Security compliance engineer
- 5+ Years of leading an engagement.
- 5+ Years developing and implementing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms.
- 4+ Years on any Cloud Platform (AWS, Azure, Google, others).
- Master's or Bachelor's degree in Information Science / Information Technology, Computer Science.
- Deep hands-on experience leading the design, development and deployment of business software at scale.
- Experience with service-oriented architectures, private and public clouds and web services security.
- Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, Infrastructure and Network Security, Data protection, and Incident response.
- Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography.
- Experience advising customers on architectures meeting industry standards such as PCI DSS, ISO 27xxx, SOC, HIPAA, GDPR, and NIST/DoD frameworks.
- Experience with enterprise risk management methods and techniques to drive successful outcomes in a global enterprise environment.
- Good understanding of Enterprise Networks, Security and Identity Access Management.
- Configuration management using CloudFormation and/or Chef/Puppet.
- Experience with agile approaches and Experience in DevOps or DevSecOps, and how they impact risk management and compliance.
- Hands-on technical expertise in technology automation, implementation, integration, and/or deployment using scripting and/or IaaC.
- Knowledge of professional software engineering practices & best practices for the full software development life cycle, including coding standards, code reviews, source control management, libraries building, build processes, testing, and operations.
- Demonstrated ability to mentor other software developers to maintain architectural vision and software quality.
- Experience taking a lead role developing complex software systems that have successfully been delivered to customers.
- Ability to travel to customer sites as needed.
PREFERRED QUALIFICATIONS:
- AWS Solutions Architect Certified.
- AWS Security Speciality Certified.
- CISSP, CCSP, CISM, and/or other comparable certifications.
About One of the world top Product/Consulting company
Similar jobs
Cloud DevOps Architect
· Practices self-leadership and promotes learning in others by building relationships with cross- functional stakeholders; communicating information and providing advice to drive projects forward; adapting to competing demands and new responsibilities; providing feedback to others; mentoring junior team members; creating and executing plans to capitalize on strengths and improve opportunity areas; and adapting to and learning from change, difficulties, and feedback.
· Ensure appropriate translation of business requirements and functional specifications into physical program designs, code modules, stable application systems, and software solutions by partnering with Business Analysts and other team members to understand business needs and functional specifications.
· Build use cases/scenarios and reference architectures to enable rapid adoption of cloud services
in Product’s cloud journey.
· Provide insight into recommendations for technical solutions that meet design and functional needs.
· Experience or familiarity with Firewall/NGFW deployed in a variety of form factors (Checkpoint, Imperva, Palo Alto, Azure Firewall).
· Establish credibility & build deep relationships with senior technical individuals to enable them to be cloud advocates.
· Participate in deep architectural discussions to build confidence and ensure engineering success when building new and migrating existing applications, software. and services to AWS and GCP.
· Conduct deep-dive hands-on education/training sessions to transfer knowledge to DevOps and engineering teams considering or already using public cloud services.
· Be a cloud (Amazon Web Services, Google Cloud Platform) and DevOps evangelist and advise the stakeholders on cloud readiness, workload identification, migration and identifying the right multi cloud mix to effectively accomplish business objectives.
· Understands engineering requirements and architect scalable solutions adopting DevOps and leveraging advanced technologies such as AWS CodePipelines, AWS Code-Commit, ECS containers, API Gateway, CloudFormation Templates, AWS Kinesis, Splunk, Dome9, AWS-SQS, AWS-SNS, SonarCube, Microservices, and Kubernetes to realize stronger benefits and future proof outcomes for customer-facing applications.
· Build use cases/scenarios and reference architectures to enable rapid adoption of cloud services in product’s cloud journey.
· Be an integral part of the technology and architecture community in the public cloud partners (AWS, GCP, Azure) and bring in new services launched by cloud providers into 8K Miles Product Platform scope.
· Capture and share best-practice knowledge amongst the DevOps and Cloud community.
