Cyber Security and compliance Engineer

About Anchanto:

We are a Global B2B cloud company that enables enterprises and partners to grow and manage their end-to-end Commerce and Logistics operations through its world class Cloud and AI products and services. With more than 7,000 customers, leading global brands, large retailers, and postal operators leverage Anchanto to process more than a billion dollars of revenue each year. Our powerful, scalable products deliver rapid innovation integrated to over 135 different commerce and carrier platforms across the world.

Our offices are spread across Singapore, Kuala Lumpur (Malaysia), Jakarta (Indonesia), Manila (Philippines), Sydney (Australia), Bangkok (Thailand), Seoul (South Korea), Pune (India). Our diverse and multicultural fabric is woven in a way that each Anchanter gets complete freedom and opportunity to realize & explore his/her full potential.

We pride ourselves in building awesome & powerful products that have the potential to change the way businesses perceive eCommerce management. We believe in delivering anchanting experiences and aim to become the #1 customer-centric company in our domain.

Job Role Pointers:

• 5+ years’ of experience in AWS cloud Security, Vulnerability Assessment, Penetration testing and mitigation of security risks and vulnerabilities.
• Should have participated end-to-end in at least 1 Compliance audit like ISO27K or GDPR
• Experience in working heterogeneous and fast-paced dynamic work environments.
• The security engineer will be part of the Cybersecurity team reporting directly to the Director of CyberSecurity and Compliance - working to proactively identify the gaps/risks, at Infra and application level, and be able to mitigate or provide mitigation options.
• Shall analyse the VAPT (Vulnerability Assessment & Penetration Testing) reports and assist the Engineering teams in mitigating the risks and vulnerabilities and also bring in controls to avoid the recurrence
• Shall have hands-on experience working on Cloudwatch, Cloudtrail, Guardduty, Inspector, IPS/IDS, WAF, Linux server hardening etc.
• Knowledge and experience with DLP tools and techniques along with email security is preferred
• Be able to communicate in English effectively and efficiently and manage stakeholder expectations
• Required to be as independent on colleagues and manager as possible

Mandatory Skills & Experience:

• Experience in analyzing and in identifying the vulnerabilities manually.
• Experience in web application, Mobile App and network Vulnerability Assessment & Penetration Testing.
• Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g. Qualys, Nessus, WebInspect, Acunetix, Metaexploit, Burp Suite Pro, Netsparker etc.
• Experience in using security frameworks such as Metaexploit, Kali Linux etc.
• Experience and knowledge of Web Application Security standards such as OWASP (Open Web Application Security Project )/SANS etc.
• The Security Engineer should have the ability to stay organized, and possess excellent communication skills.
• Perform penetration tests on computer systems, networks and applications and be able to perform cyber forensics
• Create new testing methods to identify vulnerabilities
• Perform physical security assessments of systems, servers and other network devices to identify areas that require physical protection
• Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses
• Search for weaknesses in common software, web applications and proprietary systems
• Research, evaluate, document and discuss findings with Engineering teams
• Review and provide feedback for information security fixes
• Establish improvements for existing security services, including hardware, software, policies and procedures
• Identify areas where improvement is needed in security education and awareness for users
• Be sensitive to corporate considerations when performing testing (i.e. minimise downtime and loss of employee productivity)
• Stay updated on the latest malware and security threats
• AWS Security experience (hands-on of at least 3 years) is mandatory