Security Researcher

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

• Contribute to and improve secure SDLC practice
• Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
• Designing and implementing cloud and network security solutions.
• Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
• Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
• Proactively identify vulnerabilities across our platform and work with developers in fixing them.
• Automate and simplify security, as “Complexity is the enemy of Security”.
• Handle Vulnerability Management and Patch Management processes.
• Participate in the investigation related to Privacy/Security incidents and response activities.
• Work with DevOps to implement the security tools and automation of the security tasks.
• Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
• Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

• A minimum of 4 years of experience as an AppSec Engineer
• Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
• Hands-on experience in secure code review and automation of common security workflows.
• Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
• Good understanding of OWASP and SANS testing methodologies.
• Good understanding of software security weaknesses and vulnerabilities.
• Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
• Ability to contribute as an individual and as part of a team
• Working knowledge of any scripting language; Python or Go preferred
• Experience in writing custom tools/scanners/extenders is a plus
• Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!

Key Responsibility Areas:

Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex Web applications, operating systems, wired and wireless networks, and mobile applications/devices Delivering targeted and intelligence led security penetration testing through a robust testing methodology and process Craft and develop scripts, frameworks, tools, and the methods required for facilitating and executing sophisticated charges, emulating malicious actor behavior sought at avoiding detection Conduct security assessments on a wide variety of technologies and implementations Develop and maintain security testing plans Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology Automate penetration and other security testing on networks, systems and applications Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk Produce actionable, threat-based, reports on security testing results Act as a source of direction, training, and guidance for less experienced staff Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators Foster and maintain relationships with key stakeholders and business partners

Required Skills:

2 to 6 years of experience in information security with web application and network penetration testing experience Fluent in common cyber security domains such as cloud security, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence Strong understanding of OWASP top 10.

Experience or knowledge of IT security risk assessments and gap analysis In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) Hands on experience with testing frameworks such as the PTES and OWASP Experience of functional testing, UI/UX testing and manual testing, Load, Performance testing across multiple browsers and devices Hands-on experience in designing and writing test automation scripts using test automation frameworks and knowledge on API Testing Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud

Qualification: Masters/Bachelor’s Degree

 

 

Information Security Specialist

Notice Period: 45 days / Immediate Joining

 

Banyan Data Services (BDS) is a US-based data-focused Company that specializes in comprehensive data solutions and services, headquartered in San Jose, California, USA. 

 

We are looking Information Security Specialist who has the expertise and deep knowledge of Information security regulations, compliance, and SIEM tools, and the ability to develop, describe and implement Security Baselines and Policies.

 

It's a once-in-a-lifetime opportunity to join our rocket ship startup run by a world-class executive team. We are looking for candidates that aspire to be a part of the cutting-edge solutions and services we offer that address next-gen data evolution challenges. 

 

Key Qualifications

 

· Design, deploy, and support Information Security Solutions provided by BDS

 

· Assist clients to carry out the IT Risk Management assessment on both on-prem and cloud platforms

 

· Provide subject matter expertise on IT security compliances during the security audits to meet various security governances.

 

· Research and strategic analysis of existing, and evolving all IT and data security technologies

 

· Establish baselines to define required security controls for all infrastructure components and application stack

 

· Follow latest vulnerabilities and threats intelligence updates across a wide range of technologies and make recommendations for improvements in the security baselines.

 

· Overseeing security event monitoring, understand the impact, and coordinate remediation efforts

 

· Create and optimize the SIEM rules to adjust the specification of alerts in responding to incident follow up

 

· Must be able to work a flexible schedule during off-hours

 

Key Skills & Qualification

 

· Minimum of 4 years relevant work experience in information/cyber security, audit, and compliance

 

· Certifications in any of technical security specialty (e.g., CISA, CISSP, CISM)

 

· Experience in managing SIEM products like Arcsight, Qradar, Sumo Logic, RSA NetWitness Suite, ELK, Splunk

 

