Job Description Summary

We are looking for a Senior Security Professional with 8+ years of hands-on experience who brings strong technical acumen in Cyber security and Infosec management in the cloud with the vision of building and implementing various security best practices and provide advance leadership on Cyber security by closing working with various cross-functional teams.

Responsibilities

• Assess the security for Software/Product architecture – guide the product architects and engineering teams to ensure security is built into at the design level itself and integral part of development.
• Own development of cyber security artifacts including Pen testing, Cloud security, Threat model and lead discussion on identifying mitigations.
• Drive and assist the Engineering teams in triaging and identification of fix for detected product vulnerabilities.
• Interact with internal / external team to co-ordinate security and privacy assessments to determine compliance and security posture.
• Assist business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
• Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
• Guide the business unit in their management of the resolution of security audit or review findings.
• Provide security risk management and security advice as well as advice on strategic direction relating to product and information security.
• Assist with security incidents and review risk and impact of breaches to protected systems.
• Review proposed services, engineering changes, and feature requests for security implications and needed security controls.
• Participate and identify security risks companywide and ensure that appropriate data security procedures and products are implemented.
• Incident Response : Lead the response to security incidents and breaches, including forensic investigations. Develop and maintain incident response plans and playbooks. And also conduct post-incident reviews and implement improvements.
• Compliance: Assess and manage security risks across the organization’s systems and applications. Ensure compliance with relevant regulations and standards (e.g., GDPR, HIPAA, ISO 27001,SOC) and proven experience in driving external and internal audits.
• Threat Monitoring and Analysis: Monitor security alerts and logs from various systems, including firewalls, Endpoint Security, System Logs, IDS/IPS , various cloud agents and event management (SIEM) tools. Analyze security incidents to identify patterns and assess potential threats
• Conduct Penetration Testing: Perform web application, APIs and mobile application penetration tests. And also conduct internal and external penetration tests to identify security weaknesses.
• Vulnerability Assessment: Leverage automated tools and manual testing methods to identify vulnerabilities in codebase and engage in Static and Dynamic application security testing and also Engage in security automation efforts and process improvements

Qualifications/Requirements

• Bachelor’s degree in Computer Science, Information Security, or related field.
• 8+ years of development and security experience which includes application security, mobile security, network security, OS security and Cloud Security.
• Excellent experience with Cyber Risk, Governance & Compliance through the remediation, implementation and maintaining of security controls through SOC & ISO frameworks.
• Experience in Rest Api, Kubernetes and container security assessments.
• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
• Proficient experience of AWS and Azure services, specifically related to security.
• Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.
• Experience and knowledge of penetration testing methodologies and tools.
• Strong knowledge of programming and scripting languages (e.g., Python, Ruby, Bash).
• In-depth understanding of network protocols, web applications, and operating systems.
• Proficiency in using penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Nessus).
• Willingness to learn new technologies and work on security for varied products.
• Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders
• Sound security engineering knowledge (technical) so as to work collaboratively with the Tech Leads and software/products architects to ensure secure products.
• Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Ability to relate cyber security incidents from cross-industries.
• Ability to work independently and as part of a team. Attention to detail and strong organizational skills is highly expected.