Requirements & Qualifications :
- 7+ years of experience supporting high-volume, consumer-facing websites working with a mix of
back-end and client-side technologies.
- Extensive security policy and procedure development
- Extensive experience utilizing scanning and assessment tools such as – Nessus, OpenVAS, Burp
Suite, Cloudflare Security Tool Suite
- system and application security monitoring and logging
- Defining and carrying out incident response procedures
- Google Cloud Platform (GCP) services, such as Compute Engine, App Engine, Cloud Storage,
Cloud SQL, and BigQuery
- Deployment and management of applications on GCP
- Infrastructure as code tools, such as Terraform and CloudFormation
- Amazon Web Services (AWS) services, such as EC2, S3, RDS, and Elastic Beanstalk
- Deployment and management of applications on AWS
- Infrastructure as code tools, such as Terraform and CloudFormation
- Extensive experience using tools such as Jenkins, Puppet, Chef, or Ansible.
- Experience with PHP and WordPress a must
- Expert level skills using Node.js and supporting technologies
- Expert level skills in React, Angular, JavaScript, TypeScript, and HTML.
- Proficiency working with SQL and NoSQL databases.
- You have a sound grasp on OOP concepts, data structures and algorithms, design patterns and
unit testing.
- Proficiency working with compiled languages such as java, and c#. You should be adept at
- working on applications and restful services that handle millions of requests a day.
- You understand distributed computing architectures.
- You have a disciplined approach to writing unit and integration tests.
- Excellent communication skills and a strong desire to work in a collaborative environment
- You have good working knowledge of relational and non-relational databases (e.g.,
MySQL/Postgres, Cassandra/ElasticSearch).
- Experience with GitHub, minification tools, and more.
- Well-organized, responsible, and dedicated, with the ability to work on multiple projects and
deliver high-quality products quickly.
- Self-learning, able to learn new tools quickly and work in a fast-evolving environment.
- Bachelor’s Degree in computer science or data and code security related field.
- You are rigorous in software design life cycle best practices (design docs, code reviews, support,
Sprint planning, Agile methodologies).
Similar jobs
About Syfe
Syfe is a digital investment platform with a mission to empower people to grow their money confidently and choose the future they want to live in. Built on the pillars of advice, access, and innovation, we cater to the full spectrum of an individual's wealth needs across diversified proprietary portfolios, cash management solutions, and a state-of-the-art brokerage.
The Syfe team combines world-class financial expertise with best-in-class technology talent. Excellence in execution is in our DNA and we offer equity ownership to all employees regardless of seniority and designation.
We are regulated by the financial authorities across Singapore, Hong Kong, and Australia. In Singapore alone, where we are headquartered, over 100,000 investors trust Syfe to grow their wealth.
Since its founding, Syfe has raised the US $52.4 million from world-class investors. The company has won multiple awards including Wealth Management Fintech of the Year by the Asian Banking and Finance Awards 2022, as well as being recognized as one of the Top LinkedIn Startups in Singapore 2022.
Find out more about us at www.syfe.com.
Press links - Bloomberg , Business Times , TechCrunch
Who are we:
While we are a diverse set of people, we value the following core traits:
- Fast learning: We often require learning new tools and technologies. We believe in adopting them if they are particularly well suited for our problems, instead of limiting ourselves to what we already know. However, we are always short of time and therefore have to learn fast.
- Versatility: While each one of us has a core skill, we possess at least one secondary skill as well. Apart from allowing the team to be fluid, it also helps us understand how all pieces (frontend, database, network, servers, etc.) fit together.
- Madness about quality: Put together, individual lines of code should be robust, scalable, high-performance, fault-tolerant, and most importantly, beautiful software. We also stay up-to-date with the latest in the world of software to make ourselves better.
- Passion: To try out new ideas and iterate on existing product features, and love experimenting with new technology if it's right for the job. Because not only do we ride the cutting edge, we make it happen.
- Collaboration: We believe that engineering is a continuous process of learning and improvement and that the best way to learn is by getting help from your fellow engineers. Coding is more fun when you do it together and appreciate the feedback.
We are seeking a Backend Engineer to develop and own state-of-the-art products that help bring people closer to their financial goals. As we build and scale Syfe over the next few years, our product and engineering team is growing and it is the perfect time to join the team at an early stage and create an impact within and outside the organization.
Responsibilities:
- Vulnerability Assessment & Penetration Testing against Web applications, Mobile applications(Android+iOS ), and Infrastructure.
- Vulnerability management adhering to ISMS policy and regulatory compliance.
