Cybersecurity & Compliance Engineer

Req ID: 344959 

NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Cybersecurity & Compliance Engineer to join our team in Bangalore, Karnātaka (IN-KA), India (IN).

Cybersecurity & Compliance Engineer (Hands-On Role)

Overview

We are seeking a hands-on Cybersecurity & Compliance Engineer to ensure continuous compliance with NIST privacy and security controls, maintain the integrity of our platform through vulnerability and penetration testing, and support both internal and client-facing security engagements.
This role will also be responsible for developing quantitative and qualitative measures, metrics, and dashboards to monitor compliance posture, threat exposure, and control performance.

The ideal candidate will be equally comfortable executing vulnerability assessments, performing hands-on testing, designing compliance metrics, mapping controls to frameworks, and collaborating with clients and internal teams on audits, opportunities, and continuous improvement initiatives.

Key Responsibilities

1. Continuous Compliance Management

• Maintain and continuously monitor compliance with NIST SP 800-53, NIST 800-171, and related privacy and security control frameworks.
• Conduct control assessments and evidence collection to support ongoing compliance and readiness for audits.
• Develop and maintain documentation, policies, and procedures supporting security and privacy compliance initiatives.
• Coordinate remediation activities and track closure of nonconformities or control gaps.
• Design and implement compliance metrics and dashboards to measure control effectiveness, risk trends, and audit readiness across business units.

2. Vulnerability & Penetration Testing

• Perform hands-on vulnerability scanning, manual verification, and exploitation in controlled environments.
• Conduct internal and external penetration tests, web application assessments, and infrastructure testing (cloud and on-prem).
• Validate and communicate findings, prioritize based on risk, and collaborate with engineering teams to drive remediation.
• Maintain testing scripts, tools, and methodologies consistent with industry best practices (e.g., OWASP, MITRE ATT&CK).
• Track and visualize vulnerability trends, remediation SLAs, and recurring issues using security dashboards and KPI reports.

3. Research, Standards Alignment, and Gap Assessments

• Evaluate new and emerging security and privacy frameworks (e.g., ISO 27001, SOC 2, CMMC, CIS, NIST Privacy Framework).
• Perform detailed gap assessments against applicable frameworks and client security requirements.
• Provide strategic recommendations for strengthening controls and enhancing compliance posture.
• Collaborate with architecture and DevSecOps teams to embed new standards into design and delivery processes.
• Develop maturity models and benchmark metrics to measure progress toward compliance with evolving standards.

4. Client Engagement and Audit Support

• Participate in client due diligence, RFP, and security questionnaire responses.
• Support internal and external audits by preparing evidence, addressing findings, and demonstrating compliance maturity.
• Represent the organization in client security discussions and technical review meetings.
• Provide clear, professional, and technical documentation to support audit and compliance activities.
• Generate data-driven reporting and visualizations that communicate compliance status, control effectiveness, and audit trends to clients and leadership.

5. Metrics, Measurement, and Reporting

• Design and maintain cybersecurity and compliance dashboards that integrate data from vulnerability management, compliance tracking, SIEM, and ticketing systems.
• Define and maintain Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) aligned to organizational goals and NIST control families.
• Automate data collection and reporting processes to ensure timely visibility into security posture.
• Work with leadership to translate metrics into actionable insights for continuous improvement.

Qualifications

Required:

• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).
• 5+ years of experience in cybersecurity compliance, penetration testing, or risk management.
• Strong understanding of NIST frameworks (SP 800-53, 800-171, 800-37, and Privacy Framework).
• Experience with vulnerability management and penetration testing tools (e.g., Nessus, Burp Suite, Metasploit, Nmap, Qualys).
• Demonstrated ability to interpret and apply security controls in both cloud and on-prem environments.
• Proven ability to design and maintain performance metrics, dashboards, and reporting frameworks.
• Excellent communication skills for technical and client-facing documentation.

Preferred:

• Industry certifications such as CISSP, CISA, CEH, OSCP, or similar.
• Experience with Azure, AWS, or hybrid cloud compliance controls.
• Familiarity with GRC platforms (e.g., Archer, ServiceNow, 6clicks) and data visualization tools (e.g., Power BI, Tableau, Grafana).
• Experience supporting FedRAMP, SOC 2, ISO 27001, or CMMC compliance programs.

Core Competencies

• Deep understanding of security and privacy frameworks.
• Metrics-driven approach to compliance and risk management.
• Hands-on testing and technical validation skills.
• Strong analytical and visualization capabilities.
• Collaborative and client-focused mindset.
• Continuous learning and curiosity for evolving standards and technologies.

About NTT DATA

NTT DATA is a $30 billion business and technology services leader, serving 75% of the Fortune Global 100. We are committed to accelerating client success and positively impacting society through responsible innovation. We are one of the world's leading AI and digital infrastructure providers, with unmatched capabilities in enterprise-scale AI, cloud, security, connectivity, data centers and application services. our consulting and Industry solutions help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have experts in more than 50 countries. We also offer clients access to a robust ecosystem of innovation centers as well as established and start-up partners. NTT DATA is a part of NTT Group, which invests over $3 billion each year in R&D.

Whenever possible, we hire locally to NTT DATA offices or client sites. This ensures we can provide timely and effective support tailored to each client’s needs. While many positions offer remote or hybrid work options, these arrangements are subject to change based on client requirements. For employees near an NTT DATA office or client site, in-office attendance may be required for meetings or events, depending on business needs. At NTT DATA, we are committed to staying flexible and meeting the evolving needs of both our clients and employees. NTT DATA recruiters will never ask for payment or banking information and will only use @nttdata.com and @talent.nttdataservices.com email addresses. If you are requested to provide payment or disclose banking information, please submit a contact us form, https://us.nttdata.com/en/contact-us.

NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.