Security Engineer

Position Title: Manager – Security Operations Organization /Function: Manager is responsible for day to day operational and project delivery for a set of customers Relevant Experience: 10+ years of experience in security area and at least 2 years as Security manager Educational Qualification: BE/B.Tech/ME/M.Tech/Graduate/Master in any stream with excellent academic record

Must-have Skills: • Must know common security policy frameworks and possess knowledge of how security programs are run at mid to large scale companies • Must have managed a team to deliver “Managed Security Service” or “Security Operations Center” • Prior working Background in either SIEM tools (Splunk, ArcSight, QRadar, DNIF etc.) or Vulnerability assessment and Management tool (Qualys/Rapid7) and process • Has broader context and understanding of managed security services • Must have service mindset and empathy. Must deal with a level of ambiguity, chaos and apparent stubbornness from customers, and manage around it by thinking through the issue or request from the customer’s perspective to drive to a reasonable conclusion • Must have prior experience on Project Management • Must have prior experience of onsite-offshore delivery model and should have directly worked with US/European customers or colleagues • Must have ITIL process knowledge

Roles and responsibilities:

- Audit the current Information Security system and procedures and do a Gap analysis

- Identify immediate potential Information Security Risks and manage remediation tasks through to closure

- Create an Information Security Compliance Roadmap and execute end-to-end compliance initiatives by that roadmap

- Design high-quality test plans and direct Data/Information security control test activities

- Continuously improve Octro Data/Information security control framework

- Maintain handbook pages and procedures related to Information security compliance

- Identify opportunities for Information security compliance control automation, execute them and then maintain

- Provide actionable and constructive advisement to cross-functional teams, including driving remediation activities for high and select moderate-risk Observations across all Octro departments

- Design, develop, and deploy scripts to automate continuous control monitoring, administrative tasks and metric reporting for all security compliance programs

- Direct and support external audits as and when necessary

Requirements

- A minimum of 6-8 years' experience working with Data/Information Security Compliance programs

- Detailed knowledge of common information security management frameworks, regulatory requirements and applicable standards such as: ISO, SOC 2, GDPR, PCI etc.

About Octro Inc :

We are one of the fastest-growing mobile gaming companies around, a technology-driven organization at heart, and take pride in the platforms we create.

Founded in 2006 with a mission to create productivity applications for Mobile Devices. After pioneering one of the first mobile Voice-over-IP infrastructures called OctroTalk, the company ventured into building mobile gaming platforms. Sequoia Capital has invested in Octro. The funding was announced in June 2014.

Responsibilities :

• Determine the scope based on requirements, designing and building security components, and testing efforts, including stating the scope of work, calculating the resources, required in delivering the services and advising the senior system engineer preparing the quotation
• Install and configure services as per the approved implementation plan
• Carry out technology, professional and maintenance support services as per scope within the stipulated duration/ timeline.
• Provide level 1/2 support (basic hardware break-fix & troubleshooting of hardware and software issues) for installed services
• Provide technical deliverables such as high-level design documents, user acceptance test (UAT) doc and as-built documentation
• Provide outstanding quality of service and meet predefined customer service level agreements (SLAs)
• Undergo technical training and obtain technical certifications that are required to meet suppliers' mandatory technical requirements
• Conduct knowledge transfer training (where required)

Knowledge, Skills and Experience :

• Minimum 3 years of relevant experience
• Certified in at least one of the technology domain (Infrastructure hardware and software, network, security)
• Expertise on any two firewalls Specially - Palo Alto, Checkpoint, Fortinet, WAF
• Strong technical knowledge on the assigned solution domain/product
• Expertise in enterprise security products implementation, migration and support.
• Implements security solutions infrastructure and/or application including the design, configuration, development, testing and deployment of security-related technologies such as Firewalls, WAF, LB , IDS/IP
• Strong interpersonal skills with a customer-centric attitude; oral and written communication skills
• Strong attention to technical details, priority management and planning skills
• Ability to work independently with little to no supervision
• Results-oriented
• Security Certifications such as CCNP/CCIE Security or CCSA/CCSE/CCCP/PCNSE/Fortinet NSE1/2/3/4 are desirable

What's In It For You?

