Information Security Lead Airtel Payments Bank

6.0 - 9.0 years

18 - 25 Lacs

Gurugram

Hybrid

Role: L3-Information Security Job Description: Primary Responsibility would be to manage the organizational practices for the following: Vulnerability Assessment Infrastructure(Cloud/Traditional DC) Penetration Testing Configuration Review Red Teaming Should be able to lead the team for delivery of Vulnerability Management operations. Conduct penetration testing as per the calendar activities and on demand request for Infrastructure Vulnerability Assessment. Conduct Vulnerability Assessment and Penetration Testing on Cloud Environment (AWS, GCP, Azure). Conduct configuration review as per the calendar activities and on demand request for server, database, network components. Identify and propose work around for critical vulnerabilities. Explain vulnerabilities to System owners and provide recommendations for mitigation Monitor progress of vulnerability mitigations and maintain track of remediation Provide advisory support to internal IT team for closure of identified vulnerability during the security testing Coordinate fixing of identified and accepted vulnerabilities with Airtel Payments Bank and Security Vendors. Stay abreast of newer trends in tools and technologies used for application security Develop POCs to demonstrate security issues Qualification: B.Tech, B.E, MCA or equivalent from a Recognized university At least 8 years of experience in similar role Certifications Preferred: OSCP, EC-council LPT. Hands on experience with popular security tools – Nessus, Metasploit, KALI Linux. Working knowledge of CIS Security benchmarks Has practical experience in auditing various OS , DB , Network and Security technologies

Posted 1 week ago

Apply

Security & Compliance Engineer IBM

4.0 - 9.0 years

6 - 11 Lacs

Bengaluru

Work from Office

Job Summary: We are seeking a passionate and experienced Security & Compliance Engineer to join our team. This role is pivotal in ensuring our cloud services meet the highest standards of security and compliance. You will work cross-functionally with engineering teams, project managers, and compliance stakeholders to identify, implement, and monitor security controls and processes. Your work will directly contribute to the protection of our infrastructure, data, and services. The service you will be joining is Key Protect, IBM’s key management system https://www.ibm.com/products/key-protect. Key Responsibilities: Support security and compliance initiatives across Key Protect & Security Services. Collaborate with development and operations teams to mitigate security risks. Implement, and monitor security controls and compliance processes. Contribute to risk assessments, gap analyses, and remediation planning. Support internal and external audits by providing evidence and documentation. Support adherence to regulatory standards such as FedRAMP, HIPAA, GDPR, SOC 2, PCI, ISO27K, NIST, ISMAP, ENS, HITRUST, etc. Drive improvements in patch management, vulnerability management, and access control. Maintain accurate asset inventories and ensure configuration management best practices. Monitor logs and systems for anomalies and respond to incidents. Participate in penetration testing and threat modeling exercises. Communicate security requirements and findings to technical and non-technical stakeholders. Ideal Candidate Traits: Growth mindset and eagerness to learn. Strong problem-solving and critical thinking abilities. Self-starter, ability to work independently. Ability to translate complex security concepts into actionable guidance. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Experience: 4+ years in security engineering, compliance, DevOps or related roles. Experience with cloud technologies and infrastructure. Hands-on experience with compliance frameworks (e.g., FedRAMP, HIPAA, GDPR, SOC 2, PCI, ISO, NIST). Knowledge of end-to-end Security and Compliance activities such as Threat Models, Security Privacy by Design. Knowledge of Security scanning tools such as Nessus scanner, SonarQube, NMap. Knowledge of Security concepts (includes understanding of identity mgmt./authentication, authorization, firewall, auditing, secure communication, managing certificates, password management) Understanding of cryptographic key management and its lifecycle. Strong understanding of access management, data protection, and secure system configuration. Experience on Kubernetes/ OpenShift deployments, Container Tools such as Docker, Podman, Rancher Excellent communication and documentation skills. Ability to work independently and collaboratively across teams. Preferred technical and professional experience Experience with tools such as GitHub and ServiceNow. Experience with microservice architectures and Restful API development Familiarity using Container Security tools such as Prisma Cloud & AquaSec Experience in DevSecOps pipelines - Jenkins, Tekton Toolchains Scripting and automation skills (Python, Bash, Terraform, etc.)

Posted 2 weeks ago

Apply

Start Your Job Search Today

Browse through a variety of job opportunities tailored to your skills and preferences. Filter by location, experience, salary, and more to find your perfect fit.