Sr. Security Engineer

Pixxel is a space data company, building and operating a constellation of hyperspectral earth imaging satellites and the analytical tools to mine insights from that data. The constellation is designed to provide global coverage every 24 hours, aiming to detect, monitor, and predict global phenomena. (To know more about us, visit  https://www.pixxel.space)

We are looking for a security engineer to ensure that we build and deploy robust cloud architectures for our space and ground segment systems. The candidates are expected to have meticulous attention to detail, outstanding problem-solving skills, work comfortably under pressure, and deliver on tight deadlines. The role will focus on working with the setup and upkeep of security infrastructure including but not limited to cloud & SaaS platform security, Vulnerability Assessment, Pentesting, and security audits.

Roles and Responsibilities:

As a Security Engineer, you will be responsible for the following things:

• Proactively identify and reduce security threats, vulnerabilities, and risks
• Identify & remediate outdated, vulnerable code and code libraries
• Provide subject matter expertise on architecture, authentication, and system security
• Assess security tools and integrate tools as needed, particularly open-source tools
• Security forensics & malware analysis
• Incorporate current security trends, advisories, publications, and academic research
• Threat hunting and threat actor profiling - Identify and mitigate complex security vulnerabilities before an attacker exploits them
  
• Planning, implementing, managing, monitoring, and upgrading security measures to protect the organization's data, systems, and networks.
  
• Ensuring that the organization’s data and infrastructure are protected by enabling the appropriate security controls (detection, monitoring, exploitation).
• Working with external agencies/consultants to exploit applications and systems to identify vulnerabilities and also ensure the compliance of Pixxel with multiple security/regulatory standards.
  
• Work with the technical teams to recommend modifications in architecture/development approaches from a security perspective.
  
• Responding to all system and/or network security breaches to the network and associated systems
• Setting up processes to monitor web security gateways, perimeter security, network access controls, and endpoint security.
  

Requirements:

• In-depth knowledge of Linux tools/architecture and logging systems
  
• Experience with one or more programming languages (Ruby on Rails, Go, PHP and/or Python, bash) and cloud platforms (AWS, Google Cloud Platform (GCP), and/or Azure).
  
• Experience with incident detection, incident response, and forensics.
  
• 3 to 10 years of hands-on experience in web application security with a broad understanding of SAST and DAST.
• Familiar with the causes and ions of OWASP TOP 10 security issues
• Good understanding of Manual and Automate SaaS Platform and web application security Testing
• Deep technical ability, research, and creativity to think and act like a malicious actor
• Strong understanding of common application controls, such as CSP, SRI, the same-origin policy, cookie security, OAuth, MFA etc
• Strong understanding and experience attacking web application vulnerabilities such as XSS, BAC, Request Smuggling, DSync, CSRF, XXE, SQLi, LFI/RFI, RCE etc
• Expertise in Secure SDL including White box and Black box assessments, code reviews, design reviews, threat modeling, etc

Advantages if you have:

• Experience/Knowledge in securing or guarding space systems.
• Understanding of space ground systems