Senior Information Security Engineer

Cloudways is seeking a senior-level Information Security Engineer to assess and implement Information Security controls and procedures across various organizational and product areas like Web Applications, Cloud Security, Compliances, IAM, Security Monitoring, and ensure security best practices are implemented and are being continuously followed in all areas. The purpose is to strengthen the information security controls within the organization and product and minimize the security risks. The person should be able to work with different functional teams and get the Security requirements implemented. Ideally, the person we are looking for should possess the curious mindset of “what can go wrong?” to be able to foresee security issues.

Responsibilities:

• Work closely with different teams, assess the security requirements, and get them implemented
• Take part in the product development lifecycle with the mindset of maintaining a balance between usability and security of the product
• Assess and handle vulnerabilities reported through various mediums and work with the development team to mitigate them
• Assess the current application development and DevOps based workflows and instill DevSecOps tools and practices
• Develop and maintain documentation for security procedures
• Develop security baseline and standards on different layers e.g Web, Cloud Infrastructure, Microservices, Docker/Kubernetes, and work with the Engineering team to ensure best security practices are followed
• Participate in incident investigation and incident response
• Stay updated on current security industry trends

Qualifications and Skills:

• Degree in Computer Science, Software Engineering, Cyber Security, or related fields
• Minimum 3 years of experience in a cybersecurity engineer role
• Minimum 1-2 years of experience in software development or DevOps
• Familiarity with the OWASP Security framework and defense controls against OWASP Top 10 vulnerabilities
• Demonstrable experience with Linux Operating System and its security hardening
• Understanding of Cloud security hardening (preferably AWS) and best practices
• Experience with security tools like BurpSuite, OWASP ZAP, and SAST/DAST tools
• Familiar with DevOps technologies like Git, Terraform, Ansible, Cloud, Containers, CI/CD
• Ability to understand business requirements and translate them into technical solutions
• Ability to understand compliance requirements and translate them into technical solutions

Good to Have:

• Ability to code in Python, PHP and Bash
• Familiarity with modern web applications architecture like microservices, API Gateways, Lambda
• Knowledge of Security Frameworks and standards like NIST/ COBIT
• Familiarity with industry standard security certifications ISO2001/ SOC2/ GDPR/ HIPAA/ PCI
• Familiarity with threat modeling frameworks
• Have experience working with startups

Back to Careers