About the Company
Qapita is looking for a strategic and hands-on Lead Security Engineer to own our information security posture. As we scale our Equity Management platform, trust is our most valuable currency.
About the Role
You will be responsible for building a world-class security function that not only ensures compliance with global financial regulations but also embeds security into our product DNA without slowing down innovation. You will mirror the expertise of top-tier leaders in the industry, capable of managing RBI/PCI compliance while simultaneously driving SaaS-specific certifications like SOC 2 and ISO 27001.
Responsibilities
- Enterprise Security Strategy: Define and execute a roadmap that aligns security initiatives with business objectives, presenting risk profiles to the Board and CXOs.
- Regulatory Compliance: Ensure 100% compliance with RBI Master Directions, PCI-DSS, and DPDP Act 2023.
- SaaS Certifications: Lead and maintain SOC 1 & SOC 2 (Type II) and ISO 27001 audits to support enterprise sales cycles and build customer trust.
- Vendor Risk Management: Oversee third-party risk assessments and supply chain security for all partners and vendors.
- Lead customer security due diligence, RFP responses, and enterprise security assurance programs to accelerate sales cycles.
- DevSecOps Integration: Embed security into the CI/CD pipeline, ensuring secure SDLC practices that reduce deployment risk and accelerate delivery.
- Manage end-to-end VAPT programs, including SAST/DAST code scans, bug bounty programs, and manual penetration testing.
- Architect secure frameworks for our Cloud Infrastructure (AWS/Azure) and APIs, ensuring robust defense against modern web threats.
- Direct 24/7 Security Operations, overseeing SIEM, DLP, WAF, and Endpoint Detection & Response (EDR) to ensure rapid threat detection.
- Lead the Incident Response Team (IRT); conduct tabletop drills, red-team exercises, and forensic investigations to minimize mean time to resolution (MTTR).
- Oversee PAM (Privileged Access Management) and Zero Trust implementations.
- Champion cybersecurity awareness programs across the organization to build a human firewall.
- Mentor and scale a high-performing InfoSec team, fostering a culture of continuous learning and proactive defense.
Qualifications
- Experience: 5+ years in Information Security, with at least 2+ years in a leadership role within a FinTech or B2B SaaS environment.
- Compliance Expertise: Deep knowledge of RBI Guidelines (Digital Payment Security), PCI-DSS, and ISO 27001 is non-negotiable. Experience with SOC 2 is highly preferred.
- Technical Proficiency: Hands-on experience with Cloud Security (AWS/Azure), Network Security Architecture, and DevSecOps workflows.
- Operational Excellence: Proven track record of setting up or managing a SOC, including experience with SIEM, EDR, and WAF tools.
Required Skills
- Backend: C#, ASP.NET, MongoDB, Postgres, EventStore
- Frontend: React, TypeScript
- Cloud Services: AWS SQS, AWS S3, AWS EKS
- Messaging and Integration: NServiceBus
- Architecture Patterns: Domain-Driven Design (DDD), Command Query Responsibility Segregation (CQRS), Event Sourcing, Clean Architecture
Preferred Skills
- Experience with vulnerability management and secure coding practices.
- Knowledge of cloud security governance, including CSPM, container/Kubernetes security, and Infrastructure-as-Code (IaC) security controls.
Pay range and compensation package as per industry standards.
Location: Hyderabad, India
