Incident Response Lead

Hi,

We are looking for cloud solution professionals with the following skill sets;

Experience: 10+ years in cloud architecting

Location: Mumbai

 

Job Responsibilities:

• Analyze and understand customer business processes and workflows, define requirements and design appropriate solutions.
• Provide End 2 end cloud Solutioning along with secured infra
• Collaborate with vendors for the execution
• Well understanding on open source stack frameworks, AWS & Azure Cloud services
• Solutioning extending from green field to enterprise view
• Presentation skills with a high degree of comfort with both large and small audiences.
• High level of comfort communicating effectively across internal and external organizations
• Intermediate/advanced knowledge of the cloud services, market segments, customer base and industry verticals.
• Demonstrated experience leading or developing high quality, enterprise scale software products using a structured system development life cycle.
• Demonstrated ability to adapt to new technologies and learn quickly.
• Certified Solutions Architect( AWS / Azure)
• Recommendations on security, cost, performance, reliability and operational efficiency to accelerate challenging, mission-critical projects
• Experience migrating or transforming customer solutions to the cloud

Primary Skills :

JAVA / J2EE; Spring, Spring Boot, Microservices,Angular JS, Instream data handling, Elastics search DB, Mango DB,DevOps tools- Jenkin, github,maven build, Hands on AWS & Azure cloud services,Mobile: Native and hybrid app hands on;Docker Containers , AKS,Big data and Hbase, Data Lake , service bus, AD

Secondary Skills :

• Extensive experience in Microservices, Rest Services, JPA, Automated unit testing through tools.
• Proven design skills and expertise is required.
• Good knowledge of current / emerging technologies and trends.
• Good analytical, grasping and problem solving skills. Excellent written and verbal communication skills. High levels of initiative and creativity.
• Good communication skills with all stake holders, good team player with ability to mentor juniors

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

F5 is looking for a Sr. Security Engineer with experience in building, integrating, operating, and maintaining robust security monitoring and auditing systems. F5’s Edge 2.0 platform provides global, scalable, and secure way to deploy applications. In this position, you will build and maintain monitoring and audit systems across the platform that provide necessary visibility and alerts to effectively defend the platform.

 

Responsibilities:

• Collaborate with software architects, security defenders, Operations, SRE, compliance experts, and business leaders to understand the logical boundaries of the systems and identify the events to monitor, audits to maintain, alerts to tweak, as well as systems to integrate with
• You will continuously hunt for areas and metrics to be added into monitoring systems for better operational visibility, incident response capability, availability, and forensics capability of the overall platform
• You will participate in the definition of processes around change and inventory management and develop solutions to audit the changes
• You will work with other teams within security organization to define communication and alerting protocols for effective and timely actions
• You will participate in defining and executing the Incident Response Plan for the platform and be responsible for providing necessary information during the response and forensics
• Demonstrate technical leadership in multiple domain areas, providing mentorship to other team members

 

Minimum qualifications:

• BS degree in Computer Science or equivalent with 5+ years of security operation and monitoring experience
• Experience with logging, monitoring, SIEM, dashboarding tools like AWS GuardDuty, Sumo, Grafana, SolarWinds, DataDog, Splunk, etc.
• Working knowledge of at least one Cloud Computing platform (e.g. Amazon AWS, Microsoft Azure, Google Compute etc.)
• Good understanding of how to handle logs from various systems, integrate with systems handling logs and metrics, how to setup and tune alerts based on thresholds and policies
• Hands on experience with computer programming languages and/or scripting languages such as Python, Java, Shell
• Good understanding of complexities and security challenges in large-scale distributed systems
• Working knowledge of Cloud orchestration systems such as Kubernetes, Openstack etc.
• Self-motivated and willing to delve into new areas and take on new challenges in an enthusiastic manner
• Excellent written and verbal communication skills
• Strong interpersonal, team building, and mentoring skills

Skills Required
●Extensive experience of Linux, including familiarity with C, UNIX system calls, and low-level O/S and network protocols. Also block, file and object storage protocols.
●Experience of using a modern configuration management system (examples such as Ansible, Salt Stack, Puppet, or Chef) to automate the management of a large-scale Linux deployment.
●Effective troubleshooting skills across hardware, O/S, network, and storage.
Skills Desired
●Ability to write robust, maintainable code in Python and/or Perl.
●Experience working in a large, multi-national enterprise in any industry vertical, showing experience of communicating and collaborating in globally distributed teams.
●Enthusiasm for modern development tools and practices including Git, Jenkins, automated testing, and continuous integration.
●Experience of designing, implementing and supporting large scale production IaaS platforms.
●Knowledge of building and managing Docker containers in a secure manner.

