JOB PROFILE

Position
Location	Noida
Reporting Mgr. Name	Sushil Kumar
Department	IT Operations
Reporting Mgr. Designation	Infrastructure Head
Offered Grade

Our Purpose

At Niva Bupa, our purpose is “to give every Indian the confidence to access the best healthcare.”

Our Values

• Commitment
• Innovation
• Empathy
• Collaboration
• Transparency

Proficiency Level

(Please Tick)

• L1: - HEAD OF FUNCTION/BUSINESS (Sr. Leadership Team)
• L2: - MANAGER OF MANAGER
• L3: - MANAGER
• L4: - INDIVIDUAL CONTRIBUTOR

About Niva Bupa Health Insurance Company

Niva Bupa Health Insurance Company Limited (formerly known as Max Bupa Health Insurance Company Limited) is a joint venture between Fettle Tone LLP (an affiliate of True North Fund VI LLP), a leading Indian private equity firm, and the Bupa Group, a leading international healthcare company with a legacy of providing specialized healthcare services for over 70 years.

Niva Bupa’s growth story has been phenomenal. We are one of the fastest growing Stand Alone Health Insurers in the country with a current employee strength of 7000+ with growth rate of 154% since FY 20 and growing. We are a fully integrated health insurance provider with in-house claims processing; underwriting and servicing. Our goal is to achieve more than 10000 Cr GWP By 2027 & thus requires goal oriented individuals to be a part of this exciting growth journey to achieve it.

Niva Bupa is certified Great Place to Work for the 3rd year running and aims to become one of the best workplaces in the BFSI industry.

Niva Bupa is an Equal Opportunity Employer committed to achieving diversity within its workforce, and encourages all qualified applicants to apply, irrespective of gender, age, sexual orientation, disability, culture, religious and ethnic background. At Niva Bupa 12% of our team handling roles are led by women. We welcome specially-abled professionals to join our team.

ESG: Supporting action to protect, restore and regenerate local environments for the benefit of our customers, our people, our communities, and wider society.

For more details visit our website- www.nivabupa.com

Job Summary

We are looking for a hybrid VAPT Triaging & TechOps Engineer to manage our vulnerability lifecycle and act as the technical liaison between our Security, Infrastructure, and Application Engineering teams. In this role, you will not just pass along security reports; you will deeply analyze, validate, and prioritize vulnerabilities discovered through Vulnerability Assessment and Penetration Testing (VAPT) and automated scanning tools.

Crucially, you will act as a TechOps bridge, translating security findings into actionable, technical engineering tasks. You will work side-by-side with infra and app teams to help them understand how to remediate risks without breaking production environments.

Key Roles & Responsibilities

• VAPT Triaging & Validation: Review, validate, and deduplicate vulnerability findings from internal/external penetration tests, and automated scanners.
• Risk Contextualization: Perform root-cause analysis on vulnerabilities to determine their actual risk business context (exploitability, impact, and reachability), eliminating false positives before they reach engineering queues.
• The TechOps Liaison: Act as the primary technical interface between Information Security, Infrastructure (Cloud/SysOps), and Application Dev teams. Translate complex exploit PoCs (Proof of Concepts) into clear, step-by-step remediation tickets (like Jira).
• Remediation Assistance & Advisory: Don't just point out flaws—help fix them. Provide hand-on technical guidance to Application teams on securing code, and to Infrastructure teams on patching, hardening OS images, updating dependencies, and adjusting network/cloud configurations.
• SLA & Lifecycle Management: Track the remediation lifecycle from discovery to closure. Ensure all technical teams are adhering to agreed-upon security SLAs (Service Level Agreements) based on vulnerability severity.
• Re-testing & Verification: Perform technical verification and regression testing to confirm that implemented fixes successfully remediate the vulnerability without impacting system uptime or performance.
• Metrics & Reporting: Maintain up-to-date vulnerability dashboards. Provide technical metrics to management regarding patch velocity, recurring risk trends, and systemic bottlenecks between teams.

Key Requirements – Education & Certificates

Bachelor’s degree – BTech or equivalent.

Key Requirements - Experience & Skills

Technical

• Strong experience with server hardening, patch management and security baseline Experience: 3-5+ years of experience in a highly collaborative technical role, such as Application Security, VAPT, DevSecOps, Systems Engineering, or Technical Operations.
• Triaging Expertise: Strong understanding of vulnerability classification frameworks.
• Systems & Application Fluency: Ability to read and understand code (e.g., Python, Java, JavaScript, or Go) and navigate infrastructure setups (Linux/Windows administration, basic networking, Docker containers, and cloud concepts).
• Penetration Testing Tools: Familiarity with the tools used to find and validate flaws, such as Burp Suite, Nessus, Qualys, Nmap, or Metasploit.
• Cross-Team Collaboration: Exceptional communication skills. You must be able to speak "Security" to auditors, "Code" to developers, and "Infrastructure" to system administrators.
• Ticketing & Workflow Automation: Advanced experience with Jira, ServiceNow, or Azure DevOps, specifically around setting up security workflows, tracking metrics, and technical documentation.

Nice to have

• Certifications such as CEH (Certified Ethical Hacker), Security+, CompTIA Linux+, or AWS/Azure Fundamentals.
• Experience working in an Agile/Scrum engineering environment.
• Knowledge of CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) and how security tooling integrates into TechOps.

Behavioral

• Ownership and Accountability: Takes full responsibility for VAPT triaging.
• Collaboration and Influence: Works effectively across internal teams and external vendors.
• Communication: Communicates technical issues clearly to both technical and non-technical audience.
• Analytical Thinking: Uses structured thinking and data-driven approach to solve problems, assess risks, and make recommendations.
• Adaptability: Thrives in dynamic environment.

Key Functional Competencies

Functional competency	Beginner	Intermediate	Expert

NBHI Core Competencies

Behavioral Competency	Beginner	Intermediate	Expert

Targets/ KRA/ KPI (Tentative Business Nos./ Goals, Measure of Success & Weightages)

Goals	Measures of Success	Weightage
Company MOS	Defined as per Company Policy	Defined as per Company Policy

Functional Hierarchy/ Reporting Matrix

Hiring Manager has to inform the TA Team about the Reporting manager’s grade and the candidate’s grade. (Reporting Manager and Prospective New Hire Grade to be clearly mentioned below)