5+ Vulnerability management Jobs in Bangalore (Bengaluru) | Vulnerability management Job openings in Bangalore (Bengaluru)
Apply to 5+ Vulnerability management Jobs in Bangalore (Bengaluru) on CutShort.io. Explore the latest Vulnerability management Job opportunities across top companies like Google, Amazon & Adobe.
About the Role
We are looking for a senior Information Security leader who can operate at two levels simultaneously:
- Drive the company’s security architecture and governance internally.
- Serving as the primary security representative to banks, NBFCs, insurers and other enterprise customers.
This is a mix of client-facing + security expert role for someone comfortable discussing cloud security, application security, audits, risk management and regulatory requirements with CISOs, security teams, auditors and executive stakeholders.
What You'll Own?
• Act as the executive face of security during customer audits, InfoSec reviews, RFPs and procurement processes
• Build trusted relationships with CISOs, security leaders and risk teams across BFSI organizations
• Own security responses for customer questionnaires, control discussions and architecture reviews
• Drive security strategy, risk management and security governance across the company
• Establish and continuously improve internal audit, compliance and evidence-collection processes
• Own security readiness for ISO 27001, SOC 2, RBI, DPDP and related regulatory requirements
• Guide cloud, infrastructure, identity, access control, secrets management and deployment security practices
• Partner with engineering teams to embed security into product development and operations
• Lead incident response, vulnerability management and security improvement initiatives
Ideal Background
• Security Engineering, DevSecOps, Cloud Security, Security Architecture or CISO/Deputy CISO experience
• Experience working with banks, NBFCs, insurers, fintechs or BFSI-focused SaaS companies
• Strong understanding of AWS, Kubernetes, IAM, CI/CD and modern cloud security practices
• Experience handling customer-facing security reviews, audits and compliance programs
• Familiarity with ISO 27001, SOC 2, RBI guidelines, DPDP and related security frameworks
• Ability to translate technical controls into business language for customers and executives
Why This Role Is Different?
Rather than being a back-office compliance function, this role sits at the intersection of security, customer trust and business growth. You will work directly with the founders, influence product and infrastructure decisions, and play a key role in helping the company win and expand enterprise BFSI accounts.
🔹 Role: Third Party Cyber Risk Services Operations – Lead Analyst
📍 Location: Bellandur, Bangalore
🕐 Work Timings: 01:30 PM – 10:30 PM
🕐 Type: Contract to hire
🏢 Work Mode: Monday (WFH), Tuesday–Friday (WFO)
📅 Experience: 10–12 Years
Job Summary:
Role Summary
The Lead Analyst will support Third-Party Cyber Risk Services operations by managing daily intake, executing workflows, and delivering data-driven risk assessments. This role is responsible for making defensible third-party risk decisions (including accept/reject), partnering with cross-functional stakeholders, and strengthening organizational cyber resilience.
Key Responsibilities
Third-Party Risk Management
- Manage and maintain the third-party risk management framework
- Perform inherent and residual risk assessments using data-driven methodologies
- Identify cyber risks associated with third-party vendors
Risk Analysis & Mitigation
- Define, implement, and track mitigation and risk treatment plans
- Analyse trade-offs to manage residual risk effectively
- Support defensible risk decisions aligned with business objectives
Stakeholder Collaboration
- Partner with:
- Procurement (contract advisors, category managers)
- Legal teams
- Business/Product owners
- Risk managers & analysts
- Security engineers & threat intelligence teams
- Communicate risk insights, impacts, and recommendations clearly
Operations & Delivery
- Manage intake and prioritize work based on risk
- Meet SLAs without compromising quality
- Handle escalations and resolve high-risk issues promptly
Process Improvement & Automation
- Define and enhance processes, procedures, and tools
- Identify efficiency opportunities and leverage automation/AI
- Drive continuous improvement initiatives
Metrics & Reporting
- Develop and analyse risk metrics and dashboards
- Track trends, risk posture, and control effectiveness
Required Qualifications
Core Expertise
- Strong experience in Third-Party Risk Management (TPRM)
- Knowledge of information security concepts: threat, vulnerability, impact
- Ability to apply risk concepts to policies, standards, and controls
Framework Knowledge
- Hands-on experience with NIST Cybersecurity Framework (CSF)
- Understanding of control effectiveness and compliance assurance
Analytical & Problem-Solving Skills
- Strong critical thinking and risk analysis capability
- Ability to break down complex problems and work in ambiguous environments
- Experience in designing and maturing processes
Communication & Leadership
- Excellent written and verbal communication skills
- Ability to influence stakeholders across levels
- Strong cross-functional collaboration skills
Agile & Execution Skills
- Experience working in agile environments
- Ability to prioritize tasks, remove blockers, and adapt quickly
Key Competencies
- Risk Assessment & Decision-Making
- Cybersecurity & Compliance
- Stakeholder Management
- Process Optimization
- Data-Driven Insights
- Automation & Innovation
SENIOR INFORMATION SECURITY ENGINEER (DEVSECOPS)
Key Skills: Software Development Life Cycle (SDLC), CI/CD
About Company: Consumer Internet / E-Commerce
Company Size: Mid-Sized
Experience Required: 6 - 10 years
Working Days: 5 days/week
Office Location: Bengaluru [Karnataka]
Review Criteria:
Mandatory:
- Strong DevSecOps profile
- Must have 5+ years of hands-on experience in Information Security, with a primary focus on cloud security across AWS, Azure, and GCP environments.
- Must have strong practical experience working with Cloud Security Posture Management (CSPM) tools such as Prisma Cloud, Wiz, or Orca along with SIEM / IDS / IPS platforms
- Must have proven experience in securing Kubernetes and containerized environments including image security,runtime protection, RBAC, and network policies.
- Must have hands-on experience integrating security within CI/CD pipelines using tools such as Snyk, GitHub Advanced Security,or equivalent security scanning solutions.
- Must have solid understanding of core security domains including network security, encryption, identity and access management key management, and security governance including cloud-native security services like GuardDuty, Azure Security Center etc
- Must have practical experience with Application Security Testing tools including SAST, DAST, and SCA in real production environments
- Must have hands-on experience with security monitoring, incident response, alert investigation, root-cause analysis (RCA), and managing VAPT / penetration testing activities
- Must have experience securing infrastructure-as-code and cloud deployments using Terraform, CloudFormation, ARM, Docker, and Kubernetes
- B2B SaaS Product companies
- Must have working knowledge of globally recognized security frameworks and standards such as ISO 27001, NIST, and CIS with exposure to SOC2, GDPR, or HIPAA compliance environments
Preferred:
- Experience with DevSecOps automation, security-as-code, and policy-as-code implementations
- Exposure to threat intelligence platforms, cloud security monitoring, and proactive threat detection methodologies, including EDR / DLP or vulnerability management tools
- Must demonstrate strong ownership mindset, proactive security-first thinking, and ability to communicate risks in clear business language
Roles & Responsibilities:
We are looking for a Senior Information Security Engineer who can help protect our cloud infrastructure, applications, and data while enabling teams to move fast and build securely.
This role sits deep within our engineering ecosystem. You’ll embed security into how we design, build, deploy, and operate systems—working closely with Cloud, Platform, and Application Engineering teams. You’ll balance proactive security design with hands-on incident response, and help shape a strong, security-first culture across the organization.
If you enjoy solving real-world security problems, working close to systems and code, and influencing how teams build securely at scale, this role is for you.
What You’ll Do-
Cloud & Infrastructure Security:
- Design, implement, and operate cloud-native security controls across AWS, Azure, GCP, and Oracle.
- Strengthen IAM, network security, and cloud posture using services like GuardDuty, Azure Security Center and others.
- Partner with platform teams to secure VPCs, security groups, and cloud access patterns.
Application & DevSecOps Security:
- Embed security into the SDLC through threat modeling, secure code reviews, and security-by-design practices.
- Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
- Secure infrastructure-as-code and containerized workloads using Terraform, CloudFormation, ARM, Docker, and Kubernetes.
Security Monitoring & Incident Response:
- Monitor security alerts and investigate potential threats across cloud and application layers.
- Lead or support incident response efforts, root-cause analysis, and corrective actions.
- Plan and execute VAPT and penetration testing engagements (internal and external), track remediation, and validate fixes.
- Conduct red teaming activities and tabletop exercises to test detection, response readiness, and cross-team coordination.
- Continuously improve detection, response, and testing maturity.
