Information Security Engineer - 2

About Us:

Xeni is a travel-tech platform that enables businesses to integrate travel products swiftly and eciently, without the need for building their own inventory, booking, or client management systems. Utilizing Xenis modern stack and API suite, businesses can scale rapidly with minimal friction. Xeni's infrastructure is based on the Hedera network, ensuring every booking is tracked, stored, and settled on a decentralized ledger. For more details, visit www.xeni.com.

Role Overview:

As an Information Security Engineer, youll play a critical role in safeguarding our infrastructure, applications, and customer data. Youll work cross-functionally to implement best-in-class security practices and drive compliance across our systems while staying ahead of evolving threats in the fintech landscape.

Responsibilities:

• Implement and manage security controls across cloud infrastructure (AWS and GCP).
• Conduct threat modeling, vulnerability assessments, and penetration testing.
• Monitor, investigate, and respond to security incidents and alerts.
• Collaborate with DevOps and Engineering teams to build security into CI/CD pipelines.
• Maintain and enhance endpoint detection, logging, SIEM, and IAM systems.
• Lead efforts to ensure PCI DSS, SOC 2, and GDPR compliance.
• Perform regular security reviews of code, infrastructure, and third-party vendors.
• Educate teams on secure coding and data protection best practices.

Requirements:

• 4–5 years of experience in information security, preferably in fintech or payments.
• Strong understanding of network security, encryption, authentication, and secure design principles.
• Experience with cloud security tools and configurations (e.g., AWS Security Hub, GuardDuty, IAM).
• Familiarity with common exploits, vulnerabilities (OWASP Top 10), and mitigation techniques.
• Hands-on experience with security monitoring, threat intelligence, and incident response.
• Experience working with SIEM tools, especially Elastic Security (aka. ELK Stack).
• Working knowledge of compliance frameworks like PCI DSS, SOC 2, or GDPR.
• Software Development skills in at least one of these languages like Java, Python, Go, Rust etc is required.
• Industry certifications (CISSP, CEH, OSCP, or similar) are a plus.

Nice to Have:

• Prior experience securing APIs and payment processing systems.
• Experience with security automation tools (e.g., Terraform, Ansible for SecOps).
• Familiarity with container security (Docker, Kubernetes, etc.).

abinaya@xeni.com

We're looking for someone who is willing to work from our Chennai office; this is not a remote opportunity.