Lead Engineer - Information Security

Company Overview

Arcesium is a global financial technology firm that solves complex data-driven challenges faced by some of the world’s most sophisticated financial institutions. We constantly innovate our platform and capabilities to meet tomorrow’s challenges, anticipate the risks our clients encounter, and design advanced solutions to help our clients achieve transformational business outcomes.   

Financial technology is a high-growth industry as change and innovation continue to disrupt the status-quo and prompt major transformation. Arcesium is at a particularly interesting time in our own growth as we look to leverage our successfully established market position and expand operations in pursuit of strategic new business opportunities. We value intellectual curiosity, proactive ownership, and collaboration with colleagues, and we empower you to meaningfully contribute from day one and accelerate your professional development.

We are looking for a bright and exceptional Lead Engineer to join our information security team in Bangalore/Gurugram.

What you'll do:

• Conduct manual penetration testing on web applications and other systems.
• Demonstrate and promote security best practices, including secure development and cloud security
• Assist with the development of remediation recommendations for identified findings
• Identify and articulate (written and verbal) findings to the development teams
• Stay up-to-date with the latest security trends, technologies, and best practices

What you'll need:

• 5 – 8 Years, out of which at least 3+ years in the security engineering field
• B.E/B.Tech or M.Tech/MS: Degree in computer science engineering or related field
• Technical background in Application Security Testing, Security Code Reviews, and security design reviews
• Knowledge of common application security attacks (e.g. Deserialization attacks, Injections attacks, SSRF, XSS, SQL Injection, XSRF, buffer overruns, DoS, etc)
• Prior experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools and using them for Application Security reviews.
• Experience in Cloud Security - AWS is an added advantage, and Kubernetes and Docker container security
• Technical familiarity with technologies like Java, Python, React, GraphQL, Javascript, JSON, REST, Docker, Terraform, etc.
• Encryption and Key Management
• Must have Experience with Java programming language.
• Strong understanding of security fundamentals and general security technologies.
• Excellent communicator, comfortable discussing with technical staff and management.
• Strong interpersonal skills as well as excellent written and verbal communication skills
  
  Good to have Skills:
  
  
• SAST/DAST integration in CI/CD pipeline - design, implementation
• Experience working with Gitlab
• Certifications like OCSP, OSWE or OSWA
  
  

Arcesium's Personal Data Privacy Notice for Candidates is linked here. 

Arcesium and its affiliates do not discriminate in employment matters on the basis of race, color, religion, gender, gender identity, pregnancy, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other category protected by law. Note that for us, this is more than just a legal boilerplate. We are genuinely committed to these principles, which form an important part of our corporate culture, and are eager to hear from extraordinarily well qualified individuals having a wide range of backgrounds and personal characteristics.