Security Engineer

Job Role Pointers:

• 5+ years’ of experience in AWS app and infra security, Vulnerability Assessment and Penetration testing.
• Should have participated in at least 2 IT Security Audits, preferably one of which should be in the last 12 months
• Experience in working heterogeneous work environments and AWS cloud - product based company experience is good to have
• The security engineer will be part of the cloud infra & security team that shall manage all security and compliance requirements for e-commerce products.
• Conduct and participate in security audits, identify gaps in web security, application security, mobile app security, Network security and IT infrastructure security, mitigate risks using right controls
• The team members shall prepare VAPT (Vulnerability Assessment & Penetration Testing) reports using defined templates and assist the management for finalization of audit reports. Co-ordinate to get the findings resolved in specific time
• The team members shall prepare the security checklists, test cases, and test scenarios to perform the security audit.

Desirable Skills & Experience:

• Experience in analysing and in identifying the vulnerabilities in apps, aws resources and configurations.
• Hands-on experience in web application, Mobile App and network Vulnerability Assessment & Penetration Testing using industry standard tools such as Vulnerability Scanners for e.g. Qualys, Nessus, WebInspect, Acunetix, Metaexploit, Burp Suite Pro, Netsparker etc.
• Hands-on linux admin and security experience - hardening of servers as per industry standards · Experience working with OWASP (Open Web Application Security Project ) security requirement and implementing them
• Should have the ability to stay organized, and possess excellent communication skills.
• Perform or co-ordinate penetration tests on computer systems, networks and applications
• Perform physical security assessments of systems, servers and other network devices to identify areas including firewall maintenance and administration etc.
• Research, evaluate, document and discuss findings with Eng teams and management.
• Review and provide feedback for information security issues and fixes.
• Establish improvements for existing security services, including hardware, software, policies and procedures.
• Identify areas where improvement is needed in security education and awareness for users.
• Be sensitive to corporate considerations when performing testing (i.e. minimize downtime and loss of employee productivity).
• Stay updated on the latest malware and security threats · AWS Security experience is mandatory.
• Experience working with XDR/EDR and microsoft O365 security and SaaS security.

Necessary certifications - CCNA/CompTIA+ or similar. AWS Security speciality or similar.