![My client is a Big4.'s logo](/_next/image?url=https%3A%2F%2Fcdn.cutshort.io%2Fpublic%2Fimages%2Fdefault_company_picture.jpg&w=3840&q=75)
We are looking for candidates with the below experience.
- Mandatory experience on any of
a) Cylance Protect and Optics
b) Crowdstrike Falcon Insight
c) Sentinel One ActiveEDR
d) Carbon Black EDR
- Hands-on experience in security incident response lifecycle and its phases
- Should have experience in L1 and L2 in EDR
- Hands-on experience in event and log analysis on Windows endpoints
- Overall experience: 3-7 years, Relevant experience: 2+ years
Please note : Candidate should have experience in the below skills must :
- EDR Experience
- EDR Product Worked on and which level of support they are working on
- Incident Response
- Malware Analysis
- Flexible for shifts
![companies logos](/_next/image?url=https%3A%2F%2Fcdn.cutshort.io%2Fpublic%2Fimages%2Fhiring_companies_logos-v2.webp&w=3840&q=80)
Similar jobs
Sr. Offensive Security Engineer:
Security engineers at Egnyte are involved in every stage of the SDLC pipeline to highlight security vulnerabilities and provide expert advice on reducing them. By promoting security principles, ongoing penetration testing, and developing “paved roads,” we’re able to provide our customers with a secure and reliable product.
We’re looking for a senior engineer who’s well-rounded in terms of application security and has in-depth expertise in offensive security/red teaming focused on product security.
You will be working closely with other security engineers will enable you to develop your expertise in a wide range of areas of your choosing.
To excel at this role, you need to be passionate about and proficient in hacking. We’re looking for someone who loves breaking into systems and is happy to help secure them by collaborating with software engineers by sharing expertise and providing actionable advice on remediation of identified issues.
WHAT YOU’LL DO:
- Perform high-quality penetration tests of Egnyte applications independently, or as part of a team
- Designing comprehensive plans for the security engagements and thoroughly documenting findings, gaps, and remediation recommendations
- Contributing to team tooling, innovation, and improvements
- Communicating and collaborating with other teams, product owners, engineering managers, and leadership to influence, prioritize, and drive the resolution of discovered security findings
YOUR QUALIFICATIONS:
- 5+ years of experience in a penetration testing or similar offensive security role
- 5+ years of professional experience with security engineering practices, including: web application security, mobile application security, authentication and authorization and other security disciplines
- 3+ years of experience with dynamic and manual code auditing to identify security issues
- 3+ years of experience with interpreted or compiled languages (e.g. Python, Java)
- Experience with threat modeling, design review, or other threat analysis techniques
Bonus points:
- Experience with mobile application penetration testing
- Knowledge of cloud service providers, especially Google Cloud
- Experience in various security domains (e.g. system and network security, authentication and security protocols, cryptography, application security, incident response)
- Experience in developing security tooling and automation
- Experience in CTFs, CVE research, and/or Bug Bounty programs
Key Responsibility Areas:
Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex Web applications, operating systems, wired and wireless networks, and mobile applications/devices Delivering targeted and intelligence led security penetration testing through a robust testing methodology and process Craft and develop scripts, frameworks, tools, and the methods required for facilitating and executing sophisticated charges, emulating malicious actor behavior sought at avoiding detection Conduct security assessments on a wide variety of technologies and implementations Develop and maintain security testing plans Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology Automate penetration and other security testing on networks, systems and applications Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk Produce actionable, threat-based, reports on security testing results Act as a source of direction, training, and guidance for less experienced staff Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators Foster and maintain relationships with key stakeholders and business partners
Required Skills:
2 to 6 years of experience in information security with web application and network penetration testing experience Fluent in common cyber security domains such as cloud security, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence Strong understanding of OWASP top 10.
Experience or knowledge of IT security risk assessments and gap analysis In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) Hands on experience with testing frameworks such as the PTES and OWASP Experience of functional testing, UI/UX testing and manual testing, Load, Performance testing across multiple browsers and devices Hands-on experience in designing and writing test automation scripts using test automation frameworks and knowledge on API Testing Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
Qualification: Masters/Bachelor’s Degree
achelor of Engineering or Technology; or any degree on par;
· 12-15 years of Experience in security and similar areas solution/product development, design, etc
· Minimum 7-8 years of experience in an Enterprise or Cyber Security practice dedicated role
· Experience in Enterprise deployment of security with in depth knowledge of security, implementing security solutions and working closely with global customer accounts.
· Proficient with concepts like SOC, OWASP Top 10 etc
· Understanding of Enterprise Cyber security models like Mitre ATTACK and roadmap modelling.
· Excellent analytical and problem-solving skills to drive product development
· Excellent communicator, whether writing, speaking or presenting
· Experience gathering and analysing data to create useful metrics that support positive change
![MasterCom Technology Services India P Ltd](/_next/image?url=https%3A%2F%2Fcdnv2.cutshort.io%2Fcompany-static%2F6316d79cc9ea760cc422b81a%2Fuser_uploaded_data%2Flogos%2Fcompany_logo.png&w=256&q=75)
- Minimum of 5+ years of experience in IT industry at VMware NSX Design/Implementation Projects.
- Minimum 3+ years of experience in industry leading load balancer and security products (Mandatory)
- Should have solid hands-on experience in VMware Avi, NSX V and/or NSX-T.
- Hands on installation and configuration experience with Base NSX-V & NSX-T Components, VTEP's, Load Balancer, LB Rules, Security components, etc.
- Strong understanding of and experience in TCP/IP, DNS, Http, SSL, DHCP.
- Proficiency in vSphere products and technologies like HA, vMotion, DRS, and Update Manager, Administration, etc would be a plus.
- Exposure to enterprise class architecture or implementation with suite of VMware products including vCenter, vSphere, SAN, RAID, Clustering, Consolidation, Load Balancing, etc.
- Troubleshooting and Debugging of VMware Architecture related issues.
- Strong understanding of Linux/Windows servers.
- Good to have some knowledge in vRA/vRO.
- Good to have Any Automation Experience with PowerShell/Python/Bash/Ansible and basic knowledge of VMware API’s.
- Good to have some knowledge of Kubernetes and Dockers.
- Succeed in a team environment.
What are we looking for?
An enthusiastic individual with the following skills. Please do not hesitate to apply if you do not match all of it. We are open to promising candidates who are passionate about their work and are team players.
Key Responsibilities & expectations from the candidate
- Must have strong experience in Information Security Management system(ISMS), creation of policy, procedures and implementation.
- Operates as a key contributor to the RFP, Third-Party Risk assessment, cloud security assessment etc.
- Lead the strategic and tactical development of information security framework, risk management and new compliance initiatives
- Subject matter expertise in ISO 27001, SOC2, CCPA, CPRA, GDPR, PCI DSS and HIPAA.
- Must have a strong experience in the documentation process and reviewing MSA, SCC, SLA & DPA.
- Good knowledge of BCP/DR, Incident response, VA/PT and Audit methodologies of various compliance frameworks.
- Good knowledge of Access management, Network, Application Security, Encryption, Backup, Physical Security, ISMS Training & Awareness etc..
- Ability to deal with the customers and vendors on Security and privacy matters.
- Knowledge of Core IT processes, SDLC, network infrastructure will be useful.
Personal Attributes
- Good written, oral, and interpersonal communication skills.
- Ability to conduct research into IT security issues
- Ability to present ideas in business-friendly and user-friendly language.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Highly self-motivated and hardworking.
Qualification and certification
- Bachelor’s/master's degree in Security, Computer Science, Management Information Systems, Engineering or related field.
- Should be at least ISO 27001 lead auditor or lead implementer.
- 3+ years of related work experience in information security governance, risk and compliance (GRC) or relevant compliance roles in the SaaS industry.
What can you look for?
A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact, and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the benefits of being here.
We are
It is a rapidly growing fintech SaaS firm that propels business growth while focusing on human motivation. Backed by Giift and Apis Partners Growth Fund II, Company offers a suite of three products - Plum, Empuls, and Compass. Company works with more than 2000 clients across 10+ countries and over 2.5 million users. Headquartered in Bengaluru, Company is a 300+ strong team with four global offices in San Francisco, Dublin, Singapore, New Delhi.
Way forward
We look forward to connecting with you. As you may take time to review this opportunity, we will wait for a reasonable time of around 3-5 days before we screen the collected applications and start lining up job discussions with the hiring manager. We however assure you that we will attempt to maintain a reasonable time window for successfully closing this requirement. The candidates will be kept informed and updated on the feedback and application status.
Job description – Information Security (Network)
Roles and Responsibilities
Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills
Work profile of individual
- As part of the company cyber security consulting team, individual’s primary role would be to work with ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
- Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
- Will be an active participant in internal / third party system security reviews and audits on customer engagements
- Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
- Will be responsible for implementation of new projects under Information Security Domain
- Will be able to manage document tracking and updating - policies, processes, procedures, templates etc.
- Will assist in development of proposals by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
- Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
- Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
- Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.
Team work
- Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
- Individual would predominately work with off-shore engagement teams and relevant teams on presale and cyber security delivery.
- Communication, written and verbal, with these teams would be expected.
- Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
- Team members would be required to handle multiple tasks at the same time.
- Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.
Desired Candidate Profile
- Bachelors
- Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
- Experience : 3-5 years
Knowledge Required:
- Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
- Good understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
- Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
- Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
- Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
- Good knowledge on Privacy, Governance and reporting
- Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
- Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
- Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.
Additional Responsibilities:
- Ability to assist in value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
- Good knowledge on software configuration management systems and license Management systems
- Awareness of latest technologies and Industry trends
- Logical thinking and problem solving skills along with an ability to collaborate
- Understanding of the financial processes for various types of projects and the various pricing models available
- Ability to assess the current processes, identify improvement areas and suggest the technology solutions
- One or two industry domain knowledge
- Client Interfacing skills
- Project and Team management
TIKAJ is seeking a passionate person who is ready to kickstart his/her cybersecurity career. Security Analyst is your first step to a brighter future as a cybersecurity expert.
- Respond and take enforcement actions on cyber security incidents
- Monitor user activity, network events, and signals from security tools to identify events.
- Categorize alerts and other anomalous activities that represent real threats.
- Remediate attacks and Triage on general information security tickets.
- Collect data for more analysis, evaluate the attack, identify the root of the attack, and implement required security actions to counter the attack.
- Responsible for investigating and generating reports on information security issues.
We are looking for Candidates
- Who are motivated, self-learning, and team-oriented individuals?
- Have a degree in computer science or a related field.
- Who have beginner to intermediate level experience in Python
- Who has an interest in Cyber security, phishing, cyber laws and enforcement
- Good is written and verbal communication.
o Tools:
CrowdStrike Falcon Sensor - Or similar AV engine
Cisco Umbrella Web Filtering – Or similar Web Proxy Filter
Cisco FTD Intrusion Prevention – Or similar IPS/IDS
O365 Email Protection (Spam, Phishing) - Or similar
Phish Insight (Phishing Campaigns) - Or similar phish campaign technology
Nessus Professional – Or similar vulnerability scanning tool
Cisco NGFW – Or similar FW technology
o Technologies:
Cloud (AWS IaaS, O365 SaaS),
On Premis (Windows 90%, Linux 10%)
o Processes:
Computer security incident response
Security reviews and assessments
Vulnerability management Penetration tests
Manage Level 3 security incidents and requests
Ensures compliance with corporate policies and procedures
Research new ways to improve existing technical security controls
Project SME and Lead for security related projects
Conduct Risk assessments and assist in remediation activities
Assist in internal and external audit activities
Required Experience and Skills:
Bachelor's degree in Information Security, Computer Science or Engineering
Minimum of 3 years in security engineering
Knowledge in cloud ecosystems security - Amazon AWS, Microsoft O365
Ability to work well in an international team (US or EU time zone)
English spoken and written on at least B2 level
Understanding of security monitoring and identification concepts
Assessing and understanding the impact, severity and urgency of issues
Cybersecurity Certifications an advantage but not essential: CEH, C|HFI, CISSP, CISA, CISM
Expertise across a variety of security products including those listed in requirements above
Provides technical expertise and guidance in the identification, preservation, collection and analysis of digital evidence in various digital formats from computers, servers, mobile devices, and other electronic or online storage media.
Presents recommendations and findings to internal and external customers including Legal, Compliance, HR, Outside Counsel, and Law Enforcement.
Develops and maintains processes, procedures, and methodologies for collecting and analyzing digital evidence.
Maintains strong working relationships with other corporate investigation team members, subject matter experts, 3rd party vendors, and outside law firms.
Skills required:
Hands on experience on Digital Forensics for at least 4 years using digital tools such as X-Ways, AXIOM, FTK, Cellebrite, Oxygen, NUIX, etc
Experience of Computer, Mobile and Cloud Forensics cases
Expertise with Microsoft, Macintosh, and Unix Operating Systems
Strong understanding of network and cloud computing environments
Good to have certifications such as GCFA, Encase, CISSP, CFCE etc
- Max rate $85/hr
-
MUST HAVE- Application security covering micro services security and Restful API from technical and business process and architecture.
-
MUST HAVE -Application security, penetration testing, red team tool (optional), development background, Should have done Application vulnerability Assessments.
-
GOOD TO HAVE - Infrastructure experience in Azure Cloud OR Microsoft 365 product implementations will be handy , network Architecture n design mostly in Azure space
-
GOOD TO HAVE - Enterprise platform – office 365 is plus and such implementation.
-
Experience as a Azure DevSecOps engineer is desired
-
Ability to communicate effectively with senior management as well as highly technical engineers to articulate security positions effectively.
![icon](/_next/image?url=https%3A%2F%2Fcdn.cutshort.io%2Fpublic%2Fimages%2Fsearch.png&w=48&q=75)
![companies logos](/_next/image?url=https%3A%2F%2Fcdn.cutshort.io%2Fpublic%2Fimages%2Fhiring_companies_logos-v2.webp&w=3840&q=80)