FIND_THE_RIGHTJOB.
Associate II, Information Security Engineer
India
About the Role:
OSTTRA India
The Role: Associate II, Information Security Engineer
The Team: The OSTTRA Technology team is composed of Capital Markets Technology professionals, who build, support and protect the applications that operate our network. The technology landscape includes high-performance, high-volume applications as well as compute intensive applications, leveraging contemporary microservices, cloud-based architectures.
The Impact: Together, we build, support, protect and manage high-performance, resilient platforms that process more than 100 million messages a day. Our services are vital to automated trade processing around the globe, managing peak volumes and working with our customers and regulators to ensure the efficient settlement of trades and effective operation of global capital markets.
What’s in it for you: We are seeking an experienced Information Security Engineer with a strong background in secure software development practices, application security testing, vulnerability management and Information Security Compliances. The ideal candidate will be responsible for ensuring that security is integrated across the software development lifecycle (SDLC) and will actively collaborate with development, DevOps, and product teams to mitigate application-level risks.
Responsibilities:
Application Security
Perform comprehensive application security assessments, including Static Application Security Testing (SAST) Pen testing, Dynamic Application Security Testing (DAST), and API security testing across enterprise applications.
Review and analyse source code to identify and remediate security vulnerabilities.
Collaborate with development teams to integrate security best practices in the SDLC and provide secure coding guidance.
Lead and support remediation efforts by providing actionable recommendations and retesting fixes.
Conduct manual and automated web application and API penetration tests to uncover business logic and security flaws.
Develop and maintain security testing checklists, processes, and internal documentation.
Track and report vulnerabilities, ensuring timely closure in collaboration with development and product owners.
Participate in threat modelling sessions and help teams prioritize risks based on severity and business impact.
Stay current with emerging threats, vulnerabilities, attack vectors, and security technologies to proactively improve application security posture.
Information Security Compliance:
Ensure compliance with relevant security standards and regulations, including ISO 27001, NIST Standard, risk management
Develop and maintain security documentation and procedures.
Assist with external security audits and assessments.
Stay up to date on the latest security threats and vulnerabilities.
Other Duties:
Provide security consulting and support to other teams.
Evaluate and recommend new security technologies and solutions.
Participate in security awareness training and initiatives.
Understanding of Technology & Security Risk Management and Vendor Risk Management Framework
Technical Skills and Capabilities (Primary – Must Have):
4-5 years’ experience working in IT Security in multiple capacities.
Hands-on experience with application security tools such as Burp Suite, IBM AppScan, Acunetix, HP WebInspect, NTOSpider, Postman, and others.
Strong expertise in manual and automated web application security testing and a deep understanding of OWASP Top 10 and business logic vulnerabilities.
Solid experience testing RESTful and SOAP APIs, analyzing request/response flows, and validating secure implementation.
Strong knowledge of secure coding principles, common attack vectors (OWASP, SANS Top 25, WASC), and mitigation techniques.
Familiarity with CI/CD pipelines and integrating security testing into DevOps workflows (preferred).
Proficiency in both Black Box and White Box testing methodologies.
Certifications (Preferred):
Certified Ethical Hacker (CEH) , OSCP, eWPT , or equivalent security certifications are preferred.
Certification like ISO 27001, CISA, CRISC, CISM, CISSP etc. would be an added advantage.
Competencies:
The ability to multitask, act under pressure and quickly identify and deal with priority matters under tight deadlines. Attention to detail is essential.
The ability to handle multiple inquiries at any one time, often under considerable deadline pressure.
Desired Skills:
Strong analytical and problem-solving skills with the ability to prioritize and manage multiple tasks.
Excellent communication skills – capable of articulating technical issues and recommendations clearly to both technical and business stakeholders.
Demonstrated ownership and accountability – proactive in identifying issues, taking initiative, and driving closure.
Ability to work independently as well as in a cross-functional team environment
The Location: Gurgaon, India
About Company Statement:
OSTTRA is a market leader in derivatives post-trade processing, bringing innovation, expertise, processes and networks together to solve the post-trade challenges of global financial markets. OSTTRA operates cross-asset post-trade processing networks, providing a proven suite of Credit Risk, Trade Workflow and Optimisation services. Together these solutions streamline post-trade workflows, enabling firms to connect to counterparties and utilities, manage credit risk, reduce operational risk and optimise processing to drive post-trade efficiencies.
