Job Description

Job Role: Senior Information Security Engineer
Job Location: Bangalore / Chennai
Experience: 8+ Years
Job Roles & Responsibilities:

• Conduct vulnerability assessments and policy compliance checks using industry-leading tools such as Qualys across on-prem, cloud, containers (Docker, Kubernetes), databases, and web services.
• Validate false positives, ensure accuracy of findings, and deliver high-quality reports to stakeholders.
• Serve as a technical subject matter expert (SME) to interpret vulnerability results and detection logic.
• Provide remediation guidance and security consulting support to infrastructure and application support teams.
• Analyze findings to identify root causes and provide recommendations for long-term, sustainable improvements.
• Build and maintain a technical knowledge base to ensure continuous quality in vulnerability management (VM) practices.
• Conduct research on emerging threats and vulnerabilities and track developments in the vulnerability management lifecycle.
• Ensure adherence to security policies, guidelines, and compliance standards; assist in aligning teams across the organization.
• Propose and implement service improvements based on stakeholder feedback and evolving security landscapes.
• Lead and mentor junior team members, acting as line manager when necessary, and provide direction in day-to-day operations.
• Create and maintain comprehensive documentation including SOPs, technical reports, risk assessments, and compliance evidence.

• Bachelor's Degree in Engineering, Computer Science, Information Technology, or related discipline.
• Professional certifications such as CISSP, CISA, CISM, CRISC, CCNA/CCNP Security, or CCIE Security are highly desirable.

• Minimum 8 years of experience in Information Security, ideally within the Banking and Financial Services industry.
• Strong background in risk and threat assessments, vulnerability management, and security operations.

• Extensive experience with vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7).
• Proficient in handling cloud technologies, and network security components such as firewalls, routers, switches, proxies, and load balancers.
• Deep understanding of container security (Docker/Kubernetes), cloud security (AWS, Azure, GCP), and web application security.
• Familiarity with information security frameworks (e.g., NIST, ISO 27001) and regulatory requirements.
• Experience leading and managing security projects and teams, including mentoring and technical leadership.
• Strong troubleshooting, problem-solving, and communication skills (both written and verbal).