Expert Security Engineer - Offensive Security

At Finastra, we are a dynamic global provider of open finance software solutions, dedicated to expanding access to financial services. Our innovative applications span Lending, Payments, Treasury and Capital Markets, and Universal Banking. Proudly serving over 8,000 customers, including 45 of the world's top 50 banks, we aim to boost financial inclusion for all. Join us and be part of a vibrant company that embraces diverse perspectives, and is committed to doing well by doing good.

What will you contribute?

As an Expert Offensive Security Engineer within the Cyber Defense Team, you'll lead offensive security assessments that strengthen our defense capabilities. Working closely with the larger InfoSec team, detection engineers, and external engineering partners, you'll identify security weaknesses, validate detection mechanisms, and provide actionable recommendations to enhance our security posture. You'll collaborate with various architecture and engineering teams to continuously validate and improve our security controls and detection capabilities, with a strong focus on developing repeatable testing frameworks and metrics-driven security improvements.

Responsibilities & Deliverables:

• Lead Offensive Security Assessments: Conduct full-stack security assessments across our entire technology stack, including web and mobile applications, APIs, on-premises and cloud infrastructure, and backend systems.
• Drive Detection Engineering Partnerships: Collaborate with detection engineers through purple team exercises, attack simulations, and threat emulation to improve detection coverage and response capabilities.
• Develop Custom Tools and Frameworks: Build and maintain security testing tools, frameworks, and automation scripts using scripting languages (e.g., Python, Bash, PowerShell) and cloud platforms (AWS, Azure, GCP) to enable repeatable testing and quantifiable security improvements.

• Enhance Cloud and Container Security: Develop and automate security checks for cloud environments (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes). Integrate security practices into CI/CD pipelines and Infrastructure as Code (IaC) deployments.
• Strengthen API and Web Security: Secure and test APIs (RESTful, GraphQL) and modern web applications, addressing common vulnerabilities (e.g., OWASP Top Ten) and ensuring robust security measures are in place.
• Build Security Metrics: Design and implement frameworks to measure security control effectiveness, detection coverage, and improvement over time through consistent testing methodologies.
• Research and Innovate: Stay current with the latest attack techniques, tools, and methodologies while building out both offensive and defensive security improvements, including applying machine learning and AI techniques to security problems.
• Mentor and Collaborate: Share knowledge across security teams and foster a culture of continuous security improvement. Mentor junior team members and provide guidance on best practices.
• Project Management: Manage and lead security projects, including planning, execution, and delivery of offensive security assessments and initiatives. Coordinate with cross-functional teams, manage timelines, and ensure project goals are met.

Required Experience:

Professional Experience:

• 5+ years of professional experience in offensive security, including red team and purple team exercises, penetration testing, and collaboration with detection engineering teams.
• Proficiency in scripting languages (Python, Bash, PowerShell, JavaScript/TypeScript) and cloud platforms (AWS, Azure, GCP) for developing security tools, automation scripts, and securing cloud environments.
• Experience with containerization (Docker, Kubernetes), Infrastructure as Code (Terraform, Ansible), CI/CD pipeline security, web and API security, reverse engineering, and applying machine learning to security problems.
• Experience in conducting threat modeling and risk assessments to identify and mitigate potential security threats.

Security Assessment Expertise:

• Expertise in conducting full-stack security assessments of web (including SPAs like React, Angular, .Net Blazor) and mobile applications (including React Native), APIs, on-premises and cloud infrastructure, and backend systems.

Deep Understanding:

• In-depth knowledge of common attack techniques, exploit development, post-exploitation methodologies, security assessment frameworks (e.g., MITRE ATT&CK, PTES), and modern detection stack components (e.g., EDR, SIEM, XDR).

Knowledge:

• Strong understanding of networking, operating systems, security protocols, and security concepts, including reverse engineering, cloud security (AWS/Azure), container security, CI/CD pipeline security, API security, and security metrics development.

Certifications:

• Relevant certifications such as OSCP, OSCE, GXPN, or equivalent practical experience.

Interpersonal Skills:

• Strong analytical and problem-solving abilities, excellent technical writing skills for detailed reports, ability to clearly communicate complex technical concepts, and a self-motivated passion for offensive security and detection engineering.

Project Management Skills:

• Proven ability to manage and lead security projects, including planning, execution, and delivery of offensive security assessments and initiatives.
• Experience in coordinating with cross-functional teams, managing timelines, and ensuring project goals are met.

Job Location: Bangalore

We are proud to offer a range of incentives to our employees worldwide. These benefits are available to everyone, regardless of grade, and reflect the values we uphold:

·       Flexibility: Enjoy unlimited vacation, based on your location and business priorities. Hybrid working arrangements, and inclusive policies such as paid time off for voting, bereavement, and sick leave.

·       Well-being: Access confidential one-on-one therapy through our Employee Assistance Program, unlimited personalized coaching via our coaching app, and access to our Gather Groups for emotional and mental support.

·       Medical, life & disability insurance, retirement plan, lifestyle and other benefits*

·       ESG: Benefit from paid time off for volunteering and donation matching.

·       DEI: Participate in multiple DE&I groups for open involvement (e.g., Count Me In, Culture@Finastra, Proud@Finastra, Disabilities@Finastra, Women@Finastra).

·       Career Development: Access online learning and accredited courses through our Skills & Career Navigator tool.

·       Recognition: Be part of our global recognition program, Finastra Celebrates, and contribute to regular employee surveys to help shape Finastra and foster a culture where everyone is engaged and empowered to perform at their best.

*Specific benefits may vary by location.

At Finastra, each individual is unique, bringing their own ideas, thoughts, cultural beliefs, backgrounds, and experiences together. We learn from one another, embrace and celebrate our differences, and create an environment where everyone feels safe to be themselves.

Be unique, be exceptional, and help us make a difference at Finastra!