Responsibilities:
• Serve as a Subject Matter Expert (SME) for security technologies, supporting high visibility needs
of the business in a variety of special projects. These unique projects often involve expedited
deliverables, operational agility, and require top quality deliverables covering both the consulting
and operations functions.
• Investigate any security incidents and provide insights to internal/external business users.
• Develop processes and procedures and fine-tune alerts as part of ongoing improvisation of
security operations.
• Develop cloud/hybrid and cloud platform-specific security policies, standards, and procedures on
cloud providers (Azure, AWS) and cloud-native platforms (PCF, Docker, Kubernetes, etc.)
• Identify and deliver appropriate cloud security controls based on industry standards (e.g. CCM) to
drive cloud and customer security solutions framework based on business risk and cloud-native
threats.
• Conduct integration of supported Cloud-based Security Products such as Web Application Firewall
(WAF), Web Security Proxy, etc.
• Conduct detailed & comprehensive investigations and triage on a wide variety of security events.
Recommend and implement remediation processes.
• Stay up-to-date with the latest security threats, vulnerabilities, and mitigation techniques
• Collaborate with cross-functional teams to implement security measures and address security
requirements.
• Communicate security risks, recommendations, and status updates to stakeholders,
management, and team members.
• Identify opportunities to improve processes and/or tools to ensure the highest level of quality,
including documentation, mentoring, and training sessions.
• Own the technical components of a customer integration project including but not limited to
configuration, debugging, documentation, testing, and go-live support.
• Identify and mitigate potential security threats and vulnerabilities
• Provide relevant recommendations to improve the overall security posture of customers.
• Deployment of security technologies while ensuring standards are adhered to as well as
maintenance/repair supervision working with vendor support teams on corrective activities for
system issues.
• Assist in any ad-hoc tasks when necessary.
JD
• Over 5 years of experience in Information Security or engineering.
• At least 2 years of direct experience in one of the Public Cloud platforms, such as AWS or
Azure with strong knowledge of their security features.
• Ability to identify and drive remediation of public and hybrid cloud risks.
• Experience in general security technologies, processes, and concepts.
• Industry-recognized security certifications (OSCP, CISSP, CISA, CEH, AWS Security, etc.).
• Working experience on SIEM / Analytics tools, eg: Securonix, MS Sentinel, Splunk is a
MUST (*Configure policy, apply best practise, fine tuning, migration, L3
troubleshooting).
• Working experience with common security operations systems, Intrusion Detection Systems
(IDS/IPS), Security Incident Event Management systems (SIEM), anti-virus log collection
systems, etc.
• Strong analytical and problem-solving skills, with the ability to identify and address security risks
and vulnerabilities.
• Working knowledge of security systems and programs.
• Ability to analyze and develop innovative recommendations and solutions.
• Sound fundamental knowledge of Internet technologies, such as TCP/IP, HTTP, SSL, DNS, OWASP
Top10, and web servers (e.g. Apache, IIS, Nginx, etc.).
• Experience with web security concepts and technologies such as web application firewalls, and
proxy.
• Familiarity with AWS technologies, such as CodePipeline, CodeBuild, CodeDeploy, CodeStar,
Guardrails, Amazon ECS, AWS Lambda, and Open-source tools like Jenkins, DefectDojo, and
OWASP Glue will be an added advantage.
• Independent and results-oriented.
• Willing to work on a flexible schedule depending on business need