Job Description

1. Data & Infrastructure Security

• Design, implement, and oversee end-to-end data protection protocols across servers, workstations, and cloud platforms (GCP, AWS, Azure).
• Regularly conduct vulnerability assessments, penetration testing, and patch management for company systems.
• Enforce encryption standards, secure backups, and controlled data retention practices.
• Manage endpoint security (EDR/AV tools), and implement real-time monitoring for intrusion and anomaly detection.

2. Email Infrastructure Management

• Administer and secure the company’s email systems (Google Workspace / Microsoft 365 / custom SMTP).
• Configure and maintain DNS-level authentication records — SPF, DKIM, DMARC — ensuring proper mail delivery and protection against spoofing or impersonation.
• Manage SMTP routing, relay settings, and email relay servers to ensure optimal deliverability and reputation.
• Implement and monitor anti-spam, anti-malware, and phishing filters, and maintain block/allow lists.
• Oversee email archiving, backup, retention, and DLP policies to prevent sensitive information leaks.
• Ensure proper setup of email routing for multiple domains, subdomains, and alias-based groups (internal + client communication).
• Coordinate with external hosting providers, ESPs, and DNS registrars to resolve deliverability or reputation issues (e.g., IP warming, sender score management).
• Ensure that all company users adhere to email usage protocols and two-factor authentication on corporate accounts.

3. Phishing, Impersonation & Threat Defense

• Deploy and manage anti-phishing and impersonation prevention systems (e.g., Barracuda, Mimecast, Proofpoint, Google Advanced Protection).
• Monitor for domain spoofing, look-alike domains, and unauthorized mail relays.
• Conduct regular phishing simulation exercises and employee awareness campaigns.
• Investigate any suspicious activity, compromised credentials, or unauthorized access attempts.

4. Multi-Level Access Control & Identity Governance

• Establish and maintain Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) across all company tools and data systems.
• Audit and review user permissions across GitHub, internal dashboards, APIs, CRMs, and third-party integrations.
• Manage employee onboarding/offboarding security workflows including credential revocation and data access deactivation.
• Implement SSO and password policy standards company-wide.

5. Data Leakage Prevention & Compliance

• Deploy and monitor Data Loss Prevention (DLP) tools across endpoints, cloud drives, and email systems.
• Establish data classification and handling protocols based on sensitivity levels.
• Ensure compliance with Indian IT Act, ISO 27001, and global privacy frameworks (GDPR, SOC 2) relevant to client data handling.
• Generate periodic security audit reports and maintain documentation for compliance and internal review.

6. Incident Response & Security Operations

• Create and manage an Incident Response Plan (IRP) for handling breaches, leaks, and ransomware threats.
• Perform forensic analysis of compromised systems and ensure fast containment and remediation.
• Maintain detailed logs, timelines, and post-incident review documents.
• Report high-risk vulnerabilities or breaches directly to the CTO and leadership team.

7. Training & Awareness

• Conduct internal workshops on phishing identification, safe email practices, and data handling.
• Publish periodic security advisories and actionable checklists for employees.
• Foster a culture of security awareness and accountability across departments.

Technical Skills

Technical Skills:

• Deep understanding of email security (SPF, DKIM, DMARC, MTA/SMTP routing, mail relay servers).
• Strong grasp of SIEM systems, endpoint protection, firewalls, VPN, and identity management tools.
• Experience with Google Workspace Admin Console, Microsoft Exchange, DNS, and Cloudflare Security.

Familiarity with phishing detection tools, threat intelligence systems, and incident response workflows.

Soft Skills:

• Analytical and detail-oriented mindset.
• Excellent documentation and reporting ability.
• Strong communication and coordination skills across tech and non-tech teams.

High integrity, confidentiality, and accountability for information protection.

Preferred Qualification

Qualifications & Skills

Education:

Bachelor’s or Master’s in Computer Science, Cybersecurity, Information Technology, or related field.

Certifications (Preferred):

CEH / CISSP / CompTIA Security+ / ISO 27001 Lead Implementer / Google Workspace Admin Certification.