- Document TTP (Techniques,, Tactics and Procedures) used during a security assessment
- Hands-on experience with SAST, DAST, and open-source vulnerability management tools
- Coordinate with various technology stakeholders to discuss identified vulnerabilities and assist the engineering team in planning for risk mitigation.
- Active participation in planning and implementation of new security benchmarks across the organization.
- Understanding of CI/CD pipeline and associated technologies.
- Hands-on experience in DevSecOps and security automation.
- Experience working in collaboration with product managers and software engineering teams to improve security throughout SDLC.
- Experience conducting application security reviews, API design, code reviews, root cause analysis, and system architecture.
- Experience working with modern cloud-based microservice architectures or cloud security(AWS)
- In-depth understanding of AWS security eco-system including IAM, Security Groups, NACL, CloudTrail, VPC flow log, CloudConfig, Encryption, Inspector, System Manager etc.
- Kubernetes experience, especially Kubernetes security experience, is a huge plus.
- Good experience in conducting red teaming campaigns and code reviews.
- Good to have skills (AWS security, EDR, WAF, Security monitoring).
- Coordinate with the Software Development team and perform source code and architecture reviews to identify vulnerabilities.
- Strong communication skills and ability to communicate ideas to both technical and non-technical people.
- Open to working on dynamic requirements along with pre-defined responsibilities within the information security group.
- 3-6 years of proven experience in Penetration Testing.
- Application threat modeling
- CI/CD & DevSecOps experience
- Cloud security assessment(AWS)
- Analytical and problem-solving abilities.
Job Summary:
The Incident Response (IR) Lead manages a team of experts with diverse skill setsincluding Security Operations Center (SOC), Forensics, and technical Subject Matter Expert (SME) advisory. The IR Lead is specifically tasked with managing all aspects of an Incident Response engagement to include incident validation, monitoring, containment, log analysis, system forensic analysis, and reporting. The Incident Response Lead is also responsible for building the relationship with the client and client’s counsel and ensuring the engagement’s objectives and expectations are met and executed successfully as documented in the statement of work. You will leverage a solid foundation of technical expertise in Cybersecurity, Incident Response, and Digital Forensics to successfully execute your responsibilities.
ROLES AND RESPONSIBILITIES
· Accurately collects information from the client concerning the incident to include but not be limited to the client’s environment, size, technology, and security threats. In addition, the IR Lead is responsible for capturing all client’s expectations and objectives throughout the engagement to ensure successful delivery.
· The main point of contact manages and participates in all communications with the client and the client’s counsel during the engagement. The IR Lead sets the cadence for communications.
· Management and Coordination of all technical efforts for the IR engagement to drive the process forward through; tool deployment, ransomware decryption, restoration, and recovery efforts, system rebuilds, system, application, and network administration tasks.
· Coordinates with the Ransom Specialist when ransom negotiations are needed. Ensures updates regarding ransom status are delivered to the client and counsel in a timely fashion.
· Manages and coordinates the onsite efforts with the Onsite Lead or team ensuring they understand and can execute the objectives for the onsite work. Additional responsibilities with onsite efforts include ensuring communications are frequent and getting the daily onsite update communicating these back to the IR Director and/or IR Ops Associate for their Tiger Team.
· Ensures the Forensic Lead is coordinating the collection of data necessary for the investigation.
· Ensures SentinelOne is deployed on time and adding value.
· Communicates with sales when appropriate for SentinelOne, provide client contact.
· Communicates in tandem with the Forensic Lead pertinent findings to the client during the investigation.
· Follows up with the SOC Lead on SentinelOne alerts and encourages/coordinates client participation with the product.
· Accountable for final report review, ensuring the report is accurate, professional, and meets the objective of client counsel.
· Other duties as assigned.
DISCLAIMER The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required personnel so classified.
Role Description : Skills & Knowledge
1. Experience leading scoping calls
2. Strong background and practical hands-on experience with Windows or Linux System and Network Administration, Security DevOps, Incident Response and Digital Forensics, or Security Engineering
3. Practical experience performing in a functional role including but not limited to one or more of the following disciplines: computer forensics, Incident Response, data analytics, Security Operations, and Engineering, Digital Investigations
4. Possesses strong verbal and written communication skills
JOB REQUIREMENTS
· Bachelor's degree in Computer Science, Computer Engineering, Information Assurance, Forensic Sciences, or related technical field; Graduate degree preferred
· 10+ years experience leading full-cycle incident response investigations and communicating with the client/counsel/carriers
· Must be eligible to work in the US without sponsorship
WORK ENVIRONMENT While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
· No physical exertion is required.
