11+ Information security governance Jobs in Bangalore (Bengaluru) | Information security governance Job openings in Bangalore (Bengaluru)

SENIOR INFORMATION SECURITY ENGINEER (DEVSECOPS)

Key Skills: Software Development Life Cycle (SDLC), CI/CD

About Company: Consumer Internet / E-Commerce

Company Size: Mid-Sized

Experience Required: 6 - 10 years

Working Days: 5 days/week

Office Location: Bengaluru [Karnataka]

Review Criteria:

Mandatory:

• Strong DevSecOps profile
• Must have 5+ years of hands-on experience in Information Security, with a primary focus on cloud security across AWS, Azure, and GCP environments.
• Must have strong practical experience working with Cloud Security Posture Management (CSPM) tools such as Prisma Cloud, Wiz, or Orca along with SIEM / IDS / IPS platforms
• Must have proven experience in securing Kubernetes and containerized environments including image security,runtime protection, RBAC, and network policies.
• Must have hands-on experience integrating security within CI/CD pipelines using tools such as Snyk, GitHub Advanced Security,or equivalent security scanning solutions.
• Must have solid understanding of core security domains including network security, encryption, identity and access management key management, and security governance including cloud-native security services like GuardDuty, Azure Security Center etc
• Must have practical experience with Application Security Testing tools including SAST, DAST, and SCA in real production environments
• Must have hands-on experience with security monitoring, incident response, alert investigation, root-cause analysis (RCA), and managing VAPT / penetration testing activities
• Must have experience securing infrastructure-as-code and cloud deployments using Terraform, CloudFormation, ARM, Docker, and Kubernetes
• B2B SaaS Product companies
• Must have working knowledge of globally recognized security frameworks and standards such as ISO 27001, NIST, and CIS with exposure to SOC2, GDPR, or HIPAA compliance environments

Preferred:

• Experience with DevSecOps automation, security-as-code, and policy-as-code implementations
• Exposure to threat intelligence platforms, cloud security monitoring, and proactive threat detection methodologies, including EDR / DLP or vulnerability management tools
• Must demonstrate strong ownership mindset, proactive security-first thinking, and ability to communicate risks in clear business language

Roles & Responsibilities:

We are looking for a Senior Information Security Engineer who can help protect our cloud infrastructure, applications, and data while enabling teams to move fast and build securely.

This role sits deep within our engineering ecosystem. You’ll embed security into how we design, build, deploy, and operate systems—working closely with Cloud, Platform, and Application Engineering teams. You’ll balance proactive security design with hands-on incident response, and help shape a strong, security-first culture across the organization.

If you enjoy solving real-world security problems, working close to systems and code, and influencing how teams build securely at scale, this role is for you.

What You’ll Do-

Cloud & Infrastructure Security:

• Design, implement, and operate cloud-native security controls across AWS, Azure, GCP, and Oracle.
• Strengthen IAM, network security, and cloud posture using services like GuardDuty, Azure Security Center and others.
• Partner with platform teams to secure VPCs, security groups, and cloud access patterns.

Application & DevSecOps Security:

• Embed security into the SDLC through threat modeling, secure code reviews, and security-by-design practices.
• Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
• Secure infrastructure-as-code and containerized workloads using Terraform, CloudFormation, ARM, Docker, and Kubernetes.

Security Monitoring & Incident Response:

• Monitor security alerts and investigate potential threats across cloud and application layers.
• Lead or support incident response efforts, root-cause analysis, and corrective actions.
• Plan and execute VAPT and penetration testing engagements (internal and external), track remediation, and validate fixes.
• Conduct red teaming activities and tabletop exercises to test detection, response readiness, and cross-team coordination.
• Continuously improve detection, response, and testing maturity.

Security Tools & Platforms:

• Manage and optimize security tooling including firewalls, SIEM, EDR, DLP, IDS/IPS, CSPM, and vulnerability management platforms.
• Ensure tools are well-integrated, actionable, and aligned with operational needs.

Compliance, Governance & Awareness:

• Support compliance with industry standards and frameworks such as SOC2, HIPAA, ISO 27001, NIST, CIS, and GDPR.
• Promote secure engineering practices through training, documentation, and ongoing awareness programs.
• Act as a trusted security advisor to engineering and product teams.

Continuous Improvement:

• Stay ahead of emerging threats, cloud vulnerabilities, and evolving security best practices.
• Continuously raise the bar on a company's security posture through automation and process improvement.

Endpoint Security (Secondary Scope):

• Provide guidance on endpoint security tooling such as SentinelOne and Microsoft Defender when required.

Ideal Candidate:

• Strong hands-on experience in cloud security across AWS and Azure.
• Practical exposure to CSPM tools (e.g., Prisma Cloud, Wiz, Orca) and SIEM / IDS / IPS platforms.
• Experience securing containerized and Kubernetes-based environments.
• Familiarity with CI/CD security integrations (e.g., Snyk, GitHub Advanced Security, or similar).
• Solid understanding of network security, encryption, identity, and access management.
• Experience with application security testing tools (SAST, DAST, SCA).
• Working knowledge of security frameworks and standards such as ISO 27001, NIST, and CIS.
• Strong analytical, troubleshooting, and problem-solving skills.

Nice to Have:

• Experience with DevSecOps automation and security-as-code practices.
• Exposure to threat intelligence and cloud security monitoring solutions.
• Familiarity with incident response frameworks and forensic analysis.
• Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+.

Perks, Benefits and Work Culture:

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the comprehensive benefits that company offers.

