InfoSec III

About Clear The journey of simplicity throughout the last decade urged us to make things clear so that its easier done than said. Clear today is Indias leading fintech SaaS platform, serving 3K+ enterprises, 6L+ SMEs, and 5M+ individuals, with our ITR, GST, e-Invoicing products, and more. While the journey has not been easy, it has been transforming. Founded in 2011, the decade-long journey of ClearTax defines growth. Starting with just 3 tech products related to tax and filing, we now build mobile and web-based SaaS products for invoices, taxes, payments, and credit and augment them with strong advanced analytics and artificial intelligence. We are also a Series C-funded startup with a strong team of 1000+ members, and as we continue to evolve into a world of new-financial solutions, were looking for individuals with perspectives to join our team. Role Overview: This role is part of the Information Security Team, Engineering division of Clear! India. This person will be responsible to secure all enterprise and cloud infra and services, educating IT and DevOps teams in fixing the issues, and making sure the infrastructure is compliant to different security standards and compliances as we will have to provide these details to our corporate customers as a part of their onboarding process. You will be a critical resource in driving Clears Data Protection programs. You will work with team members across the organization to deliver world-class services which improve Clear s security posture. Youll make key technical decisions and communicate them effectively. You will own solutions and drive projects delivering those solutions through to completion. We are looking for someone with a high level of technical talent with an emphasis on infrastructure services, proxy systems, networking technologies, automation/scripting, and experience with APIs who can help our team deliver in an extremely fast-paced environment. Duties Responsibilities: Self-starter; demonstrates personal initiative and willingly assumes responsibility and ownership. Ability to drive efforts based on organizational priorities with minimal management oversight. You will partner with architects, engineers, devops, site reliability engineers across the organization; perform security design assessments, paint the overall risk picture, and help find solutions for the risks and vulnerabilities you identify. As a domain expert across infrastructure, data platforms, and network security you will define reusable security patterns, control requirements, and lead security improvement initiatives on internal and member-facing services and infrastructure that support our members and employees. You will be successful if ClearTax! continues to build infrastructure that is secure. Guide the technology organizations security and privacy initiatives by participating in reviews. Perform security reviews, evaluations, risk assessments, and monitoring on a regular basis to ensure exceptions and violations are identified and addressed during desktop and onsite audits Execute various security initiatives in not only application security but also in other security domains. Ability to solve problems at their root and step back to understand the broader context. Develop and deliver security training across the company. Ability to implement and drive information and data security initiatives. Develop and interpret security policies and procedures. Perform and oversee Information Security Policy Framework Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25. Manage multiple projects and efforts at the same time. Experience in providing practical solutions that enable product teams to meet business goals while controlling security risk. Provide direction to junior members of the team. Deep understanding of the interplay between attack and defense. Familiarity with current network security and application security tools and how to apply them. Ability to promote secure design principles and a security-focused outlook across a large organization. Plan and assist in developing strategic direction for information security and compliance initiatives. Perform end-to-end application security reviews to ensure critical information is appropriately protected. Identify security vulnerabilities and risks, and develop mitigation plans. Provide security architecture and design consultations to product teams, to help them build applications that are secure from the start. Evaluate and recommend new and emerging security technologies for use inside and outside the security organization. Job Requirements / Qualifications: Bachelor s degree + 6 years in a technical discipline. Any relevant certifications such as CISM, CISSP, CSSLP, AWS Security Specialty, AZ-500, etc. Experience with one or more programming languages like C, C++, GoLang, and Java development environments. Strong knowledge of computer security principles and best practices. Knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security. Experience with Information Security Policy and Procedure development and implementations Knowledge of common security-related protocols and their design (i.e. SSH, IPsec, TLS, etc.). Familiarity with security tools like Nessus, Snort, and OpenVAS. Strong English (both oral and written) skills and strong problem-solving skills. Having Security Certification will be an added plus.