6+ NIST Jobs in India

SENIOR INFORMATION SECURITY ENGINEER (DEVSECOPS)

Key Skills: Software Development Life Cycle (SDLC), CI/CD

About Company: Consumer Internet / E-Commerce

Company Size: Mid-Sized

Experience Required: 6 - 10 years

Working Days: 5 days/week

Office Location: Bengaluru [Karnataka]

Review Criteria:

Mandatory:

• Strong DevSecOps profile
• Must have 5+ years of hands-on experience in Information Security, with a primary focus on cloud security across AWS, Azure, and GCP environments.
• Must have strong practical experience working with Cloud Security Posture Management (CSPM) tools such as Prisma Cloud, Wiz, or Orca along with SIEM / IDS / IPS platforms
• Must have proven experience in securing Kubernetes and containerized environments including image security,runtime protection, RBAC, and network policies.
• Must have hands-on experience integrating security within CI/CD pipelines using tools such as Snyk, GitHub Advanced Security,or equivalent security scanning solutions.
• Must have solid understanding of core security domains including network security, encryption, identity and access management key management, and security governance including cloud-native security services like GuardDuty, Azure Security Center etc
• Must have practical experience with Application Security Testing tools including SAST, DAST, and SCA in real production environments
• Must have hands-on experience with security monitoring, incident response, alert investigation, root-cause analysis (RCA), and managing VAPT / penetration testing activities
• Must have experience securing infrastructure-as-code and cloud deployments using Terraform, CloudFormation, ARM, Docker, and Kubernetes
• B2B SaaS Product companies
• Must have working knowledge of globally recognized security frameworks and standards such as ISO 27001, NIST, and CIS with exposure to SOC2, GDPR, or HIPAA compliance environments

Preferred:

• Experience with DevSecOps automation, security-as-code, and policy-as-code implementations
• Exposure to threat intelligence platforms, cloud security monitoring, and proactive threat detection methodologies, including EDR / DLP or vulnerability management tools
• Must demonstrate strong ownership mindset, proactive security-first thinking, and ability to communicate risks in clear business language

Roles & Responsibilities:

We are looking for a Senior Information Security Engineer who can help protect our cloud infrastructure, applications, and data while enabling teams to move fast and build securely.

This role sits deep within our engineering ecosystem. You’ll embed security into how we design, build, deploy, and operate systems—working closely with Cloud, Platform, and Application Engineering teams. You’ll balance proactive security design with hands-on incident response, and help shape a strong, security-first culture across the organization.

If you enjoy solving real-world security problems, working close to systems and code, and influencing how teams build securely at scale, this role is for you.

What You’ll Do-

Cloud & Infrastructure Security:

• Design, implement, and operate cloud-native security controls across AWS, Azure, GCP, and Oracle.
• Strengthen IAM, network security, and cloud posture using services like GuardDuty, Azure Security Center and others.
• Partner with platform teams to secure VPCs, security groups, and cloud access patterns.

Application & DevSecOps Security:

• Embed security into the SDLC through threat modeling, secure code reviews, and security-by-design practices.
• Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
• Secure infrastructure-as-code and containerized workloads using Terraform, CloudFormation, ARM, Docker, and Kubernetes.

Security Monitoring & Incident Response:

• Monitor security alerts and investigate potential threats across cloud and application layers.
• Lead or support incident response efforts, root-cause analysis, and corrective actions.
• Plan and execute VAPT and penetration testing engagements (internal and external), track remediation, and validate fixes.
• Conduct red teaming activities and tabletop exercises to test detection, response readiness, and cross-team coordination.
• Continuously improve detection, response, and testing maturity.

Security Tools & Platforms:

• Manage and optimize security tooling including firewalls, SIEM, EDR, DLP, IDS/IPS, CSPM, and vulnerability management platforms.
• Ensure tools are well-integrated, actionable, and aligned with operational needs.

Compliance, Governance & Awareness:

• Support compliance with industry standards and frameworks such as SOC2, HIPAA, ISO 27001, NIST, CIS, and GDPR.
• Promote secure engineering practices through training, documentation, and ongoing awareness programs.
• Act as a trusted security advisor to engineering and product teams.

