating security tools, standards, and associated processes as per the
security framework.
Identify, prioritize, and track security incidents and manage related platforms such as SIEM ( Wazuh
, Blusapphire, Qualys ) , DLP ( Email and Application), EDR and other security tools
Ability to run automated and manual scans on tools like - Burpsuite and Nessus Improving and
supporting application security tool deployments including static analysis and runtime testing tools.
Assist in creating and managing the framework for Information Security in alignment with
industry best practices (ISO 27001, NIST CSF, OWASP top 10)
Improve the cyber security program governance processes including cyber security risk
reporting (recommending new report formats, reporting technologies and collaborating with
team members to build-out reports/dashboards) and governance committee
Develop of cyber security standards, including incorporating industry practices and
applicable compliance requirements
Monitor and report compliance with cyber security standards and security rules of relevant
cyber security and regulatory privacy requirements
Improving and supporting application security tool deployments including static analysis and runtime
testing tools.
Create and manage process to guide development and testing teams on proactively finding
application security risks
Improving and maintaining secure development standards.
Supporting the application architecture/design review processes whenever application security
expertise is needed.
Oversee and improve third-party information security risk management programs to assess
risks associated with the usage of third-parties/vendors. Assist in 3rd party security due-
diligence reviews
Conduct periodic penetration testing services of application and Network related infrastructure.
Closure of open risks by actively following-up with stakeholders.
Assess application, design threat models, risk, document potential risk vectors, recommend relative
controls and ensure risk is addressed
Maintain security risk register to track the identified risks and produce metrics to report the state of
application security program and risk status.
Additional responsibilities to this role include:
Recommend cybersecurity assessment methodology and support purple team exercises
when required
Assessing cloud security risk (AWS, Google, and Azure) and recommending appropriate
security controls

Assist in imparting security awareness training and executing phishing simulation exercises
to employees.
Track and report security metrics to higher management on a regular basis
Define hardening standard for various technology and assess compliance levels
Identify, prioritize, and track security incidents and manage related platforms such as SIEM, DLP,
EDR and other security tools
Provide clear communication on the issue to application owners and verify the efficacy of
vulnerability remediation
Should have ability to drive VAPT engagements end to end for Web, Mobile and Infra with Internal
stakeholders and external agencies if required

Basic understanding of regulatory requirements of Indian Fintech ecosystem like RBI, SEBI, NSE,
BSE others

Key Areas: ISO 27001, security governance, evaluating and implementing security tools (SIEM, DLP,
endpoint protection), security reviews and assessment, preparation of security checklist, security
awareness/phishing simulation, cloud security, Application security.
Keywords in the line of priority - Information security , SOC (Security Operations centre), SIEM ,
Application security, Technical risk assessment, Cloud Security , Third party risk management, Security
reviews , Security checklist, Internal and external audits, Awareness trainings, RBI , ISO 27001, CEH,
Certifications: good to have - ISO 27001, CEH or CC ( Not Mandatory )

Experience

Should have 3-4 years of experience in the information security domain
Must have sound knowledge in security vulnerabilities, remediation and mitigation techniques.
Ability to document and explain technical details in a concise & understandable manner
Industry recognized certificates relevant to the roles such as CISM, CISSP, CISA, ISO 27001 LA ,
CEH and CC are desired
Ability to lead complex, cross-functional projects, and problem-solving initiatives.
Passionate about information security and update knowledge on daily basis to support the
organization
Candidates must have excellent verbal and written communication skills
Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, to
concerned stakeholders and discuss effective defensive techniques.
Familiarity with industry standards and regulations including RBI Master directionsPCI, ISO27001,
CIS, NIST is desired.
Good understanding of the Docker, Kubernetes, and security models
Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security
implications
Skills:
Candidate should be a good team player
Should have good interpersonal skills
Good written communication skills including ability to develop process documentation and security
guidelines.
Ability to apply critical thinking and logic to a wide range of intellectual and practical problems
Ability to maintain composure under pressure and work calmly during an emergency
Ability to manage multiple tasks and schedules