Security Engineer [T500-25083]

About Comply: Comply is a global leader in regulatory compliance software for financial services, offering a scalable SaaS platform backed by expert consulting. Serving thousands of firms worldwide, Comply empowers broker-dealers, investment banks, RIAs, and more to manage compliance effectively. At Comply India, engineers build impactful, client-focused solutions using AI and emerging technologies, with strong ownership and growth opportunities.

Job Summary: Primary responsibilities of this role include vulnerability management, incident response, threat detection and mitigation, and providing security operations support. Key Responsibilities: SOC & Incident Response – 50% of time: Respond to security incidents, including investigation, containment, and recovery, as detected by our tools or third-party vendors. Monitor and analyze security alerts from various sources to detect and mitigate threats.

Assist our third-party SOC vendor with the triage and mitigation of incoming alerts. Stay updated on the latest security threats, trends, and technologies. Perform threat hunting activities in alignment with latest trends and news.

Familiarity and experience developing and refining SIEM tools, including maturing our approach to log ingestion and onboarding new log sources. Vulnerability Management - 25% of time: Conduct vulnerability assessments, develop custom reporting, and coordinate with Infrastructure teams to drive remediation efforts. Proactively assesses for prevalence of security configuration issues across our enterprise.

Security Operations Support & Security Engineering – 20% of time: Provide technical support and guidance on security-related infrastructure issues. Support security operations by maintaining and optimizing security tools and technologies, security policies, integrations, and automations. Collaborate with Infrastructure, Engineering, Product, and other departments to ensure security measures are integrated into all systems and processes.

Other – 5% of time: Participate in security audits and assessments, including the collection of artifacts and videoconferencing with auditors Qualifications: Bachelor's degree in information security, Computer Science, or related field. Minimum of 3-5 years of experience in an IT security engineering role. Strong understanding of EDR and SIEM tools such as Sentinel One, and Microsoft Defender.

Knowledge of mail filtering tools and experience tuning policies. Experience with vulnerability management, incident response, and threat detection. Excellent problem-solving and analytical skills.

Strong written and verbal communication skills. Ability to work independently and as part of a team. At least one relevant certification (e.g., CySA+, CEH, Pentest+, GPEN, GCIH).

Familiarity with cloud security practices, tools, and concepts across AWS, Azure, and Microsoft 365 technologies. Preferred Skills: Experience with broader security technologies such as Okta, Defender for Cloud, AWS Security Hub, GuardDuty, AlertLogic WAF Familiarity with security compliance standards and regulations (e.g., SOC2, ISO 27001, GDPR, NIST, EU DORA). Strong organizational and project management skills.