As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.
- Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
- Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
- Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
- Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
- Communicating findings and recommendations to management and other stakeholders.
- Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
- To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.
About Codewits Solutions
We are Codewits. A trusted software development consultancy based in Pune, India, offering valuable services to large and mid-sized enterprises. We are a team of young but experienced programmers who believe in their ingenious powers. We keep things simple yet effective. Our highly skilled and enthusiastic programmers have embraced new technologies, untangled complex issues and created sustainable value growth through innovative solutions and unique partnerships.
Similar jobs
About us:
HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.
We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.
To know more, Visit! - https://www.happyfox.com/
Responsibilities:
- Perform manual and automated application penetration tests and provide suggestions to harden our products
- Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
- Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
- Keep up with industry trends in the security space
- Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
- Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
- Scale our application security engineering team
Requirements:
- Strong verbal and written communication skills
- Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
- Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
- Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools
Primary Skills |
Experience on network vulnerability scanning penetration testing |
Experience with Nessus NetCat, NMAP Backtrack, Metasploit,Wireshark , HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone) |
Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) |
In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database |
Thorough and practical knowledge of OWASP |
Hands on experience with popular application security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux |
Working knowledge of manual testing of web applications |
Good knowledge of modifying and compiling exploit code |
Good understanding and knowledge of codes languages |
Has practical experience in auditing various OS , DB , Network and Security technologies |
Microsoft office – Word, Excel, PowerPoint |
- Develop efficient strategies to protect the system, the networking infrastructure, data, and information systems against potential threats/cyber risks
- Routinely performing threat analysis, system checks, and security tests
- Defining and updating information security criteria and validation procedures
- Effectively discuss to understand safety and security and fix the problems along with different stakeholders
- To be a security representative or point of contact for all technical deliveries, initiatives, and project implementations.
- To develop technical processes and procedures and promote compliance in line with regulations, corporate policies, or standards as per ISO27001
- Assess technical security risks in terms of impact on systems and service confidentiality, integrity, and availability, and report and escalate results of risk assessments.
- Report any real or potential security breaches/vulnerabilities to various stakeholders and provide technical support during incident response
- Monitor security tools to detect security events & incidents Report and escalate any security breaches to the Information Technology Security Officer
- Operate vulnerability scanning and compliance tools to identify system weaknesses
- Represent IT Security matters at technical and business forums.
Desired candidate profile :
- Relevant experience in the information security field
- Relevant experience working with ISO Policies, and GDPR guidelines.
- Strong knowledge of network architecture and security concepts related to routing
- Exceptional attention to detail
- Excellent analytical and problem-solving skills
- Great team player and able to work efficiently with minimal supervision
- Excellent communication skills, both written and verbal, work with the different stakeholders on strengthening the security risks.
- Able to handle and cope with stressful situations and understands the pressures of a start-up environment
This profile will include following responsibilities:
- Perform Web Application Security Testing
- Perform Mobile Application Security Testing
- Scan Network for Security Vulnerabilities
- Co-ordinate with the clients for Project related queries
- Undertake meeting with the client teams for discussing security issues and recommendations
- Create detailed security reports
- Keep track of project progress & send regular updates
- Research on Open source security tools & new security topics
- Create Security Knowledge base for the teamThe candidate should be we well versed with application security concepts, including the mitigation techniques:
- Web Application Security – OWASP Top 10
- Mobile Application Security – Mobile OWASP Top 10
- Threat Modelling
- Risk Rating Frameworks
- Web Traffic Interception (For Web/Mobile apps)
- SSL
- Network Concepts
- Web Development Basics - HTTP/HTML/JavaScript
- Basic Mobile Application Concepts (either Android or IOS)
About Drip Capital & Tech Team
The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide.
Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.
Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.
Your Role
As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :
- Contribute to and improve secure SDLC practice
- Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
- Designing and implementing cloud and network security solutions.
- Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
- Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
- Proactively identify vulnerabilities across our platform and work with developers in fixing them.
- Automate and simplify security, as “Complexity is the enemy of Security”.
- Handle Vulnerability Management and Patch Management processes.
- Participate in the investigation related to Privacy/Security incidents and response activities.
- Work with DevOps to implement the security tools and automation of the security tasks.
- Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
- Testing the deployed security solutions to make sure they function as planned.
Our Checklist
- A minimum of 4 years of experience as an AppSec Engineer
- Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
- Hands-on experience in secure code review and automation of common security workflows.
- Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
- Good understanding of OWASP and SANS testing methodologies.
- Good understanding of software security weaknesses and vulnerabilities.
- Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
- Ability to contribute as an individual and as part of a team
- Working knowledge of any scripting language; Python or Go preferred
- Experience in writing custom tools/scanners/extenders is a plus
- Red teaming experience is a plus
If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!
Dear Candidate,
Greetings from HCL Technologies Ltd.
- Make sense of Cyber security and compliance frameworks that apply to your business or industry
• Identify business risks, taking into account the role of your hosting service provider
• Determine which Cyber security controls are required to mitigate your identified risks
• Improve collaboration and communication during Cyber security Incident mitigation and response.
• Establish the necessary framework based on NIST Framework to maintain and continually improve your information security program over time based on evolving scope and emerging risks
• Document and track efforts for evidence collection and audit preparation
- will have primary responsibility for coordinating and implementing effective Cyber Security management across the account. This role will ensure that all Supplier obligations are met regarding compliance with Security guidelines, data protection, regulations, Supplier policies, and key controls.
