Job Description

Druva is the global leader in Cloud Data Protection and Management, delivering the industry\'s first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence - dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it.Druva\'s award-winning solutions intelligently collect data, and unify backup, disaster recovery, archival and governance capabilities onto a single, optimized data set. As the industry\'s fastest growing data protection provider, Druva is trusted by over 4,000 global organizations, and protects over 100 PB of data.Please do visit us at:Druva has built a highly scalable and secure SaaS platform for offering data protection services to its customers. Druva is looking for architects who are passionate about driving software development with a security first mindset and thereby maintaining the highest level of security standards for such a platform. As part of the engineering organization, you will have opportunities to define and drive the adoption of security by design principles for developing, testing and deploying Druva\'s data protection and data management software at scale.Skills & Qualifications :

• Expertise and hands-on experience in designing and implementing SaaS software with security-first mindset.
• Strong expertise in cybersecurity technologies, protocols and frameworks for web, network, endpoint and data security including but not limited to those related to authentication, authorization, identity management, encryption and cryptosystems.
• Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies and working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM
• Extensive knowledge in using SAST, DAST, IAST, and or RASP and fuzz-testing tools. Experience in implementing and managing static scanning tools such as BurpSuite, Snyk, OWASP ZAP, OpenVAS etc.
• Proficiency and expertise in defining and implementing security best practices and guidelines to be followed during each phase of the software development lifecycle starting from architecture and design to implementation, testing and deployment.
• In-depth awareness and knowledge of the security ecosystem and tech stack including NIST cyber security framework, cryptosystems, threat modeling, attack vectors and nature of cybersecurity attacks, incident response, tools for security assessment as well as vulnerability and other types of testing.
• Experience with SaaS platforms like AWS & Azure is a plus.
• Experience with SaaS based data management products is a plus.
• Familiarity with information security standards and best practices, PCI DSS, ISO 2700x, SOC 2 Control frameworks such as ISO, NIST, etc as it relates to application security
• Bachelor\'s degree or B.S in Computer Science, Information Technology & Management or equivalent, Advanced degree is preferred. Any one of the Certifications; CSSLP, CEH, CASE,GIAC-GWEB, OSCP, OSWE, or similar preferred
• 4+ years of industry experience in securing software products.
• Advanced degree in Computer Science is a plus.

• Work with various engineering teams across different products to define security best practices and principles to be followed during software development.
• Continuously assess newer security technologies, tools and libraries that help in building, testing and deploying secure software. Help the engineering teams in adopting and integrating such technologies and tools into their tech stack, build pipelines and test frameworks.
• Be at the forefront of helping and collaborating with engineering, operations and infosec teams to identify and respond to security incidents.
• Development, publication, and maintenance of secure development standards, guidelines, patterns, as well as working with engineering peers to adopt the publications
• Build and leverage threat models to secure core product features & services
• Drive toward automation and advancement of security tools and processes ensuring innovation in various product security areas.
• Mentor, guide and train engineers on security.

Druva