Cybersecurity Engineer, Principal

In this role you will:

• Review security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities to business assets.
• Configure and execute enterprise infrastructure vulnerability scanning across cloud and on-premises assets.
• Validate vulnerability scanning accuracy and scope against asset management, networks, and CMDB inventories.
• Co-ordinate with system owners and other teams to address the vulnerabilities as per defined SLAs.
• Respond to security researchers that report vulnerabilities through our Bug Bounty program and support the CVE publication process.
• Conduct static and dynamic application security testing across core products, analyze results, and prioritize vulnerabilities for remediation.
• Provide security gate review support to product and development teams to validate products meet security control standards prior to release.
• Coordinate third party penetration tests including scoping, scheduling, budgeting, vendor management, and procurement.
• Liaise with the security engineering team to improve tool usage and workflow, as well as with the advanced threats and assessment team to mature monitoring and response capabilities.
• Build strong partnerships with technical teams to promote best practices for managing vulnerabilities across traditional infrastructure and in cloud environments.
• Lead cybersecurity projects to promote integration, automation, and increase vulnerability detection and response capabilities.
• Ensure compliance with organizational cybersecurity policies and procedures.
• Provide architecture and design support for cloud environments.

• Bachelor’s degree in information technology, Information Security/Assurance, Computer Science, Engineering, or related field or equivalent combination of education and experience 
• 6-8 years of Cybersecurity experience with a concentration in vulnerability management techniques, tools and methodologies.
• One or more of the following certifications CEH, CISSP, CRISC, GSEC, GSED, CISM.
• Proficient with vulnerability management solutions such as Qualys, Tenable, and Rapid7.
• Familiarity with bug bounty platforms and tools (e.g., HackerOne, Bugcrowd etc)
• Experience using web application security testing tools and commercial scanners (Veracode, Qualys WAS, Tenable WAS).
• Experience with vulnerability management across cloud environments (AWS, Azure, GCP).
• Experience conducting organization-wide vulnerability scanning and developing remediation processes.
• Knowledge and experience with DevSecOps practices, container security, microservices architecture, infrastructure as code, OWASP, CVSS, SDLC, and penetration testing methodologies.
• Hands-on experience in application security testing tools like Burpsuite, OWASP ZAP etc.
• Strong communication skills with the ability to influence cross functionally, both at the peer level or above.
• Solid project management skills with the ability to prioritize tasks based on risk.

• Competitive remuneration package 
• Employee Stock Purchase Plan Enrolment

• 30 days of earned leave
• An extra day off for your birthday
• Various other leaves like marriage leave, casual leave, maternity, and paternity leave
• Premium Group Medical Insurance for employees and five dependents, personal accident insurance coverage, life insurance coverage
• Professional development reimbursement  
• Interest subsidy on loans - either vehicle or personal loans
• Health club reimbursement