INFOSEC + USER SERVICES

Welcome to the future of education!

At Embibe, we have just one mission – to truly personalise education. Because every child deserves it. This has led us to embark on this noblest of journeys to deliver life and learning outcomes for every student! Rooted in consumer behavior, we are leveraging AI to deliver personalised achievement journeys for every student.

Embibe has traversed a long journey from a data-centric product to an AI platform. On this journey, we have realised that the most powerful teams are: 1. Vision Led in understanding student context and obsessed with success; 2. Self-Organising in defining their own agenda; 3. Intellectually Fierce and Globally Conscious in their choices, and 4. Consistently Excellent in their execution.

After exploring a deeply functional organisational structure in engineering, we are now evolving towards a problem-solving team structure that manifests at the platform and backend level as an agile team supporting a unified front-end and augmented by a strong Architect + Principal Engineer + Advisory Group for technical mentoring. This document outlines the problem statement and other aspects of Infosec and User Services.

THE PROBLEM STATEMENT

We all know that data and information are the oil of the 21st century. It is, therefore, very crucial to ensure safe and secure storage as well as transmission of data. We, at Embibe, want to set up an Information Security (InfoSec) team that defines the best practices to keep data secure from unauthorised access or alterations, both when it’s being stored and when it’s being transmitted from one machine or physical location to another. This team will be responsible for both laying out the Infosec architecture and the implementation of the same across the company’s platforms and actively preventing any breaches from occurring.

THE INSPIRATION

We are inspired by leading global banks that ensure that all transaction and deposit data is secured in a full-proof manner and there are no information leakages. It is the endeavor of this function to reach this goal of ensuring a completely secure platform for all Embibe services across the company including internal communications, internal data, content platform data and all pedagogical and algorithm IP, etc.

HE OBJECTIVES

To create a completely secure Information Technology function that covers:

  • Frontend Content Security
  • Backend Code and Algorithm Security
  • Internal Communication Security
  • Internal Operational Data Security
  • Authentication
  • Authorisation
  • Personal Information Protection
  • Payment System, Transactions and Uptime
  • Embibe Dynamic Pricing Suite (everaging the above to support spontaneous payment conversions)

PRODUCT MANIFESTATION OF YOUR EFFORT

  • Delivering a highly secure platform for users to engage on and providing assurance that their data will never get leaked
  • Ensuring that all company content, data and IP are secure and protected from any breaches
  • Sign-In/Sign-up Service
  • Payments Service

BUSINESS MANIFESTATION OF YOUR EFFORT

This team is responsible for over-arching rights and security and will therefore drive both customer and platform security and sanctity by delivering:

  • Platform stability; therefore, fewer outages:
  • Higher Customer Satisfaction Scores
  • NPS
  • Better Uptime and Better Revenues
  • Fewer Distractions for the Teams and Lower Costs
  • Revenue

METRICS YOU WILL OWN AND LIVE BY

METRIC NAME UNIT FREQUENCY
Number of Attacks Prevented Count Weekly
Number of Data Leaks Prevented Count Weekly
Number of Data Leaks and Attacks Identified Count Weekly
Number of Loopholes Found Through Ethical Hacking Count Weekly
Success Rate of Authentication Percentage Daily
Success Rate of Payment Percentage Daily
Number of Parameters Collected Explicitly – Lossless Count Weekly
Ratio of Revenue Collected without KPO Intervention to Total Revenue Collected From B2C Percentage Ratio Weekly

L2 PROBLEMS OWNED

We believe in building an organisation at the intersection of domain modelling and problem intuition. While the L1 teams give us the flexibility to have a multi-faceted view of the problem and cluster similar problems together, the L2 structure ensures independent and focused problem-solving. The following L2 teams have been suggested for the L1 problem stated above:

  • User Authentication and Authorisation : To develop a flexible, fast and secure platform for identity management, roles and permissions
  • Payments Stack : To build a dynamic pricing system targeting spontaneous conversion rate
  • Enterprise Security : To set up an Information Security team that defines the practices intended to keep data secure from unauthorised access or alterations, both when it’s being stored and when it’s being transmitted

L1 SKILLS REQUIRED

  • Java
  • ACID Transactions
  • Vertx Web Framework
  • Java Vertx
  • JWT Authentication
  • Postgres and MongoDB
  • Security
  • Session Management

To Join the Tribe, send us an email on [email protected]