Information Security Engineer

Information Security Engineer

Location : Coimbatore (Preference) , Bangalore, Chennai, Hyderabad (Hybrid - 4 days work from office)

NP : 30 days

Experience : 2 to 5 yrs

Budget : Max 27 LPA

Prontoex Consulting Service Pvt Ltd

Sterlite Technologies Limited

Interview Plan:

1 Coding (1.5 hrs) + 2 Techno-managerial (1 hr) - Second round will be F2F round in office.

JD :

About the Role:

We’re looking for a security consultant to join our internal teams in one of our India offices. This is a hands-on, tech-oriented position where you'll apply and grow your knowledge of standard security practices. We need someone who is eager to work collaboratively with software product delivery teams, as well as network and infrastructure support teams.

This role is critical in helping our teams reduce risks related to code development, system architecture, and infrastructure. You will be a key part of embedding security into our delivery culture. It will be a significant advantage if you have experience working within delivery teams that use agile methodologies.

As a Security Consultant, you will:

Collaborate & Consult: Act as a primary security advisor for delivery teams, working side-by-side to embed security controls throughout the entire Software Development Life Cycle (SDLC).

Threat Modeling & Design: Champion "Security by Design" by facilitating threat modeling sessions and architectural reviews to identify logic flaws and design risks before code is even written.

Cloud Security Assurance: Validate the security posture of cloud infrastructure and services, ensuring configurations align with industry best practices (e.g., IAM, networking, and container security).

Enable & Automate: Assist engineering teams in integrating automated security testing (SAST/DAST) into their CI/CD pipelines to enable faster, safer releases adhering to DevSecOps principles.

Review & Recommend: Conduct in-depth application security testing to proactively identify vulnerabilities and recommend precise mitigation strategies to developers.

Test & Analyze: Execute manual vulnerability assessments and utilize industry-standard tools (e.g., Checkmarx, Burp, Snyk, Wiz) to continuously analyze our applications and dependencies.

What You'll Bring (Required Skills):

Experience: 2+ years in a security specialist role, vulnerability assessment and penetration testing (optionally).

AppSec Knowledge: Deep understanding of OWASP standards. Exposure to embedding threat modeling in the development lifecycle.

DevSecOps: Experience integrating threat modeling and security checks into the SDLC and reviewing system architecture with delivery teams from security perspective.

Tooling: Proficiency with SAST, DAST, dependency checking, and container tools (e.g., Checkmarx, Burp, Snyk, Wiz), as well as manual vulnerability assessment and mitigation.

Infrastructure: Strong knowledge of Cloud security best practices (preferably Google Cloud Platform), plus basic knowledge of networking, firewalls, virtualization, and OS security.

Operations: Experience handling vulnerability management, patch management, and secret management tools.

Soft Skills: A basic understanding of risk management and excellent English communication skills to collaborate with global cross-functional teams.