• Elective Benefits: Our programs are tailored to your country to best accommodate your lifestyle.
• Grow Your Career: Accelerate your path to success (and keep up with the future) with formal programs on leadership and professional development, and many more on-demand courses.
• Elevate Your Personal Well-Being: Boost your financial, physical, and mental well-being through seminars, events, and our global Life Empowerment Assistance Program.
• Diversity, Equity & Inclusion: It's not just a phrase to us; valuing every voice is how we succeed. Join us in celebrating our global diversity through inclusive education, meaningful peer-to-peer conversations, and equitable growth and development opportunities.
• Make the Most of our Global Organization: Network with other new co-workers within your first 30 days through our onboarding program.
• Connect with Your Community: Participate in internal, peer-led inclusive communities and activities, including business resource groups, local volunteering events, and more environmental and social initiatives

1) Determine client needs and expectations and participate in the development of the overall client service plan. Analyse, develop, and implement information security programs, including organizational design and key processes for our clients as per plans

2)Design and develop cyber security strategies and programs for large and complex organizations

3)Define and implement cyber risk management structures, governance models, organizational transformations in the areas of cyber security

4)Develop security policies, processes, procedures. Map controls and compliance requirements. Responsible for risk assessments, gap analysis (against standards and benchmarks), risk mitigation strategy development.

4)Roll out the GRC Cybersecurity controls framework while balancing the approach with end user experience and compliance

5)Develop and tailor approaches, methods and tools to support clients cyber risk programs and initiatives

6)Provide strategic and operational advice in the areas of safeguarding critical information. Identify areas requiring improvement in the client's business processes to enable preparation of recommendations. 7)Evaluate, implement and operationalize security controls, define metrics for measure performance and establish a framework for continuous monitoring and improvement and Play substantive role in internal and external client relationship and communication

8)Interact with CxOs to define the roadmap for GRC strategy.

9Help build Cyber Transformation practice by getting involved in areas beyond engagement delivery such as pre-sales, RFP response, solution designing, competency development and Go to market strategies

10)Create or help create though leadership content in the emerging areas of Cyber Strategy and Risk Transformation .

Immediate Joiners

Job Brief:

You'll be joining Mindtickle’s InfoSec and Compliance team, which is responsible for various functions related to Security, Privacy, and Compliance around Mindtickle's rapidly growing cloud platform. You'll play a crucial role in all our compliance & information security initiatives, including but not limited to those arising from regulations (e.g., GDPR, CCPA, UK DPA 2018, FINRA), audit requirements (e.g., SOC 2, HIPAA), and customer/ prospects requests (typically large enterprises).

As Data Privacy & Compliance Manager, you will champion the highest data privacy standards and drive forward compliance across all of Mindtickle. Crucial to this role will be an expert knowledge of international data protection laws and a proactive and pragmatic approach towards data privacy and compliance. 

Key Responsibilities:

• Act as the single point of contact for all privacy-related topics, including communication with customers and prospects, including RFPs, emails, or privacy calls

• Closely working with the internal legal team and external legal counsel to support the review of third parties/customer data processing addendums (DPAs), standard contractual clauses, contracts, and other data protection agreements

• Maintain the data protection terms agreed with customers in a contract management software

• Perform due diligence of new third parties and periodic risk review of existing third parties, including processes around sub-processors

• Support in other industry compliance projects such as ADA, Section 508, WCAG, FINRA, 21 CFR Part 11, etc.

• Lead the assessment of new legislation or other regulatory changes (GDPR, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP) and make recommendations as necessary to ensure that risks are mitigated as well as ongoing compliance

• To work flexibly and collaboratively across all teams in the organization while driving privacy & compliance-related projects, including sales, customer success, product, and engineering

• Own internal and external privacy audit projects, including planning, scoping, need analysis, ongoing project management, and communications with all relevant stakeholders

• Onboard privacy solutions, design, build and deploy data privacy programs on the solutions to ensure compliance with privacy requirements

• Maintain Records of Processing Activities (ROPA) and ensure Privacy By Design for new features/changes in the platform

• Undertake all other reasonable and related tasks associated with this role
  
  

Desired Qualification:

• 5-10 years of experience in data privacy and compliance, with exposure to cloud software platforms

• Extensive experience in data protection and knowledge of relevant legislation, including GDPR, Standard Contractual Clauses, Transfer Impact Assessment, CCPA, UK DPA 2018, LGPD, PIPEDA, Swiss FDAP, etc.

