Key Responsibility Areas:
Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex Web applications, operating systems, wired and wireless networks, and mobile applications/devices Delivering targeted and intelligence led security penetration testing through a robust testing methodology and process Craft and develop scripts, frameworks, tools, and the methods required for facilitating and executing sophisticated charges, emulating malicious actor behavior sought at avoiding detection Conduct security assessments on a wide variety of technologies and implementations Develop and maintain security testing plans Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology Automate penetration and other security testing on networks, systems and applications Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk Produce actionable, threat-based, reports on security testing results Act as a source of direction, training, and guidance for less experienced staff Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators Foster and maintain relationships with key stakeholders and business partners
Required Skills:
2 to 6 years of experience in information security with web application and network penetration testing experience Fluent in common cyber security domains such as cloud security, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence Strong understanding of OWASP top 10.
Experience or knowledge of IT security risk assessments and gap analysis In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) Hands on experience with testing frameworks such as the PTES and OWASP Experience of functional testing, UI/UX testing and manual testing, Load, Performance testing across multiple browsers and devices Hands-on experience in designing and writing test automation scripts using test automation frameworks and knowledge on API Testing Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud
Qualification: Masters/Bachelor’s Degree
Similar jobs
Job Summary:
The Incident Response (IR) Lead manages a team of experts with diverse skill setsincluding Security Operations Center (SOC), Forensics, and technical Subject Matter Expert (SME) advisory. The IR Lead is specifically tasked with managing all aspects of an Incident Response engagement to include incident validation, monitoring, containment, log analysis, system forensic analysis, and reporting. The Incident Response Lead is also responsible for building the relationship with the client and client’s counsel and ensuring the engagement’s objectives and expectations are met and executed successfully as documented in the statement of work. You will leverage a solid foundation of technical expertise in Cybersecurity, Incident Response, and Digital Forensics to successfully execute your responsibilities.
ROLES AND RESPONSIBILITIES
· Accurately collects information from the client concerning the incident to include but not be limited to the client’s environment, size, technology, and security threats. In addition, the IR Lead is responsible for capturing all client’s expectations and objectives throughout the engagement to ensure successful delivery.
· The main point of contact manages and participates in all communications with the client and the client’s counsel during the engagement. The IR Lead sets the cadence for communications.
· Management and Coordination of all technical efforts for the IR engagement to drive the process forward through; tool deployment, ransomware decryption, restoration, and recovery efforts, system rebuilds, system, application, and network administration tasks.
· Coordinates with the Ransom Specialist when ransom negotiations are needed. Ensures updates regarding ransom status are delivered to the client and counsel in a timely fashion.
· Manages and coordinates the onsite efforts with the Onsite Lead or team ensuring they understand and can execute the objectives for the onsite work. Additional responsibilities with onsite efforts include ensuring communications are frequent and getting the daily onsite update communicating these back to the IR Director and/or IR Ops Associate for their Tiger Team.
· Ensures the Forensic Lead is coordinating the collection of data necessary for the investigation.
· Ensures SentinelOne is deployed on time and adding value.
· Communicates with sales when appropriate for SentinelOne, provide client contact.
· Communicates in tandem with the Forensic Lead pertinent findings to the client during the investigation.
· Follows up with the SOC Lead on SentinelOne alerts and encourages/coordinates client participation with the product.
· Accountable for final report review, ensuring the report is accurate, professional, and meets the objective of client counsel.
· Other duties as assigned.
DISCLAIMER The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required personnel so classified.
Role Description : Skills & Knowledge
1. Experience leading scoping calls
2. Strong background and practical hands-on experience with Windows or Linux System and Network Administration, Security DevOps, Incident Response and Digital Forensics, or Security Engineering
3. Practical experience performing in a functional role including but not limited to one or more of the following disciplines: computer forensics, Incident Response, data analytics, Security Operations, and Engineering, Digital Investigations
4. Possesses strong verbal and written communication skills
JOB REQUIREMENTS
· Bachelor's degree in Computer Science, Computer Engineering, Information Assurance, Forensic Sciences, or related technical field; Graduate degree preferred
· 10+ years experience leading full-cycle incident response investigations and communicating with the client/counsel/carriers
· Must be eligible to work in the US without sponsorship
WORK ENVIRONMENT While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
· No physical exertion is required.
· Travel within or outside of the state.
· Light work: Exerting up to 20 pounds of force occasionally, and/or up-to 10 pounds of force as frequently as needed to move objects.
achelor of Engineering or Technology; or any degree on par;
· 12-15 years of Experience in security and similar areas solution/product development, design, etc
· Minimum 7-8 years of experience in an Enterprise or Cyber Security practice dedicated role
· Experience in Enterprise deployment of security with in depth knowledge of security, implementing security solutions and working closely with global customer accounts.
· Proficient with concepts like SOC, OWASP Top 10 etc
· Understanding of Enterprise Cyber security models like Mitre ATTACK and roadmap modelling.
· Excellent analytical and problem-solving skills to drive product development
· Excellent communicator, whether writing, speaking or presenting
· Experience gathering and analysing data to create useful metrics that support positive change
Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.
Base location: - Bengaluru - Must
Requirements: -
- Mandatory - ISO 27001:2013 lead implementor certified
- Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
- Good to have – CISA, CISM, Risk management certification, Privacy certifications.
- Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
- This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
- Good documentation skills.
- Develop, implement, maintain, review and continually improve Information Security policies.
- Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
- Manage and maintain a risk register / risk database along with risk treatment plans.
- Good understanding of physical and environmental security.
- Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
- Provide training to the employees on Privacy & Information Security Management System on regular intervals.
- The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
- Mandatory: Good verbal and written communication skills. Eye for details.
- Good presentation skills.
- Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.
- Develop efficient strategies to protect the system, the networking infrastructure, data, and information systems against potential threats/cyber risks
- Routinely performing threat analysis, system checks, and security tests
- Defining and updating information security criteria and validation procedures
- Effectively discuss to understand safety and security and fix the problems along with different stakeholders
- To be a security representative or point of contact for all technical deliveries, initiatives, and project implementations.
- To develop technical processes and procedures and promote compliance in line with regulations, corporate policies, or standards as per ISO27001
- Assess technical security risks in terms of impact on systems and service confidentiality, integrity, and availability, and report and escalate results of risk assessments.
- Report any real or potential security breaches/vulnerabilities to various stakeholders and provide technical support during incident response
- Monitor security tools to detect security events & incidents Report and escalate any security breaches to the Information Technology Security Officer
- Operate vulnerability scanning and compliance tools to identify system weaknesses
- Represent IT Security matters at technical and business forums.
Desired candidate profile :
- Relevant experience in the information security field
- Relevant experience working with ISO Policies, and GDPR guidelines.
- Strong knowledge of network architecture and security concepts related to routing
- Exceptional attention to detail
- Excellent analytical and problem-solving skills
- Great team player and able to work efficiently with minimal supervision
- Excellent communication skills, both written and verbal, work with the different stakeholders on strengthening the security risks.
- Able to handle and cope with stressful situations and understands the pressures of a start-up environment
i. Technology Graduate with 8+ years of experience in the IT industry & Information Security / Cyber Security
iii. Provide Security Vision & Strategy to the Organization, strategic direction, development, and implementation of information security programs and projects to address risks relevant to the attainment of organizational strategic goals.
iv. Experience in advising leadership team regarding Security Technology Land scape, product issues, and possible improvements
v. Expertise in providing executive roadmaps for continual improvement in teams, technology, and processes, process across various security & DevSecops teams
vi. Experienced in Information Security Risk Management, gap analyses, Audits.
vii. Hands-on Experience in formulating Cyber Security Policies, Design and implementation of Security Technologies, DevSecOps.
viii. Working Knowledge in implementation of Cyber Security Solution in Open Source, OpenStack environment.
ix. Ability to provide strategies to increase the ability to withstand cyber-attacks, as measured by annual sophisticated attack simulations.
x. Experience in upgrading, troubleshooting and tuning of Cyber Security Solutions, SOC Operations.
xi. Thorough understanding and good knowledge latest Cyber Security technologies, Security Architectures, vulnerabilities, security threats.
xii. Expertise in Test-Driven Development and establishing a DevSecOps practice. Multiple product launches under your belt - from design to launch, having played a key role in their success
xiii. Ability to setup PoC for latest security solutions
xiv. Good understanding of Open Source Technologies, Private Cloud Technologies.
