DevOps Engineer

Position: SRE/ DevOps

Experience: 6-10 Years

Location: Bengaluru/Mangalore

CodeCraft Technologies is a multi-award-winning creative engineering company offering design and technology solutions on mobile, web and cloud platforms.

We are seeking a highly skilled and motivated Site Reliability Engineer (SRE) to join our dynamic team. As an SRE, you will play a crucial role in ensuring the reliability, availability, and performance of our systems and applications. You will work closely with the development team to build and maintain scalable infrastructure, implement best practices in CI/CD, and contribute to the overall stability of our technology stack.

Roles and Responsibilities:

·       CI/CD and DevOps:

o  Implement and maintain robust Continuous Integration/Continuous Deployment (CI/CD) pipelines to ensure efficient and reliable software delivery.

o  Collaborate with development teams to integrate DevOps principles into the software development lifecycle.

o  Experience with pipelines such as Github actions, GitLab, Azure DevOps,CircleCI is a plus.

·       Test Automation:

o  Develop and maintain automated testing frameworks to validate system functionality, performance, and reliability.

o  Collaborate with QA teams to enhance test coverage and improve overall testing efficiency.

·       Logging/Monitoring:

o  Design, implement, and manage logging and monitoring solutions to proactively identify and address potential issues.

o  Respond to incidents and alerts to ensure system uptime and performance.

·       Infrastructure as Code (IaC):

o  Utilize Terraform (or other tools) to define and manage infrastructure as code, ensuring scalability, security, and consistency across environments.

·       Elastic Stack:

o  Implement and manage Elastic Stack (ELK) for log and data analysis to gain insights into system performance and troubleshoot issues effectively.

·       Cloud Platforms:

o  Work with cloud platforms such as AWS, GCP, and Azure to deploy and manage scalable and resilient infrastructure.

o  Optimize cloud resources for cost efficiency and performance.

·       Vulnerability Management:

o  Conduct regular vulnerability assessments and implement measures to address and remediate identified vulnerabilities.

o  Collaborate with security teams to ensure a robust security posture.

·       Security Assessment:

o  Perform security assessments and audits to identify and address potential security risks.

o  Implement security best practices and stay current with industry trends and emerging threats.

o  Experience with tools such as GCP Security Command Center, and AWS Security Hub is a plus.

·       Third-Party Hardware Providers:

o  Collaborate with third-party hardware providers to integrate and support hardware components within the infrastructure.

Desired Profile:

·       The candidate should be willing to work in the EST time zone, i.e. from 6 PM to 2 AM.

·       Excellent communication and interpersonal skills

·       Bachelor’s Degree

·       Certifications related to this field shall be an added advantage.

Job Description: SOC Manager

ESSENTIAL RESPONSIBILITIES          

•      Leadership & Team Management: Leads the SOC team providing clear direction, fostering teamwork and collaboration. Regularly assesses the strengths and weaknesses of team members, providing mentoring, coaching, and opportunities for growth. Hands-on execution across operational challenges, making decisive judgments while ensuring high morale and cohesion.

•      Incident Management: Ensures that all security events and incidents are identified, categorized, and responded to promptly and thoroughly. This includes setting up appropriate escalation processes, coordinating between various teams for cross-functional incidents, and ensuring that incidents are closed with comprehensive documentation and lessons learned.

•      Continuous Improvement: Regularly reviews and analyzes the efficiency of the existing operations processes, tools, and protocols. Implement changes based on findings, feedback from the team, and changing threat landscapes. This also involves staying updated with advancements in SOC technologies and methodologies.

•      Technology Management: Oversees the implementation, configuration, and continuous tuning of various security tools, including the client’s Security Platform.

•      Training and Development: Designs and implements a continuous training plan for the existing and new SOC team members, ensuring they have the latest skills and knowledge and are onboarded and productive as quickly as possible. This also involves organizing periodic simulation exercises (like red teaming) to test and improve incident response capabilities.

•      Reporting: Establishes a comprehensive reporting framework that offers insights into the SOC's performance. This includes metrics on incident volumes, response times, and resolution success rates.

These reports should be presented to stakeholders clearly, actionable, highlighting successes and areas for improvement.

REQUIRED EXPERIENCE

•      Minimum of 6+ years in cybersecurity roles with at least 3 years in a SOC leadership position.

Experience in an MSSP or a large-scale global SOC is highly preferred.

•      Experience in actively managing the lifecycle of security incidents.

•      Strong knowledge and familiarity with major cloud provider technologies (AWS, Azure, etc.)

•      Solid understanding of networking protocols and infrastructure designs, including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.

•      Experience with virtualization technologies (VMware, Microsoft Hyper-V).

•      Experience with the following tools and technologies:

–     Security Information and Event Management (SIEM)

–     Intrusion Detection & Prevention (IDP) 

–     Endpoint Detection & Response (EDR)

–     Network Detection & Response (NDR)

–     Network Analysis tools - Wireshark, tcpdump, etc. 

–     Scripting in Python, Bash, PowerShell

•      Experience in regulated environments such as HIPAA or PCI preferred.

•      Strong governance skills in time management, project management, and stakeholder management.

•      Excellent communication skills, with ability to lead security-reviews with clients; keep stakeholders appraised of key issues/risks/incidents.

PREFERRED CERTIFICATIONS

•      CISSP – Certified Information Systems Security Professional

•      CISM – Certified Information Security Manager

•      OSCP – Offensive Security Certified Professional

•      CEH – Certified Ethical Hacker

•      GSEC – SANS GIAC Security Essentials

•      CompTIA – Security

OTHER REQUIREMENTS

·      Flexibility of schedule is required to meet the demands of the position.