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

 

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

 

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

Are you the one? Quick self-discovery test:

1. Love for the cloud: When was the last time your dinner entailed an act on “How would ‘Jerry Seinfeld’ pitch Cloud platform & products to this prospect” and your friend did the ‘Sheldon’ version of the same thing.
2. Passion: When was the last time you went to a remote gas station while on vacation and ended up helping the gas station owner saasify his 7 gas stations across other geographies.
3. Compassion for customers: You listen more than you speak.  When you do speak, people feel the need to listen.
4. Humor for life: When was the last time you told a concerned CEO, ‘If Elon Musk can attempt to take humanity to Mars, why can’t we take your business to run on the cloud?

So what are we looking for?

• Experience in On-premises to AWS cloud Migration. 
• Linux and Windows servers knowledge .
• Application knowledge like Java, .net, Python, Ruby.
• On-premises to Cloud migration assessment experience as a must .
• Able to provide a detailed migration analysis report and present it to the customer.
• Creative problem-solving skills and superb communication skills. 
• Respond to technical queries / requests from team members and customers. 
• Ambitious individuals who can work under their own direction towards agreed targets/goals. 
• Ability to handle change and be open to it along with good time management and being able to work under stress. 
• Proven interpersonal skills while contributing to team effort by accomplishing related results as needed. 
• Maintain technical knowledge by attending educational workshops, reviewing publications.

Job Responsibilities:

1. Managing  initiatives for migration and modernization in AWS cloud environment 
2. Leads and builds Modernization architecture solution from (on-prem or VMWare) into modern platform (Cloud AWS) through modular design by understanding application components 
3. Leads and SME in Modernization methodology and can lead the Design thinking workshop, method tailoring as Client environment and Client industry
4. The 6 most common application migration strategies below required
1. Re-host (Referred to as a “lift and shift.”)
2. Re-platform (Referred to as “lift, tinker, and shift.”)
3. Re-factor / Re-architect  
4. Re-purchase 
5. Retire
6. Retain ( Referred to as re-visit.)
5. Application migration analysis experience like application compatibility on the cloud, Network, security support on cloud.

Qualifications:

1. Is Education overrated? Yes. We believe so. But there is no way to locate you otherwise. So we might look for at least a Bachelor’s or Master's degree in engineering from a reputed institute or you should be programming from 12. 
1. And the latter is better. We will find you faster if you specify the latter in some manner. Not just a degree, but we are not too thrilled by tech certifications too :)
2. Architects with 10+ total and 6+ years of experience on Modernization applications and led Architecture initiatives on AWS Modernization.
3. Managed and implemented at least 5 engagement modernizing client applications to AWS Cloud and on WebSphere and Java/J2EE or .NET.
4. Experience on using DevOps tools during Modernization.
5. Complete in-depth experience and knowledge of AWS as a product and its components.
6. AWS certification would be preferred.
7. Experience in Agile fundamentals and methodology.

Why are we building UrbanClap?

The local and home services industry is very fragmented and unorganized. Prior to UrbanClap, hiring a plumber, beautician, yoga trainer, math tutor etc. was a painful process. There were no standards, no concept of trust, pricing inefficiencies etc. In a nutshell, the industry was shackled in the “yellow pages” era, and had seen no fundamental innovation for far too long.

The UrbanClap team is young and passionate, and we see a massive disruption opportunity in his industry. By leveraging technology, and a set of simple yet powerful processes, we wish to build a platform that can organize the world of services - and bring them to your finger-tips.We believe there is immense value (akin to serendipity) in bringing together customers and professionals looking for each other. In the process, we hope to impact the lives of millions of service entrepreneurs, and transform service commerce they way Amazon transformed product commerce.

