VIMAAN is looking to hire a talented senior security engineer to join our exceptional engineering team developing the next generation of information systems for the warehouse. You will work with cross-functional teams, plan, and prepare to block security threats, identify potential threats, and implement remediation. You will define, implement and test security strategies, report on incidents, keep track of the status of network and system security, and raise security awareness amongst employees.
Scope of work will span the breadth of product development and deployment. You will ensure the product, its deployment, and integration into the infrastructure are not vulnerable to security risk while complying with contemporary security guidelines. You will also be responsible for interfacing with third parties to conduct threat assessment and implement corrective actions. You will be responsible for meeting specific industry InfoSec guidelines, standards and regulations, such as medical or government, and driving product compliance.
You will thrive in this role if you are curious, innovative, relish complexity, pay attention to detail, and work to make things a little better every single day. We expect you are smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, reach out for the start of a great journey together.
Help plan VIMAAN’s information security strategy
Develop security standards and practices as part of SDLC and oversee architecture, design, development, coding, testing, deployment and production to ensure product and infrastructure security
Assess risks, maintain risk register, analyze and communicate impact, undertake remedial actions and follow-up on remedial actions by team members
Install, configure and use security devices, tools and software, such as firewalls, IDS, IPS and data encryption solutions
Automate and deploy network scans to find vulnerabilities and perform penetration testing
Perform code reviews ensuring implementation of security best practices
Develop scripts to automate security related work
Track third party software security and keep updated for security patches and upgrades
Collaborate with DevOps for deployment of software updates and security patches
Collaborate with IT staff and system administrators to monitor networks and systems for security breaches or intrusions
Lead incident response activities, investigations into potential breaches, report on findings, develop and implement remediation plans
Interface with third parties to conduct threat assessment and penetration tests and to implement corrective actions
Ensure product and infrastructure meets specific industry InfoSec standards, such as medical or government, and drive product compliance to those standards
Continually research the current threat landscape and state of the art
Raise information security awareness in product development teams
Establish and maintain thorough and accurate documentation of all work
Bachelor’s of Computer Science or equivalent degree
8+ years of experience as System Security Engineer or Information Security Engineer
Thorough understanding of the latest security and data protection principles, techniques, and protocols
Experience designing and implementing secure networks, systems, and application architectures
Experience with securing web technologies including web applications, Web Services, Microservices
Experience with securing Linux systems and databases such as Postgres
Knowledge of TCP/IP networking protocols, HTTPS, REST, SSH, TLS, and experience securing them
Experience with Identity Management, authentication and SSO methods, LDAP, Active Directory, OpenID, OAuth, and Role Based Access Control
Experience with data encryption and knowledge of encryption algorithms
System administration experience including Linux, network and database administration
Expertise in scripting using shell scripts, Python, Perl or similar languages
Knowledge of risk assessment tools, technologies, and methods
Experience with Software Composition Analysis and Vulnerability Assessment
Experience in designing, implementing, configuring, and managing security by using firewalls, network monitoring tools, intrusion detection systems, anti-virus software, authentication systems, log management systems, content filtering, etc.
Experience with SAST and DAST tools and integrating them into DevSecOps
Experience with code reviews using OWASP Top 10 and MITRE CWE Top 25 and training team on secure coding methodologies
Experience with ISO27001 and SOC2 compliance, audit and certification, and with other industry guidelines, regulations and standards such as NIST, DISA, CPRA, GDPR, etc.
Ability to collaborate effectively with fellow team members
Strong written and verbal communication skills
Security certifications such as CISSP, CISA, CISM, CEH, or similar
Knowledge of data protection and disaster recovery, and experience with related technologies and methods
Understanding of tactics used by APT and other threat groups, and knowledge of computer forensic tools
Experience in Developing a SecureDevOps for an AI/ML product
Self motivated and self managed
You are someone that others enjoy working with due to your positive attitude and technical competence
Pragmatic approach to solving problems and collaboration
Open-minded, passionate, but not ideological
Biased towards automation and ensuring “it just works”
Team-first attitude motivated by helping team members succeed
Headquartered in Silicon Valley, with team members around the world, Vimaan is comprised of computer vision and hardware technologists and also warehousing domain experts with a rich and successful history in successful technology startups. Vimaan’s primary mission is to deliver computer vision and machine learning solutions to solve long-standing inventory visibility, accuracy and quality challenges experienced in the supply chain.