5+ ISO/IEC 27000-series Jobs in Bangalore (Bengaluru) | ISO/IEC 27000-series Job openings in Bangalore (Bengaluru)

SENIOR INFORMATION SECURITY ENGINEER (DEVSECOPS)

Key Skills: Software Development Life Cycle (SDLC), CI/CD

About Company: Consumer Internet / E-Commerce

Company Size: Mid-Sized

Experience Required: 6 - 10 years

Working Days: 5 days/week

Office Location: Bengaluru [Karnataka]

Review Criteria:

Mandatory:

• Strong DevSecOps profile
• Must have 5+ years of hands-on experience in Information Security, with a primary focus on cloud security across AWS, Azure, and GCP environments.
• Must have strong practical experience working with Cloud Security Posture Management (CSPM) tools such as Prisma Cloud, Wiz, or Orca along with SIEM / IDS / IPS platforms
• Must have proven experience in securing Kubernetes and containerized environments including image security,runtime protection, RBAC, and network policies.
• Must have hands-on experience integrating security within CI/CD pipelines using tools such as Snyk, GitHub Advanced Security,or equivalent security scanning solutions.
• Must have solid understanding of core security domains including network security, encryption, identity and access management key management, and security governance including cloud-native security services like GuardDuty, Azure Security Center etc
• Must have practical experience with Application Security Testing tools including SAST, DAST, and SCA in real production environments
• Must have hands-on experience with security monitoring, incident response, alert investigation, root-cause analysis (RCA), and managing VAPT / penetration testing activities
• Must have experience securing infrastructure-as-code and cloud deployments using Terraform, CloudFormation, ARM, Docker, and Kubernetes
• B2B SaaS Product companies
• Must have working knowledge of globally recognized security frameworks and standards such as ISO 27001, NIST, and CIS with exposure to SOC2, GDPR, or HIPAA compliance environments

Preferred:

• Experience with DevSecOps automation, security-as-code, and policy-as-code implementations
• Exposure to threat intelligence platforms, cloud security monitoring, and proactive threat detection methodologies, including EDR / DLP or vulnerability management tools
• Must demonstrate strong ownership mindset, proactive security-first thinking, and ability to communicate risks in clear business language

Roles & Responsibilities:

We are looking for a Senior Information Security Engineer who can help protect our cloud infrastructure, applications, and data while enabling teams to move fast and build securely.

This role sits deep within our engineering ecosystem. You’ll embed security into how we design, build, deploy, and operate systems—working closely with Cloud, Platform, and Application Engineering teams. You’ll balance proactive security design with hands-on incident response, and help shape a strong, security-first culture across the organization.

If you enjoy solving real-world security problems, working close to systems and code, and influencing how teams build securely at scale, this role is for you.

What You’ll Do-

Cloud & Infrastructure Security:

• Design, implement, and operate cloud-native security controls across AWS, Azure, GCP, and Oracle.
• Strengthen IAM, network security, and cloud posture using services like GuardDuty, Azure Security Center and others.
• Partner with platform teams to secure VPCs, security groups, and cloud access patterns.

Application & DevSecOps Security:

• Embed security into the SDLC through threat modeling, secure code reviews, and security-by-design practices.
• Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
• Secure infrastructure-as-code and containerized workloads using Terraform, CloudFormation, ARM, Docker, and Kubernetes.

Security Monitoring & Incident Response:

• Monitor security alerts and investigate potential threats across cloud and application layers.
• Lead or support incident response efforts, root-cause analysis, and corrective actions.
• Plan and execute VAPT and penetration testing engagements (internal and external), track remediation, and validate fixes.
• Conduct red teaming activities and tabletop exercises to test detection, response readiness, and cross-team coordination.
• Continuously improve detection, response, and testing maturity.

Security Tools & Platforms:

• Manage and optimize security tooling including firewalls, SIEM, EDR, DLP, IDS/IPS, CSPM, and vulnerability management platforms.
• Ensure tools are well-integrated, actionable, and aligned with operational needs.

Compliance, Governance & Awareness:

• Support compliance with industry standards and frameworks such as SOC2, HIPAA, ISO 27001, NIST, CIS, and GDPR.
• Promote secure engineering practices through training, documentation, and ongoing awareness programs.
• Act as a trusted security advisor to engineering and product teams.

Continuous Improvement:

• Stay ahead of emerging threats, cloud vulnerabilities, and evolving security best practices.
• Continuously raise the bar on a company's security posture through automation and process improvement.

Endpoint Security (Secondary Scope):

• Provide guidance on endpoint security tooling such as SentinelOne and Microsoft Defender when required.

Ideal Candidate:

• Strong hands-on experience in cloud security across AWS and Azure.
• Practical exposure to CSPM tools (e.g., Prisma Cloud, Wiz, Orca) and SIEM / IDS / IPS platforms.
• Experience securing containerized and Kubernetes-based environments.
• Familiarity with CI/CD security integrations (e.g., Snyk, GitHub Advanced Security, or similar).
• Solid understanding of network security, encryption, identity, and access management.
• Experience with application security testing tools (SAST, DAST, SCA).
• Working knowledge of security frameworks and standards such as ISO 27001, NIST, and CIS.
• Strong analytical, troubleshooting, and problem-solving skills.

Nice to Have:

• Experience with DevSecOps automation and security-as-code practices.
• Exposure to threat intelligence and cloud security monitoring solutions.
• Familiarity with incident response frameworks and forensic analysis.
• Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+.

Perks, Benefits and Work Culture:

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the comprehensive benefits that company offers.

Job Description

Who we are looking for:

A Senior consultant with proven technical and consultative experience, fluent Japanese language proficiency, and expected to be strong in both technical and interpersonal skills. A Senior Consultant must be a proven self-starter with the ability to problem-solve, communicate, participate in diverse project teams from a technical perspective, and interface effectively with customers, vendor partners, and colleagues. You will actively contribute to improving operational efficiency on projects and internal initiatives. Deliver timely engagements and work closely with Practice Directors to drive training and education, career development, performance development, and collaboration across the team. In line with Optiv’s commitment to quality, you will confirm that work is of the highest quality as per Optiv’s quality standards, by reviewing the work provided by other members.

How you’ll make an impact:

• Comfortably deliver solo-based work or act as "point" for complex projects

• Acts as technical escalation point to assist other consultants

• Lead in creation, development and delivery of custom security solutions

• Lead security and compliance program-related development and implementation efforts

• Design, implement and educate on specific security processes

• Effectively provide knowledge transfer and post-engagement support activities as necessary

• Excellent team communicator

• Mentor less experienced consultants

• Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional associations such as ISACA, ISC2 etc.

• Consistently complete administrative project tasks like time and expense entry, status reporting, and project completion reporting

• Support and occasionally lead practice related development efforts including training and awareness, performance development and cyber strategy accelerators

• Act as contributor in Optiv communities for solutions of focus.

Qualifications

• Bachelor's degree and related work experience

• Proven security architecture experience

• Strong knowledge of multiple security concepts and methods such as vulnerability assessments, data classification, privacy assessments, incident response, security policy creation, enterprise security strategies, architectures and governance

• Strong understanding of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming/scripting languages (C, Java, Perl, Shell)

• Strong understanding of regulatory requirements and compliance issues affecting clients related to privacy and data protection, such as PCI DSS, GLBA, Basel II, EU Data Protection Directive, International Cross Border, and U.S. State Data Privacy Laws

• Expert knowledge of using Microsoft Office

• Ability to build relationships with and influence other functional areas

• Well-developed negotiation skills

• Ability to build consensus

• Solid business acumen and basic project management expertise.

• Ability to manage multiple tasks in parallel

• Willingness to travel to meet client needs.

Good-to-Have Criteria

• Professional certifications such as CISSP, CISM, CISA, CEH, or equivalent
• Exposure to cloud security platforms (AWS, Azure, GCP)
• Experience in data privacy & cross-border compliance projects
• Advanced skills in automation, scripting, or security orchestration
• Previous consulting experience with global clients
• Participation in professional associations (ISACA, ISC2, etc.)
• 
  

Mandatory Criteria:

• Need candidate having Fluent Japanese language proficiency.
• Need candidate from Cybersecurity companies Only.
• Certifications required by the candidate - (Either from given two) - ISO 27001 or CISSP
• Candidate should have experience in Security architecture & Consulting
• Candidate should have Strong expertise in networking, operating systems (Windows/UNIX/mainframe), firewalls, IDS/IPS
• Candidate should have Knowledge of scripting/programming languages (C, Java, Perl, Shell)
• Candidate should have Hands-on experience in vulnerability assessments, incident response, policy creation, governance
• Candidate should have Strong understanding of regulatory frameworks (PCI DSS, GLBA, Basel II, EU Data Protection, US State Privacy Laws)
• Candidate should have Excellent client-facing and stakeholder management skills
• Candidate should have Ability to mentor, lead projects, and work in diverse teams
• Candidate should be Willing to travel as per business/project requirements

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Requirements: -

1. Mandatory - ISO 27001:2013 lead implementor certified
2. Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
3. Good to have – CISA, CISM, Risk management certification, Privacy certifications.
4. Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
5. This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
6. Good documentation skills.
7. Develop, implement, maintain, review and continually improve Information Security policies.
8. Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
9. Manage and maintain a risk register / risk database along with risk treatment plans.
10. Good understanding of physical and environmental security.
11. Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
12. Provide training to the employees on Privacy & Information Security Management System on regular intervals.
13. The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
14. Mandatory: Good verbal and written communication skills. Eye for details.
15. Good presentation skills.
16. Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Joining requirement: - Not later than second week of June 2023.

Requirements: -

1.      Mandatory - ISO 27001:2013 lead implementor certified

2.      Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)

3.      Good to have – CISA, CISM, Risk management certification, Privacy certifications.

4.      Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.

5.      This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.

6.      Good documentation skills.

7.      Develop, implement, maintain, review and continually improve Information Security policies.

8.      Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.

9.      Manage and maintain a risk register / risk database along with risk treatment plans.

10.  Good understanding of physical and environmental security.

11.  Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.

12.  Provide training to the employees on Privacy & Information Security Management System on regular intervals.

13.  The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.

14.  Mandatory: Good verbal and written communication skills. Eye for details.

15.  Good presentation skills.

16.  Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

1.      Core Responsibilities

·      Review, suggest and implement enhancements/Bug fixes to the ServiceNow platform.

·      Work closely with other IT teams to help implement integrations from other platforms(like Monitoring tools: Nagios, Prometheus, Sematext, Dynatrace etc., )  into the ServiceNow ecosystem.

·      Attend important business meetings to gather information around projects pertaining to ServiceNow.

·      Help to maintain and improve the CMDB by collaborating with key stakeholders to ensure the correct data is being maintained.

·      Help to manage the platform to ensure a reliable seamless user experience.

·      Develop and maintain service catalogue items by collaborating with key stakeholders across the business.

·      Support the banks audit requirements around the ServiceNow platform by helping to provide reports and audits as required.

·      Support audit requirements and compliance to standards

·      Should have knowledge on creating customized Dashboards & Reports

·      Automation using ServiceNow (like Major Incident Management, Incident Reduction, Problem Management etc.,) , if any

·      Should be able to drive Service Improvement Plan’s in optimizing ServiceNow platform on their own

·      Maintain the company’s compliance standards and ensure timely completion of all mandatory on-line training modules and attestations.

2.      Experience Requirements

Essential:

·      4 to 6 years previous experience in ServiceNow administration OR Technical work on ServiceNow design and implementation is essential

·      4 to 6 years previous experience in delivering ServiceNow projects (new modules, improvements, enhancements etc.) is essential

·      4 to 6 years previous experience or equivalent qualification in Service Now ITSM & ITOM is essential

·      8 to 10 years overall experience in IT is essential

Desirable

·      3 to 5 years’ experience in orchestration, service mapping is desirable

3.      Knowledge Requirements

Essential

·      Very good knowledge of Incident Management, Request Fulfilment, Change Management, Problem Management processes

·      Very good knowledge of ITSM and ITOM practices is essential

·      Detailed knowledge of the ITIL/ITSM Best practices is essential

Desirable

·      Good understanding of CSDM is desirable

·      Good knowledge of the ISO 20K, 27K, 9K is desirable

·      Basic knowledge of IT Infrastructure technologies used in a banking domain in desirable