DevSecOps

Company IntroductionInnoventes Technologies (www.innoventestech.com) is a boutique product engineering services company working with startups in Bangalore, Mumbai, Chennai, SFO and Middle East. We work closely with our clients to build world-class products - either from our office or from our client offices. We firmly believe in agile engineering practices. We have an aggressive plan to double our current strength of 60 in the current year.

Security Engineer (Detection & Response Operations) 

Purpose of the Role

The responsibilities of security operations range from running tasks to enabling SRE and platform teams. This role has been established to 

● Detect, respond and manage cyber threats. 

● Managing end-end communication of external bug bounty programs 

● Detect, report and follow up for remediations of cloud and internal network misconfigurations and unauthorized exposure 

Responsibilities 

● Monitor alerts from SIEM on a daily basis and follow up with engineering team for remediation 

● Follow security community closely and develop newly emerging threat based rules for SIEM ● Continuous fine-tuning of existing rules in SIEM to reduce false positives ● Handle the external bug bounty communication end-end. 

● Develop ad-hoc automations for streamlining and standardization of security alert response, bug bounty program and periodic reporting of misconfiguration and exposure related processes. 

● Conduct, report and follow up on remediations of cloud and internal network misconfigurations and unauthorized exposures

● Conduct weekly meetings with Security Engineering Lead for discussion, planning and resolution of process blockers, SLA and TP-FP status of alerts; SLA and TP-FP status of external Bug bounty tickets; scope of improvements in the process of alert response and bug bounty program handling. 

Technical Skills Required 

● Working knowledge and hands-on experience with python and SQL. Current SIEM being utilized at works on python and SQL based detection rules. 

● Working knowledge in the security aspects of at least one among the top 3 (AWS / GCP / Azure) clouds. 

● Basic understanding of workings of cloud threat management solutions. ● Basic knowledge of OWASP Top 10 / SANS 25 for understanding and handling bug bounty queries and related communication. 

● Good to have personal projects (Git repositories) solving security problem statements. ● Good to have experience in working in cloud security operations.

Educational Qualification and Experience

• B.E/B.Tech/MCA/M.Tech in Computer science/Information science/Information Technology

• 1 to 3 years of hands-on experience in DevSecOps

Hiring Process

Each step is an elimination and the candidate has to clear each to proceed to the next

• Online Programming test 

• 2 rounds of Technical interview 

• Management interview