Security Engineer

Bengaluru, Karnataka, India Full-time

About Us

Whatfix is disrupting the way Application Support and Learning content is consumed by providing Contextual and Interactive WalkThroughs inside enterprise applications at the exact time a task is being performed.

We provide enterprises with a Software Platform that allows them to create Interactive Guides or Flows that sit as an overlay inside any web application. Flows are Contextual - appear based on where you are in the application (location) and who you are (role). Optimal performance and adoption of any web application is attained when there is easy access to Contextual Information - inside the application at the time a task is being performed.

Our Team

The Engineering team at Whatfix provides end to end engineering throughput that forms part of core platforms and services that drive Whatfix business.

Our team is responsible for creating the Customer Platform and everything around it be it Analytics, Infrastructure or Core Algorithms. The team owns and is responsible for all pieces that we design, build and support end to end for Whatfix product/ business.

Your Opportunity

As part of the Core Engineering Team @Whatfix, you’ll have the opportunity to make a difference by uncovering vulnerabilities in our products, infra and processes and work with respective teams to fix those. At Whatfix it’s all about scale. One of the key attributes of this job is that you are required to continuously innovate and apply technology to keep our IP safe.

Your Responsibility

  1. Conduct tests on Networks and Applications - Perform tests on networks, web based applications and computer systems. Design these tests and tools to try to break into security protected applications and networks to probe for vulnerabilities.
  2. Physical Security Assessments - Conduct physical assessments of servers, systems and network device security. Look for ways to exploit vulnerabilities and design solutions to security issues. 
  3. Conduct Security Audits - Analyze the security policies for effectiveness, make suggestions for security policy improvements and work to enhance the methodology material.
  4. Security Compliance Accreditation - we are ISO 270001 and SOC2 compliant. Create and maintain documentation in support of current controls, policies, standards and procedures related to ISO & SOC certifications, by working directly with teams to develop auditable procedures to ensure ongoing compliance 
  5. Write Security Assessment Reports - After conducting thorough research and testing, document the findings, write detailed security reports and discuss solutions with Engineering/IT teams and management. Provide feedback and verification after security fixes are issued.
  6. Responding to Security requirements in Customer RFEs - work with Sales and Customer Success teams to close business deals by ensuring customers understand our security posture
  7. Develop and/or Contribute to add features for analytics at Whatfix
  8. Hire, Develop and Retain a strong team of engineers.

Our Ideal Candidate

You have a deep interest and passion for technology. You love love to push limits, solve technologically complex problems and enjoy working with people who will keep challenging you at every stage. You are highly analytical and have strong problem solving, decision-making and excellent communication with interpersonal skills. You are self-driven and motivated with the desire to work in a fast-paced, results-driven agile environment with varied responsibilities.

Your Qualifications:

  1. 7+ yrs. of experience in Computer Science or a related field
  2. Ability to work with teams in a collaborative and productive manner
  3. Strong computer science fundamentals in ethical hacking field
  4. A self-motivated learner and builder with strong customer focus and obsession with quality
  5. Strong Technical Leadership expertise

Must Have:

  1. Experience in Programming Languages like Java, SQL, JS, Python
  2. 5 or more years of experience with Security Assessment tools like: Aircrack-ng, Burpsuite, SQLmap
  3. Experience with Security frameworks like NIST, SOX, HIPAA
  4. Analyze Functional & Non-Functional requirements with effort estimation and deployment strategies
  5. Hands-on debugging skills
  6. Experience with Storage systems - RDBMS, NoSQL (Cassandra/MongoDB)
  7. Previous SOC or ISO compliance program experience

Good to have:

  1. Experience in Client-side technologies such as GWT, jQuery
  2. Distributed systems using Hadoop, PIG, AWS Redshift, Google Big Query
  3. Knowledge of Web crawlers like Apache Nutch
  4. Knowledge of analytics platforms like Google Analytics, Omniture, ELK, Mixpanel etc

 

Behavioural traits: 

  1. Excellent communication and technical leadership skills
  2. Can-do attitude to take BIG problems by their horns and solve them
  3. Ability to inspire others & be a role model and mentor for upcoming engineers in the organization
  4. Entrepreneurial spirit to conceive ideas, turn challenges into opportunities and build products

 

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status