Roles and Responsibilities
- Keeping up with the state of the art in application security, operational security, and DevSecOps, helping developers build software securely throughout the complete software development lifecycle.
- Enhance the security posture of company's platforms and applications, securing production and pre-production services running on Kubernetes.
- Evangelize intelligent security solutions and mitigations that categorically solve classes of vulnerabilities by addressing their root causes.
- Continue to learn new technology and business processes and apply an offensive (“red team”) security mindset to them to discover vulnerabilities and drive improvements.
- Hunt for and identify threats and vulnerabilities which impact software and infrastructure.
- Continuously improve the systems and algorithms which are used to identify potential indicators of compromise.
- Apply common information security frameworks and standards utilized in the industry to understand requirements and best practices as they apply to software.
- Leading independent third-party vendors through security assessments, such as penetration testing, social engineering, and compliance.
- Implement and maintain the security tooling.
Desired Candidate Profile
- Experience securing virtualized workloads, containerized services, and platforms like Kubernetes at scale in production on public clouds, preferably with both Linux and Windows workloads.
- Experience securing AWS, (or e.g., Azure, GCP) cloud infrastructure and security-focused services such as AWS KMS, Cloud HSM, Encryption SDK, IAM, and STS.
- Development and administration experience on Linux environments with distributions like Debian and Ubuntu.
- Broad, adaptable programming experience across modern languages like Java/Python/PHP/Ruby/Go/Groovy/C/C++.
- Deep understanding of web technologies such as HTTP, TLS, REST, and services such as Nginx and HAProxy.
- Experience with tooling and systems for build, infrastructure automation, and monitoring, such as Docker, Jenkins, Terraform, Datadog, JFrog, and Sumologic.
- Good knowledge of security principles at all layers of the OSI stack.
- Blue and/or red team experience is highly valued.
- Experience in implementing security controls or have helped achieve security certifications for business: ISO, SOCII, GDPR, etc.
- Self-driven, proactive, and inquisitive, identifying pragmatic solutions to complex technical and security process challenges.
- Strong technical knowledge and the ability to apply that knowledge to prevent, detect, and contain security events.
- Ability to not only use security tools, but to implement them in diverse and heterogeneous environments, such as those containing a mix of workloads across discrete VMs, orchestration tools like Kubernetes or Mesos, and on-premise or cloud-native infrastructure.
- Good verbal and written communication skills
- Strong orientation towards delivering results incrementally.
- Experience: Minimum 6 years of combined experience within at least two of the three disciplines: data security, application security, and/or cloud infrastructure security/engineering
- Education: BS/MS in Computer Science or equivalent experience.
Role:System Security Engineer
Salary: Not Disclosed by Recruiter
Functional Area:IT & Information Security
Role Category:IT Security
Employment Type:Full Time, Permanent
UG:B.Sc in Computers,B.Tech/B.E. in Any Specialization