About Loyalytics
Loyalytics is a fast-growing Analytics consulting and product organization based out of Bangalore. We work with large retail clients across the globe helping them monetize their data assets through our consulting assignments and product accelerators. We are a young dynamic team of 100+ analytics practitioners working on some of the most cutting-edge tools and technologies.
Who we are:
● Technical team: A team full of data scientists, data engineers and business analysts who work with 1M+ data points every day.
● Market Size: Massive multi-billion $ global market opportunity.
● Leadership: Combined experience of 40+ years of experience in the industry.
● Customers: Word-of-mouth and referral driven marketing to acquire customers like big retail brands in GCC regions like Lulu, GMG, among others (Strong product-market fit).
● What makes us stand apart: 8 years old bootstrapped and 100+ people company that is still hiring.
Our Product
Swan is a customer engagement platform helping enterprises drive personalized, data-driven engagement at scale. We work with customers across the Middle East (GCC) and are expanding into new geographies. Our platform is multi-tenant, cloud-native, and heavily data-driven, handling sensitive customer engagement and demographic data.
We are fully deployed on Microsoft Azure and are ISO 27001 certified. As we scale, we are looking for our first dedicated Security Engineer who can take complete ownership of security across our tech stack and compliance landscape.
Role Overview
We are looking for a
hands-on Security Engineer with 4–6 years of experience
who has already “done this before”.
This role is not advisory or theoretical. You will be the
single owner of security
at Swan — responsible for strengthening our cloud security posture, driving compliance (ISO 27001, PDPL, GDPR), working with external security agencies, and representing Swan on security discussions with enterprise customers.
Our engineering team is strong in product and platform development but
not security experts
, so you are expected to lead, guide, and execute without depending on others for security direction.
Key Responsibilities
1. Cloud & Infrastructure Security (Azure)
Own end-to-end security of our Azure infrastructure:
Azure App Services, Azure Functions, Container Apps
Cosmos DB, Redis, Databricks
Define and enforce best practices for:
Identity & access management (RBAC, least privilege)
Network security (private endpoints, VNETs, NSGs)
Secrets management (Azure Key Vault, secret rotation)
Continuously improve Azure Security Score and proactively close gaps.
2. Application & API Security
Review and improve security of backend services built in
Node.js and Golang
.
Secure APIs and internal services:
Authentication & authorization flows
Rate limiting, abuse prevention
Secure handling of PII data
Drive secure coding practices and threat modelling across services.
3. Data Security & Privacy
Design and document
end-to-end data flow
across the platform:
Controllers, processors, sub-processors
Data ingress, storage, processing, and egress
Ensure proper handling of PII data (mobile numbers, emails, transaction history).
Define data retention, masking, encryption, and access control policies.
Ensure multi-tenant data isolation is robust and well-designed.
4. Compliance & Governance (ISO 27001, PDPL, GDPR)
end-to-end Own compliance readiness and execution for:
ISO 27001 (continuous compliance)
PDPL (GCC / Saudi)
GDPR (current & future EU expansion)
Write, maintain, and improve:
Security policies
Risk registers
Incident response plans
Access control and data protection policies
Work closely with
external security agencies and auditors
to:
Close audit findings
Prepare evidence
Drive certifications and assessments
5. VAPT & Security Testing
Plan, manage, and execute
VAPT
:
Coordinate with external vendors
Optionally perform internal testing where possible
Track findings, prioritize risks, and ensure closure with engineering teams.
6. CI/CD & DevSecOps
Integrate security into CI/CD pipelines (GitHub Actions / Azure DevOps):
Secrets scanning
Dependency vulnerability scanning
Basic SAST / DAST practices
Ensure secure build, deploy, and release processes.
7. AI & Data Usage Security
Review how AI is used across the platform.
Ensure
confidential and PII data is not exposed to AI systems
improperly.
Define guardrails and policies for AI usage from a security and privacy perspective.
8. Customer & Incident Handling
Join security calls with enterprise customers when required.
Respond to customer security questionnaires and due-diligence requests.
Own incident response:
Detection
Containment
Root Cause Analysis (RCA)
Preventive actions
Must-Have Skills & Experience
4–6 years of hands-on experience in
security engineering
Strong experience securing
cloud-native systems on Azure
Practical experience with:
ISO 27001
GDPR
PDPL or similar regional privacy laws
Experience handling
PII-heavy, multi-tenant SaaS platforms
Comfortable writing security policies and technical documentation
Experience working with external security agencies and auditors
Ability to work independently and take full ownership
Good-to-Have
Hands-on VAPT or penetration testing experience
DevSecOps tooling experience
Experience in customer-facing security roles
Startup or high-growth SaaS experience
What Success Looks Like (First 6 Months)
Clear visibility and documentation of data flows across the platform
Improved Azure security posture and security score
All critical/high VAPT findings closed
PDPL & GDPR readiness with external agencies
Security policies and incident response processes in place
Engineering team following consistent security best practices
Confidence from enterprise customers in Swan’s security posture
