Nexthire

    Role : Infosec Engineer

    Experience : 3-6 Years

    Location : Bangalore

    Working Days: 5 Days a week

    About InCred

    InCred was founded by Bhupinder Singh in 2016. InCred is credited for Incredible India. We use technology and data-science to make lending quick, simple and hassle-free. We believe traditional ways of lending can exclude those most in need because of outdated, rigid and often inefficient processes. At InCred, we have simplified the lending process with a sharp focus on serving our borrowers’ unique needs and circumstances – offering our customers a truly superior borrowing experience.

    Company Address: Vasanth Nagar. No 8, Second Floor, Feather Lite Vista Building, MV Jayaram Road, Vasanth Nagar, Bangalore-560052

    Funding: $254.4M

    Team Size: 5000+

    InCred’s vision:

    To create a trustworthy, transparent, and highest integrity financial institution that positively advances the socio-economic well-being of lower middle class to middle-class Indian households while protecting the interests of all stakeholders

    About InCred product and services:

    InCred is a new-age financial services group that leverages technology and data-science to make lending quick and easy.

    At InCred Financial Services we build cloud native distributed services to solve the most challenging problems of scale. These services are developed in different programming languages as we pick up the best language to solve a problem. Following are some of the languages we use to build our services NodeJS, Python, Java, Elixir, Golang and Typescript.

    Our infrastructure is developed using IAAC where the DevOps team uses CloudFormation, Terraform, Ansible, AWS-CDK to create and maintain the infrastructure. We are working on real time streaming problems in the areas of lending, disbursement, customer engagement. We are leveraging Apache Spark, Kafka, Kinesis for designing different solutions.

    Job Description

    Evaluating, Testing, and integrating security tools, standards, and associated processes as per the security framework.

    • Improving and supporting application security tool deployments including static analysis and runtime testing tools.
    • Create and manage process to guide development and testing teams on proactively finding application security risks
    • Improving and maintaining secure development standards.
    • Supporting the application architecture/design review processes whenever application security expertise is needed.
    • Conduct periodic penetration testing services of application and related infrastructure. Closure of open risks by actively following-up with stakeholders.
    • Assess application, design threat models, risk, document potential risk vectors, recommend relative controls and ensure risk is addressed
    • Maintain security risk register to track the identified risks and produce metrics to report the state of application security program and risk status.
    • Additional responsibilities to this role include:
      • Recommend cybersecurity assessment methodology and support purple team exercises when required
      • Assessing cloud security risk (AWS, Google, and Azure) and recommending appropriate security controls
    • Assist in imparting security awareness training and executing phishing simulation exercise to employees.
    • Track and report security metrics to higher management on a regular basis
    • Define hardening standard for various technology and assess compliance levels
    • Identify, prioritize, and track security incidents and manage related platforms such as SIEM, DLP, EDR and other security tools
    • Assist in 3rd party security due-diligence reviews

    Key Areas: Application security, evaluating and implementing security tools (SIEM, DLP, endpoint protection), security reviews and assessment, preparation of security checklist, security awareness/phishing simulation, cloud security.

    Certifications: good to have - CISM, CISSP, CEH, OCSP

    Experience

    Should have 3+years of experience in information security domain and minimum should have 1-2 of years in application security and cloud security

    • Must have sound knowledge in security vulnerabilities, remediation and mitigation techniques, OWASP, and secure coding practices.
    • Ability to document and explain technical details in a concise & understandable manner
    • Industry recognized certificates relevant to the roles such as CEH, GPEN, OSCP, etc are desired
    • Ability to lead complex, cross-functional projects, and problem-solving initiatives.
    • Passionate about information security and update knowledge on daily basis to support the organization
    • Candidates must have excellent verbal and written communication skills
    • Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, to concerned stakeholders and discuss effective defensive techniques.
    • Familiarity with industry standards and regulations including PCI and ISO27001 is desired.
    • Good understanding of the Docker, Kubernetes, and security models
    • Fair understanding of public cloud models (e.g. AWS, Google, Microsoft Azure) and their security implications

    Skills:

    Candidate should be a good team player

    • Should have good interpersonal skills
    • Good written communication skills including ability to develop process documentation and security guidelines.
    • Aptitude for troubleshooting basic network, Windows/*nix connectivity
    • Ability to apply critical thinking and logic to a wide range of intellectual and practical problems
    • Ability to maintain composure under pressure and work calmly during an emergency
    • Ability to manage multiple tasks and schedules



    %FOOTER_POWERED_BY%breezy