Kotak is at the forefront of technological transformation, building high-performance, scalable & secure systems that deliver a world-class banking experience for our customers.
Our Platform Engineering team is the backbone of the organization, crafting the infrastructure and tools that fuel our product development. We are a collaborative and dynamic team of engineers who are obsessed with delivering exceptional developer experiences. We foster a culture of innovation, where experimentation is encouraged, and everyone contributes to our shared success.
We are seeking a skilled Security Engineer to join our Platform Engineering team. You will be instrumental in safeguarding our applications & services by designing, implementing, and maintaining robust security measures. This role requires a deep understanding of security principles, a proactive mindset, and a passion for protecting sensitive information.
Responsibilities:
- Design and implement security architectures, standards, and policies aligned with industry best practices.
- Conduct thorough threat modelling to proactively identify potential vulnerabilities and risks at the early stages of development.
- Execute security assessments, vulnerability scans, and penetration testing to uncover and mitigate risks effectively.
- Develop and maintain robust security tools and automation to streamline security processes and enhance efficiency.
- Implement proactive security monitoring and incident response processes, conduct in-depth root cause analysis, and implement corrective actions to prevent recurrence.
- Collaborate seamlessly with development teams to embed security into the software development lifecycle (DevSecOps) and foster a security-first culture.
- Define and track key security metrics to measure the effectiveness of security initiatives and drive continuous improvement.
- Stay up to date with the ever-evolving security landscape, emerging threats, and cutting-edge technologies to safeguard our systems.
Qualifications:
- Bachelor's degree in Computer science, Information Security, or a related field.
- Expertise in integrating security testing tools (SAST, DAST, SCA) into the development environment to ensure early vulnerability detection.
- Proficiency in security frameworks and standards (e.g., OWASP Top 10, NIST, CIS, ISO 27001) to ensure compliance and best practices.
- Proficiency in scripting languages (PowerShell, Bash, etc.) and programming languages like Java, Python to facilitate automation and integration.
- Knowledge of cloud security (AWS, GCP, Azure) to protect cloud-based infrastructure and data.
- Experience with security tools (e.g., vulnerability scanners, intrusion detection systems) to identify and address threats effectively.
- Strong analytical and problem-solving skills to address complex security challenges.
Preferred Qualifications:
- Certifications (e.g., CISSP, CISA, CISM) to demonstrate advanced security knowledge and expertise.
- Experience with DevSecOps practices and tools to foster a collaborative security approach.