· Act as a technical liaison between product management, service engineering, and support teams.
· Qualification:
o Master’s Degree in Computer Science/Engineering with 12+ years’ experience in information technology (networking, infrastructure, database).
o Strong and recent exposure to AWS/GCP/Azure Cloud platforms and designing hybrid multi cloud solutions. Preferred to be Certified AWS Architect professional or similar
· Working knowledge of UNIX shell scripting.
· Strong hands-on programming experience in Python
· Working knowledge of data visualization tools – Tableau.
· Experience working in cloud environment — AWS.
· Experience working with modern tools in the Agile Software Development Life Cycle.
· Version Control Systems (Ex. Git, Github, Stash/Bitbucket), Knowledge Management (Ex. Confluence, Google Docs), Development Workflow (Ex. Jira), Continuous Integration (Ex. Bamboo), Real Time Collaboration (Ex. Hipchat, Slack).
Job Description: SOC Manager
ESSENTIAL RESPONSIBILITIES
• Leadership & Team Management: Leads the SOC team providing clear direction, fostering teamwork and collaboration. Regularly assesses the strengths and weaknesses of team members, providing mentoring, coaching, and opportunities for growth. Hands-on execution across operational challenges, making decisive judgments while ensuring high morale and cohesion.
• Incident Management: Ensures that all security events and incidents are identified, categorized, and responded to promptly and thoroughly. This includes setting up appropriate escalation processes, coordinating between various teams for cross-functional incidents, and ensuring that incidents are closed with comprehensive documentation and lessons learned.
• Continuous Improvement: Regularly reviews and analyzes the efficiency of the existing operations processes, tools, and protocols. Implement changes based on findings, feedback from the team, and changing threat landscapes. This also involves staying updated with advancements in SOC technologies and methodologies.
• Technology Management: Oversees the implementation, configuration, and continuous tuning of various security tools, including the client’s Security Platform.
• Training and Development: Designs and implements a continuous training plan for the existing and new SOC team members, ensuring they have the latest skills and knowledge and are onboarded and productive as quickly as possible. This also involves organizing periodic simulation exercises (like red teaming) to test and improve incident response capabilities.
• Reporting: Establishes a comprehensive reporting framework that offers insights into the SOC's performance. This includes metrics on incident volumes, response times, and resolution success rates.
These reports should be presented to stakeholders clearly, actionable, highlighting successes and areas for improvement.
REQUIRED EXPERIENCE
• Minimum of 6+ years in cybersecurity roles with at least 3 years in a SOC leadership position.
Experience in an MSSP or a large-scale global SOC is highly preferred.
• Experience in actively managing the lifecycle of security incidents.
• Strong knowledge and familiarity with major cloud provider technologies (AWS, Azure, etc.)
• Solid understanding of networking protocols and infrastructure designs, including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
• Experience with virtualization technologies (VMware, Microsoft Hyper-V).
• Experience with the following tools and technologies:
– Security Information and Event Management (SIEM)
– Intrusion Detection & Prevention (IDP)
– Endpoint Detection & Response (EDR)
– Network Detection & Response (NDR)
– Network Analysis tools - Wireshark, tcpdump, etc.
– Scripting in Python, Bash, PowerShell
• Experience in regulated environments such as HIPAA or PCI preferred.
• Strong governance skills in time management, project management, and stakeholder management.
• Excellent communication skills, with ability to lead security-reviews with clients; keep stakeholders appraised of key issues/risks/incidents.
PREFERRED CERTIFICATIONS
• CISSP – Certified Information Systems Security Professional
• CISM – Certified Information Security Manager
• OSCP – Offensive Security Certified Professional
• CEH – Certified Ethical Hacker
• GSEC – SANS GIAC Security Essentials
• CompTIA – Security
OTHER REQUIREMENTS
· Flexibility of schedule is required to meet the demands of the position.
· This role requires to work in shifts (including night shift) and support clients in North America.
Candidate MUST HAVE product-based company experience and a minimum of 3years of experience in DevOps.
