Security Engineer

Bangalore /
Sequoia Consulting Group – IT & Security /
Full-time
A new opportunity at Sequoia:
We’ve come a long way since launching Sequoia in May of 2001 with just a benefits services offering, one location, and five employees. Now, we have offices in 4 US locations, 1 global location and have big plans for the future. Our goal both then and now, create a truly special company that would take care of people and make a significant positive impact in their lives. The Security & IT Team is looking for a Security Engineer to support the complex security needs of our expanding operations and technologies.

What does the job entail?
The Security Lead/Architect you will partner with multiple teams to develop cutting edge processes and technology for protecting Sequoia’s information assets.  As we continue to strengthen the company’s security posture, you will focus on conceptualizing, planning, implementing and operationalizing IT security services and technologies for Sequoia globally, as well as testing the company’s systems and applications for security holes. The successful candidate will be based out of our Bengaluru office and should demonstrate the desire and ability to learn and grow with our team.  

What You'll Do:

    • Use your deep technical expertise to penetration test and probe all company networks, applications, systems and technologies 
    • Prioritize and fix vulnerabilities that arise from testing and probing 
    • Collaborate with IT, Engineering and other teams to close security holes 
    • Conduct security-related events analysis and provide correlation and response support 
    • Participate in IR exercises and incident investigations 
    • Manage and improve the Threat and Vulnerability Management (TVM) program and the remediation of vulnerabilities for web, mobile applications and infrastructure
    • Set up a bug bounty program to help test and identify gaps 
    • Stay updated on security trends and emerging threats while understanding their impact on Sequoia 
    • Stay abreast of AWS services and security solutions, as well as other technologies and security tools 
    • Partner with teams in remote locations using effective communications 
    • Partner with the IT team to secure AWS, Azure and all corporate environments and services 

What You'll Need:

    • Bachelor’s degree required along with at least 8 years of relevant technical experience and at least one relevant certification (e.g., CISSP, CISA, CISM, CEH, GPEN, GXPN, GWAPT, GMOB, GCIH, OSCP, CEPT) 
    • Strong familiarity and experience with OWASP Top 10 and CWE/SANS Top 25 
    • Must be comfortable with systems operations and maintenance in an MS Windows environment (Active Directory, Office365), Unix/Linux/Ubuntu 
    • Knowledge of AWS services and eager to learn more about AWS security 
    • Expertise with tools such as Kali Linux, Metasploit Framework, Burp Suite, AppScan, WebInspect, static code scanners (Veracode, Fortify, SonarQube), Android Studio, qark, MobSF, Frida, Objection, ios-deploy, applesign, Charles Proxy, Pip3line, SublimeText 
    • Some web app, mobile app and other development experience using Java, JavaScript, React, Redux Saga, jQuery, HTML DOM, REST APIs, C, C++, C#, Spring Framework, PHP, Python, Perl, PowerShell, Bash 
    • Pen testing methodology, reverse engineering, vulnerability research and exploit development and ability to clearly write reports and explain findings and remediation 
    • Experience with digital forensics, debuggers, web proxies, web app scanners, network scanners and tools such as Nessus and nmap  
    • Networking knowledge of Internet firewalls, WAF, LAN, WAN, TCP/IP and VPN environments 
    • Excellent interpersonal skills are required along with the ability to build productive relationships in a collaborative and fast-paced environment 
    • Most importantly, live our Sequoia values day in and day out 

What Success Looks Like in the First 3 Months:

    • You have developed trust and partnership with the leaders and managers in Security & IT, Technology and other functional teams
    • You have established a process for tracking and managing application and infrastructure vulnerabilities and reporting on those
    • You have identified and addressed 5 vulnerabilities in our systems and applications