10+ Vulnerability assessment Jobs in India

Key Responsibilities:

1. Threat Research: Work on researching emerging cyber threats specifically. You will monitor threat actor activities, study their tactics, techniques, and procedures (TTPs), and help identify potential risks.

2. Alert Triage and Incident Analysis: Support the analysis of security alerts generated by our in-house platform. You will work alongside the team to identify critical issues and provide timely

intelligence to help mitigate threats.

3. Data Collection and OSINT: Assist in gathering and analyzing data using Open Source Intelligence (OSINT) methodologies. You will help collect relevant information to support ongoing threat investigations.

4. Report Preparation: Contribute to the preparation of threat intelligence reports for internal and external stakeholders. You will learn how to convey complex technical information in a clear and

actionable manner.

5. SOP Development: Collaborate with the team to develop and refine Standard Operating Procedures (SOPs) for systematic threat analysis. Your input will help ensure that our procedures are efficient and scalable.

6. Cross-functional Collaboration: Work closely with various teams, including product development and data acquisition, to support the integration of new intelligence sources and improve the effectiveness of our threat intelligence platform.

Key Qualifications:

Educational Background: Completed a degree in Cybersecurity, Computer Science, Information Technology, or a related field.

Basic Knowledge of Cybersecurity: A foundational understanding of cybersecurity concepts, including web application security, threat analysis, and vulnerability assessment.

Familiarity with OSINT: Basic knowledge of Open Source Intelligence (OSINT) tools and methodologies for data collection.

Technical Skills: Familiarity with scripting languages such as Python, Ruby, or GO is a plus.

Experience with automation and data analysis tools will be advantageous.

Communication Skills: Strong written and verbal communication skills, with the ability to learn how to convey technical findings effectively.

Problem-Solving and Adaptability: A proactive attitude with strong problem-solving skills. You should be comfortable learning in a fast-paced and dynamic environment.

Additional Skills:

Interest in Cybersecurity Challenges: Participation in bug bounty programs, Capture The Flag (CTF) challenges, or cybersecurity competitions is a plus.

Willingness to Learn: A keen interest in developing skills in threat intelligence, threat actor profiling, and behavioral analysis.

Summary:

● We are seeking a highly motivated and experienced Cyber security

● Expert to join our team. You will be responsible

for safeguarding our IT infrastructure, data, and applications from cyber threats.

● You will have a deep understanding of server, endpoint, mail, and infrastructure security and possess strong incident response skills.

● Additionally, you will be well-versed in relevant regulations and how to navigate them during data breaches.

Responsibilities:

● Implement and maintain comprehensive security controls for servers, endpoints, mail, and infrastructure.

● Conduct regular vulnerability assessments and penetration testing.

● Monitor security logs and SIEM systems for suspicious activity.

● Investigate and respond to security incidents, including data breaches.

● Develop and implement incident response plans and procedures.

● Stay up-to-date on the latest cyber threats and vulnerabilities.

● Provide security awareness training to employees.

● Advise on and implement security best practices throughout the organization.

● Understand and comply with relevant data privacy and security regulations (e.g., HIPAA, GDPR, PCI DSS).

● Work collaboratively with IT, business units, and legal teams.

PortOne is re−imagining payments in Korea and other international markets. We are a Series B funded startup backed by prominent VC firms Softbank and Hanwa Capital

https://portone.io/global/en

PortOne provides a unified API for merchants to integrate with and manage all of the payment options available in Korea and SEA Markets - Thailand, Singapore, Indonesia etc. It's currently used by 2000+ companies and processing multi-billion dollars in annualized volume. We are building a team to take this product to international markets, and looking for engineers with a passion for fintech and digital payments.

Culture and Values at PortOne

• You will be joining a team that stands for Making a difference.
• You will be joining a culture that identifies more with Sports Teams rather than a 9 to 5 workplace.
• This will be remote role that allows you flexibility to save time on commute
• Your will have peers who are/have
• Highly Self Driven with A sense of purpose
• High Energy Levels - Building stuff is your sport
• Ownership - Solve customer problems end to end - Customer is your Boss
• Hunger to learn - Highly motivated to keep developing new tech skill sets

Who you are ?

* You are an athlete and Devops/DevSecOps is your sport.

* Your passion drives you to learn and build stuff and not because your manager tells you to.

* Your work ethic is that of an athlete preparing for your next marathon. Your sport drives you and you like being in the zone.