• Certifications such as CIPP/E, CIPP/US, CIPM, CIPT, etc., are preferred

• Specialist knowledge in a relevant area, e.g., data security and individual rights requests

• Excellent communication, interpersonal, project management, and issue resolution skills

• Excellent analytical skills, organizational skills, ingenuity, and the ability to work as part of a team

• Experience in managing privacy audits and risk management processes

• Demonstrated ability to learn quickly, take the initiative, and drive complex projects

What will you do?

• Act as senior level escalation point for technical remediation of incidents and service requests.
• Work as L2 resource in AWS Cloud infrastructure and system administration team providing technical support and resolving issues
• Troubleshoot technical issues faced which could be related to external interfaces, networking, application and Ubuntu configuration, IIS Configuration, Linux Servers etc.
• Resolving urgent and immediate requests by support team in a vibrant and demanding environment.
• Test upgrades and patches from development team prior to client rollout
• Document the Interface testing and other details, update and complete all handovers.
• Coordinate directly with on-site IT, vendors, off-site helpdesks over email or phone calls to complete technical assignments.
• Do audit of new implemented properties for initial few weeks and identify the repeated issues reported by property.

Technical Competencies you’ll possess:

• Strong Linux and Windows Administration skills
• In depth knowledge of the windows servers & Linux servers.
• Good understanding of AWS Cloud Infrastructure, Networking, Firewall, Infrastructure, SQL and IIS Configuration, Ubuntu Configurations and MySQL.
• Working knowledge of interfaces and integrations of systems.
• Enhanced troubleshooting skills.
• Possess a good understanding of Internet based technologies including DNS, Security, IP Routing,- SSH, FTP, HTTP/HTTPS, Email Routing, etc.

Position description:

• Manage Network admin operations
• Responsible for Configuration and installation of various network devices and services (e.g. routers, switches, load balancers (Radware), firewalls (Juniper, Fortinet, Cyberoam), network access control
• Ensure network maintenance and system upgrades
• Accountable for – Network Performance and ensure system availability and reliability
• Work within established configuration and change management policies to ensure awareness, approval, and success of changes made to the network infrastructure
• Proactive forecasting of Network capacity and utilization.
• Would handle issues like Production outages.
• Would handle incident and projects
• Good problem-solving skills
• Team mentoring and timely project delivery.

Primary Responsibilities:

• To ensure availability and uptime of On-premise and cloud network

Reporting Team

• Reporting Designation: Head - Site Reliability Engineering (ABL_SS_362)
• Reporting Department: Site Reliability Engineering (24777)

Required Skills:

• Well versed with network architecture and complex network design
• Well versed with firewalls, UTM features, IDS/IPS, WAF (Web Application Firewall), SSL Offloading
• Good hands-on with Layer 2 and Layer 3 topologies
• The key focus in Enforcing policy and regulatory compliance by maintaining the organization firewall infrastructure

Responsibilities:

The Senior Information Security Engineer is responsible for the implementation, execution and maintenance of technology solutions to mitigate risk, to protect the IT and Engineering environments by reducing the probability of, and to minimize the effects of, damage caused by malware, malicious activities and security events.

The individual will help protect the company by deploying, tuning, and managing security tools across the computing environment, as well as provide security incident response cycle support. They should have a passion and skills for identifying the latest cyber threats. The individual will:

Basic Qualifications

• Working knowledge of infrastructure-as-code and CI/CD pipelines tools (i.e. Jenkins, Teamcity, CircleCI etc..)
• Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security controls while constantly identifying areas of needed improvement
• Deep hands-on security experience with cloud providers, such as AWS, GCP, Azure
• Understanding of automated security testing approaches and tools
• Experience with proactive integration of security into the development process
• Lead continuous improvement efforts of out security tools and systems (Concertation on SIEM, IDS, EDR Tools)
• Work with our customers (Security Operations, Incident Response, and Product teams) to incorporate high quality security alerting into their operational workflows
• Improve overall security practitioner efficiency through process automation
• Foster and promote collaboration among all members of the IT, Infrastructure, and Risk Management Departments.

