SOC Manager

At Upswing, we are committed to building a robust, scalable & secure API platform to power the world of Open Finance.

We are a passionate and self-driven team of thinkers who aspire to build the rails to connect the legacy financial sector with financial innovators through a simple and powerful banking-as-a-service (BaaS) platform.

We are looking for motivated engineers who will be working in a highly creative and cutting-edge technology environment to build a world-class financial services suite.

About the role

As part of the DevSecOps team at Upswing, you will get to work on building state-of-the-art infrastructure for the future. You will also be –

• Managing security aspects of the Cloud Infrastructure 
• Designing and Implementing Security measures, Incident Response guidelines 
• Conducting Security Awareness Training
• Developing SIEM tooling and pipelines end to end for vulnerability/security/incident reporting 
• Developing automation and performing routine VAPT for Network and Applications
• Integrating with 3rd party vendors for the services required to improve security posture 
• Mentoring people across the teams to enable best practices 

What will you do if you join us?

• Engage in a lot of cross-team collaboration to independently drive forward DevSecOps practices across the org 
• Take Ownership of existing, ongoing, and future DevSecOps initiatives 
• Plan and Engage in Architecture discussions to bring in different angles (especially security angles) to the table
• Build Automation stack and tools for security pipeline 
• Integrate different security measures and pipelines with the SIEM tool
• Conducting routine VAPT using manual and automated workflows, generating and maintaining the report for the same
• Introduce and Implement best practices across teams for a great security posture in the org

You should have

• Curiosity for on-the-job learning and experimenting with new technologies and ideas
• A strong background in Linux environment
• Proven experience in Architecting networks with security first implementation
• Experience with VAPT tooling for Networks and Applications is required 
• Strong experience in Cloud technologies, multi-cloud environments, and best practices in Cloud 
• Experience with at least one scripting language (Ruby/Python/Groovy)
• Experience in Terraform is highly desirable but not mandatory
• Some experience with Kubernetes, and Docker is required 
• Understanding Java web applications and monitoring them for security vulnerabilities would be a plus 
• Any other DevSecOps-related experience will be considered

Role : Full-Time Individual Contributor (IC)

Reporting to : Solution Architect / Program Manager

Education : BTech/ BE / MCA / MSc Computer Science

Industry : Product Engineering Services or Enterprise Software Companies

About Us

CLOUDSUFI is a Silicon Valley-based specialist Data Engineering & Cloud Technologies player with top-tier clients, favorable revenue mix, strong financial performance, and robust management. We pride ourselves in helping in the Data Discovery, Insights and Monetization for organizations. We offer quality of work, opportunities to learn new platforms/technologies that will help young engineers put themselves ahead in their careers compared to their peers in the IT Services industry. CLOUDSUFI is a Data Science and Product Engineering company building Products/Solutions for Technology and Enterprise industries leveraging the advent of Cloud Hyper Scalers and AI/ML, NLP technologies. The organization is built to scale with strong external/ internal tech capabilities and governance standards. Started in 2019, CLOUDUSUFI is a family of 250 members working towards a common goal of making the enterprise data dance. To know more, please visit https://cloudsufi.com

ABOUT THE ROLE

InfoSec Engineers will participate in all phases of a typical DevOps pipeline: plan, code, build, test, release, and deploy. He/she will be scanning our networks, applications, and containers (images). In addition to the Vulnerability Management platform, this individual will support and/or serve as a backup for AWS WAF, Guard Duty, PagerDuty, and CloudFlair security platforms.

This Includes: ● Work independently with vendors and collaborate with colleagues ● -Experience on monitoring and operation of AWS cloud infrastructure ● -Experience with AWS automation tools Terraform ● -Analyzing, Troubleshooting and resolving issues with the cloud monitoring tools as Datadog and Cloudflare ● -The ability and skill to train other people in procedural and technical topics ● -Strong communication and collaboration skills

ABOUT YOU ● 3+ years’ experience with Tenable.io platform ● 3+ years’ experience with AWS orchestration via Terraform script ● 3+ years’ experience with CloudWatch/CloudTrail/Guard Duty ● 3+ years’ experience with AWS WAF ● 3+ years’ experience with CloudFlare ● 2+ years’ experience with DataDog ● Experience with PagerDuty ● Ability to make nuanced threat assessments ● Experience with the NIST family of Information Security-related publications including 800-37, 800-30, and 800-53 ● Significant experience with PCI, SOC2, SOX, HIPAA, or other compliance regimes Salary: Best as per Industry Standards

