Desired Skills |
To have skills: · Proven technical expertise in cyber security domains, i.e. endpoint security, application security testing. · Knowledge and experience in public cloud solutions. · Knowledge on network security, networking concepts and architectural implementations. · Knowledge on vulnerability testing and define proper remediation’s. · Shell scripting experience - Shell/Bash/Python. · Working experience of Linux operation.
Desire to have skills: · One or more of the following cyber security certifications: CEH, CISSP, OSCP, SSCP CCSP. · Excellent problem solving, and follow-up skills. · Ability to convey technical security concepts to non-technical audiences. |
Similar jobs
Candidate MUST HAVE product-based company experience and a minimum of 3years of experience in DevOps.
What you will do (or learn) :
1. Build our application stack on AWS. Infrastructure as code (read Terraform)
2. Build state-of-the-art CI/CD pipelines.
3. Manage data warehouses and data pipelines.
4. Work on infrastructure and data security.
5. State-of-the-art log management system and tooling around them.
6. Monitoring and alerting system.
What do we expect from you?
1. 3 to 10 years of experience with DevOps or SRE principles.
2. Good fundamentals of database management and other distributed systems management.
3. Experience in infrastructure as code or other configuration management systems.
4. Experience in scripting languages (like bash, python, go lang etc.)
5. Good understanding of Linux systems
6. Strong debugging and troubleshooting skills
7. Experience in tooling around monitoring, CI/CD, log management systems.
About Drip Capital & Tech Team
The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide.
Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.
Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.
Your Role
As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :
- Contribute to and improve secure SDLC practice
- Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
- Designing and implementing cloud and network security solutions.
- Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
- Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
- Proactively identify vulnerabilities across our platform and work with developers in fixing them.
- Automate and simplify security, as “Complexity is the enemy of Security”.
- Handle Vulnerability Management and Patch Management processes.
- Participate in the investigation related to Privacy/Security incidents and response activities.
- Work with DevOps to implement the security tools and automation of the security tasks.
- Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
- Testing the deployed security solutions to make sure they function as planned.
Our Checklist
- A minimum of 4 years of experience as an AppSec Engineer
- Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
- Hands-on experience in secure code review and automation of common security workflows.
- Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
- Good understanding of OWASP and SANS testing methodologies.
- Good understanding of software security weaknesses and vulnerabilities.
- Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
- Ability to contribute as an individual and as part of a team
- Working knowledge of any scripting language; Python or Go preferred
- Experience in writing custom tools/scanners/extenders is a plus
- Red teaming experience is a plus
If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!
A network of the world's best developers - full-time, long-term remote software jobs with better compensation and career growth. We enable our clients to accelerate their Cloud Offering and Capitalize on Cloud. We have our own IoT/AI platform and we provide professional services on that platform to build custom clouds for their IoT devices. We also build mobile apps, run 24x7 DevOps/site reliability engineering for our clients.
We are looking for a friendly, very hands-on technical, and dependable professional with plenty of experience as a backend & cloud engineer to provide site reliability services to our internal teams and end customers. We expect you to deliver with TOP quality & high speed. You must have experience developing and designing amazing UI screens.
This person MUST have:
- BE Computer Science or equivalent
- Cloud app development experience.
- Strong Troubleshooting and debugging skills
- A strong passion for writing simple, clean, and efficient code.
- 3 years of experience with the Django framework and other backend technologies.
- Knowledge of NodeJS
- Experience with building, modifying, and extending API endpoints (REST or GraphQL) for data retrieval and persistence.
- Understand how to use a database like Postgres (preferred choice), SQLite, MongoDB, MySQL.
- Experience creating high-performance applications.
- Experience with messaging and broker tools - Rabbitmq, MQTT
- Experience with SQL and NoSQL databases
- Experience with the full software development life cycle, including requirements collection, design, implementation, testing, and operational support.
- Knowledge of web services
- Proficient understanding of code versioning tools Git.
- Hands-on experience deploying and managing infrastructure with CloudFormation/Terraform
- Experience managing AWS infrastructure.
- Hands-on experience in Linux environment.
- Basic understanding of Kubernetes/Docker orchestration.
- Manges existing infrastructure/Pipelines/Engineering tools (On-Prem or AWS) for the engineering team (Build servers/Jenkins nodes etc.)
