Senior Security Engineer

Our award-winning software platform is powered by a team of world-class experts in big data, machine learning, security, and scalable infrastructure. Our culture is open, positive, collaborative, and results driven. Come join us!

We are seeking a Senior Security Engineer who possesses expertise in cloud environments. You will be part of a team that protects system boundaries, keeps computer systems and network services hardened against attacks, and secures sensitive data. You will collaborate closely with our team to ensure that our products and environments are built to industry security standards and best practices.

RESPONSIBILITIES

• Engage with internal business teams on projects to assess for security risk and help deliver secure solutions via threat modeling, code review, penetration testing, and enforcing secure development lifecycle
• Assist with the implementation and execution of the application security program with the business and engineering teams
• Provide guidance on security architecture related to cloud computing products and services
• Test web applications for common vulnerabilities including input validation, broken access controls, session management, cross-site scripting, SQL injection and web server configuration issues
• Utilize security information and event management for real-time analysis of security alerts generated by our cloud infrastructure and applications
• Actively participate in Incident Management, Change Management, Security Policy Management and Security Incident Response
• Perform secure code reviews and implement security in all the phases of SDLC.
• Perform SAST, DAST, Internal Penetration testing on the Applications and the Infrastructure.
• Lead SOC2 and PCI Compliance programs

Requirements:

• 3+ years of industry experience with a proven track record of end-to-end audit prep / compliance ownership in one or more of the following: SOC 2, PCI, HIPAA, ISO 2001
• 3+ years experience in Application/Product security role.
• Must have knowledge / experience with security best practices within AWS (EC2, S3, IAM, VPC, Route53) and other providers
• Skills in the following areas: Security Compliance, Vulnerability Scanning, Managing PEN testing
• Demonstrated experience with systems auditing and monitoring to ensure compliance with security policies and standards
• Understanding of key security concepts such as cryptography, authentication, authorization, security protocols, or security vulnerabilities as applied to web application security and Cloud-based services
• Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls
• Experience with IDS/IPS, firewalls, DDoS Prevention, and WAFs
• Solid understanding of IP networking protocols: IPv4/6, TCP/UDP, DHCP, HTTPS, FTP, etc.
• Experience performing network/security maintenance tasks in the Cloud and highly available 24/7 data centers
• Experience performing security testing with OWASP guidelines.
• Locate in India