Job description- Information Security(Financial)
Roles and Responsibilities
HTC Global Security Delivery Centre will provide a professional opportunity to work in a dynamic environment where you will have the ability to develop process and Cyber security based skills
Work profile of individual
- As part of the companyC Global cyber security consulting team, individual’s primary role would be to be a part of ISO 27k projects IT audits, ITGC audits, SSAE, SOC audits, IT Process Audit, Systems Audit, Gap assessment TPRM, GDPR, Infosec, GRC , ISMS, Cyber Security, SOX ITGC on customer engagements
- Will address all aspects of security like physical, logical, data, access etc and review Information Security policy and suggest / recommend necessary changes to the same on customer engagements
- Will be an active participant in internal / third party system security reviews and audits on customer engagements.
- Will perform internal audits on all aspects of IT and ensure compliance with the prescribed security norms on customer engagements and will be responsible for tracking the open audit findings and closure of the same
- Will be able to manage document tracking and updating - policies, processes, procedures, templates etc.
- Will assist in developing proposals by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise.
- Will demonstrate ability to clearly and concisely communicate the privacy implications of technology and implementation.
Team work
- Individual would be responsible for contributing to a strong team environment and promoting a positive working relationship with their colleagues.
- Individual would predominately work with off-shore engagement teams and relevant HTC Territory teams on presale and cyber security delivery.
- Communication, written and verbal, with these teams would be expected.
- Team members would be required to apply learning from trainings and on the job experience to work requests and support continuous process improvement.
- Team members would be required to handle multiple tasks at the same time.
- Detailed focus when performing work and good project management skills when managing workload and maintaining timelines will be necessary.
Desired Candidate Profile
- Bachelors
- Certifications (ISO 27001/ ISO 31000/ or equivalent and other relevant qualification/certification
- Experience : 3-5 years
Knowledge Required:
- Strong knowledge of information security concepts, risk and controls concepts. Strong understanding of security principals: audit, policies, guidelines, and compliance.
- Understanding of infrastructure (data centre, network end user computing) security / cloud security / managed security services / security operations centre / compliance risk management and ITGC controls
- Sound knowledge of Internal financial Controls and Compliance. Must be able to recommend controls around people, process, and technology.
- Sound knowledge of General Leger / Balance Sheet / Journal Entry / Budgeting / Financial fraud
- Sound knowledge on business controls and process controls. Good experience with control assessment, check the effectiveness of the implemented controls and recommend mitigation / improvements.
- Experience with the Microsoft Office suite of products (i.e. Word, Excel, PowerPoint, Visio, etc.),
- Strong verbal and written communication skills Knowledge / experience in fields of ITGC audits, Internal Audit, External Audit / Statutory Audit projects
- Candidates should exhibit good client service skill collateral's with a strong focus on building relationships.
Additional Responsibilities:
- Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability
- Good knowledge on software configuration management systems and license Management systems
- Awareness of latest technologies and Industry trends
- Logical thinking and problem solving skills along with an ability to collaborate
- Understanding of the financial processes for various types of projects and the various pricing models available
- Ability to assess the current processes, identify improvement areas and suggest the technology solutions
- One or two industry domain knowledge
- Client Interfacing skills
- Project and Team management
Job Responsibilities:
Experience: 8 Yrs to 12 Yrs
- Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
- Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
- have done any submission on Bug crowd or Bug Bounty.
- have developed tools or scripts for web pen test on GitHub.
- Certified on OSCP
- Threat Modeling
- Network scan in stealth mode or simple scan using Nmap and Burp suite
Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Developing different ways to solve the existing threats and security issues.
Configuring and implementing intrusion detection systems and firewalls.
Security product development, testing, and implementation.
Responsible for security technology research, penetration testing, and vulnerability scanning.
Please follow the below inputs.
