job openings

Senior Security Engineer

VIMAAN is looking to hire a talented senior security engineer to join our exceptional engineering team developing the next generation of information systems for the warehouse. You will work with cross-functional teams, plan, and prepare to block security threats, identify potential threats, and implement remediation. You will define, implement and test security strategies, report on incidents, keep track of the status of network and system security, and raise security awareness amongst employees.

Scope of work will span the breadth of product development and deployment. You will ensure the product, its deployment, and integration into the infrastructure are not vulnerable to security risk while complying with contemporary security guidelines. You will also be responsible for interfacing with third parties to conduct threat assessment and implement corrective actions. You will be responsible for meeting specific industry InfoSec guidelines, standards and regulations, such as medical or government, and driving product compliance.

You will thrive in this role if you are curious, innovative, relish complexity, pay attention to detail, and work to make things a little better every single day. We expect you are smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, reach out for the start of a great journey together.

Senior Security Engineer Responsibilities

• Help plan VIMAAN’s information security strategy

• Develop security standards and practices as part of SDLC and oversee architecture, design, development, coding, testing, deployment and production to ensure product and infrastructure security

• Assess risks, maintain risk register, analyze and communicate impact, undertake remedial actions and follow-up on remedial actions by team members

• Install, configure and use security devices, tools and software, such as firewalls, IDS, IPS and data encryption solutions

• Automate and deploy network scans to find vulnerabilities and perform penetration testing

• Perform code reviews ensuring implementation of security best practices

• Develop scripts to automate security related work

• Track third party software security and keep updated for security patches and upgrades

• Collaborate with DevOps for deployment of software updates and security patches

• Collaborate with IT staff and system administrators to monitor networks and systems for security breaches or intrusions

• Lead incident response activities, investigations into potential breaches, report on findings, develop and implement remediation plans

• Interface with third parties to conduct threat assessment and penetration tests and to implement corrective actions

• Ensure product and infrastructure meets specific industry InfoSec standards, such as medical or government, and drive product compliance to those standards

• Continually research the current threat landscape and state of the art

• Raise information security awareness in product development teams

• Establish and maintain thorough and accurate documentation of all work

Senior Security Engineer Qualifications

• Bachelor’s of Computer Science or equivalent degree

• 8+ years of experience as System Security Engineer or Information Security Engineer

• Thorough understanding of the latest security and data protection principles, techniques, and protocols

• Experience designing and implementing secure networks, systems, and application architectures

• Experience with securing web technologies including web applications, Web Services, Microservices

• Experience with securing Linux systems and databases such as Postgres

• Knowledge of TCP/IP networking protocols, HTTPS, REST, SSH, TLS, and experience securing them

• Experience with Identity Management, authentication and SSO methods, LDAP, Active Directory, OpenID, OAuth, and Role Based Access Control

• Experience with data encryption and knowledge of encryption algorithms

• System administration experience including Linux, network and database administration

• Expertise in scripting using shell scripts, Python, Perl or similar languages

• Knowledge of risk assessment tools, technologies, and methods

• Experience with Software Composition Analysis and Vulnerability Assessment

• Experience in designing, implementing, configuring, and managing security by using firewalls, network monitoring tools, intrusion detection systems, anti-virus software, authentication systems, log management systems, content filtering, etc.

• Experience with SAST and DAST tools and integrating them into DevSecOps

• Experience with code reviews using OWASP Top 10 and MITRE CWE Top 25 and training team on secure coding methodologies

• Experience with ISO27001 and SOC2 compliance, audit and certification, and with other industry guidelines, regulations and standards such as NIST, DISA, CPRA, GDPR, etc.

• Ability to collaborate effectively with fellow team members

• Strong written and verbal communication skills

How to Stand Out

• Experience configuring and monitoring security and data protection in Cloud systems using provider tools such as those provided by AWS, Azure and GCP

• Security certifications such as CISSP, CISA, CISM, CEH, or similar

• Knowledge of data protection and disaster recovery, and experience with related technologies and methods

• Understanding of tactics used by APT and other threat groups, and knowledge of computer forensic tools

• Experience in Developing a SecureDevOps for an AI/ML product

• Self motivated and self managed

• You are someone that others enjoy working with due to your positive attitude and technical competence

• Pragmatic approach to solving problems and collaboration

• Open-minded, passionate, but not ideological

• Biased towards automation and ensuring “it just works”

• Team-first attitude motivated by helping team members succeed