We are seeking a talented Security Engineer to join our team.

The ideal candidate should have a strong background in production security, DevSecOps, and extensive experience with SDLC practices and multiple security tools, including but not limited to Qualys, Black Duck, and JFrog X-ray.

As a Security Engineer, you will be responsible for ensuring robust security practices and implementing cutting-edge security measures to protect our systems and data.

Vulnerability Management :

The core responsibilities for the job include the following :

- Own end-to-end vulnerability lifecycle for a given Business Unit, consisting of multiple enterprise-level products.(SaaS and on-prem).

- Triage, track, Correlate, and remediate vulnerabilities from tools like Black Duck, Prisma Cloud, Qualys, Jfrog Xray, etc.

- Understanding the working of these tools and mapping in a common tool.

- Coordinate with business security leads to plan patching strategies and risk mitigation.

Security Automation :

- Integrate security scanning tools into common tools.

- In progress and SLA tracking for all the vulnerabilities, and will work closely with the respective business units.

- Develop dashboards and reports for compliance and leadership visibility.

- Write a high-level design to automate a few of the manual tasks.

Collaboration And Governance :

- Work cross-functionally with product teams and stakeholders.

- Contribute to security policies, standards, and best practices.

- Participate in incident response and post-mortem analysis.

Requirements :

- Publish security advisories on high-priority vulnerabilities (CVEs).

- Helping Junior team members with security aspects.

- Kubernetes, container build pipeline, and repository platform knowledge are a plus.

- Familiarity with vulnerability scoring models like CVSS, EPSS, and BDSA