4+ Patch Management Jobs in India

Linux Administration and VM Management with 6-8 Yrs. Exp: Client is based in US - No of positions -2

• CPU/Memory/Storage Monitoring
• Patch Management
• Disk Space Management
• System Log file management
• User account Management
• Server Start/Shut down
• Incident/SR Handling
• Pro-active monitoring of the customers infrastructure.
• Follow up on tickets with the internal IT Team for resolution/SLA
• Create and modify ansible/scripts to perform SA tasks
• Provide input on ways to improve the stability, security, efficiency, and scalability of the environment
• Collaborate with other teams and team members to develop automation strategies
• and deployment processes
• Lead and manage all Service Requests (SRs) with Oracle Support and Cloud Operations to coordinate and complete SA
• Lead and support Oracle Cloud Infrastructure, Oracle PaaS platform administration, and Security integrations with Oracle Cloud Applications
• Responsible for defining audit procedures to validate user permissions and creating custom user roles based on segregation of duties.
• Monitor and investigate any system performance issues and works with Oracle, project teams and end users to identify and resolve root causes.
• OCI infrastructure administration (Install, configure, migrations, tuning, patching, administration & monitoring).
• Identifies emerging technologies to solve complex business problems.
• Leads and directs all administrative support for new implementations, upgrades, and migrations.
• Effective collaboration with infrastructure teams, application development teams, testing, and release teams.
• Design/develop current and future state user security maps, identifying technical gaps, and building remediation plans with the new system.
• Implementing Disaster Recovery and High Availability.
• Applying automated configuration management & infrastructure provisioning
• Experienced in provisioning and supporting OCI components related to Network (VCN, IPSec, FastConnect, Firewall ….)
• Excellent written and verbal communication skills.
• Work cross functionally with the team on system administration, access management and security management tasks in OCI
• Responsible for coordinating the review of new release details, as well as communicating platform maintenance events to project teams and end users affected by both planned and unplanned events.
• Establish and maintain the security policies for the firewall as new customer locations are added.
• Establish and maintain DR plans for the network topology
• Switch from primary IPSec tunnel to backup tunnel
• Switch back to Primary when appropriate
• Backup policy development and administration for OCI tenant
• VM Backup scripting (includes testing and enhancements as needed).
• Should be willing to work in shifts.

We are looking for a capable System Administrator to take over all aspects of the configuration and maintenance of computer systems. A System Admin should be able to diagnose and resolve problems quickly and should have the patience to communicate with a variety of interdisciplinary teams and users.

Monitoring and reporting all points mentioned below.

Ensure Security updates are installed:

• Regularly checking whether the Antivirus software is updated for users.
• Regularly monitor platforms like Google to ensure everybody is using up-to-date applications with no security issues.
• Regularly Email users about the security updates that they need to install on their laptops and PCs.

Antivirus

Centrally managed antivirus should be installed on all laptops and mobile devices. 

• Adding a purchase request for any additional licence that we might require.
• Pushing new software updates on users’ laptops.
• Keeping up-to-date with antivirus updates so all our devices are secure.
• Miradore user agent 

Mobile device and access management

• Set rules and configure settings on personal and organisation-owned devices to access data and networks.
• Deploy and authenticate apps on devices -- on-premises and mobile.
• Protect company data by controlling the way users access and share information.
• Make sure devices and apps are compliant with security requirements.
• Only provide user access to laptops (No admin access, excluding developers)
• All new software installation requests will go through the system admin to make sure nothing is installed on work laptops that poses a security risk.

Vanta compliance-related tickets

• Vanta will continue to monitor and create issues to be compliant with ISO 27K over time. The system administrator must resolve all such system-related tickets.

Access management to different user applications

• Access should be restricted to only what is necessary to perform job duties ("principle of least privilege").
• Technical access to all the company’s networks must be formally documented, including the standard role for approver, grantor, and date.
• Only authorised employees and third parties working off a signed contract or statement of work, with a business need, shall be granted access to the company’s production networks.
• The company’s guests may be granted access to guest networks after registering with office staff without a documented request - guest network management.

Removal media encryption

• Research removable media encryption and figure out if removable media should be implemented and make sure it is always encrypted.

MFA reset and debugging

As we are enabling MFA for more and more applications that we have, more people are likely to have issues with it as the business moves forward. 

• Different online applications will have different ways of handling the MFA reset; a system admin should be familiar with all.

Website watcher configuration and email issues

• Software like Website Watcher keeps having email issues, as it sends emails in huge numbers every day. The system administrator must keep an eye on the emails and fix issues promptly as and when they arise.

Office network management

• System admin can help in creating guest networks in the office and making sure that the network is as secure as possible.

Phishing emails

• Finding the optimal solution to prevent phishing emails from getting delivered.
• Verifying emails sent by our staff to check for phishing emails.

Security incidents handling

• System admin must monitor incident and event tickets and assign severity tickets.
• Continuous checks to ensure the security incident policies are being followed and up to date
• A root cause analysis report must be documented and referenced in incident tickets.
• A central "War Room" will be designated for handling security threats. This may be a physical or virtual location  (i.e., Slack channel) and managed by the system admin.
• Conducting recurring Incident Response Meetings until the incident is resolved (as per the company's established norms)

Implement password policy

• Password policy must be in place to ensure that users are using secure passwords that are not easily crackable.

Add-ons:

• Devops is a plus point

We are seeking a Security Program Manager to effectively drive Privacy & Security Programs in collaboration with cross functional teams. You will partner with engineering leadership, product management and development teams to deliver more secure products.

Roles & Responsibilities:

• Work with multiple stakeholders across various departments such as IT, Engineering, Business, Legal, Finance etc to implement controls defined in policies and processes.
• Manage projects with security and audit requirements with internal and external teams and serve as a liaison among all stakeholders.
• Managing penetration tests and security reviews for core applications and APIs.
• Identify, create and guide on privacy and security requirements considering applicable Data Protection Laws and implement them across software modules developed at Netmeds.
• Brainstorm with engineering teams to figure out how privacy and security controls can be applied to Netmeds tech stack.
• Coordination with Infra Teams and Dev Teams on DB and application hardening, standardization of server images / containerization.
• Assess vendors' security posture before onboarding them and after they qualify, review their security posture at a set frequency.
• Manage auditors and ensure compliance for ISO 27001 and other data privacy audits.
• Answer questions or resolve issues reported by the external security researchers & bug bounty hunters.
• Investigate privacy breaches.
• Educate employees on data privacy & security.
• Prioritize security requirements based on their severity of impact and product roadmap.
• Maintain a balance of security and business values across the organisation.

 Required Skills:

• Web Application Security, Mobile Application Security, Web Application Firewall, DAST, SAST, Cloud Security (AWS), Docker Security, Manual Penetration Testing.
• Good hands-on experience in handling tools such as vulnerability scanners, Burp suite, patch management, web filtering & WAF.

• Familiar with cloud hosting technologies (ex. AWS, Azure). Understanding of IAM, RBAC, NACLs, and KMS.

• Experience in Log Management, Security Event Correlation, SIEM.
• Must have strong interpersonal skills and should be able to communicate complex ideas seamlessly in written and verbal communication.

Good to Have Skills:

• Online Fraud Prevention.
• Bug Bounty experience.
• Security Operations Center (SOC) management.
• Experience with Amazon AWS services (EC2, S3, VPC, RDS, Cloud watch).
• Experience / Knowledge on tools like Fortify and Nessus.
• Experience in handling logging tools on docker container images (ex. Fluentd).