Infra PT

Job Description: Lead - Infrastructure Security Testing

Work Location: Mumbai

Position Overview: The Lead for Infrastructure Security Testing will be responsible for leading and executing comprehensive security assessments, including vulnerability assessments, penetration testing, configuration audits, SCD creation/review and firewall rule base reviews. This role requires deep technical expertise, leadership skills, and the ability to mentor a team while ensuring the highest standards of security testing practices.

Key Responsibilities:

· Conduct vulnerability assessments and penetration testing for networks, systems, and applications, with a focus on banking and NBFC environments.

· Develop tailored exploitation scenarios and provide actionable remediation recommendations specific to the financial sector.

· Perform configuration audits for servers, databases, and network devices against industry standards and financial compliance requirements.

· Audit firewall rulebases to ensure compliance, optimize rules, and enhance access control mechanisms in banking and NBFC infrastructures.

· Lead and mentor a team of security analysts, ensuring quality and timely delivery of assessment projects in the financial domain.

· Collaborate with stakeholders to communicate findings and remediation strategies effectively, addressing regulatory and business requirements.

· Stay updated on emerging security threats, tools, and methodologies relevant to the banking and NBFC sectors.

· Automate repetitive testing tasks to improve efficiency and accuracy for financial environments.

· Ensure alignment with compliance frameworks such as PCI-DSS, RBI guidelines, ISO 27001, and SOC2.

· Maintain detailed documentation for assessments, findings, and mitigation efforts in financial and NBFC systems.

Qualifications and Skills:

· Bachelor’s degree in Computer Science, Information Security, or a related field.

· 3+ years of experience in infrastructure security testing, with at least 1 years in a lead role.

· In-depth knowledge of:

o Vulnerability assessment, Configuration Audit and penetration testing tools (e.g., Nessus, Qualys, Metasploit, Burp Suite).

o Network and system configuration standards.

o Firewall technologies and rule base optimization.

· Strong knowledge of security frameworks and best practices (e.g., NIST, CIS).

· Excellent problem-solving, communication, and interpersonal skills.

· Ability to manage multiple projects and deadlines effectively.

Preferred Skills: Knowledge of scripting and automation (e.g., Python, Bash).