Security Engineer Job in Immply
Security Engineer
- Pune, Pune Division, Maharashtra
- Not Disclosed
- Full-time
- Permanent
SECURITY ENGINEER
Location
- Pune, India
Company Description
Since 2010, Annex Cloud (USA) in association with IMMPLY, has provided more than 250 leading brands and retailers, including NuSkin, Morphe Cosmetics, Jane Iredale, MacKenzie-Childs, Sugarfina, Bed Bath & Beyond, TaylorMade Golf, etc., with the ability to engage tens of millions of their customers one-to-one at scale.
Immply s advanced loyalty and marketing platform provides fully integrated Customer Loyalty, Referral Marketing, and User Generated Content solutions that seamlessly work together to optimize the customer journey and deliver a unified customer experience, a greater quantity and quality of referrals and content, and more high-quality and resilient customer relationships.
Learn more at https://www.annexcloud.com/.
Responsibilities
- Implement and maintain manual and automated testing tools and processes for manual code reviews, static and dynamic application security testing, and penetration testing.
- Identify vulnerabilities in code, working with other Engineering teams to do so if necessary.
- Identify areas for automation and implement security tools into CI/CD pipelines and SDLC to increase security testing coverage.
- Establish metrics and implement reporting tracking the effectiveness of security programs.
- Conduct risk analysis to identify gaps, find security bugs, and help teams develop mitigation plans.
- Improve the security posture of products by influencing the architecture, design, and development via design input or code review.
- Mentor software engineers and act as a subject-matter expert for security issues and provide guidance on best practices.
- Research emerging threats, publicly disclosed vulnerabilities or attack vectors and proactively push mitigating controls to products and services.
- Work independently to maintain and improve overall company security posture.
- Working with internal teams and auditors to maintain compliance certifications (e.g. SOC2, GDPR).
Minimum Qualifications
- Strong working knowledge in the domains of Web, Application and Infrastructure Security, OWASP Top 10, SSL/TLS, PKI, and practical cryptography usage.
- Strong understanding of Infrastructure and Public Cloud security best practices.
- Ability to understand code-level issues and promote secure coding practices for one or more languages like JavaScript, PHP, and My SQL.
- Experience with security testing tools (e.g. Vulnerability Scanners, Pen Testing Tools).
- 2+ years experience on an internal security team.
- 2+ years coding/software engineering experience (e.g. Python, Java, JavaScript, Ansible).
- Experience with AWS.
Bonus Requirements
- Pen testing experience.
- AWS Certified Solution Architect, Security, or DevOps professional.
- Familiarity with security and privacy frameworks and regulations (e.g. SOC, PCI, ISO, GDPR, CCPA).
Minimum 2 Years
2 - 4 Hires