About the Role:
Appsecco, an established player in the Cyber-Security space, is looking for people who are passionate about cybersecurity and have a never give up attitude.
As a member of our in-house security team, you will be in charge of performing security assessments of next-gen applications for some of the biggest brands in the world. You will work closely with our customers to define security assessment scope, lead assessment engagements, and map assessment findings into engineering plans of action for remediation, ultimately guiding their product security uplift activities.
Key responsibilities:
- Conduct Container Security, Cloud Security, Vulnerability Assessments and Pen testing (Web/Mobile), Product Security Reviews, Network Security, etc.
- Collaborate with different functions within the organization as well as with clients and ensure our customers are cyber-secure
- Be a subject matter expert in Container security, Cloud Security
- Continuously learn and build technical expertise
- Be a team player, contributing to business success
Basic Requirements:
- Passion for cybersecurity, Willingness to Upskill, Research to find new solutions
- 3+ years of experience in Cyber Security roles with a preference in engineering
- Experience with Web Application VAPT, Product Security
- Experience securing container and orchestration solutions
- Experience with docker, Kubernetes open-source tools, managed Kubernetes services and platforms (Openshift, AKS, EKS, GKE etc.), Helm
- Experience in performing Container security configuration reviews and vulnerability assessments
- Experience with Container Security Architecture risk assessment and Threat modelling
- Certifications CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist)
- Experience in Vulnerability scanning and management on container environments
- Experience in public cloud is required (AWS, Azure, GCP)
- Experience with Cloud Security Architecture risk assessment, Threat modeling, Cloud security maturity assessments and Cloud Configuration reviews
- Experience working with industry standard regulations and compliance frameworks (PCI-DSS, ISO, NIST, SANS, SOX, SOC II, HIPAA)
- Experience with Ansible and Terraform is preferred
- Certifications in AWS or Azure or GCP
- Knowledge of Cloud platform models including IaaS, PaaS and SaaS; and ability to secure the respective models..
- Proficiency in a wide range of Public cloud technologies (ex. AWS EC2, EKS, EBS, RDS, S3, etc).
- Proficency in secure SDLC, CI/CD and DevsSecOps
- Proficiency in Infrastructure as Code (IaC) technologies such as CDK or ARM or Cloudformation or Terraform.
- Proficiency in IAC security and related tools
- Scripting and automation skills highly preferred (APIs, Python, Bash, Powershell, Go)
- Knowledge of Agile software development methodologies
- Knowledge of high availability and resiliency concepts for infrastructure, including failover, clustering, disaster recovery, blue-green deployment, and site reliability engineering
- Familiar with best practices in deploying Kubernetes and have a firm grasp on the challenges and solutions around securing a cluster
Notice period – 0-30 days.