The Job logo

What

Where

Risk Analyst (Security Engineering)

ApplyJoin for More Updates

You must Sign In before continuing to the company website to apply.

Smart SummaryPowered by Roshi
Join our Product Security team as a skilled Risk Analyst & Vulnerability Management professional. Assess and mitigate security risks for mobile and web applications. Manage Vulnerability Management Lifecycle, implement effective mitigation strategies, and promote security awareness. Bachelor's degree in Computer Science or Information Security required. Certification in CEH, CISSP, CISM, or CISA is advantageous. Apply now!

Desired Qualifications and Skills set-

We are seeking a skilled and motivated Risk Analyst & Vulnerability Management professional to join our Product Security team. The ideal candidate will be critical in assessing and mitigating security risks associated with our mobile and web applications. You will be responsible for managing Vulnerability Management Lifecycle through risk analysis, vulnerability prioritization, and working collaboratively with development teams to implement effective mitigation strategies and maintain the overall SLA.

Key Responsibilities:

  • Risk Assessment: Perform comprehensive risk assessments for our mobile & web applications, prioritising vulnerabilities and security risks and driving effective mitigation/remediation strategies. Evaluate risks based on their potential impact, likelihood, and business context, and provide actionable and time-bound recommendations for mitigation.
  • Vulnerability Management: Maintain Vulnerability Management Lifecycle as per organisation standards with reference to industry standards and practices. Analyse scan results, prioritise vulnerabilities based on risk and collaborate with development teams to coordinate timely remediation efforts.
  • Mitigation Strategies: Collaborate closely with development teams to define and implement effective mitigation strategies for identified vulnerabilities. Assist in the design and implementation of secure coding practices and application security controls.
  • Security Awareness: Provide guidance and training to development teams on risk assessment methodologies, vulnerability management best practices, and secure coding principles. Promote a culture of security awareness and proactive risk management.
  • Reporting and Documentation: Maintain detailed records of risk assessments, vulnerability assessments, and mitigation efforts. Generate clear and concise reports and documentation for stakeholders, including management, development teams, and auditors.
  • Collaboration: Work collaboratively with cross-functional teams, including developers, quality assurance engineers, and IT personnel, to ensure that security considerations are integrated throughout the software development lifecycle.
  • Continuous Improvement: Stay informed about emerging security threats, vulnerabilities, and industry trends. Identify opportunities to enhance vulnerability management processes and risk assessment methodologies.

Qualifications:

  • Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).
  • Proven experience in risk analysis, vulnerability management, and application security, with a focus on identifying and mitigating vulnerabilities in mobile & web applications.
  • Familiarity with vulnerability scanning tools, penetration testing methodologies, and risk assessment frameworks.
  • Strong understanding of application security principles, secure coding practices, and common software vulnerabilities (e.g., OWASP Top Ten).
  • Excellent analytical skills, with the ability to assess risks and prioritise based on potential impact and likelihood.
  • Effective communication skills, including the ability to convey technical concepts to technical and non-technical stakeholders.
  • Familiarity with regulatory compliance standards (e.g., GDPR, HIPAA) and industry security frameworks (e.g., NIST, ISO 27001) is a plus.
  • Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) are advantageous.
  • Self-motivated and capable of working independently, as well as collaboratively within a team environment.
Set alert for similar jobsRisk Analyst (Security Engineering) role in Bengaluru, India
PhonePe Logo

Company

PhonePe

Job Posted

a year ago

Job Type

Full-time

WorkMode

On-site

Experience Level

0-2 years

Category

Software Engineering

Locations

Bengaluru, Karnataka, India

Qualification

Bachelor

Applicants

Be an early applicant

Related Jobs

PayU Logo

Business Analyst - Credit Risk

PayU

Bengaluru, Karnataka, India

Posted: 6 months ago

Business Analyst - Credit Risk role at PayU, Bengaluru, Karnataka, India, requiring 6+ years of experience. Conduct analytics to develop credit risk strategies, analyze portfolio dynamics, provide risk assessment, and ensure sound credit control. Collaborate with cross-functional teams to drive key metrics and business performance. Full-time hybrid opportunity.

Snowflake Logo

Senior Security Compliance Risk Analyst

Snowflake

Pune, Maharashtra, India

Posted: a year ago

JOB DESCRIPTION Build the future of data. Join the Snowflake team. AS THE Senior Security Compliance Specialist (SOX - ITGC), YOU WILL Support Snowflake business teams to achieve and maintain their security and compliance posture in accordance with regulatory requirements including for example Service Organization Control (SOC), FedRAMP, PCI-DSS, Sarbanes Oxley (SOX) etc. Validate on-going compliance of policies and process / procedures in support of requirements and ensure that controls are operating effectively. Responsible for quality and on-time execution of periodic audit activities such as user access reviews, cloud security group review, etc. Collaborate closely with internal stakeholders to ensure compliance across various systems as well as interact with auditors to provide audit assurance Assist with development of technical security risk and compliance documentation to create repeatable audit artifacts. Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence. Assist with other GRC activities as required. Review, develop, execute, and maintain security policies and procedures for compliance Document and Communicate status and compliance effectiveness to management on a regular basis. OUR IDEAL Sr Security Compliance Specialist WILL HAVE: 8+ years of Compliance, Security or Audit experience in a cloud environment Must have proven experience supporting and driving assessments or audits for cloud platforms (AWS, Azure, and GCP) and major front and middle-office SaaS platforms Prior experience with managing other security compliance audits of cloud environments against security frameworks like SOC1 & 2,SOX, ISO 27001, PCI DSS, FedRAMP, NIST 800-53 etc. is a plus. Ability to organize, conduct and drive meetings and outcomes with little to no manager involvement. Must be aware of and deliver quality stakeholder engagement experience. Ability to work efficiently and independently in a fast-paced, innovative environment. Excellent written and verbal communication skills. Effective analytical and problem solving skills. Proactive and detail oriented team player. Experience working with Internal and External Audit teams Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space. BONUS POINTS FOR EXPERIENCE WITH THE FOLLOWING Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP Proficiency in use of JIRA, Confluence.