Job Description

Role Overview

As an

IT Security & Compliance Officer

at VortexWeb- Noida, you will be responsible for protecting all infrastructure, applications, and integrations used across the company and client projects. You will implement and enforce best practices around

access governance

,

API token management

,

VPN restrictions

, and

compliance

with global data security policies (e.g., ISO 27001, GDPR). Your primary goal is to secure our digital assets, restrict unauthorized access, and reduce internal risk vectors.

Key Responsibilities

Conduct company-wide

access audits

and document all critical touchpoints (AWS, GitHub, Bitrix24, etc.) Design and implement

role-based access control (RBAC)

across all systems and integrations Set up and manage

secure credential vaults

using tools like Bitwarden/1Password; enforce storage and access policy for all developers and PMs Configure and maintain

VPN or zero-trust network access

(Cloudflare Teams / Tailscale) to ensure systems are accessible only via company-issued devices Oversee

token lifecycle management

for APIs including Property Finder, Bayut, Dubizzle, and ensure tokens are securely stored, rotated, and revoked when needed Detect and respond to any

unauthorized access attempts

, token misuse, or suspicious activity through log analysis and real-time monitoring Draft and maintain a full suite of

security SOPs

, including onboarding/offboarding checklists, API access control, disaster recovery plans, and breach incident playbooks Collaborate with DevOps and PM teams to ensure ongoing security compliance for Bitrix24, AWS, portal integrations, and other internal tools

Required Skills & Experience

2+ years of hands-on experience in

cybersecurity, IT compliance, or infrastructure security

Proven experience with

IAM policies

,

access control frameworks

, and

VPN configurations

Strong knowledge of

AWS security tools

, EC2 permissions, and cloud-based firewalls Familiarity with

API security

, webhook verification, and OAuth/Bearer token systems Hands-on experience with

Bitwarden, Vault, or enterprise-grade password managers

Working understanding of GDPR, ISO 27001, or equivalent compliance standards Ability to create and enforce well-documented security processes
Job Type: Full-time

Pay: ?200,000.00 - ?300,000.00 per year

Ability to commute/relocate:

Noida, Uttar Pradesh: Reliably commute or planning to relocate before starting work (Preferred)
Application Question(s):

What is the most secure way to store API credentials across multiple clients in an agency environment? Describe tools or policies you'd use. Have you ever implemented VPN-based access controls for internal tools or CRMs? If yes, explain how you ensured only company-issued devices could access them. What would you do if an employee who had root-level access resigned without notice and their Bitrix24 admin account was still active? List step-by-step actions. Which of the following tools are you proficient in?
1. Bitwarden
2. Tailscale
3. AWS IAM
4. GitHub Access Control
5. Fail2ban
6. I haven't used any

What is your current CTC? What is your expected CTC?
Work Location: In person

Application Deadline: 30/07/2025