Head of Security - Rayatheapp : Job Details

In a world where many social apps measure their success by time spent online, Raya is a technology company focused on providing utility. Our iOS only app is a tool for discovery of and access to exciting people, events, opportunities and recommendations globally. We believe that by marrying great software with a membership based community built around core values of trust, creativity, and reciprocity, we can provide solutions that have heretofore been impossible.A Security Engineer at Raya is a skilled professional responsible for ensuring the protection of our organization's information systems and networks from potential threats. We are looking for an individual who is adept at analyzing, designing, and implementing robust security measures to safeguard sensitive data and assets. They will also stay up-to-date with the latest security trends and continuously assess and mitigate risks to maintain the organization's security posture.What You'll Do:

• Backend Security Ownership: Ensure the security of our signup and SMS flows. Implement and review rate limiting for optimal security. Conduct code audits to identify and rectify potential security vulnerabilities.
• Third-Party Package Security Management: Monitor security vulnerabilities in our packages and implement fixes. Evaluate and maintain the security of our own packages and repositories.
• Vendor Security Assessment: Assess and ensure the security of our setup with vendors like Datadog and Mixpanel.
• VPN and Managed Devices Security: Implement and maintain security measures for our VPN and managed devices.
• Credential Management: Oversee the secure issuance of credentials for applications and operators. Ensure the proper documentation and security of the credential management process.
• Employee Communication Security: Restrict and manage employee email access to prevent phishing attacks.
• Threat Research and Analysis: Stay informed about new attacks and threat models related to our code and infrastructure. Advocate for appropriate measures to address potential exploits in a prioritized manner.
• Monitoring Systems: Designing and developing monitoring and response systems, implementing dependency checks, and working on security scanning tools in the CI/CD pipeline.Experience You Have:
  • 10+ YOE minimum.
  • Ample experience doing the below at different companies.
  • Coding / Software-Engineer with a keen interest in security.
  • Network Security.
  • Penetration Testing.
  • Knowledge of bash scripting, Linux, and operating systems.
  • Familiarity with DevOps and cloud technologies (AWS, Kubernetes, Docker) preferred.
  • Experience with CI/CD like Jenkins and GitHub actions.
  • Experience with security tools like Burp Suite, Kali Linux, Metasploit, Nmap.
  • Experience with SemGrep, Nuclei, Trufflehog, and Checkov.
  • Up-to-date knowledge of security trends and exploits in the industry.
  • Self-starter and effective communicator. #J-18808-Ljbffr