Security Engineer

About The Team

The Security Standards team is a part of the central Information security function which is primarily responsible for security standards, secure configuration reviews, architecture reviews, validating efficacy and efficiency of the existing security controls, threat modeling, assessment of the various security controls / technologies based on the gaps identified, security metrics, analytics, automation etc. This team owns the IT Security, Security controls and reviews them on a regular basis to ensure IT/Security controls are working as designed, and all features/capabilities of IT and Security products are being used to the maximum.

The InfoSec Security standards team is responsible for defining new and reviewing existing hardening standards for Flipkart and Group. This function is also responsible for reviewing and approving technical security exceptions against the defined security standards.

About The Role

Flipkart is seeking a skilled, technocrat, motivated, strong security mindset and collaborative Information Security Engineer in the Security Standards team. You will be a strong communicator and influencer, demonstrating curiosity to learn and understand the business.

What You’ll Do

• Specializes in Security Standards Development, meticulously crafting security standards and protocols to fortify digital infrastructures.
• Conducts comprehensive Security Standards Assessments, scrutinizing systems for gaps and vulnerabilities
• Develop standards in accordance with industry recognised standards like CIS (Center for Internet Security), standards implementation and interpretation across FK Group.
• Security review of the architecture for the new projects and existing infrastructure setup.
• Expert in Security Configuration Reviews, ensuring optimal secure configurations and settings to mitigate risks.
• Ensure efficacy of security controls deployed. Work with the technical operations team to understand security controls / tech deployed and come up with recommendations to address gaps and also take full advantage of the deployed technologies.
• Conduct threat modeling based on well known standards / frameworks such as STRIDE, PASTA etc.
• Identifying and defining the requirements of the overall security of the information processing systems.
• Identify security gaps, exposures and develop mitigation plans
• Build and execute on organizations roadmaps
• Automation & Scripting as required.
• Defining and maintaining security procedures, standards,guidelines and procedures as required.
• Executes proactive measures to safeguard against emerging threats and collaborates cross-functionally to maintain cutting-edge security protocols.
  
  

What You’ll Need

• Bachelor’s degree(B.E/B.Tech or M.S/M.Tech) in Information Technology or other related fields.
• At least 3-5 years of working experience in domains related to Information security and with a very strong security mindset.
• Implementation experience in Security technologies (at least 2 years) such as Next Gen Firewall / IDS/ IPS / NAC / Email Security/CASB / EDR / WAF / AV / DLP / ATP / PIM / PAM / DAM / SIEM etc.
• In-depth understanding of networking concepts, protocols and in-depth knowledge of infrastructure, identity and endpoint security technology such as AD, Azure AD, Next Gen Firewall, IDS, IPD, AV, EDR, CASB, WAF, NAC, Wi-fi security, DLP, ATP, SIEM, Proxy etc.
• Proficiency in CIS (Center for Internet Security) standards implementation and interpretation.
• Very good understanding of Operating systems (Windows, MAC, Linux) & VDI etc.
• Knowledge and understanding of security standards, security configuration reviews, secure architecture and cloud security.
• Good understanding of security frameworks, standards such as ISO 27001, NIST, CIS etc.
• Experience in security architecture reviews and driving cross-functional programs.
• Strong skills in security principles such as least privilege access, defence in depth, preventative vs detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response.
• Solid understanding of operational and organizational structures
• Possess of information security certifications such as CEH / ISO 27001 / TOGAF etc.
• Excellent problem solving, interpersonal,communication and presentation skills.
• Able to work independently and efficiently, as well as with others, to meet deadlines in a fast-paced environment.