Fynd is India’s largest omnichannel platform and multi-platform tech company with expertise in retail tech and products in AI, ML, big data ops, gaming+crypto, image editing and learning space. Founded in 2012 by 3 IIT Bombay alumni: Farooq Adam, Harsh Shah and Sreeraman MG. We are headquartered in Mumbai and have 1000+ brands under management, more than 10k stores and servicing 23k + pin codes.
We're looking for a Security Audit Compliance/Cyber Security Auditor to join our Engineering Team. The team builds products for 10M+ Fynd users and internal teams. Our team consists of generalist engineers who work on building modern websites (SPA & Isomorphic), mobile apps for Android & iOS, REST APIs and servers, internal tools, and infrastructure for all our users.
What will you do at Fynd?
- Updates job knowledge by participating in educational opportunities like reading professional publications, maintaining personal networks, and participating in professional organizations.
- Meets work standards by following production, productivity, quality, and customer-service standards; resolving operational problems; and identifying work process improvements.
- Ensures compliance with regulations and controls by examining and analyzing records, reports, operating practices, and documentation; and recommending opportunities to strengthen the internal control structure.
- Provides business-specific interpretations and supports automation opportunities while working with DevOps teams.
- Establishes credibility and maintains good working relationships with groups involved with payment security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).
- Collaborate with Compliance Specialists and business/service teams to understand and validate assessment scope.
- Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity.
- Responsible for building and influencing security as a core competency throughout our relationships with internal teams/partners/vendors; this includes providing education and training to the organization.
- Delivers recommendations and risk interpretations in a clear, concise and audience-specific format
- Engages with the Business and SMEs to ensure compliance to information security policies
- Supports ad-hoc data analysis requests
- Analysis of historical data to identify trends and insights
- Leads the creation, implementation, monitoring, and maintenance of security Policies and Standards
Some specific Requirements:
- Professional auditing qualification like ISO Lead Auditor with 3+ years in third party contractor underwriting or supplier vetting.
- Strong communication and multitasking skills
- A keen eye for detail
- 4+ years of relevant industry experience including information assurance, data privacy and compliance in healthcare domains.
- 3+ years of information security governance, audit, risk management or related client service or consulting experience.
- Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
- Technical knowledge and familiarity with information security standards.
- Related security control and compliance experience in various frameworks including: HIPAA, HITRUST, PCI DSS, GLBA, ISO, NIST, etc.
- CISSP, CISA, CISM, CIPP, CEH and/or other comparable security controls or audit certifications preferred.
- Experience with service-oriented architectures and web services security.
Subodh Popalwar
Software Engineer, Memorres
About Fynd
Fynd, India’s largest omni channel platform and multi-platform tech company, pioneers retail tech and products in AI, ML, big data ops, gaming+crypto, image editing, and the learning space. Founded in 2012 by three IIT Bombay alumni: Farooq Adam, Harsh Shah, and Sreeraman MG, Fynd is headquartered in Mumbai. With over 1000 brands under management, more than 10k stores, and servicing 23k+ pin codes, Fynd collaborates with major retail giants like Reliance, working on projects for Jio, Reliance Retail, and Reliance Digital, among others
Similar jobs
Docker
Kubernetes
Amazon Web Services (AWS)Fynd is India’s largest omnichannel platform and multi-platform tech company with expertise in retail tech and products in AI, ML, big data ops, gaming+crypto, image editing and learning space. Founded in 2012 by 3 IIT Bombay alumni: Farooq Adam, Harsh Shah and Sreeraman MG. We are headquartered in Mumbai and have 1000+ brands under management, more than 10k stores and servicing 23k + pin codes.
We're looking for an SDE I/ SDE II- DevSecOps to join our Engineering Team. The team builds products for 10M+ Fynd users and internal teams. Our team consists of generalist engineers who work on building modern websites (SPA & Isomorphic), mobile apps for Android & iOS, REST APIs and servers, internal tools, and infrastructure for all our users.
What will you do at Fynd?
- Build a Culture around Security Engineering at Fynd</li><li>Ensure that a healthy security posture is maintained by continuously assessing/monitoring perimeter as well as internal security posture.
- Identify, integrate, monitor, and improve InfoSec controls by understanding business processes.
- Drive a DevSecOps culture in the organization by implementing shift left security culture.
- Conduct security reviews, auditing, penetration testing, risk assessments, vulnerability assessments, threat modeling.
- Install, configure, manage, and maintain mission-critical enterprise applications such as AV, patching, SIEM, DLP, log management and other technical controls. Troubleshoot security system and related issues
- Should have good understanding in working on CSPM
- Should have good understanding in different Services of AWS & GCP, Also need someone who should know DNS.
- Improve Cloud, Application ,Kafka, Database security posture and Kubernetes security using CI/CD Understand by regular gap assessment, Provide support in detection and mitigation of cyber security vulnerability and incidents for Cloud
- Run security automation tools for periodic scans - SAST, DAST, Infrastructure scanning, Compliance check
- Adhere to OWASP guidelines and bring the OWASP maturity model at organisation level.
- Strong understanding of network concepts including TCP/IP, HTTP and TLS, DDoS detection/prevention, and network and host anomaly detection through both automated (NIDS/HIDS) and manual means.
- A good knack for automating infrastructure security as much as possible
Some specific requirements
- Need to have a professional experience of at least 3-4 years acquired in monitoring and improving DevSec Ops tools and processes
- Extensive knowledge in assurance tools such as Fortify, OWASP ZAP, Sonarqube, Open source automation tools and their integrations into CI/CD cycles.
