11+ RSA Jobs in Bangalore (Bengaluru) | RSA Job openings in Bangalore (Bengaluru)

Information Security Specialist

Notice Period: 45 days / Immediate Joining

Banyan Data Services (BDS) is a US-based data-focused Company that specializes in comprehensive data solutions and services, headquartered in San Jose, California, USA. 

We are looking Information Security Specialist who has the expertise and deep knowledge of Information security regulations, compliance, and SIEM tools, and the ability to develop, describe and implement Security Baselines and Policies.

It's a once-in-a-lifetime opportunity to join our rocket ship startup run by a world-class executive team. We are looking for candidates that aspire to be a part of the cutting-edge solutions and services we offer that address next-gen data evolution challenges. 

Key Qualifications

· Design, deploy, and support Information Security Solutions provided by BDS

· Assist clients to carry out the IT Risk Management assessment on both on-prem and cloud platforms

· Provide subject matter expertise on IT security compliances during the security audits to meet various security governances.

· Research and strategic analysis of existing, and evolving all IT and data security technologies

· Establish baselines to define required security controls for all infrastructure components and application stack

· Follow latest vulnerabilities and threats intelligence updates across a wide range of technologies and make recommendations for improvements in the security baselines.

· Overseeing security event monitoring, understand the impact, and coordinate remediation efforts

· Create and optimize the SIEM rules to adjust the specification of alerts in responding to incident follow up

· Must be able to work a flexible schedule during off-hours

Key Skills & Qualification

· Minimum of 4 years relevant work experience in information/cyber security, audit, and compliance

· Certifications in any of technical security specialty (e.g., CISA, CISSP, CISM)

· Experience in managing SIEM products like Arcsight, Qradar, Sumo Logic, RSA NetWitness Suite, ELK, Splunk

· Exposure of the security audit tools on public cloud platforms

· Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture

· Certified Ethical Hacker would be a plus

· Handling of Security audits is a must

· Proven interpersonal skills while contributing to team effort by accomplishing related results

· Passion for learning new technologies and the ability to do so quickly.

http://www.banyandata.com" target="_blank">www.banyandata.com 

We are hiring for

DevSecOps Engineer

3-5 years | On-Site , Bangalore.

Responsibilities

● Experience with fully automating CI/CD pipelines end-to-end

● Knowledge of SAST, DAST, SCA, OSA, KICS Scanning

● Serve as a Subject Matter Expert (SME) in DevSecOps and CI/CD best practices and contribute as a member of the technical solutions team

● Perform DevSecOps security activities such as Vulnerability Scanning,Certificate Management, Password Policy Management, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts

● Experience with OWASP Testing Guide v3 / 4 and OWASP TOP 10

● Experience tools like Sonar Qube , JIRA, to track tickets and requests/incidents

Requirement

● Experience in Web and/or Mobile applications and common vulnerabilities

● Build and configure delivery environments supporting CD/CI tools using an Agile delivery methodology

● Working closely with our development team to create an automated

continuous integration (CI) and continuous delivery (CD) system.

● At least 3-5 years of experience building and maintaining AWS / GCP

infrastructure (VPC, EC2, Security Groups, IAM, ECS, CodeDeploy,)

● Strong understanding of how to secure AWS / GCP environments and meet compliance requirements

● Experience in Ansible, Terraform, Kubernetes, Docker, Helm, Cloud formation template, Jenkins and web server deployment and configuration

● Solid foundation of networking and Linux administration

● Ability to learn/use a wide variety of open source technologies and tools

● Background in FinTechs / Banks preferred.

Why Work at Open?

● You will be part of the early tribe that is changing the way business banking rolls.

● Every atom of your work will impact the way millions of businesses are run.

● You will work with some of the brightest minds who will celebrate your quirks.

● You will find growth & fun to be two-way streets - how you thrive and the way you jive, in turn drives Open

At Upswing, we are committed to building a robust, scalable & secure API platform to power the world of Open Finance.

We are a passionate and self-driven team of thinkers who aspire to build the rails to connect the legacy financial sector with financial innovators through a simple and powerful banking-as-a-service (BaaS) platform.

We are looking for motivated engineers who will be working in a highly creative and cutting-edge technology environment to build a world-class financial services suite.

About the role

As part of the DevSecOps team at Upswing, you will get to work on building state-of-the-art infrastructure for the future. You will also be –

• Managing security aspects of the Cloud Infrastructure 
• Designing and Implementing Security measures, Incident Response guidelines 
• Conducting Security Awareness Training
• Developing SIEM tooling and pipelines end to end for vulnerability/security/incident reporting 
• Developing automation and performing routine VAPT for Network and Applications
• Integrating with 3rd party vendors for the services required to improve security posture 
• Mentoring people across the teams to enable best practices 

What will you do if you join us?