Continuous Improvement:

• Stay ahead of emerging threats, cloud vulnerabilities, and evolving security best practices.
• Continuously raise the bar on a company's security posture through automation and process improvement.

Endpoint Security (Secondary Scope):

• Provide guidance on endpoint security tooling such as SentinelOne and Microsoft Defender when required.

Ideal Candidate:

• Strong hands-on experience in cloud security across AWS and Azure.
• Practical exposure to CSPM tools (e.g., Prisma Cloud, Wiz, Orca) and SIEM / IDS / IPS platforms.
• Experience securing containerized and Kubernetes-based environments.
• Familiarity with CI/CD security integrations (e.g., Snyk, GitHub Advanced Security, or similar).
• Solid understanding of network security, encryption, identity, and access management.
• Experience with application security testing tools (SAST, DAST, SCA).
• Working knowledge of security frameworks and standards such as ISO 27001, NIST, and CIS.
• Strong analytical, troubleshooting, and problem-solving skills.

Nice to Have:

• Experience with DevSecOps automation and security-as-code practices.
• Exposure to threat intelligence and cloud security monitoring solutions.
• Familiarity with incident response frameworks and forensic analysis.
• Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+.

Perks, Benefits and Work Culture:

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the comprehensive benefits that company offers.

Network Security Engineer – 10+ Years of Experience

(Males & Immediate Joiners only)

Mandatory Skills:

- 10+ years of experience in network security with a strong focus on data center security, cloud security, and container security.

- In-depth knowledge of firewalls, intrusion detection/prevention systems (IDS/IPS), and other security tools like anti-virus and endpoint protection.

- Experience with cloud security solutions and securing cloud-native applications.

- Strong experience with vulnerability management, penetration testing, and disaster recovery planning.

- Advanced knowledge of network protocols, network security design, and defense against common attack vectors (e.g., DDoS, SQL injection, phishing).

- Familiarity with security frameworks such as NIST, ISO 27001, and other relevant security standards.

- Excellent analytical, problem-solving, and critical thinking skills, with a strong attention to detail.

- Strong communication and interpersonal skills, with the ability to train staff and consult with management on security matters.

We are looking for an experienced Network Security Engineer with 8+ years of experience in managing and securing network infrastructures, including data center and cloud security solutions, as well as container security. If you have a strong background in firewall solutions, vulnerability management, and a passion for securing modern IT environments, this role is for you!

---

 Role Purpose:

As a Network Security Engineer, you will be responsible for ensuring the security, integrity, and confidentiality of the organization's network and systems. You will focus on installing, administering, and troubleshooting network security solutions, working with a variety of security tools and platforms, including firewalls, cloud security, containers, and endpoint protection. 

---

 Key Responsibilities:

 Security Solutions Management:

- Install, configure, and administer network security solutions, including firewalls and cloud security tools.

- Update software and firmware for network security systems with the latest security patches, ensuring defenses are up-to-date.

- Configure and support security systems such as firewalls, anti-virus software, and intrusion detection/prevention systems.

- Implement container security solutions to secure applications and services in cloud environments.

 Vulnerability & Penetration Testing:

- Conduct vulnerability assessments and penetration testing to identify potential threats and vulnerabilities.

- Develop and implement disaster recovery plans to mitigate the impact of potential security breaches.

- Monitor network traffic for signs of suspicious activity, perform threat analysis, and recommend improvements to reduce risk.

 Security Policy & Access Control:

- Create and enforce network security policies, including access controls, authorization roles, and defenses against unauthorized access, modifications, and data destruction.

- Ensure network resources are properly configured to defend against unauthorized or malicious activities.

- Provide expert advice and support to staff, managers, and executives on security best practices.

 Security Monitoring & Incident Response:

- Actively monitor network and application traffic for suspicious behavior and respond to potential security incidents.

- Identify, analyze, and respond to security breaches, providing clear documentation and resolution strategies.

- Ensure the effectiveness of security controls and defenses by reviewing security alerts and incidents.

