Security Engineer

Title : Security Engineer (3-6 yrs)

Company : Sentieo

Location : New Delhi

Industry : IT- Software / Software Services

About company :

- Sentieo (www.sentieo.com) is an equity research platform of the 21st century - Built by former hedge fund analysts. Our platform overlays cutting edge search, collaboration and visualization tools on financial data sets allowing our clients to supercharge their research process.

- Think of us as a financial operating system for investors. We are a well funded, fast growing financial data startup which is quickly carving out its own niche in a $100Bn+ global market. Today, numbers of portfolio managers are actively relying on Sentieo to make the decisions.

- As a Security Engineer, you'll be responsible responsible for establishing security strategy, managing cybersecurity operations and implementing and monitoring information security standards and policies for Sentieo.

- This responsibility spans the architecture, design, implementation and day-to-day operations to protect the Sentieo's information technology operations and assets. Your key responsibilities would be to:-

- Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Android, iOS and Web.

- Ability to effectively work with the engineering teams to provide technical risk-assessment of technologies in networks, applications.

- Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source. Perform, review and analyze security vulnerability data to identify applicability and false-positives.

- Conduct penetration testing in line with Open Web Application Security Project (OWASP)

- Monitor and analyze systems for security incidents, investigating, resolving, reporting, and escalating them as needed.

- Develop technical solutions to help mitigate security vulnerabilities and automate tasks to increase operational efficiency.

- Design and establish continuous monitoring programs using cybersecurity monitoring, vulnerability scanning, and intrusion detection and management tools.

- Identify opportunities to improve the quality and resiliency of the company's systems and applications.

- Research and recommend solutions to improve the company's security posture on-premises and in the cloud.

- Partner with devops teams to implement and tune security monitoring, tooling, and reporting.

- Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.

- Implementing antivirus, VPN, web filtering and email security.

- Continuous review and improvement of all security policies and procedures.

- Develop, communicate and ensure compliance with company's security policies and standards.

Requirements :

- Three to six years of professional information and IT security experience with a passion for cybersecurity.

- Professional information security certifications such as CompTIA Security+, SSCP, CISSP, CISM, CCNA Security, CCNP Security, CEH, GIAC, or CISA required.

- A proven track record of designing, engineering, and delivering enterprise-level security solutions.

- Excellent vulnerability, intrusion, and incident assessment, remediation, and management skills.

- Fluency in scripting or querying languages (e.g., PowerShell, Perl, Python, SQL).

- Detailed working knowledge of security technologies (e.g., AV, IDS/IPS, NGFW, SIEM, WAF, DLP, and malware analysis and protection), with a commitment to keep current with the latest developments in this field.

- Experience in identity management/authorization and authentication (e.g., SSL, IPSEC, PKI, SAML, Kerberos, LDAP).

- Should be able to understand security alerts and take necessary actions accordingly

- Worked on Security Pen Testing methodologies including automated scans and manual methods.

- Tools including Burp, Nexpose, NMap, Whois, ZAP etc. is a plus.

- Good Hands-On with Linux Debian Flavors and security hardening of the same.

- Understanding of Web Servers and HTTP Protocols.

- Troubleshooting web servers like Haproxy, Apache, Nginx and other reverse proxy platforms.

- Understanding of SSL Handshake and Certificates, DNS and DHCP, Network troubleshooting. Remote access methods.

- Worked on Security Pen Testing methodologies including automated scans and manual methods.

- Good understanding of TCP/IP networking including IP classes, OSI Model, routing protocols, subnets, NAT, SSL Handshake, Certificates, DNS and DHCP, Network troubleshooting. Remote access methods.

- Someone who is transparent and open to feedback and a collaborative team player with high standards and ethics.

Ajay Singh
9899259044