OSTTRA was formed in 2021 through the combination of four businesses that have been at the heart of post trade evolution and innovation for the last 20+ years: MarkitServ, Traiana, TriOptima and Reset. These businesses have an exemplary track record of developing and supporting critical market infrastructure and bring together an established community of market participants comprising all trading relationships and paradigms, connected using powerful integration and transformation capabilities.
About OSTTRA
Candidates should note that OSTTRA is an independent firm, jointly owned by S&P Global and CME Group. As part of the joint venture, S&P Global provides recruitment services to OSTTRA - however, successful candidates will be interviewed and directly employed by OSTTRA, joining our global team of more than 1,200 post trade experts.
OSTTRA was formed in 2021 through the combination of four businesses that have been at the heart of post trade evolution and innovation for the last 20+ years: MarkitServ, Traiana, TriOptima and Reset. OSTTRA is a joint venture, owned 50/50 by S&P Global and CME Group.
With an outstanding track record of developing and supporting critical market infrastructure, our combined network connects thousands of market participants to streamline end to end workflows - from trade capture at the point of execution, through portfolio optimization, to clearing and settlement.
Joining the OSTTRA team is a unique opportunity to help build a bold new business with an outstanding heritage in financial technology, playing a central role in supporting global financial markets.
Learn more at www.osttra.com .
What’s In It For You?
Benefits:
We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global.
Our benefits include:
Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.
For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries
Recruitment Fraud Alert:
If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com . S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here .
-----------------------------------------------------------
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.
US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf
----------------------------------------------------------- 20 - Professional (EEO-2 Job Categories-United States of America), BSMGMT203 - Entry Professional (EEO Job Group)
Job ID: 321083
Posted On: 2025-10-08
Location: Gurgaon, Haryana, India
OSTTRA India
The Role: Associate II, Information Security Engineer
The Team: The OSTTRA Technology team is composed of Capital Markets Technology professionals, who build, support and protect the applications that operate our network. The technology landscape includes high-performance, high-volume applications as well as compute intensive applications, leveraging contemporary microservices, cloud-based architectures.
The Impact: Together, we build, support, protect and manage high-performance, resilient platforms that process more than 100 million messages a day. Our services are vital to automated trade processing around the globe, managing peak volumes and working with our customers and regulators to ensure the efficient settlement of trades and effective operation of global capital markets.
What’s in it for you: We are seeking an experienced Information Security Engineer with a strong background in secure software development practices, application security testing, vulnerability management and Information Security Compliances. The ideal candidate will be responsible for ensuring that security is integrated across the software development lifecycle (SDLC) and will actively collaborate with development, DevOps, and product teams to mitigate application-level risks.
Responsibilities:
Application Security
Perform comprehensive application security assessments, including Static Application Security Testing (SAST) Pen testing, Dynamic Application Security Testing (DAST), and API security testing across enterprise applications.
Review and analyse source code to identify and remediate security vulnerabilities.
Collaborate with development teams to integrate security best practices in the SDLC and provide secure coding guidance.
Lead and support remediation efforts by providing actionable recommendations and retesting fixes.
Conduct manual and automated web application and API penetration tests to uncover business logic and security flaws.
Develop and maintain security testing checklists, processes, and internal documentation.
Track and report vulnerabilities, ensuring timely closure in collaboration with development and product owners.
Participate in threat modelling sessions and help teams prioritize risks based on severity and business impact.
Stay current with emerging threats, vulnerabilities, attack vectors, and security technologies to proactively improve application security posture.
Information Security Compliance:
Ensure compliance with relevant security standards and regulations, including ISO 27001, NIST Standard, risk management
Develop and maintain security documentation and procedures.
Assist with external security audits and assessments.
Stay up to date on the latest security threats and vulnerabilities.
Other Duties:
Provide security consulting and support to other teams.
Evaluate and recommend new security technologies and solutions.
Participate in security awareness training and initiatives.
