About Aurigo

Aurigo is the world’s leading provider of enterprise SaaS for capital program and project portfolio management. The geographical markets we serve are the United States and Canada. We deliver cloud-based software solutions to organizations that make and manage large infrastructure investments. Our target markets are public sector (state and local government). Our flagship Suite Aurigo Masterworks is helping plan and deliver over $400B of capital infrastructure across the US and Canada.

Description:

Responsibilities:

• Be a thought leader in security engineering and operations delivery - driving automation, analytics, and advanced threat analysis.
• Oversee technical delivery of security requirements, assessing and continually improving output and ensuring processes are developed and adhered to drive operational excellence.
• Manage and lead the security function and a small team of security analysts, ensuring prompt, efficient, and accurate resolution of identity and access matters.
• Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems
• Author functional and technical documentation. Communicate on a deeply technical level with product engineering, project management and operations teams to improve and optimize products, improve infrastructure, and evolve services.
• Participate in Weekly/Bi-weekly/ Monthly/Quarterly business reviews
• Remain current on new technologies, methods and procedures including, but not limited to, coding practices such as Test-Driven Development, Continuous Integration, and Continuous Deployment.
• Lead Incident Response when the situation demands and drive it to closure with RCA and implementing controls to ensure similar incident does not occur in future
• Implement hardening and secure framework such as CIS, NIST 800-53 r5, OWASP, SANS etc.
• Perform vulnerability assessment & penetration testing on Web and Mobile applications.
• Attend design reviews and actively lead the discussions from a security standpoint
• Analyze possible security incident related to application security such as sensitive data exposure via web API and lead resolution and root cause analysis.
• Ensure that security requirements are identified early on and are being baked into all projects
• Work with different functions to implement best security practices across all areas in the software development lifecycle
• Prepare and present executive presentations on security posture as required
• Risk management
• Emerging threats assessment and deployment of countermeasures

Requirements:

• B. E / B. Tech / MCA
• CISSP/CISA or equivalent certifications
• Experience in implementing multiple security layers to protect web and mobile applications using tools & services like WAF, DNSSEC, IDS, IPS, XDR, FIM, Exfiltration protection and similar solutions
• Experience with AWS GuardDuty, Inspector, secrets manager, IAM and AWS best security practices preferred.
• Experience in hardening software using CIS benchmarks
• SAST, DAST & SCA experience
• One among FedRAMP or ISO27001 implementation experience is required
• Thorough knowledge of NIST Cyber Security Framework required
• Implementation experience with SOC 2 Type II preferred
• Experience on Risk Management

Competencies