Loyalytics Consulting
About Loyalytics
Loyalytics is a fast-growing Analytics consulting and product organization based out of Bangalore. We work with large retail clients across the globe helping them monetize their data assets through our consulting assignments and product accelerators. We are a young dynamic team of 100+ analytics practitioners working on some of the most cutting-edge tools and technologies.
Who we are:
● Technical team: A team full of data scientists, data engineers and business analysts who work with 1M+ data points every day.
● Market Size: Massive multi-billion $ global market opportunity.
● Leadership: Combined experience of 40+ years of experience in the industry.
● Customers: Word-of-mouth and referral driven marketing to acquire customers like big retail brands in GCC regions like Lulu, GMG, among others (Strong product-market fit).
● What makes us stand apart: 8 years old bootstrapped and 100+ people company that is still hiring.
Our Product
Swan is a customer engagement platform helping enterprises drive personalized, data-driven engagement at scale. We work with customers across the Middle East (GCC) and are expanding into new geographies. Our platform is multi-tenant, cloud-native, and heavily data-driven, handling sensitive customer engagement and demographic data.
We are fully deployed on Microsoft Azure and are ISO 27001 certified. As we scale, we are looking for our first dedicated Security Engineer who can take complete ownership of security across our tech stack and compliance landscape.
Role Overview
We are looking for a hands-on Security Engineer with 4–6 years of experience who has already “done this before”.
This role is not advisory or theoretical. You will be the single owner of security at Swan — responsible for strengthening our cloud security posture, driving compliance (ISO 27001, PDPL, GDPR), working with external security agencies, and representing Swan on security discussions with enterprise customers.
Our engineering team is strong in product and platform development but not security experts, so you are expected to lead, guide, and execute without depending on others for security direction.
Key Responsibilities
1. Cloud & Infrastructure Security (Azure)
  • Own end-to-end security of our Azure infrastructure:
  • Azure App Services, Azure Functions, Container Apps
  • Cosmos DB, Redis, Databricks
  • Define and enforce best practices for:
  • Identity & access management (RBAC, least privilege)
  • Network security (private endpoints, VNETs, NSGs)
  • Secrets management (Azure Key Vault, secret rotation)
  • Continuously improve Azure Security Score and proactively close gaps.
2. Application & API Security
  • Review and improve security of backend services built in Node.js and Golang.
  • Secure APIs and internal services:
  • Authentication & authorization flows
  • Rate limiting, abuse prevention
  • Secure handling of PII data
  • Drive secure coding practices and threat modelling across services.
3. Data Security & Privacy
  • Design and document end-to-end data flow across the platform:
  • Controllers, processors, sub-processors
  • Data ingress, storage, processing, and egress
  • Ensure proper handling of PII data (mobile numbers, emails, transaction history).
  • Define data retention, masking, encryption, and access control policies.
  • Ensure multi-tenant data isolation is robust and well-designed.
4. Compliance & Governance (ISO 27001, PDPL, GDPR)
  • end-to-end Own compliance readiness and execution for:
  • ISO 27001 (continuous compliance)
  • PDPL (GCC / Saudi)
  • GDPR (current & future EU expansion)
  • Write, maintain, and improve:
  • Security policies
  • Risk registers
  • Incident response plans
  • Access control and data protection policies
  • Work closely with external security agencies and auditors to:
  • Close audit findings
  • Prepare evidence
  • Drive certifications and assessments
5. VAPT & Security Testing
  • Plan, manage, and execute VAPT:
  • Coordinate with external vendors
  • Optionally perform internal testing where possible
  • Track findings, prioritize risks, and ensure closure with engineering teams.
6. CI/CD & DevSecOps
  • Integrate security into CI/CD pipelines (GitHub Actions / Azure DevOps):
  • Secrets scanning
  • Dependency vulnerability scanning
  • Basic SAST / DAST practices
  • Ensure secure build, deploy, and release processes.
7. AI & Data Usage Security
  • Review how AI is used across the platform.
  • Ensure confidential and PII data is not exposed to AI systems improperly.
  • Define guardrails and policies for AI usage from a security and privacy perspective.
8. Customer & Incident Handling
  • Join security calls with enterprise customers when required.
  • Respond to customer security questionnaires and due-diligence requests.
  • Own incident response:
  • Detection
  • Containment
  • Root Cause Analysis (RCA)
  • Preventive actions
Must-Have Skills & Experience
  • 4–6 years of hands-on experience in security engineering
  • Strong experience securing cloud-native systems on Azure
  • Practical experience with:
  • ISO 27001
  • GDPR
  • PDPL or similar regional privacy laws
  • Experience handling PII-heavy, multi-tenant SaaS platforms
  • Comfortable writing security policies and technical documentation
  • Experience working with external security agencies and auditors
  • Ability to work independently and take full ownership
Good-to-Have
  • Hands-on VAPT or penetration testing experience
  • DevSecOps tooling experience
  • Experience in customer-facing security roles
  • Startup or high-growth SaaS experience
What Success Looks Like (First 6 Months)
  • Clear visibility and documentation of data flows across the platform
  • Improved Azure security posture and security score
  • All critical/high VAPT findings closed
  • PDPL & GDPR readiness with external agencies
  • Security policies and incident response processes in place
  • Engineering team following consistent security best practices
  • Confidence from enterprise customers in Swan’s security posture
View all job openings