Security Engineer

About Us 

Orkes is a platform for developers to build durable, distributed event driven applications.  Based on the popular open source orchestration engine Conductor, Orkes lets developers focus on faster go to market with applications, scaling them to handle billions of workflows without having to worry about failures, scalability or visibility into the executions.

Orkes is seeking a talented UI Engineer who also has backend experience and a passion for designing and building user interfaces with a developer-focused mindset. You will work closely with our engineering teams, treating developers as customers, to deliver high-quality, responsive, and user-friendly web applications. In addition to your frontend work, you will collaborate with backend engineers to ensure seamless integration between the frontend and backend services.

 

Your day to day at Orkes

• Monitor and improve security tools integrated into the CI/CD pipelines (e.g., static code analysis, dynamic testing, dependency vulnerability checks).
• Automate security testing to run at each stage of the software delivery process, ensuring fast and secure releases.

• Audit and monitor cloud security in all 3 major cloud providers to ensure configurations follow best practices, particularly for IAM roles, encryption policies, and VPC/network settings.

• Regularly scan for vulnerabilities in code repositories, third-party dependencies, and infrastructure, using tools like OWASP ZAP, SonarQube, or similar.

• Develop and maintain scripts to automate repetitive security tasks, such as vulnerability scanning, compliance reporting, and incident response.

• Secure containerized applications by applying best practices for Docker and Kubernetes security, including image scanning, runtime monitoring, and applying security patches to containers.
• Set up and enforce security policies for microservices and container orchestration, ensuring containerized environments remain secure and resilient to attacks.

• Monitor security logs and alerts for signs of breaches, misconfigurations, or other suspicious activity using a SIEM or logging tools (e.g., ELK Stack, Splunk).
• Investigate and respond to potential security incidents, conducting root cause analysis, and applying lessons learned to prevent future incidents.
• Document and improve incident response plans, preparing the organization for faster and more effective responses to potential threats.

• Ensure ongoing compliance with security policies, industry standards (e.g., SOC 2, GDPR, ISO 27001), and regulatory requirements as the company scales.

• Set up and maintain centralized logging and monitoring for infrastructure and application security, ensuring the team has visibility into potential security risks.

• Evaluate new security tools and technologies that can improve the company’s security posture and automate routine security tasks.

Skills that help you succeed

Must-Have:

• Experience: DevSecOps or related role (DevOps, security engineering, etc.) in a software development environment.
• Strong Understanding of DevSecOps Practices: Solid grasp of integrating security within the software engineering lifecycle and  managing security through automation.
• Cloud Platforms: Hands-on experience with atleast one of the major cloud providers like AWS, Azure, or GCP, focusing on cloud security best practices (e.g., securing S3 buckets, IAM roles, VPC security).
• Infrastructure as Code: Experience with infrastructure-as-code (IaC) tools like Terraform, CloudFormation, or Ansible.
• Familiarity with Java /Golang /C++.
• Security Tools: Proficiency with security tools like vulnerability scanners (e.g., OWASP ZAP, Nessus), security testing tools (e.g., SonarQube, Checkmarx), and log management tools (e.g., Splunk, ELK Stack).
• Container Security: Familiarity with securing containerized applications (Docker, Kubernetes) and managing container security tools.
• Scripting & Automation: Strong proficiency in scripting languages (e.g., Python, Bash) to automate security processes and tasks.
• Version Control & CI/CD: Experience with version control (Git) and CI/CD tools like Jenkins, GitLab CI, or CircleCI, with security best practices implemented at every stage.
• Compliance & Risk Management: Knowledge of relevant security standards (e.g., OWASP, NIST) and how to implement them in a fast-paced software environment.

Nice to Have:

• Experience in a Startup Environment: Ability to operate independently and take ownership of security processes in a lean, agile, and rapidly growing startup environment.
• Threat Modeling: Experience with threat modeling and risk assessment techniques for identifying potential security flaws early in the development process.
• Zero Trust Architecture: Knowledge of or experience implementing Zero Trust security principles within cloud infrastructure.

 

The requirements listed in the job descriptions are guidelines. You don’t have to satisfy every requirement or meet every qualification listed. If your skills are transferable we would still love to hear from you.

 

More Details

• Start Date: ASAP
• Status:Full Time 
• Type: Hybrid 3x per week
• Location: Bangalore
• Department: Engineering
• Reports to: CTO

At Orkes, we are committed to building a team that reflects a rich tapestry of perspectives, identities, and professional experiences. We believe that diversity is not just a checkbox, but a driving force behind innovation, creativity, and success. By embracing a variety of backgrounds, we cultivate an inclusive environment where every team member feels valued and empowered to bring their authentic selves to work. 

 

Join us at Orkes and be a part of a team where your unique perspectives are not only welcomed but celebrated. Together we are shaping the future technology by leveraging the strength that comes from embracing diversity in all its forms. Your Journey with us is an opportunity to contribute to something greater and make a lasting impact.