Senior Infosec Engineer – Cloud & Security Solutions

About IDfy

IDfy is Asia’s leading TrustStack, trusted by the best, with global expertise and enterprise-grade tech, we’re solving trust challenges, making compliance easy, fraud detection smarter, and onboarding seamless.

Our clients include HDFC Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. With more than 13+ years of experience and 2 million verifications per day, we are pioneers in this industry.

IDfy’s three platforms- OnboardIQ, OneRisk, and Privy - come together to form one seamless solution enabling trust.

We have successfully raised $27M from Elev8 Venture Partners, KB Investments & Tenacity Ventures!

We work fully onsite on all 5 days of the week from our office in Andheri East, Mumbai

About the Role

As an Information Security Engineer at IDfy, you’ll be the go-to guardian of our security and compliance framework. You’ll own everything from ISO 27001 and SOC 2 audits (Internal and External) to Customer third-party risk assessments, customer security requests, and internal ISMS management.

You’ll work across product, engineering, and legal teams to ensure we’re not just compliant—but secure by design. If you’re someone who knows how to manage an audit without breaking a sweat and gets a kick out of spotting gaps in security systems, this one’s for you.

We Are the Perfect Match If You…

• 4+ years of hands-on experience in Information Security Engineering roles.
• Strong expertise inVAPT methodologies,threat modeling frameworks (STRIDE, PASTA, etc.).
• Hands-on experience with SIEM, SOAR, CNAPP / CSPM, EDR / XDR, IDS / IPS, WAF, and ASM tools, leveraging threat intelligence for SOC operations, incident management, and proactive attack surface reduction.
• Solid understanding of cloud security (GCP, AWS, or Azure), DevSecOps integration, and cloud-native security solutions.
• Ability to create use cases, alerts, and automation playbooks forreal-time threat detection and incidentresponse. In-depth knowledge of OWASP Top 10 (Web, API, LLM, etc.), MITRE ATT&CK, SANS Top 25, and secure coding practices.
• Proven ability to mentor junior engineers and act as a subject matter expert (SME) for VAPT, cloud, and DevSecOps.
• Experience supporting internal / external audits, compliance initiatives, and security assessments.
• Strong understanding of CIS / NIST benchmarks for hardening infrastructure, monitoring compliance, and defining security best practices.
• Skilled in developing and maintaining security guidelines, standards, best practices, and delivering security training / awareness. Strong proficiency in scripting (Python,Bash, PowerShell)for security automation and tooling.

Here’s What Your Day Will Look Like…

Preferred Certification

What’s it like working at IDfy?

We build products that detect and prevent fraud. With billions of transactions flowing through our pipes, InfoSec is not just important, it’s critical. You’ll have the space to take ownership, challenge the status quo, and build security systems that scale with our growth. And yes, we love memes, chai, and debating compliance checklists over lunch.

Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies.

We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities.