Security Information and Event Management (SIEM) Jobs in Bangalore (Bengaluru)

Senior AWS Security Engineer Job Scope Build Role-based Policies in IAM, establish relevant SOPs to achieve solid access control, and work with security & compliance personnel, data engineer & data scientist for access provision/deprovision, account and access review Manage AWS Keys (include but not limited to key management, key encryption, key expiring and rotating etc.). Collaborate with network security specialist, Configuring AWS Security Group to achieve server hardening. Collaborate with DevOps team, monitoring user access in DBs & other AWS instances using Enterprise Tools (such as Arcsight SIEM & Imperva etc.) Work with data engineer & solution architect for design and implementation of data encryption in AWS infrastructure, validating data encryption following standard guidelines. Work with privacy compliance personnel for design and implementation of user access and data classification in DBs, which follows the standard guidelines (e.g., HIPAA, GDPR, PDPA etc.). Work with project manager, data engineer, and data scientist on handling request for secured data transfer Work with DevOps, security and compliance team, involving in execution and validation of Disaster Recovery Testing Plan (DR) in AWS environment Work closely with technology, security, risk & compliance, internal audit and development teams to build and launch new policies, processes, controls and provide internal trainings, as necessary.   Mandatory Requirements Bachelor’s degree or above in Information Security, Computer Science or a related technical field Min 5 years’ experience as cloud engineer, in which at least 2 years as AWS cloud security engineer, and 2 years doing database management Sound knowledge for security framework in managed cloud service, be professional in ‘CIS AWS Foundations Benchmark controls’ Hands on working knowledge of current Identity Access Management and Privileged Access Management technologies and solutions implementation In depth knowledge in AWS IAM, Security Group, KMS, Secret Manager In-depth knowledge on standardizing the SSH login process to server by different teams based on public/private keys Good understanding of AWS VPC, CloudTrail, CloudWatch, knowledge on tracing changes in AWS configurations Good Knowledge of AWS EC2, S3, S3 Glacier, and container service (EKS) In depth knowledge of MongoDB & DynamoDB, independently set up and managed both type of DBs for enterprise level client data/data in data lake In depth knowledge of secured data transfer, independently handled data transfer request using SFTP and/or AWS DataSync (or other enterprise level tools) Good knowledge of TLS (TLS 1.2 & TLS2.0), and AES/AES-GCM Hands on experience in drafting corporate SOPs (related to cloud security, access control, data transfer etc.), and/or reviewing and revising the existing SOPs   Preferred Certificates/Qualifications AWS Certified – SysOps Administrator (Associate) AWS Certified Security – Specialty AWS Certified Database - Specialty CIAM, CIST or any other relevant certifications is a plus Working experience in healthcare industry is a plus

Expert in Information security architecture, implementation, Security Solutions design and deployment SIEM, IDAM, Network monitoring, VAPT, DLP and Endpoint Security, Encryption, Audit controls and applying security measures (ISO, PCI etc.)

Security Monitoring and Operations (SIEM)Security Solutions design and deploymentIDAM - Identity and Access Management ExperienceNetwork Monitoring and Management ExperienceVAPT - Vulnerability Assessment and Penetration AssessmentExperience on DLP and Endpoint SecurityKnowledge on Encryption  Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gapsExperience in Audit controls and applying security measures (ISO, PCI etc..)Knowledge in automation and scripting

• Design and develop typical GRC solutions like risk management (enterprise and information technology risk), compliance management, issue and corrective action plan management, exception management, policy life cycle management, third-party risk management, audit management, threat and vulnerability management, enterprise asset management, and security operations management • Define, enhance, and implement enterprise risk management frameworks based on industry standards and frameworks (e.g., ISO 27001, COSO, COBIT, PCI, NIST, HIPAA, etc.) on GRC technologies, such as RSA Archer. • Assist in gathering and documenting business requirements and identifying gaps within existing systems and processes • Define the architecture and design elements for implementation of GRC solution (including design data/object models, technical workflows diagrams, access control models, etc.) • Lead build/configuration of GRC solutions on RSA Archer as per defined business requirements and design • Lead software development life cycle (SDLC) efforts for successful build, test, and roll-out of GRC solution into production use • Assist in developing GRC governance and operating model for the setup and sustainment of the GRC program