The shift will starts from 03:00 PM to 12 AM (fixed for few months),
OSCP certification(Not mandatory, preferable)
Below are the primary key skills:
Total Application Security Experience:
Total Security Architecture Experience:
IOT(optional)
MOBILE
WEB
AWS(Mandatory)
NETWORKING
THREAT MODELS
o Tools:
CrowdStrike Falcon Sensor - Or similar AV engine
Cisco Umbrella Web Filtering – Or similar Web Proxy Filter
Cisco FTD Intrusion Prevention – Or similar IPS/IDS
O365 Email Protection (Spam, Phishing) - Or similar
Phish Insight (Phishing Campaigns) - Or similar phish campaign technology
Nessus Professional – Or similar vulnerability scanning tool
Cisco NGFW – Or similar FW technology
o Technologies:
Cloud (AWS IaaS, O365 SaaS),
On Premis (Windows 90%, Linux 10%)
o Processes:
Computer security incident response
Security reviews and assessments
Vulnerability management Penetration tests
Manage Level 3 security incidents and requests
Ensures compliance with corporate policies and procedures
Research new ways to improve existing technical security controls
Project SME and Lead for security related projects
Conduct Risk assessments and assist in remediation activities
Assist in internal and external audit activities
Required Experience and Skills:
Bachelor's degree in Information Security, Computer Science or Engineering
Minimum of 3 years in security engineering
Knowledge in cloud ecosystems security - Amazon AWS, Microsoft O365
Ability to work well in an international team (US or EU time zone)
English spoken and written on at least B2 level
Understanding of security monitoring and identification concepts
Assessing and understanding the impact, severity and urgency of issues
Cybersecurity Certifications an advantage but not essential: CEH, C|HFI, CISSP, CISA, CISM
Expertise across a variety of security products including those listed in requirements above
The Cyber Security Analyst will help to assess, plan, and enact security measures to protect the Hubbell organization from security breaches and attacks on its computer networks and systems. This job involves simulating attacks to identify vulnerabilities, testing new software to help protect the
company & data, and assisting users in adhering to new regulations and processes to ensure safety and compliance. The Cyber Security Analyst will work as part of the Security Operations team to execute, monitor and report-out on the scheduled tasks associated with maintaining the overall cyber hygiene for the company
Respond and investigate security breaches and other cybersecurity incidents.
Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
Work in conjunction with the cybersecurity team to develop automation for scheduled tasks and reporting
Respond to specific threats, evaluating company exposure, and risk.
Assist in the execution of penetration testing.
Research security enhancements and make recommendations to management.
Stay up to date on cybersecurity trends, threats, and remediation
Attend daily security operations meetings
Qualifications
A degree in Computer Science, IT, Systems Engineering or a related qualification
2-3 years of experience with software development in C-Sharp, Python or Java
2 years of experience with scripting tools such as PowerShell, Unix Bash and Bourne
Familiarity with patch management
Familiar with common cyber frameworks and tools such as NIST and MITRE Attack
Awareness of common cybersecurity threats and hacking methodologies
Preferred
Previous experience with Incident response and forensics
Knowledge Network security and segmentation
IT Security Specialist
Roles and Responsibilities
- Extensive experience of 2-5 years in Vulnerability Assessment and Penetration testing, Web Application security.
- An Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, OWASP top 10 issues.
- Must have working experience in OWASP Top 10 Vulnerabilities Testing in Web applications.
- Create policy and standards for developers and testers to secure programming in the organization. (secure code review, static application security testing.
- Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP. Assessing cloud security risk (AWS and Azure) and recommending appropriate security controls.
- Ability to interact with project teams to understand the security requirements and come up with solutions
- Extensive knowledge of managing Web Application Firewall (Product) including rules management and product administration
- Strong understanding of networking concept.
Desired Candidate Profile
- Excellent knowledge of Microsoft Windows operating environments and with special attention to security and hardening issues.
- Able to work independently with minimal supervision.
- Good knowledge of secure software development standard, process, techniques, cloud security policies and tools.
- Keep stakeholders updated with communications and weekly reporting.
- Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
- Excellent communication skills - written, verbal, presentation and interpersonal.
- Willing to learn new skills and implement new technologies.
- Should come with bachelor’s degree in engineering, mathematics or master’s in computer application / programing.