Senior Security Engineer

• Bangalore, India
• Posted 2 years ago

Senior Security Engineer

VIMAAN is looking to hire a talented senior security engineer to join our exceptional engineering team developing the next generation of information systems for the warehouse. You will work with cross-functional teams, plan, and work on security threats identification, prevention and mitigation. You will define, implement and test security strategies, report on incidents, keep track of the status of network and system security, and raise security awareness amongst employees.

Scope of work will span the breadth of product development and deployment. You will ensure that the product, its development, its deployment, and integration into the infrastructure are not vulnerable to security risk while complying with contemporary security guidelines. You will also be responsible for interfacing with third parties to conduct threat assessments and implement corrective actions. You will be responsible for meeting specific industry InfoSec guidelines, standards and regulations, such as medical or government, and driving product compliance.

You will thrive in this role if you are curious, innovative, relish complexity, pay attention to detail, and work to make things a little better every single day. We expect you are smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, reach out for the start of a great journey together.

Senior Security Engineer Responsibilities

• Own VIMAAN's information security strategy
• Establish Vimaan IT security policies, processes, and best practices as part of SDLC, to ensure product and infrastructure security.
• Conduct vulnerability assessments and penetration tests to identify security gaps (APIs, network infrastructure, …).
• Lead threat modeling exercises, with third parties, to expose security risk, and drive remediation with team members.
• Maintain (install, configure and use) Vimaan security devices, tools and software, such as firewalls, IDS, IPS and data encryption solutions.
• Lead incident response activities, investigations into potential breaches, report on findings, develop and implement remediation plans.
• Design, implement and manage security features in Vimaan product (Multi-Factor Authentication, data encryption in transit and at rest…)
• Perform code reviews ensuring implementation of security best practices.
• Ensure compliance with industry security standards and regulations, such as medical or government.
• Continually research the current threat landscape and state of the art.
• Track third party software security and keep updated for security patches and upgrades.
• Collaborate with the IT Network consultant/engineer to establish network security measures.
• Collaborate with DevOps for deployment of software updates and security patches.
• Collaborate with IT staff and system administrators to monitor networks and systems for security breaches or intrusions.
• Collaborate with clients and internal teams to address security concerns.
• Raise information security awareness in product development teams.
• Develop scripts to automate security related work.
• Establish and maintain thorough and accurate documentation of all work.
• Enforce best-practices to ensure security compliance in a cross-functional environment.

Senior Security Engineer Qualifications

• Bachelor's of Computer Science or equivalent degree
• 8+ years of experience as System Security Engineer or Information Security Engineer
• Thorough understanding of the latest security and data protection principles, techniques, and protocols
• Experience designing and implementing secure networks, systems, and application architectures
• Experience with securing web technologies including web applications, Web Services, Microservices
• Experience with securing Linux systems and databases such as Postgres
• Knowledge of TCP/IP networking protocols, HTTPS, REST, SSH, TLS, and experience securing them
• Experience with Identity Management, authentication and SSO methods, LDAP, Active Directory, OpenID, OAuth, and Role Based Access Control
• Experience with data encryption and knowledge of encryption algorithms
• System administration experience including Linux, network and database administration
• Expertise in scripting using shell scripts, Python, Perl or similar languages
• Knowledge of risk assessment tools, technologies, and methods
• Experience with Software Composition Analysis and Vulnerability Assessment
• Experience in designing, implementing, configuring, and managing security by using firewalls, network monitoring tools, intrusion detection systems, anti-virus software, authentication systems, log management systems, content filtering, etc.
• Experience with SAST and DAST tools and integrating them into DevSecOps
• Experience with code reviews using OWASP Top 10 and MITRE CWE Top 25 and training team on secure coding methodologies
• Experience with ISO27001 and SOC2 compliance, audit and certification, and with other industry guidelines, regulations and standards such as NIST, DISA, CPRA, GDPR, etc.
• Ability to collaborate effectively with fellow team members
• Strong written and verbal communication skills

How to Stand Out

• Experience with configuring and monitoring security and data protection in Cloud systems using provider tools such as those provided by AWS, Azure and GCP
• Security certifications such as CISSP, CISA, CISM, CEH, or similar
• Knowledge of data protection and disaster recovery, and experience with related technologies and methods
• Understanding of tactics used by APT and other threat groups, and knowledge of computer forensic tools
• Experience in Developing a SecureDevOps for an AI/ML product
• Self-motivated and self-managed
• You are someone that others enjoy working with due to your positive attitude and technical competence
• Pragmatic approach to solving problems and collaboration
• Open-minded, passionate, but not ideological
• Biased towards automation and ensuring "it just works"
• Team-first attitude motivated by helping team members succeed