· Travel within or outside of the state.
· Light work: Exerting up to 20 pounds of force occasionally, and/or up-to 10 pounds of force as frequently as needed to move objects.
• 10+ years of work experience in IT with 5+ years in software development or application architecture and 3+ years in solutions architecture
• Thorough understanding of cloud native architectures, microservice architecture design patterns, containers, container orchestration, DevOps practices and security
• Professional experience in software engineering and architecture design
• Proven experience developing well architected AWS cloud infrastructure and solutions
• Experience in providing technical leadership and mentoring
• In-depth understanding of current security best practices
• Understand business analysis techniques and processes
• 3+ years of programming experience with JavaScript and/or TypeScript
• Strong understanding of object-oriented programming
About The Company -
OYO Hotels & Homes is the world’s third largest and fastest-growing chain of leased and franchised hotels, homes & spaces managing over 1 million exclusive rooms across 800 cities and 80 countries. OYO was founded on the mission that everyone deserves a quality living and working space and we are very passionate about this mission. Technology and Innovation plays a critical role in this mission and therefore today we employ World Class engineers, product managers and designers across core markets & geographies. If you are looking for a high pace environment, itching to create a large impact through technology impacting 100s of millions of customers across the globe, we love to hear from you.
Key Responsibilities:
- Conducting application(Web & Mobile) and infrastructure penetration testing assessments.
- Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to detect & prevent security vulnerabilities.
- Work closely with the business, product and Development/engineering teams to provide input and guidance on developing secure products and help teams adopt shift-security-to-left practices.
- Work closely with the DevOps team to secure the cloud environment.
- Developing and maintaining cybersecurity process activities including security requirements engineering, threat modelling, code reviews and cyber risk assessment.
- Improve and automate cybersecurity processes within the CI/CD pipelines.
- Continuously review and identify security improvement opportunities in existing products, processes, services and workflows to ensure the people, products and technology in the organization are protected against current and future cybersecurity threats.
- Deliver awareness sessions on Secure Development to engineering/development teams
- Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security.
- Preparing and launching social engineering campaigns;
Key Skills:
- Expertise in application(Web & Mobile) and infrastructure penetration testing.
- Strong experience with Azure or AWS cloud environments and its security controls.
- Experience with microservices architectures & distributed Platforms
- Strong experience with using Agile software development and securing CI/CD pipeline.
- Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)
- Knowledge of how modern web & mobile apps are designed, developed and deployed across different platforms;
- Knowledge of common exploitation techniques and mitigations.
- Experience in implementing and managing a vulnerability management program (process and technology).
- Experience and knowledge of implementing a DevSecOps ecosystem and strong understanding of Dynamic and Static Application Security Testing (DAST & SAST).
- Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.).
- Strong understanding of OWASP, PTES and other penetration testing methodologies.
- Understanding of global security frameworks and standards like NIST, ISO 27001, GDPR, PCI etc.
- Strong knowledge in preparing and launching social engineering campaigns.
- Ability to program or script in your preferred language
- Good understanding of network and OS principles
- Strong written and spoken English skills and ability to write high-quality reports
- An Information Security qualification e.g CSSLP, CEH, OSCP, or similar certification
Cultural Traits common to all OYO Leaders -
● Dealing with Ambiguity and Adaptability – we are a large, but fast-growing company today with not enough existing process or rules of engagements; and environment changes rapidly due to new businesses, geographies and strategic partnerships etc. You need to be able to create organization out of chaos, operate in an environment with minimal structure and adapt to change quickly while maintaining high velocity
● Ownership – anything between you and your job is also your job
● Bias for Action – speed matters a lot, so does quality. Ideal leader will be pragmatic, action-oriented and know the right balance between competing priorities
● Hunger to change the world – you need to be ambitious and willing to do more. If you believe you have already achieved your best and primarily looking to impart that vast knowledge, we aren’t the right place for you
Job Locations: We have a Pan India presence with Tech centers based out of Gurugram, Bangalore & Hyderabad. However currently we are working from our home.
Years: 5-9 Years
Job Responsibilities
Primary:
- Responsible for security road map for EPDM application
- Train the CI-CD team on the required technologies security adoptation
- Lead the upskill program within the team
- Support Application architect with right inputs on security processes and tools
- Help setup DevSecOps for EPDM.
- Find Security vulnerability in development process and sealed secretes
- Support in defining the Three-tier architecture.
Secondary:
- Coordination with different IT stakeholders as and when needed
- Suggestion and Implementation of further tool chains towards DevOps and GitOps
- Responsible to train the peer colleagues
Skills:
Mandatory skill:
- Expert knowledge of container solutions. Must have >3 years of experience working with networking & debugging within Docker and Kubernetes.