· Exposure of the security audit tools on public cloud platforms

 

· Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture

 

· Certified Ethical Hacker would be a plus

 

· Handling of Security audits is a must

 

· Proven interpersonal skills while contributing to team effort by accomplishing related results

 

· Passion for learning new technologies and the ability to do so quickly.

http://www.banyandata.com" target="_blank">www.banyandata.com 

Position: IT Auditor

Experience: 4-12 Years

Location: Pune

Key Skills Required:

CISA, CISSP, CISM, IT Audit, Technology Audit, IT Infrastructure Audit, Application Security Audit, Information Security Audit, Cyber Security Audit, Cloud Security, Ethical Hacker

Additional key words: Vulnerability assessment, Penetration Testing, ITGC testing, Cloud Computing,

 

 

IT AUDITOR is responsible to plan and perform the audit assignment starting from audit announcement, audit planning, field work, audit quality reviews, pre-closing / closing meetings with the respective Directors / Head of the Departments including writing of the audit report and its finalization as well as follow up of the audit actions. Additionally IT AUDITOR will also be responsible to:
•    Evaluate IT systems, processes and projects in place;
•    Determine risks to the Group’s information assets, and help identify methods to minimize those risks;
•    Ensure information management processes are in compliance with IT-specific laws, policies and standards;
•    Determine inefficiencies in IT systems, IT projects and associated management processes and
•    Consult in IT projects, new initiatives and organizational frameworks.

Description

 

Audit Planning

1)    Perform audits at Volkswagen Group entities. and other concerned Volkswagen Group Companies with focus on IT processes keeping the associated business risks in mind.
2)    Participate in the preparation of audit objective & scope document along with audit schedule based on the audit objective and timeline specified by Head of IT Audit India Hub.
3)    Participate in the preparation of work program

Audit Process

1)     Prepare and conduct preparatory interviews with the Directors and Heads of the audited departments to identify the processes to be assessed during the audit.
2)     Request and collect relevant audit data for analysis from respective business areas.
3)     Prepare audit matrix on periodic basis to record the audit field work and update the progress of the audit to IT Audit Manager and the Head of IT Audit Hub India.
4)    Define actions including relevant controls to mitigate the business risks identified based on the evidences provided during the audit.
5)    Organize and conduct pre-closing meetings with business areas to agree upon audit observations and relevant actions.
6)    Prepare and conduct closing meetings with the Directors / Heads of the Department for audited division to agree upon the audit observations, risks and proposed actions.
7)    Prepare the draft audit report and submit the same to the  IT Audit Manager and the Head of IT Audit India Hub for review.
8)    Ensure that adequate documentation is prepared for the audit assignment. Peer review changes are done before release of the final audit report to the business area.
9)    Contact business area to review the progress of the implementation of audit actions defined in the final audit report. Based on the review, write the status of the follow up and submit the same for upload in RIAS.
10)    Obtain necessary certifications / qualifications to support the job requirements by attending relevant trainings
11)    Support the conduction of unscheduled audits/special investigations and audits from the anti-corruption system.
12)    Relevant knowledge is shared among the team members.
13)    Consult in IT projects, new initiatives and organizational frameworks.
14)    Ensure information management processes are in compliance with IT-specific laws, policies and standards.
15)    Determine risks to the Group’s information assets, and help identify methods to minimize those risks.
16)    Evaluate IT systems, processes and projects in place.
17)    Determine inefficiencies in IT systems, IT projects and associated management processes.

Job Responsibilities:

 

Experience: 8 Yrs to 12 Yrs

 

1. Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
2. Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
3. have done any submission on Bug crowd or Bug Bounty.
4. have developed tools or scripts for web pen test on GitHub.
5. Certified on OSCP
6. Threat Modeling
7. Network scan in stealth mode or simple scan using Nmap and Burp suite

 

Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.

 

Developing different ways to solve the existing threats and security issues.

