SDE 3 - Information Security & Compliance

Bengaluru, Karnataka, India | Engineering | Full-time | COVID-19 remote

Apply

About Us

Hiver offers teams the simplest way to offer outstanding, personalized customer service. As a customer service solution built on Gmail, Hiver is intuitive, super easy to learn, and delightful to use. Hiver is used by thousands of teams at some of the best known companies in the world to provide attentive, empathetic and human service to their customers at scale. We’re a top rated product on G2, and rank very highly on customer satisfaction.

At Hiver, we obsess about being world class at everything we do. Our product is loved by our customers, our content engages a very wide audience, our customer service is one of the highest rated in the industry, and our sales team is as driven about doing right by our customers as they are by hitting their numbers. 

We’re profitably run, and are backed by notable investors. K1 Capital led our most recent round of $22 million. Before that, we’ve raised from Kalaari Capital, Kae Capital and Citrix Startup Accelerator.

We have worked hard to build a work environment that is invigorating, creative and positive. We love working with people who own and love what they do, and we are serious about making sure that everyone who works at Hiver finds the work that they do enriching and satisfying.

Opportunity

  • Own & manage integrated vulnerability management to bring visibility to technical debt
  • Evolve & mature security stack to support a multi-cloud strategy in a high-density containerized environment
  • Own the cloud security program and concentrate efforts on continuous improvement of the cloud security configurations aligned to global standards like NIST CSF, ISO 27001, ISO 31000, Cloud Security Alliance, SOC 2, etc

Responsibilities

  • Draft technical standards for remediation of vulnerabilities identified on the cloud stack
  • Perform risk assessment of proposed and existing cloud architecture adhering to cloud security policies, procedures, and standards for recommending technical and administrative controls to mitigate identified risks
  • Work in synergy with infra/product engineering teams in defining baseline security configuration, build continuous visibility for detecting misconfigurations/ vulnerabilities
  • Provide SME in the analysis, assessment, development, and evaluation of security solutions and architectures to secure applications, operating systems, databases, and networks
  • Work with cloud vendors and external security researchers to resolve security gaps
  • Prepare and deliver training and security awareness activities to the Engineering teams
  • Maintain compliance policies and procedures on behalf of the organization
  • Remain up to date on federal and state laws related to the organization and update policies accordingly
  • Perform compliance audits to determine whether established protocols are being followed and where they can be improved
  • Maintain up-to-date written documentation and policies related to the organization's business activities

Requirements

  • Masters or Bachelors in Computer Science or Computer Engineering or CDAC (or equivalent courses)
  • At least 5 years of hands-on experience as a DevSecOps Engineer with risk management or compliance roles
  • Design, implement, support, and evaluate security-focused tools, vulnerable management tools, and services
  • Conduct periodic vulnerability assessments
  • Participate in incident handling and other related duties to support the information security function
  • Experience managing very large-scale, public-facing websites/apps
  • Understanding of all the infrastructure pieces and protocols needed to make big sites work
  • Proficient in scripting (Python/Bash) and Git workflows
  • Proficient in leveraging CI and CD tools to automate testing and deployment
  • Experience working in an Agile/Scrum, DevSecOps environment
  • Good experience on one cloud platform (AWS/Azure), Linux-based systems. (CentOS/Debian)
  • Deep knowledge of federal laws related to Data Privacy like GDPR, CCPA is a must
  • Cloud, ISO/ISMS/SOC 2/PCI DSS audit experience is a must
  • ISO Internal Auditor certification is a must, the CISSP certification is a plus
  • Experience in building security setup from scratch plus
  • Redhat certified and AWS/Azure certification are a big plus