Security Tools & Platforms:
- Manage and optimize security tooling including firewalls, SIEM, EDR, DLP, IDS/IPS, CSPM, and vulnerability management platforms.
- Ensure tools are well-integrated, actionable, and aligned with operational needs.
Compliance, Governance & Awareness:
- Support compliance with industry standards and frameworks such as SOC2, HIPAA, ISO 27001, NIST, CIS, and GDPR.
- Promote secure engineering practices through training, documentation, and ongoing awareness programs.
- Act as a trusted security advisor to engineering and product teams.
Continuous Improvement:
- Stay ahead of emerging threats, cloud vulnerabilities, and evolving security best practices.
- Continuously raise the bar on a company's security posture through automation and process improvement.
Endpoint Security (Secondary Scope):
- Provide guidance on endpoint security tooling such as SentinelOne and Microsoft Defender when required.
Ideal Candidate:
- Strong hands-on experience in cloud security across AWS and Azure.
- Practical exposure to CSPM tools (e.g., Prisma Cloud, Wiz, Orca) and SIEM / IDS / IPS platforms.
- Experience securing containerized and Kubernetes-based environments.
- Familiarity with CI/CD security integrations (e.g., Snyk, GitHub Advanced Security, or similar).
- Solid understanding of network security, encryption, identity, and access management.
- Experience with application security testing tools (SAST, DAST, SCA).
- Working knowledge of security frameworks and standards such as ISO 27001, NIST, and CIS.
- Strong analytical, troubleshooting, and problem-solving skills.
Nice to Have:
- Experience with DevSecOps automation and security-as-code practices.
- Exposure to threat intelligence and cloud security monitoring solutions.
- Familiarity with incident response frameworks and forensic analysis.
- Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+.
Perks, Benefits and Work Culture:
A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the comprehensive benefits that company offers.
A Day in the Life:
- A Day in the Life Collaborate with developers and product managers to understand feature requirements.
- Review feature specifications and design detailed test cases.
- Perform manual tests on payment gateway systems, including transaction flows and API validations.
- Identify, log, and track defects using tools like JIRA and prioritize them for resolution.
- Conduct regression testing to ensure system stability after updates.
- Participate in team discussions to troubleshoot and resolve issues.
- Document test results and prepare for upcoming sprint activities
Key Responsibilities:
- Key Responsibilities Develop and execute detailed test plans, test cases, and test scripts for web-based payment systems.
- Perform functional, regression, integration, UI, API, and end-to-end testing of payment gateway features.
- Test core modules including transaction processing, authentication, encryption, payment methods (Credit/Debit, UPI, Wallets, etc.), and refunds.
- Ensure compliance with standards such as PCI-DSS, ISO 8583, and EMV where applicable.
- Work closely with developers, product managers, and other stakeholders to understand requirements and raise quality issues.
- Identify, log, track, and manage defects in defect tracking tools (e.g., JIRA).
- Build and maintain automated test suites using tools like Postman, TestNG, RestAssured, etc.
- Validate integration with third-party payment processors and banks.
- Perform load testing and performance testing using tools like JMeter or LoadRunner.
- Ensure browser compatibility and mobile responsiveness testing
Basic Qualifications & Skills
- Minimum 3+ years of experience in manual and automation testing of web applications, with at least 1-2 years of experience in the payment gateway, fintech, banking, or e-commerce domains.
- Strong understanding of payment flow, transaction lifecycle, and settlement processes.
- Hands-on experience with API Collection API testing (REST/SOAP) and tools like Postman, SoapUI, etc.
- Proficiency in Java, and frameworks like TestNG or Cucumber.
- Experience with SQL for database validation.
- Familiarity with security testing practices and standards relevant to payment systems.
- Strong knowledge of software QA methodologies, tools, and processes.
- Excellent analytical and problem-solving skills.
- Good communication skills and the ability to work in agile/scrum environments.
Preferred Qualifications
- Experience in high-volume transaction systems with low-latency requirements.
- Knowledge of emerging payment technologies like blockchain, UPI, and real-time payments
- Hands-on experience with cloud platforms such as AWS, Azure, or Google Cloud.
- Familiarity with tools like Kubernetes, Docker, and CI/CD pipelines.
What We Offer
Opportunity to work on innovative fintech products in a fast-growing technology environment.
Collaborative culture with strong cross-functional teamwork. Opportunities for professional growth and career development
Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting


