11+ Security controls Jobs in India

Life is Short! Work Somewhere Awesome.

Mercer Talent Enterprise is hiring experienced Senior IT Security Professional.

Key Responsibilities

• Monitor, report, and protect the safety of the company data, and adherence the local and international security compliances
• Analyse security logs and alerts to identify and investigate threats.
• Conduct periodic vulnerability assessments and penetration testing to proactively identify weaknesses.
• Continually enhance the security posture of the company by frequent review and implementing measures.
• Lead and perform security control gap assessments against industry standards and security regulatory requirements to evaluate control design and operating effectiveness
• Stay up to date on the latest security threats and vulnerabilities
• Define, draft and communicate potential security control improvement opportunities and paths to address based on requirements and industry experience,
• Support regulatory examinations across EU, UAE, KSA, US. and international regulatory regimes in partnership with Security and other GRC functions by reviewing and evaluating requests, coordinating with stakeholders to collect and QA artifacts, and track outcomes of regulatory examinations performed,
• Partner with Security Risk and Security Policy functions to ensure that security controls are reflected properly in our Security Risk Review, Security Policy requirements, and other governance processes,
• Support Security Compliance, Information Security, and Engineering stakeholders in identifying and executing on continuous control monitoring opportunities,
• Work closely with control owners and internal and external auditors on control operation and related documentation
• Communicate progress, escalations, and issue resolutions to management and team stakeholders
• Create procedural documentation, including training materials that support how we support control owners in risk to control analysis, control narratives, and how we operate as a Security Compliance team in the form of runbooks for new processes.

Required Experience or Skills

• 4+ years of security, IT compliance (internal or external audit) or equivalent experience
• 2-4 years of technical cyber security experience, with hands-on experience in vulnerability assessment and/or incident response (e.g., SOC Analyst, etc.).
• A bachelor degree in Cyber Security, Information Systems, or a combination of education and experience.
• Security+ certification or GIAC/SANS certifications highly desired
• Knowledge and practical experience with policy and regulatory mandates such as COBIT, SOC1/SOC2, CSA-CCM, ISO27001/27002/27031, GDPR, CCPA, PCI-DSS and NIST Risk Management Framework and associated standards such as sp800-34, sp800-53, FedRAMP, CMMC, etc.;
• Prior consulting experience in Cybersecurity
• Prior experience working closely with auditors and/or external regulators
• Experience with compliance initiatives from start to finish
• Experience sourcing, interpreting, and reporting on data via data visualization tools
• Outstanding written and spoken communication skills
• Ability to effectively and autonomously accomplish outcomes across cross-functional teams in ambiguous situations with light supervision

You'll get:

• Competitive salary with health benefits
• An extremely energising, dynamic and fast paced entrepreneurial working culture and environment
• An opportunity to travel to international locations where our clients may be based
• Latest laptop, devices and technologies for your needs
• Unique and supportive opportunities to progress in your career
• On-going team and professional development

Where:

India - Remote

Key Responsibility Areas:

Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex Web applications, operating systems, wired and wireless networks, and mobile applications/devices Delivering targeted and intelligence led security penetration testing through a robust testing methodology and process Craft and develop scripts, frameworks, tools, and the methods required for facilitating and executing sophisticated charges, emulating malicious actor behavior sought at avoiding detection Conduct security assessments on a wide variety of technologies and implementations Develop and maintain security testing plans Maintain and evolve a mature set of security penetration testing and internal Red Team processes covering all areas of technology Automate penetration and other security testing on networks, systems and applications Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk Produce actionable, threat-based, reports on security testing results Act as a source of direction, training, and guidance for less experienced staff Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators Foster and maintain relationships with key stakeholders and business partners

Required Skills:

2 to 6 years of experience in information security with web application and network penetration testing experience Fluent in common cyber security domains such as cloud security, access control, encryption, identify management, security operations, application security, penetration tests, endpoint security, vulnerability management, threat intelligence Strong understanding of OWASP top 10.

Experience or knowledge of IT security risk assessments and gap analysis In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) Hands on experience with testing frameworks such as the PTES and OWASP Experience of functional testing, UI/UX testing and manual testing, Load, Performance testing across multiple browsers and devices Hands-on experience in designing and writing test automation scripts using test automation frameworks and knowledge on API Testing Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud

Qualification: Masters/Bachelor’s Degree

Job Responsibilities:

·       Assist the Security Manager in developing and implementing security policies and procedures.

·       Conduct regular security risk assessments and audits.

·       Monitor security systems, including firewalls, intrusion detection systems, and access controls.

·       Respond to security incidents and provide recommendations for remediation.

·       Assist in managing user access and authentication.

·       Provide security awareness training to employees.

·       Maintain and improve endpoint security solutions (e.g. antivirus, endpoint detection and response).

·       Collaborate with other departments to ensure security is integrated into all aspects of the organization's operations.

·       Stay up to date on the latest security threats and industry trends.

Qualifications and skills:

·       Bachelor’s degree in computer science, Information Security, or a related field.

·       4-5 years of experience in security-related roles.

·       Knowledge of security systems and protocols.

·       Familiarity with risk management frameworks.

·       Knowledge of compliance regulations and standards.

·       Excellent communication and interpersonal skills.

·       Strong analytical and problem-solving skills.

·       Ability to work independently and as part of a team.

·       Attention to detail and accuracy.

Experience:- Overall 10 to 12 years of experience of which atleast 5 to 7 years’ experience should be in Information Security. Mandatory is 5 to 7 years’ experience in Information security and with one full end to end implementation experience.

Base location: - Bengaluru - Must

Requirements: -

1. Mandatory - ISO 27001:2013 lead implementor certified
2. Mandatory - ISO 27001:2013 lead auditor certified (but if it is a good candidate, we can still consider)
3. Good to have – CISA, CISM, Risk management certification, Privacy certifications.
4. Mandatory - Atleast one end to end implementation experience of ISO 27001 standard. The candidate should have a good implementation knowledge of ISO 27001, ISO 27002 standards and is required to implement the ISO requirements and run the ISMS program for multiple countries.
5. This immediate requirement is for implementing the ISMS program for our Canadian office location. The candidate should be willing to work from Bengaluru in EST time zone during this implementation phase whenever required.
6. Good documentation skills.
7. Develop, implement, maintain, review and continually improve Information Security policies.
8. Good understanding and knowledge of applicable legal and regulatory requirements as relevant to information security.
9. Manage and maintain a risk register / risk database along with risk treatment plans.
10. Good understanding of physical and environmental security.
11. Conduct Internal Audits based ISO 27001 standards and Personal Data Protection policies. A good experience in independently conducting Internal and supplier audit with respect to information security.
12. Provide training to the employees on Privacy & Information Security Management System on regular intervals.
13. The greater part of the job involves interacting with people, interviewing them / auditing, Preparing audit reports, discussing / persuading / influencing.
14. Mandatory: Good verbal and written communication skills. Eye for details.
15. Good presentation skills.
16. Since this is a trusted role, candidates must be willing to undergo extensive background checks to verify their identity, character, qualifications, skills and experience.

About us:

HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.

We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.

To know more, Visit! - https://www.happyfox.com/

Responsibilities:

• Perform manual and automated application penetration tests and provide suggestions to harden our products
• Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
• Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
• Keep up with industry trends in the security space
• Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
• Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
• Scale our application security engineering team

Requirements:

• Strong verbal and written communication skills
• Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
• Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
• Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools

Information Security Specialist

Notice Period: 45 days / Immediate Joining

Banyan Data Services (BDS) is a US-based data-focused Company that specializes in comprehensive data solutions and services, headquartered in San Jose, California, USA. 

We are looking Information Security Specialist who has the expertise and deep knowledge of Information security regulations, compliance, and SIEM tools, and the ability to develop, describe and implement Security Baselines and Policies.

It's a once-in-a-lifetime opportunity to join our rocket ship startup run by a world-class executive team. We are looking for candidates that aspire to be a part of the cutting-edge solutions and services we offer that address next-gen data evolution challenges. 

Key Qualifications

· Design, deploy, and support Information Security Solutions provided by BDS

· Assist clients to carry out the IT Risk Management assessment on both on-prem and cloud platforms

· Provide subject matter expertise on IT security compliances during the security audits to meet various security governances.

· Research and strategic analysis of existing, and evolving all IT and data security technologies

· Establish baselines to define required security controls for all infrastructure components and application stack

· Follow latest vulnerabilities and threats intelligence updates across a wide range of technologies and make recommendations for improvements in the security baselines.

· Overseeing security event monitoring, understand the impact, and coordinate remediation efforts

· Create and optimize the SIEM rules to adjust the specification of alerts in responding to incident follow up

· Must be able to work a flexible schedule during off-hours

Key Skills & Qualification

· Minimum of 4 years relevant work experience in information/cyber security, audit, and compliance

· Certifications in any of technical security specialty (e.g., CISA, CISSP, CISM)

· Experience in managing SIEM products like Arcsight, Qradar, Sumo Logic, RSA NetWitness Suite, ELK, Splunk

· Exposure of the security audit tools on public cloud platforms

· Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture

· Certified Ethical Hacker would be a plus

· Handling of Security audits is a must

· Proven interpersonal skills while contributing to team effort by accomplishing related results

· Passion for learning new technologies and the ability to do so quickly.

http://www.banyandata.com" target="_blank">www.banyandata.com 

• Max rate $85/hr

• MUST HAVE- Application security covering micro services security and Restful API from technical and business process and architecture. 

• MUST HAVE -Application security, penetration testing, red team tool (optional), development background, Should have done Application vulnerability Assessments.

• GOOD TO HAVE - Infrastructure experience in Azure Cloud OR Microsoft 365 product implementations will be handy , network Architecture n design mostly in Azure space

• GOOD TO HAVE - Enterprise platform – office 365 is plus and such implementation. 

• Experience as a Azure DevSecOps engineer is desired 

• Ability to communicate effectively with senior management as well as highly technical engineers to articulate security positions effectively. 

Roles and Responsibilities

• Extensive experience of 2-5 years in Vulnerability Assessment and Penetration testing, Web Application security.
• An Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, CSRF, authentication/authorization, OWASP top 10 issues.
• Must have working experience in OWASP Top 10 Vulnerabilities Testing in Web applications.
• Create policy and standards for developers and testers to secure programming in the organization. (secure code review, static application security testing.
• Experience on both commercial and open source tools Cenzic Hailstorm, Burpsuite, AppScan, WebInspect, Appspider, sqlmap, OWASP ZAP. Assessing cloud security risk (AWS and Azure) and recommending appropriate security controls.
• Ability to interact with project teams to understand the security requirements and come up with solutions
• Extensive knowledge of managing Web Application Firewall (Product) including rules management and product administration
• Strong understanding of networking concept.

Desired Candidate Profile

• Excellent knowledge of Microsoft Windows operating environments and with special attention to security and hardening issues.
• Able to work independently with minimal supervision.
• Good knowledge of secure software development standard, process, techniques, cloud security policies and tools.
• Keep stakeholders updated with communications and weekly reporting.
• Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
• Excellent communication skills - written, verbal, presentation and interpersonal.
• Willing to learn new skills and implement new technologies.
• Should come with bachelor’s degree in engineering, mathematics or master’s in computer application / programing.