Experience 2- 6 years within SW development

Excellent C/C++ and object-oriented programming skills

Excellent design analysis skills, including experience with software modeling,

Excellent on Linux for CLI or SNMP management related layer for L2 or L3 switches

Experience in telecom is a plus

Flexible, innovative, and driven

Structured and thorough with analytical and troubleshooting skills

Highly motivated team player

Agile way of working

• Experience in either of these Relational DB’s MS SQL Server / PostgreSQL / AWS Aurora DB / MySQL / Oracle / NOSQL DBs (MongoDB / DynamoDB / DocumentDB) in an application development environment and eagerness to switch DB.
• Design database tables, views, indexes
• Write functions and procedures for Middle Tier Development Team
• Work with any front-end developers in completing the database modules end to end (hands-on experience in parsing of JSON & XML in Stored Procedures would be an added advantage).
• Query Optimization for performance improvement
• Design & develop SSIS Packages or any other Transformation tools for ETL

• Banking / Insurance / Retail domain would be a plus.
• Interaction with a client a plus

• Knowledge in a Cloud Platform (AWS / Azure)
• Knowledge on version control system (SVN / Git)
• Exposure to Quality and Process Management
• Knowledge in Agile Methodology

• Team building (attitude to train, work along, mentor juniors)
• Communication skills (all kinds)
• Quality consciousness
• Analytical acumen to all business requirement
• Think out-of-box for business solution

Job Responsibility:

- Hands-on non-academic experience From 4 to 5 years as a .NET Developer or Application Developer

- Strong knowledge of object-oriented programming

- Good Understanding with the ASP.NET framework,VB.NET , VC#.NET, SQL Server and design/architectural patterns (e.g. MVC)

-  Basic Knowledge of Microsoft SQL Server

-  Basic Knowledge of Agile methodologies

- Database: SQL Server, SSIS & SSRS (will be a plus)

- Great understanding, Debugging and problem-solving skills.

• Develop Android handset clients
• Develop architecture and low-end designs based on customer and product management requirements
• Communication of designs and other development issues to developers and managers
• Design, develop and manage automated unit and acceptance tests
• Peer review of design code and tests
• Participate in the agile development program
• Bug Fixing
• Take ownership of deliverables
• Adhere to development methodologies

ESSENTIAL SKILLS/ATTRIBUTES:

• Excellent knowledge of Android
• Appreciation for the limitations of handset development
• Attention to detail and subtleties of UI design and implementation
• Understanding of design patterns
• Ability to design for scalability and resilience
• Strong application process flow and problem-solving techniques
• Strong focus on refactoring and code quality
• Understanding of software configuration management and release management
• High levels of software engineering literacy and communication skills
• Friendly and professional manner
• Minimum 3 - 5 years java development
• Third Level Qualifications in computing, mathematics, or science
• Experience in building web (PWA)/mobile app using ionic/reactjs (react native)

DESIRED SKILLS:

• Experience of working in an agile environment
• Product development and lifecycle experience
• Experience in unit testing
• Scripting (JavaScript, Ruby, Python, Shell, etc.)
• Knowledge of build systems such as Maven and Gradle
• RESTful development
• XML, JSON, HTTP, SyncML, HTML 5, CSS, Groovy
• Windows and Unix development
• Experience leading development teams or performing customer-facing duties is an advantage
• Kotlin Language Skills

The role of a Personal Loan Risk Head is to own, manage and communicate risk policies and processes. He/She shall provide hands-on development of risk models involving market, credit and operational risk, assure controls are operating effectively, and provide research and analytical support. Prospective candidates must have excellent quantitative and analytical skills, along with the ability to apply those skills across a variety of business processes.

Key Expectations

• Designing and implementing an overall risk management process for the Personal Loan portfolio, which includes an analysis of the financial impact on the company when risks occur
• Performing a risk assessment: Analyzing current risks and identifying potential risks that are affecting the company
• Own the portfolio risk metrics - Loss forecasting, Stress testing, Credit Risk, Liquidity risk, Collections performance & strategy & overall ROA by segment.
• Monitor portfolio risk from granular dimensions and constantly implement strategies to maintain risk metrics within specific ranges.
• Monitor various operational metrics and develop alerting mechanisms to maintain process efficiency
• Designing and implementing strategies for Underwriting, Account Management, Portfolio Monitoring and Collections
• Develop risk based credit policies and pricing grids to maximize approvals within specific segments of risk
• Work with data science team which will develop algorithms and scorecards and drive decision models across various business segments.
• Partner with Engineering team to implement policies and scorecards.
• Supervise creation of time-sensitive analytics, visualisations, and complicated, high-visibility reports for Risk and Business management to use in portfolio monitoring and strategic decision-making.

Competencies -

• Have strong business understanding of the retail lending business in India and understanding of the regulatory landscape
• Should have hands-on experience working as data analyst or data scientist or statistical modeler in retail space, preferably in financial services or ecommerce.
• Strong experience in establishing and managing high-performing teams with a collaborative leadership approach.
• Outstanding communication skills, both verbal and written          

• Preparing JD understanding the needs of hiring manager as well to ask questions that will help you identify the right candidate(s).
• Screen for basic competence of candidates against a technical job description
• Responsible for full-cycle recruiting: interview, offer, negotiation and close candidates for assigned requisitions.
• Identify & Sourcing candidates through various channels Job boards, LinkedIn, cold calls, Technology forums, as well as the database acquired and Buddy referrals as per the requirements of the company standards.
• Generate Recruitment Dashboard periodically & Maintain MIS. on Talent Acquisition activities
• On boarding of new joiners
• Support and advise on HR policy, ensure compliance to the company's policies.
• Serve as an escalation point for personnel and employee relations issues.
• Handling HRMS.
• Update management on a variety of matters including absence, poor performance and manage terminations
• Research attrition/retention, analysing trends thorough headcount and exit data and recommending appropriate course of action.
• Leave and Attendance management Organise Corporate events and other employee engagement activities
• Organise Corporate events and other employee engagement activities