- Experience with scrum or other agile software development methodology.
- Excellent verbal and written communication, teamwork, decision making and influencing skills.
- Handle customer calls/emails regarding technical issues for end-users.
- Strong communication skills
- Attention to detail.
Experience:
- Min 3 year experience
Location:
- Ahmedabad Office Or,
- Work from home
Timings:
- 40 hours a week with a rotational shift every month.
Position:
- Full time/Direct
- We have great benefits such as PF, medical insurance, 12 annual company holidays, 12 PTO leaves per year, annual increments, Diwali bonus, spot bonuses and other incentives, etc.
- We don't believe in locking in people with large notice periods. You will stay here because you love the company. We have only a 30 days notice period
Are you a high-performing, collaborative, results-oriented and technologically savvy person who is keen on working in the digital industry, as a Consultant (for 3 months)
Our client is the Health-tech initiative of India's largest business house. Started in 2015, it empowers healthcare providers and consumers in India. All healthcare monitoring services are made available through an app that will help connect doctors, hospitals, pharmacies, laboratories, and consumers, enabling preventive and predictive healthcare.
It helps the care-givers to track the entire patient journey from the initial appointment and maintaining their records, generating lab test reports to providing virtual consultation and home-care solutions. It is expected that this futuristic guide will strengthen the doctor-patient relationship and enhance the in-clinic experience.
As a Technical Writer (Consultant), you will work with teams of engineers to create internal technical documentation. This will include technical architecture diagrams, flow diagrams, API documentation and microservice details.
You will also be responsible for writing knowledge base articles for a technical audience.
What you will do:
- Documenting product architecture, APIs, technical specifications
- Developing and writing high-quality technical documents meeting industry standards
- Communicating with product developers and understanding the product and its interactions
- Maintaining documentation as the product changes occur
- Gathering information from team meetings, product specifications, interviews with subject-matter experts, and direct interaction with systems
- Gathering and addressing feedback from multiple sources
- Working independently and rapidly to meet tight deadlines
What you need to have:
- BA in technical/ professional communication, English, computer science/ engineering, or other related field
- Authoring concepts, designs, technical specifications
- Following organizational and industry standards (such as Microsoft Manual of Style for Technical Publications or similar)
- Proven ability to quickly learn and understand complex topics
- Managing multiple versions of topics
- Using UNIX/ Linux command-line interfaces
- Additionally, should be able to: Write release notes and Write end user documentation, help guides
Operations and Technical Advice
Monitoring applications over WAF for Security incidents (24*7 Service Window)
WAF Implementation, and Day-to-Day Task ,Application Integration, Testing ,Learning ,Blocking , Migrations.
Application Security Understanding,Creating, modifying, or implementing policies or rules.
Add, remove, and modify, update security policy parameters and attack signatures policies as per Airtel Africa business requirement and standard practices
Understanding of Network Protocol
Hand-on Packet Capture /Analyser
Perform WAF signature & hotfix updates.
Quarterly review the created Policy/Rule with Client
Respond to Ticket management tool requests for WAF Incidents, Changes, and Services.
Coordinate with OEMs for product related issues and bugs
Integrate SIEM & monitoring tool with WAF virtual appliances
Upgrading the Radware OS version from N to N-1 shall be considered based on the criticality of discovered vulnerabilities during the VA scan.
Assist the Client team in mitigating vulnerabilities or observations reported during security audits, VA&PT, and regulatory technology audits (internal, external, and concurrent) for and in WAF
Analyse security breaches, make required changes/additions, and report RCA for any WAF security incident
Support Window 24X7 ,
project.
• Deploying required database assets on production (DDL, DML)
• Good understanding of MySQL Replication (Master-slave, Master-Master, GTID-based)
• Understanding of MySQL partitioning.
• A better understanding of MySQL logs and Configuration.
• Ways to schedule backup and restoration.
• Good understanding of MySQL versions and their features.
• Good understanding of InnoDB-Engine.
• Exploring ways to optimize the current environment and also lay a good platform for new
projects.
• Able to understand and resolve any database related production outages
-
- Manage a team of highly skilled security engineers
- Responsible for the security of all Ola applications.
