The Enterprise Security Engineer will be responsible for designing implementing and maintaining robust security measures specifically for Razorpays Enterprise IT tools and systems. You will proactively identify and mitigate potential threats conduct vulnerability assessments and incident response related to these tools ensuring that they remain resilient against evolving cyberattacks. You will also play a key role in designing and evaluating secure IT architectures and access control mechanisms.
Key Responsibilities:
- Security Architecture: Design and implement security solutions tailored to Razorpays Enterprise IT tool ecosystem. Continuously monitor and analyze security threats vulnerabilities and risks specific to Enterprise IT tools. Develop strategies to proactively mitigate potential attacks.
- Risk Assessment and Mitigation:
- Conduct regular risk assessments to identify and evaluate potential compliance risks.
- Develop and implement effective risk mitigation strategies.
- Monitor and report on the effectiveness of risk mitigation measures.
- Policy and Procedure Development:
- Create and maintain clear and concise policies procedures and standards for IT compliance.
- Ensure that policies and procedures are communicated and understood across the organization.
- Enterprise IT Security Architecture:
- Review and evaluate secure network architectures including segmentation firewalls and intrusion detection/prevention systems (IDS/IPS).
- Review and evaluate secure CI/CD pipelines that incorporate automated security testing and compliance checks.
- Implement and manage encryption solutions for data at rest and in transit.
- Access Control and Identity Management:
- Copartner and manage robust Identity and Access Management (IAM) solutions including multifactor authentication (MFA) and rolebased access control (RBAC).
- Develop and maintain privileged access management (PAM) systems and processes.
- Copartner and manage Single SignOn (SSO) solutions across the organizations technology stack.
- Compliance Automation:
- Develop scripts and tools to automate compliance checks and generate reports for PCI DSS SOC 2 and other relevant standards.
- Implement continuous compliance monitoring using infrastructureascode and policyascode approaches.
- Integrate compliance requirements into our DevOps workflows and CI/CD pipelines.
- Develop custom rules and policies within the compliance monitoring tool to address Razorpayspecific requirements.
- Integrate the compliance monitoring tool with our existing security and IT infrastructure including SIEM vulnerability scanners and asset management systems.
- Create dashboards and reports that provide realtime visibility into our compliance posture.
- Incident Response:
- Develop and maintain an incident response plan for security and compliance incidents.
- Lead incident response efforts ensuring timely and effective resolution.
- Collaboration:
- Collaborate with IT security legal and other relevant teams to ensure compliance integration into daily operations.
- Build strong relationships with internal and external stakeholders including auditors and regulators.
Qualifications and Skills:
- Bachelors or Masters degree in Computer Science Information Systems or a related field.
- 610 years of experience in IT compliance security or risk management roles.
- Deep understanding of network protocols OSI model and common attack vectors.
- Good to possess relevant IT certifications such as CISSP CISM.
- Good understanding of PCI DSS SOC 2 and other relevant regulatory frameworks.
- Proven experience in developing and implementing IT compliance programs.
- Handson experience with IT tools such as access management systems (e.g. Okta Azure AD) software asset management (SAM) solutions and vulnerability scanners.
- Excellent analytical problemsolving and riskassessment skills.
- Strong written and verbal communication skills including the ability to communicate complex technical concepts to nontechnical audiences.
compliance,it,security,compliance monitoring,enterprise,incident response