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

• Contribute to and improve secure SDLC practice
• Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
• Designing and implementing cloud and network security solutions.
• Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
• Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
• Proactively identify vulnerabilities across our platform and work with developers in fixing them.
• Automate and simplify security, as “Complexity is the enemy of Security”.
• Handle Vulnerability Management and Patch Management processes.
• Participate in the investigation related to Privacy/Security incidents and response activities.
• Work with DevOps to implement the security tools and automation of the security tasks.
• Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
• Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

• A minimum of 4 years of experience as an AppSec Engineer
• Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
• Hands-on experience in secure code review and automation of common security workflows.
• Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
• Good understanding of OWASP and SANS testing methodologies.
• Good understanding of software security weaknesses and vulnerabilities.
• Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
• Ability to contribute as an individual and as part of a team
• Working knowledge of any scripting language; Python or Go preferred
• Experience in writing custom tools/scanners/extenders is a plus
• Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!

• Expert on cloud security, CASB, proxy & content filtering solutions.
• Good knowledge on network security concepts.
• He will be expected to work in Security operations with normal shifts but should be ready to support 24*7 in case of critical issues or scheduled activities.
• Should have good hands on experience on ITSM process.  
• He will also be required to work on new technology evaluation by working with OEMs

Who You Are

• Creative thinker and strong problem solver with meticulous attention to detail
• Highly organized, creative, motivated, and passionate about achieving results
• Able to balance multiple tasks and projects effectively and quickly adapt to new situations and technologies
• Able to work both independently and as part of a team
• Systematic problem-solver, coupled with a strong sense of ownership and drive

What you need

• 3-7 years of experience as a Site Reliability Engineer or a mix of a software engineer and DevOps.
• Strong hands-on knowledge of Linux fundamentals, System administration scripting, performance tuning/scalability, troubleshooting.
• Write great quality code using SOLID principles including unit and integration tests.
• Hands-on development experience in an object-orientated programming language like Python.
• Hands-on experience developing task automations
• Experience using tools to create and manage CI (continuous integration) and CD (continuous delivery) pipelines.
• Familiarity with software development tools: source code management (SCM systems), code review systems, issue tracking tools, build tools, test frameworks, code quality tools.
• Experience implementing open-source observability and alerting tools, like Prometheus, Grafana, Cortex, Thanos, Alertmanager etc
• Have decent knowledge on networking (VPC, VNet, DNS etc) and of the TCP/IP stack, internet routing and load balancing.
• Worked with log and configuration management tool
• Prior experience of working with AWS, Azure, GCP is a plus
• Prior experience of working with Kubernetes, Docker and containers is plus
• Strong interpersonal communication skills (including listening, speaking, and writing) and ability to work well in a diverse, team-focused environment with other SREs, Engineers, Product Managers, etc.
• Documenting your work should be in your DNA

What you get

• A chance to develop and build something (probably from scratch) which you can be proud of
• Build and Implement modern systems observability solutions including monitoring, alerting, metrics, logging, and APM & distributed tracing.
• Scale systems sustainably through automation and evolve systems by pushing for changes that improve reliability and velocity.
• Maintain business continuity by identifying and driving opportunities to make systems highly resilient and human-free.
• Closely work with the software engineering team to ensure accurate monitoring and metrics are being built into applications before going to production.
• Develop and maintain software modules for use and re-use in cloud and on-premise systems automation.
• Identify process gaps and implement process improvements to increase operational reliability
• Drive standardization efforts across the services, infrastructure, systems, and practices
• Develop Systems & Tools to help with Development team to uphold the Reliability principles

• 5+ years of software development or site reliability engineering or equivalent experience
• Skilled at problem solving, algorithms, and data structures
• Building tools and scripting frameworks from scratch
• Working with Cloud Automation tools like CloudFormation, Terraform, CDK, aws-cli
• Scripting languages like Python, Groovy, PowerShell, Bash, Perl etc.
• Configuration automation using Ansible or equivalent tools
• Exposure to Windows, Linux administration skills
• Project management tools like Jira, Trello
• Prior experience in dealing with Datastore technologies like Postgres, MySQL, SQL, DynamoDB is desirable
• Familiarity with basic networking, security and cloud engineering concepts
• Team player who is eager to help others to succeed through mentoring and leading by example
• Highly collaborative with effective written and verbal communication skills