Job Description

Aera Technology is the Decision Intelligence company. We deliver innovation and services that enable enterprises to operate sustainably, intelligently, and efficiently. Our platform, Aera Decision Cloud™, integrates with your existing systems to digitize, augment, and automate decisions in real time. Aera helps enterprises around the world transform decision making – delivering millions of recommendations that have resulted in significant revenue gains and cost savings for some of the world’s best-known brands.

Responsibility

• • Lead the application security program through tools and technologies to prevent OWASP Top 10 type of attacks.
  • Build our Secure Development program including secure development training and testing.
  • Oversee our penetration tests and remediation plans.
  • Work with our field teams to understand our data ingest and identify risks with new types of data.
  • Build our SCA and SAST tools in our CI pipeline.
  • Lead the application security processes including managing the existing security tools in the CI/CD pipelines, reviewing proposed project architectures, initial threat modeling, triage of the identified application security defects and the suggested fixes.
  • Work closely with the development teams to promote best application security practices
  • Work closely with the infrastructure and the DevOps teams to ensure consistent implementation of the security standards including the remediation of the identified gaps in the security posture.
  • Contribute to the bug bounty triage and remediation processes.
  • Design, implement, and maintain infrastructure as code solutions for managing and protecting cloud resources, ensuring scalability, resilience and security.

Nice to have

• • 5+ years of Software Development experience.
  • 2+ years of pen testing or bug bounty experience.
  • 4+ years working with SCA, SAST, and DAST tools.
  • Expert in the OSI model and the security controls at each level.
  • Expert in OWASP top 10 attacks, remediations, and controls.
  • Must be able to communicate and prioritize security findings with developers.
  • Bachelor's degree in computer science, Information Technology, or a related technical area
  • 3+ years of experience in cloud environments. Proficient in Bash, Powershell or other scripting languages. 
  • Proficient with container technologies (Docker), orchestration (Kubernetes) and infrastructure as code (Terraform).
  • Proficiency in deploying, monitoring, and scaling containerised applications on AWS using EKS, ensuring high availability and performance.