Senior Security Engineer - DevSecOps/Docker (5-10 yrs) (Creospan Solutions Pvt Ltd)

Responsibilities : 

- Security Engineer will focus on three distinct but key interrelated aspects of client's cloud platform: Data Security, Application Security, and Infrastructure Security.

- Keeping up with the state of the art in application security, operational security, and DevSecOps, helping developers build software securely throughout the complete software development lifecycle.

- Enhance the security posture of X's platforms and applications, securing production and pre-production services running on Kubernetes and Docker.

- Evangelize smart security solutions and mitigations that solve classes of vulnerabilities by addressing root causes.

- Continue to learn new technology and business processes and apply an offensive (- red team- ) security mindset to them to discover and drive improvements.

- Hunt for and identify threats and vulnerabilities which impact X's software and infrastructure.

- Continuously improve the systems and algorithms X uses to identify potential indicators of compromise.

- Apply common information security frameworks or standards utilized in the industry to understand requirements and best practices as they apply to software.

- Leading independent third-party vendors through security assessments such as for penetration testing, social engineering, and compliance.

Requirements :

- Experience securing Kubernetes running at scale in production on public clouds, preferably with both Linux and Windows workloads.

- Experience with securing AWS-based cloud infrastructure and security-focused services such as AWS KMS, Cloud HSM, AWS Encryption SDK or equivalents (e.g. from GCP), AWS IAM, and AWS STS.

- Development and administration experience on Linux environments with distributions like Debian and Ubuntu.

- Programming experience in languages like Java/Python/PHP/Ruby/Go/Groovy/C/C++.Deep understanding of web technologies such as HTTP, TLS, and REST and services such as Nginx and HAProxy.

- Experience with tooling and systems for build, infrastructure automation, and monitoring, such as Docker, Jenkins, Terraform, Datadog, JFrog, and Sumologic.

- Good knowledge of security principles at all layers of the OSI stack.Blue and/or red team experience is highly valued.

Skills :

- First and foremost, an inquisitive mind which can identify pragmatic solutions to complex technical and security process challenges.

- Has strong verbal and written communication skills.

- Exhibits good balance between strategic direction and tactical execution.

- Has a strong orientation towards delivering results incrementally

Apply Now