• Lead development teams in implementation of GRC solutions within ServiceNow platform including: • Policy & Compliance Management • Risk Management • Vendor Management • Audit Management • Perform fit-gap analysis to identify fitment of defined business to the technical capabilities of the ServiceNow platform. Identify level of effort required in customizing the solution to meet the requirements which have been identified as gaps. • Participate in the functional requirement & design workshops and assist in the development of the functional requirements and technical design documents • Coordinate technical tasks and work effort • Act as an escalation point of contact for technical issues and support • Lead the team in the development, unit testing, defect fixing and deployment of update sets. • Assist the project manager in ensuring overall quality of deliverables, alignment to SDLC best practices
• Design and develop typical GRC solutions like risk management (enterprise and information technology risk), compliance management, issue and corrective action plan management, exception management, policy life cycle management, third-party risk management, audit management, threat and vulnerability management, enterprise asset management, and security operations management • Define, enhance, and implement enterprise risk management frameworks based on industry standards and frameworks (e.g., ISO 27001, COSO, COBIT, PCI, NIST, HIPAA, etc.) on GRC technologies, such as RSA Archer. • Assist in gathering and documenting business requirements and identifying gaps within existing systems and processes • Define the architecture and design elements for implementation of GRC solution (including design data/object models, technical workflows diagrams, access control models, etc.) • Lead build/configuration of GRC solutions on RSA Archer as per defined business requirements and design • Lead software development life cycle (SDLC) efforts for successful build, test, and roll-out of GRC solution into production use • Assist in developing GRC governance and operating model for the setup and sustainment of the GRC program
Who you are• An analyst, a Red-Team-Blue-Team thinker, an autodidact, a threat hunter, or a researcher like none other • An always-on Security enthusiast and the go-to for news and views about vulnerabilities and malware, active threats, attack vectors, and zero-days exploited in the wild• An Eagle for detail and spotting the 'known' in the unknown• Passionate about Cyber Security and a believer in defending against the bad guys • Communicator at par in verbal, textual, and graphical mediums • A Bachelor or Master of Engineering or Technology in Computers, Information Science, or Information Technology or a Master of Computer ApplicationsWhat you'll do• Work cross-functionally with Cyber Threat Intelligence and Cyber Security Operations teams to build out our ever-evolving threat intelligence platform• Ideate and define ways to present vulnerability intelligence, preferably via dashboards and reports• Identify factors contributing to higher client-side impact of vulnerabilities and be the domain expert for our impact scoring mechanism• Track and monitor vulnerability lifecycles from zero-day discovery to CVE-ID allocation• Profile and monitor specific cyber threat actors --- including nation-states and hacktivists ---, groups, and campaigns to understand adversarial tradecraft along with tactics, techniques and procedures (TTPs)• [BROWNIES] Clearly communicate findings in written reports in English and visualsWhat you got• Between two and five years’ experience in Cyber Security• Hands-on understanding of vulnerabilities, computer intrusions, malicious code and patching mechanisms for Windows, Linux, and critical apps• Working knowledge and understanding of CVSS v2 or v3 • Proven abilities to associate vulnerabilities with CWEs• Able to analyze network protocols for vulnerability identification • Familiarity with network-based exploitation and its mitigation• Familiarity with Snort and Suricata• [HUGE PLUS] Experience or familiarity with vulnerability assessments
Security Content Developer * As a security content author, this role involves hands on security and compliance stuff. Prior experience with security tools (exploit development, port scanner and so on), scanner (OVAL, SCAP, Nessus, OpenVAS) would be a plus. As a member of security content team, you will be asked to develop and manage the security content, assume the full responsibility towards handling the content quality for the cloud services, with your value added knowledge that comes from your prior experience. You'll be asked to adhere to Redlock standards and procedures while developing the content. * Well known exposure to common vulnerabilities and knowledge on vulnerability common standards such as CVE, CVSS and CCE. * Expertise in authoring/mapping content for various security compliance standards both including regulatory (PCI, HIPAA, SoC2, SoC3, GDPR so on) and standard compliance frameworks such as NIST-800-53, CIS and so on is a must. * This role requires that, you've prior experience and hands on cloud services AWS, Azure and GCP (one of the 3 at least). * Expertise towards remediation of vulnerabilities or compliance (misconfiguration alerts), both via procedural and CLI methods.