About Us
WebEngage is a customer data platform and marketing automation suite that makes user engagement and retention simplified. A 10 year vintage rock solid SaaS play growing near-profitably on the back of great product and service experience. Offers a single dashboard solution to consumer companies to unify and analyse their customer data, engage with customers across multiple channels and personalise every message, including in-line content on the web / mobile apps. We work with thousands of brands worldwide, across industries like E-Commerce, Edtech, Fintech, Foodtech, Media & Publications, Gaming, BFSI, Healthcare, and Online Retail.One of the hottest global SaaS companies, we've been recognized by G2 as a Marketing Automation Leader in Asia 2021. We're growing 100% year-on-year, presently at $20M ARR with offices in Gurgaon, Mumbai, Bangalore and Dubai and are expanding this year to Brazil and Indonesia. A battle hardened team, accessible founders and a resilient culture of sustainable growth with no shortcuts. A somewhat uncommon, in-the-ring view of building a company to last.Learn more about us at www.webengage.com
Position Overview
We are seeking a skilled Security and Compliance Engineer to join our team. In this role, you will play a pivotal part in maintaining and enhancing our security posture, ensuring compliance with industry standards, and collaborating across teams to mitigate risks. This position involves hands-on technical work, process optimization, and project management in a dynamic SaaS environment. The responsibilities listed below are non-exhaustive; you will have access to established onboarding procedures and will grow by assuming broader ownership over time. Key aspects include implementing security tools, reviewing processes, and driving cross-functional initiatives to meet security obligations.
Responsibilities
- Conduct penetration tests using specialized tools to identify vulnerabilities and collaborate with Development or DevOps teams to plan and implement remediation strategies.
- Coordinate with external Vulnerability Assessment and Penetration Testing (VAPT) vendors for audits, serving as the liaison between the vendor and the engineering team.
- Partner with the DevOps team to perform cloud security audits and develop remediation plans.
- Respond to security questionnaires from customers or vendors and address security-related questions during virtual meetings.
- Lead security-related projects, providing regular progress updates and reports.
- Implement and configure tools to enhance security practices, including static code analysis and automated code audits.
- Manage the security calendar and execute activities such as:
- Cloud Business Continuity Planning (BCP) and Disaster Recovery (DR) exercises in collaboration with the DevOps team.
- Cryptographic audits (including encryption at rest and in transit) and key rotation processes with DevOps support.
- Audits of automated code quality checks within CI/CD pipelines.
- Reviews of standard operating procedures to ensure adherence and timely execution.
- Oversee the compliance calendar for standards such as ISO 27001, ISO 27701, SOC 2, and future certifications, including:
- Coordinating with responsible teams to ensure all required activities are completed on schedule.
- Responding to technical and process-related inquiries during audits alongside other team members.
- Monitoring and ensuring employee security training and retraining programs are up to date.
- Tracking and maintaining all security-related metrics.
- Handling any additional audit-related tasks.
Required Qualifications
- Strong understanding of SaaS applications and associated security challenges.
- Familiarity with one or more cloud platforms, such as AWS, GCP, or Azure.
- Knowledge of fundamental networking concepts, including OSI layers, TLS protocols, and cryptography.
- Proficiency in at least one scripting language (e.g., Python, Java, Node.js).
- Awareness of common security risks, including OWASP Top 10, CIS Benchmarks, and recent CVE vulnerabilities.
- Excellent verbal and written communication skills for interacting with internal and external stakeholders, as well as project reporting.
- Commitment to continuous learning and staying current with evolving security trends.
Preferred Skills And Knowledge
Experience with security compliance frameworks such as ISO 27001, ISO 27701, SOC 2, HIPAA, or similar; relevant cybersecurity certifications are a plus.
Minimum Qualifications
- Bachelor's degree in Engineering or equivalent in a related field, such as Computer Engineering, Electronics, or Telecommunications.
- 3 to 5 years of relevant experience in security, compliance, or a similar role.
Life At WebEngage
- We take transparency very seriously. Along with a full view of team goals, get a top-level view across the board with our monthly & quarterly town hall meetings.
- A highly inclusive work culture that promotes a relaxed, creative and productive environment.
- Practice autonomy, open communication, and growth opportunities, while maintaining a perfect work-life balance
Perks & Benefits
Learning is a way of life. Unlock your full potential with cutting-edge tools and mentorship (MacBook for Engagers!).Get the best in class medical insurance (with Covid Care facilities), programs for taking care of your mental health, and a Contemporary Leave Policy (beyond sick leaves)
Explore More Here
- https://youtu.be/Y0HjfyMjUpg
- https://www.linkedin.com/company/webengage
- https://twitter.com/WebEngage?s=09
Do you think you fit the bill? Come along, letʼs redefine the future of Marketing Automation!
WebEngage aims to be an equal opportunity employer. We strongly believe that when people feel respected and included they can be more creative, innovative, and successful. We believe that change is the only constant and are in the process and will continue to be in process with changing times to adapt and advance diversity and inclusion. We take affirmative action to ensure equal opportunity and complete non-disclosure of all applicants without any regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or any other characteristics not mentioned hereinabove which are protected under the law of the soil.
