Security Engineer Job in Immply

SECURITY ENGINEER

Location

• Pune, India

Company Description

Since 2010, Annex Cloud (USA) in association with IMMPLY, has provided more than 250 leading brands and retailers, including NuSkin, Morphe Cosmetics, Jane Iredale, MacKenzie-Childs, Sugarfina, Bed Bath & Beyond, TaylorMade Golf, etc., with the ability to engage tens of millions of their customers one-to-one at scale.

Immply s advanced loyalty and marketing platform provides fully integrated Customer Loyalty, Referral Marketing, and User Generated Content solutions that seamlessly work together to optimize the customer journey and deliver a unified customer experience, a greater quantity and quality of referrals and content, and more high-quality and resilient customer relationships.

Learn more at https://www.annexcloud.com/.

Responsibilities

• Implement and maintain manual and automated testing tools and processes for manual code reviews, static and dynamic application security testing, and penetration testing.
• Identify vulnerabilities in code, working with other Engineering teams to do so if necessary.
• Identify areas for automation and implement security tools into CI/CD pipelines and SDLC to increase security testing coverage.
• Establish metrics and implement reporting tracking the effectiveness of security programs.
• Conduct risk analysis to identify gaps, find security bugs, and help teams develop mitigation plans.
• Improve the security posture of products by influencing the architecture, design, and development via design input or code review.
• Mentor software engineers and act as a subject-matter expert for security issues and provide guidance on best practices.
• Research emerging threats, publicly disclosed vulnerabilities or attack vectors and proactively push mitigating controls to products and services.
• Work independently to maintain and improve overall company security posture.
• Working with internal teams and auditors to maintain compliance certifications (e.g. SOC2, GDPR).

Minimum Qualifications

• Strong working knowledge in the domains of Web, Application and Infrastructure Security, OWASP Top 10, SSL/TLS, PKI, and practical cryptography usage.
• Strong understanding of Infrastructure and Public Cloud security best practices.
• Ability to understand code-level issues and promote secure coding practices for one or more languages like JavaScript, PHP, and My SQL.
• Experience with security testing tools (e.g. Vulnerability Scanners, Pen Testing Tools).
• 2+ years experience on an internal security team.
• 2+ years coding/software engineering experience (e.g. Python, Java, JavaScript, Ansible).
• Experience with AWS.

Bonus Requirements

• Pen testing experience.
• AWS Certified Solution Architect, Security, or DevOps professional.
• Familiarity with security and privacy frameworks and regulations (e.g. SOC, PCI, ISO, GDPR, CCPA).