- Understanding of Zero Trust policy and its implementation.
- Identify security weakness across multiple programming languages like Python, Node JS, Java, Go, Javascript, HTML etc
- Participate in incident handling and other related duties to support the information security function.
- Ability to drive security automation and DevSecOps within engineering life cycle, as well as vulnerability/bug remediation
- Good to have audit experience across compliance certifications like ISO 27001/ISMS/PCI DSS / SoC 2
- Experience in Kubernetes Infra, Cloud deployment technologies - AWS, GCP
KubernetesDockerAmazon Web Services (AWS)Contract Review and Lifecycle management is no longer a niche idea. It is one of the fastest growing sectors within legal operations automation with a market size of $10B growing at 15% YoY. InkPaper helps corporations and law firms optimize their contract workflow and lifecycle management by providing workflow automation, process transparency, efficiency, and speed. Automation and Blockchain have the power to transform legal contracts as we know of today; if you are interested in being part of that journey, keep reading!
InkPaper.AI is looking for passionate DevOps Engineer who can drive and build next generation AI-powered products in Legal Technology: Document Workflow Management and E-signature platforms. You will be a part of the product engineering team based out of Gurugram, India working closely with our team in Austin, USA.
If you are a highly skilled DevOps Engineer with expertise in GCP, Azure, AWS ecosystems, and Cybersecurity, and you are passionate about designing and maintaining secure cloud infrastructure, we would love to hear from you. Join our team and play a critical role in driving our success while ensuring the highest standards of security.
Responsibilities:
- Solid experience in building enterprise-level cloud solutions on one of the big-3(AWS/Azure/GCP)
- Collaborate with development teams to automate software delivery pipelines, utilizing CI/CD tools and technologies.
- Responsible for configuring and overseeing cloud services, including virtual machines, containers, serverless functions, databases, and networking components, ensuring their effective management and operation.
- Responsible for implementing robust monitoring, logging, and alerting solutions to ensure optimal system health and performance
- Develop and maintain documentation for infrastructure, deployment processes, and security procedures.
- Troubleshoot and resolve infrastructure and deployment issues, ensuring system availability and reliability.
- Conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential threats.
- Implement security controls and best practices to protect systems, data, and applications in compliance with industry standards and regulations
- Stay updated on emerging trends and technologies in DevOps, cloud, and cybersecurity. Recommend improvements to enhance system efficiency and security.
An ideal candidate would credibly demonstrate various aspects of the InkPaper Culture code –
- We solve for the customer
- We practice good judgment
- We are action-oriented
- We value deep work over shallow work
- We reward work over words
- We value character over only skills
- We believe the best perk is amazing peers
- We favor autonomy
- We value contrarian ideas
- We strive for long-term impact
You Have:
- B.Tech in Computer Science.
- 2 to 4 years of relevant experience in DevOps.
- Proficiency in GCP, Azure, AWS ecosystems, and Cybersecurity
- Experience with: CI/CD automation, cloud service configuration, monitoring, troubleshooting, security implementation.
- Familiarity with Blockchain will be an edge.
- Excellent verbal communication skills.
- Good problem-solving skills.
- Attention to detail
At InkPaper, we hire people who will help us change the future of legal services. Even if you do not think you check off every bullet point on this list, we still encourage you to apply! We value both current experience and future potential.
Benefits
- Hybrid environment to work from our Gurgaon Office and from the comfort of your home.
- Great compensation package!
- Tools you need on us!
- Our insurance plan offers medical, dental, vision, short- and long-term disability coverage, plus supplemental for all employees and dependents
- 15 planned leaves + 10 Casual Leaves + Company holidays as per government norms
InkPaper is committed to creating a welcoming and inclusive workplace for everyone. We value and celebrate our differences because those differences are what make our team shine. We hire great people from diverse backgrounds, not just because it is the right thing to do, but because it makes us stronger. We are an equal opportunity employer and does not discriminate against candidates based on race, ethnicity, religion, sex, gender, sexual orientation, gender identity, or disability
Location: Gurugram or remote
DockerKubernetesAmazon Web Services (AWS)Company Introduction :
My Next Developer is a global network of top talent in business, design, and technology that enables companies to scale their teams, on-demand.
We take the best elements of virtual teams and combine them with a support structure that encourages innovation, social interaction, and fun. We see no borders, move at a fast pace, and are never afraid to break the mold.
Job Responsibilities
- Ensure security in the development activities.
- Implement risk management techniques and threat modeling.
- Implement infrastructure automation, monitoring and alerts as part of ISO 27001 and SOC 2 certifications.
- Collaborate with internal teams to produce the best security solutions
Minimum requirements :
- Bachelor's/Master's degree in degree in computer science, cybersecurity, engineering, or equivalent degree.
- 3+ years of experience as a DevSecOps engineer.
- Proficiency in back-end technologies such as NodeJs or Python.
- Expertise in using DevOps tools like GitHub, dependency management, and CI/CD.
- Profound knowledge of AWS cloud, DevOps culture and automation tools.
- Fluent in both spoken and written English communication.
- Ability to work full-time (40 hours/week) with a 2-3 hour overlap with European time zone.
- Stay up-to-date on cybersecurity threats and follow the best practices.
- Previous project experience related to ISO 27001 and SOC 2 certifications.
Follow CutshortSubodh Popalwar
Software Engineer, Memorres