Security Engineer

Software Test Engineering II-SUPPORT SERVICES-Applications-CTB

Kotak is at the forefront of technological transformation, building high-performance, scalable & secure systems that deliver a world-class banking experience for our customers.

Our Platform Engineering team is the backbone of the organization, crafting the infrastructure and tools that fuel our product development. We are a collaborative and dynamic team of engineers who are obsessed with delivering exceptional developer experiences. We foster a culture of innovation, where experimentation is encouraged, and everyone contributes to our shared success.

We are seeking a skilled Security Engineer to join our Platform Engineering team. You will be instrumental in safeguarding our applications & services by designing, implementing, and maintaining robust security measures. This role requires a deep understanding of security principles, a proactive mindset, and a passion for protecting sensitive information.

Responsibilities:

• Design and implement security architectures, standards, and policies aligned with industry best practices.
• Conduct thorough threat modelling to proactively identify potential vulnerabilities and risks at the early stages of development.
• Execute security assessments, vulnerability scans, and penetration testing to uncover and mitigate risks effectively.
• Develop and maintain robust security tools and automation to streamline security processes and enhance efficiency.
• Implement proactive security monitoring and incident response processes, conduct in-depth root cause analysis, and implement corrective actions to prevent recurrence.
• Collaborate seamlessly with development teams to embed security into the software development lifecycle (DevSecOps) and foster a security-first culture.
• Define and track key security metrics to measure the effectiveness of security initiatives and drive continuous improvement.
• Stay up to date with the ever-evolving security landscape, emerging threats, and cutting-edge technologies to safeguard our systems.

Qualifications:

• Bachelor's degree in Computer science, Information Security, or a related field.
• Expertise in integrating security testing tools (SAST, DAST, SCA) into the development environment to ensure early vulnerability detection.
• Proficiency in security frameworks and standards (e.g., OWASP Top 10, NIST, CIS, ISO 27001) to ensure compliance and best practices.
• Proficiency in scripting languages (PowerShell, Bash, etc.) and programming languages like Java, Python to facilitate automation and integration.
• Knowledge of cloud security (AWS, GCP, Azure) to protect cloud-based infrastructure and data.
• Experience with security tools (e.g., vulnerability scanners, intrusion detection systems) to identify and address threats effectively.
• Strong analytical and problem-solving skills to address complex security challenges.

Preferred Qualifications:

• Certifications (e.g., CISSP, CISA, CISM) to demonstrate advanced security knowledge and expertise.
• Experience with DevSecOps practices and tools to foster a collaborative security approach.