Data Security/Information Security Compliance

About Company:

• Senior Engineer with a strong background and experience in cloud related technologies and architectures.
• Can design target cloud architectures to transform existing architectures together with the in-house team.
• Can actively hands-on configure and build cloud architectures and guide others.

• 3-5+ years of experience in AWS/GCP or Azure technologies
• Is likely certified on one or more of the major cloud platforms
• Strong experience from hands-on work with technologies such as Terraform, K8S, Docker and orchestration of containers.
• Ability to guide and lead internal agile teams on cloud technology
• Background from the financial services industry or similar critical operational experience
•  

API Lead Developer

Job Overview:

As an API developer for a very large client,  you will be filling the role of a hands-on Azure API Developer. we are looking for someone who has the necessary technical expertise to build and maintain sustainable API Solutions to support identified needs and expectations from the client.

Delivery Responsibilities

• Implement an API architecture using Azure API Management, including security, API Gateway, Analytics, and API Services
• Design reusable assets, components, standards, frameworks, and processes to support and facilitate API and integration projects
• Conduct functional, regression, and load testing on API’s
• Gather requirements and defining the strategy for application integration
• Develop using the following types of Integration protocols/principles: SOAP and Web services stack, REST APIs, RESTful, RPC/RFC
• Analyze, design, and coordinate the development of major components of the APIs including hands on implementation, testing, review, build automation, and documentation
• Work with DevOps team to package release components to deploy into higher environment

Required Qualifications

• Expert Hands-on experience in the following:
• Technologies such as Spring Boot, Microservices, API Management & Gateway, Event Streaming, Cloud-Native Patterns, Observability & Performance optimizations
• Data modelling, Master and Operational Data Stores, Data ingestion & distribution patterns, ETL / ELT technologies, Relational and Non-Relational DB's, DB Optimization patterns
• At least 5+ years of experience with Azure APIM
• At least 8+ years’ experience in Azure SaaS and PaaS
• At least 8+ years’ experience in API Management including technologies such as Mulesoft and Apigee
• At least last 5 years in consulting with the latest implementation on Azure SaaS services
• At least 5+ years in MS SQL / MySQL development including data modeling, concurrency, stored procedure development and tuning
• Excellent communication skills with a demonstrated ability to engage, influence, and encourage partners and stakeholders to drive collaboration and alignment
• High degree of organization, individual initiative, results and solution oriented, and personal accountability and resiliency
• Should be a self-starter and team player, capable of working with a team of architects, co-developers, and business analysts

Preferred Qualifications:

• Ability to work as a collaborative team, mentoring and training the junior team members
• Working knowledge on building and working on/around data integration / engineering / Orchestration
• Position requires expert knowledge across multiple platforms, integration patterns, processes, data/domain models, and architectures.
• Candidates must demonstrate an understanding of the following disciplines: enterprise architecture, business architecture, information architecture, application architecture, and integration architecture.
• Ability to focus on business solutions and understand how to achieve them according to the given timeframes and resources.
• Recognized as an expert/thought leader. Anticipates and solves highly complex problems with a broad impact on a business area.
• Experience with Agile Methodology / Scaled Agile Framework (SAFe).
• Outstanding oral and written communication skills including formal presentations for all levels of management combined with strong collaboration/influencing.

Preferred Education/Skills:

• Prefer Master’s degree
• Bachelor’s Degree in Computer Science with a minimum of 12+ years relevant experience or equivalent.

Dear Candidate,

Greetings from HCL Technologies Ltd.

