The Elevator Pitch: Why will you enjoy this new opportunity?

Security is a top priority at Omnissa, and you will be able to show your passion for security and make meaningful contributions. You will be empowered to think outside of the box and design innovative solutions.

As a Staff DevSecOps Engineer in a small but mighty team, you will wear many hats. At times you will function as a Cloud Security Architect, designing technical enhancements that serve as a model across product lines. At other times, you will be assisting DevOps teams in responding to potential incidents, or triaging urgent findings, or improving our security management processes. You thrive on a fast paced environment with a lot of variety.

You will have the opportunity to work with some of the most talented people in the industry to continually assess and improve the security posture of leading SaaS products in the End User Computing space.

Key Responsibilities:

You thrive on working across multiple security domains, with core activities including:

• CI/CD Security: Integrate and improve security controls in the CI/CD pipelines to enable efficient and secure software delivery.
  • Skills Needed: Understanding of secure software delivery principles and microservices architectures on platforms like Kubernetes, Docker, Serverless and cloud-based virtual machines. Experience with CI/CD tools and processes.
• Design and Refinement of Security Configurations: Develop and optimize standards to enhance the security of our applications and systems.
  • Skills Needed: Knowledge of security standards and best practices. Experience with WAF, network firewalls, NIDS/HIDS, and AWS.
• Vulnerability Identification and Remediation: Develop and implement strategies and processes for improving vulnerability identification and management. Work closely with development and operations teams to remediate identified vulnerabilities.
  • Skills Needed: Understanding of shift-left and best practices for proactive vulnerability identification, mitigation and remediation. Experience with SCA, SAST, and runtime scanning tools in cloud environments.
• Automation for Security and Compliance Processes: Design and implement automation to support processes related to security and compliance.
  • Skills Needed: Familiarity with automation tools and frameworks, such as Ansible and Terraform.
• Threat Modeling: Conduct comprehensive threat modeling for both new and existing services to identify potential security risks and provide recommendations for mitigating those risks.
  • Skills Needed: Understanding of threat modeling frameworks, such as STRIDE, PASTA, and/or Attack Trees. Knowledge of security frameworks such as MITRE ATT&CK and OWASP standards. Experience communicating security requirements to developers.
• Incident Detection and Response: Contribute to and improve incident response activities to quickly address and mitigate security incidents.
  • Skills Needed: Quick decision-making, problem-solving skills, and continuous improvement mindset. Knowledge of security frameworks such as MITRE ATT&CK.
• Security Evangelism and Training: Advocate for and promote a culture of security and best practices within the organization.
  • Skills Needed: Passion for security, and excellent communication and presentation skills.
• Security Testing and Research: Stay up to date with the latest security trends and testing methodologies.
  • Skills Needed: Lifelong-learning mindset, and proficiency in security testing tools and methodologies.

Qualifications:

• 10+ years of hands-on experience with CI/CD environments on AWS
• Strong knowledge of cloud security weaknesses and mitigation techniques
• Proficiency in at least one of the following scripting languages: Python, Terraform, CloudFormation.
• Strong problem-solving skills
• Ability to learn independently and is self-driven
• Experience leading practical threat modeling
• Excellent documentation and communication skills

• Previous experience in SaaS product security strongly preferred

Leadership and Team Culture:

• Report to the head of product security.
• Work closely with a committed team of security engineers, product managers, and developers focused on innovation and getting things done.
• Build trust among team members and stakeholders, committing to customer success.
• Operate in a transparent, communicative environment that emphasizes work-life balance and having fun at work.

Location:- Bengaluru

Hybrid Model : This role offers a balanced arrangement, with the expectation of working 3 days a week in our local office and the flexibility to work from home for the remaining days. It is essential that you reside within a reasonable commuting distance of the office location for the in-office workdays.