AVP - App Security

Mumbai /
Dream11 – -Technology /
Technology @ Dream11
Our tech team is the core of Dream11’s mobile-first cross-platform (desktop + mobile PWA, Android & iOS) fantasy product serving more than 10 crores+ users with over 75+ million rpm (requests per minute) at peak concurrency.
Our tech stack is hosted on AWS and is built on Cloudfront / AWS API Gateway, NGINX, / Java, Redis / ElastiCache and MySQL / Cassandra as our end to end stack. Besides these, we heavily use MongoDB, Kinesis, Kafka, RabbitMQ, Spark, Redshift and other cutting edge techs to keep improving Dream11's performance. As a data-driven team, we also use R, Python and other big data technologies for Machine Learning and Predictive Analytics.

Your Role:

    • Understand complex technical and architectural issues from the security perspective
    • Review application security and approve application changes 
    • Perform Manual / Automated Application Vulnerability Assessment & Penetration Testing 
    • Set up process / policies / controls / standards to meet state of the art security compliances 
    • Managing technical documents including VAPT / Application Security tracking and reporting.
    • Highly focused on automation based methodology to get maximum output and coverage
    • Manage / Collaborate with teams for Application Security Architecture and Development in the testing and remediation process
    • 3rd Party Vendor / Auditor Management / Maintain MIS

Must Have:

    • 7+ years experience in Web / Mobile application security paradigm having experience of working with developers throughout Secure Software Development Life Cycle
    • Extremely proficient with manual penetration testing and with automated methods/tools.
    • Working knowledge of any programming / scripting languages
    • Understanding of RDBMS as well as NoSQL database technologies 
    • Ability to perform automated & manual secure code review and provide security guidance to developers.

Good to Have:

    • Good Exposure with Web Application Firewalls (WAF)
    • Knowledge of any cloud based platform like AWS, GCP etc.
    • Has proven experience in helping institutions identify critical security issues using a responsible vulnerability disclosure programme (RVDP)
    • Has participated in Bug Bounties & CTF
    • Working in a growing start-up environment 
Dream Sports is a sports technology company with brands such as Dream11, FanCode, DreamX, DreamSetGo and DreamPay in its portfolio. Dream Sports is executing its vision of ‘Make Sports Better’ by providing multiple avenues for fans to deeply engage with the sports they love through fantasy sports, content, commerce, experiences and events, among others.
Founded in 2008 by Harsh Jain and Bhavit Sheth, the company has been ranked #10 among India’s Great Mid-Size Workplaces in 2019 and was recognised as one of the top 10 innovative companies in India by Fast Company in 2019. Kalaari Capital, Think Investments, Multiples Equity, Tencent and Steadview Capital are the marquee investors in Dream Sports.