Acceldata - Staff Security Engineer

About the job :

Acceldata is reimagining the way companies observe their Data! Acceldata is the pioneer and leader in data observability, revolutionizing how enterprises manage and observe data by offering comprehensive insights into various key aspects of data, data pipelines and data infrastructure across various environments.

Our platform empowers data teams to manage products effectively by ensuring data quality, preventing failures, and controlling costs.

What we are looking for?

We are looking for a highly skilled and motivated Security Engineer to join our Infra and Security team. The candidate will be responsible for vulnerability management across our SaaS and on-premise product stacks, driving both remediation and validation efforts.

This role also involves conducting penetration testing and leveraging security tools for SAST and DAST to proactively secure our applications and infrastructure.

About the Role :

We are seeking a highly motivated and experienced Staff Security Engineer to join our growing security team. In this pivotal role, you will be instrumental in enhancing our overall security posture by identifying, prioritizing, and remediating vulnerabilities across our SaaS and on-premise environments.

You will drive application security initiatives, conduct penetration testing, and integrate security into our CI/CD pipelines.

This position requires a strong technical background, a proactive approach to security, and excellent collaboration skills to work effectively with engineering and product teams.

Key Responsibilities :

Vulnerability Management :

- Identify, prioritize, and manage security vulnerabilities across both SaaS and on-premise environments.

- Collaborate closely with product and engineering teams to ensure timely remediation of identified vulnerabilities.

- Track and report on remediation progress, verifying the effectiveness of applied fixes.

Vulnerability Fixing & Validation :

- Work directly with developers to implement fixes for vulnerabilities at both the code and configuration levels.

- Validate the effectiveness of fixes through rigorous retesting, comprehensive code reviews, and regression testing.

Penetration Testing :

- Conduct internal penetration testing of applications and infrastructure using industry-standard tools such as OWASP ZAP, Burp Suite Professional, Nmap, Metasploit, and other specialized toolkits.

- Simulate real-world attack scenarios to thoroughly assess the security posture and identify potential weaknesses.

- Document findings meticulously and deliver detailed reports with clear, actionable recommendations for remediation.

SAST and DAST Integration :

- Integrate, configure, and maintain Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools within CI/CD pipelines.

- Analyze the results generated by these tools and provide expert guidance to development teams on secure coding practices and vulnerability remediation.

- Security Automation : Develop and implement automation scripts and tools to streamline security processes, vulnerability scanning, and reporting.

- Security Best Practices : Advocate for and promote secure coding practices and security awareness across engineering teams.

Skill Set :

Core Security Concepts :

- Strong understanding of fundamental security principles, including confidentiality, integrity, availability, authentication, authorization, and encryption.

- Experience with threat modeling methodologies (e.g., STRIDE, DREAD) and security architecture reviews.

- Knowledge of common attack vectors and defense strategies (e.g., OWASP Top 10, SANS Top 25).

Application Security (AppSec) :

- Deep understanding of web application vulnerabilities (XSS, CSRF, SQL Injection, broken access control, etc.) and their mitigation techniques.

- Hands-on experience with SAST, DAST, IAST, and RASP tools (e.g., SonarQube, Checkmarx, Fortify, Veracode, Contrast Security).

- Ability to perform secure code reviews in common programming languages (e.g., Java, Python, Node.js, Go, C#).

Cloud Security :

- Experience securing applications and infrastructure in cloud environments (AWS, Azure, GCP).

- Familiarity with cloud security services (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center).

- Understanding of cloud-native security best practices and compliance.

Network & Infrastructure Security :

- Knowledge of network protocols (TCP/IP, HTTP/S, DNS) and common network security controls (firewalls, IDS/IPS, WAF).

- Experience with operating system security (Linux, Windows hardening).

- Familiarity with container security (Docker, Kubernetes) and serverless security.

Security Operations & Incident Response :

- Basic understanding of security monitoring, logging, and SIEM tools.

- Familiarity with incident response processes and playbooks.

Scripting & Automation :

- Proficiency in at least one scripting language (e.g., Python, Bash, PowerShell) for automating security tasks and developing custom tools.

Compliance & Frameworks :

- Knowledge of common security standards and frameworks (e.g., NIST, ISO 27001, SOC 2, GDPR, HIPAA).

Desired Experience :

- Proven experience in vulnerability management in both SaaS and on-premise environments.

- Hands-on experience with security testing tools such as OWASP ZAP, Burp Suite, Nmap, Metasploit, or similar.

- Familiarity with common vulnerability scanning tools and techniques (e.g., Nessus, Qualys, OpenVAS).

- Strong understanding of SAST and DAST concepts, tools, and workflows.

- Knowledge of common security standards and frameworks (e.g., OWASP Top 10, CVSS, NVD).

- Ability to read, understand, and remediate application code or configurations across various programming languages.

- Excellent problem-solving, analytical, and critical thinking skills.

- Strong communication and interpersonal skills, with the ability to explain complex security concepts to technical and non-technical audiences.

Education & Certifications :

- Bachelor's or Master's degree in Computer Science, Information Security, or a related technical field.

- Relevant security certifications such as OSCP, OSWE, GWAPT, CISSP, CEH, or equivalent are highly desirable.

We care for our team :

Mentorship & Growth :

- ESOPs