Security Engineer

CAW Studios:

You will be responsible for the uptime, performance, and operational cost of a large-scale cloud platform or some of our SaaS-based products. You will make daily and weekly operational decisions to improve uptime while reducing costs. You will drive improvements by gaining an in-depth knowledge of the products in your responsibility and applying the latest emerging trends in the cloud and SaaS technologies. All your decisions will be focused on providing the best in class service to the users of our SaaS products.

Our organization relies on its central engineering workforce to develop and maintain a product portfolio of several different startups. As part of our engineering, you'll get to work on several different products every quarter. Our product portfolio continuously grows as we incubate more startups, which means that different products are very likely to use different technologies, architecture & frameworks - a fun place for smart tech lovers! 

Job Overview:

As the Senior Manager of Infrastructure & Cybersecurity, you will be responsible for implementing, maintaining, and overseeing the organization’s cybersecurity program & Infrastructure (tools, technologies, services, infrastructure) to ensure that information security standards, practices, and controls are in place to effectively manage risk to the enterprise and improve the company’s overall security posture. You will be responsible for managing your team and overseeing the execution of projects and initiatives for Celito customers. You will help develop and implement security initiatives and standards, conduct and oversee monitoring, and ensure compliance with regulatory and internal standards including incident response and investigations related to policy violations, security breaches, threats, and attacks. You will be a strategic technical leader, mentoring team members while partnering with other leaders to advance cybersecurity processes across the organization.

Responsibilities and Duties: 

• Collaborate with clients to understand their IT needs, focusing on infrastructure and security, and establish strategic IT plans that align with their business objectives and compliance requirements.
• Lead the design and implementation of secure and robust IT infrastructures, ensuring they support the clients’ operations and research activities effectively.
• Develop and implement comprehensive security strategies, including but not limited to, risk assessments, incident response plans, and ongoing security monitoring.
• Drive the adoption of best practices in IT governance, cybersecurity frameworks, and regulatory compliance (such as HIPAA, GDPR, and other relevant standards).
• Manage and mentor a team of IT professionals, fostering a culture of excellence, accountability, continuous improvement, and professional growth.
• Stay abreast of technological advancements, cybersecurity trends, and regulatory changes that may impact our clients, and adjust strategic plans accordingly.
• Ensure customer satisfaction through exceptional service delivery, proactive communication, and the ability to translate technical challenges into business impact.
• Collaborate with cybersecurity operations team to ensure rapid response to potential threats and alerts, and develop standards and guidelines for response and remediation.
• Serve as the main point of contact for clients and Celito leadership team on managing the status of projects and the operational state of client infrastructure and cybersecurity program.
• Lead and perform information security and vulnerability assessments. This will include scanning, prioritization, and remediation of discovered vulnerabilities as well as performing regular penetration testing.
• Oversee implementation and maintenance of an Incident Response Program including developing IR playbooks.
• Work with and actively engage security service providers to deliver necessary services and manage contract requirements and service level agreements.
• Serve as lead advisor on cybersecurity matters to ensure appropriate levels of security are integrated into process designs and architecture.
• Develop and implement company-wide/departmental information security training and awareness programs.
• Monitor internal and external policy compliance to ensure that vendors and employees understand the company’s cybersecurity policies and operate within that framework.
• Work closely with the business to promote and support the cybersecurity initiatives of the organization.
• Performs other duties as assigned.

Qualifications: 

