About Us
Orkes is a platform for developers to build durable, distributed event driven applications. Based on the popular open source orchestration engine Conductor, Orkes lets developers focus on faster go to market with applications, scaling them to handle billions of workflows without having to worry about failures, scalability or visibility into the executions.
Orkes is looking for its first DevSecOps engineering professional to join its Engineering team. You are a fit if you thrive in a fast-paced culture that values essential communication, collaboration, and results. You are a self-motivated, detail-oriented individual with an eye for automation, process improvement, and problem solving. In this role you will have the ability to influence engineering and set security standards for the company.
Your day to day at Orkes
1. Integrating Security into Software development processes
-Monitor and improve security tools integrated into the CI/CD pipelines (e.g., static code analysis, dynamic testing, dependency vulnerability checks).
-Automate security testing to run at each stage of the software delivery process, ensuring fast and secure releases.
2. Cloud Infrastructure Security
-Audit and monitor cloud security in all 3 major cloud providers to ensure configurations follow best practices, particularly for IAM roles, encryption policies, and VPC/network settings.
-Harden cloud environments by implementing security measures like encryption at rest and in transit, proper network segmentation, and logging/monitoring setups.
-Apply security patches and updates to cloud infrastructure services and automation scripts.
3. Vulnerability Management
-Regularly scan for vulnerabilities in code repositories, third-party dependencies, and infrastructure, using tools like OWASP ZAP, SonarQube, or similar.
-Prioritize and remediate vulnerabilities found during scans, working closely with developers to ensure timely fixes.
--Track vulnerabilities from detection through remediation, maintaining visibility for stakeholders.
4. Automation and Tooling Management
-Develop and maintain scripts to automate repetitive security tasks, such as vulnerability scanning, compliance reporting, and incident response.
-Optimize and scale automation as the company grows, ensuring that security processes do not introduce delays in the development workflow.
5. Container and Application Security
-Secure containerized applications by applying best practices for Docker and Kubernetes security, including image scanning, runtime monitoring, and applying security patches to containers.
-Set up and enforce security policies for microservices and container orchestration, ensuring containerized environments remain secure and resilient to attacks.
6. Incident Detection and Response
-Monitor security logs and alerts for signs of breaches, misconfigurations, or other suspicious activity using a SIEM or logging tools (e.g., ELK Stack, Splunk).
-Investigate and respond to potential security incidents, conducting root cause analysis, and applying lessons learned to prevent future incidents.
-Document and improve incident response plans, preparing the organization for faster and more effective responses to potential threats.
7. Compliance and Security Governance
-Ensure ongoing compliance with security policies, industry standards (e.g., SOC 2, GDPR, ISO 27001), and regulatory requirements as the company scales.
-Document and maintain security controls, creating frameworks for secure software development and operational security in a way that aligns with the company's growth.
-Perform internal security audits and help with external security assessments as needed.
8. Collaboration and Security Awareness
-Collaborate with developers and DevOps engineers to embed security practices in all stages of software development, providing them with guidance on secure coding.
-Conduct security training and awareness sessions for developers and team members, ensuring the team adopts a security-first mindset.
-Communicate security priorities with leadership and provide updates on security metrics, incidents, and remediation efforts.
9. Monitoring and Logging
-Set up and maintain centralized logging and monitoring for infrastructure and application security, ensuring the team has visibility into potential security risks.
-Tune alerting systems to reduce noise and ensure that critical security events are highlighted immediately.
10. Continuous Improvement
-Evaluate new security tools and technologies that can improve the company’s security posture and automate routine security tasks.
-Stay up to date with the latest security trends, vulnerabilities, and best practices in both cloud and application security.
-Proactively identify security gaps in infrastructure and applications, addressing them before they turn into significant risks.
11. Culture
Help a security first mindset within the organization starting with the engineering org.
Skills that help you succeed
Must-Have:
-Experience: 7+ years in a DevSecOps or related role (DevOps, security engineering, etc.) in a software development environment.
-Strong Understanding of DevSecOps Practices: Solid grasp of integrating security within the software engineering lifecycle and managing security through automation.
-Cloud Platforms: Hands-on experience with at least one of the major cloud providers like AWS, Azure, or GCP, focusing on cloud security best practices (e.g., securing S3 buckets, IAM roles, VPC security).
-Infrastructure as Code: Experience with infrastructure-as-code (IaC) tools like Terraform, CloudFormation, or Ansible.
-Familiarity with Java /Golang /C++.
-Security Tools: Proficiency with security tools like vulnerability scanners (e.g., OWASP ZAP, Nessus), security testing tools (e.g., SonarQube, Checkmarx), and log management tools (e.g., Splunk, ELK Stack).
-Container Security: Familiarity with securing containerized applications (Docker, Kubernetes) and managing container security tools.
-Scripting & Automation: Strong proficiency in scripting languages (e.g., Python, Bash) to automate security processes and tasks.
-Version Control & CI/CD: Experience with version control (Git) and CI/CD tools like Jenkins, GitLab CI, or CircleCI, with security best practices implemented at every stage.
-Compliance & Risk Management: Knowledge of relevant security standards (e.g., OWASP, NIST) and how to implement them in a fast-paced software environment.
Nice to Have:
-Security Certifications: Industry certifications such as CISSP, CEH, AWS Certified Security – Specialty, or Certified DevSecOps Professional.
-Experience in a Startup Environment: Ability to operate independently and take ownership of security processes in a lean, agile, and rapidly growing startup environment.
-Threat Modeling: Experience with threat modeling and risk assessment techniques for identifying potential security flaws early in the development process.
-Zero Trust Architecture: Knowledge of or experience implementing Zero Trust security principles within cloud infrastructure.
Soft Skills:
-Demonstrate a sense of strong ownership mentality and ability to get things done.
-Strong Communication: Ability to clearly communicate security concepts to both technical and non-technical teams, translating complex issues into actionable recommendations.
-Problem Solving & Initiative: Self-starter with a proactive mindset, able to identify gaps and implement security solutions in a fast-moving startup environment.
-Collaboration: A team player who can work cross-functionally with developers, operations, and leadership to build security into the fabric of our infrastructure and products.
-Influence without authority : Ability to influence others in the organization and help prioritize and guide as per security best practices
More Details
-Start Date: ASAP
-Type: In Office
-Location: Bangalore India
-Department: Engineering
-Reports to: Head of Engineering
At Orkes, we are committed to building a team that reflects a rich tapestry of perspectives, identities, and professional experiences. We believe that diversity is not just a checkbox, but a driving force behind innovation, creativity, and success. By embracing a variety of backgrounds, we cultivate an inclusive environment where every team member feels valued and empowered to bring their authentic selves to work.
Join us at Orkes and be a part of a team where your unique perspectives are not only welcomed but celebrated. Together we are shaping the future technology by leveraging the strength that comes from embracing diversity in all its forms. Your Journey with us is an opportunity to contribute to something greater and make a lasting impact.