·      This role requires to work in shifts (including night shift) and support clients in North America.

Role & Responsibilities

• Application Architecture: Design and implement application environment
• Manage the configuration and operation of client-based (on-premise) computer operating systems
• Monitor the system daily and respond immediately to security or usability concerns
• Create and monitor the disaster recovery (DR) of all servers.
• Respond and assign a team to resolve help desk requests
• Monitor and maintain server functionality and security issue.
• Administrate infrastructure, including firewalls, databases, malware protection software and other processes
• Automation configuration management using either Ansible, Puppet, Chef or an equivalent
• Manage and administer servers, networks, and applications such as DNS, FTP, and Web servers.
• Troubleshoot in-house network issues and fix them.
• Provide solutions to complex problems on the integration of various technologies
• Design plans as well as lead initiatives for the optimization and restructuring of network architecture
• Monitor the environmental conditions of a data center and cloud servers to ensure they are optimum for servers, routers, and other devices
• Collaborate with IT handlers, sales, and data center managers to develop an action plan for improved operations
• Conduct inspections on power and cooling systems to ensure they are operational and efficient
• Resolve operational, infrastructure or hardware incidents in a data center and cloud servers.
• Monitor and maintain company assets
• Infra-team management and skills enhancement (training) plans and execution

Skills

• In-depth knowledge of the Linux Operating System
• Expertise in Shell and/or Python scripting
• In-depth knowledge of any of the CI/CD tools like Jenkins/GitLab etc.
• Basic knowledge of monitoring tools like Zabbix/ Nagios etc.
• Expertise in any one of the cloud providers like AWS, Google Cloud, Microsoft Azure and other cloud solution providers
• Strong experience with SQL and MySQL
• A working understanding of code and script (PHP, Python, Angular and NodeJS)
• Ability to use a wide variety of open-source technologies
• Knowledge of best practices and IT operations
• Basic experience with VMware
• Advanced knowledge of system vulnerabilities and security issues

Job Responsibilities:

Experience: 8 Yrs to 12 Yrs

1. Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
2. Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
3. have done any submission on Bug crowd or Bug Bounty.
4. have developed tools or scripts for web pen test on GitHub.
5. Certified on OSCP
6. Threat Modeling
7. Network scan in stealth mode or simple scan using Nmap and Burp suite

Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.

Developing different ways to solve the existing threats and security issues.

Configuring and implementing intrusion detection systems and firewalls.

Security product development, testing, and implementation.

Responsible for security technology research, penetration testing, and vulnerability scanning.

Please follow the below inputs.

The shift will starts from 03:00 PM to 12 AM (fixed for few months),

OSCP certification(Not mandatory, preferable)

Below are the primary key skills:

Total Application Security Experience:

Total Security Architecture Experience:

IOT(optional)

MOBILE

WEB

AWS(Mandatory)

NETWORKING

THREAT MODELS

Responsibilities:

The Senior Information Security Engineer is responsible for the implementation, execution and maintenance of technology solutions to mitigate risk, to protect the IT and Engineering environments by reducing the probability of, and to minimize the effects of, damage caused by malware, malicious activities and security events.

The individual will help protect the company by deploying, tuning, and managing security tools across the computing environment, as well as provide security incident response cycle support. They should have a passion and skills for identifying the latest cyber threats. The individual will:

Basic Qualifications

• Working knowledge of infrastructure-as-code and CI/CD pipelines tools (i.e. Jenkins, Teamcity, CircleCI etc..)
• Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security controls while constantly identifying areas of needed improvement
• Deep hands-on security experience with cloud providers, such as AWS, GCP, Azure
• Understanding of automated security testing approaches and tools
• Experience with proactive integration of security into the development process
• Lead continuous improvement efforts of out security tools and systems (Concertation on SIEM, IDS, EDR Tools)
• Work with our customers (Security Operations, Incident Response, and Product teams) to incorporate high quality security alerting into their operational workflows
• Improve overall security practitioner efficiency through process automation
• Foster and promote collaboration among all members of the IT, Infrastructure, and Risk Management Departments.

Minimum Qualifications/Requirements

• BS or MS in Computer Science or related field
• Minimum 7+ years of cybersecurity experience
• Must have previous experience performing threat hunting and incident response duties using SIEM tools, cybersecurity management consoles, and ticketing systems
• Experience in deployment, development, and maintenance of SIEM
• Experience writing and using Ansible server administration scripts, and create simple Python, BASH, or Powershell scripts to automate cybersecurity functions
• Scripting experience to automate security operations, alerting, and compliance checks, CI/CD design, deployment, and management
• Experience with managing endpoint response and detection infrastructure and endpoints at the enterprise level, including performing upgrades to the back end application and deploying new agent versions to endpoints
• Understanding the investigative process and performing triage for cybersecurity incidents
• Experience maintaining industry leading security technologies or infrastructure systems in complex technical IT operations environment
• Must be detail-oriented and organized with ability to handle competing demands while meeting deadlines
• Experience in authentication protocols and frameworks to include OAuth, and AWS IAM
• Proactive and motivated; team player with a positive can-do attitude
• Strong analytical/problem-solving skills and cross-functional knowledge across multiple IT operational and security disciplines
• Ability to communicate technical concepts to a broad range of technical and non-technical staff
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

1. API
2. AWS