2+ Security Information and Event Management (SIEM) Jobs in Mumbai | Security Information and Event Management (SIEM) Job openings in Mumbai

Fynd is India’s largest omnichannel platform and multi-platform tech company with expertise in retail tech and products in AI, ML, big data ops, gaming+crypto, image editing and learning space. Founded in 2012 by 3 IIT Bombay alumni: Farooq Adam, Harsh Shah and Sreeraman MG. We are headquartered in Mumbai and have 1000+ brands under management, more than 10k stores and servicing 23k + pin codes.

We're looking for an SDE I/ SDE II- DevSecOps to join our Engineering Team. The team builds products for 10M+ Fynd users and internal teams. Our team consists of generalist engineers who work on building modern websites (SPA & Isomorphic), mobile apps for Android & iOS, REST APIs and servers, internal tools, and infrastructure for all our users.

What will you do at Fynd?

• Build a Culture around Security Engineering at Fynd</li><li>Ensure that a healthy security posture is maintained by continuously assessing/monitoring perimeter as well as internal security posture.
• Identify, integrate, monitor, and improve InfoSec controls by understanding business processes.
• Drive a DevSecOps culture in the organization by implementing shift left security culture.
• Conduct security reviews, auditing, penetration testing, risk assessments, vulnerability assessments, threat modeling.
• Install, configure, manage, and maintain mission-critical enterprise applications such as AV, patching, SIEM, DLP, log management and other technical controls. Troubleshoot security system and related issues
• Should have good understanding in working on CSPM
• Should have good understanding in different Services of AWS & GCP, Also need someone who should know DNS.
• Improve Cloud, Application ,Kafka, Database security posture and Kubernetes security using CI/CD Understand by regular gap assessment, Provide support in detection and mitigation of cyber security vulnerability and incidents for Cloud
• Run security automation tools for periodic scans - SAST, DAST, Infrastructure scanning, Compliance check 
• Adhere to OWASP guidelines and bring the OWASP maturity model at organisation level.
• Strong understanding of network concepts including TCP/IP, HTTP and TLS, DDoS detection/prevention, and network and host anomaly detection through both automated (NIDS/HIDS) and manual means.
• A good knack for automating infrastructure security as much as possible

Some specific requirements

• Need to have a professional experience of at least 3-4 years acquired in monitoring and improving DevSec Ops tools and processes
• Extensive knowledge in assurance tools such as Fortify, OWASP ZAP, Sonarqube, Open source automation tools and their integrations into CI/CD cycles.
• Understanding of Zero Trust policy and its implementation.
• Identify security weakness across multiple programming languages like Python, Node JS, Java, Go, Javascript, HTML etc
• Participate in incident handling and other related duties to support the information security function.
• Ability to drive security automation and DevSecOps within engineering life cycle, as well as vulnerability/bug remediation
• Good to have audit experience across compliance certifications like ISO 27001/ISMS/PCI DSS / SoC 2
• Experience in Kubernetes Infra, Cloud deployment technologies - AWS, GCP

Summary:

● We are seeking a highly motivated and experienced Cyber security

● Expert to join our team. You will be responsible

for safeguarding our IT infrastructure, data, and applications from cyber threats.

● You will have a deep understanding of server, endpoint, mail, and infrastructure security and possess strong incident response skills.

● Additionally, you will be well-versed in relevant regulations and how to navigate them during data breaches.

Responsibilities:

● Implement and maintain comprehensive security controls for servers, endpoints, mail, and infrastructure.

● Conduct regular vulnerability assessments and penetration testing.

● Monitor security logs and SIEM systems for suspicious activity.

● Investigate and respond to security incidents, including data breaches.

● Develop and implement incident response plans and procedures.

● Stay up-to-date on the latest cyber threats and vulnerabilities.

● Provide security awareness training to employees.

● Advise on and implement security best practices throughout the organization.

● Understand and comply with relevant data privacy and security regulations (e.g., HIPAA, GDPR, PCI DSS).

● Work collaboratively with IT, business units, and legal teams.