Lead Security Engineer

About the Company Qapita is looking for a strategic and hands-on Lead Security Engineer to own our information security posture.

As we scale our Equity Management platform, trust is our most valuable currency.

About the Role You will be responsible for building a world-class security function that not only ensures compliance with global financial regulations but also embeds security into our product DNA without slowing down innovation.

You will mirror the expertise of top-tier leaders in the industry, capable of managing RBI/PCI compliance while simultaneously driving Saa S-specific certifications like SOC 2 and ISO 27001.

Responsibilities Enterprise Security Strategy: Define and execute a roadmap that aligns security initiatives with business objectives, presenting risk profiles to the Board and CXOs.

Regulatory Compliance: Ensure 100% compliance with RBI Master Directions, PCI-DSS, and DPDP Act 2023.

Saa S Certifications: Lead and maintain SOC 1 & SOC 2 (Type II) and ISO 27001 audits to support enterprise sales cycles and build customer trust.

Vendor Risk Management: Oversee third-party risk assessments and supply chain security for all partners and vendors. Lead customer security due diligence, RFP responses, and enterprise security assurance programs to accelerate sales cycles.

Dev Sec Ops Integration: Embed security into the CI/CD pipeline, ensuring secure SDLC practices that reduce deployment risk and accelerate delivery. Manage end-to-end VAPT programs, including SAST/DAST code scans, bug bounty programs, and manual penetration testing. Architect secure frameworks for our Cloud Infrastructure (AWS/Azure) and APIs, ensuring robust defense against modern web threats.

Direct 24/7 Security Operations, overseeing SIEM, DLP, WAF, and Endpoint Detection & Response (EDR) to ensure rapid threat detection. Lead the Incident Response Team (IRT); conduct tabletop drills, red-team exercises, and forensic investigations to minimize mean time to resolution (MTTR). Oversee PAM (Privileged Access Management) and Zero Trust implementations.

Champion cybersecurity awareness programs across the organization to build a "human firewall". Mentor and scale a high-performing Info Sec team, fostering a culture of continuous learning and proactive defense.

Qualifications Experience: 5+ years in Information Security, with at least 2+ years in a leadership role within a Fin Tech or B2 B Saa S environment.

Compliance Expertise: Deep knowledge of RBI Guidelines (Digital Payment Security), PCI-DSS, and ISO 27001 is non-negotiable.

Experience with SOC 2 is highly preferred.

Technical Proficiency: Hands-on experience with Cloud Security (AWS/Azure), Network Security Architecture, and Dev Sec Ops workflows.

Operational Excellence: Proven track record of setting up or managing a SOC, including experience with SIEM, EDR, and WAF tools.

Required Skills Backend: C#, ASP.

NET, Mongo DB, Postgres, Event Store Frontend: React, Type Script Cloud Services: AWS SQS, AWS S3, AWS EKS Messaging and Integration: NService Bus Architecture Patterns: Domain-Driven Design (DDD), Command Query Responsibility Segregation (CQRS), Event Sourcing, Clean Architecture Preferred Skills Experience with vulnerability management and secure coding practices. Knowledge of cloud security governance, including CSPM, container/Kubernetes security, and Infrastructure-as-Code (Ia C) security controls.

Pay range and compensation package as per industry standards.

Location: Hyderabad, India