VAPT & Information Security Enginee...

Join Ventura Securities as a VAPT & Information Security Engineer in Thane, and play a crucial role in our digital transformation journey. This hybrid role offers a dynamic environment for cybersecurity professionals passionate about safeguarding our trading and investment platform.

Responsibilities:

Vulnerability Management & Penetration Testing

• Conduct comprehensive vulnerability assessments and penetration testing (VAPT) across web applications, networks, APIs, mobile platforms, AWS cloud environments, and infrastructure.
• Integrate security testing into CI/CD pipelines, including SAST/DAST and dependency/SBOM scans, and manage remediation SLAs effectively.
• Analyze and mitigate common vulnerabilities like OWASP Top 10, SANS 25, and business-logic flaws, while mentoring developers on secure coding practices.
• Prioritize identified vulnerabilities based on risk levels and provide clear, actionable remediation strategies.
• Collaborate with development and infrastructure teams to ensure timely and accurate validation of vulnerability fixes.

Security Assessment & Risk Analysis

• Perform thorough security assessments of client systems, networks, and applications to pinpoint vulnerabilities and security gaps.
• Conduct risk assessments and threat modeling exercises to evaluate potential cyber threats and their impact on business operations.
• Analyze existing security controls and propose improvements aligned with industry best practices.
• Document findings meticulously and present detailed risk assessment reports to stakeholders.

Security Policies & Governance

• Develop, review, and maintain up-to-date information security policies, standards, and procedures.
• Assist in the implementation of security governance frameworks within the organization.
• Ensure security policies are aligned with industry standards and organizational security objectives.
• Support the development of robust incident response plans and business continuity strategies.

Compliance & Security Audits

• Execute security audits and gap assessments against relevant regulatory and compliance frameworks.
• Support compliance initiatives for SEBI CSCRF, ISO 27001, DPDP, GDPR, NIST, and SOC 2.
• Prepare necessary audit documentation and provide assistance during internal and external security audits.
• Monitor compliance status and recommend corrective actions to maintain adherence.

Incident Response Support

• Assist in the investigation of security incidents and cyber threats.
• Analyze logs and security alerts to detect potential attacks.
• Support incident response teams in containment, remediation, and recovery efforts.
• Provide post-incident analysis and recommend enhancements to security measures.

What you'll bring:

• 2-7 years of experience in the Cybersecurity domain.
• Proven hands-on experience with VAPT for Web/Mobile/API, Network, and Cloud assessments.
• Strong understanding of OWASP Top 10 (attacks and defenses).
• Knowledge of security best practices for AWS, Azure, and Google Cloud.
• Experience with data protection and encryption in cloud environments.
• Proficiency with security tools such as Burpsuite, Nessus, Qualys, Metasploit, Nmap, and Trivy.
• Ability to review and configure WAF rulesets in AWS WAF and Modsecurity.
• Working knowledge of cloud security and core AWS components (S3, Load Balancers, Kubernetes, Docker).
• Experience in audit planning and execution, and compliance management for frameworks like SEBI CSCRF, ISO 27001, GDPR, and NIST.
• Detailed understanding of IT General Controls (ITGCs) and their implementation.
• Experience working within the BFSI industry; candidates from the Broking industry will be preferred.

Preferred Certifications:

• Certified Ethical Hacker (CEH)
• ISO27001:LA/LI
• CISA
• CISSP

If you're excited about driving cybersecurity innovation in a fast-paced fintech environment, we encourage you to apply!