Information Security Engineer - GRC & Infosec

[https://app.ashbyhq.com/api/images/user-content/eadb4172-e32d-48aa-b2d2-1be048f84b9c/1c9ccfe8-7946-4ad5-a384-897fea8db295/Bureau%20Careers%20gamechanger.png]

ABOUT BUREAU

Bureau is a unified risk decisioning platform for Compliance, Fraud, and Transaction risks. Our platform is a single decision-making engine, powered by a 1 billion+ identity knowledge graph. Over 150 Banks, fintechs, retailers, and digital platforms use Bureau to verify identities faster and stop fraud earlier globally.

Bureau has raised $50M+ from renowned Silicon Valley and global investors including Sorenson Capital and PayPal Ventures and is expanding rapidly from APAC to Americas, Europe, and beyond.

WHY BUREAU?

Bureau is building the infrastructure that makes digital identities and transactions safe and trustworthy for billions of people. The mission is big, the problems are complex, and the impact is real.

We hire people who want that level of responsibility. People who move fast, build systems from scratch, and care deeply about turning strategy into execution. If you want predictability or narrow scope, this won't be your place. If you want to shape how a scaling global company operates—keep reading.

ABOUT THE ROLE - APPLICATION SECURITY ENGINEER

We are looking for a Security Engineer who can own both the hands-on technical security stack and our governance/compliance programs.

What you’ll be doing

In this role, you will:

- Harden and monitor our cloud & container infrastructure (AWS/EKS, endpoints, network).

- Run vulnerability management, security tooling and incident response.

- Help maintain our ISMS and support audits (ISO 27001, SOC 2, RBI, DPDP, etc.).

This is ideal for someone who doesn’t want to be only “checklist GRC” or only “pure blue-team”, but wants a blended role across security engineering + GRC.Key Responsibilities

1. Cloud & Infrastructure Security (Hands-on)

- Work with DevOps to secure our AWS/EKS environment:

- IAM hardening, security groups, VPC, KMS, S3, RDS, etc.

- Review infra-as-code (Terraform/Helm) for security issues and misconfigurations.

- Own or co-own key security tools:

- Endpoint / EDR (e.g., CrowdStrike / SentinelOne),

- Cloud security (CSPM / CNAPP, GuardDuty, Security Hub, WAF, etc.),

- Container / runtime security where applicable.

- Implement and maintain logging & monitoring for security events (CloudTrail, ALB/NLB logs, K8s logs, etc.), and integrate them with SIEM / alerting.

2. Vulnerability Management & Security Operations

- Own the vulnerability management lifecycle:

- Run periodic scans for cloud, endpoints, containers and apps.

- Triage findings, prioritise based on risk, and drive closure with engineering.

- Coordinate external pentests / bug bounties and track remediation.

- Support incident response:

- Help investigate alerts, gather evidence, and contribute to RCA and CAPA.

- Maintain and update incident runbooks.

3. Gover