Lead Engineer - Information Security

Company Overview

Arcesium is a global financial technology firm that solves complex data-driven challenges faced by some of the world’s most sophisticated financial institutions. We constantly innovate our platform and capabilities to meet tomorrow’s challenges, anticipate the risks our clients encounter, and design advanced solutions to help our clients achieve transformational business outcomes.   

Financial technology is a high-growth industry as change and innovation continue to disrupt the status-quo and prompt major transformation. Arcesium is at a particularly interesting time in our own growth as we look to leverage our successfully established market position and expand operations in pursuit of strategic new business opportunities. We value intellectual curiosity, proactive ownership, and collaboration with colleagues, and we empower you to meaningfully contribute from day one and accelerate your professional development.

We are looking for a bright and exceptional Lead Engineer to join our Information Security team. 

As part of the Information Security team, the Tech Lead within the DevSecOps & Engg sub-team will be responsible for working with the other engineers in the team and own the SAST, DAST, SCA and SDK security testing tooling and initiatives.  The person in this team will be working with larger Information Security team to contribute to various aspects of Cloud Security, Application Security and Security Operations and Monitoring.

What you’ll do:

• Work with larger development teams to increase the adoption of SAST, DAST and SCA tools and integrating it to the CI process.
• Work with development teams to increase the coverage of SAST and DAST across various projects.
• Periodically review the DAST, SAST findings and report it to the development teams.
• Work with Junior members of the team to guide them on any technical issues related to InfoSec tools at Arcesium.
• Work and guide developers for any security related ad hoc development tasks as and when needed.
• Work with global Kerberos SME to own any Kerberos related development activity in the team.

What you’ll need:

• Expertise in programming: Knowledge in languages like Python / Java / Kotlin, JavaScript, PowerShell, shell scripting, Bash
• Working and implementation knowledge of Kerberos
• Knowledge of cloud infrastructure (AWS) and cluster management tools like Kubernetes, Docker, configuration management and monitoring
• Experience with end-to-end fully automated CI/CD pipelines (GitLab preferred), and scanning tools like Gemnasium
• Strong knowledge setting up SAST, DAST, SCA tools and integrations of it in the CI processes.
• Strong understanding of Third Party Library Vulnerability management processes
• Must have reviewed SAST, DAST, SCA tool results and worked with development teams about its resolutions.
• Experience with infrastructure as code (Terraform preferred)
• Strong understanding of the entire Software Development Lifecycle
• Good exposure to software security concepts and Knowledge of the best security practices
• Have a culture of automation where any repetitive work is automated
• Willingness to acquire new knowledge and building career in Information Security domain.
• Self starter and be able to work well in a fast paced, dynamic environment with minimal supervision
• Great interpersonal and communication skills

Qualifications:

• BE/B-Tech /MCA or any equivalent degree in Computer Science OR related practical experience.
• Must have 5+ years working experience in Java/Python/Kotlin, AWS, Unix & LINUX OS
• Must have experience with automation/configuration management tool (Terraform or equivalent)
• Must have experience in Kubernetes and containers (AWS, kubectl, helm) 
• Experience on Networking Skills (TCP/IP, SSL, SMTP, HTTP, FTP, DNS and More)
• Should have working experience with monitoring tools like Grafana, Prometheus, Elasticsearch, Splunk, or any other monitoring tools/processes.
• Good understanding of networking technologies, OSI network layers, and TCP/IP

Arcesium and its affiliates do not discriminate in employment matters on the basis of race, color, religion, gender, gender identity, pregnancy, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other category protected by law. Note that for us, this is more than just a legal boilerplate. We are genuinely committed to these principles, which form an important part of our corporate culture, and are eager to hear from extraordinarily well qualified individuals having a wide range of backgrounds and personal characteristics.