Cyber Security Engineer

About Company:

• Senior Engineer with a strong background and experience in cloud related technologies and architectures.
• Can design target cloud architectures to transform existing architectures together with the in-house team.
• Can actively hands-on configure and build cloud architectures and guide others.

• 3-5+ years of experience in AWS/GCP or Azure technologies
• Is likely certified on one or more of the major cloud platforms
• Strong experience from hands-on work with technologies such as Terraform, K8S, Docker and orchestration of containers.
• Ability to guide and lead internal agile teams on cloud technology
• Background from the financial services industry or similar critical operational experience
•  

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

• We are looking for a Senior SRE with a proven track record of success leading complex cloud-hybrid environments. You will have:
• Strong sense of Being an Owner, Wearing the Customer Shoes, with the ability to Empower Others demonstrated through clear
• communication and collaboration.
• Skills to work independently with multiple global teams, developing, configuring, deploying, and operating our global infrastructure on AWS and on-prem.
• Operational experience in complex distributed and real-time systems, including experience with SLO/SLAs towards high availability,reliability and DR goals.
• DevOps experience in building tools and frameworks, with an understanding of continuous deployment processes.
• Ability to think at scale, bringing a focus on continuous delivery methodologies from design through deployment and operations.
• Experience building and managing systems with tools including Kubernetes, Chef/Ansible/Puppet, Kafka, Docker, and Terraform.

• 5+ years experience in a Software and/or Site Reliability Engineering role
• Experience writing automation code in GoLang, Python or Java
• Experience developing and operating large scale distributed systems with Kubernetes and Docker
• Experience in running real time and low latency high available applications (Kafka, gRPC, RTP)
• Experience running public cloud environments on AWS
• Experience running hybrid clouds and on-prem infrastructures on Red Hat Enterprise Linux / CentOS
• Bachelor degree in Engineering, Computer Science or equivalent experience
• The ability to lead, partner, and collaborate cross functionally across an engineering organization

• Automate and maintain ML and Data pipelines at scale
• Collaborate with Data Scientists and Data Engineers on feature development teams to containerize and build out deployment pipelines for new modules
• Maintain and expand our on-prem deployments with spark clusters
• Design, build and optimize applications containerization and orchestration with Docker and Kubernetes and AWS or Azure

• 5 years of IT experience in data-driven or AI technology products
• Understanding of ML Model Deployment and Lifecycle
• Extensive experience in Apache airflow for MLOps workflow automation
• Experience is building and automating data pipelines
• Experience in working on Spark Cluster architecture
• Extensive experience with Unix/Linux environments
• Experience with standard concepts and technologies used in CI/CD build, deployment pipelines using Jenkins
• Strong experience in Python and PySpark and building required automation (using standard technologies such as Docker, Jenkins, and Ansible).
• Experience with Kubernetes or Docker Swarm
• Working technical knowledge of current systems software, protocols, and standards, including firewalls, Active Directory, etc.
• Basic knowledge of Multi-tier architectures: load balancers, caching, web servers, application servers, and databases.
• Experience with various virtualization technologies and multi-tenant, private and hybrid cloud environments.
• Hands-on software and hardware troubleshooting experience.
• Experience documenting and maintaining configuration and process information.
• Basic Knowledge of machine learning frameworks: Tensorflow, Caffe/Caffe2, Pytorch

• Max rate $85/hr

• MUST HAVE- Application security covering micro services security and Restful API from technical and business process and architecture. 

• MUST HAVE -Application security, penetration testing, red team tool (optional), development background, Should have done Application vulnerability Assessments.

• GOOD TO HAVE - Infrastructure experience in Azure Cloud OR Microsoft 365 product implementations will be handy , network Architecture n design mostly in Azure space

• GOOD TO HAVE - Enterprise platform – office 365 is plus and such implementation. 

• Experience as a Azure DevSecOps engineer is desired 

• Ability to communicate effectively with senior management as well as highly technical engineers to articulate security positions effectively. 

Roles and Responsibilities

• Extensive experience of 2-5 years in Vulnerability Assessment and Penetration testing, Web Application security.
• An Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, OWASP top 10 issues.
• Must have working experience in OWASP Top 10 Vulnerabilities Testing in Web applications.
• Create policy and standards for developers and testers to secure programming in the organization. (secure code review, static application security testing.
• Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP. Assessing cloud security risk (AWS and Azure) and recommending appropriate security controls.
• Ability to interact with project teams to understand the security requirements and come up with solutions
• Extensive knowledge of managing Web Application Firewall (Product) including rules management and product administration
• Strong understanding of networking concept.

Desired Candidate Profile

• Excellent knowledge of Microsoft Windows operating environments and with special attention to security and hardening issues.
• Able to work independently with minimal supervision.
• Good knowledge of secure software development standard, process, techniques, cloud security policies and tools.
• Keep stakeholders updated with communications and weekly reporting.
• Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
• Excellent communication skills - written, verbal, presentation and interpersonal.
• Willing to learn new skills and implement new technologies.
• Should come with bachelor’s degree in engineering, mathematics or master’s in computer application / programing.