Minimum Qualifications/Requirements

• BS or MS in Computer Science or related field
• Minimum 7+ years of cybersecurity experience
• Must have previous experience performing threat hunting and incident response duties using SIEM tools, cybersecurity management consoles, and ticketing systems
• Experience in deployment, development, and maintenance of SIEM
• Experience writing and using Ansible server administration scripts, and create simple Python, BASH, or Powershell scripts to automate cybersecurity functions
• Scripting experience to automate security operations, alerting, and compliance checks, CI/CD design, deployment, and management
• Experience with managing endpoint response and detection infrastructure and endpoints at the enterprise level, including performing upgrades to the back end application and deploying new agent versions to endpoints
• Understanding the investigative process and performing triage for cybersecurity incidents
• Experience maintaining industry leading security technologies or infrastructure systems in complex technical IT operations environment
• Must be detail-oriented and organized with ability to handle competing demands while meeting deadlines
• Experience in authentication protocols and frameworks to include OAuth, and AWS IAM
• Proactive and motivated; team player with a positive can-do attitude
• Strong analytical/problem-solving skills and cross-functional knowledge across multiple IT operational and security disciplines
• Ability to communicate technical concepts to a broad range of technical and non-technical staff
• Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change

REQUIRED CITIZENSHIP / WORK PERMIT / VISA STATUS:
Should be currently based in Japan with Valid work visa

MUST HAVES:

Experience Required:

• LAN/Wireless LAN based skills(over 3 years experiences)
• Firewall based skill (over 3 years experiences)
• Server based skill (over 3 years experiences)
• WAN/Internet based skills (over 3 years experiences)

*

• Required General Skills:

• Fluent in Japanese(both written & verbal) and English(reading & written)

Job role :

• · WAN, LAN, Wireless LAN, Firewall, ServerWork Contents;
• · Support Design and Implementation
• · Create documentation or basic design and detail design
• · Join required meeting(Internal, External)
• · Management Change(Create and close change record)
• · Test(Unit, Integrated) in on-site
• · Create the result of test document
• · Create change procedure
• · Installation equipment in on- site
• · Support soft MACD from remote site
• · Create operation manual
• · Support problem management
• · Support inventory management
• · Support configuration hencmanagement
• · Support reporting
• · Cisco Router/Switch/FW (MPLS, BGP, OSPF, STP, VLAN, QoS, VRF)
• · Juniper Router/Switch(SRX/EX/QFX)
• · Server (Linux,)
• · Wireless (CAPWAN)

Roles and Responsibilities

• Extensive experience of 2-5 years in Vulnerability Assessment and Penetration testing, Web Application security.
• An Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, OWASP top 10 issues.
• Must have working experience in OWASP Top 10 Vulnerabilities Testing in Web applications.
• Create policy and standards for developers and testers to secure programming in the organization. (secure code review, static application security testing.
• Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP. Assessing cloud security risk (AWS and Azure) and recommending appropriate security controls.
• Ability to interact with project teams to understand the security requirements and come up with solutions
• Extensive knowledge of managing Web Application Firewall (Product) including rules management and product administration
• Strong understanding of networking concept.

Desired Candidate Profile

• Excellent knowledge of Microsoft Windows operating environments and with special attention to security and hardening issues.
• Able to work independently with minimal supervision.
• Good knowledge of secure software development standard, process, techniques, cloud security policies and tools.
• Keep stakeholders updated with communications and weekly reporting.
• Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
• Excellent communication skills - written, verbal, presentation and interpersonal.
• Willing to learn new skills and implement new technologies.
• Should come with bachelor’s degree in engineering, mathematics or master’s in computer application / programing.