About the Team: Our Engineering team works closely with the Product, Business and Data Science teams to build experiments & features that enable delightful experiences for our Users. Hence we fight a lot and party even more. We are a lean team that learns from each other and iterates rapidly to make a larger impact. Any point in time, we are seen making (and breaking) high user impact features in production. Role: You will be a member of an exceptional cross-functional team of self driven engineers, delivering new features, non-functional and process improvements. You will help us to provide the users with the safer platform. Responsibilities: You will take complete ownership of the whole Security Layer at Pratilipi You will manage the Vulnerability Disclosure Program You will entice engineers in security first thinking You will educate tech/non-tech team members on securing the devices and digital assets You will act as point of contact to third party security providers You will identify potential vulnerabilities in the products and work with team/product owners to prioritize and fix. You will work with infra team to update systems and network with security patches Experience: 3+ yrs Must have: Good Communication Skills Expertise: Web-app security (SQL Injection, XSS, CSRF, RCE, IDOR etc.), OWASP-10 Android-app security (Jailbreak, Application Hooking, Data Caching etc) Architect systems for secure data flow management Hands on experience: Application penetration testing and techniques DevSecOps experience Protocols like TCP/IP, DNS, HTTP, HTTPS, SSH etc. Firewalls, proxies, VPC's, SG's, VPN's Network Penetration testing and techniques Network analysis tools like tcpdump, Wireshark, Burp Suite Identify and Analyse network vulnerabilities, Attack reproduction Vulnerability scanners, IDS/IPS, Application Firewall, VAPT tools: Metasploit, Nessus, etc. Good to have: Linux operating systems Scripting language like Python, Shell, etc Benefits: Medical Insurance You can choose online courses that will help you grow Buy books Mental health consultation You can participate in company ESOPs(Employee Stock Options Program) Do not apply if you are not: Ownership driven Curious in general Able to explain things In simple terms Self motivated Use to work in chaotic environment Highly proactive Willing to mentor and humble to ask for collaboration Most Important, learn & grow yourself!
Key Duties & Responsibilities - Design and Build cloud architecture/infrastructure Provision, maintain and administer MS Azure Cloud Environment Windows server administration. Implement and maintain cloud monitoring, auditing and network management functions. Optimize the processes for cloud-based data storage, backups and restores. Implement cloud security to protect data, applications, and infrastructure. Develop, maintain, and execute Configuration Management scripts. Skills required Experience in server hardening best practices Knowledge of special security arrangements like Network security, DoS Protection, OS firewall, etc Ability to work with software firewalls and web application firewalls Log management and replication to a central server Ability to architect a secure deployment in Azure/Aws cloud using the native abstractions and services provided by respective cloud service providers. Ability to conduct a self VAPT of the network and servers, so that the environments are better prepared for external audits by customers' info sec teams and/or auditors. Ability to use DevOps automation to setup environments from scratch and also patch them from time to time to handle the changes resulting out of various factors e.g. VAPT audits, customer requests Experience building solutions using MS Azure DevOps. Knowledge of general networking concepts (e.g., DNS, TCP/IP, and firewalls). Experience development & maintenance of a CI/CD system. In-depth knowledge of build and deployment automation technologies. An attitude and ability to take ownership and deliver a high-quality product, on time. Experience of implementing DevOps Experience in DevOps Architectural decisions, tools selection, best practices. Constant research and learning on new tools and technologies in DevOps space.