• Engage in a lot of cross-team collaboration to independently drive forward DevSecOps practices across the org 
• Take Ownership of existing, ongoing, and future DevSecOps initiatives 
• Plan and Engage in Architecture discussions to bring in different angles (especially security angles) to the table
• Build Automation stack and tools for security pipeline 
• Integrate different security measures and pipelines with the SIEM tool
• Conducting routine VAPT using manual and automated workflows, generating and maintaining the report for the same
• Introduce and Implement best practices across teams for a great security posture in the org

You should have

• Curiosity for on-the-job learning and experimenting with new technologies and ideas
• A strong background in Linux environment
• Proven experience in Architecting networks with security first implementation
• Experience with VAPT tooling for Networks and Applications is required 
• Strong experience in Cloud technologies, multi-cloud environments, and best practices in Cloud 
• Experience with at least one scripting language (Ruby/Python/Groovy)
• Experience in Terraform is highly desirable but not mandatory
• Some experience with Kubernetes, and Docker is required 
• Understanding Java web applications and monitoring them for security vulnerabilities would be a plus 
• Any other DevSecOps-related experience will be considered

1.Triage of security alerts that includes but not limited to malware, denial of service, unauthorized access, etc.

2. Conduct incident investigations on SIEM tools.

3. Perform threat hunting on networks to detect and isolate threats.

4. Knowledge of various security methodologies and processes, and technical security solutions (firewall, packet analysis, SIEM and intrusion detection systems)

5. Continuous optimization, tuning and monitoring of SIEM solution

6. Hands on experience around administrating and threat hunting on EDR, XDR, DLP and SIEM tools.

7. Ability to analyze endpoint, network, and application logs

8. Identify false positives, analyse reported spam, phishing, and suspicious emails and understanding of email security concepts: SPF, DMARC, DKIM

9. Immediate Joiners

1) Determine client needs and expectations and participate in the development of the overall client service plan. Analyse, develop, and implement information security programs, including organizational design and key processes for our clients as per plans

2)Design and develop cyber security strategies and programs for large and complex organizations

3)Define and implement cyber risk management structures, governance models, organizational transformations in the areas of cyber security

4)Develop security policies, processes, procedures. Map controls and compliance requirements. Responsible for risk assessments, gap analysis (against standards and benchmarks), risk mitigation strategy development.

4)Roll out the GRC Cybersecurity controls framework while balancing the approach with end user experience and compliance

5)Develop and tailor approaches, methods and tools to support clients cyber risk programs and initiatives

6)Provide strategic and operational advice in the areas of safeguarding critical information. Identify areas requiring improvement in the client's business processes to enable preparation of recommendations. 7)Evaluate, implement and operationalize security controls, define metrics for measure performance and establish a framework for continuous monitoring and improvement and Play substantive role in internal and external client relationship and communication

8)Interact with CxOs to define the roadmap for GRC strategy.

9Help build Cyber Transformation practice by getting involved in areas beyond engagement delivery such as pre-sales, RFP response, solution designing, competency development and Go to market strategies

10)Create or help create though leadership content in the emerging areas of Cyber Strategy and Risk Transformation .

Immediate Joiners

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

F5 is looking for a Sr. Security Engineer with experience in building, integrating, operating, and maintaining robust security monitoring and auditing systems. F5’s Edge 2.0 platform provides global, scalable, and secure way to deploy applications. In this position, you will build and maintain monitoring and audit systems across the platform that provide necessary visibility and alerts to effectively defend the platform.

Responsibilities:

• Collaborate with software architects, security defenders, Operations, SRE, compliance experts, and business leaders to understand the logical boundaries of the systems and identify the events to monitor, audits to maintain, alerts to tweak, as well as systems to integrate with
• You will continuously hunt for areas and metrics to be added into monitoring systems for better operational visibility, incident response capability, availability, and forensics capability of the overall platform
• You will participate in the definition of processes around change and inventory management and develop solutions to audit the changes
• You will work with other teams within security organization to define communication and alerting protocols for effective and timely actions
• You will participate in defining and executing the Incident Response Plan for the platform and be responsible for providing necessary information during the response and forensics
• Demonstrate technical leadership in multiple domain areas, providing mentorship to other team members

Minimum qualifications:

• BS degree in Computer Science or equivalent with 5+ years of security operation and monitoring experience
• Experience with logging, monitoring, SIEM, dashboarding tools like AWS GuardDuty, Sumo, Grafana, SolarWinds, DataDog, Splunk, etc.
• Working knowledge of at least one Cloud Computing platform (e.g. Amazon AWS, Microsoft Azure, Google Compute etc.)
• Good understanding of how to handle logs from various systems, integrate with systems handling logs and metrics, how to setup and tune alerts based on thresholds and policies
• Hands on experience with computer programming languages and/or scripting languages such as Python, Java, Shell
• Good understanding of complexities and security challenges in large-scale distributed systems
• Working knowledge of Cloud orchestration systems such as Kubernetes, Openstack etc.
• Self-motivated and willing to delve into new areas and take on new challenges in an enthusiastic manner
• Excellent written and verbal communication skills
• Strong interpersonal, team building, and mentoring skills

Job description Senior Security Consultant

Roles and Responsibilities

Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills

Work profile of individual

• cyber security consulting team, individual’s primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight.
• Will own and / Manage ISMS / ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
• Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
• Will be an active participant in internal / third party system security reviews and audits on customer engagements
• Will be an active participant in technical audits like VA / PT
• Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
• Will be responsible for implementation of new projects under Information Security Domain
• Will be able to manage document tracking and updating - policies, processes, procedures, templates, etc.
• Will plan the activities of configuration, conduct conference room pilots and will assist in resolving any queries related to requirements and Security control Design
• Will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
• Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
• Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
• Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.

Team work

• Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
• Individual would predominately work with off-shore engagement teams and relevant  teams on presale and cyber security delivery.
• Communication, written and verbal, with these teams would be expected.
• Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
• Team members would be required to handle multiple tasks at the same time.
• Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.

Desired Candidate Profile

• Bachelors
• Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
• Experience : 8-10 years
  
  

Knowledge Required:

• Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
• Deep understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
• Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
• Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
• Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
• Good knowledge on Privacy, Governance and reporting
• Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
• Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
• Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.

Additional Responsibilities:

• Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
• Good knowledge on software configuration management systems and license Management systems
• Awareness of latest technologies and Industry trends
• Logical thinking and problem solving skills along with an ability to collaborate
• Understanding of the financial processes for various types of projects and the various pricing models available
• Ability to assess the current processes, identify improvement areas and suggest the technology solutions
• One or two industry domain knowledge
• Client Interfacing skills
• Project and Team management

What you will be doing:

• Participate in network and security initiatives, network designs, project plans, and deployments as well as coordinating technical issues with vendors and internal teams
• Contribute to design, installation, maintenance, vulnerability remediation, and monitoring of network and security systems
• Responsible for expert-level troubleshooting of any problems relating to global issues - participation in security incident management and response.
• Providing support and guidance to Technology teams across network and security technologies.
• Adhere to IT access-management incident response and change control procedures (ITIL)
• Continuous documentation of the IT network infrastructure including technical specifications, design documents, roll-out, and disaster recovery plans

What we are looking for:

A Network Security engineer with a solid comprehensive background in:

• Ability to manage, supervise and delegate multiple tasks
• Strong experience with SIEM and log management
• EDR (Endpoint Detection and Response - especially in Microsoft ATP, Defender or SentinelOne) configuration and management.
• Vendor management; including SOC (Security Operations Centre) providers
• Global Security Incident management support
• Experience in SD-WAN (Meraki) management and troubleshooting
• Knowledge of network security, hardening network equipment, and vulnerability scans
• Experience in Microsoft security and endpoint management tooling such as MCAS and MEM
• Excellent troubleshooting skills. Ability to rapidly identify respond to and resolve issues
• Proven experience in remote access technologies (ZScaler an advantage)
• Excellent communication skills (written and verbal).
• An ability to work under pressure and take ownership of tasks and customer issues.
• Ability to work individually and as part of a global Infrastructure Technology team with regional teams in India, UK and North America.

• We are looking for a Senior SRE with a proven track record of success leading complex cloud-hybrid environments. You will have:
• Strong sense of Being an Owner, Wearing the Customer Shoes, with the ability to Empower Others demonstrated through clear
• communication and collaboration.
• Skills to work independently with multiple global teams, developing, configuring, deploying, and operating our global infrastructure on AWS and on-prem.
• Operational experience in complex distributed and real-time systems, including experience with SLO/SLAs towards high availability,reliability and DR goals.
• DevOps experience in building tools and frameworks, with an understanding of continuous deployment processes.
• Ability to think at scale, bringing a focus on continuous delivery methodologies from design through deployment and operations.
• Experience building and managing systems with tools including Kubernetes, Chef/Ansible/Puppet, Kafka, Docker, and Terraform.

• 5+ years experience in a Software and/or Site Reliability Engineering role
• Experience writing automation code in GoLang, Python or Java
• Experience developing and operating large scale distributed systems with Kubernetes and Docker
• Experience in running real time and low latency high available applications (Kafka, gRPC, RTP)
• Experience running public cloud environments on AWS
• Experience running hybrid clouds and on-prem infrastructures on Red Hat Enterprise Linux / CentOS
• Bachelor degree in Engineering, Computer Science or equivalent experience
• The ability to lead, partner, and collaborate cross functionally across an engineering organization