Security Manager

3 weeks ago

india Cashfree Payments Full time

Cashfree is a leading payments and API banking solutions company. We provide full-stack payments solutions enabling businesses in India to collect payments and make payouts via all available methods with a simple integration. Cashfree’s offerings include an advanced and easy way to integrate payment gateway, a split payment solution for marketplaces, bank account verification API and Auto Collect -- a virtual account solution to match inbound payments to customers. Founded by IIIT Hyderabad alumnus Akash Sinha and IIT Kharagpur graduate Reeju Datta, is among the leading payment service providers in India processing transactions worth USD 80 Billion annually. We have leveraged technology to lead payment disbursals in India with more than 50% market share among payment processors. Cashfree enables more than 8,00,000 businesses with payment collections, vendor payouts, wage payouts, bulk refunds, expense reimbursements, loyalty and rewards. Apart from India, Cashfree’s products are used in eight other countries including USA, Canada and UAE. Cashfree is backed by Silicon Valley investor Y Combinator, Apis Partners, State Bank of India (SBI) and was incubated by PayPal. Cashfree is currently used by over 800,000 businesses for vendor payouts, wage payouts, build refunds, expense reimbursements, loyalty, and rewards. Some of its notable customers include Dunzo, Xiaomi, Tencent, Delhivery, Zomato, Cred, Club Factory, and ExxonMobil.


Job Description

Function:

  • Application Security
  • Information Security
  • Vulnerability Assessment
  • Cloud Security
  • Product Security


Responsibilities:

  • Work with stakeholders to define and own Security road map for one or more business areas and build the Security processes from scratch.
  • Provide technical and scientific leadership to the team
  • Roll up your sleeves and do hands-on work.
  • Build, coach, mentor, and grow the team
  • Be at the forefront of emerging vulnerabilities/threats which could affect Cashfree products through independent research and study.
  • Examine the products in detail to discover vulnerabilities and collaborate with the other security engineers to practically demonstrate the exploitability and risk factors.
  • Engage with the developers in developing workarounds/mitigation plans and ensure they are implemented per policy.
  • Engage with the development teams to conduct secure design reviews/threat modeling exercises to enumerate threats and mitigation strategies.
  • Enable the developers with knowledge of threat modeling by conducting focused workshops.
  • Secure Coding: Priorities critical defects and ensure these are identified and mitigated during the sprint.
  • Integration and automation of SAST in the DevOps pipeline.
  • Build secure coding principles and propagate them across the development community.
  • Be the to-go person for developers in solving critical issues relating to secure product development.
  • Build and enhance secure coding/security assessment training content for developers and the QA team.
  • Deliver training programs at various levels in the organizations.
  • Conduct workshops/security tech talks to disseminate security knowledge and awareness.
  • Conduct white-box and grey-box offensive penetration testing against applications, front-end and back-end micro-services, and web services.
  • Conduct network infrastructure, Public Cloud (AWS and GCP), and data-layer offensive pen testing.
  • Perform manual source code reviews and audits (manual and SCA/SAST code audits) as needed.
  • Perform any other application security or product security-related activities or tasks as needed or directed.
  • Validate 3rd party external pen-test and crowd-sourced application security findings and work with our engineering teams.


Qualifications:

  • B. S. in Computer Science, Electrical, or Computer Engineering, or equivalent work experience as a software engineering or security practitioner.
  • 12+ years of relevant engineering or security assessment experience, experience in application security.
  • Possess a broad knowledge of attack vectors, exploits, and mitigations that work at scale or may be linked together for chained attacks.
  • Experience with Java, Go, Python, or Node.js (bonus points for more than one).
  • Experience with assessing Cloud-native services, service meshes, and K notes-platform-based micro-services.
  • Be able to apply unconventional thinking and problem-solve on the boundary of your knowledge base, learning new technologies or languages as needed to complete pen-test tasks.
  • Be able to think both offensively (like a hacker) and defensively (evaluating product security and design).
  • Familiarity with industry-standard threat modeling, risk modeling, and vulnerability classification.
  • Experience with pre-assessment architectural and API analysis to the scope and preparing white-box and grey-box assessments.
  • Experience working with in-house engineering organizations, S-SDLC/CICD software lifecycle, and QA processes.
  • Good knowledge of multiple classes of vulnerabilities that includes cross-site scripting, SQL Injection, CSRF, cryptographic-related weakness, and code injection.
  • Good knowledge of any programming/scripting languages such as Java, Ruby, and Python.
  • Good knowledge relating to services/technology relating to the cloud.
  • Ability to automate security testing and improve productivity in security assessments.
  • Ability to communicate and interpret security vulnerabilities to various audiences such as development and management teams.

