Lead - security

Posted: May 3, 2021, 12:01 p.m. - Full Time - Bengaluru

We are looking for an outstanding Security Engineer who is highly technical and is responsible for ensuring the security for a broad range of environments, endpoints and technologies in a . Candidate needs to be a self-starter who can independently and collaboratively work with little direction in a fast-moving environment.

Job Responsibilities

Review and assess the company and third-party partners on overall security posture. Oversee vulnerability scanning, testing, and validation and make tool/solution recommendations to the security team. Guides and performs security activities including penetration testing and vulnerability analysis, audits and assessments, code review, static and dynamic testing, and ethical hacking. Implementing code review processes and tooling and being a trusted advisor to the Engineering teams on secure coding practices. Work closely with engineers to provide expert advice on secure SDLC (automated and manual code-review), Layer 7 security best practices, and ensuring the remediation of vulnerabilities. Protect the company and its customers by identifying threats to user experience and user data while proposing mitigations and defences. Strong collaboration with Engineering, CloudOps and DevOps teams is essential. Provide guidance on hardening end-points, containers, APIs, applications, operating systems (e.g., Linux) and AWS cloud environments. Manage and review perimeter defences, such as firewalls, WAF- s, and IDPS. Participate as a key hands-on member in cybersecurity incident response and recovery activities. Capacity and tolerance for extreme context switching and interruptions while remaining productive and able to provide effective, safe guidance. Maintain knowledge and skills to keep up with the rapidly changing threat landscape. Work collaboratively with internal and external departments, vendors, and other key stakeholders. Be the SME for Application security process Build the Security team Manage work efforts end-to-end of the team

Skills And Qualifications

Experience working as a security or software dev/engineer with knowledge of container, mobile, and API secure development practices is preferred. Security testing and vulnerability identification tools including Kali Linux, BlackArch, Metasploit, Burp Suite, Vuln. Scanning, Veracode, etc. Experience with multiple programming/scripting languages (Python, Perl, etc.) preferred, Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP,HTTPS, routing protocols). Experience with configuration management and automation tools is a plus. Experience working with cloud environments, such as AWS from both a developer and security perspective. Knowledge in AWS security. Experience in diagnosing and preventing cyber-attacks. Excellent written and verbal communication skills. Industry related certifications are desirable, knowledge on related industry regulations, guidelines and standards Knowledge of SW engineering process and it's typical life cycle Strong analytical and problem solving skills Ability to prioritize and deliver on multiple project deadlines and milestones Excellent time management skills Strong attention to detail and follow-through Must be effective communicator Willing to learn new things