Product Security Engineer

Web Spiders is seeking a Product Security Engineer, to join a project for our Global MNC Client. Our Client is a B2B US Software company with more than 11,000 customers and $400m in revenues. The role is remote, anywhere in India and requires a minimum 7+ years of experience. As a Product Security Engineer, will be an integral part of Product Security Engineering.  This engineer owns performing threat modelling, secure architecture review, DevSecOps pipeline build, security automation across a variety of security tools throughout the Public Cloud & enterprise.

Prior Experience : 7+ years of relevant cloud security operations experience

Location: Remote - Pan India (Preferred Bangalore, Pune, Ahmedabad )

‍Full Home office setup will be provided

Interview Process:

‍1) One-way Video Interview

2) Online Test

3) 2-way interview ---> And on selection you are on your way to work for a Global MNC project.

Salary & Benefits Increment: Minimum 25% 

Responsibilities:

• Leading architecture and major design decisions that will affect our infrastructure and our product
• Lead threat intelligence and incident response for complex cases, identify enforcement strategies
• Designing and implementing security controls in multi-cloud environments
• Automating and orchestrating infrastructure (Terraform) changes across Gov and Public clouds
• Architect, deploy security solutions, tools for Application and Public Cloud Security
• Consulting with leadership on cloud security architecture decisions that will affect company for years to come
• Creating, deploying, analysing, and refactoring our infrastructure through infrastructure-as-code tools, (e.g., Terraform)
• Assisting engineering in the deployment of services and applications and creating a secure-by-default environment
• Strong comprehension of security services working hands-on-keyboard (“HOK”)
• Possess strong security fundamentals and have solid threat modelling and security architecture skills
• Provide subject matter expertise in Cloud Security Posture Management (CSPM)
• Knowledge and understanding of security industry trends and new technologies and the ability to apply learnings in an evolving cloud security threat landscape
• Demonstrate creativity and out of the box thinking to continuously improve the organisation's threat intelligence, security monitoring, detection, and response capabilities
• Evaluate existing security controls for efficacy, identify gaps, drive remediation and risk treatment processes across all of company products and services
• Experience working with multiple compliance and privacy frameworks
• Working with the team to take on projects which gather telemetry from many sources, identify risks from that telemetry, and remediate those risks and automate remediation
• Develop and present security tooling deployment, documentation, Run books and SOPS for operations
• Willingness to dive-in supporting environments as a part of 24x7 global cloud operations team 

Requirements:

• Bachelor’s degree in a relevant field of study required: Computer Science, Management Information Systems, etc., or equivalent experience and 7+ years of relevant cloud security operations experience
• Operated and have an in-depth understanding of cloud infrastructure platforms, (AWS and Azure or GCP)
• Experience writing performant, maintainable, testable code in at least one of the following: Go, Rust, Python, or Node.js
• Has deep knowledge of Cloud Security and Application Security Concepts
• Experience participating in an on-call rotation for global, critical services
• Experience using infrastructure-as-code tools, (e.g., Terraform)
• Experience working with modern development and deployment workflows (containerization, container orchestration, CI/CD etc.)
• Experience with secrets management systems, (e.g., Vault)
• Working knowledge of public cloud platforms (AWS, Azure and/or IBM or GCP) Cloud platforms, or some certifications
• Cloud Certification in field of operations and security is highly desired
• Expertise using with one or more languages (Terraform, Python, Java, PowerShell), and git
• Experience in cloud management or micro-service architecture and related technologies like Docker, Kubernetes, etc.
• Collaborate cross-domain with internal and external stakeholders at all levels of a company
• Demonstrate creativity and out of the box thinking to continuously improve the organisation's threat intelligence, security monitoring, detection, and response capabilities
• Strong communication and team skills in a distributed global environment
• Motivation and ability to grow talent by providing a proper mentorship and performance management environment while prioritising empathy
• Strong analytical skills and passion to solve problems

‍