• 7+ years developing infrastructure & security programs, managing security solutions, and projects.
• Must have experience with the industry's best tools such as Palo Alto Firewall, Meraki, Rapid 7/Arctic Wolf/AlienVault, Crowdstrike EDR, Mimecast/DarkTrace, Tenable, CyberArk, Zscalar, AZURE/AWS security, Office 365 expertise, etc.,
• Must be a fluent communicator, able to present to Executive teams, an Independent Thinker, and able to define Cybersecurity Strategy
• Must have built or run a SOC and managed a team of cybersecurity experts & engineers supporting projects/operations.
• Preferably has industry standard CISSP certifications, CISA, Security +, SSCP, etc.,
• Must have performed NIST/ISO-based full assessments, and be able to articulate findings, build remediation plans, and present plans to scale up security posture. 
• Preferably has Life Sciences experience or consulting experience working with large & medium-sized companies. 
• Knowledge of information security frameworks, best practices, and administrative, physical, and technical safeguards (experience with common security frameworks such as NIST preferred)
• Experience working with Security Incident and Event Management (SIEM) tools, endpoint detection and response tools, vulnerability management suites, and various security solutions
• Strong technical background and knowledge of network and systems security, system and network configuration, and application security.
• Experience with incident response management, next-gen firewalls, web application firewalls, multi-factor authentication, data loss prevention, and disaster recovery.
• Excellent organizational, communication, and customer service skills with active listening skills.
• Knowledge of regulatory requirements such as the California Consumer Privacy Act (CCPA), Sarbanes-Oxley (SOX), and quality guidelines (GxP) is a plus.

About CAW Studios:

 CAW Studios is a Product Engineering Studio. WE BUILD TRUE PRODUCT TEAMS for our clients. Each team is a small, well-balanced group of geeks and a product manager who together produce relevant and high-quality products. We believe the product development process needs to be fixed as most development companies operate as IT Services. Unlike IT Apps, product development requires Ownership, Creativity, Agility, and design that scales.

Know More About CAW Studios:

Website: https://www.cawstudios.com/">https://www.cawstudios.com/

Benefits: Startup culture, powerful Laptop, free snacks, cool office, flexible work hours and work-from-home policy, medical insurance, and most importantly - the opportunity to work on challenging cutting-edge problems.

Roles and responsibilities:

- Audit the current Information Security system and procedures and do a Gap analysis

- Identify immediate potential Information Security Risks and manage remediation tasks through to closure

- Create an Information Security Compliance Roadmap and execute end-to-end compliance initiatives by that roadmap

- Design high-quality test plans and direct Data/Information security control test activities

- Continuously improve Octro Data/Information security control framework

- Maintain handbook pages and procedures related to Information security compliance

- Identify opportunities for Information security compliance control automation, execute them and then maintain

- Provide actionable and constructive advisement to cross-functional teams, including driving remediation activities for high and select moderate-risk Observations across all Octro departments

- Design, develop, and deploy scripts to automate continuous control monitoring, administrative tasks and metric reporting for all security compliance programs

- Direct and support external audits as and when necessary

Requirements

- A minimum of 6-8 years' experience working with Data/Information Security Compliance programs

- Detailed knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO, SOC 2, GDPR, PCI etc.

About Octro Inc :

We are one of the fastest-growing mobile gaming companies around, a technology-driven organization at heart, and take pride in the platforms we create.

Founded in 2006 with a mission to create productivity applications for Mobile Devices. After pioneering one of the first mobile Voice-over-IP infrastructures called OctroTalk, the company ventured into building mobile gaming platforms. Sequoia Capital has invested in Octro. The funding was announced in June 2014.

1.Triage of security alerts that includes but not limited to malware, denial of service, unauthorized access, etc.

2. Conduct incident investigations on SIEM tools.

3. Perform threat hunting on networks to detect and isolate threats.

4. Knowledge of various security methodologies and processes, and technical security solutions (firewall, packet analysis, SIEM and intrusion detection systems)

5. Continuous optimization, tuning and monitoring of SIEM solution

6. Hands on experience around administrating and threat hunting on EDR, XDR, DLP and SIEM tools.

7. Ability to analyze endpoint, network, and application logs

8. Identify false positives, analyse reported spam, phishing, and suspicious emails and understanding of email security concepts: SPF, DMARC, DKIM

9. Immediate Joiners

Job Brief:

You'll be joining Mindtickle’s InfoSec and Compliance team, which is responsible for various functions related to Security, Privacy, and Compliance around Mindtickle's rapidly growing cloud platform. You'll play a crucial role in all our compliance & information security initiatives, including but not limited to those arising from regulations (e.g., GDPR, CCPA, UK DPA 2018, FINRA), audit requirements (e.g., SOC 2, HIPAA), and customer/ prospects requests (typically large enterprises).

