As an
Information Security Engineer,
you will play a crucial role in safeguarding the organization's information systems and data assets. Your responsibilities will include implementing security measures, conducting risk assessments, monitoring security incidents, and developing strategies to enhance our overall cybersecurity posture. The ideal candidate will possess strong technical expertise in information security, stay current with industry trends, and collaborate effectively with cross-functional teams to ensure the integrity and confidentiality of our systems
Roles & Responsibilities
- Cloud Security: Design, implement, and manage cloud-native security controls across AWS and Azure (IAM, security groups, VPC security, Guard Duty, Azure Security Center).
- Application Security: Collaborate with development teams to embed security into the SDLC (secure code reviews, threat modeling, SAST/DAST/SCA integration).
- DevSecOps: Partner with DevOps to integrate security in CI/CD pipelines, IaC templates (Terraform, CloudFormation, ARM), and containerized workloads (Docker, Kubernetes).
- Security Monitoring & Response: Monitor and respond to security alerts across cloud and application environments, investigate incidents, and implement corrective actions.
- Security Tools Management: Manage and maintain security tools such as firewalls, SIEM, IDS/IPS, CSPM, and vulnerability management platforms.
- Compliance & Best Practices: Ensure systems adhere to regulatory and industry standards (ISO 27001, NIST, CIS, GDPR).
- Awareness & Training: Promote security awareness within engineering teams, and ensure secure practices in design and deployment.
- Continuous Improvement: Stay updated on emerging threats, cloud vulnerabilities, and evolving security best practices.
- Endpoint Security (Secondary): Provide guidance on endpoint security practices and tools (Sentinel One, Microsoft Defender)
as needed.
Technologies & Skills Required
- Strong knowledge of cloud security principles (AWS & Azure).
- Hands-on experience with CSPM tools (e.g., Prisma Cloud, Wiz, Orca) and SIEM/IDS/IPS platforms.
- Familiarity with container and Kubernetes security.
- Experience with CI/CD security integrations (Snyk, GitHub Advanced Security, or equivalent).
- Strong understanding of network security, encryption, and identity/access management.
- Experience with application security testing tools (SAST, DAST, SCA).
- Knowledge of security frameworks and standards (ISO 27001, NIST, CIS).
- Familiarity with endpoint security tools (Sentinel One, Microsoft Defender) is a plus.
- Excellent analytical and problem-solving skills.
- Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+ are a plus.
What can you look for
A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being at Xoxoday.
We are
Xoxoday is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Xoxoday offers a suite of three products - Plum, Empuls, and Compass. Xoxoday works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Xoxoday is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.
Way forward
We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status
