Senior Security & Compliance Engineer

संविदात्मक
दिल्ली
4 घंटे पहले पोस्ट किया गया

NeGD is currently inviting applications for the position of Senior Security & Compliance Engineer on a contractual basis for a period of three years, which may be further extended based on the requirements of the project.

पद Senior Security & Compliance Engineer
पदों की संख्या 01
Last Date 30th July 2026

जिम्मेदारियां

Application Security Engineering & Secure Development

  • Own the application security engineering practice for the AI capability programme — define secure coding standards, threat modelling methodology, secure design review process, and security acceptance criteria for pod services
  • Conduct threat modelling and secure design reviews for each pod’s services and their integration surfaces (STRIDE, LINDDUN, or equivalent); document threats, mitigations, and residual risks
  • Provide hands-on secure development guidance to pod engineers and Full-Stack Engineers on authentication and session design, authorisation patterns, input validation, output encoding, secure API design, secrets handling, and DPDPA-compliant consent and data-minimisation patterns
  • Define encryption standards (AES-256 at rest, TLS 1.3 in transit, key management), tokenisation approaches, and secure data-handling patterns for classified, internal, and public workloads per the Government of India Data Classification Policy
  • Review and approve authentication and authorisation designs, particularly for high-risk pods (Pod 4 identity verification, Pod 6 fraud detection), and Aadhaar-adjacent flows where applicable
  • Advise on AI-specific security concerns — prompt injection defence, data poisoning risk, model extraction, adversarial input handling, output filtering, RAG source integrity — in coordination with the AI Safety Researcher and Product Managers

Security Testing

  • Design and execute the application security testing programme — SAST, DAST, SCA, secrets scanning, dependency vulnerability management — integrated into the CI/CD pipelines maintained by DevOps/SRE
  • Coordinate VAPT engagements for each pod’s services prior to production deployment, including scoping, vendor coordination, and remediation tracking
  • Coordinate STQC or equivalent third-party security certification for citizen-facing services as required per ministry deployment
  • Conduct manual security review, code audit, and configuration review for high-risk services and Aadhaar-adjacent flows
  • Perform periodic security assessments of live services — access review, configuration drift, exposed secrets, dependency currency — and drive remediation

Compliance & Audit

  • Own compliance evidence and audit artefacts across the programme — control mapping, evidence collection, gap analysis, and remediation tracking for ISO 27001, MeitY Security Policy and Guidelines, and CERT-In directions per LoE Sections 10.2, 12, and 13
  • Operationalise DPDPA 2023 compliance across all pods — consent architecture review, data principal rights fulfilment procedures, retention and deletion procedures, cross-border transfer controls, and data-processor obligations
  • Own the Responsible AI compliance artefacts required by LoE Section 12.3 and 13.6 — model cards, dataset sheets, and bias/hallucination/safety evaluation report structures — in coordination with pod leads (technical safety evaluation content is authored by the AI Safety Researcher; this role owns the compliance framing, publication cadence, and audit readiness)
  • Manage the security-incident reporting process per LoE Section 10.4 — 24-hour breach reporting to NeGD/Government Entity, root-cause analysis, and 7-working-day corrective action report submission
  • Maintain the risk register for security and compliance risks; feed into the programme risk register owned by Product Managers
  • Prepare and support internal and external audits — evidence packages, control walkthroughs, auditor coordination

Cross-cutting

  • Partner with DevSecOps/SRE Lead on the boundary between application security (this role) and infrastructure security (DevSecOps/SRE) — network policies, WAF rule design, secrets management standards, and audit-log architecture
  • Advise the Product Managers and the AI/Solution Architect on security and compliance trade-offs in product and architectural decisions
  • Contribute reusable security patterns, secure design templates, threat model libraries, and compliance runbooks to AIKosh and OpenForge for reuse across ministries

महत्वपूर्ण लिंक

विस्तृत अधिसूचना डाउनलोड करें यहाँ क्लिक करें
यहां आवेदन करें यहाँ क्लिक करें
आधिकारिक वेबसाइट यहाँ क्लिक करें

राष्ट्रीय ई-गवर्नेंस प्रभाग (NeGD) के बारे में

राष्ट्रीय ई-गवर्नेंस प्रभाग (एनईजीडी) डिजिटल इंडिया कॉर्पोरेशन, इलेक्ट्रॉनिक्स और सूचना प्रौद्योगिकी मंत्रालय के तहत एक स्वतंत्र व्यापार प्रभाग है। एनईजीडी केंद्र और राज्य दोनों स्तरों पर विभिन्न मंत्रालयों/विभागों द्वारा किए गए ई-गवर्नेंस परियोजनाओं और पहलों के कार्यक्रम प्रबंधन और कार्यान्वयन में एमईआईटीवाई का समर्थन करने में महत्वपूर्ण भूमिका निभा रहा है।

एनईजीडी डिजिटल इंडिया कार्यक्रम के तत्वावधान में कई नवीन पहलों का नेतृत्व कर रहा है। इन्हें डिजिटल इंडिया के विज़न क्षेत्रों को केंद्र में रखते हुए विकसित किया गया है - प्रत्येक नागरिक, शासन और मांग पर सेवाओं और विशेष रूप से हमारे देश के नागरिकों के डिजिटल सशक्तिकरण के लिए मुख्य उपयोगिता के रूप में डिजिटल बुनियादी ढांचा प्रदान करना; इनमें से कुछ पहलों में डिजिलॉकर, उमंग, पोषण ट्रैकर, ओपनफोर्ज प्लेटफॉर्म, एपीआई सेतु, नेशनल एकेडमिक डिपॉजिटरी, एकेडमिक बैंक ऑफ क्रेडिट्स, लर्निंग मैनेजमेंट सिस्टम शामिल हैं।