 

Configuring and implementing intrusion detection systems and firewalls.

 

Security product development, testing, and implementation.

 

Responsible for security technology research, penetration testing, and vulnerability scanning.

 

Please follow the below inputs.

 

The shift will starts from 03:00 PM to 12 AM (fixed for few months),

 

 

OSCP certification(Not mandatory, preferable)

 

Below are the primary key skills:

 

Total Application Security Experience:

Total Security Architecture Experience:

IOT(optional)

MOBILE

WEB

AWS(Mandatory)

NETWORKING

THREAT MODELS

 

 

Why are we building Urban Company?

 

The local and home services industry is very fragmented and unorganized. Prior to Urban Company, hiring a plumber, beautician, yoga trainer, math tutor etc. was a painful process. There were no standards, no concept of trust, pricing inefficiencies etc. In a nutshell, the industry was shackled in the “yellow pages” era, and had seen no fundamental innovation for far too long.

The Urban Company team is young and passionate, and we see a massive disruption opportunity in his industry. By leveraging technology, and a set of simple yet powerful processes, we wish to build a platform that can organize the world of services - and bring them to your finger-tips. We believe there is immense value (akin to serendipity) in bringing together customers and professionals looking for each other. In the process, we hope to impact the lives of millions of service entrepreneurs, and transform service commerce they way Amazon transformed product commerce.

 

Why are we building Urbancomapny?

Organized service commerce is a large yet young industry in India. While India is a very large market for a home and local services (~USD 50 Billion in retail spends) and expected to double in the next 5 years, there is no billion-dollar company in this segment today.

 

The industry is bare ~20 years old, with a sub-optimal market architecture typical of an unorganized market - fragmented supply side operated by middlemen. As a result, experiences are broken for both customers and service professionals, each largely relying upon word of mouth to discover the other. The industry can easily be 1.5-2x larger than it is today if the frictions in user and professional's journeys are removed - and the experiences made more meaningful and joyful.

 

The Urban Company team is young and passionate, and we see a massive disruption opportunity in his industry. By leveraging technology, and a set of simple yet powerful processes, we wish to build a platform that can organize the world of services - and bring them to your finger-tips. We believe there is immense value (akin to serendipity) in bringing together customers and professionals looking for each other. In the process, we hope to impact the lives of millions of service entrepreneurs, and transform service commerce they way Amazon transformed product commerce.

Job Description :

Urbancompany has grown 3x YOY and so as our tech stack. We have evolved in data-driven approach solving for products over the last few years. We deal with around 10TB in data analytics with around 50Mn/day.  We adopted platform thinking pretty at the very early stage of UC. We started building central platform teams who are dedicated solve for core engineering problems around a 2-3 years ago and now it has evolved to a full-fledged vertical. Out platform vertical majorly includes Data Engineering, Service and Core Platform, Infrastructure and Security. We are looking for Security Engineers to build security vertical from scratch. Person who loves hacking, standardisation, have strong knowledge and hands-on experience around building security platform and dictating strong security practices will be an ideal fit here.

Job Responsibilities

• Working on complex design and architectural problems.
• Solving security vulnerabilities and building highly insightful security platform
• Experience in conducting VAPT and handle data security
• Visioning out the roadmap and thought process behind taking current security loopholes and plan to take it to next level
• Building and maintaining the high NPS of 70% of Urbancomapny security
• Strong decision-maker with hands-on experience around coding
• Think about abstractions, systems, and services and write high-quality code.
• Think through complex architecture to build robust platforms to solve for security loopholes, automation and protection 

 

Job Requirements

• A thinker with strong opinions and ability to get those opinions into reality
• Prior experience of creating complex systems in the past.
• Ability to build scalable, sustainable, reliable, and secure products based on past experience.
• Ability to bring new practices, architectural choices, and new initiatives onto the table to make the overall tech stack more robust.
• History and familiarity with server-side architecture based on APIs, databases, infrastructure, and systems.
• Ability to own the technical road map for systems/components.