• Make sense of Cyber security and compliance frameworks that apply to your business or industry
  • Identify business risks, taking into account the role of your hosting service provider
  • Determine which Cyber security controls are required to mitigate your identified risks
  • Improve collaboration and communication during Cyber security Incident mitigation and response.
  • Establish the necessary framework based on NIST Framework to maintain and continually improve your information security program over time based on evolving scope and emerging risks
  • Document and track efforts for evidence collection and audit preparation

• will have primary responsibility for coordinating and implementing effective Cyber Security management across the account. This role will ensure that all Supplier obligations are met regarding compliance with Security guidelines, data protection, regulations, Supplier policies, and key controls.
• provide implementation and ongoing operation of Security management framework;
• be responsible for coordinating activities to address the key Security risk exposures;
• ensure Security awareness training of, and assistance in the implementation of robust Security management practices across Security operations;
• direct the design of controls to address emerging or new Security risk and compliance requirements;
• carry out regular and frequent assurance reviews of the design and operating effectiveness of Security controls;
• implement, monitor and report on key Security risk indicators to identify and address emerging risks;
• coordinate with other Service Providers and Security functions, to facilitate client’s audits and inspections;
• manage and report on responses and actions to address Security audit points, inspection deficiencies, or control weakness identified during normal operations.
• review outcome of cyber security risk assessment, timely implement open action items and report progress to stakeholders
• incorporate vulnerability testing as an integral part of change management
• Should have good knowledge of Cyber Security Framework and controls
• CISA ,CISM or CISSP certification should be preferred.
• Have good understanding of Security policy and process along with ITSM process.

Job description Senior Security Consultant

Roles and Responsibilities

Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills

Work profile of individual

• cyber security consulting team, individual’s primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight.
• Will own and / Manage ISMS / ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
• Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
• Will be an active participant in internal / third party system security reviews and audits on customer engagements
• Will be an active participant in technical audits like VA / PT
• Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
• Will be responsible for implementation of new projects under Information Security Domain
• Will be able to manage document tracking and updating - policies, processes, procedures, templates, etc.
• Will plan the activities of configuration, conduct conference room pilots and will assist in resolving any queries related to requirements and Security control Design
• Will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
• Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
• Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
• Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.

Team work

• Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
• Individual would predominately work with off-shore engagement teams and relevant  teams on presale and cyber security delivery.
• Communication, written and verbal, with these teams would be expected.
• Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
• Team members would be required to handle multiple tasks at the same time.
• Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.

Desired Candidate Profile

• Bachelors
• Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
• Experience : 8-10 years
  
  

Knowledge Required:

• Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
• Deep understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
• Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
• Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
• Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
• Good knowledge on Privacy, Governance and reporting
• Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
• Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
• Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.

Additional Responsibilities:

• Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
• Good knowledge on software configuration management systems and license Management systems
• Awareness of latest technologies and Industry trends
• Logical thinking and problem solving skills along with an ability to collaborate
• Understanding of the financial processes for various types of projects and the various pricing models available
• Ability to assess the current processes, identify improvement areas and suggest the technology solutions
• One or two industry domain knowledge
• Client Interfacing skills
• Project and Team management

• Security Engineer (experience 5 to 7 years)
  • Experience in managing and administering Zscalar DLP
  o Primary responsibility is to manage Data Loss Prevention solution who has experience in analyzing the DLP logs, defining relevant policies, understanding data exfiltration techniques, etc)
  • Solution: Zscalar
  • Location: Mumbai

Experience: 6+ years

Location: Pune

Lead/support implementation of core cloud components and document critical design and configuration details to support enterprise cloud initiatives. The Cloud Infrastructure Lead will be primarily responsible for utilizing technical skills to coordinate enhancements and deployment efforts and to provide insight and recommendations for implementing client solutions. Leads will work closely with Customer, Cloud Architect, other Cloud teams and other functions.

