Job Description
We are hiring!
Founded by alumni from IIT and ISB, Osfin.ai stands at the forefront as an emerging global B2B SaaS firm. Our core mission is to fully automate the intricate financial operations that enterprises grapple with daily. On this journey, we've collaborated with a diverse clientele, including global banks, premier fintechs, leading e-commerce platforms, and the next generation of unicorns. With our innovative solutions, we've successfully transformed our customers cumbersome FinOps processes, helping them achieve operational and commercial excellence.
Role Overview
We are looking for a Security Engineer to design, implement, and maintain robust security systems that protect our platform, infrastructure, and customer data. This role is critical in ensuring compliance, managing risks, and embedding security best practices across the product lifecycle.
Key Responsibilities
Design and implement secure architecture across cloud-native applications and infrastructure
Conduct threat modeling, vulnerability assessments, and penetration testing
Build and maintain security monitoring, alerting, and incident response frameworks
Implement and manage IAM (Identity & Access Management) policies and controls
Collaborate with engineering teams to integrate secure coding practices (DevSecOps)
Drive compliance initiatives (e.g., SOC 2, ISO 27001, PCI-DSS readiness)
Automate security processes, including CI/CD security checks, SAST/DAST tools
Investigate and respond to security incidents and breaches
Conduct security audits and risk assessments across systems and vendors
Stay updated on emerging threats and recommend proactive measures
Required Qualifications
3 to 8 years of experience in application security/cloud security/infrastructure security
Strong understanding of OWASP Top 10, web application vulnerabilities
Experience with cloud platforms (AWS/GCP/Azure) and securing cloud environments.
Hands-on with tools like Burp Suite, Nessus, Metasploit, Snyk, or similar
Knowledge of network security, encryption, firewalls, VPNs
Familiarity with CI/CD pipelines and DevSecOps practices
Experience with logging, SIEM tools (e.g., Splunk, ELK)
Solid scripting skills (Python, Bash, or similar)
Good to Have
Experience in fintech/payments/banking systems
Exposure to data security, privacy regulations (GDPR, DPDP Act India)
Certifications such as CEH, CISSP, OSCP, or AWS Security Specialty
Experience in container security (Docker, Kubernetes)
Knowledge of zero-trust architecture
What We're Looking For
Strong problem-solving mindset with a proactive approach to security
Ability to work in a fast-paced startup environment
High ownership and ability to drive security initiatives end-to-end
Strong communication skills to work across technical and non-technical teams
Why Join Us
Opportunity to build security from the ground up in a high-growth fintech startup
Work on real-world financial data systems at scale
High ownership, visibility, and impact
