Information Security- Network

Job description Senior Security Consultant

Roles and Responsibilities

Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills

Work profile of individual

• cyber security consulting team, individual’s primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight.
• Will own and / Manage ISMS / ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
• Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
• Will be an active participant in internal / third party system security reviews and audits on customer engagements
• Will be an active participant in technical audits like VA / PT
• Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
• Will be responsible for implementation of new projects under Information Security Domain
• Will be able to manage document tracking and updating - policies, processes, procedures, templates, etc.
• Will plan the activities of configuration, conduct conference room pilots and will assist in resolving any queries related to requirements and Security control Design
• Will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
• Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
• Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
• Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.

Team work

• Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
• Individual would predominately work with off-shore engagement teams and relevant  teams on presale and cyber security delivery.
• Communication, written and verbal, with these teams would be expected.
• Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
• Team members would be required to handle multiple tasks at the same time.
• Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.

Desired Candidate Profile

• Bachelors
• Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
• Experience : 8-10 years
  
  

Knowledge Required:

• Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
• Deep understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
• Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
• Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
• Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
• Good knowledge on Privacy, Governance and reporting
• Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
• Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
• Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.

Additional Responsibilities:

• Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
• Good knowledge on software configuration management systems and license Management systems
• Awareness of latest technologies and Industry trends
• Logical thinking and problem solving skills along with an ability to collaborate
• Understanding of the financial processes for various types of projects and the various pricing models available
• Ability to assess the current processes, identify improvement areas and suggest the technology solutions
• One or two industry domain knowledge
• Client Interfacing skills
• Project and Team management

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

• Coordinate with global hiring managers to identify staffing needs
• Determine selection criteria
• Source potential candidates through online channels (e.g. social platforms and professional networks)
• Plan interview and selection procedures, including screening calls, assessments, and in-person interviews
• Assess candidate information, including resumes and contact details, using our Applicant Tracking System
• Design job descriptions and interview questions that reflect each position’s requirements
• Lead employer branding initiatives
• Organize and attend job fairs and recruitment events
• Forecast quarterly and annual hiring needs by department
• Foster long-term relationships with past applicants and potential candidates

Who we have in mind: 

• Proven work experience as a Talent Acquisition Specialist or similar role
• Familiarity with social media, resume databases, and professional networks (e.g. LinkedIn, Stack Overflow, and Github)
• Hands-on experience with full-cycle recruiting using various interview techniques and evaluation methods
• Knowledge of Applicant Tracking Systems (ATSs)
• Excellent verbal and written communication skills
• A keen understanding of the differences between various roles within organizations

Education: Must have a bachelor’s / Master’s degree in Management preferably in Human Resources, Business, or any other related field from a premier institute.

Experience: A candidate for the position will demonstrate a minimum of 4 years of relevant working experience in the IT industry.

Communication Skills: The position demands constant interactions with employees, management, and stakeholders and, therefore, excellent communication skills are an absolute necessity.

Computer Knowledge: A candidate for this position must be proficient in the use of MS Word, Excel, and PowerPoint, all necessary for the creation of not only visually but verbally engaging materials, reports, presentations, and proposals for departmental heads and management, stakeholders.

Interpersonal Skills:

• He should also possess good
• Verbal and non-verbal communication.
• Listening skills.
• Assertiveness.

Provides technical expertise and guidance in the identification, preservation, collection and analysis of digital evidence in various digital formats from computers, servers, mobile devices, and other electronic or online storage media.

Presents recommendations and findings to internal and external customers including Legal, Compliance, HR, Outside Counsel, and Law Enforcement.

Develops and maintains processes, procedures, and methodologies for collecting and analyzing digital evidence.

Maintains strong working relationships with other corporate investigation team members, subject matter experts, 3rd party vendors, and outside law firms.

• Create content marketing campaigns to drive leads and subscribers 
• Regularly produce various content types, including email, social media posts, and blogs
• Actively manage and promote our blog, and pitch articles to relevant third-party platforms
• Edit content produced by other members of the team
• Collaborate with other departments to create innovative content ideas
  Create quirky content for Insta, Facebook posts.