As Data Privacy & Compliance Manager, you will champion the highest data privacy standards and drive forward compliance across all of Mindtickle. Crucial to this role will be an expert knowledge of international data protection laws and a proactive and pragmatic approach towards data privacy and compliance. 

Key Responsibilities:

• Act as the single point of contact for all privacy-related topics, including communication with customers and prospects, including RFPs, emails, or privacy calls

• Closely working with the internal legal team and external legal counsel to support the review of third parties/customer data processing addendums (DPAs), standard contractual clauses, contracts, and other data protection agreements

• Maintain the data protection terms agreed with customers in a contract management software

• Perform due diligence of new third parties and periodic risk review of existing third parties, including processes around sub-processors

• Support in other industry compliance projects such as ADA, Section 508, WCAG, FINRA, 21 CFR Part 11, etc.

• Lead the assessment of new legislation or other regulatory changes (GDPR, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP) and make recommendations as necessary to ensure that risks are mitigated as well as ongoing compliance

• To work flexibly and collaboratively across all teams in the organization while driving privacy & compliance-related projects, including sales, customer success, product, and engineering

• Own internal and external privacy audit projects, including planning, scoping, need analysis, ongoing project management, and communications with all relevant stakeholders

• Onboard privacy solutions, design, build and deploy data privacy programs on the solutions to ensure compliance with privacy requirements

• Maintain Records of Processing Activities (ROPA) and ensure Privacy By Design for new features/changes in the platform

• Undertake all other reasonable and related tasks associated with this role
  
  

Desired Qualification:

• 5-10 years of experience in data privacy and compliance, with exposure to cloud software platforms

• Extensive experience in data protection and knowledge of relevant legislation, including GDPR, Standard Contractual Clauses, Transfer Impact Assessment, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP, etc.

• Certifications such as CIPP/E, CIPP/US, CIPM, CIPT, etc., are preferred

• Specialist knowledge in a relevant area, e.g., data security and individual rights requests

• Excellent communication, interpersonal, project management, and issue resolution skills

• Excellent analytical skills, organizational skills, ingenuity, and the ability to work as part of a team

• Experience in managing privacy audits and risk management processes

• Demonstrated ability to learn quickly, take the initiative, and drive complex projects

Job description Senior Security Consultant

Roles and Responsibilities

Company will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills

Work profile of individual

• cyber security consulting team, individual’s primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight.
• Will own and / Manage ISMS / ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS , Cyber Security, SOX ITGC on customer engagements
• Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
• Will be an active participant in internal / third party system security reviews and audits on customer engagements
• Will be an active participant in technical audits like VA / PT
• Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
• Will be responsible for implementation of new projects under Information Security Domain
• Will be able to manage document tracking and updating - policies, processes, procedures, templates, etc.
• Will plan the activities of configuration, conduct conference room pilots and will assist in resolving any queries related to requirements and Security control Design
• Will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
• Will engage with clients and(or) application development teams for implementation of cyber security & data privacy by design and data protection controls.
• Will support the clients with ongoing design, implementation and maintenance of the data privacy framework for managing data protection risk including responding to legislation, devising and owning policies and training.
• Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.

Team work

• Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
• Individual would predominately work with off-shore engagement teams and relevant  teams on presale and cyber security delivery.
• Communication, written and verbal, with these teams would be expected.
• Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
• Team members would be required to handle multiple tasks at the same time.
• Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.

Desired Candidate Profile

• Bachelors
• Certifications (ISO 27001/ ISO 31000/ CISA/ CISSP/ CSX or equivalent and other relevant qualification/certification
• Experience : 8-10 years
  
  

Knowledge Required:

• Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
• Deep understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
• Good understanding of technical security like network security, operating system, encryption, use of tools and technologies for various processes like logical access control, network security, security monitoring etc.
• Sound knowledge of Internal Controls and Compliance. Must be able to recommend controls around people, process, and technology.
• Sound knowledge on IT controls (especially IT risks). Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
• Good knowledge on Privacy, Governance and reporting
• Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
• Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
• Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.