What you will do (or learn) :
1. Build our application stack on AWS. Infrastructure as code (read Terraform)
2. Build state-of-the-art CI/CD pipelines.
3. Manage data warehouses and data pipelines.
4. Work on infrastructure and data security.
5. State-of-the-art log management system and tooling around them.
6. Monitoring and alerting system.
What do we expect from you?
1. 3 to 10 years of experience with DevOps or SRE principles.
2. Good fundamentals of database management and other distributed systems management.
3. Experience in infrastructure as code or other configuration management systems.
4. Experience in scripting languages (like bash, python, go lang etc.)
5. Good understanding of Linux systems
6. Strong debugging and troubleshooting skills
7. Experience in tooling around monitoring, CI/CD, log management systems.
Role
To us, a Technical Interviewer is a go-to person for technical interviews for any technology. This means that your duties will involve conducting technical interview rounds of candidates having a technical background of any kind.
The job of a Technical Interviewer is important to business success. Hiring the right talent is our most critical point and a vital aspect of a complete Technical Interviewer’s job description and specification.
Responsibilities
- Own full technical recruitment process including interviews, feedback, and building talent pipelines
- Identify the right talent for the organization
- Train and mentor new and existing interviewers
- Identify the gaps in the interview process and work on solutions
- Maintain a healthy candidate experience and build the employer brand
- To be up to date with new technologies
- Participate in various coding and technology-related challenges to gain knowledge
- Nurture a positive working environment
- Have a strong sense of ownership for assigned tasks and a willingness to go the extra mile when needed
- Is an effective communicator who can establish rapport with people at all levels
Qualifications
- Bachelor's Degree in BSc/BE/BTech in Computer Science, Engineering, or a related field
- General programming skills in languages like Java, Javascript, Ruby or equivalent.
- Proven working experience in the same profession or as a trainer
- People-oriented and results-driven
- The ability to work as part of a team
- Strong analytical and problem-solving skills
- Excellent administrative and organizational skills
- Effective communication skills
- Proven hands-on Software Development experience
At Upswing, we are committed to building a robust, scalable & secure API platform to power the world of Open Finance.
We are a passionate and self-driven team of thinkers who aspire to build the rails to connect the legacy financial sector with financial innovators through a simple and powerful banking-as-a-service (BaaS) platform.
We are looking for motivated engineers who will be working in a highly creative and cutting-edge technology environment to build a world-class financial services suite.
About the role
As part of the DevSecOps team at Upswing, you will get to work on building state-of-the-art infrastructure for the future. You will also be –
- Managing security aspects of the Cloud Infrastructure
- Designing and Implementing Security measures, Incident Response guidelines
- Conducting Security Awareness Training
- Developing SIEM tooling and pipelines end to end for vulnerability/security/incident reporting
- Developing automation and performing routine VAPT for Network and Applications
- Integrating with 3rd party vendors for the services required to improve security posture
- Mentoring people across the teams to enable best practices
What will you do if you join us?
