SpryIQ Technologies Pvt. Ltd. is looking for an enthusiastic engineer who would be part of company and product that people love. We are looking for a new category of technology called Data Security Posture Management (DSPM). We are making our mark with customers and prospects through interesting data visualizations and seamless workflows backed by in-depth security analysis, AI & machine learning.

As a Security Engineer, you will work closely with many teams, driving projects that would continuously improve security posture. Your role will also contribute to providing guidance to product development teams on adding security features.

You will perform a variety of responsibilities ranging from corporate endpoint protection, infrastructure/application security engineering, advanced penetration testing and threat modelling. It will also include product advisory. In addition, we spend a fair amount of time working with the earliest adopters of our product, helping them achieve greater value from the product.

What You Will Do

  • Manage corporate security using multiple software including endpoint protection, security features from OS providers.
  • Periodically review and improve security of corporate websites and hosting infrastructure.
  • Manage application security starting from code scanning, library scanning to all the checking the production workloads and runtime security.
  • Manage vulnerability scanning and penetration testing. Analyze the findings and follow up on resolution.
  • Work closely with our Machine Learning practice to both generate synthetic data for modelling purposes based on Mitre ATT&CK, as well as study discrete customer models for anomalies.
  • Contribute to security standards and drive company’s overall technical architecture and engineering practices especially around security.
  • Manage Centralized Logging and SIEM and ensure all critical logs are scanned for standard and custom rules to detect security violations and anomalies.
  • Recommend and create innovative solutions that balance security standards with customer business requirements.
  • Stay on-top of the latest known CVE/CWE threats to our application infrastructure and code for remediation purposes.
  • Work with customers to address Identity and Access Management issues.
  • Mentor development engineers on security when required.

 What You Will Bring

  • Advanced working cloud architecture and security experience of at least one public cloud (AWS, GCP or Azure)
  • Experience with Endpoint protection
  • Experience with Application security management
  • Attacker mindset and experience with Threat Modelling
  • Experience with Mitre ATT&CK
  • Experience implementing and managing different formats of SSO/authentication
  • Programming experience in Python
  • Experience in CIS Benchmarks, NIST 800-53 standards
  • Aware of threat intel sources and ability to do threat analysis
  • Experience with ethical hacking and vulnerability management reporting
  • Advanced experience in infrastructure security and knowledge of cloud security misconfigurations and anti-patterns (e.g., overprivileged, public data stores).
  • CISSP / CISM / CEH / OSCP or equivalent security certification(s) is a plus