- Enforce Security in SDLC, and ensure any identified vulnerabilities are fixed before a feature goes to production.
- Participate in the design review discussions to identify any security loophole, and recommend a secure design solution.
- Partner with engineering leaders across the company to help them prioritize security issues in their products.
- Run the Ola’s Bug Bounty program effectively.
- Develop a roadmap for future work to enhance security, derive a project plan, and ensure the completion of the project within the timelines.
- Mentor the team members and work towards their career growth.
Minimum Qualifications
- 7+ years of work experience in security engineering, including 2+ years of proven hands-on technical management experience of security engineers.
- Experience recruiting and managing technical teams, including performance management.
- Technical experience across security disciplines – web/mobile app security, infrastructure security, security operations center.
- Experience building relationships with stakeholders and business leaders.
- Must have Coding experience at least in one language.
- Knowledge of standards like PCI-DSS, ISO27001, GDPR etc.
BS/MS in Computer Science or equivalent experience
Responsibilities:
- Provide daily support with resolution of escalated tickets and act as liaison to business and technical leads to ensure issues are resolved in timely manner.
- Incident resolution and supporting production system deployments.
- Suggest fixes to complex issues by doing a thorough analysis of root cause and impact of the defect.
- Support and deliver within Continuous Integration/Continuous Delivery pipelines.
- Prioritise workload, providing timely and accurate resolutions.
- Perform production support activities which involve assignment of issues and issue analysis and resolution within the specified SLAs.
- Understand linux. SSH to linux box, look for web logs etc
- Understand web apps to be able to troubleshoot issues
Requirements:
- Good to have programming experience with Python.
- Java and JavaScript development experience would be an added advantage.
- You should not be afraid to do some development as well as Devops.
- Clear written and oral communication is a must.
- We are looking for a Senior SRE with a proven track record of success leading complex cloud-hybrid environments. You will have:
- Strong sense of Being an Owner, Wearing the Customer Shoes, with the ability to Empower Others demonstrated through clear
- communication and collaboration.
- Skills to work independently with multiple global teams, developing, configuring, deploying, and operating our global infrastructure on AWS and on-prem.
- Operational experience in complex distributed and real-time systems, including experience with SLO/SLAs towards high availability,reliability and DR goals.
- DevOps experience in building tools and frameworks, with an understanding of continuous deployment processes.
- Ability to think at scale, bringing a focus on continuous delivery methodologies from design through deployment and operations.
- Experience building and managing systems with tools including Kubernetes, Chef/Ansible/Puppet, Kafka, Docker, and Terraform.
- 5+ years experience in a Software and/or Site Reliability Engineering role
- Experience writing automation code in GoLang, Python or Java
- Experience developing and operating large scale distributed systems with Kubernetes and Docker
- Experience in running real time and low latency high available applications (Kafka, gRPC, RTP)
- Experience running public cloud environments on AWS
- Experience running hybrid clouds and on-prem infrastructures on Red Hat Enterprise Linux / CentOS
- Bachelor degree in Engineering, Computer Science or equivalent experience
- The ability to lead, partner, and collaborate cross functionally across an engineering organization
IT Security Specialist
Roles and Responsibilities
- Extensive experience of 2-5 years in Vulnerability Assessment and Penetration testing, Web Application security.
- An Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, OWASP top 10 issues.
- Must have working experience in OWASP Top 10 Vulnerabilities Testing in Web applications.
- Create policy and standards for developers and testers to secure programming in the organization. (secure code review, static application security testing.
- Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP. Assessing cloud security risk (AWS and Azure) and recommending appropriate security controls.
- Ability to interact with project teams to understand the security requirements and come up with solutions
- Extensive knowledge of managing Web Application Firewall (Product) including rules management and product administration
- Strong understanding of networking concept.
Desired Candidate Profile
- Excellent knowledge of Microsoft Windows operating environments and with special attention to security and hardening issues.
- Able to work independently with minimal supervision.
- Good knowledge of secure software development standard, process, techniques, cloud security policies and tools.
- Keep stakeholders updated with communications and weekly reporting.
- Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
- Excellent communication skills - written, verbal, presentation and interpersonal.
- Willing to learn new skills and implement new technologies.
- Should come with bachelor’s degree in engineering, mathematics or master’s in computer application / programing.