Job Description

Lead - Infrastructure Security Testing Work Location: Mumbai Position Overview: The Lead for Infrastructure Security Testing will be responsible for leading and executing comprehensive security assessments, including vulnerability assessments, penetration testing, configuration audits, SCD creation/review and firewall rule base reviews. This role requires deep technical expertise, leadership skills, and the ability to mentor a team while ensuring the highest standards of security testing practices. Key Responsibilities: Conduct vulnerability assessments and penetration testing for networks, systems, and applications, with a focus on banking and NBFC environments. Develop tailored exploitation scenarios and provide actionable remediation recommendations specific to the financial sector. Perform configuration audits for servers, databases, and network devices against industry standards and financial compliance requirements. Audit firewall rulebases to ensure compliance, optimize rules, and enhance access control mechanisms in banking and NBFC infrastructures. Lead and mentor a team of security analysts, ensuring quality and timely delivery of assessment projects in the financial domain. Collaborate with stakeholders to communicate findings and remediation strategies effectively, addressing regulatory and business requirements. Stay updated on emerging security threats, tools, and methodologies relevant to the banking and NBFC sectors. Automate repetitive testing tasks to improve efficiency and accuracy for financial environments. Ensure alignment with compliance frameworks such as PCI-DSS, RBI guidelines, ISO 27001, and SOC2. Maintain detailed documentation for assessments, findings, and mitigation efforts in financial and NBFC systems. Qualifications and Skills: Bachelor s degree in Computer Science, Information Security, or a related field. 3+ years of experience in infrastructure security testing, with at least 1 years in a lead role. In-depth knowledge of: o Vulnerability assessment, Configuration Audit and penetration testing tools (e.g., Nessus, Qualys, Metasploit, Burp Suite). o Network and system configuration standards. o Firewall technologies and rule base optimization. Strong knowledge of security frameworks and best practices (e.g., NIST, CIS). Excellent problem-solving, communication, and interpersonal skills. Ability to manage multiple projects and deadlines effectively. Preferred Skills: Knowledge of scripting and automation (e.g., Python, Bash).