IT Security Specialist
Roles and Responsibilities
- Extensive experience of 2-5 years in Vulnerability Assessment and Penetration testing, Web Application security.
- An Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, OWASP top 10 issues.
- Must have working experience in OWASP Top 10 Vulnerabilities Testing in Web applications.
- Create policy and standards for developers and testers to secure programming in the organization. (secure code review, static application security testing.
- Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP. Assessing cloud security risk (AWS and Azure) and recommending appropriate security controls.
- Ability to interact with project teams to understand the security requirements and come up with solutions
- Extensive knowledge of managing Web Application Firewall (Product) including rules management and product administration
- Strong understanding of networking concept.
Desired Candidate Profile
- Excellent knowledge of Microsoft Windows operating environments and with special attention to security and hardening issues.
- Able to work independently with minimal supervision.
- Good knowledge of secure software development standard, process, techniques, cloud security policies and tools.
- Keep stakeholders updated with communications and weekly reporting.
- Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
- Excellent communication skills - written, verbal, presentation and interpersonal.
- Willing to learn new skills and implement new technologies.
- Should come with bachelor’s degree in engineering, mathematics or master’s in computer application / programing.
About Virtual Engineering Services Pvt Ltd
Similar jobs
Fynd is India’s largest omnichannel platform and multi-platform tech company with expertise in retail tech and products in AI, ML, big data ops, gaming+crypto, image editing and learning space. Founded in 2012 by 3 IIT Bombay alumni: Farooq Adam, Harsh Shah and Sreeraman MG. We are headquartered in Mumbai and have 1000+ brands under management, more than 10k stores and servicing 23k + pin codes.
We're looking for a Security Audit Compliance/Cyber Security Auditor to join our Engineering Team. The team builds products for 10M+ Fynd users and internal teams. Our team consists of generalist engineers who work on building modern websites (SPA & Isomorphic), mobile apps for Android & iOS, REST APIs and servers, internal tools, and infrastructure for all our users.
What will you do at Fynd?
- Updates job knowledge by participating in educational opportunities like reading professional publications, maintaining personal networks, and participating in professional organizations.
- Meets work standards by following production, productivity, quality, and customer-service standards; resolving operational problems; and identifying work process improvements.
- Ensures compliance with regulations and controls by examining and analyzing records, reports, operating practices, and documentation; and recommending opportunities to strengthen the internal control structure.
- Provides business-specific interpretations and supports automation opportunities while working with DevOps teams.
- Establishes credibility and maintains good working relationships with groups involved with payment security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).
- Collaborate with Compliance Specialists and business/service teams to understand and validate assessment scope.
- Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity.
- Responsible for building and influencing security as a core competency throughout our relationships with internal teams/partners/vendors; this includes providing education and training to the organization.
- Delivers recommendations and risk interpretations in a clear, concise and audience-specific format
- Engages with the Business and SMEs to ensure compliance to information security policies
- Supports ad-hoc data analysis requests
- Analysis of historical data to identify trends and insights
- Leads the creation, implementation, monitoring, and maintenance of security Policies and Standards
Some specific Requirements:
- Professional auditing qualification like ISO Lead Auditor with 3+ years in third party contractor underwriting or supplier vetting.
- Strong communication and multitasking skills
- A keen eye for detail
- 4+ years of relevant industry experience including information assurance, data privacy and compliance in healthcare domains.
- 3+ years of information security governance, audit, risk management or related client service or consulting experience.
- Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.
- Technical knowledge and familiarity with information security standards.
- Related security control and compliance experience in various frameworks including: HIPAA, HITRUST, PCI DSS, GLBA, ISO, NIST, etc.
- CISSP, CISA, CISM, CIPP, CEH and/or other comparable security controls or audit certifications preferred.
- Experience with service-oriented architectures and web services security.
Job Description
In the role of Technology Analyst, you will act as a primary operations management of Microsoft Azure, GCP and AWS cloud environment, you will eventually conduct requirement analysis, define the activities and modules to develop and lead execution to guarantee superior outcomes.
You will have the opportunity to collaborate with some of the best talent in the industry to create innovative high quality and defect-free solutions to meet our clients’ business needs. You will be part of a learning culture, where teamwork and collaboration are encouraged, excellence is rewarded, and diversity is respected and valued.
