Business Function
Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.
Job Purpose
The purpose of this job role is to manage IT Security with strong hands-on capabilities across Application Security, Vulnerability Management, DevSecOps, and Red Teaming. The role requires end-to-end ownership from security design and troubleshooting to project execution, compliance monitoring, and continuous improvement of the security posture.
Key Accountabilities
- Vulnerability management and Penetration Testing
- Application security
- Virtualization and container technologies (Docker, Kubernetes, OpenShift)
- API Security, Red Teaming & Security Testing
- CI/CD assessment
- IS Related compliance and regulatory reporting
Job Duties & Responsibilities
Application Security
- Lead application security assessments including SAST, DAST, IAST, SCA, and manual code reviews
- Identify, validate, and prioritize application security vulnerabilities and guide remediation with development teams
- Ensure secure design and implementation aligned with OWASP Top 10, ASVS, and secure coding standards
- Review application architecture and data flows from a security perspective
Vulnerability Management
- Own the end-to-end vulnerability management lifecycle across applications, infrastructure, cloud, and endpoints
- Perform vulnerability validation, risk-based prioritization, exception handling, and closure tracking
- Coordinate with multiple stakeholders to ensure timely remediation and SLA adherence
- Provide management-level reporting on vulnerability trends, risk exposure, and remediation status
DevSecOps
- Integrate security controls into CI/CD pipelines (e.g., code scanning, dependency scanning, secrets management)
- Enable shift-left security by embedding security checkpoints in development and deployment processes
- Work closely with DevOps teams to automate security testing and compliance checks
- Define and enforce secure SDLC and DevSecOps governance
Red Teaming & Security Testing
- Coordinate and manage red team / penetration testing exercises (internal and external)
- Validate findings, assess business impact, and track remediation to closure
- Support purple team activities to improve detection and response capabilities
- Conduct root cause analysis and provide improvement recommendations
Compliance & Governance Monitoring
- Monitor and ensure compliance with internal security policies, standards, and regulatory requirements
- Support audits, assessments, and regulatory reviews by providing evidence and technical clarifications
- Track security issues, risk acceptances, and remediation plans across all security domains
Troubleshooting & Project Ownership
- Act as a senior escalation point for complex security issues and incidents
- Lead security initiatives and projects from planning and execution to closure
- Coordinate with cross-functional teams to resolve security gaps without impacting business timelines
Requirements
- 812+ years of experience in IT / Information Security, with strong hands-on exposure
- Deep understanding of Application Security, Vulnerability Management, DevSecOps, and Red Teaming
- Strong knowledge of web, API, cloud, and infrastructure security
- Experience working with security tools (SAST/DAST/SCA, vulnerability scanners, CI/CD tools)
- Solid understanding of security frameworks and standards (OWASP, NIST, ISO 27001, PCI DSS preferred)
- Ability to translate technical security issues into business and risk impact
- Strong stakeholder management and communication skills
Education / Preferred Qualifications
- Graduation: BE IT/Computers/Electronics, B.Sc - Computers, M.Sc - Computers
- Post-Graduation: PGDIT, MCA, MBA
- Certification like CISSP, CISM, SANS, OSCP/OSCE and CREST (Prefered)
Core Competencies
- Excellent analytical and decision-making skill sets
- Effective in Communication, documentation and report writing skills
- Ability to consult and validate solutions to mitigates risks to business and systems
Technical Competencies
- VAPT - Rapid7, Nessus, Metasploit, QualysGuard, Burpsuite ,CI/CD tool etc
- Technical working knowledge (WAF, HIDS, IPS, Firewall, Networking
- SAST: Checkmarx, Fortify, Veracode, SonarQube , DAST: Burp Suite, OWASP ZAP, AppScan
- SCA: Black Duck, Snyk, WhiteSource (Mend)
- API Security: Postman, Burp, OWASP API tools
Primary Location
India-Maharashtra-Mumbai
Job
Technology
Schedule
Regular
Job Type
Full-time
Job Posting
Jan 30, 2026, 2:30:00 AM
