About the job
Qualifications:
Bachelor's or master’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent work experience).
Requirements:
Minimum 8+ years of experience in Cybersecurity Engineer or a similar role with a good hands-on experience on the list of tech stack as listed in the responsibilities section, We are looking for someone who is well-versed with security [Pen-testing, Perimeter security, API Security, Threat modeling, Antivirus / Malware detections & protections, App & Infra. Security Practices & Architecture etc.]. Additionally, if you are certified on any of the technologies, we would love to see you prove it with your detail-oriented problem-solving skillset and knowledge of the products
Roles & Responsibilities:
- Oversee the design, implementation, and management of security infrastructure, ensuring the confidentiality, integrity, and availability of systems and data.
- Knowledge of TCP/IP, the OSI model, DNS, HTTP, VPN, routing & switching, and load balancer technologies for virtual and physical networks.
- Hands on experience of threats includes common attack vectors, methodologies, and payloads/exploits.
- Ability to support, assist in implementing and administrating security solutions, e.g., firewalls, proxies, WAFs, DLP, malware detection/EDR, etc.
- Operational experience with security logging, event correlation, and SIEM technologies.
- Operational experience configuring and managing virtual and cloud-based environments.
- Develop and implement incident response plans to address security incidents promptly and effectively.
- Experience in evaluating and implementing industry leading third party security tools and software.
- Lead investigations into security breaches, vulnerabilities, and incidents, providing detailed reports and recommendations.
- Administer and enhance Privileged Access Management solutions, ensuring secure access controls and monitoring privileged accounts.
- Extensive experience in Perimeter security, API Security, Pen testing, Threat Modeling, Security Testing and Auditing.
- Must have experience in managing Antivirus / Malware detections & protection solutions.
- Experience in managing the AWS security services such as AWS Inspector, AWS Guard duty, AWS WAF & Shield, Firewall manager etc. Good experience in managing the perimeter firewall within AWS accounts, involving the implementation and administration of robust security measures.Implement and optimize security controls for cloud-based applications and infrastructure.
- Design and maintain secure network architectures, including firewalls, VPNs, and network segmentation.
- Assess and enhance the security of web and application servers (e.g., Apache, Nginx, Tomcat) and implement incident response procedures.
- Sound knowledge of OS baselining for vulnerability assessment & patching using industry best practices and tools, including expertise in Security Information and Event Management (SIEM) for comprehensive threat detection and response.
- Good to have knowledge of finding and patching the vulnerabilities in Dependencies, Docker file, Images, K8s Resources.
- Expert in handling SAST & DAST tools to uncover vulnerabilities in the code and work out to remediate it and to design & implement secure software development life cycle solutions based on various tools.
- Define secure software development life cycle for various projects and teams with proper software supply chain security standards.
- Define applications security architecture elements and assist with KPIs and KRIs related to security in applications.
- Work with senior management on defining roadmaps, needs and providing short and mid-term forecasting.
- POC of the overall DevSecOps lifecycle to showcase the benefits it brings to an organization.
- Experience with OWASP Testing Guide v3 / 4 and OWASP TOP 10.
- Knowledge of securing APIs & experience in Web & Mobile applications, micro-services, and common vulnerabilities.Demonstrate written and verbal communication skills, as well as the ability to work with multiple teams and stakeholders.
- Familiarity with Jira and Confluence or any similar tools.
- Understanding of NIST and CIS frameworks.
- Understanding of compliance areas including controls for SOC2, ISO, PCIDSS and GDPR, etc