  • Information Security Analyst

    1 month ago

    india TAC Security Full time

    Job Title: Information Security Analyst Location: Lower Parel, Mumbai (On-site)Job Description:We are seeking a skilled Information Security Analyst to join our team in Lower Parel, Mumbai. In this role, you will play a critical part in monitoring and enhancing our cybersecurity posture.Key Responsibilities:Monitor security alerts and events using SIEM tools...

  • Cyber Security Analyst

    2 months ago

    india TAC Security Full time

    Company DescriptionTAC Security is a global leader in vulnerability management that specializes in protecting Fortune 500 companies, leading enterprises, and governments worldwide. With its AI-based Vulnerability Management Platform ESOF (Enterprise Security in One Framework), TAC Security manages over 5 million vulnerabilities. ESOF, recognized as Gartner's...

  • Astra Security | Pentest Delivery Manager | india

    1 week ago

    india Astra Security Full time

    About Astra Security Astra Security a Techstars backed, cybersecurity SaaS company with 700+ customers across the globe. Astra's flagship product 'Astra Pentest Platform' helps businesses uncover vulnerabilities in their infrastructure proactively. Last year, Astra helped its customers uncover 2 million+ vulnerabilities, saving them $69 million+ in...

  • Astra Security | Pentest Delivery Manager | india

    1 week ago

    india Astra Security Full time

    About Astra Security Astra Security a Techstars backed, cybersecurity SaaS company with 700+ customers across the globe. Astra's flagship product 'Astra Pentest Platform' helps businesses uncover vulnerabilities in their infrastructure proactively. Last year, Astra helped its customers uncover 2 million+ vulnerabilities, saving them $69 million+ in...

  • Astra Security | Pentest Delivery Manager | india

    1 week ago

    india Astra Security Full time

    About Astra Security Astra Security a Techstars backed, cybersecurity SaaS company with 700+ customers across the globe. Astra's flagship product 'Astra Pentest Platform' helps businesses uncover vulnerabilities in their infrastructure proactively. Last year, Astra helped its customers uncover 2 million+ vulnerabilities, saving them $69 million+ in potential...

  • TAC Security | Inside Sales Manager

    2 weeks ago

    india TAC Security Full time

    Key Responsibilities Team Leadership: Manage, mentor, and motivate the inside sales team to achieve individual and team sales targets. Conduct regular training sessions to enhance product knowledge and sales skills. Sales Strategy Development: Develop and implement effective inside sales strategies to increase revenue and market penetration. Monitor and...

  • GSOC - Travel Security Specialist

    4 days ago

    India MAX Security Full time

    Company Profile: Max is Global Risk Management organization based out in Tel Aviv, Israel and its APAC HQ is based out of Mumbai. Led by veterans from Israeli Military Special Forces, Intelligence, Cyber and Secret Services we operate in 160 countries across the globe. We have capabilities in every continent across the world and carry the experience of...

  • GSOC - Travel Security Specialist

    4 days ago

    India MAX Security Full time

    Company Profile: Max is Global Risk Management organization based out in Tel Aviv, Israel and its APAC HQ is based out of Mumbai. Led by veterans from Israeli Military Special Forces, Intelligence, Cyber and Secret Services we operate in 160 countries across the globe. We have capabilities in every continent across the world and carry the experience of 25...

  • GSOC - Travel Security Specialist

    5 days ago

    India MAX Security Full time

    Company Profile:Max is Global Risk Management organization based out in Tel Aviv, Israel and its APAC HQ is based out of Mumbai. Led by veterans from Israeli Military Special Forces, Intelligence, Cyber and Secret Services we operate in 160 countries across the globe. We have capabilities in every continent across the world and carry the experience of 25 +...

