5+ Information security Jobs in Pune | Information security Job openings in Pune

PortOne is re−imagining payments in Korea and other international markets. We are a Series B funded startup backed by prominent VC firms Softbank and Hanwa Capital

https://portone.io/global/en

PortOne provides a unified API for merchants to integrate with and manage all of the payment options available in Korea and SEA Markets - Thailand, Singapore, Indonesia etc. It's currently used by 2000+ companies and processing multi-billion dollars in annualized volume. We are building a team to take this product to international markets, and looking for engineers with a passion for fintech and digital payments.

Culture and Values at PortOne

• You will be joining a team that stands for Making a difference.
• You will be joining a culture that identifies more with Sports Teams rather than a 9 to 5 workplace.
• This will be remote role that allows you flexibility to save time on commute
• Your will have peers who are/have
• Highly Self Driven with A sense of purpose
• High Energy Levels - Building stuff is your sport
• Ownership - Solve customer problems end to end - Customer is your Boss
• Hunger to learn - Highly motivated to keep developing new tech skill sets

Who you are ?

* You are an athlete and Devops/DevSecOps is your sport.

* Your passion drives you to learn and build stuff and not because your manager tells you to.

* Your work ethic is that of an athlete preparing for your next marathon. Your sport drives you and you like being in the zone.

* You are NOT a clockwatcher renting out your time, and NOT have an attitude of "I will do only what is asked for"

* Enjoys solving problems and delight users both internally and externally

* Take pride in working on projects to successful completion involving a wide variety of technologies and systems

* Posses strong & effective communication skills and the ability to present complex ideas in a clear & concise way

* Responsible, self-directed, forward thinker, and operates with focus, discipline and minimal supervision

* A team player with a strong work ethic

Experience

* 2+ year of experience working as a Devops/DevSecOps Engineer

* BE in Computer Science or equivalent combination of technical education and work experience

* Must have actively managed infrastructure components & devops for high quality and high scale products

* Proficient knowledge and experience on infra concepts - Networking/Load Balancing/High Availability

* Experience on designing and configuring infra in cloud service providers - AWS / GCP / AZURE

* Knowledge on Secure Infrastructure practices and designs

* Experience with DevOps, DevSecOps, Release Engineering, and Automation

* Experience with Agile development incorporating TDD / CI / CD practices

Hands on Skills

* Proficient in atleast one high level Programming Language: Go / Java / C

* Proficient in scripting - bash scripting etc - to build/glue together devops/datapipeline workflows

* Proficient in Cloud Services - AWS / GCP / AZURE

* Hands on experience on CI/CD & relevant tools - Jenkins / Travis / Gitops / SonarQube / JUnit / Mock frameworks

* Hands on experience on Kubenetes ecosystem & container based deployments - Kubernetes / Docker / Helm Charts / Vault / Packer / lstio / Flyway

* Hands on experience on Infra as code frameworks - Terraform / Crossplane / Ansible

* Version Control & Code Quality: Git / Github / Bitbucket / SonarQube

* Experience on Monitoring Tools: Elasticsearch / Logstash / Kibana / Prometheus / Grafana / Datadog / Nagios

* Experience with RDBMS Databases & Caching services: Postgres / MySql / Redis / CDN

* Experience with Data Pipelines/Worflow tools: Airflow / Kafka / Flink / Pub-Sub

* DevSecOps - Cloud Security Assessment, Best Practices & Automation

* DevSecOps - Vulnerabiltiy Assessments/Penetration Testing for Web, Network and Mobile applications

* Preferrable to have Devops/Infra Experience for products in Payments/Fintech domain - Payment Gateways/Bank integrations etc

What will you do ?

Devops

* Provisioning the infrastructure using Crossplane/Terraform/Cloudformation scripts.

* Creating and Managing the AWS EC2, RDS, EKS, S3, VPC, KMS and IAM services, EKS clusters & RDS Databases.

* Monitor the infra to prevent outages/downtimes and honor our infra SLAs

* Deploy and manage new infra components.

* Update and Migrate the clusters and services.

* Reducing the cloud cost by enabling/scheduling for less utilized instances.

* Collaborate with stakeholders across the organization such as experts in - product, design, engineering

* Uphold best practices in Devops/DevSecOps and Infra management with attention to security best practices

DevSecOps

* Cloud Security Assessment & Automation

* Modify existing infra to adhere to security best practices

* Perform Threat Modelling of Web/Mobile applications

* Integrate security testing tools (SAST, DAST) in to CI/CD pipelines

* Incident management and remediation - Monitoring security incidents, recovery from and remediation of the issues

* Perform frequent Vulnerabiltiy Assessments/Penetration Testing for Web, Network and Mobile applications

* Ensure the environment is compliant to CIS, NIST, PCI etc.

Here are examples of apps/features you will be supporting as a Devops/DevSecOps Engineer

* Intuitive, easy-to-use APIs for payment process.

* Integrations with local payment gateways in international markets.

* Dashboard to manage gateways and transactions.

* Analytics platform to provide insights

Job Brief:

You'll be joining Mindtickle’s InfoSec and Compliance team, which is responsible for various functions related to Security, Privacy, and Compliance around Mindtickle's rapidly growing cloud platform. You'll play a crucial role in all our compliance & information security initiatives, including but not limited to those arising from regulations (e.g., GDPR, CCPA, UK DPA 2018, FINRA), audit requirements (e.g., SOC 2, HIPAA), and customer/ prospects requests (typically large enterprises).

As Data Privacy & Compliance Manager, you will champion the highest data privacy standards and drive forward compliance across all of Mindtickle. Crucial to this role will be an expert knowledge of international data protection laws and a proactive and pragmatic approach towards data privacy and compliance. 