Job Requirements:

• Experience in Cloud Foundation setup from the hierarchy of Organization to individual services
• Experience in Cloud Virtual Network, VPN Gateways, Tunneling, Cloud Load Balancing, Cloud Interconnect, Cloud DNS
• Experience working with scalable networking technologies such as Load Balancers/Firewalls and web standards (REST APIs, web security mechanisms)
• Experience working with Identity and access management (MFA, SSO, AD Connect, App Registrations, Service Principals)
• Familiarity with standard IT security practices such as encryption, certificates and key management.
• Experience in Deploying and maintaining Applications on Kubernetes
• Must have worked on one or more configuration tools such an Terraform, Ansible, PowerShell DSC
• Experience on Cloud Storage services including MS SQL DB, Tables, Files etc
• Experience on Cloud Monitoring and Alerts mechanism
• Well versed with Governance and Cloud best practices for Security and Cost optimization 
• Experience in one or more of the following: Shell scripting, PowerShell, Python or Ruby. 
• Experience with Unix/Linux operating systems internals and administration (e.g., filesystems, system calls) or networking (e.g., TCP/IP, routing, network topologies and hardware, SDN)
• Should have strong knowledge of Cloud billing and understand costing of different cloud services 
• Prior professional experience in IT Strategy, IT Business Management, Cloud & Infrastructure, or Systems Engineering

Preferred 

• Compute: Infrastructure, Platform Sizing, Consolidation, Tiered and Virtualized Storage, Automated Provisioning, Rationalization, Infrastructure Cost Reduction, Thin Provisioning
• Experience with Operating systems and Software
• Sound background with Networking and Security 
• Experience with Open Source: Sizing and Performance Analyses, Selection and Implementation, Platform Design and Selection
• Experience with Infrastructure-Based Processes: Monitoring, Capacity Planning, Facilities Management, Performance Tuning, Asset Management, Disaster Recovery, Data Center support

About Us!

A global Leader in the Data Warehouse Migration and Modernization to the Cloud, we empower businesses by migrating their Data/Workload/ETL/Analytics to the Cloud by leveraging Automation.

We have expertise in transforming legacy Teradata, Oracle, Hadoop, Netezza, Vertica, Greenplum along with ETLs like Informatica, Datastage, AbInitio & others, to cloud-based data warehousing with other capabilities in data engineering, advanced analytics solutions, data management, data lake and cloud optimization.

Datametica is a key partner of the major cloud service providers - Google, Microsoft, Amazon, Snowflake.

We have our own products!

Eagle – Data warehouse Assessment & Migration Planning Product

Raven – Automated Workload Conversion Product

Pelican - Automated Data Validation Product, which helps automate and accelerate data migration to the cloud.

Why join us!

Datametica is a place to innovate, bring new ideas to live and learn new things. We believe in building a culture of innovation, growth and belonging. Our people and their dedication over these years are the key factors in achieving our success.

Benefits we Provide!

Working with Highly Technical and Passionate, mission-driven people

Subsidized Meals & Snacks

Flexible Schedule

Approachable leadership

Access to various learning tools and programs

Pet Friendly

Certification Reimbursement Policy

Check out more about us on our website below!

www.datametica.com

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

The Role

We are looking foran Information Security Analyst – Compliance to primarily strengthen our practice towards compliances such as HIPAA, HITRUST,etc. and ensure highest levels of security around sensitive data.

• Identifying new risks and performing risk assessments.
• Performing continuous gap analysis.
• Auditing the applications, configurations, and internal practices against standards such as HIPAA, HITRUST etc.
• Providing advice and implementing forward-thinking information security policies, procedures, and standards.
• Assisting several teams (internal and external) with best practicesand security consultations.
• Supporting with other information security activities as assigned.
• Ensuring the organizational compliance during audits and certification efforts.

Requirements:

• Demonstrated experience in implementing and maintaining security standards such as HIPAA, HITRUST, SOC2, ISO 27001 etc.
• Ability to understand and interpret legal, regulatory, and contractual compliance requirements.
• Experience in InfoSec policy creation and documentation.
• Ability to understand technology and pertaining risks.
• Knowledge on IT, Servers, SDLC, Database, etc.
• Experience working with / securing cloud-based applications is an add-on.
• 2+ years of experience.
• Excellent written and verbal communication skills.
• Relevant Security Certifications will be a good add-on.