Senior Principal Engineer - Information Security

Principal Cyber Security Engineer

Location: Bangalore

What is Muthoot FinCorp ONE

Muthoot FinCorp ONE, is a fintech startup, building a financial ecosystem where customers can access relevant and reliable digital services across an expansive range of digital financial products in segments like Lending, Saving & Investment, Protection, and Remittance.

Our products are designed to ensure a simple, reliable, and responsive financial environment for our customers. Envisioned to be the most trusted financial service provider, our app has an easy-to-use interface aimed to enhance user experience and comfortable navigation.

Our promoter, Muthoot FinCorp Ltd., is one of the most reputed names in the Fintech industry and has the customers trust in diverse segments like Financial Services, Automotive, Hospitality, Alternate Energy, Real Estate, and Precious Metals.

In our quest to build teams across diversified domains, we recently acquired Paymatrix, an award-winning start-up founded in 2016. It has helped us venture into rent and rent-related payments and other vendor payments using credit cards. Currently, we are working on transforming Paymatrix into a Virtual POS platform.

Muthoot FinCorp ONE believes in an ownership driven startup culture, where cumulative success is paramount, and each team member is valued and nurtured.

What can you expect

Build the future, Today -

Attractive compensation with wealth- building ESOPs

Perks & other benefits -

Work with the brightest minds in the industry -

Dynamic work environment: Stable yet exciting -

Fast-paced growth -

Role

You will be working with the world-class engineering team in

• Strategic Cybersecurity Leadership with Hands-On Implementation: Drive the adoption of advanced cybersecurity practices, leading strategic planning initiatives while actively participating in hands-on implementation. Oversee red team operations and devise strategies to fortify security controls.
• Operational Excellence: Manage day-to-day Security Operations Center activities, ensuring adherence to project timelines and safeguarding FinTech systems. Implement improvements, troubleshoot issues, and maintain compliance with industry standards.
• Talent Development and Collaboration: Mentor and train team members, recruit new talent, and foster collaborative relationships with stakeholders. Integrate security into software development and present budget plans.
• Continuous Improvement and Compliance: Stay updated on cybersecurity trends, conduct regular assessments, and ensure compliance with regulations. Cover areas like Vulnerability Assessment (VA), Penetration Testing (PT), Governance, Risk Management, Compliance, network security, and data privacy etc

What are we looking for

We are looking for a Cyber Security Specialist to join our team to work closely with the stakeholders to ensure that cyber security projects meet objectives across our organization. They are responsible for various tasks, including process re-engineering and documentation of activities related to this area.

A Cyber Security Specialist s responsibilities include using their skills to detect insecure features and malicious activities within our networks and infrastructure. They will implement customized application security assessments for client-based asset risk, and corporate policy compliance as well as conduct vulnerability assessments. They should have an advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements. The specialist s focus is not only limited to assessing whether vulnerabilities exist but also how those risks could be mitigated which can help provide organizations with more confidence about system stability going forward. Ultimately, you will work to ensure the security of our business information, employee data and client information throughout our entire network.

Responsibilities:

1. Oversee detection, analysis, and response to security incidents, developing and implementing incident response plans for swift and effective action.
2. Evaluate and recommend security technologies to enhance SOC capabilities.
3. Implement and maintain security controls, troubleshoot, and resolve issues in the DevSecOps domain.
4. Conduct periodic audits to identify security violations and inefficiencies, with the ability to perform proof of concept if required.
5. Collaborate with cross-functional teams to mitigate and remediate security incidents.
6. Conduct regular security assessments, vulnerability scans, and implement appropriate remediation measures.
7. Identify vulnerabilities, weaknesses, and potential threats in infrastructure, offering actionable recommendations for risk mitigation.
8. Keep users informed by preparing performance reports and communicating system status.
9. Implement and manage security controls and tools to safeguard applications and infrastructure, prioritizing and assessing vulnerabilities based on potential impact.
10. Provide expert guidance on risk mitigation strategies based on purple team findings, ensuring compliance with industry standards and regulations.
11. Experience in team building and mentorship, with excellent communication skills to convey complex technical information to non-technical stakeholders.
12. Experience in creating cybersecurity budgets.

Requirements and Skills:

• Proven work experience of 8+ years as a Cyber Security Specialist or similar role, with leadership experience managing purple teams or similar cybersecurity teams.
• In-depth knowledge of AWS Cloud Infrastructure, AWS Security Services, and other critical infrastructure security.
• Expertise in conducting penetration testing, vulnerability assessments, and social engineering.
• Ability to work under pressure, facilitate discussions, decision-making, and conflict resolution.
• Hands-on experience with security tools such as static analysis, dynamic analysis, and vulnerability scanners.
• Proficiency in analyzing high volumes of logs, network data, and other attack artifacts, with strong analytical and problem-solving skills.
• Experience with Security Audits, Incident Response, Threat Modeling, Monitoring, and Analysis.
• Proficiency with antivirus and security software, along with a strong understanding of offensive security tools and techniques.
• Preferred certifications include CISSP, OSCP, OSWE, GIAC PNPT.
• Bachelor s degree in computer science, Information Systems, or equivalent education/work experience.