Application Security Engineer

Cambridge Mobile Telematics

Cambridge Mobile Telematics

Chennai, Tamil Nadu, India
Posted on Aug 13, 2024

Cambridge Mobile Telematics (CMT) is the world’s largest telematics service provider. Its mission is to make the world’s roads and drivers safer. The company’s AI-driven platform, DriveWell® Fusion, gathers sensor data from millions of IoT devices — including smartphones, proprietary Tags, connected vehicles, dashcams, and third-party devices — and fuses them with contextual data to create a unified view of vehicle and driver behavior. Auto insurers, automakers, commercial mobility companies, and the public sector use insights from CMT’s platform to power risk assessment, safety, claims, and driver improvement programs. Headquartered in Cambridge, MA, with offices in Budapest, Chennai, Seattle, Tokyo, and Zagreb, CMT measures and protects tens of millions of drivers across the world every day.

Our business is growing very fast, and the mission of our team is simple: improve the security posture and reduce the risk in our future growth. We are looking for an Application Security Engineer who will also provide local logistical support for our corporate IT team. You will join our Security, Privacy, and Compliance Team to help our team with different aspects of the Vulnerability Management (VM) Program as well as serve as the local contact for coordinating IT related logistical operations.

A majority of your time in this role will be spent assisting the Security, Privacy, and Compliance team with enhancing, further developing, and continuously improving CMT’s Vulnerability Management (VM) Program. This is a very large domain, and you’ll routinely encounter novel challenges. You will partner with our developers to help our employees understand the different security controls that are in place; and assist with continuous improvements to our VM program to keep pace with the evolving world around us. For no more than 4 to 6 hours per week, you will be expected to work with the corporate IT team facilitating technology shipments and performing new-employee onboarding tasks. If you are someone that understands that informed employees and scalable processes are the key to the success of our Security, Privacy, and Compliance Program, we’d love to speak with you.

Responsibilities:

  • Collaborate with corporate IT staff based around the world to coordinate IT logistics for our office in Chennai. This includes, shipping and receiving technology shipments, ensuring accurate IT asset custody information is documented in our asset tracking system, and performing tasks related to employee onboarding
  • AWS IAM Policy management and AWS Infrastructure security
  • Perform SAST/DAST/SCA/OSS tool configuration, remediation workflows, automation, and develop solutions to continuously improve the Vulnerability Management program
  • Contribute to the design and implementation of the vulnerability management program that leverages a risk-based approach to help evaluate, prioritize, and secure CMT’s systems and applications
  • Maintain patch and vulnerability management best practices to protect against the exploitation of critical application and system vulnerabilities
  • Effectively communicate security vulnerabilities and risks to issue owners and assists in remediation efforts
  • Participate in the Security Incident Response Team investigation and response activities as required
  • Facilitate routine vulnerability management review meetings with stakeholders to drive remediation efforts
  • Serve as a subject matter expert on product application and system vulnerabilities and threat management
  • Participate in the development and maintenance of executive and team dashboards and/or regular reports to communicate department-specific security risks and threats
  • Manage other tasks and projects as requested by the Security, Privacy, and Compliance director
  • Complete any additional tasks as they arise

Qualifications:

  • Bachelor’s degree or equivalent years of experience and/or certification in a related field
  • 2+ years of relevant working experience
  • General understanding of of Identity and Access management in AWS cloud based platforms
  • Familiarity with various IT Access and Asset Lifecycle management
  • Knowledge of software development and general understanding of mobile development/SDK artifacts/build pipelines
  • Knowledge of DAST / SAST and related vulnerability management tools - such as Qualys, Veracode, Synopsys, Github Advanced Security
  • Familiar with Pen Testing and Threat Modeling
  • Demonstrated understanding of common security standards/frameworks, e.g. CVE, CVSS, MITRE
  • Experience with scripting/programming for automation - Terraform / Python
  • Familiarity with mobile application development, attack vectors, threat modeling
  • Excellent verbal and written communication skills, being able to communicate the importance of certain projects and metrics to team members, cross-functional partners, and management
  • A can-do attitude and an adaptable mindset that fosters the ability to learn new technologies and concepts quickly Knowledge, Skills, Abilities and Competencies

Compensation and Benefits:

  • Fair and competitive salary based on skills and experience
  • Medical Benefits (Health insurance, Personal accident insurance, Group term life insurance), gratuity, parental leave, sick leave and public holidays
  • Employees are eligible for flexible allowances which includes Leave Travel Assistance, Telephone/Mobile Expenses, Professional development expenses, Meals Coupon, Vehicle Reimbursement
  • Flexible scheduling and work from home policy depending on role and responsibilities

Additional Perks:

  • Feel great working to improve road safety around the world!
  • Join one of our many employee resource groups including Black, AAPI, LGBTQIA+, Women, Book Club and Health & Wellness
  • Extensive education and employee assistance programs
  • CMT will do all that is possible to support our employees and create a positive and inclusive work environment for all!

Commitment to Diversity and Inclusion:

At CMT, we are intensifying our commitment to provide opportunities and career growth to the underrepresented. We are focused on creating an inclusive work environment that encourages a diversity of background and thought to produce the best products and services within our industry.

CMT is an equal opportunity employer and strives to create an inclusive and diverse environment that enriches our employees’ lives in and outside of work. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status or disability state. CMT is headquartered in Cambridge MA. To learn more, visit www.cmtelematics.com and follow us on Twitter @cmtelematics.