Senior Security and Compliance Engineer
Mphasis LtdJob Description
Senior Software Engg - Systems
Job Title: Security & Compliance EngineerDesignation: Senior Software Engineer - Systems
Location: Bangalore SEZ Tower E
Job Summary:
The Security & Compliance Engineer will be responsible for overseeing the complete security and compliance workstream within our organization. This includes threat modeling, FIPS 140-2 integration, NIST SP 800-193 firmware integrity, and the preparation of all security review packages. The role requires a specialist with a deep understanding of security protocols and compliance requirements, ensuring that all systems are secure and compliant with industry standards.
Responsibilities:
- Conduct threat modeling and attack surface analysis for BMC firmware, including Redfish, IPMI, KVM, boot chain, and signing processes.
- Ensure FIPS 140-2 compliance through the integration of FIPS-validated OpenSSL in Yocto, including the selection of cryptographic modules and TLS configuration for management interfaces.
- Implement NIST SP 800-193 firmware integrity measures, focusing on detection, protection, and recovery mechanisms.
- Prepare security review packages for SSRB, LSRB, and BFSRB, including code review artifacts, architecture documentation, CVE posture reports detailing vulnerabilities and their mitigations, and managing remediation responses.
- Generate Software Bill of Materials (SBOM) and conduct license audits for all Yocto/OpenBMC dependencies, preparing OSC submissions as required.
- Provide security review and sign-off on CI/CD signing pipelines and management interface hardening, ensuring robust security measures are in place.
Mandatory Skills:
- Proficient in firmware security architecture, including threat modeling and mitigation design.
- Security
- Strong understanding of FIPS 140-2 compliance and experience with cryptographic library integration.
- Knowledge of NIST SP 800-193 and its application in firmware integrity.
- Experience in preparing security review documentation, including CVE posture reports and remediation response management.
- Familiarity with open source license compliance, including SBOM generation and license audits.
Preferred Skills:
- Knowledge of the EU Cybersecurity Resilience Act (CRA) and its implications for product compliance.
- Experience with EAR/ECCN export control assessments for cryptographic components.
- Ability to coordinate or execute security penetration testing.
- Experience with HSM integration and signing infrastructure.
- Familiarity with CVE triage and patch backport workflow management.
Qualifications:
Bachelor's degree in Computer Science, Cybersecurity, or Electrical Engineering. Relevant certifications such as CISSP, CEH, or CompTIA Security+ are valued but not mandatory.
Prior Work Experience — Examples That Would Be Helpful:
- Developed a formal threat model for an embedded firmware product or IoT device, addressing all network-facing attack surfaces with documented mitigations.
- Integrated a FIPS 140-2 validated cryptographic library into a Yocto-based embedded Linux build and validated compliance.
- Prepared and submitted a formal security review package for a firmware product, including managing remediation response cycles.
- Conducted or coordinated an open source license audit and produced a Software Bill of Materials (SBOM) for a complex firmware project.
About Mphasis:
Mphasis applies next-generation technology to help enterprises transform businesses globally. Customer centricity is foundational to Mphasis and is reflected in the Mphasis’ Front2Back™ Transformation approach. Front2Back™ uses the exponential power of cloud and cognitive to provide hyper-personalized (C=X2C2TM=1) digital experience to clients and their end customers. Mphasis’ Service Transformation approach helps ‘shrink the core’ through the application of digital technologies across legacy environments within an enterprise, enabling businesses to stay ahead in a changing world. Mphasis’ core reference architectures and tools, speed and innovation with domain expertise and specialization are key to building strong relationships with marquee clients.
Equal Opportunity Employer:
Mphasis is an equal opportunity/affirmative action employer. We provide equal employment opportunities to applicants and existing associates and evaluate qualified candidates without regard to race, gender, national origin, ancestry, age, color, religious creed, marital status, genetic information, sexual orientation, gender identity, gender expression, sex (including pregnancy, breast feeding and related medical conditions), mental or physical disability, medical conditions military and veteran status or any other status or condition protected by applicable federal, state, or local laws, governmental regulations and executive orders. View the EEO in the law poster here, view the EEO in the law supplement here. To view the pay transparency nondiscrimination provision please click here and to view the E-Verify posting click here.
Mphasis is committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of disability to search and apply for a career opportunity, please send an email to accomodationrequest@mphasis.com and let us know your contact information and the nature of your request.
Job role
Job requirements
About company
Similar jobs you can apply for
Accounts / FinanceField Installation Engineer
V5 Global
Laptop Technician
Armee InfotechInstallation Engineer
AirtelField Installation Engineer
V5 GlobalField Installation Engineer
V5 GlobalField Installation Engineer
V5 GlobalYou can expect a minimum salary of 0 INR. The salary offered will depend on your skills, experience and performance in the interview.
The candidate should have completed the required education and people who have 5 to 6 years are eligible to apply for this job. You can apply for more jobs in Bengaluru/Bangalore to get hired quickly.
The candidate should have sound communication skills and sound communication skills for this job.
Both Male and Female candidates can apply for this job.
No, it's not a work from home job and can't be done online. You can explore and apply for other work from home jobs in Bengaluru/Bangalore at apna.
No work-related deposit needs to be made during your employment with the company.
Go to the apna app and apply for this job. Click on the apply button and call HR directly to schedule your interview.
The last date to apply for this job is . For more details, download apna app and find Full Time jobs in Bengaluru/Bangalore . Through apna, you can find jobs in 64 cities across India. Join NOW!