Specialist – Information Security

Dr. Reddy’s Laboratories Ltd. is a leading multinational pharmaceutical company based across global locations. Each of our 24,000 plus employees comes to work every day for one collective purpose: to accelerate access to affordable and innovative medicines because Good Health Can’t Wait.

We started in 1984 with a modest investment, 20 employees and a bold vision. Today, we have research and development centres, manufacturing facilities or a commercial presence in 66 countries. 

For nearly four decades, we have stood for access, affordability and innovation based on the bedrock of deep science, progressive people practices and robust corporate governance. As the pharmaceutical industry evolves and undergoes disruption, we see an opportunity – to strengthen our core further (the next steps) and to build the future (the new bets).

‘The Next and the New’ is how we aim to continue to be the partner of choice – purpose-driven, future-ready and sustainable.  Our aim is to reach over 1.5 Bn+ patients across the world by 2030 by growing our core businesses and building for the future with sustainability at the core of our purpose and strategy. Sustainability for us means operating in a manner that respects people, planet and purpose – helping us conserve precious resources, serve our patients, create value for stakeholders, give back to society, fulfil our potential and maintain our integrity and transparency

Dr Reddy’s maintains a work environment, free from discrimination and is an equal opportunity employer. We are committed to employ & nurture all qualified diverse workforce without regard to race, colour religion, nationality, sex, age, disability status, genetics, sexual orientation, gender expression, citizenship or any other characteristic or classification protected by applicable law(s) of the country we operate in. We treasure every talent, and recognize merit and diversity in our organization.

We are seeking a hands-on specialist to own enterprise Data Loss Prevention (DLP), Threat & Vulnerability Management (TVM), Attack Surface Management (ASM), and Email Security. This role will design and operate controls that reduce data exfiltration risk, harden attack surfaces, and protect messaging channels. The successful candidate will drive security roadmap, governance, metrics, and incident response across this portfolio, partnering closely with the SOC, Security Engineering, Infrastructure, IT, and Business stakeholders.

• Bachelor of Technology (B.Tech) – Computer Science Engineering

• 5+ years of relevant experience in core Cybersecurity domains & functions

• Strong operational knowledge of Microsoft 365 security stack, including:

  • Microsoft Defender for Office 365 (MDO / Defender Email Security)
  • Anti-phishing & Anti-spam policies
  • Safe Links, Safe Attachments
  • URL detonation, sandboxing technologies

• Deep working experience with Data Loss Prevention (DLP) technologies, including:

  • Endpoint, Network & Email DLP
  • DSPM across Exchange, SharePoint, OneDrive, Teams
  • Data classification & labeling

• Strong understanding of core cybersecurity principles, including:

  • Defense-in-depth
  • Least privilege
  • Identity security fundamentals
  • Threat modeling

• Hands-on experience in Incident Response (IR), including:

  • Triage, investigation, containment, and remediation
  • Email threat analysis
  • Data exfiltration investigations

• Solid foundation in Networking & Security fundamentals, including:

  • TCP/IP, DNS, SMTP, HTTP/HTTPS
  • Firewalls, proxies, VPN, encryption basics

• Working knowledge of Attack Surface Management (ASM) & Exposure Management, particularly:

  • External asset discovery
  • Vulnerability identification
  • Surface reduction practices

• Basic to intermediate understanding of enterprise infrastructure components, such as:

  • Azure AD / Entra ID
  • On‑Prem Active Directory (AD)
  • SCCM / Intune
  • Hybrid identity & authentication flow concepts

• Practical understanding of Security Standards & Frameworks, including:

  • NIST Cybersecurity Framework (CSF)
  • NIST 800‑53 / 800‑171 (basic understanding)
  • ISO 27001:2022
  • CIS Benchmarks (Windows, M365, Azure)
  • Zero Trust Architecture (ZTA) principles

• Good exposure to VAPT concepts, including:

  • Vulnerability assessment
  • Penetration testing basics
  • Remediation lifecycle

• Experience with Risk Management frameworks

• Strong understanding of Agile project management, including:

  • Sprint planning
  • Backlog grooming
  • Managing security deliverables in agile teams

• Strong managerial & leadership capabilities, including:

  • People leadership
  • Workload allocation
  • Performance management
  • Skill development & team growth

• Strong project management skills, including:

  • Planning & execution
  • Milestone tracking
  • Stakeholder management
  • Cross‑functional coordination

• Excellent communication skills, with the ability to translate technical details for engineering teams and senior leadership.

Nice to Have

• Cybersecurity certifications from recognized bodies such as:
  • SANS / GIAC
  • ISACA (CISM, CRISC, CISA)
  • ISC² (CISSP, CCSP)
  • EC‑Council (CEH, CHFI)
  • CompTIA (Security+, CySA+, CASP+)
  • OffSec (OSCP, OSEP, OSWE)