2020443 - Senior Security Engineer

Plivo is a cloud communications platform that empowers businesses to connect, engage and interact with their customers with confidence. Plivo’s mission is to simplify business communications.  Thousands of businesses around the globe, including IBM, Workday, Wolters Kluver, and Splunk, rely on Plivo to power their voice and SMS communications on a global scale.
Founded in 2011, Plivo has over 300 employees remotely across US and India. Plivo was a part of YCombinator and is backed by prominent investors, including Andreessen Horowitz and Battery Ventures. 
Plivo has been profitable for the past 7 years, an unusual milestone for companies of this scale.  Plivo’s success has landed it among the leading global CPaaS (Communications Platform as a Service) companies and at the cutting edge of the CPaaS sector, which is estimated to grow to $16 billion by 2025.
The Role
As a Senior Security Engineer, you will lead the implementation of secure software engineering tools, practices, and assurance operations. With a focus on developing skills and practices necessary for delivering secure software efficiently and effectively, utilizing industry-standard tooling. In this hands-on role, you will bring in-depth expertise in secure development and coach teams in establishing best practices. Your compliance-related skills, including knowledge of SOC2, HIPAA, PCI, and ISO 27001, will play a crucial role in ensuring secure delivery, operations, and monitoring through automation, integration, and data flow optimization.

Roles & Responsibilities:

• Experience working with development teams to build secure solutions
• Experience breaking down complex systems and applications to find flaws
• Strong familiarity with common vulnerabilities and attack vectors
• Knowledge of web service technologies, load balancer services (i.e., Akamai, Cloudflare, …), and RESTful APIs
• Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAuth, SAML, RADIUS, LDAP, KERBEROS, etc.)
• Solid understanding of secure network and system design in the cloud (AWS) and conventional environments
• Drive automation and integration of Cyber Security & Risk management to ensure data products use API as native methods to publish/consume data.
• Strong experience in building architecture artifacts system design and trade-off analysis
• Experience with API security tools, API management platforms, Service Mesh, Security tools – JWT, OWASP ZAP, etc.
• Continuous Integration and Deployment experience using a wide variety of open-source technologies and Cloud services
• Support and consult with product and development teams in the area of application security, including threat modeling and appsec reviews
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Support the bug bounty program.
• Assist in the development of security processes and automated tooling that prevent classes of security issues.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Strong knowledge of some common security libraries and tools (e.g. static analysis tools, proxying/penetration testing tools).
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
• Scripting experience and skills. Python preferred.
• Strong knowledge of network and web-related protocols (such as TCP/IP, UDP, HTTP, and HTTPS, protocols).
• Experience performing blackbox/greybox/whitebox security assessments of applications
• Lead in the development of automated security testing to validate that secure coding best practices are being used.
• Develop security training and socialize the material with internal development teams.
• Container security: The senior application security engineer will be responsible for ensuring the security of the organization's containerized applications. This includes implementing security controls and monitoring for potential vulnerabilities in the container environment.
• Secrets management: The senior application security engineer will be responsible for managing and securing the organization's secrets, such as passwords and keys, used in containerized applications. This includes implementing secure storage and access controls for secrets.
• Container orchestration security: The senior application security engineer will be responsible for securing the organization's container orchestration platform, such as Kubernetes. This includes implementing security controls and monitoring for potential vulnerabilities in the orchestration platform.
• Container image security: The senior application security engineer will be responsible for securing the organization's container images. This includes implementing security controls and monitoring for potential vulnerabilities in the images and securing the supply chain of the images.
• Hands-on experience with security technologies, including firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems
• Ensure compliance with industry regulations and standards, including SOC2, PCI, HIPAA, and ISO 27001

Skills Required:

• Strong understanding and experience with common security libraries, security controls, and common security flaws.
• Strong knowledge of security standards such as SOC2, PCI, HIPAA, and ISO 27001
• Some development or scripting experience and skills. Python is preferred.
• Strong experience working closely with developers.
• Ability to work collaboratively with senior management across multiple departments
• Ability to work effectively in a fast-paced SaaS environment
• Ability to prioritize and execute tasks
• Ability to handle multiple tasks simultaneously
• Work in a leveraged manner influencing teams across Plivo with application security approaches and a focus on problem-solving.
• Certification in the field of Information Security (CEH, OSCP, CompTIA PenTest+)

Perks and Benefits:

• Empowerment to plan and execute
• Medical and Life Insurance
• Open culture and working with a young and dynamic team
• Career advancement opportunities
• Generous leave policy