- Hands-on experience with Kubernetes workload deployments using Kustomize & Helm.
- Good understanding of Bitnami, Hashicorp and other secrete management tools
- SAST/DAST integration in CI/CD pipeline - design, implementation Expert knowledge of Source Control Systems, build & integration tools (e.g., GIT, Jenkins & Maven).
- Hands-on experience with designing the CI/CD architecture & building pipelines (on On-prem, Cloud & Hybrid infrastructure services).
- Experience with Security log management tools (e.g. Splunk ELK/EFK stack, Azure monitor or similar).
- Experience with monitoring tools like Prometheus-Grafana & Dynatrace.
- Experience with Infrastructure as a Service / Cloud computing (preferably Azure).
- Expert in writing automation scripts in Yaml, Unix shell, linux shell.
- Pulumi would be added advantage.
A network of the world's best developers - full-time, long-term remote software jobs with better compensation and career growth. We enable our clients to accelerate their Cloud Offering and Capitalize on Cloud. We have our own IoT/AI platform and we provide professional services on that platform to build custom clouds for their IoT devices. We also build mobile apps, run 24x7 DevOps/site reliability engineering for our clients.
We are looking for a friendly, very hands-on technical, and dependable professional with plenty of experience as a backend & cloud engineer to provide site reliability services to our internal teams and end customers. We expect you to deliver with TOP quality & high speed. You must have experience developing and designing amazing UI screens.
This person MUST have:
- BE Computer Science or equivalent
- Cloud app development experience.
- Strong Troubleshooting and debugging skills
- A strong passion for writing simple, clean, and efficient code.
- 3 years of experience with the Django framework and other backend technologies.
- Knowledge of NodeJS
- Experience with building, modifying, and extending API endpoints (REST or GraphQL) for data retrieval and persistence.
- Understand how to use a database like Postgres (preferred choice), SQLite, MongoDB, MySQL.
- Experience creating high-performance applications.
- Experience with messaging and broker tools - Rabbitmq, MQTT
- Experience with SQL and NoSQL databases
- Experience with the full software development life cycle, including requirements collection, design, implementation, testing, and operational support.
- Knowledge of web services
- Proficient understanding of code versioning tools Git.
- Hands-on experience deploying and managing infrastructure with CloudFormation/Terraform
- Experience managing AWS infrastructure.
- Hands-on experience in Linux environment.
- Basic understanding of Kubernetes/Docker orchestration.
- Manges existing infrastructure/Pipelines/Engineering tools (On-Prem or AWS) for the engineering team (Build servers/Jenkins nodes etc.)
- Experience with scrum or other agile software development methodology.
- Excellent verbal and written communication, teamwork, decision making and influencing skills.
- Handle customer calls/emails regarding technical issues for end-users.
- Strong communication skills
- Attention to detail.
Experience:
- Min 3 year experience
Location:
- Ahmedabad Office Or,
- Work from home
Timings:
- 40 hours a week with a rotational shift every month.
Position:
- Full time/Direct
- We have great benefits such as PF, medical insurance, 12 annual company holidays, 12 PTO leaves per year, annual increments, Diwali bonus, spot bonuses and other incentives, etc.
- We don't believe in locking in people with large notice periods. You will stay here because you love the company. We have only a 30 days notice period
Roles and Responsibilities
- Managing Availability, Performance, Capacity of infrastructure and applications.
- Building and implementing observability for applications health/performance/capacity.
- Optimizing On-call rotations and processes.
- Documenting “tribal” knowledge.
- Managing Infra-platforms like Mesos/Kubernetes,CICD,Observability (Prometheus/New Relic/ELK),Cloud Platforms (AWS/ Azure),Databases,Data Platforms Infrastructure
- Providing help in onboarding new services with production readiness review process.
- Providing reports on services SLO/Error Budgets/Alerts and Operational Overhead.
- Working with Dev and Product teams to define SLO/Error Budgets/Alerts.
- Working with Dev team to have in depth understanding of the application architecture
and its bottlenecks.
- Identifying observability gaps in product services, infrastructure and working with stake
owners to fix it.
- Managing Outages and doing detailed RCA with developers and identifying ways to
avoid that situation.
- Managing/Automating upgrades of the infrastructure services.
- Automate toil work.
Experience & Skills
- 6+ years of total experience
- Experience as an SRE/DevOps/Infrastructure Engineer on large scale microservices and infrastructure.