Responsibilities:
- Imperva Secure Sphere Database Activity Monitoring (DAM) Data Loss Prevention Standard should be in place to govern the storage, usage, processing, and transmission of Personal Identifiable Information (PII) and corporate data.
- Define and establish process for data labelling of assets in the cloud, implement data/assets labelling in the cloud
- Develop and establish process for data classification of assets in the cloud, implement data / assets classification in the cloud.
- Knowledge on Imperva Sonar to unified cybersecurity platform that provides fully integrated protection for applications and databases against emerging, automated, and insider attacks
- Develop and document encryption policies/standards for data at rest, data in transit and data in use.
- Develop monitoring mechanisms/controls to enforce compliance to encryption requirements, Threat management via Observe IT
- Monitor Citrix sessions via Observe IT
- Develop and establish mechanism to handle DLP events and incidents.
- Develop data retention policy and data Disposal Guidelines
- Establish process and standards for database encryption
- File integrity monitoring, security configuration management via Tripwire
Preferred
- Certifications like AZ-104, SC-900.
- MS Defender for Cloud, Azure Keyvault (Access Keys, Secret, Key rotation)
Personal
Besides the professional qualifications of the candidates, we place great importance in addition to various forms personality profile. These include:
- High analytical skills
- A high degree of initiative and flexibility
- High customer orientation
- High quality awareness
- Excellent verbal and written communication skills
Mandatory Skills:
- Transparent Data Encryption (TDE)
- Imperva Sonar, Imperva DAM, Observe IT, Tripwire (FIM, CCM)
Summary:
● We are seeking a highly motivated and experienced Cyber security
● Expert to join our team. You will be responsible
for safeguarding our IT infrastructure, data, and applications from cyber threats.
● You will have a deep understanding of server, endpoint, mail, and infrastructure security and possess strong incident response skills.
● Additionally, you will be well-versed in relevant regulations and how to navigate them during data breaches.
Responsibilities:
● Implement and maintain comprehensive security controls for servers, endpoints, mail, and infrastructure.
● Conduct regular vulnerability assessments and penetration testing.
● Monitor security logs and SIEM systems for suspicious activity.
● Investigate and respond to security incidents, including data breaches.
● Develop and implement incident response plans and procedures.
● Stay up-to-date on the latest cyber threats and vulnerabilities.
● Provide security awareness training to employees.
● Advise on and implement security best practices throughout the organization.
● Understand and comply with relevant data privacy and security regulations (e.g., HIPAA, GDPR, PCI DSS).
● Work collaboratively with IT, business units, and legal teams.
IT Security Manager- 8-12 Years
NOTE - We are looking for those candidates who can join immediately or within 15-20 days of the notice period.
Key Responsibilities:
• Lead IT security projects including design and implementation of security infrastructure &software
• Experience working with Linux/UNIX administration"
•
• Define next gen IT security strategy, architecture, and processes for the group
• Analyse business requirements by partnering with key stakeholders across the organization to develop security solutions
• Lead validation of BCP & DR as per the organizational needs
• Experience with framing apolicies, processes and procedures and their implementation of IT Security for both On premise and Cloud infrastructure
• Write or review security-related documents, such as incident reports, proposals, and tactical or strategic initiatives.
• Maintain and manage security for all existing and new IT infrastructure and Applications
• Monitor security performance of information technology systems to drive cost and productivity levels, and to make recommendations for improving & standardization of the IT infrastructure
• Develop strategies for infra and application hardening
• Hands on experience with implementation of various security products & infrastructure
• Testing, troubleshooting, and modifying and ensure no performance impact on the systems so that they operate effectively
• Prepare plan and strategies to ensure security of the organization including both high and low risk events.
• Develop budgets for security operations and new initiatives.
• Coordinate security operations, Audit & Compliance activities along with law enforcement and government agencies.