  • Inside Sales Manager

    2 weeks ago

    india TAC Security Full time

    Key ResponsibilitiesTeam Leadership:Manage, mentor, and motivate the inside sales team to achieve individual and team sales targets.Conduct regular training sessions to enhance product knowledge and sales skills.Sales Strategy Development:Develop and implement effective inside sales strategies to increase revenue and market penetration.Monitor and analyze...

  • Senior Security Engineer

    1 month ago

    india System Two Security Full time

    System Two Security is looking to hire a Senior Security Engineer with a wide expertise in both offensive and defensive measures in enterprise cybersecurity. The Senior Security Engineer is essential in enhancing development efforts for our flagship threat hunting product, working closely with Data Science and Data teams. This role puts you in a central role...

  • Senior Security Engineer

    1 month ago

    India System Two Security Full time

    System Two Security is looking to hire a Senior Security Engineer with a wide expertise in both offensive and defensive measures in enterprise cybersecurity. The Senior Security Engineer is essential in enhancing development efforts for our flagship threat hunting product, working closely with Data Science and Data teams. This role puts you in a central role...

  • Senior security engineer

    1 month ago

    India System Two Security Full time

    System Two Security is looking to hire a Senior Security Engineer with a wide expertise in both offensive and defensive measures in enterprise cybersecurity. The Senior Security Engineer is essential in enhancing development efforts for our flagship threat hunting product, working closely with Data Science and Data teams. This role puts you in a central...

  • Security Threat Intelligence Specialist

    1 week ago

    India MAX Security Full time

    Company OverviewMAX Security is a global risk management organization based in Tel Aviv, Israel, and its APAC HQ is located in Mumbai. Founded by veterans from the Israeli Military Special Forces, Intelligence, Cyber, and Secret Services, we operate in 160 countries worldwide, providing capabilities on every continent and boasting over 25 years of experience...

  • Senior Security Engineer

    4 weeks ago

    india System Two Security Full time

    System Two Security is looking to hire a Senior Security Engineer with a wide expertise in both offensive and defensive measures in enterprise cybersecurity. The Senior Security Engineer is essential in enhancing development efforts for our flagship threat hunting product, working closely with Data Science and Data teams. This role puts you in a central role...

  • Senior Security Engineer

    3 months ago

    India System Two Security Full time

    System Two Security is looking to hire a Senior Security Engineer with a wide expertise in both offensive and defensive measures in enterprise cybersecurity. The Senior Security Engineer is essential in enhancing development efforts for our flagship threat hunting product, working closely with Data Science and Data teams. This role puts you in a central role...

  • Senior Security Engineer

    3 months ago

    India System Two Security Full time

    System Two Security is looking to hire a Senior Security Engineer with a wide expertise in both offensive and defensive measures in enterprise cybersecurity. The Senior Security Engineer is essential in enhancing development efforts for our flagship threat hunting product, working closely with Data Science and Data teams. This role puts you in a central role...

  • Senior Security Engineer

    3 months ago

    India System Two Security Full time

    System Two Security is looking to hire a Senior Security Engineer with a wide expertise in both offensive and defensive measures in enterprise cybersecurity. The Senior Security Engineer is essential in enhancing development efforts for our flagship threat hunting product, working closely with Data Science and Data teams. This role puts you in a central...

  • Senior Security Data Engineer

    1 month ago

    india System Two Security Full time

    System Two Security is looking to hire a Senior Security Data Engineer who is highly skilled and experienced. This role is pivotal in ensuring the integrity and usability of our data. The ideal candidate will have a strong background in data engineering and cyber security, with the ability to work autonomously on critical projects.ResponsibilitiesGenerate...

  • Senior security data engineer

    1 month ago

    India System Two Security Full time

    System Two Security is looking to hire a Senior Security Data Engineer who is highly skilled and experienced. This role is pivotal in ensuring the integrity and usability of our data. The ideal candidate will have a strong background in data engineering and cyber security, with the ability to work autonomously on critical projects. Responsibilities ...