 

Job Description

1. Lead the IT Network Security function at Urban Company and serve as the subject matter expert to manage the overall IT security infrastructure. The candidate will report directly to the Head of Workplace Infrastructure.

2. Maintaining firewalls, virtual private networks, web protocols, and email security

3. Develop the Incident management protocols to troubleshoot and repair network-related problems, system failures, switching/routing, etc.

4. Ensure the infrastructure is properly monitored within set thresholds and that alerts regarding network outages are addressed in a timely manner

5. Identify/diagnose network configuration and/or performance irregularities.

6. Determining latest technologies and processes that improve the overall security infrastructure.

7. Manage vendors and critical system AMCs

 

Job requirements:

1. Strong hands on experience on Network Hardware like Cisco Meraki, Juniper switches, Sophos XG firewall and other firewalls

2. Good understanding and knowledge of Network and Security

3. Knowledge of network monitoring tools

4. Strong practical knowledge of network concepts including DNS, DHCP, VPN, NAT, ACL, Access Groups, IPsec, AAA network protocols, port configuration, link aggregation, spanning tree optimization, traffic Shaping, and performance tuning.

5. Basic knowledge in Linux Unix command line, window’s batch scripts

6. Decode the error /alarm status, understand the failed unit / device and provide hands and feet support in resolution through strong hardware and networking troubleshooting techniques

7. Maintain an updated document for LAN and WAN network diagrams with relevant details

8. Monitor Routers & Interface statistics for up / down status along with router CPU Utilization & log monitoring, study CPU usage, memory usage, fine-tuning, availability, throughput, and latency) and test for weaknesses and recommend upgrade

9. Provide comprehensive and up-to-date documentation and inventories of Network assets, Services procedures, and configurations to ensure that maintenance and continuity of the Service is achievable in a timely manner

10.Define Security Concept deployment, Security Policies for Urban Company

 

Security Architectural solutions, designing, Security Analysis, Infrastructure architecture, Application architecture, DevSecOps and cloud understanding, Threat Modelling, Penetration testing, Governance Risk & Compliance

Overall purpose of the job - This role would be responsible for identifying and implementing mitigations, practices and controls ensuring adequate application and infrastructure security posture is maintained all at times Key Performance Areas - • Good at application threat modeling and applications risk identification & remediation • Strong web application security experience with thorough understanding of web application vulnerabilities • Knowledge of database, application, and web server design and implementation • Familiarity with Security standards \ frameworks and groups (OWASP, OSSTM, WASC, FISMA) • Experience in dynamic and static application vulnerability scanners like HP WebIspenct, IBM AppScan, HP Fortify, etc • Create, implement & review data protection strategy across the organization. • Experience in client handling including interaction with developers for understanding the mitigations • Experience on Mobility Platform like Phone-Gap \ native Android \ Worklite and MDM /MAM • Knowledge of DevOps and other upcoming technologies used in SDLC • Experience in manual verification of false positives reported by automated tool • Devise and enforce standards and best practices for data protection in line with international standards and industry best practices. • Evaluate the adequacy of security measures including network security to protect organizational data and information assets • Define and implement project as per approved Plan of action. • Identify security solutions as per business needs • Manage POC for agreed and approved solutions as per defined process • Conduct partner reviews • Coordinate with vendors / partners on closure of projects / activities • Manage intra and inter department conflict amicably • Benchmark and compare security practices with the industry • Implementation, operation and maintenance of the Information Security Management System based on standards like ISO/IEC 27001, Cobit, ITIL etc as applicable. • Information security risk assessments and controls selection activities • Track all audit schedules and ensure closure of all security gaps. • Reporting of all critical security issues • Co-ordinate for Risk Assessment of IT systems and Third Party workloads • Facilitate Internal process and IT audits • Software license compliance at all times • Implement tools and processes related to compliance monitoring as per internal security policies and applicable laws and regulations • Facilitate and drive initiatives of Internal Audits for Information Technology and update on Closure and Identified Risk to the Management • Review of Third Party applications / systems and network security on monthly basis • Adherence To Change Management Processes