Information Security Engineer

Job Role: Information Security Engineer

Job Location: Bangalore / Chennai

Experience: 6+ Years

Job Roles & Responsibilities:

• Perform vulnerability assessments and policy compliance checks across on-premises, cloud-hosted systems, containers (e.g., Docker, Kubernetes), databases, and web services.
• Use leading vulnerability scanning solutions like Qualys to identify and assess security risks.
• Analyze vulnerability scan results, validate false positives, and ensure delivery of accurate and actionable reports.
• Act as technical SME to interpret detection logic and assist infrastructure/application teams with effective remediation strategies.
• Identify root causes for recurring security issues and propose long-term sustainable solutions.
• Build and maintain a technical knowledge base to support vulnerability management (VM) team effectiveness.
• Stay updated on emerging threats, vulnerabilities, and vulnerability management trends.
• Ensure alignment with security policies, standards, and procedures; assist in translating security concepts to non-technical teams.
• Draft and maintain documentation, including process guidelines, technical reports, and executive summaries.
• Suggest service improvements based on technology evolution in networking, cloud, and security infrastructure.
• Provide technical mentorship and act as line manager in the absence of the team lead.

Job Skills & Requirements:

Education:

• Bachelor's Degree in Engineering, Computer Science, Information Technology, or equivalent.
• Industry certifications such as CISSP, CISA, CRISC, CISM, CCNA Security, CCNP Security, or CCIE are preferred.

Experience:

• Minimum 6 years of experience in Information Security, preferably in Banking and Financial Services.
• Proven expertise in risk/threat assessment, vulnerability management, and security operations.

Technical Skills:

• Hands-on experience with vulnerability scanning tools like Qualys, Nessus, Rapid7, etc.
• Proficiency in security assessment for cloud platforms (AWS, Azure, GCP) and container environments (Docker, Kubernetes).
• Knowledge of networking components such as routers, switches, firewalls, load balancers, and proxies.
• Ability to analyze, interpret, and communicate security threats and mitigations to both technical and non-technical audiences.
• Working knowledge of policy compliance, risk consulting, and incident response procedures.
• Strong understanding of information security frameworks and best practices (NIST, ISO, CIS benchmarks, etc.).