Information Security Lead
2 days ago
Experience: 8+ Years Function: Security Assessments (Web, API, Mobile, Infra, Cloud) | Customer/Delivery Support Location: Bangalore Employment Type : Full-Time (In office) Application Form: Role Purpose We are seeking an experienced Information Security Lead to drive and oversee end-to-end security assessments across diverse technology stacks — including web, mobile, API, infrastructure, and cloud. The role involves hands-on testing, validating findings with technical evidence or PoC, mapping results to standards (OWASP, NIST, CIS), and ensuring closure through effective remediation. The candidate will also act as a technical interface with customers, delivery teams, and internal stakeholders. Key Responsibilities 1. End-to-End VAPT Delivery ● Plan, scope, and execute Vulnerability Assessment and Penetration Testing (VAPT) across applications, APIs, infrastructure, and cloud workloads. ● Focus on manual-first testing to uncover complex issues like IDOR/BOLA, broken access control, SSRF, logic abuse, and weak authentication. ● Deliver detailed reports with proof-of-concept, impact assessment, and remediation guidance. 2. Application / API / Mobile Security ● Conduct security testing of web and APIs aligned with OWASP Top 10 (Web & API) standards. ● Perform mobile app testing (Android/iOS) per OWASP MASVS/MSTG, using tools like MobSF, Frida, and Objection. ● Work closely with developers and DevOps teams to clarify findings, verify fixes, and perform retests. 3. Cloud Security Review ● Review AWS, Azure, and GCP configurations for misconfigurations, weak IAM policies, and exposed services. ● Recommend security hardening in line with CIS benchmarks. ● Validate cloud-exposed endpoints and configurations to prevent SSRF and metadata exposure attacks. 4. Defensive Integration ● Translate assessment findings into actionable defensive controls — SIEM rules, WAF policies, and API gateway configurations. ● Collaborate with SOC/Defensive teams to enhance visibility and detection based on VAPT results. 5. Customer / Delivery / Internal Support ● Join client and internal calls to explain methodologies, findings, and risk ratings. ● Provide inputs for SOWs, level of effort (LoE), and environment requirements. ● Conduct walkthroughs of assessment results with app, infra, and cloud teams for effective remediation. 6. Process & Team Enablement ● Maintain and update SOPs, templates, and checklists in line with OWASP and NIST frameworks. ● Integrate testing processes into SDLC and CI/CD pipelines for continuous security assurance. ● Mentor junior team members, review reports, and ensure quality in assessment delivery. Required Technical Skills ● Strong hands-on experience in VAPT, WAPT, API, and Mobile Application Testing. ● Proficiency with tools: Burp Suite Pro, Nmap, MobSF, Frida, Objection, Postman, sqlmap, cloud consoles. ● Deep understanding of OAuth2/OIDC/JWT, TLS, REST, GraphQL, and CORS. ● Familiarity with security frameworks and standards — OWASP, NIST CSF, CIS Benchmarks, CVSS v3.x. ● Scripting ability in Python/PowerShell for automation and PoC generation. Preferred Certifications ● Offensive Certifications: OSCP, OSWE, eWPTX, GWAPT, GMOB ● Cloud & Security Certifications: AZ-500, AWS Security Specialty, CCSP ● Exposure to SAST, DAST, SCA, and DevSecOps pipeline integration
-
Head of Information Security
2 weeks ago
bangalore district, India Pixis Full timeAbout us: Pixis is a global AI technology company transforming how brands plan, create, and optimize marketing. Our flagship marketing operating system, Prism, sits at the core of the Pixis platform, using AI to turn fragmented performance data into clear, actionable insights and directly into execution. With native integrations across major ad platforms,...
-
Information Security Training Lead
2 weeks ago
Bangalore, India Narayana Health Full timeThe Information Security Lead will be responsible for developing and implementing the organization's information security framework to safeguard patient data, clinical systems, and enterprise IT infrastructure. This role ensures compliance with healthcare regulations, international standards, and hospital group policies, while building a culture of security...
-
Information Security and Risk Lead
3 days ago
Bangalore, India Dairy Day Full timeDairy Day is one of India’s largest ice cream brands. Dairy Day manufactures and supplies products across a variety of cups, cones, sticks, tubs, and other special packaging with over 30+ flavors. The company has state-of-the-art manufacturing facilities in Karnataka with a production capacity of 3 Lakh liters/day. The Information Security and Controls...
-
Information Security
3 days ago
Bangalore, India Dairy Day Full timeCompany Description Dairy Day is one of India’s largest ice cream brands. Over the last 22+ years, we have built a formidable presence across South & West India and are continuously expanding across the country, selling to over 60,000+ retailers. Dairy Day manufactures and supplies products across a variety of cups, cones, sticks, tubs, and other special...
-
Information Security
4 days ago
bangalore, India Dairy Day Full timeCompany Description Dairy Day is one of India’s largest ice cream brands. Over the last 22+ years, we have built a formidable presence across South & West India and are continuously expanding across the country, selling to over 60,000+ retailers. Dairy Day manufactures and supplies products across a variety of cups, cones, sticks, tubs, and other special...
-
Information Security
4 days ago
bangalore, India Dairy Day Full timeCompany DescriptionDairy Day is one of India’s largest ice cream brands. Over the last 22+ years, we have built a formidable presence across South & West India and are continuously expanding across the country, selling to over 60,000+ retailers. Dairy Day manufactures and supplies products across a variety of cups, cones, sticks, tubs, and other special...
-
Lead Information Security Engineer
2 weeks ago
pune district, India Mastercard Full timeThe Business Security Enablement (BSE) team is looking for a Lead Security Engineer to join our team in support of the Transfer Solutions program and working out of our Pune office in India. The ideal candidate needs a high level of expertise in information security and secure engineering disciplines to advise product and operational teams on how to securely...
-
Cyber & Information Security
2 days ago
bangalore, India WEBSKITTERS TECHNOLOGY SOLUTIONS PRIVATE LIMITED Full timeWe are seeking a strategic, forward-thinking Head of Cyber & Information Security to lead the design, implementation, and governance of enterprise-wide information security frameworks across Webskitters. This senior leadership role will be responsible for defining and executing the organisation’s cybersecurity, data protection, and compliance...
-
Information Security Officer
2 weeks ago
pune district, India FPL Technologies Full timeAbout the company Credit cards haven't changed much for over half a century so our team of seasoned bankers, technologists, and designers set out to redefine the credit card for you - the consumer. The result is OneCard - a credit card reimagined for the mobile generation. OneCard is India's best metal credit card built with full-stack tech. It is backed by...
-
Technical Program Manager
2 weeks ago
bangalore district, India Navi Full timeAbout the Team At Navi, the InfoSec team safeguards our digital ecosystem - ensuring the confidentiality, integrity, and availability of critical systems and data. We lead the charge on cyber risk management, regulatory compliance, and data protection, while championing a security-first culture across all teams. Our mission: Protect what powers Navi -...
