Algotale ( InCred ) - Information Security Engineer

Role- Information Security Engineer

Location- Bangalore Hybrid 2 Days Onsite

Company- InCred

Job Description

%CF; Evaluating, Testing, and integrating security tools, standards, and associated processes as per the
security framework.
%CF; Identify, prioritize, and track security incidents and manage related platforms such as SIEM ( Wazuh
, Blusapphire, Qualys ) , DLP ( Email and Application), EDR and other security tools
%CF; Ability to run automated and manual scans on tools like - Burpsuite and Nessus Improving and
supporting application security tool deployments including static analysis and runtime testing tools.
%CF; Assist in creating and managing the framework for Information Security in alignment with
industry best practices (ISO 27001, NIST CSF, OWASP top 10)
%CF; Improve the cyber security program governance processes including cyber security risk
reporting (recommending new report formats, reporting technologies and collaborating with
team members to build-out reports/dashboards) and governance committee
%CF; Develop of cyber security standards, including incorporating industry practices and
applicable compliance requirements
%CF; Monitor and report compliance with cyber security standards and security rules of relevant
cyber security and regulatory privacy requirements
%CF; Improving and supporting application security tool deployments including static analysis and runtime
testing tools.
%CF; Create and manage process to guide development and testing teams on proactively finding
application security risks
%CF; Improving and maintaining secure development standards.
%CF; Supporting the application architecture/design review processes whenever application security
expertise is needed.
%CF; Oversee and improve third-party information security risk management programs to assess
risks associated with the usage of third-parties/vendors. Assist in 3rd party security due-
diligence reviews
%CF; Conduct periodic penetration testing services of application and Network related infrastructure.
Closure of open risks by actively following-up with stakeholders.
%CF; Assess application, design threat models, risk, document potential risk vectors, recommend relative
controls and ensure risk is addressed
%CF; Maintain security risk register to track the identified risks and produce metrics to report the state of
application security program and risk status.
%CF; Additional responsibilities to this role include:
%CB; Recommend cybersecurity assessment methodology and support purple team exercises
when required
%CB; Assessing cloud security risk (AWS, Google, and Azure) and recommending appropriate
security controls
%CF; Assist in imparting security awareness training and executing phishing simulation exercises
to employees.
%CF; Track and report security metrics to higher management on a regular basis
%CF; Define hardening standard for various technology and assess compliance levels
%CF; Identify, prioritize, and track security incidents and manage related platforms such as SIEM, DLP,
EDR and other security tools
%CF; Provide clear communication on the issue to application owners and verify the efficacy of
vulnerability remediation
%CF; Should have ability to drive VAPT engagements end to end for Web, Mobile and Infra with Internal
stakeholders and external agencies if required

%CF; Basic understanding of regulatory requirements of Indian Fintech ecosystem like RBI, SEBI, NSE,
BSE others

Key Areas: ISO 27001, security governance, evaluating and implementing security tools (SIEM, DLP,
endpoint protection), security reviews and assessment, preparation of security checklist, security
awareness/phishing simulation, cloud security, Application security.
Keywords in the line of priority - Information security , SOC (Security Operations centre), SIEM ,
Application security, Technical risk assessment, Cloud Security , Third party risk management, Security
reviews , Security checklist, Internal and external audits, Awareness trainings, RBI , ISO 27001, CEH,
Certifications: good to have - ISO 27001, CEH or CC ( Not Mandatory )

Experience

%CF; Should have 3-4 years of experience in the information security domain
%CF; Must have sound knowledge in security vulnerabilities, remediation and mitigation techniques.
%CF; Ability to document and explain technical details in a concise & understandable manner
%CF; Industry recognized certificates relevant to the roles such as CISM, CISSP, CISA, ISO 27001 LA ,
CEH and CC are desired
%CF; Ability to lead complex, cross-functional projects, and problem-solving initiatives.
%CF; Passionate about information security and update knowledge on daily basis to support the
organization
%CF; Candidates must have excellent verbal and written communication skills
%CF; Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, to
concerned stakeholders and discuss effective defensive techniques.
%CF; Familiarity with industry standards and regulations including RBI Master directionsPCI, ISO27001,
CIS, NIST is desired.
%CF; Good understanding of the Docker, Kubernetes, and security models
%CF; Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security
implications
Skills:
%CF; Candidate should be a good team player
%CF; Should have good interpersonal skills
%CF; Good written communication skills including ability to develop process documentation and security
guidelines.
%CF; Ability to apply critical thinking and logic to a wide range of intellectual and practical problems
%CF; Ability to maintain composure under pressure and work calmly during an emergency
%CF; Ability to manage multiple tasks and schedules