Job Description

HMH is a learning technology company committed to delivering connected solutions that engage learners, empower educators and improve student outcomes. As a leading provider of K-12 core curriculum, supplemental and intervention solutions, and professional learning services, HMH partners with educators and school districts to uncover solutions that unlock students' potential and extend teachers' capabilities.

HMH serves more than 50 million students and 4 million educators in 150 countries. HMH Technology India Pvt. Ltd. is our technology and innovation arm in India focused on developing novel products and solutions using cutting-edge technology to better serve our clients globally. HMH aims to help employees grow as people, and not just as professionals.

We are seeking a Senior Security Engineer who will be responsible for identifying and mitigating vulnerabilities in our codebase by leveraging static analysis tools and techniques. The ideal candidate will have a strong background in application security, a deep understanding of SAST tools, and a passion for ensuring secure software development practices. This role will lead the task of refining, managing and executing strategic product/application security roadmap that is based on industry standard software security frameworks. You will plan, implement and track key initiatives focused on product / application security strategy, metrics, compliance, policy, developer awareness, training and stakeholder engagement. You should be comfortable communicating security directives to all employees including but not limited to Team Members, Leadership and Executives when required. You will work closely with multiple teams that make up Information Security, Product Management, Engineering, Legal, Risk and Compliance to improve product / application security controls and drive impactful change to the team and its members.



Duties & Responsibilities include:

Work closely with Application, Systems and Network engineering teams on the design, development, and operation of secure online services

Proficient in analyzing ambiguous problems, compelling communicator with the ability to receive and analyze information, translating security risk to business risk to driving actionable decisions across multiple levels and departments

Work on leading application security remediation work, leading the mitigation initiative to accommodate the developer community priority

Address & mitigate exploits and attack vectors for vulnerabilities such as SQL injection, XSS, CSRF, session hijacking and other OWASP vulnerabilities.

Working knowledge of Identification and Validation of Security vulnerabilities in Application

Work on security incident response and forensics investigation activities

Work on Network/Application security vulnerability assessment and management

Work on regulatory requirements and ability to implement technical aspects and other compliance standards where applicable.

Review and monitoring of cloud infrastructure, physical infrastructure, and the full life cycle of security alerts etc. through incident response.

Work as an internal advocate to ensure securing data, systems, applications, and networks in accordance with security best practices

Perform various IT system support and tasks as needed specific to the areas of security

Work independently and efficiently to meet deadlines

Stay abreast of latest cyber security threats both internal and external

Support and implement controls and visibility to meet third party attestations (SOC2, ISO27001, GDPR, SOX)

Qualifications Experience of working in a collaborative, agile development environment as a team player Good communication (oral and written), interpersonal, organizational, and presentation skills with an ability to represent complex data in executive level graphical reporting dashboards. Highly organized in doing communication with multiple teams with strong organizational skills 2+ years of application architecture or development experience having familiarity and understanding of web application development framework [ React, NodeJS, Angular, Spring, MVC etc.] Strong knowledge of both cloud and on-premises platforms coupled with hands-on experience working with major cloud providers such as AWS, Azure, and GCP. Strong knowledge of both cloud and on-premises platforms, security, and tools (e.g., PaaS, IasS, SaaS) and support AWS shared services components 3+ years of hands-on experience with vulnerability assessment tools used as SAST, DAST, IAST, RASP and WAF. (e.g., Snyk, Orca, Rapid7, CrowdStrike, Mitiga, Imperva WAF) Familiarity and understanding of modern web application development with good experience in HTML/CSS/ React/AngularJS Working knowledge of Identification and Validation of Security vulnerabilities in Application, common web application attack vectors, understanding the risks, and developing mitigation plans. 3+ years of experience with security infrastructures within cloud environments Experience in leading application security remediation work, leading the mitigation initiative to accommodate the developer community priority. Knowledge of Scripting or programming experience in languages such as Python, Shell/BASH scripting etc. Understanding of encryption and authentication technologies. Spring/MVC and Spring filter development and J2EE design patterns and IOC 2+ years scripting or programming experience in Python, Shell/BASH scripting, or other languages. Having prior experience on any other languages (e.g., Java, C/C++, Perl) is nice to have Familiarity and understanding of some of modern web application development framework [ e.g., React, NodeJS, Angular, Spring, MVC etc.] is nice to have Experience with SIEM tools such as Splunk, Sumo Logic etc. is nice to have Have good experience with security infrastructures both cloud and non-cloud infrastructure (Traditional Data Centers) Understanding of CIS, NIST or ISO 27001 managed framework Understanding of encryption and authentication technologies Prior experience in Design, develop, and debug secure software for externally facing corporate web sites within Web Content Management framework is nice to have. Have Prior Experience on Kubernetes, microservice architecture is nice to have



HMH Technology Private Limited is an Equal Opportunity Employer and considers applicants for all positions without regard to race, colour, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. We are committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.