Network/Security Cloud Specialist/Architect position. AWS-specific skills – MUST: (Networking: vpc, virtual gateway, Route53, Direct Connect Gateway, transit vpc, transit gateway, lambda, endpoints, load balancers) and (Security: ACM, WAF, Config, CloudWatch, Flow-logs, IAM, ES etc.) Security Architecture: Build Cloud Network Architecture to support Encryption of Data at rest and transit Other services such as Guardrail, GuardDuty, AWS shield, CloudFront, AWS Control Tower, Inspector Azure-specific skills (Networking: vnet, vnet peering, udr, sdr, expressroute, nsg, load balancers, endpoints.) Experience with automated configuration and deployment: Terraform or other Infrastructure as Code (IAC) frameworks Experience with distributed version-control systems: git/github 8+ years of Strong Enterprise networking with Routing/Switching configuration/diagnostic experience in Global Network infrastructure design delivery of WAN, LAN, Firewall, and F5. Experience with Cisco hardware and OS : Catalyst switches, ISR/ASR routers, ASA Strong practical experience with Palo Alto firewalls is a MUST (VM series, CN series and other DC models) Strong understanding of the following Network protocols: BGP, IPSec and IPSec VTI VPN Experience and in-depth understanding of TCP/IP packets with ability to analyze captured packets for deep troubleshooting. Scripting (Python, Ansible, Tower) experience is a plus Work closely with the Network architecture, security and application teams to rollout new designs and perform activities for supporting cloud application migration projects. Leverage his/her prior experience with Azure and AWS to implement global connectivity Secure solutions. Implement an automated process for cloud network environment eliminating manual and repetitive tasks Create and maintain Infrastructure as Code (IAC) using industry standard platforms. Implement industry standard cloud network security practices during build activities and maintain it throughout the lifecycle. Perform functional testing to verify implementation meet production acceptance standards Provide support of cloud network services for complex issues
Why are we building Urban Company? The local and home services industry is very fragmented and unorganized. Prior to Urban Company, hiring a plumber, beautician, yoga trainer, math tutor etc. was a painful process. There were no standards, no concept of trust, pricing inefficiencies etc. In a nutshell, the industry was shackled in the “yellow pages” era, and had seen no fundamental innovation for far too long. The Urban Company team is young and passionate, and we see a massive disruption opportunity in his industry. By leveraging technology, and a set of simple yet powerful processes, we wish to build a platform that can organize the world of services - and bring them to your finger-tips. We believe there is immense value (akin to serendipity) in bringing together customers and professionals looking for each other. In the process, we hope to impact the lives of millions of service entrepreneurs, and transform service commerce they way Amazon transformed product commerce. Why are we building Urbancomapny?Organized service commerce is a large yet young industry in India. While India is a very large market for a home and local services (~USD 50 Billion in retail spends) and expected to double in the next 5 years, there is no billion-dollar company in this segment today. The industry is bare ~20 years old, with a sub-optimal market architecture typical of an unorganized market - fragmented supply side operated by middlemen. As a result, experiences are broken for both customers and service professionals, each largely relying upon word of mouth to discover the other. The industry can easily be 1.5-2x larger than it is today if the frictions in user and professional's journeys are removed - and the experiences made more meaningful and joyful. The Urban Company team is young and passionate, and we see a massive disruption opportunity in his industry. By leveraging technology, and a set of simple yet powerful processes, we wish to build a platform that can organize the world of services - and bring them to your finger-tips. We believe there is immense value (akin to serendipity) in bringing together customers and professionals looking for each other. In the process, we hope to impact the lives of millions of service entrepreneurs, and transform service commerce they way Amazon transformed product commerce.Job Description :Urbancompany has grown 3x YOY and so as our tech stack. We have evolved in data-driven approach solving for products over the last few years. We deal with around 10TB in data analytics with around 50Mn/day. We adopted platform thinking pretty at the very early stage of UC. We started building central platform teams who are dedicated solve for core engineering problems around a 2-3 years ago and now it has evolved to a full-fledged vertical. Out platform vertical majorly includes Data Engineering, Service and Core Platform, Infrastructure and Security. We are looking for Security Engineers to build security vertical from scratch. Person who loves hacking, standardisation, have strong knowledge and hands-on experience around building security platform and dictating strong security practices will be an ideal fit here.Job Responsibilities Working on complex design and architectural problems. Solving security vulnerabilities and building highly insightful security platform Experience in conducting VAPT and handle data security Visioning out the roadmap and thought process behind taking current security loopholes and plan to take it to next level Building and maintaining the high NPS of 70% of Urbancomapny security Strong decision-maker with hands-on experience around coding Think about abstractions, systems, and services and write high-quality code. Think through complex architecture to build robust platforms to solve for security loopholes, automation and protection Job Requirements A thinker with strong opinions and ability to get those opinions into reality Prior experience of creating complex systems in the past. Ability to build scalable, sustainable, reliable, and secure products based on past experience. Ability to bring new practices, architectural choices, and new initiatives onto the table to make the overall tech stack more robust. History and familiarity with server-side architecture based on APIs, databases, infrastructure, and systems. Ability to own the technical road map for systems/components. What can you expect? A phenomenal work environment, with massive ownership and growth opportunities. A high performance, high velocity environment at the cutting edge of growth. Strong ownership expectation and freedom to fail. Quick iterations and deployments – fail-fast attitude. Opportunity to work on cutting edge technologies. Massive, and direct impact of the work you do on lives of people. Having the skin in the game with lucrative ESOPs
- 10+ Years of experience in a technical position helping enterprise customers.- 5+ Years of leading an engagement.- 5+ Years developing and implementing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms.- 4+ Years on any Cloud Platform (AWS, Azure, Google, others).- Master's or Bachelor's degree in Information Science / Information Technology, Computer Science.- Deep hands-on experience leading the design, development and deployment of business software at scale.- Experience with service-oriented architectures, private and public clouds and web services security.- Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, Infrastructure and Network Security, Data protection, and Incident response.- Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography.- Experience advising customers on architectures meeting industry standards such as PCI DSS, ISO 27xxx, SOC, HIPAA, GDPR, and NIST/DoD frameworks.- Experience with enterprise risk management methods and techniques to drive successful outcomes in a global enterprise environment.- Good understanding of Enterprise Networks, Security and Identity Access Management.- Configuration management using CloudFormation and/or Chef/Puppet.- Experience with agile approaches and Experience in DevOps or DevSecOps, and how they impact risk management and compliance.- Hands-on technical expertise in technology automation, implementation, integration, and/or deployment using scripting and/or IaaC.- Knowledge of professional software engineering practices & best practices for the full software development life cycle, including coding standards, code reviews, source control management, libraries building, build processes, testing, and operations.- Demonstrated ability to mentor other software developers to maintain architectural vision and software quality.- Experience taking a lead role developing complex software systems that have successfully been delivered to customers.- Ability to travel to customer sites as needed.PREFERRED QUALIFICATIONS:- AWS Solutions Architect Certified.- AWS Security Speciality Certified.- CISSP, CCSP, CISM, and/or other comparable certifications.
