Security Engineer

Requirements

What will you do at Setu?

In this role, you’ll spend your time—

• Participating in the development of security projects, processes, and initiatives within your technical focus area (cloud security, identity access management, vulnerability management, penetration testing, etc).
  

• Driving security audit requirements such as VAPTs.
  

• Contributing to automation of repeated manual tasks for compliance reporting and to improve team productivity.
  

• Contributing to automation of active scans that can detect security lapses in infra.  
  

• Scoping activities of functional security assignments from product and engineering teams.  
  

• Improving security operations by enhancing use cases, processes, and/or code structure.  
  

• Enforcing secure coding practices via DevSecOps and bringing visibility to the current state of things.  
  

• Collaborating with the broader team on security reviews that follow the standards and best practices of information security. 
  

• One or preferably two of these software programming skills: Python, Ruby, Golang, Rust, and a working knowledge of microservices application architecture. 
  
• Thorough understanding of OWASP Top Ten for web, mobile, and APIs. 
  
• Strong understanding of cloud-native architectures and microservices-based web and mobile applications including API contracts. 
  
• Deep understanding of API security tooling like OAuth2.0, SAML, and Keycloak. 
  
• To independently drive security posture enhancement projects like automation, threat modeling, 'security-as-code', application security validation, testing, QA integration, and vulnerability/bug remediation through calibration and filtering false positives. 
  
• To use SAST and DAST tools like OWASP ZAP and BurpSuite. Experience in using manual and automated scanners like Nessus, Nexpose, QualysGuard, Nmap, and OpenVAS, Nexpose besides PT kits like Kali Linux, Metasploit. 
  
• An in-depth understanding of at least a few security domains (application, network, identity access management, vulnerability management, incident response, encryption, remote access). 
  
• Knowledge of Cloud security and DevSecOps practices.
  
• To be comfortable with tools like AWS WAF, Lambda, AWS Guardduty, AWS Shield, and AWS Inspector.
  
• Working knowledge of Ossec, Snort, or any other intrusion detection tools.
  

Benefits

We will spare no efforts to ensure that Setu empowers you to do the most important and impactful work of your career—

• Opportunity to work closely with the founding team who built and scaled public infrastructure such as UPI, GST, Aadhaar, etc. 
  

• We care deeply about your development. So we work hard to provide you with— 
  

• Exposure to other verticals such as business, product, design, etc.
  

• A fully stocked library and unlimited book budget.
  

• Tickets to conferences and industry events.
  

• Weekly learning sessions on Friday where we invite both team members and external experts to teach you something new.
  

• Sponsored music classes where you can pick your choice of instrument from Piano, Guitar, Drums, Violin, Trumpet, and even learn vocals—on the house!
  

• Attractive compensation. We don’t want money to ever be a worry. So you can focus on doing your best work.
  

• Kick-ass benefits including comprehensive health insurance for you and your family, extraordinary coffee, and a beautiful office with lots of solid wood and natural light.
  

• We work hard to make sure our team is diverse and varied. We interview and hire purely on merit, skill and competence—everything else is irrelevant.