Credgenics - Information Security Engineer II - Vulnerability Assessment

About Credgenics :Credgenics is Indias first of its kind NPA resolution platform backed by credible investors including Accel Partners and Titan Capital.We work with financial institutions, Banks, NBFCs & Digital lending firms to improve the efficiency of their collection using technology, automation intelligence and optimal legal routes to facilitate the resolution of stressed assets.With all major banks and NBFCs as our clients, our SaaS-based collections platform helps them efficiently improve their NPA, geographic reach and customer experience.We count most of India's lending majors as our clients such as ICICI Bank, Axis Bank, Bank of Baroda, etc and have been able to grow 100% MoM consistently even among the pandemic.Role Overview :We are looking for a highly skilled Information Security Engineer II to join our team and play a critical role in safeguarding our information systems and data against potential threats.In this position, you will leverage your expertise to design and implement robust security measures, conduct risk assessments, and ensure compliance with industry standards.Responsibilities :- Design, implement, and manage security architecture for our systems, ensuring adherence to best practices and compliance requirements.- Conduct thorough risk assessments and vulnerability analysis to identify security weaknesses and recommend mitigation strategies for the complete IT infrastructure of the company .- Coordinate with Cert-In empanneled vendors for annual VAPT and PCI DSS certification compliance, manage engagements and ensure standards adherence.- Coordinate and handle customer queries related to information security during customer onboarding and handle the periodic banks audit for information security.- Develop and enforce security policies, procedures, and standards to protect sensitive information.- Monitor security alerts and incidents, responding promptly to security breaches and providing detailed reports on findings and resolutions.- Collaborate with cross-functional teams to integrate security into all phases of the software development lifecycle (SDLC).- Collaborate with third-party vendors and service providers to perform vendor risk assessment and ensure the security of outsourced systems and services.- Perform user access management review, firewall config, rules review and coordinate with the team for the mitigation of all observations.- Perform email systems security assessment to evaluate anti-phishing, anti-spam, and DLP controls.- Manage and maintain security systems such as SIEM, IDS/IPS, and DLP to detect and respond to security incidents.- Document security findings, recommendations, and remediation plans, and communicate them to relevant stakeholders in a clear and concise manner.- Assist in the development and maintenance of security awareness and training programs for employees, promoting a culture of security throughout the organization.Required :- 5- 7 years of experience in information security, with a focus on security architecture and engineering.- Cloud security (AWS) minimum 2-3 years, DevSecOps minimum 2 years experience.- Server & network security close to 3- 4 years experience.- Proven experience with governance RBI guidelines in terms of data security, business continuity, data location, disaster recovery.- Experience in security standards such as ISO 27001, ISO 27701, PCI DSS and security frameworks CIS and NIST benchmarking.- Hands-on experience with network, application, API vulnerability scanning and penetration testing should be at least 3-4 years.- Relevant security certifications such as CISA, CEH or ISO 27001 auditor (preference).Soft Skills and Cultural Fit :- Exceptional analytical and problem-solving skills, with a keen attention to detail.- Strong communication skills to effectively convey complex security concepts to technical and non-technical stakeholders.- Proactive and self-motivated, with the ability to work independently and collaboratively in a hybrid work environment.- A passion for continuous learning and staying current with industry trends and emerging threats. (ref:hirist.tech)