Roles & Responsibilities
- Work as a part of the information security team to document, design and execute the web application security goals of the organisation
- Define application security policies and procedures across the organisation and own compliance to these policies
- Work with Engineering teams to setup best software development security practices
- Work with the product development team to setup automated security workflows
- Review user authentication and access control architecture and implementations across Acko codebase
- Work with internal audit to ensure compliance with applicable regulations and standards
- Perform periodic security audits across functions and own resolution of security issues by working with the relevant teams
- Work in a fast paced agile manner for security implementation in product development sprints
Technical Skills Required
- Hands-on experience on securing Linux, web applications on AWS Cloud
- Experience working with Vulnerability & Pen testing tools both commercial and open-source ones. Proficient in monitoring and automation of AWS threat detection, vulnerability, changes etc. using AWS tools (such as Systems Manager, Config, Inspector, Trusted Advisor, Cloud Watch, Cloud Trail, Guard Duty, Macie, Shield, etc.)
- Knowledge of web application threat landscape and security measures to defeat the threats
- Experience performing automated code audits on Python, Go and Java for secure development practices
- Knowledge of industry-standard cloud security best practices and compliance requirements
- Perform source code review of key aspects of Acko application code.
- Coordinate with other team members to track internal and external assessment and regulatory compliance and address requests related to the Application Penetration Test, SAST and DAST, OSINT, threat hunting and modelling.
- Familiarity with Open Source licenses and security tools
- Engineer security testing workflows as part of DevOps CI/CD pipelines
- Experience in reviewing security architecture, design and best practices for AWS Cloud
- Knowledge of Application Security/API Security concepts( e.g. OWASP Top-10)
Other Skills
- Strong work ethic and personal integrity
- Inter-personal skills to collaborate with multiple stakeholders across different functions to ensure the success of projects
- Communication skills to be able to present execution and status reports to the senior leadership
- The candidate should be a team player with good interpersonal skills and should be able to work independently with minimum supervision in a complex Infrastructure environment.
Education (Preferred): BCA/MCA/B.Tech / BS in Computer Science or higher
Certifications (Optional) : CEH,OSCP, CISSP