Additional Responsibilities:

• Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
• Good knowledge on software configuration management systems and license Management systems
• Awareness of latest technologies and Industry trends
• Logical thinking and problem solving skills along with an ability to collaborate
• Understanding of the financial processes for various types of projects and the various pricing models available
• Ability to assess the current processes, identify improvement areas and suggest the technology solutions
• One or two industry domain knowledge
• Client Interfacing skills
• Project and Team management

Senior Netskope Technology Stack Expert (SWG/CASB/ZTNA)

Duties and Responsibilities:

• Hands on experience configuring rules and policies across the SWG/CASB/ZTNA platforms.
• Lead the Deployment and Operationalization of the Netskope Technology stack
• Defining and implementing procedures and policies to ensure proper maintenance of the environment
• Implement the process, systems, and technology required to fully maximize the platforms security capabilities
• Develop strategy, execution roadmap, priorities, and investment plans
• Partner with the leadership team to define strategic objectives
• Work closely with IT, Engineering and Security teams to ensure appropriate protections are in place while maintaining a continuity of service
• Engage Netskope’s technical teams in troubleshooting issues with current or new integrations

Required Experience and Skills:

• 5 - 7 years of leadership experience leading a team
• 3 - 5 years of experience hands-on technical design, implementation, and leadership of enterprise deployments
• Excellent knowledge and prior experience supporting network security technologies including but not limited to Proxies, NG Firewalls, SSL/IPSec, VPN’s, SSO, DLP and Encryption gateways
• Strategic capability to lead and innovate while thriving in a fast-moving environment
• A bias for action, results and delivery, with a high quality bar
• Proven track record of developing people, leading and managing high-performing teams
• An innate ability to create a sense of loyalty, trust, and positive culture. Ability to energize people and teams and establish cross functional cooperation
• Forward-thinking and problem-solving mindset; drawn to building off ambiguous and unsolved problems and “making it happen”
• Demonstrated ability to interface and maintain effective relationships with all levels of employees in a team-oriented environment

Information Security Specialist

Notice Period: 45 days / Immediate Joining

Banyan Data Services (BDS) is a US-based data-focused Company that specializes in comprehensive data solutions and services, headquartered in San Jose, California, USA. 

We are looking Information Security Specialist who has the expertise and deep knowledge of Information security regulations, compliance, and SIEM tools, and the ability to develop, describe and implement Security Baselines and Policies.

It's a once-in-a-lifetime opportunity to join our rocket ship startup run by a world-class executive team. We are looking for candidates that aspire to be a part of the cutting-edge solutions and services we offer that address next-gen data evolution challenges. 

Key Qualifications

· Design, deploy, and support Information Security Solutions provided by BDS

· Assist clients to carry out the IT Risk Management assessment on both on-prem and cloud platforms

· Provide subject matter expertise on IT security compliances during the security audits to meet various security governances.

· Research and strategic analysis of existing, and evolving all IT and data security technologies

· Establish baselines to define required security controls for all infrastructure components and application stack

· Follow latest vulnerabilities and threats intelligence updates across a wide range of technologies and make recommendations for improvements in the security baselines.

· Overseeing security event monitoring, understand the impact, and coordinate remediation efforts

· Create and optimize the SIEM rules to adjust the specification of alerts in responding to incident follow up

· Must be able to work a flexible schedule during off-hours

Key Skills & Qualification

· Minimum of 4 years relevant work experience in information/cyber security, audit, and compliance

· Certifications in any of technical security specialty (e.g., CISA, CISSP, CISM)

· Experience in managing SIEM products like Arcsight, Qradar, Sumo Logic, RSA NetWitness Suite, ELK, Splunk

· Exposure of the security audit tools on public cloud platforms

· Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture

· Certified Ethical Hacker would be a plus

· Handling of Security audits is a must

· Proven interpersonal skills while contributing to team effort by accomplishing related results

· Passion for learning new technologies and the ability to do so quickly.

http://www.banyandata.com" target="_blank">www.banyandata.com 

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).

Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption 
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting