Security Engineer ll

About the Role

Kroll is seeking a skilled Security Engineer II to join our Information Security (InfoSec) team in Mumbai, India. This pivotal role will focus on coordinating and managing penetration testing activities to safeguard the integrity and security of our systems. You will collaborate closely with external penetration testing vendors, meticulously track project progress, and contribute to the broader Information Security program through a variety of essential tasks.

This position requires adherence to UK shift hours to facilitate seamless collaboration with international teams.

Key Responsibilities

• Demonstrate a comprehensive understanding of red team, blue team, and purple team testing methodologies and concepts.
• Develop and establish robust Threat Models and Risk Assessments for internal infrastructure, networking, and applications.
• Contribute to the creation and enhancement of internal testing scenarios to identify areas for security improvement.
• Conduct internal testing to validate identified risks, demonstrate exploitability, and provide expert advice on prevention strategies against discovered attack vectors.
• Validate the effectiveness of applied security mitigations through rigorous testing.
• Perform security assessments in conjunction with the Security Architecture team across our diverse applications and technical solutions.
• Collaborate effectively with Infrastructure, Application, and Network Engineering teams to remediate identified security findings.
• Assist in the drafting and maintenance of essential security-related documentation.
• Possess a strong understanding of networking concepts and application connectivity within public cloud environments, including experience with mTLS and REST APIs.
• Exhibit knowledge of OSI Layer 7 security controls and Web Application Firewalls (WAFs).
• Periodically assist in researching and investigating Root Cause Analyses (RCAs) for security incidents.
• Lead and mentor other security architecture team members on weekly tasks within your functional area.

Qualifications

• Minimum of 3-4 years of experience in technology engineering or security tool engineering roles.
• Minimum of 3-4 years of experience in Information Security Infrastructure and/or Application Security Testing.
• Bachelor's degree in a relevant field from an accredited institution.
• Excellent written and verbal communication skills in English.
• Strong research and project management capabilities.
• Ability to plan and execute tasks independently with minimal supervision.
• Proven ability to multitask and prioritize across a range of projects, adapting to changing priorities.
• Exceptional time management and organizational skills.
• Demonstrated commitment to achieving outstanding results.
• High degree of personal integrity and the ability to manage confidential and sensitive information with discretion.