Skills-

• Bachelor’s degree in English, Journalism or related field
• Knowledge of digital marketing tactics, including SEO, email marketing, and social media marketing (Preferred)
• Excellent writing skills, as well as the ability to communicate and collaborate effectively
• The ability to consistently meet tight deadlines

Position: IT Auditor

Experience: 4-12 Years

Location: Pune

Key Skills Required:

CISA, CISSP, CISM, IT Audit, Technology Audit, IT Infrastructure Audit, Application Security Audit, Information Security Audit, Cyber Security Audit, Cloud Security, Ethical Hacker

Additional key words: Vulnerability assessment, Penetration Testing, ITGC testing, Cloud Computing,

IT AUDITOR is responsible to plan and perform the audit assignment starting from audit announcement, audit planning, field work, audit quality reviews, pre-closing / closing meetings with the respective Directors / Head of the Departments including writing of the audit report and its finalization as well as follow up of the audit actions. Additionally IT AUDITOR will also be responsible to:
•    Evaluate IT systems, processes and projects in place;
•    Determine risks to the Group’s information assets, and help identify methods to minimize those risks;
•    Ensure information management processes are in compliance with IT-specific laws, policies and standards;
•    Determine inefficiencies in IT systems, IT projects and associated management processes and
•    Consult in IT projects, new initiatives and organizational frameworks.

Description

Audit Planning

1)    Perform audits at Volkswagen Group entities. and other concerned Volkswagen Group Companies with focus on IT processes keeping the associated business risks in mind.
2)    Participate in the preparation of audit objective & scope document along with audit schedule based on the audit objective and timeline specified by Head of IT Audit India Hub.
3)    Participate in the preparation of work program

Audit Process

1)     Prepare and conduct preparatory interviews with the Directors and Heads of the audited departments to identify the processes to be assessed during the audit.
2)     Request and collect relevant audit data for analysis from respective business areas.
3)     Prepare audit matrix on periodic basis to record the audit field work and update the progress of the audit to IT Audit Manager and the Head of IT Audit Hub India.
4)    Define actions including relevant controls to mitigate the business risks identified based on the evidences provided during the audit.
5)    Organize and conduct pre-closing meetings with business areas to agree upon audit observations and relevant actions.
6)    Prepare and conduct closing meetings with the Directors / Heads of the Department for audited division to agree upon the audit observations, risks and proposed actions.
7)    Prepare the draft audit report and submit the same to the  IT Audit Manager and the Head of IT Audit India Hub for review.
8)    Ensure that adequate documentation is prepared for the audit assignment. Peer review changes are done before release of the final audit report to the business area.
9)    Contact business area to review the progress of the implementation of audit actions defined in the final audit report. Based on the review, write the status of the follow up and submit the same for upload in RIAS.
10)    Obtain necessary certifications / qualifications to support the job requirements by attending relevant trainings
11)    Support the conduction of unscheduled audits/special investigations and audits from the anti-corruption system.
12)    Relevant knowledge is shared among the team members.
13)    Consult in IT projects, new initiatives and organizational frameworks.
14)    Ensure information management processes are in compliance with IT-specific laws, policies and standards.
15)    Determine risks to the Group’s information assets, and help identify methods to minimize those risks.
16)    Evaluate IT systems, processes and projects in place.
17)    Determine inefficiencies in IT systems, IT projects and associated management processes.

Job Responsibilities:

Experience: 8 Yrs to 12 Yrs

1. Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
2. Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
3. have done any submission on Bug crowd or Bug Bounty.
4. have developed tools or scripts for web pen test on GitHub.
5. Certified on OSCP
6. Threat Modeling
7. Network scan in stealth mode or simple scan using Nmap and Burp suite

Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.

Developing different ways to solve the existing threats and security issues.

Configuring and implementing intrusion detection systems and firewalls.

Security product development, testing, and implementation.

Responsible for security technology research, penetration testing, and vulnerability scanning.

Please follow the below inputs.

The shift will starts from 03:00 PM to 12 AM (fixed for few months),

OSCP certification(Not mandatory, preferable)

Below are the primary key skills:

Total Application Security Experience:

Total Security Architecture Experience:

IOT(optional)

MOBILE

WEB

AWS(Mandatory)

NETWORKING

THREAT MODELS

• Max rate $85/hr

• MUST HAVE- Application security covering micro services security and Restful API from technical and business process and architecture. 

• MUST HAVE -Application security, penetration testing, red team tool (optional), development background, Should have done Application vulnerability Assessments.

• GOOD TO HAVE - Infrastructure experience in Azure Cloud OR Microsoft 365 product implementations will be handy , network Architecture n design mostly in Azure space

• GOOD TO HAVE - Enterprise platform – office 365 is plus and such implementation. 

• Experience as a Azure DevSecOps engineer is desired 

• Ability to communicate effectively with senior management as well as highly technical engineers to articulate security positions effectively.