Cyber Security Executive Job in Mumbai at Cinemate™

About the Job

The security engineer will take complete ownership of security for the organisation ecosystem including web apps, mobile apps, APIs, cloud infrastructure, CI/CD pipelines, and internal tooling. This role directly works with full stack engineers to embed security into the development lifecycle and ensures the platform meets enterprise-grade security standards from day one.

Key Responsibilities:

Application security:
1. Perform static and dynamic application security testing using SAST and DAST tools
2. Review core modules manually for secure coding across authentication, payments, file storage, media pipelines, and AI services
3. Implement OWASP Top 10 protections including XSS, CSRF, SQL injection, IDOR, and SSRF
4. Secure file uploads for scripts, media assets, and production data
5. Implement token-based authentication using JWT with rotation and expiry strategies
6. Enforce role-based access control across all departments within the organisation

B. Data & encryption:
1. Implement AES-256 encryption to protect data at rest
2. Enforce TLS 1.3 to secure all data in transit
3. Manage cryptographic keys securely using KMS or HSM solutions
4. Apply strong password hashing using bcrypt or Argon2
5. Implement database-level and field-level encryption for high-risk data
6. Secure backups using encrypted snapshots and immutable storage

C. Cloud & infrastructure security:
1. Design and secure cloud architectures on AWS, GCP, or Azure
2. Configure network isolation using VPCs, subnets, security groups, and private endpoints
3. Deploy and tune web application firewalls
4. Implement DDoS protection and rate-limiting controls
5. Manage secrets securely using Vault or cloud-native secret managers
6. Harden Linux servers and Docker containers against vulnerabilities
7. Enforce Kubernetes security policies where container orchestration is used

D. DevSecOps & CI/CD:
1. Integrate security scanning into CI/CD Git pipelines
2. Scan dependencies for vulnerabilities using software composition analysis tools
3. Scan container images prior to deployment
4. Enforce signed builds and artifact verification
5. Apply least-privilege access controls across build and deployment systems

E. Penetration testing & monitoring:
1. Conduct manual and automated penetration testing for web, API, and mobile applications
2. Monitor real-time threats using SIEM tools
3. Analyse logs, configure alerts, and perform forensic investigations
4. Plan incident response activities and conduct breach simulation drills

F. Compliance & governance:
1. Prepare security baselines aligned with ISO 27001, SOC 2, and GDPR requirements
2. Maintain security documentation, architecture diagrams, and risk registers
3. Evaluate vendor security posture and manage third-party risks

G. Collaboration & leadership:
1. Translate security risks into developer-friendly remediation actions
2. Train engineering teams on secure coding best practices
3. Lead security reviews for new features prior to production release
4. Act as the primary escalation owner during security incidents

Note:

1. This role is meant for someone who is both a builder and a guard
2. Someone who writes security into the product, not around it

Number of Openings

1 openings

Perks of this Jobs

Free snacks 5 days a week Informal dress code

Skills

CI/CD, Vulnerability Management, Google Cloud Platforms (GCP), DevOps, Web Application Security, JWT, Security tools, SIEM, OWASP Top 10, Vercel, Linux, Computer Networking, Python, SQL, Ethical Hacking, Microsoft Azure, Kali Linux, VAPT