Information Security Engineer (GRC)

About Bureau

Every day, billions of people interact, shop, and transact online - but behind the convenience lies a growing problem: digital fraud and mistrust. Global losses now exceed US$486B annually, and the questions businesses face are simple yet critical: Who are you and Can I trust you Bureau answers those questions

.
Bureau is an all-in-one platform for identity decisioning, fraud prevention and compliance requirements. Trusted for enhancing security and compliance, Bureau simplifies identity management for businesses. This is a place where we celebrate homegrown leaders and have an open-door policy where your voice matters, your ideas flourish, and your potential knows no bounds. We are driven to put our best foot forward every day with confidence, growth, customer obsession and speed as our core values here at Bureau. Think of us as a launching pad for your growt

h.
In just a few years, our knowledge graph has grown to 1 billion+ verified identities globally. Backed by by Sorenson Capital, Blume, and PayPal Ventures, Bureau is not just scaling fast; we're shaping the future of digital tru

st.
About the Role - Application Security Engi

neer
We are looking for a Security Engineer who can own both the hands-on technical security stack and our governance/compliance prog

rams.
What you'll be

doing
In this role, yo

• u will:
  Harden and monitor our cloud & container infrastructure (AWS/EKS, endpoints, n
• etwork).Run vulnerability management, security tooling and incident r
• esponse.Help maintain our ISMS and support audits (ISO 27001, SOC 2, RBI, DPDP

, etc.).
This is ideal for someone who doesn't want to be only checklist GRC or only pure blue-team, but wants a blended role across security engineering + GRC.Key Respons

ibilities
1. Cloud & Infrastructure Security

• (Hands-on)Work with DevOps to secure our AWS/EKS en
• vironment:IAM hardening, security groups, VPC, KMS, S3,
• RDS, etc.Review infra-as-code (Terraform/Helm) for security issues and misconfi
• gurations.Own or co-own key secur
• ity tools:Endpoint / EDR (e.g., CrowdStrike / Sen
• tinelOne),Cloud security (CSPM / CNAPP, GuardDuty, Security Hub, W
• AF, etc.),Container / runtime security where a
• pplicable.Implement and maintain logging & monitoring for security events (CloudTrail, ALB/NLB logs, K8s logs, etc.), and integrate them with SIEM /

alerting.
2. Vulnerability Management & Security

• OperationsOwn the vulnerability management
• lifecycle:Run periodic scans for cloud, endpoints, container
• s and apps.Triage findings, prioritise based on risk, and drive closure with e
• ngineering.Coordinate external pentests / bug bounties and track r
• emediation.Support inciden
• t response:Help investigate alerts, gather evidence, and contribute to RC
• A and CAPA.Maintain and update inciden

t runbooks.
3. Governance, Risk & Compliance (ISMS, A

• udits, DPDP)Maintain and enhance the Information Security Management Sy
• stem (ISMS):Policies, procedures, SoA, risk register, control evidence and a
• udit trails.Support internal and external audits: ISO 27001, SOC 2, RBI/CERT-In, Data
• Protection.Prepare and manage audit evidence, observations, closure reports and certification do
• cumentation.Assist with risk
• assessments:Maintain the risk register, risk treatment plans and residual r
• isk reviews.Conduct vendor security due diligence and maintain vendor security records (MSA, NDA, DPA,
• DPIA, etc.).Support privacy & regulatory compliance operations (GDPR/DPDP basics: retention, consent, grievan

ce logging).
4. Access, Asset & Cont

• rol AssuranceParticipate in and help automate access reviews, asset inventory checks, and configuration compl
• iance checks.Track control performance (vuln SLAs, access reviews, backup tests, etc.) and ensure gaps are documente
• d and closed.Maintain security awareness and training trackers (onboarding, annual refreshers, phishing

simulations).
Wha

• t You'll Bring
  Bachelor's degree in Computer Science, IT, Cybersecurity or rela
• ted discipline.24 years of experience in security engineering, cloud security, or GRC/compliance (any mix, but must be comfort
• able hands-on).Good un
• derstanding of:Security engineering fundamentals: Linux, networking, IAM, encryption, l
• east privilege.Cloud platforms (AWS preferred; GCP/Azure a plus) and their sec
• urity services.Core frameworks: ISO 27001, SOC 2, basic risk management and a
• udit lifecycle.Co
• mfortable with:Writing/debugging basic scripts (Bash/Python) for automation and d
• ata extraction.Tools like Jira, Confluence, Excel/Sheets and at least one GRC / security platform (e.g., Scrut/Drata/Secu
• reframe, etc.).Strong documentation skills and ability to talk to both engineers and non-technica

l stakeholders.
Preferred (Good to Have) /

• Willing to LearnCloud security certifications (e.g., AWS Security / AWS Clou
• d Practitioner).ISO 27001:2022 Lead Auditor/Implementer, CompTIA Sec
• urity+, ISC2 CC.
• Experience wit
• h:EDR/XDR tools,CSPM/CNAPP (e.g., Wiz, Prisma, Defe
• nder for Cloud),SIEM, WAF, runtime/container securit
• y (Falco, etc.).Exposure to GDPR/DPDP or other data pro

tection reg

• imes.
  Who You A
• re
  You enjoy both:Getting your hands dirty in logs, configs and c
• loud consoles, andKeeping things clean in policies, risk registers a
• nd audit trackers.You're structured and process-oriented, but still pragmatic and capable of ship
• ping improvements.You're comfortable collaborating with DevOps, backend, data, HR and legal to get security actually implemented, not
• just written down.You want to grow into either Security Engineering leadership (owning tools/architecture) or GRC leadership (owning audits and certifications) over t

he next few years.
What Working a

t Bureau Looks Like
At Bureau, work is about building something meaningful, together. Some days it's brainstorming around a whiteboard, other times it's an idea sparked over chai or in a hallway chat. We move fast, give ownership to those closest to the problem, and turn ideas

into action quickly.Our values shape how we work and win together. We believe in Teamwork and Respect that build strong collaborations, Urgency that keeps us close to customer needs, and a Solution Mindset that drives innovation. With Transparency at the core, we strive for Excellence in everything we do and bring relentless Drive to achieve impactful outcomes. This is what working at Bureau looks like - fast, focused,

and built on trust.
Flexibility is built into how we work, helping you balance deep focus with collaboration. Learning never stops: through books, courses, and knowledge-sharing. And well-being matters too, with healthcare for

you and your family.
Here, you don't just build products that protect millions - you build trust, grow your skills, and work with people

who've got your

back.
Why Join Bureau
At Bureau, you'll be part of a mission with real global impact: creating digital trust that allows businesses and people to transact safely,

• fairly, and confidently.
  Work with purpose: Build tools that reduce fraud, expand access to credit, and protect
• people from digital harm.Cutting-edge tech: Solve problems using AI, risk intelligence, and graph-based
• systems at global scale.Massive scale, real-world impact: Your work will directly contribute to protecting millions of people
• and businesses worldwide.Room to grow: Join a company scaling 4x YoY, where ownership and
• bold ideas are rewarded.Culture that empowers: Flexible work hours, fast-paced environment, and a team that val
• ues speed and innovation.Life at Bureau: From offsites and team outings to Friday snacks and friendly table tennis rivalries, we make sure there's energy, fun, an