Job Description

Qualifications:

Bachelor's or master's degree in Cybersecurity, Computer Science, Information Technology, or a

related field (or equivalent work experience).

Requirements:

* Minimum 8+ years of experience in Cybersecurity Engineer or a similar role with a good hands-on * experience on the list of tech stack as listed in the responsibilities section, * We are looking for someone who is well-versed with security [Pen-testing, Perimeter security, API Security, Threat modeling, Antivirus / Malware detections & protections, App & Infra. Security Practices & Architecture etc.]. * Additionally, if you are certified on any of the technologies, we would love to see you prove it with your detail-oriented problem-solving skillset and knowledge of the products

Roles & Responsibilities:

. Oversee the design, implementation, and management of security infrastructure, ensuring

the confidentiality, integrity, and availability of systems and data.

. Knowledge of TCP/IP, the OSI model, DNS, HTTP, VPN, routing & switching, and load

balancer technologies for virtual and physical networks.

. Hands on experience of threats includes common attack vectors, methodologies, and

payloads/exploits.

. Ability to support, assist in implementing and administrating security solutions, e.g.,

firewalls, proxies, WAFs, DLP, malware detection/EDR, etc.

. Operational experience with security logging, event correlation, and SIEM technologies.

. Operational experience configuring and managing virtual and cloud-based environments.

. Develop and implement incident response plans to address security incidents promptly and

effectively.

. Experience in evaluating and implementing industry leading third party security tools and

software.

. Lead investigations into security breaches, vulnerabilities, and incidents, providing detailed

reports and recommendations.

. Administer and enhance Privileged Access Management solutions, ensuring secure access

controls and monitoring privileged accounts.

. Extensive experience in Perimeter security, API Security, Pen testing, Threat Modeling,

Security Testing and Auditing.

. Must have experience in managing Antivirus / Malware detections & protection solutions.

Experience in managing the AWS security services such as AWS Inspector, AWS Guard duty,

AWS WAF & Shield, Firewall manager etc. Good experience in managing the perimeter

firewall within AWS accounts, involving the implementation and administration of robust

security measures.

Implement and optimize security controls for cloud-based applications and infrastructure.

. Design and maintain secure network architectures, including firewalls, VPNs, and network

segmentation.

. Assess and enhance the security of web and application servers (e.g., Apache, Nginx,

Tomcat) and implement incident response procedures.

. Sound knowledge of OS baselining for vulnerability assessment & patching using industry

best practices and tools, including expertise in Security Information and Event

Management (SIEM) for comprehensive threat detection and response.

. Good to have knowledge of finding and patching the vulnerabilities in Dependencies,

Docker file, Images, K8s Resources

. Expert in handling SAST & DAST tools to uncover vulnerabilities in the code and workout to

remediate it and to design & implement secure software development life cycle solutions

based on various tools.

. Define secure software development life cycle for various projects and teams with proper

software supply chain security standards.

. Define applications security architecture elements and assist with KPIs and KRIs related to

security in applications.

. Work with senior management on defining roadmaps, needs and providing short and midterm forecasting.

. POC of the overall DevSecOps lifecycle to showcase the benefits it brings to an

organization.

. Experience with OWASP Testing Guide v3 / 4 and OWASP TOP 10.

. Knowledge of securing APIs & experience in Web & Mobile applications, micro-services,

and common vulnerabilities.

Demonstrate written and verbal communication skills, as well as the ability to work with

multiple teams and stakeholders.

. Familiarity with Jira and Confluence or any similar tools.

. Understanding of NIST and CIS frameworks.

. Understanding of compliance areas including controls for SOC2, ISO, PCIDSS and GDPR, etc