Information Security Engineer (GRC)

Information Technology Bangalore , Karnataka,

Apply

Come Join Our Passionate Team!  At Barracuda, we make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level.
 
We know a diverse workforce adds to our collective value and strength as an organization.  Barracuda Networks is proud to be an employer that complies with all applicable national, state and local laws pertaining to nondiscrimination and equal opportunity regardless of race, gender, religion, sex, sexual orientation, national origin, or disability. 
 
 
Envision yourself at Barracuda
 
We are seeking a highly motivated and detail-oriented Information Security Engineer to join
our team. The successful candidate will have a strong background in information security, with
at least 2 years of experience in the field. They will be responsible for supporting the
organization's security posture by performing the work of an information security engineer,
including conducting vulnerability assessments and penetration testing, developing and
implementing security policies and procedures, and collaborating with cross-functional teams
to ensure the organization's security is robust and effective. The ideal candidate will have a
deep understanding of security principles, technologies, and industry best practices, as well
as experience working with public cloud infrastructure such as AWS and Azure Cloud.
Additionally, they will be responsible for onboarding and implementation of GRC tools, responding to security events and incidents, and participating in threat hunting activities. This is a security generalist role with opportunities to branch into more specialized disciplines within Information Security and Cybersecurity.
 

  • What you’ll be working on

    • Support day-to-day GRC activities, including control tracking, evidence collection, audit coordination, remediation follow-up, and compliance documentation.
    • Assist with internal and external audit readiness for frameworks such as ISO 27001:2022, SOC 2 Type 2, and similar security or compliance standards.
    • Help respond to customer security and compliance questionnaires, including gathering inputs from internal teams, validating responses, and maintaining consistency with approved security and compliance documentation.
    • Support customer communication for compliance-related queries, including questions related to security controls, certifications, audit reports, policies, data protection, risk management, and governance practices.
    • Assist with Third-Party Risk Management (TPRM) activities, including vendor security reviews, vendor questionnaire tracking, risk follow-ups, and documentation of third-party security posture.
    • Coordinate with internal teams such as Security, IT, Engineering, Legal, Sales, and Customer-facing teams to collect information required for audits, customer assurance, and compliance reviews.
    • Maintain clear records for audit evidence, customer questionnaire responses, risk items, control ownership, exceptions, remediation actions, and compliance commitments.
    • Track open compliance gaps, audit findings, third-party risks, and customer assurance follow-ups to ensure timely closure.
    • Support updates to security policies, procedures, standards, and internal documentation where required.
    • Gain limited exposure to SOC workflows, such as incident evidence collection, security control validation, and understanding how operational security activities support compliance requirements.
    Technologies and platforms you may work with
    • Microsoft 365 tools for documentation, collaboration, and evidence coordination
    • SharePoint, OneDrive, Excel, and similar documentation or tracking platforms
    • Customer security questionnaire and trust documentation workflows
    • Jira or similar ticketing/tracking tools
    • Audit evidence repositories and internal documentation platforms
    • Basic exposure to cloud and enterprise environments such as AWS, Azure, and Microsoft 365
    • Limited exposure to security operations workflows, alerts, incident records, and evidence collection processes
    What you bring to the role
    • 2+ years of experience in Information Security, GRC, IT risk, compliance, audit support, customer assurance, TPRM, or a related area.
    • Basic understanding of security governance, risk management, compliance controls, audit processes, and security documentation.
    • Exposure to audits or compliance assessments such as ISO 27001:2022, SOC 2 Type 2, internal audits, customer audits, or similar reviews.
    • Experience supporting customer security questionnaires, compliance questionnaires, customer due diligence, or security assurance requests.
    • Basic understanding of Third-Party Risk Management, vendor risk reviews, vendor questionnaires, and risk follow-up processes.
    • Strong written communication skills with the ability to prepare clear, accurate, and consistent compliance responses.
    • Ability to coordinate with multiple internal stakeholders to gather information, clarify responses, and close open items.
    • Foundational understanding of security concepts such as access control, logging, vulnerability management, incident response, data protection, encryption, change management, and business continuity.
    • Bachelor’s degree in information security, IT, Computer Science, Cybersecurity, Risk Management, or equivalent practical experience.
    Nice to have
    • Familiarity with security and compliance frameworks such as ISO 27001:2022, SOC 2 Type 2, NIST CSF, CIS Controls, PCI DSS, GDPR, or similar standards.
    • Exposure to customer trust, customer assurance, RFP security responses, or compliance-related customer communication.
    • Experience supporting vendor security reviews or third-party risk assessments.
    • Entry-level certifications such as CompTIA Security+, ISC2 Certified in Cybersecurity, ISO 27001 Foundation/Internal Auditor, or similar.
 
What you’ll get from us: 
A team where you can voice your opinion, make an impact, and where you and your experience are valued. Internal mobility – there are opportunities for cross training and the ability to attain your next career step within Barracuda. In addition, you will receive equity, in the form of non-qualifying options. 
 
#LI-onsite 

Apply Apply Later
← Back to Current Openings

Share