 

What can you expect?

• A phenomenal work environment, with massive ownership and growth opportunities.
• A high performance, high velocity environment at the cutting edge of growth.
• Strong ownership expectation and freedom to fail.
• Quick iterations and deployments – fail-fast attitude.
• Opportunity to work on cutting edge technologies.
• Massive, and direct impact of the work you do on lives of people.
• Having the skin in the game with lucrative ESOPs

- Artivatic is a technology startup that uses AI/ML/Deep learning to build intelligent products & solutions for finance, healthcare & insurance businesses. It is based out of Bangalore with 20+ team focus on technology. The artivatic building is cutting edge solutions to enable 750 Million plus people to get insurance, financial access, and health benefits with alternative data sources to increase their productivity, efficiency, automation power, and profitability, hence improving their way of doing business more intelligently & seamlessly. - Artivatic offers lending underwriting, credit/insurance underwriting, fraud, prediction, personalization, recommendation, risk profiling, consumer profiling intelligence, KYC Automation & Compliance, automated decisions, monitoring, claims processing, sentiment/psychology behavior, auto insurance claims, travel insurance, disease prediction for insurance and more. - We have raised US $300K earlier and built products successfully and also done few PoCs successfully with some top enterprises in Insurance, Banking & Health sector. Currently, 4 months away from generating continuous revenue.We at Artivatic Data Labs Private Limited, are looking for Tech/Communication Content Writer & Strategist. Artivatic (artivatic.AI) is Enterprise AI Platform for automated decision making. Skills : - Good communication skills- Writing passion- Understands research content writing- API Documentation - Technical paper writing- Email Writing- Whitepapers & PPTs, - Web content, email content and interactive social media content Qualification :- Communication/Business Graduate - Have technical and science understanding - Passion for writingIf you live with words in your mind, then this job is for you.

Job Description Roles and Responsibilities: • Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Android, iOS and Web. • Ability to flow from black box to grey box to white box tests. • Ability to effectively work with the engineering teams to provide technical risk. assessment of technologies in networks, applications, code reviews in the release management cycle. • Ability to perform vulnerability assessments and penetration testing, utilizing tools - commercial and open source. • Perform, review and analyze security vulnerability data to identify applicability and false-positives. • Conduct penetration testing in line with Open Web Application Security Project (OWASP) • Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment. Required Skills and Abilities: • OWASP top 10 • Security Pen Testing methodologies including automated scans and manual methods • Tools including Burp, Nexpose, NMap, Whois etc. is a plus • Good Hands-On with Linux Debian Flavors and security hardening of the same • Understanding of Web Servers and HTTP 1.0/1.1 Protocol • Troubleshooting web servers like Apache, Nginx and other reverse proxy platforms • Basic understanding of NodeJS, Python and JAVA • TCP/IP networking including IP classes, subnets, NAT • SSL Handshake and Certificates - Understanding • DNS, and DHCP, Network troubleshooting • Remote access methods • Backup and disaster recovery methodologies • Network analysis tools • Good Hands-on using Linux Debian Flavors • Experience with security issues in Cloud Technologies (AWS) is a plus • Ability to grasp new technology concepts quickly • Good documentation skills • Ability to work in a team environment and interact with people • Knowledge and understanding of basic information security principles • Should be aware of the latest Major Application Zero-day vulnerabilities • Should be able to understand security alerts and take necessary actions accordingly Education and Experience: • Bachelor’s degree in information technology related field

Requirements:

• Overall experience in the field of Information risk and security related initiatives/ projects.
• Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience in conducting VAPT.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
• Strong ethics and understanding of ethics in business and information security.
• Should have exposure to Code review, Network VA/PT and App VA/PT work.
• Understanding and familiarity with common code review methods and standards.
• Experience with code scanning toolsets such as Fortify and Ounce.
• Understanding of HTTP and web programming.
• Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.