3+ NIST Jobs in India

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

Dear Candidate,

Greetings from HCL Technologies Ltd.

• Make sense of Cyber security and compliance frameworks that apply to your business or industry
  • Identify business risks, taking into account the role of your hosting service provider
  • Determine which Cyber security controls are required to mitigate your identified risks
  • Improve collaboration and communication during Cyber security Incident mitigation and response.
  • Establish the necessary framework based on NIST Framework to maintain and continually improve your information security program over time based on evolving scope and emerging risks
  • Document and track efforts for evidence collection and audit preparation

• will have primary responsibility for coordinating and implementing effective Cyber Security management across the account. This role will ensure that all Supplier obligations are met regarding compliance with Security guidelines, data protection, regulations, Supplier policies, and key controls.
• provide implementation and ongoing operation of Security management framework;
• be responsible for coordinating activities to address the key Security risk exposures;
• ensure Security awareness training of, and assistance in the implementation of robust Security management practices across Security operations;
• direct the design of controls to address emerging or new Security risk and compliance requirements;
• carry out regular and frequent assurance reviews of the design and operating effectiveness of Security controls;
• implement, monitor and report on key Security risk indicators to identify and address emerging risks;
• coordinate with other Service Providers and Security functions, to facilitate client’s audits and inspections;
• manage and report on responses and actions to address Security audit points, inspection deficiencies, or control weakness identified during normal operations.
• review outcome of cyber security risk assessment, timely implement open action items and report progress to stakeholders
• incorporate vulnerability testing as an integral part of change management
• Should have good knowledge of Cyber Security Framework and controls
• CISA ,CISM or CISSP certification should be preferred.
• Have good understanding of Security policy and process along with ITSM process.