Senior Security Engineer
Druva, the autonomous data security company, puts data security on autopilot with a 100% SaaS, fully managed platform to secure and recover data from all threats. The Druva Data Security Cloud ensures the availability, confidentiality, and fidelity of data - providing customers with autonomous protection, rapid incident response, and guaranteed data recovery. The company is trusted by its more than 6,000 customers, including 65 of the Fortune 500, to defend business data in today’s ever-connected world. Amidst a rapidly evolving security landscape, Druva offers a $10 million Data Resiliency Guarantee ensuring customer data is protected and secured against every cyber threat.
Druva has built a highly scalable and secure SaaS platform for offering data protection services to its customers. Druva is looking for architects who are passionate about driving software development with a security-first mindset and thereby maintaining the highest level of security standards for such a platform. As part of the engineering organization, you will have opportunities to define and drive the adoption of security by design principles for developing, testing, and deploying Druva’s data protection and data management software at scale.
Skills & Qualifications:
- Expertise and hands-on experience in designing and implementing SaaS software with a security-first mindset.
- Strong expertise in cybersecurity technologies, protocols, and frameworks for web, network, endpoint, and data security including but not limited to those related to authentication, authorization, identity management, encryption, and cryptosystems.
- Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies and working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM).
- Extensive knowledge in using SAST, DAST, IAST, and/or RASP and fuzz-testing tools. Experience in implementing and managing static scanning tools such as BurpSuite, Snyk, OWASP ZAP, OpenVAS, etc.
- Proficiency and expertise in defining and implementing security best practices and guidelines to be followed during each phase of the software development lifecycle starting from architecture and design to implementation, testing, and deployment.
- In-depth awareness and knowledge of the security ecosystem and tech stack including NIST cyber security framework, cryptosystems, threat modeling, attack vectors and nature of cybersecurity attacks, incident response, tools for security assessment as well as vulnerability and other types of testing.
- Experience with SaaS platforms like AWS & Azure is a plus.
- Experience with SaaS-based data management products is a plus.
- Familiarity with information security standards and best practices, PCI DSS, ISO 2700x, SOC 2 Control frameworks such as ISO, NIST, etc. as it relates to application security.
- Bachelor's degree or B.S. in Computer Science, Information Technology & Management or equivalent, Advanced degree is preferred. Any one of the Certifications; CSSLP, CEH, CASE, GIAC-GWEB, OSCP, OSWE, or similar preferred.
- 4+ years of industry experience in securing software products.
- Advanced degree in Computer Science is a plus.
Role and Responsibilities:
- Work with various engineering teams across different products to define security best practices and principles to be followed during software development.
- Continuously assess newer security technologies, tools and libraries that help in building, testing, and deploying secure software. Help the engineering teams in adopting and integrating such technologies and tools into their tech stack, build pipelines, and test frameworks.
- Be at the forefront of helping and collaborating with engineering, operations, and infosec teams to identify and respond to security incidents.
- Development, publication, and maintenance of secure development standards, guidelines, patterns, as well as working with engineering peers to adopt the publications.
- Build and leverage threat models to secure core product features & services.
- Drive toward automation and advancement of security tools and processes ensuring innovation in various product security areas.
- Mentor, guide and train engineers on security.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
