Infosec Ii

ID: 1481 | 5-9 yrs | Bengaluru | careers
- **About Clear**

**The journey of simplicity throughout the last decade urged us to make things clear so that it's easier done than said.**

Clear today is India's leading fintech SaaS platform, serving 3K+ enterprises, 6L+ SMEs, and 5M+ individuals, with our ITR, GST, e-Invoicing products, and more. While the journey has not been easy, it has been transforming.

Founded in 2011, the decade-long journey of ClearTax defines growth. Starting with just 3 tech products related to tax and filing, we now build mobile and web-based SaaS products for invoices, taxes, payments, and credit and augment them with strong advanced analytics and artificial intelligence. We are also a Series C-funded startup with a strong team of 1000+ members, and as we continue to evolve into a world of new-financial solutions, we're looking for individuals with perspectives to join our team.

**Role Overview**:
This role is part of the Information Security Team, Engineering division of Clear India. This person will be responsible to secure all enterprise and cloud infra and services, educating IT and DevOps teams in fixing the issues, and making sure the infrastructure is compliant to different security standards and compliances as we will have to provide these details to our corporate customers as a part of their onboarding process. You will be a critical resource in driving Clear's Data Protection programs. You will work with team members across the organization to deliver world-class services which improve Clear’s security posture. You'll make key technical decisions and communicate them effectively. You will own solutions and drive projects delivering those solutions through to completion. We are looking for someone with a high level of technical talent with an emphasis on infrastructure services, proxy systems, networking technologies, automation/scripting, and experience with APIs who can help our team deliver in an extremely fast-paced environment.

**Duties & Responsibilities**:

- Self-starter; demonstrates personal initiative and willingly assumes responsibility and ownership. Ability to drive efforts based on organizational priorities with mínimal management oversight.
- You will partner with architects, engineers, devops, site reliability engineers across the organization; perform security design assessments, paint the overall risk picture, and help find solutions for the risks and vulnerabilities you identify.
- As a domain expert across infrastructure, data platforms, and network security you will define reusable security patterns, control requirements, and lead security improvement initiatives on internal and member-facing services and infrastructure that support our members and employees. You will be successful if ClearTax continues to build infrastructure that is secure.
- Guide the technology organization's security and privacy initiatives by participating in reviews. Perform security reviews, evaluations, risk assessments, and monitoring on a regular basis to ensure exceptions and violations are identified and addressed during desktop and onsite audits
- Ability to solve problems at their root and step back to understand the broader context.
- Develop and deliver security training across the company.
- Ability to implement and drive information and data security initiatives.
- Develop and interpret security policies and procedures.
- Perform and oversee Information Security Policy Framework
- Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25.
- Manage multiple projects and efforts at the same time.
- Experience in providing practical solutions that enable product teams to meet business goals while controlling security risk.
- Provide direction to junior members of the team.
- Ability to promote secure design principles and a security-focused outlook across a large organization.
- Plan and assist in developing strategic direction for information security and compliance initiatives.
- Evaluate and recommend new and emerging security technologies for use inside and outside the security organization.

**Job Requirements / Qualifications**:

- Bachelor’s degree + 6 years in a technical discipline.
- Any relevant certifications such as CISM, CISSP, CSSLP, AWS Security Specialty, AZ-500, etc.
- Experience with one or more programming languages like C, C++, GoLang, and Java development environments.
- Strong knowledge of computer security principles and best practices.
- Experience with Information Security Policy and Procedure development and implementations
- Knowledge of common security-related protocols and their design (i.e. SSH, IPsec, TLS, etc.).
- Familiarity with security tools like Nessus, Snort, and OpenVAS.
- Strong English (both oral and written) skills and strong problem-solving skills.
- Having Security Certification will be an added plus.