Job Purpose
To lead and implement robust cybersecurity strategies and solutions that safeguard IT infrastructure, applications, and data across cloud and on-premise environments.
Responsibilities
- Serves as the domain expert (SME) on Cybersecurity matters
- Lead and influence multi-disciplinary teams in implementing and operating cyber security controls for cloud and on premise environment micro-services, containers, applications, operating systems, databases, and networks
- Involve in the project or lead the project related with IT infrastructure & Application security whenever required.
- Support maintenance team in difficult or chronic problems, escalate the issue to vendor, identifying the root cause and preventive measures.
- Support presales team on infrastructure & Application security solutioning in bids
- Provide system architecture design and planning for new IT infrastructure deployments in both hosted and cloud environments
- Work closely with Project Managers/ Application Development Team in planning the implementation tasks
- Perform initial installation and configuration of new IT infrastructure & security deployments in both hosted and cloud environments
- Conduct security design review with customers
- Lead the track in security testing and remediation, conduct Application, Server and Network vulnerability assessment.
- Deliver Application Security Assessment activities with entities and external suppliers/customers.
- Interpret security and technical requirements into business requirements and communicate security risks to relevant stakeholders ranging from business leaders to engineers
- Collaborate with application developers and database administrators to deliver creative solutions to difficult technology challenges and business requirements
- Conduct in-depth assessments on the applications using SAST, DAST, Penetration Testing, Red Teaming Activities to determine application security posture and potential vulnerabilities.
- Develop and implement server security and hardening
- Supports the monitoring and tuning of detection and security automation tools
- Automate security controls, data and processes to provide better metrics and operational support
Experiences & Qualifications
- Minimum Bachelor in Computer Science or IT related studies
- Minimum 8 years experience in IT industry with 6 years in network/systems/Application security arena.
- At least 5 years of experience in Vulnerability Assessment, Penetration Testing & Source Code Reviews of Web, Mobile and Thick Client Applications
- Knowledge of networking and IP/TCP protocol
- Experience in Windows and other OS good to have.
- Experience of working and securing Virtualization Technologies
- Experience with firewall technologies and products, including NextGen firewalls and firewall management tools
- Knowledge and experience in scripting or programming languages (ex. Python, Perl, Ruby, PowerShell, C, C#, Java) in order to develop custom scripts or tools.
- In-depth knowledge in network and systems security issues
- Hands-on experience in security-related tasks such as OS tightening, patching and updating, virus scanning will be an added advantage.
- In-depth knowledge on network and systems security issues and ability to offer advisories and troubleshooting support.
- Good communication skills and positive working attitude.
- Relevant certifications such as CISSP/CISA/CISM, CREST, CEH would be advantageous