 Training & Consultation:

- Train staff and end-users on security protocols and best practices to raise awareness and reduce human error.

- Provide technical consultations and guidance on improving security measures across all departments.

- Offer continuous education on new threats and security solutions to enhance overall organizational security posture.

---

IAM -Security Engineer

About the Role:

We are seeking an Identity and Access Management (IAM) Security Engineer with Business Analyst exposure to join our team. In this role, you will combine your technical expertise in IAM security with business analysis skills to strengthen our security landscape and enhance alignment between technology solutions and business objectives. You'll work on designing, implementing, and managing security controls while collaborating across business and technology teams to deliver value-driven solutions.

Key Responsibilities:

Stay updated on IAM security best practices and integrate approved patterns into development operations and continuous delivery/improvement processes.

Design and implement security controls to protect systems while ensuring alignment with business objectives and requirements.

Manage existing IAM and Data Protection platforms and build new capabilities to support internal and external customer needs.

Develop automated security solutions tailored to business requirements, ensuring scalability and efficiency.

Collaborate with operations teams to ensure seamless handoff, proper documentation, and full acceptance of work.

Design and consult on enterprise security control architectures to meet both technical and business goals.

Partner with business and technology teams to maintain and improve the security technology stack, including identity solutions, cloud capabilities, and audit tools.

Conduct detailed business analysis to understand stakeholder needs and translate them into technical security requirements.

Act as a liaison between business units and technology teams to ensure security solutions meet organizational goals.

Minimum Qualifications:

Experience:

Minimum 5+ years of experience in IT Security or security engineering roles, with a focus on IAM practices (e.g., Active Directory, Azure Entra, AWS IAM).

Hands-on experience in Cloud Security environments.

Expertise in developing and implementing security standards, specifications, and procedures.

Experience with security frameworks such as ISO27001 and NIST CSF.

Knowledge of regulatory requirements (e.g., SOX, PCI-DSS).

Proven ability to provide technical security guidance to diverse audiences.

Experience in business analysis, including requirements gathering, stakeholder management, and process improvement.

Strong analytical and problem-solving skills to bridge the gap between business needs and technical solutions.

Other Requirements:

Excellent communication and interpersonal skills to effectively collaborate across business and technical teams.

Flexibility to work in rotational shifts.

Proficiency in documentation and reporting tools to communicate security findings and solutions effectively.

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

Dear Candidate,

Greetings from HCL Technologies Ltd.

• Make sense of Cyber security and compliance frameworks that apply to your business or industry
  • Identify business risks, taking into account the role of your hosting service provider
  • Determine which Cyber security controls are required to mitigate your identified risks
  • Improve collaboration and communication during Cyber security Incident mitigation and response.
  • Establish the necessary framework based on NIST Framework to maintain and continually improve your information security program over time based on evolving scope and emerging risks
  • Document and track efforts for evidence collection and audit preparation

• will have primary responsibility for coordinating and implementing effective Cyber Security management across the account. This role will ensure that all Supplier obligations are met regarding compliance with Security guidelines, data protection, regulations, Supplier policies, and key controls.
• provide implementation and ongoing operation of Security management framework;
• be responsible for coordinating activities to address the key Security risk exposures;
• ensure Security awareness training of, and assistance in the implementation of robust Security management practices across Security operations;
• direct the design of controls to address emerging or new Security risk and compliance requirements;
• carry out regular and frequent assurance reviews of the design and operating effectiveness of Security controls;
• implement, monitor and report on key Security risk indicators to identify and address emerging risks;
• coordinate with other Service Providers and Security functions, to facilitate client’s audits and inspections;
• manage and report on responses and actions to address Security audit points, inspection deficiencies, or control weakness identified during normal operations.
• review outcome of cyber security risk assessment, timely implement open action items and report progress to stakeholders
• incorporate vulnerability testing as an integral part of change management
• Should have good knowledge of Cyber Security Framework and controls
• CISA ,CISM or CISSP certification should be preferred.
• Have good understanding of Security policy and process along with ITSM process.