Key Responsibilities:

• Act as the single point of contact for all privacy-related topics, including communication with customers and prospects, including RFPs, emails, or privacy calls

• Closely working with the internal legal team and external legal counsel to support the review of third parties/customer data processing addendums (DPAs), standard contractual clauses, contracts, and other data protection agreements

• Maintain the data protection terms agreed with customers in a contract management software

• Perform due diligence of new third parties and periodic risk review of existing third parties, including processes around sub-processors

• Support in other industry compliance projects such as ADA, Section 508, WCAG, FINRA, 21 CFR Part 11, etc.

• Lead the assessment of new legislation or other regulatory changes (GDPR, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP) and make recommendations as necessary to ensure that risks are mitigated as well as ongoing compliance

• To work flexibly and collaboratively across all teams in the organization while driving privacy & compliance-related projects, including sales, customer success, product, and engineering

• Own internal and external privacy audit projects, including planning, scoping, need analysis, ongoing project management, and communications with all relevant stakeholders

• Onboard privacy solutions, design, build and deploy data privacy programs on the solutions to ensure compliance with privacy requirements

• Maintain Records of Processing Activities (ROPA) and ensure Privacy By Design for new features/changes in the platform

• Undertake all other reasonable and related tasks associated with this role
  
  

Desired Qualification:

• 5-10 years of experience in data privacy and compliance, with exposure to cloud software platforms

• Extensive experience in data protection and knowledge of relevant legislation, including GDPR, Standard Contractual Clauses, Transfer Impact Assessment, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP, etc.

• Certifications such as CIPP/E, CIPP/US, CIPM, CIPT, etc., are preferred

• Specialist knowledge in a relevant area, e.g., data security and individual rights requests

• Excellent communication, interpersonal, project management, and issue resolution skills

• Excellent analytical skills, organizational skills, ingenuity, and the ability to work as part of a team

• Experience in managing privacy audits and risk management processes

• Demonstrated ability to learn quickly, take the initiative, and drive complex projects

Qualifications & Responsibilities

Year of Experience : 3- 8 yrs

Location : Bangalore, Delhi, Mumbai, Pune

Work on ISO 27001 & NIST based Information Security Management System implementation and sustenance.

-          Responsible for SOX (IT Security Controls) and track the monthly/quarterly/annual control reports and drive effectiveness of SOX controls.

-          Work on Business Continuity Planning, IT Disaster Recovery as per ISO27001 & NIST requirements

-          Assess information security posture, identify the gaps/risks in the existing environment and develop solutions to mitigate the identified gaps/risk

-          Conduct Information Systems audits covering IT infrastructure assets

-          Working knowledge in security domains such as: security governance policies and procedures, risk management, compliance, access control, network security, security architecture, security incident response, disaster recovery, business continuity management, privacy and data protection

-          Experience in leveraging industry standards and frameworks such as ISO/IEC 27001, NIST CSF/800-171, etc.

-          Possesses certifications such as ISO27001 LA. CISSP, CISA certification- preferred

Why NCG?

WHO WE ARE DRIVES WHAT WE DO!

We Don't build the organization; we create an everlasting family. Our people express a sense of winning together when times are good and sticking together when times are tough.

Are you a Doer or Achiever?

Well, at NCG, our doors are Open for Doers and Achievers alike. We are a Cult where we create, innovate, learn and Contribute in a comfortable, transparent, and fair environment.

Joining NCG means contributing to a shared ambition for reliable work culture, tackling extraordinary technological challenges in multicultural teams, preserving your work/life balance, and more!

Our ideal candidate is someone who is an exceptional JS developer with significant experience on React and Node. You should be able to build and support complex applications single-handedly with a keen eye towards UX, design, security and performance. Additionally you will need to have a basic understanding of microservices, API integrations to aid in achieving our vision of building the most robust and scalable integration platform in the B2B Retail + Food verticals. You will be responsible for architecture, design and implementation of the entire system to support thousands of customers globally. Our stack is primarily built around Node, PHP, React, Angular, Mongo, PHP and advanced Infra and DevOps tools such as Kubernetes, Grafana, Prometheus, ELK and more.

Mentoring should come naturally to you, as well as finding the right balance towards process and documentation.

Highlights:
1) You will be working on interesting technical challenges in a product centric and open-source driven environment.
2) You will help set a very high bar on code quality with a focus on test driven development and writing highly performant, fault tolerant and secure code.
3) You will take ownership of product features from conception to implementation, testing deployment and support.
4) A lot of freedom on when and where you work from - just get stuff done.
5) You will open source as much as possible, and blog about cool things that you learnt and built.
6) You will help define who we become as a company.
7) You will get stock options in line with silicon valley standards.


Caveats:
1) We have a strict no-divas rule. There are a lot of smart engineers on the team but no one with an attitude / superiority complex.
2) If you think writing tests for your code, writing docs, doing customer support etc are not your cup of tea, this isn't the right role for you.
3) Similarly, if you're viewing this just as a 20-40% increment opportunity over your current compensation, this isn't the right role or company for you.


This role can be the growth opportunity of a lifetime for anyone who has been operating as a backend lead and wants to grow into a fullstack CTO. Check out the links below if you'd like to learn more about us. We encourage people from underrepresented groups to apply.

1) Why ShoppinPal? - https://www.youtube.com/watch?v=cE7DgtwA0ws" target="_blank">https://www.youtube.com/watch?v=cE7DgtwA0ws
2) Our hiring philosophy and process http://techstory.in/building-startup-team/" target="_blank">http://techstory.in/building-startup-team/
3) Our culture- https://www.shoppinpal.com/culture">https://www.shoppinpal.com/culture