Senior Security Engineer

Qualifications:

Bachelor's or master's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent work experience).

Requirements:

Minimum 8+ years of experience in Cybersecurity Engineer or a similar role with a good hands-on experience on the list of tech stack as listed in the responsibilities section. We are looking for someone who is well-versed with security
[Pen-testing, Perimeter security, API Security, Threat modeling, Antivirus / Malware detections & protections, App & Infra. Security Practices & Architecture etc.] . Additionally, if you are certified on any of the technologies, we would love to see you prove it with your detail-oriented problem-solving skillset and knowledge of the products.

Roles & Responsibilities:

1. Oversee the design, implementation, and management of security infrastructure, ensuring the confidentiality, integrity, and availability of systems and data.
2. Knowledge of TCP/IP, the OSI model, DNS, VPN, routing & switching, and load balancer technologies for virtual and physical networks.
3. Hands-on experience of threats includes common attack vectors, methodologies, and payloads/exploits.
4. Ability to support, assist in implementing and administrating security solutions, e.g., firewalls, proxies, WAFs, DLP, malware detection/EDR, etc.
5. Operational experience with security logging, event correlation, and SIEM technologies.
6. Operational experience configuring and managing virtual and cloud-based environments.
7. Develop and implement incident response plans to address security incidents promptly and effectively.
8. Experience in evaluating and implementing industry-leading third-party security tools and software.
9. Lead investigations into security breaches, vulnerabilities, and incidents, providing detailed reports and recommendations.
10. Administer and enhance Privileged Access Management solutions, ensuring secure access controls and monitoring privileged accounts.
11. Extensive experience in Perimeter security, API Security, Pen testing, Threat Modeling, Security Testing and Auditing.
12. Must have experience in managing Antivirus / Malware detections & protection solutions. Experience in managing the AWS security services such as AWS Inspector, AWS Guard duty, AWS WAF & Shield, Firewall manager etc. Good experience in managing the perimeter firewall within AWS accounts, involving the implementation and administration of robust security measures. Implement and optimize security controls for cloud-based applications and infrastructure.
13. Design and maintain secure network architectures, including firewalls, VPNs, and network segmentation.
14. Assess and enhance the security of web and application servers (e.g., Apache, Nginx, Tomcat) and implement incident response procedures.
15. Sound knowledge of OS baselining for vulnerability assessment & patching using industry best practices and tools, including expertise in Security Information and Event Management (SIEM) for comprehensive threat detection and response.
16. Good to have knowledge of finding and patching vulnerabilities in Dependencies, Docker file, Images, K8s Resources.
17. Expert in handling SAST & DAST tools to uncover vulnerabilities in the code and work out to remediate it and to design & implement secure software development lifecycle solutions based on various tools.
18. Define secure software development lifecycle for various projects and teams with proper software supply chain security standards.
19. Define applications security architecture elements and assist with KPIs and KRIs related to security in applications.
20. Work with senior management on defining roadmaps, needs, and providing short and midterm forecasting.
21. POC of the overall DevSecOps lifecycle to showcase the benefits it brings to an organization.
22. Experience with OWASP Testing Guide v3 / 4 and OWASP TOP 10.
23. Knowledge of securing APIs & experience in Web & Mobile applications, micro-services, and common vulnerabilities. Demonstrate written and verbal communication skills, as well as the ability to work with multiple teams and stakeholders.
24. Familiarity with Jira and Confluence or any similar tools.
25. Understanding of NIST and CIS frameworks.
26. Understanding of compliance areas including controls for SOC2, ISO, PCIDSS and GDPR, etc.