Information Security Lead – Managed Security Services

📍 Bengaluru, Karnataka, India
Full-time Other-General Posted January 28, 2026
Apply Now Similar Jobs
Job Description

Total Experience:  
8–10+ years 
Job Skills:  
● Strong hands-on experience in VAPT, WAPT, API, and Mobile Application Testing.
 ● Proficiency with tools: Burp Suite Pro, Nmap, MobSF, Frida, Objection, Postman,
 sqlmap, cloud consoles.
 ● Deep understanding of HTTP, OAuth2/OIDC/JWT, TLS, REST, GraphQL, and CORS.
 ● Familiarity with security frameworks and standards — OWASP, NIST CSF, CIS
 Benchmarks, CVSS v3.x.
 ● Scripting ability in Python/PowerShell for automation and PoC generation. 
Preferred Certifications 
 ● Offensive Certifications: OSCP, OSWE, eWPTX, GWAPT, GMOB
 ● Cloud & Security Certifications: AZ-500, AWS Security Specialty, CCSP
 ● Exposure to SAST, DAST, SCA, and DevSecOps pipeline integration 
Role:  
We are seeking an experienced Information Security Lead to drive and oversee end-to-end security assessments across diverse technology stacks — including web, mobile, API, infrastructure, and cloud. The role involves hands-on testing, validating findings with technical evidence or PoC, mapping results to standards (OWASP, NIST, CIS), and ensuring closure through effective remediation. The candidate will also act as a technical interface with customers, delivery teams, and internal stakeholders. 
Responsibilities:  
1. End-to-End VAPT Delivery 
 ● Plan, scope, and execute Vulnerability Assessment and Penetration Testing (VAPT)
 across applications, APIs, infrastructure, and cloud workloads.
 ● Focus on manual-first testing to uncover complex issues like IDOR/BOLA, broken
 access control, SSRF, logic abuse, and weak authentication.
 ● Deliver detailed reports with proof-of-concept, impact assessment, and remediation
 guidance. 
2. Application / API / Mobile Security 
 ● Conduct security testing of web and APIs aligned with OWASP Top 10 (Web & API)
 standards.
 ● Perform mobile app testing (Android/iOS) per OWASP MASVS/MSTG, using tools like
 MobSF, Frida, and Objection.
 ● Work closely with developers and DevOps teams to clarify findings, verify fixes, and
 perform retests. 
3. Cloud Security Review 
 ● Review AWS, Azure, and GCP configurations for misconfigurations, weak IAM policies,
 and exposed services.
 ● Recommend security hardening in line with CIS benchmarks.
 ● Validate cloud-exposed endpoints and configurations to prevent SSRF and metadata
 exposure attacks. 
4. Defensive Integration 
 ● Translate assessment findings into actionable defensive controls — SIEM rules, WAF
 policies, and API gateway configurations.
 ● Collaborate with SOC/Defensive teams to enhance visibility and detection based on
 VAPT results. 
5. Customer / Delivery / Internal Support 
 ● Join client and internal calls to explain methodologies, findings, and risk ratings.
 ● Provide inputs for SOWs, level of effort (LoE), and environment requirements.
 ● Conduct walkthroughs of assessment results with app, infra, and cloud teams for
 effective remediation. 
6. Process & Team Enablement 
 ● Maintain and update SOPs, templates, and checklists in line with OWASP and NIST
 frameworks.
 ● Integrate testing processes into SDLC and CI/CD pipelines for continuous security
 assurance.
 ● Mentor junior team members, review reports, and ensure quality in assessment delivery. 
Apply for this Position

Ready to join ? Click the button below to submit your application.
Submit Application
Job Details

Location
Bengaluru, Karnataka, India
Job Type
Full-time