* You are NOT a clockwatcher renting out your time, and NOT have an attitude of "I will do only what is asked for"

* Enjoys solving problems and delight users both internally and externally

* Take pride in working on projects to successful completion involving a wide variety of technologies and systems

* Posses strong & effective communication skills and the ability to present complex ideas in a clear & concise way

* Responsible, self-directed, forward thinker, and operates with focus, discipline and minimal supervision

* A team player with a strong work ethic

Experience

* 2+ year of experience working as a Devops/DevSecOps Engineer

* BE in Computer Science or equivalent combination of technical education and work experience

* Must have actively managed infrastructure components & devops for high quality and high scale products

* Proficient knowledge and experience on infra concepts - Networking/Load Balancing/High Availability

* Experience on designing and configuring infra in cloud service providers - AWS / GCP / AZURE

* Knowledge on Secure Infrastructure practices and designs

* Experience with DevOps, DevSecOps, Release Engineering, and Automation

* Experience with Agile development incorporating TDD / CI / CD practices

Hands on Skills

* Proficient in atleast one high level Programming Language: Go / Java / C

* Proficient in scripting - bash scripting etc - to build/glue together devops/datapipeline workflows

* Proficient in Cloud Services - AWS / GCP / AZURE

* Hands on experience on CI/CD & relevant tools - Jenkins / Travis / Gitops / SonarQube / JUnit / Mock frameworks

* Hands on experience on Kubenetes ecosystem & container based deployments - Kubernetes / Docker / Helm Charts / Vault / Packer / lstio / Flyway

* Hands on experience on Infra as code frameworks - Terraform / Crossplane / Ansible

* Version Control & Code Quality: Git / Github / Bitbucket / SonarQube

* Experience on Monitoring Tools: Elasticsearch / Logstash / Kibana / Prometheus / Grafana / Datadog / Nagios

* Experience with RDBMS Databases & Caching services: Postgres / MySql / Redis / CDN

* Experience with Data Pipelines/Worflow tools: Airflow / Kafka / Flink / Pub-Sub

* DevSecOps - Cloud Security Assessment, Best Practices & Automation

* DevSecOps - Vulnerabiltiy Assessments/Penetration Testing for Web, Network and Mobile applications

* Preferrable to have Devops/Infra Experience for products in Payments/Fintech domain - Payment Gateways/Bank integrations etc

What will you do ?

Devops

* Provisioning the infrastructure using Crossplane/Terraform/Cloudformation scripts.

* Creating and Managing the AWS EC2, RDS, EKS, S3, VPC, KMS and IAM services, EKS clusters & RDS Databases.

* Monitor the infra to prevent outages/downtimes and honor our infra SLAs

* Deploy and manage new infra components.

* Update and Migrate the clusters and services.

* Reducing the cloud cost by enabling/scheduling for less utilized instances.

* Collaborate with stakeholders across the organization such as experts in - product, design, engineering

* Uphold best practices in Devops/DevSecOps and Infra management with attention to security best practices

DevSecOps

* Cloud Security Assessment & Automation

* Modify existing infra to adhere to security best practices

* Perform Threat Modelling of Web/Mobile applications

* Integrate security testing tools (SAST, DAST) in to CI/CD pipelines

* Incident management and remediation - Monitoring security incidents, recovery from and remediation of the issues

* Perform frequent Vulnerabiltiy Assessments/Penetration Testing for Web, Network and Mobile applications

* Ensure the environment is compliant to CIS, NIST, PCI etc.

Here are examples of apps/features you will be supporting as a Devops/DevSecOps Engineer

* Intuitive, easy-to-use APIs for payment process.

* Integrations with local payment gateways in international markets.

* Dashboard to manage gateways and transactions.

* Analytics platform to provide insights

As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.

• Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
• Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
• Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
• Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
• Communicating findings and recommendations to management and other stakeholders.
• Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
• To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.

About Drip Capital & Tech Team

The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide. 

Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.

Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.

Your Role 

As an AppSec Engineer in Drip Capital’s engineering team, you will have the opportunity to take ownership of :

• Contribute to and improve secure SDLC practice
• Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
• Designing and implementing cloud and network security solutions.
• Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
• Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
• Proactively identify vulnerabilities across our platform and work with developers in fixing them.
• Automate and simplify security, as “Complexity is the enemy of Security”.
• Handle Vulnerability Management and Patch Management processes.
• Participate in the investigation related to Privacy/Security incidents and response activities.
• Work with DevOps to implement the security tools and automation of the security tasks.
• Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
• Testing the deployed security solutions to make sure they function as planned.

Our Checklist 

• A minimum of 4 years of experience as an AppSec Engineer
• Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
• Hands-on experience in secure code review and automation of common security workflows.
• Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
• Good understanding of OWASP and SANS testing methodologies.
• Good understanding of software security weaknesses and vulnerabilities.
• Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
• Ability to contribute as an individual and as part of a team
• Working knowledge of any scripting language; Python or Go preferred
• Experience in writing custom tools/scanners/extenders is a plus
• Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption 
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting