Design secure systems and conduct threat modeling for new and existing features.
Review, identify and mitigate security risks in architecture, applications, and infrastructure levels.
Perform regular security assessments and audits to identify vulnerabilities and ensure compliance with security standards.
Develop, maintain, and audit information security policies and guidelines.
Actively influence the product and services roadmap and security implementation.
Continually improve Secure Development Lifecycle (SDLC) practices within R&D and Product units.
Integrate security best practices into CI/CD pipelines and development workflows.
Ensure the effectiveness of processes and controls to meet multiple standards, regulations, and audits, such as ISO27001, PCI-DSS, and more.
Provide guidance and mentorship to development teams on secure coding practices and security principles.
Collaborate with cross-functional teams, including developers, product managers, DevOps and more, to ensure security is integrated into all aspects of the R&D.
Communicate security risks and recommendations to technical and non-technical stakeholders effectively.
Review new tools and processes to detect security threats.
For management review, generate regular reports on security posture, vulnerabilities, and compliance status.
QUALIFICATIONS
8+ years of experience in Information Security.
Extensive experience in designing, implementing, and managing security architectures for complex applications.
Deep understanding of application security principles, frameworks, and standards (e.g., OWASP, NIST).
Strong knowledge of authentication, authorization, encryption, and other security protocols.
Hands-on experience designing and building secure web/mobile applications, systems, or networks.
Familiarity with security methodologies and industry standards (e.g., ISO27001, PCI-DSS, GDPR).
Proficiency in secure software development practices, including Secure Software Development Life Cycle (SSDLC) and DevSecOps practices.
Experience securing Cloud environments (AWS, GCP, and/or Azure) and networks.
Ability to conduct risk assessments, threat modeling, and vulnerability assessments.
Experience in conducting security reviews, code audits, and threat modeling during the development process.
Excellent communication skills, both written and verbal, to effectively convey security concepts to technical and non-technical stakeholders.
Proven leadership skills with the ability to mentor and guide security team members.
Strong collaboration skills to work with cross-functional teams, including developers, product managers, and DevOps.
PERKS & BENEFITS
Education & learning stipend to support your personal growth and development.
Annual Leave / Paid Parental leave to support you and your family.
Company-wide recharge days each quarter.
Work from home allowance to help you succeed in a remote environment.