We’re building our Engineering team at Assembly, a fast-growing start-up based in Los Angeles and Bangalore! Our peer-to-peer recognition platform offers organizations a better way to engage employees and drive organizational culture. About you: As a DevOps Engineer, you will be responsible for the design, development, testing, and deployment of products that help companies communicate with their customers in deep and personal ways. You are passionate about company culture. You love challenging yourself to constantly improve, and you share your knowledge to empower others. You are self-directed and scrappy, able to solve problems effectively without compromising the product. You look beyond the surface to understand the root causes so that you can build long-term solutions for the whole ecosystem. And finally, you enjoy being a part of a small but mighty team with a mission of changing the way companies engage their employees! Responsibilities Design and implement the infrastructure needed to support our product teams Define infrastructure and operational patterns Scale our team and infrastructure through automation and monitoring Contribute to meeting our security standards and our compliance requirements for SOC 2 & GDPR Requirements Experience with AWS. Experience with Infrastructure as Code (e.g. Terraform) Knowledge about Containers and orchestration tools (e.g. Kubernetes, ECS) Experience with Security, Data and Privacy protection CI/CD Knowledge Familiarity with general monitoring and logging principles At Assembly, we are committed to building a diverse and inclusive company. We seek to create a culture where everyone can belong because we believe that people do their best work when they can show up every day as their authentic selves. We welcome people of different backgrounds, experiences, abilities, and perspectives. Assembly is an equal opportunity employer. We do not make hiring or employment decisions on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, disability status, or genetic information, in compliance with applicable federal, state and local law.
Description :We are looking for candidates with the below experience.- Mandatory experience on any ofa) Cylance Protect and Opticsb) Crowdstrike Falcon Insightc) Sentinel One ActiveEDRd) Carbon Black EDR- Hands-on experience in security incident response lifecycle and its phases- Should have experience in L1 and L2 in EDR- Hands-on experience in event and log analysis on Windows endpoints- Overall experience: 3-7 years, Relevant experience: 2+ yearsPlease note : Candidate should have experience in the below skills must :- EDR Experience- EDR Product Worked on and which level of support they are working on- Incident Response- Malware Analysis- Flexible for shifts
Job Description Roles and Responsibilities: • Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Android, iOS and Web. • Ability to flow from black box to grey box to white box tests. • Ability to effectively work with the engineering teams to provide technical risk. assessment of technologies in networks, applications, code reviews in the release management cycle. • Ability to perform vulnerability assessments and penetration testing, utilizing tools - commercial and open source. • Perform, review and analyze security vulnerability data to identify applicability and false-positives. • Conduct penetration testing in line with Open Web Application Security Project (OWASP) • Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment. Required Skills and Abilities: • OWASP top 10 • Security Pen Testing methodologies including automated scans and manual methods • Tools including Burp, Nexpose, NMap, Whois etc. is a plus • Good Hands-On with Linux Debian Flavors and security hardening of the same • Understanding of Web Servers and HTTP 1.0/1.1 Protocol • Troubleshooting web servers like Apache, Nginx and other reverse proxy platforms • Basic understanding of NodeJS, Python and JAVA • TCP/IP networking including IP classes, subnets, NAT • SSL Handshake and Certificates - Understanding • DNS, and DHCP, Network troubleshooting • Remote access methods • Backup and disaster recovery methodologies • Network analysis tools • Good Hands-on using Linux Debian Flavors • Experience with security issues in Cloud Technologies (AWS) is a plus • Ability to grasp new technology concepts quickly • Good documentation skills • Ability to work in a team environment and interact with people • Knowledge and understanding of basic information security principles • Should be aware of the latest Major Application Zero-day vulnerabilities • Should be able to understand security alerts and take necessary actions accordingly Education and Experience: • Bachelor’s degree in information technology related field