Software Engineer - I - DevSecOps
Plum is an employee insurance and health benefits platform focused on making health insurance simple, accessible and inclusive for modern organizations.
Security
Entry-Level Software Engineer
In-Person
2+ years of experience
Finance · Healthcare
This job posting may no longer be active. You may be interested in these related jobs instead:
Description For Software Engineer - I - DevSecOps
Plum is an employee insurance and health benefits platform focused on making health insurance simple, accessible and inclusive for modern organizations. Healthcare in India is seeing a phenomenal shift with inflation in healthcare costs 3x that of general inflation. A majority of Indians are unable to afford health insurance on their own; and so as many as 600mn Indians will likely have to depend on employer-sponsored insurance.
Plum is on a mission to provide the highest quality insurance and healthcare to 10 million lives by FY2030, through companies that care. Plum is backed by Tiger Global and Peak XV Partners.
As a Software Engineer - I - DevSecOps at Plum, you will:
- Perform security assessments and audits of our infrastructure, identifying and mitigating security gaps and weaknesses.
- Use Terraform and other infrastructure as code tools, managing vulnerabilities, policies and implementing best practices.
- Conduct in-depth security reviews of application code, working closely with developers to code securely from the outset and address issues early during coding and testing phases.
- Work with SAST, SCA, and DAST, addressing real-world challenges in these areas.
- Implement and manage security tools within the CI/CD pipeline, focusing on DevSecOps practices.
- Monitor and analyse logs, events, and metrics to identify security incidents, potential breaches, and emerging threats.
- Handle runtime security, image scanning, network security, access control, host OS hardening, and vulnerability management in the container lifecycle.
- Develop and maintain incident response plans, procedures, and playbooks for effective handling of security incidents and breaches.
- Design, implement, and maintain security measures for our cloud infrastructure, including VPCs, security groups, IAM roles, and access controls.
- Maintain security hardening configurations and guidance for diverse services across AWS, GPC and other public cloud providers.
Join us in our mission to revolutionize health insurance and make a significant impact on millions of lives in India!
Last updated 6 months ago
Responsibilities For Software Engineer - I - DevSecOps
- Perform security assessments and audits of our infrastructure, identifying and mitigating security gaps and weaknesses
- Use Terraform and other infrastructure as code tools, managing vulnerabilities, policies and implementing best practices
- Conduct in-depth security reviews of application code, working closely with developers to code securely
- Work with SAST, SCA, and DAST, addressing real-world challenges
- Implement and manage security tools within the CI/CD pipeline, focusing on DevSecOps practices
- Monitor and analyse logs, events, and metrics to identify security incidents, potential breaches, and emerging threats
- Handle runtime security, image scanning, network security, access control, host OS hardening, and vulnerability management in the container lifecycle
- Develop and maintain incident response plans, procedures, and playbooks
- Design, implement, and maintain security measures for cloud infrastructure
- Maintain security hardening configurations and guidance for diverse cloud services
Requirements For Software Engineer - I - DevSecOps
- 2+ years of Security Engineering experience preferably in AWS or GCP Cloud
- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience)
- Strong knowledge of security principles, best practices, and common vulnerabilities (e.g., OWASP Top 10)
- Familiar with SAST, DAST, Fuzzing, and other tools
- Experience with Wiz, Prisma Cloud, Jira, Confluence & Terraform / CloudFormation (Infrastructure as a code)
- Familiarity with CI/CD tools such as GitHub Actions, Jenkins or CircleCI
- Experience with security technologies, such as firewalls, IDS/IPS, SIEM, DLP, antivirus, and vulnerability scanners
- Good understanding of cloud security architecture, security assessments, audit standards for the Cloud, security threats in the cloud
- Solid understanding of network protocols, TCP/IP, and network security concepts
Explore Jobs By LevelEntry-Level Software Engineer JobsMid-Level Software Engineer JobsSenior Software Engineer JobsStaff Software Engineer Jobs
Explore TrendingLayoffsPerformance Improvement PlanSystem DesignInterpersonal CommunicationTech Lead
