Security Architect

About Darwinbox:
Darwinbox is Asia's fastest-growing HR technology platform, designing the future of work by building the world's best HR tech, driven by a fierce focus on employee experience and customer success, and continuous, iterative innovation. We are the preferred choice of 1000+ global enterprises to manage their 4 million+ employees across 130+ countries.

Darwinbox's new-age HCM suite competes with local as well as global players in the enterprise technology space (such as SAP, Oracle, and Workday). The firm has acquired notable customers ranging from large conglomerates to unicorn start-ups: Nivea, Starbucks, DLF, JSW, Adani Group, Crisil, CRED, Vedanta, Mahindra, Glenmark, Gokongwei Group, Mitra Adiperkasa, EFS Facilities Management, VNG Corporation, and many more.

Our vision of building a world-class product company from Asia is backed by marquee global investors like Microsoft, Salesforce, Sequoia Capital, TCV, KKR, and Partners Group.

Why Join Us?

The rate at which our product and market presence are growing is unprecedented. We're a Rocketship. We're not planning on slowing down anytime soon. And, that's why we need you You'll experience a culture of:

• Disproportionate Rewards for top performance
• Accelerated Growth in a hyper-growth environment
• Wellbeing First culture focused on employee care
• Continuous Learning and professional development
• Meaningful Relationships and a Collaborative Environment

Role Overview:
We are seeking a highly skilled and experienced Security Architect with a strong background in offensive security. The ideal candidate will be responsible for building and leading a red team, ensuring the security of our SaaS platform, IT infrastructure, and cloud environments. This role requires a proactive approach to identifying and mitigating security risks, along with a deep understanding of the latest security threats and technologies.

Responsibilities:
Offensive Security:

• Conduct advanced penetration testing and vulnerability assessments on our systems.
• Develop and execute red team exercises to identify and address security weaknesses.
• Simulate real-world attacks to test and improve the resilience of our security measures.

Red Team Development:

• Build, lead, and mentor a team of security professionals focused on offensive security.
• Develop and implement red team strategies, methodologies, and tools.
• Collaborate with other teams to integrate red team findings into the overall security posture.

SaaS Security:

• Design and implement security measures to protect our SaaS platform.
• Ensure compliance with industry standards and regulations.
• Perform continuous monitoring and improvement of security controls.

IT and Cloud Security:

• Oversee the security of IT infrastructure, including networks, servers, and endpoints.
• Implement and manage security measures for cloud environments (AWS, Azure, GCP).
• Ensure secure configuration and management of cloud services.

Tool Development and Integration:

• Develop and maintain security tools to automate threat detection, response, and remediation.
• Integrate security tools and systems for comprehensive monitoring and protection.
• Prepare our systems for global scale and protect against evolving cyber threats and zero-day attacks. SOC Management:
• Support and manage a 24/7 Security Operations Center (SOC) monitoring team.
• Ensure continuous monitoring of security events and incidents.
• Develop and maintain incident response protocols and procedures.

Collaboration and Communication:

• Work closely with development, operations, and IT teams to ensure security is integrated into all aspects of our technology stack.
• Communicate security risks and recommendations to stakeholders at all levels.
• Develop and deliver security training and awareness programs for employees.

Requirements:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• At least 5 years of experience in offensive security, penetration testing, or a similar role.
• Proven experience in building and leading red teams.
• Strong knowledge of SaaS security, IT infrastructure security, and cloud security.
• Familiarity with security frameworks and standards (e.g., NIST, ISO 27001, OWASP).
• Hands-on experience with AI security and understanding of AI/ML security threats.
• Proficiency in coding and scripting languages (e.g., Python, Java, C++) for developing security tools and automation.
• Experience in managing a 24/7 SOC monitoring team.
• Excellent problem-solving skills and the ability to think like an attacker.
• Strong communication and leadership skills.
• Relevant certifications such as OSCP, OSCE, CEH, CISSP, or similar are preferred.