- Engage in a lot of cross-team collaboration to independently drive forward DevSecOps practices across the org
- Take Ownership of existing, ongoing, and future DevSecOps initiatives
- Plan and Engage in Architecture discussions to bring in different angles (especially security angles) to the table
- Build Automation stack and tools for security pipeline
- Integrate different security measures and pipelines with the SIEM tool
- Conducting routine VAPT using manual and automated workflows, generating and maintaining the report for the same
- Introduce and Implement best practices across teams for a great security posture in the org
You should have
- Curiosity for on-the-job learning and experimenting with new technologies and ideas
- A strong background in Linux environment
- Proven experience in Architecting networks with security first implementation
- Experience with VAPT tooling for Networks and Applications is required
- Strong experience in Cloud technologies, multi-cloud environments, and best practices in Cloud
- Experience with at least one scripting language (Ruby/Python/Groovy)
- Experience in Terraform is highly desirable but not mandatory
- Some experience with Kubernetes, and Docker is required
- Understanding Java web applications and monitoring them for security vulnerabilities would be a plus
- Any other DevSecOps-related experience will be considered
What you will do:
- Writing in-depth user guides, release updates, product descriptions for the company's suite of products and solutions
- Writing for a variety of audiences, from non-technical end-users to programmers, system administrators, and integrators
- Overseeing peer editing and production review work
- Integrating use case and functional data into user documentation and examples
Desired Candidate Profile
What you need to have:- 3+ years of technical writing experience
- Strong written and verbal communications and experience working with content in multiple mediums
- Experience working cross-departmentally to communicate the nuts and bolts of a product
- Strong experience owning an end-to-end documentation creation process
- Excellent attention to detail and the ability to prioritize and work on multiple projects in a fast-paced, changing environment
- A positive attitude, willingness to jump in and tackle new challenges
- Experience working with the following tools preferred: Confluence/JIRA, Git & Github, HTML, CSS, Jinja, JavaScript, Python, Postman, etc
Designation: Technical Recruiter
Location: Indore (M. P.)
Duration : Full time
Roles and Responsibilities
- Should have experience of various job portal like Naukri.com, LinkedIn, Monster etc.
- Should have min 6 month - 5 yrs. of experience in in -house / international recruitment.
- Sound understanding of all technology like ROR, React JS, Java, .Net, PHP, Python, Android / Mobile development etc.
- Must be excellent in communication skills oral and written.
JOB DESCRIPTION
(NOTE- we are looking for those candidates who join immediately or notice period of within 15-20days)
• Job Scope
o Conduct penetration testing on internal website/system owned by EC-Council
o Produce a report and presentation to the system owner explaining the security
structure and the vulnerabilities of the system
o Conduct scoping for any new projects
o Research and recommend fixes for issues/vulnerabilities identified during the
penetration testing
o Create and update security test plan regularly according to the nature of the website
assigned
o Conduct research on new vulnerabilities and threats regularly to improve oneself
capabilities
• Minimum Requirements
o At least 3 year experience in conducting any three of the following
▪ Network Penetration Testing
▪ Mobile Application Penetration Testing
▪ Web Application Penetration Testing
▪ Source Code Review
▪ Writing, extending and modifying exploits, shellcode
▪ Reverse engineering malware, data obfuscation and ciphers
o Bachelor’s degree in IT security related field or equivalent
o Any (2) of the following certification ; OSCP, OSCE, OSEP, OSWE, CRT, LPT or
equivalent
o Proficiency in at least 1 programming language such as PHP, ruby, Python, Perl
o Strong understanding of encryption (SSL/TLS, PKI) and other authentication methods
o Good experience with tools used for penetration testing such as Metasploit,
BurpSuite, w3af, Kali Linux, SQLMap, Skipfish
o Excellent written and verbal communication skills, especially when dealing with
large reports and datasets with a high standard of documentation
o Mastery in linux/unix operating system and bash/Powershell
- Must have good exposure working in SOAR (Security, Orchestration, Automation, Response)
- Strong knowledge in End user/ point security.
- Good hands on Cyber security like SIEM, IAM, PAM.
- Sound Knowledge into automated incident management using Demisto (or similar technology)
- Hands on creating playbooks in Python Scripting.
We are looking for candidates with the below experience.
- Mandatory experience on any of
a) Cylance Protect and Optics
b) Crowdstrike Falcon Insight
c) Sentinel One ActiveEDR
d) Carbon Black EDR
- Hands-on experience in security incident response lifecycle and its phases
- Should have experience in L1 and L2 in EDR
- Hands-on experience in event and log analysis on Windows endpoints
- Overall experience: 3-7 years, Relevant experience: 2+ years
Please note : Candidate should have experience in the below skills must :
- EDR Experience
- EDR Product Worked on and which level of support they are working on
- Incident Response
- Malware Analysis
- Flexible for shifts