• Ensure completeness of documentation and have exposure to ISO 27001, ISMS policies
• Work with key IT service providers to ensure industry standard platform, network and endpoint security posture
Key Skills required:
• Critical Infrastructure Management- (Manage SPI, Certification resources and infrastructure)
• WAF – Barracuda, Cloudflare, Akamai
• Cloud Security – AWS and Azure are preferred
• Work with Software and teams in resolving vulnerabilities
• SSL and PKI infrastructure management
• SIEM – Event Management, Endpoint Management, Threat analysis, patch Management
• Anti-Virus (VDC and Global Endpoints)- Web content filtering, Definition updates,
• Time Monitoring – system health checks and resource utilization checks, SIEM log analysis
• Log Monitoring and Log Analysis – collect, alert, store, search, report and share system and WAF logs
• Manage compliance – PCI, ISO
• Ability to work in global environments with teams spread globally
• Multi-tasking and time-management skills, with the ability to prioritize tasks.
• Highly organized and detail oriented.
• Excellent analytical and problem-solving skills.
• Experience with framing policies, processes and procedures and their implementation of IT Security for both On premise and Cloud infrastructure
experience with policies
• blue team (any experience with defending the network)
any experience with vulnerability assessment and PT
NOTE- we are looking for hose who can join immediately or within notic period of 15-20days.
location_;Hyderabad
(wfh till pandemic)
JOB DESCRIPTION
• Job Scope
o Analyse incident in our security devices, conducting investigation and finding the
root cause of incidents.
o Managing endpoint detection security system
o Managing, configuration and fine tuning of on-prem firewall and WAF
o Provide and advise IT team on security and IT related issues such as network
configuration, firewall configuration, etc
o Ensuring all utilized cloud services are secured and the configuration comply to best
practices benchmark
o Communicate risk and recommendations to mitigate risk to the senior
administration by communicating in non-technical format
o Assists other department to ensure regulatory compliance to any necessary
compliance
• Minimum Requirements
o At least 2 years of experiences in managing endpoint detection system, WAF and
FW.
o Hands on experience on cloud environment preferably Microsoft Azure.
o Bachelor’s degree of any IT related courses.
o Strong understanding of incident detection and response process and procedure
o Strong knowledge in networking and in operating system such as
Linux/Unix/Windows
Provides technical expertise and guidance in the identification, preservation, collection and analysis of digital evidence in various digital formats from computers, servers, mobile devices, and other electronic or online storage media.
Presents recommendations and findings to internal and external customers including Legal, Compliance, HR, Outside Counsel, and Law Enforcement.
Develops and maintains processes, procedures, and methodologies for collecting and analyzing digital evidence.
Maintains strong working relationships with other corporate investigation team members, subject matter experts, 3rd party vendors, and outside law firms.
Skills required:
Hands on experience on Digital Forensics for at least 4 years using digital tools such as X-Ways, AXIOM, FTK, Cellebrite, Oxygen, NUIX, etc
Experience of Computer, Mobile and Cloud Forensics cases
Expertise with Microsoft, Macintosh, and Unix Operating Systems
Strong understanding of network and cloud computing environments
Good to have certifications such as GCFA, Encase, CISSP, CFCE etc
- Max rate $85/hr
-
MUST HAVE- Application security covering micro services security and Restful API from technical and business process and architecture.
-
MUST HAVE -Application security, penetration testing, red team tool (optional), development background, Should have done Application vulnerability Assessments.
-
GOOD TO HAVE - Infrastructure experience in Azure Cloud OR Microsoft 365 product implementations will be handy , network Architecture n design mostly in Azure space
-
GOOD TO HAVE - Enterprise platform – office 365 is plus and such implementation.
-
Experience as a Azure DevSecOps engineer is desired
-
Ability to communicate effectively with senior management as well as highly technical engineers to articulate security positions effectively.
We are looking for candidates with the below experience.
- Mandatory experience on any of
a) Cylance Protect and Optics
b) Crowdstrike Falcon Insight
c) Sentinel One ActiveEDR
d) Carbon Black EDR
- Hands-on experience in security incident response lifecycle and its phases
- Should have experience in L1 and L2 in EDR
- Hands-on experience in event and log analysis on Windows endpoints
- Overall experience: 3-7 years, Relevant experience: 2+ years
Please note : Candidate should have experience in the below skills must :
- EDR Experience
- EDR Product Worked on and which level of support they are working on
- Incident Response
- Malware Analysis
- Flexible for shifts