Understanding of Technology & Security Risk Management and Vendor Risk Management Framework
Technical Skills and Capabilities (Primary – Must Have):
4-5 years’ experience working in IT Security in multiple capacities.
Hands-on experience with application security tools such as Burp Suite, IBM AppScan, Acunetix, HP WebInspect, NTOSpider, Postman, and others.
Strong expertise in manual and automated web application security testing and a deep understanding of OWASP Top 10 and business logic vulnerabilities.
Solid experience testing RESTful and SOAP APIs, analyzing request/response flows, and validating secure implementation.
Strong knowledge of secure coding principles, common attack vectors (OWASP, SANS Top 25, WASC), and mitigation techniques.
Familiarity with CI/CD pipelines and integrating security testing into DevOps workflows (preferred).
Proficiency in both Black Box and White Box testing methodologies.
Certifications (Preferred):
Certified Ethical Hacker (CEH) , OSCP, eWPT , or equivalent security certifications are preferred.
Certification like ISO 27001, CISA, CRISC, CISM, CISSP etc. would be an added advantage.
Competencies:
The ability to multitask, act under pressure and quickly identify and deal with priority matters under tight deadlines. Attention to detail is essential.
The ability to handle multiple inquiries at any one time, often under considerable deadline pressure.
Desired Skills:
Strong analytical and problem-solving skills with the ability to prioritize and manage multiple tasks.
Excellent communication skills – capable of articulating technical issues and recommendations clearly to both technical and business stakeholders.
Demonstrated ownership and accountability – proactive in identifying issues, taking initiative, and driving closure.
Ability to work independently as well as in a cross-functional team environment
The Location: Gurgaon, India
About Company Statement:
OSTTRA is a market leader in derivatives post-trade processing, bringing innovation, expertise, processes and networks together to solve the post-trade challenges of global financial markets. OSTTRA operates cross-asset post-trade processing networks, providing a proven suite of Credit Risk, Trade Workflow and Optimisation services. Together these solutions streamline post-trade workflows, enabling firms to connect to counterparties and utilities, manage credit risk, reduce operational risk and optimise processing to drive post-trade efficiencies.
OSTTRA was formed in 2021 through the combination of four businesses that have been at the heart of post trade evolution and innovation for the last 20+ years: MarkitServ, Traiana, TriOptima and Reset. These businesses have an exemplary track record of developing and supporting critical market infrastructure and bring together an established community of market participants comprising all trading relationships and paradigms, connected using powerful integration and transformation capabilities.
About OSTTRA
Candidates should note that OSTTRA is an independent firm, jointly owned by S&P Global and CME Group. As part of the joint venture, S&P Global provides recruitment services to OSTTRA - however, successful candidates will be interviewed and directly employed by OSTTRA, joining our global team of more than 1,200 post trade experts.
OSTTRA was formed in 2021 through the combination of four businesses that have been at the heart of post trade evolution and innovation for the last 20+ years: MarkitServ, Traiana, TriOptima and Reset. OSTTRA is a joint venture, owned 50/50 by S&P Global and CME Group.
With an outstanding track record of developing and supporting critical market infrastructure, our combined network connects thousands of market participants to streamline end to end workflows - from trade capture at the point of execution, through portfolio optimization, to clearing and settlement.
Joining the OSTTRA team is a unique opportunity to help build a bold new business with an outstanding heritage in financial technology, playing a central role in supporting global financial markets.
Learn more at www.osttra.com .
What’s In It For You?
Benefits:
We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global.
Our benefits include:
Health & Wellness: Health care coverage designed for the mind and body.
Flexible Downtime: Generous time off helps keep you energized for your time on.
Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families.
Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.
For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries
Recruitment Fraud Alert:
If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com . S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here .
-----------------------------------------------------------
Equal Opportunity Employer
S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment.
If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person.
US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf
----------------------------------------------------------- 20 - Professional (EEO-2 Job Categories-United States of America), BSMGMT203 - Entry Professional (EEO Job Group)
Job ID: 321083
Posted On: 2025-10-08
Location: Gurgaon, Haryana, India
Similar jobs
No similar jobs found
© 2025 Qureos. All rights reserved.