- A collaborative spirit with the ability to work across disciplines to influence, learn, and
deliver.
- A deep understanding of computer science, software development, and networking principles.
- Demonstrated experience with languages, such as Python, Java, Golang etc.
- Extensive experience with Linux administration and good understanding the various
linux kernel subsystems (memory, storage, network etc).
- Extensive experience in DNS, TCP/IP, UDP, GRPC, Routing and Load Balancing.
- Expertise in GitOps, Infrastructure as a Code tools such as Terraform etc.. and
- Configuration Management Tools such as Chef, Puppet, Saltstack, Ansible.
- Expertise of Amazon Web Services (AWS) and/or other relevant Cloud Infrastructure
solutions like Microsoft Azure or Google Cloud.
- Experience in building CI/CD solutions with tools such as Jenkins, GitLab, Spinnaker,
Argo etc.
- Experience in managing and deploying containerized environments using Docker,
Mesos/Kubernetes is a plus.
Responsibilities:
- Provide daily support with resolution of escalated tickets and act as liaison to business and technical leads to ensure issues are resolved in timely manner.
- Incident resolution and supporting production system deployments.
- Suggest fixes to complex issues by doing a thorough analysis of root cause and impact of the defect.
- Support and deliver within Continuous Integration/Continuous Delivery pipelines.
- Prioritise workload, providing timely and accurate resolutions.
- Perform production support activities which involve assignment of issues and issue analysis and resolution within the specified SLAs.
- Understand linux. SSH to linux box, look for web logs etc
- Understand web apps to be able to troubleshoot issues
Requirements:
- Good to have programming experience with Python.
- Java and JavaScript development experience would be an added advantage.
- You should not be afraid to do some development as well as Devops.
- Clear written and oral communication is a must.
- We are looking for a Senior SRE with a proven track record of success leading complex cloud-hybrid environments. You will have:
- Strong sense of Being an Owner, Wearing the Customer Shoes, with the ability to Empower Others demonstrated through clear
- communication and collaboration.
- Skills to work independently with multiple global teams, developing, configuring, deploying, and operating our global infrastructure on AWS and on-prem.
- Operational experience in complex distributed and real-time systems, including experience with SLO/SLAs towards high availability,reliability and DR goals.
- DevOps experience in building tools and frameworks, with an understanding of continuous deployment processes.
- Ability to think at scale, bringing a focus on continuous delivery methodologies from design through deployment and operations.
- Experience building and managing systems with tools including Kubernetes, Chef/Ansible/Puppet, Kafka, Docker, and Terraform.
- 5+ years experience in a Software and/or Site Reliability Engineering role
- Experience writing automation code in GoLang, Python or Java
- Experience developing and operating large scale distributed systems with Kubernetes and Docker
- Experience in running real time and low latency high available applications (Kafka, gRPC, RTP)
- Experience running public cloud environments on AWS
- Experience running hybrid clouds and on-prem infrastructures on Red Hat Enterprise Linux / CentOS
- Bachelor degree in Engineering, Computer Science or equivalent experience
- The ability to lead, partner, and collaborate cross functionally across an engineering organization
Key Duties & Responsibilities -
- Design and Build cloud architecture/infrastructure
- Provision, maintain and administer MS Azure Cloud Environment
- Windows server administration.
- Implement and maintain cloud monitoring, auditing and network management functions.
- Optimize the processes for cloud-based data storage, backups and restores.
- Implement cloud security to protect data, applications, and infrastructure.
- Develop, maintain, and execute Configuration Management scripts.
Skills required
- Experience in server hardening best practices
- Knowledge of special security arrangements like Network security, DoS Protection, OS firewall, etc
- Ability to work with software firewalls and web application firewalls
- Log management and replication to a central server
- Ability to architect a secure deployment in Azure/Aws cloud using the native abstractions and services provided by respective cloud service providers.
- Ability to conduct a self VAPT of the network and servers, so that the environments are better prepared for external audits by customers' info sec teams and/or auditors.
- Ability to use DevOps automation to setup environments from scratch and also patch them from time to time to handle the changes resulting out of various factors e.g. VAPT audits, customer requests
- Experience building solutions using MS Azure DevOps.
- Knowledge of general networking concepts (e.g., DNS, TCP/IP, and firewalls).
- Experience development & maintenance of a CI/CD system.
- In-depth knowledge of build and deployment automation technologies.
- An attitude and ability to take ownership and deliver a high-quality product, on time.
- Experience of implementing DevOps
- Experience in DevOps Architectural decisions, tools selection, best practices.
- Constant research and learning on new tools and technologies in DevOps space.
