About the Company

● Whatfix is the #1 Digital Adoption Platform (DAP) for Enterprises. It is integrated as a layer on top of other software applications, which helps users navigate through their application and guides them in completing their tasks, by providing Interactive and Contextual walkthroughs inside the web application at the exact time when the task is being performed.

● We help Companies in - Accelerating Product Adoption; Easing the User Onboarding Process; Reducing Training time, resources & costs; Reducing Support efforts & costs; and Increasing Employee Productivity.

● With around 120 of the Fortune 500 companies already onboard as customers, Whatfix has been named among the top 20 B2B tech companies alongside the likes of Adobe, PayPal, and Cisco

● With a YoY growth of 300%, it has also been recognized as the 2nd fastest growing Indian SaaS company in the SaaS 1000 list and as a Global Market Leader by Gartner in the Digital Adoption space

● Our Customer obsession and Product’s Value Delivery can be clearly seen in our reviews of 4.7+ on platforms like G2 Crowd & Gartner Peer Insights

● This is what our investors have to say - Sequoia || Stellaris || Cisco || Eight Roads || Helion Ventures

Position Summary:

Your role will be working on leading the security strategy governing the application and cloud-based platform infrastructure. You will work with other infrastructure, DevOps and application engineers to understand product and business needs, provide expertise around Secure application and cloud service development, as well as define and own clear guardrails, alerts, and Security as Code (SaC) deployments to provide 24/7 protection from malicious traffic, vulnerabilities and other attack vectors. 

 Responsibilities:

• Support cross-team security initiatives of internal teams and consult with teams on security in design

• Engineer and tune the cloud security solutions including but not limited to enrollments, monitoring, alerting and maintaining defined security posture.

• Designing a secure application-release automation process to make security an integral part of the CI/CD pipelines and Integrate security tools for issue tracking with Jira.

• Identifying security tools and leading operationalization of solutions from POC to Production.

• Implementing automation to investigation and response workflows for Automated Incident Response.

• Reduce time-to-detect and time-to-remediate by driving the automation of applied threat intelligence and sensor enrichment.

• Work with Architecture teams to Implement a identity management ecosystem holistically and create a secure infrastructure, Enforce compliance with IAM principals including least privilege access, password management, Audit logging, RBAC, deploy and maintain password management, user account lifecycle, certificate management and system authentication solutions

• improve Web App Firewalls (WAF), Ensure early Identification of intrusion & attacks and implement countermeasures

• Implement security measures that monitor and protect sensitive data and systems from infiltration and cyber-attacks.

• Work with cloud providers to obtain understanding of security controls, ensure controls are leveraged

• Develop innovative security controls to protect assets across a complex environment

• Implement security orchestration and automation in support of security operations

• Stay abreast of emerging technologies and threats proactively assess and evaluate the adoption thereof into the organization

• Act as a first-responder for security-related incidents.

• Strong commitment to standardization and documentation

Skills and Experience Required:

• At least 5+ years of total experience in Cyber security including Incident response, Engineering, Cloud architectures, Tuning etc

• At least 3+ years of experience and hands-on expertise in tuning of network sensors like SIEM, DDOS, WAF, Cloud Security and/or Opensource development.

• Must have proficiency with scripting languages (Batch scripting, Python and Ansible)

• Must have experience in Monitoring and improving DevSecOps tools and processes, automate routine tasks, improve system reliability and should be from the strong information security background.

• Must have hand on experience with Linux/Unix systems.

• Experience in developing and reviewing hardening guidelines for various Linux and Unix Operating systems in line with the industry best practices.

• Understanding of security frameworks and standards like OWASP & NIST, Solid understanding of security protocols, cryptography, authentication, authorization

• Good understanding of Linux, TCP/IP protocol stack and networking fundamentals, security principles at all layers of the OSI stack

• Should have broad technical foundation and be able to understand network, operating system, database and application development design and support as necessary to be able to analyse issues and recommend solutions for the detection, remediation and prevention of security vulnerabilities.

• Experience in designing and reviewing security controls for Public cloud based deployments 

• Experience of implementing any cloud based SIEM Tools will be an advantage.

• Experience with PKI, SSL, SSH, HHTPS etc

• Knowledge of RESTful web services (client – server application)

• Hands on knowledge of Automation skills, Dev-Ops skills etc.

• Software development domain and principles, including design patterns, code structure, programming languages, continuous integration (Bitbucket), continuous deployment (Jenkins), and deployment orchestration (Puppet, Ansible, or equivalent)

Qualifications 

• Bachelor degree in a technical field such as computer science, computer engineering

• Minimum experience: 4 yrs. in technology field out of which 3-5yrs in Devsecops 
  
  

  Please Note: 

  • We don't believe in keeping the applicants hanging and give very high importance to closing the loop irrespective of the outcome of your application. 
  • We are an equal opportunity employer and value diverse people because of and not in spite of the differences. We do not discriminate on the basis of race, religion, color, national origin, ethnicity, gender, sexual orientation, age, marital status, veteran status, or disability status