Soma Capital Portfolio Jobs

Security & Compliance Engineer



Bengaluru, Karnataka, India · Remote
Posted on Monday, April 17, 2023

Imagine the possibilities in fin-tech if we remove >90% of the friction in the flow of money and financial data. Imagine the amazing innovations that can happen!

Decentro is an extremely easy to use and plug-and-play API banking platform for financial integrations in India (and soon beyond). We are looking to empower the community of fintechs, platforms, aggregators and even corporates in the country to embed banking in their products.

Do you have a passion for securing software and platforms? Are you passionate about crafting and running security and compliance of systems and software at massive scale and complexity? And, are you unfazed by the interplay of strategic vision and pragmatic delivery?

What is expected from you

  1. Iterative security audit of all the cloud, network, and application components.

  2. Setting up policies, practices, and tools for handling device-level security.

  3. Working with internal and external compliance teams to maintain and improve the organization's security practices.

  4. Owning the communication and action items for the organization in internal and external audits.

  5. Working with the Product and Engineering teams to conduct technology and information security risk assessments and evaluate deliverables, functions, and processes risks.

  6. Working with the Engineering team to set up Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) related tools and practices in the SDLC.

  7. Establishing security metrics and reports to demonstrate the current risk state and progress and measuring compliance.

  8. Setting up frameworks to keep the TAT for responding to security incidents below 30 minutes.

  9. Establishing practices to identify security risks at the device and network level and mitigating them within 1 hour to 2 days, depending on the severity of the issue.

  10. Establishing security awareness within the organization by conducting sessions once or twice every quarter.

What are we looking for

  1. Minimum 1-year experience in the core DevSecOps or Security Engineer role and 3+ years of overall industry experience.

  2. A Bachelor’s degree in Computer Science or equivalent experience.

  3. Strong fundamentals in Computer Networks, Network Security, Server Security, Infrastructure Security, and Information Security.

  4. Solid understanding of data privacy and security standards and hands-on experience establishing and maintaining them. Handling and coordinating ISO 27001 is a plus.

  5. Solid understanding of the AWS cloud infrastructure and hands-on experience in setting up the right security practices. Good to have a comparative understanding of another cloud/non-cloud infrastructure (hands-on not required).

  6. CISSP/CCSP/CISM or related certifications are a plus.

  7. Experience in leading and participating in VAPT and other internal and external audits.

  8. Experience in ethical hacking and exploiting vulnerabilities.

  9. Solid understanding and hands-on experience with Shell Scripting.

  10. Hands-on experience with one of the industry standard languages such as Python, Java, JavaScript, Go, C#, PHP, etc. Understanding a related web framework is a plus.

  11. Solid understanding of databases, including SQL and NoSQL, and hands-on experience working with them.

  12. Strong sense of ownership and responsibility.

  13. Strong written and verbal communication.

What we offer -

  1. The ability for you to make an impact and lay a foundation for the upcoming fin-tech innovations.

  2. A multicultural and diverse team of colleagues from different states that speak in total 6 Indian and global languages.

  3. Progressive and flexible work hours that match your personality and lifestyle.

  4. The best-in-class perks and benefits for developers. Check out our careers page for the same:

Part of YCombinator Summer batch 2020, we're a contrarian and progressive culture of independent thinkers and systematic executors that are driven to build cool things that matter.

If this aligns with you, time to hop on!

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, disability status, or any other characteristic protected by the law.