Incred-Lead Infosec Engineer

Job Title: Lead Information Security Engineer (Application Security)

Experience Required: 5+ years in Information Security

Location: Whitefield, Bengaluru

Job Summary:

We are looking for a passionate and skilled Lead Information Security Engineer to join our growing InfoSec team. This role will focus on application and infrastructure security, leading vulnerability assessments, penetration testing, and secure code reviews across our web, mobile, API, and cloud platforms. You will play a key role in shaping our security posture and ensuring compliance with industry standards such as OWASP, NIST, ISO 27001.

Key Responsibilities:

Vulnerability Assessment & Penetration Testing

● Lead internal and external VAPT efforts for applications, APIs, cloud, and infrastructure.

● Identify, exploit, and triage vulnerabilities using SAST, DAST, and manual testing.

● Perform secure code reviews and ensure remediation of security flaws.

● Provide PoC documentation and risk-based prioritization of findings.

Threat Analysis & Risk Management

● Conduct thorough threat modeling and risk assessments.

● Work with cross-functional teams to remediate vulnerabilities and reduce risk exposure.

● Maintain and improve the organization’s vulnerability management program.

Security Tooling & Automation

● Use and manage tools like Burp Suite, Metasploit, OWASP ZAP, Nessus, Nmap, and

Kali Linux.

● Develop custom scripts to automate testing (Python, Bash, PowerShell).

● Stay current with emerging threats, zero-days, and exploit techniques.

Reporting & Governance

● Deliver detailed security reports including risk ratings, business impact, and remediation

strategies.

● Ensure alignment with frameworks like OWASP Top 10, NIST, CIS, and ISO 27001.

● Communicate effectively with both technical and non-technical stakeholders.

Collaboration & Secure SDLC

● Partner with DevOps, IT, and engineering teams to embed security in the SDLC.

● Provide guidance on secure coding practices and architecture-level security.

● Support and participate in red/blue team simulations and internal security awareness

efforts.

Required Skills:

● Strong hands-on expertise with VAPT tools and methodologies.

● Deep understanding of application vulnerabilities (e.g., XSS, SQLi, SSRF, IDOR, RCE).

● Proficient in scripting languages (Python, Bash, PowerShell).

● Familiarity with secure coding principles and CI/CD integration.

● Knowledge of cloud security (AWS, GCP, Azure).

● Exposure to frameworks like OWASP, NIST, MITRE ATT&CK.

Preferred Qualifications:

● Industry certifications such as OSCP, CEH, GPEN, or eCPPT.

● Experience with Kubernetes and container security.

● Familiarity with WAF bypass techniques and post-exploitation tools.

● Prior experience working in regulated environments or fintech is a plus.