- provide implementation and ongoing operation of Security management framework;
- be responsible for coordinating activities to address the key Security risk exposures;
- ensure Security awareness training of, and assistance in the implementation of robust Security management practices across Security operations;
- direct the design of controls to address emerging or new Security risk and compliance requirements;
- carry out regular and frequent assurance reviews of the design and operating effectiveness of Security controls;
- implement, monitor and report on key Security risk indicators to identify and address emerging risks;
- coordinate with other Service Providers and Security functions, to facilitate client’s audits and inspections;
- manage and report on responses and actions to address Security audit points, inspection deficiencies, or control weakness identified during normal operations.
- review outcome of cyber security risk assessment, timely implement open action items and report progress to stakeholders
- incorporate vulnerability testing as an integral part of change management
- Should have good knowledge of Cyber Security Framework and controls
- CISA ,CISM or CISSP certification should be preferred.
- Have good understanding of Security policy and process along with ITSM process.
i. Technology Graduate with 8+ years of experience in the IT industry & Information Security / Cyber Security
iii. Provide Security Vision & Strategy to the Organization, strategic direction, development, and implementation of information security programs and projects to address risks relevant to the attainment of organizational strategic goals.
iv. Experience in advising leadership team regarding Security Technology Land scape, product issues, and possible improvements
v. Expertise in providing executive roadmaps for continual improvement in teams, technology, and processes, process across various security & DevSecops teams
vi. Experienced in Information Security Risk Management, gap analyses, Audits.
vii. Hands-on Experience in formulating Cyber Security Policies, Design and implementation of Security Technologies, DevSecOps.
viii. Working Knowledge in implementation of Cyber Security Solution in Open Source, OpenStack environment.
ix. Ability to provide strategies to increase the ability to withstand cyber-attacks, as measured by annual sophisticated attack simulations.
x. Experience in upgrading, troubleshooting and tuning of Cyber Security Solutions, SOC Operations.
xi. Thorough understanding and good knowledge latest Cyber Security technologies, Security Architectures, vulnerabilities, security threats.
xii. Expertise in Test-Driven Development and establishing a DevSecOps practice. Multiple product launches under your belt - from design to launch, having played a key role in their success
xiii. Ability to setup PoC for latest security solutions
xiv. Good understanding of Open Source Technologies, Private Cloud Technologies.
Executive Director
Smart Rain Technology is a rapidly growing technology company located in Hyderabad, India. Our mission is to save water, save money and save time through our proprietary irrigation and water management system. We are looking for an experienced Executive Director to organize, grow, and oversee the daily operations in Hyderabad, India.
Candidate will assist in technical vision and leadership for developing and implementing Smart Rain's technology initiatives, with an emphasis on integration of cutting-edge technology-based practices and services into our current offerings.
The area of responsibility for this role is very wide and thus requires thorough knowledge of various company processes, business practices including government and compliance requirements in India. The overall goal is to safeguard and augment the efficiency of the company’s operations in Hyderabad, India and to facilitate accelerating development and long-term success.
Executive Director Job Responsibilities:
- Responsible for the planning, organizing, and directing of the organization’s operations and programs.
- Thorough knowledge of government and compliance requirements in India.
- Prepares accurate and timely analyses that capture and communicate business results, variances, and performance trends.
- Communicates and report company results to the parent company and shareholders.
- Provides leadership to and manages the efforts of site staff to ensure appropriate support of all departments.
- Coordinates and leads annual budget reviews, monthly and quarterly reviews, and periodic forecast updates with operational and senior management.
- Retains a diverse, highly qualified staff and provides career coaching, growth, and personal development for direct/indirect report employees.
- Provides leadership and technical direction for maintenance and support services for Web, Mobile applications, back-end services, enterprise software, peripherals, and assist in professional development of team.
- Ensures that the design, development, and implementation of enterprise applications and infrastructure systems support the needs of our customers, and management.
- Co-Develop and enforce policies and procedures to ensure the protection of local Smart Rain technology assets and the integrity, security, and privacy of data entrusted to or maintained by fellow team members.
- Develops and implements an accountability system for measuring the success of the goals defined with in the Smart Rain team.
- Serves as a company representative and assumes responsibility at local, regional, state, and national meetings and events pertaining to areas of responsibility.
- Demonstrates excellent interpersonal skills using tact, patience, and courtesy while exemplifying integrity, candor, and high ethical conduct.
- Provides vision, leadership, and direction to all employees within the department.
- Directs and/or coordinates the development of specifications for the procurement of hardware, software, telecommunications, and support services required to support Smart Rain India.
- Prepares materials and presentations for US Smart Rain management team
Executive Director Qualifications/Skills:
- Demonstrated leadership and management skills
- Ability to multitask
- Takes initiative
- Works independently
- Creative problem-solving skills
- Enthusiastic
- Dynamic
- Flexible
- Organized
- Collaborative
Education, Experience, and Licensing Requirements
- Bachelor’s Degree in computer science, finance or accounting
- CMA or MBA preferred
- 15 or more years of financial management experience in an operational environment
- 10 or more years management or supervisory experience
- Relevant experience in technology industry environment
- Experience working with US based company preferred
Benefits
Smart Rain Technology offers a competitive compensation and benefits package. Compensation will be based on experience and market conditions. Benefits include terrific health insurance, paid time off, holiday pay, performance based quarterly bonuses, and an outstanding work environment with a growing team and companySecurity Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting