2020443 - Senior Security Engineer
India (Remote)
Plivo
Plivo’s SMS API and Voice API platform enables businesses to communicate with their customers on a global scale. Sign up for free now.Founded in 2011, Plivo has over 300 employees remotely across US and India. Plivo was a part of YCombinator and is backed by prominent investors, including Andreessen Horowitz and Battery Ventures.
Plivo has been profitable for the past 7 years, an unusual milestone for companies of this scale. Plivo’s success has landed it among the leading global CPaaS (Communications Platform as a Service) companies and at the cutting edge of the CPaaS sector, which is estimated to grow to $16 billion by 2025.
The Role
As a Senior Security Engineer, you will lead the implementation of secure software engineering tools, practices, and assurance operations. With a focus on developing skills and practices necessary for delivering secure software efficiently and effectively, utilizing industry-standard tooling. In this hands-on role, you will bring in-depth expertise in secure development and coach teams in establishing best practices. Your compliance-related skills, including knowledge of SOC2, HIPAA, PCI, and ISO 27001, will play a crucial role in ensuring secure delivery, operations, and monitoring through automation, integration, and data flow optimization.
Roles & Responsibilities:
- Experience working with development teams to build secure solutions
- Experience breaking down complex systems and applications to find flaws
- Strong familiarity with common vulnerabilities and attack vectors
- Knowledge of web service technologies, load balancer services (i.e., Akamai, Cloudflare, …), and RESTful APIs
- Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAuth, SAML, RADIUS, LDAP, KERBEROS, etc.)
- Solid understanding of secure network and system design in the cloud (AWS) and conventional environments
- Drive automation and integration of Cyber Security & Risk management to ensure data products use API as native methods to publish/consume data.
- Strong experience in building architecture artifacts system design and trade-off analysis
- Experience with API security tools, API management platforms, Service Mesh, Security tools – JWT, OWASP ZAP, etc.
- Continuous Integration and Deployment experience using a wide variety of open-source technologies and Cloud services
- Support and consult with product and development teams in the area of application security, including threat modeling and appsec reviews
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
- Support the bug bounty program.
- Assist in the development of security processes and automated tooling that prevent classes of security issues.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- Strong knowledge of some common security libraries and tools (e.g. static analysis tools, proxying/penetration testing tools).
- Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
- Scripting experience and skills. Python preferred.
- Strong knowledge of network and web-related protocols (such as TCP/IP, UDP, HTTP, and HTTPS, protocols).
- Experience performing blackbox/greybox/whitebox security assessments of applications
- Lead in the development of automated security testing to validate that secure coding best practices are being used.
- Develop security training and socialize the material with internal development teams.
- Container security: The senior application security engineer will be responsible for ensuring the security of the organization's containerized applications. This includes implementing security controls and monitoring for potential vulnerabilities in the container environment.
- Secrets management: The senior application security engineer will be responsible for managing and securing the organization's secrets, such as passwords and keys, used in containerized applications. This includes implementing secure storage and access controls for secrets.
- Container orchestration security: The senior application security engineer will be responsible for securing the organization's container orchestration platform, such as Kubernetes. This includes implementing security controls and monitoring for potential vulnerabilities in the orchestration platform.
- Container image security: The senior application security engineer will be responsible for securing the organization's container images. This includes implementing security controls and monitoring for potential vulnerabilities in the images and securing the supply chain of the images.
- Hands-on experience with security technologies, including firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems
- Ensure compliance with industry regulations and standards, including SOC2, PCI, HIPAA, and ISO 27001
Skills Required:
- Strong understanding and experience with common security libraries, security controls, and common security flaws.
- Strong knowledge of security standards such as SOC2, PCI, HIPAA, and ISO 27001
- Some development or scripting experience and skills. Python is preferred.
- Strong experience working closely with developers.
- Ability to work collaboratively with senior management across multiple departments
- Ability to work effectively in a fast-paced SaaS environment
- Ability to prioritize and execute tasks
- Ability to handle multiple tasks simultaneously
- Work in a leveraged manner influencing teams across Plivo with application security approaches and a focus on problem-solving.
- Certification in the field of Information Security (CEH, OSCP, CompTIA PenTest+)
Perks and Benefits:
- Empowerment to plan and execute
- Medical and Life Insurance
- Open culture and working with a young and dynamic team
- Career advancement opportunities
- Generous leave policy
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Automation AWS CEH Cloud Cloudflare Compliance CompTIA Encryption Firewalls HIPAA Intrusion detection ISO 27001 Kerberos Kubernetes LDAP Monitoring OpenID OSCP OWASP Pentesting Python Risk management SaaS SAML Scripting Security assessment SIEM SOC 2 Splunk SSH TCP/IP Vulnerabilities
Perks/benefits: Career development Medical leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs