|
PRIMARY RESPONSIBILITIES
- Lead the cybersecurity technology operations management practice, providing guidance, mentorship, and support to junior resources as and when required.
- Lead the client operations and client services deliverables and manage the team provisioning services to the respective clients.
- Lead the cross-functional team collaborations related to InfoSec Ops and Cybersecurity technology operations management practice.
- Manage day-to-day Information Security operations, ensuring the efficient and effective delivery of security services to the internal organization and the clients.
- Work with Technical teams and Business Units across the organization as a reference point for overall Cybersecurity technology operations and Cloud Security operations management, offering advice, support, and guidance on the wide range of security issues pertaining to various cybersecurity projects.
- Carry out Vulnerability Assessment on the deployed Cloud Infrastructure (and IT infrastructure, as required), report the vulnerabilities based on the Vulnerability and Risk Management framework, and track through resolution and revalidation.
- Conduct Security Testing and Vulnerability Assessments over Cloud infrastructure and applications to identify existing vulnerabilities, prepare a report with remediation plans, and follow up with the relevant team until the closure and revalidation of identified vulnerabilities.
- Carry out security assessments to identify the current state of security and compliance posture in the deployed on-prem and cloud technologies, help respective teams remediate the identified gaps, and track till closure.
- Carry out security configuration reviews and compliance reviews for the IT technologies to identify any security misconfigurations against the security baselines and best practices.
- Develop security baselines and security hardening guidelines for network devices, system infrastructure, applications, endpoints, and security infrastructure devices, review and update on daily basis.
- Provide day-to-day operational support, including responding to security incidents, service requests, and tasks related to cloud platforms and deployed cloud technologies internally and for client as per the business requirements.
- Responsible for Information Security Incident Remediation Management for internal and external client environment as per the business requirements.
- Monitoring and management of overall information security incidents, analysis, containment, response, remediation, and post-incident analysis reporting to the management.
- Serve as a primary responder for Security incidents or vulnerabilities in the on-prem and cloud infrastructure, take ownership of the security misconfiguration issues and tracking through resolution.
- Assess and analyze data, logs, and forensics information to detect vulnerabilities or security incidents and provide remediation steps to prevent the recurrence.
- Carry out digital analysis and investigation on the cloud platforms to identify the incident or root cause, prepare reports and advice on remediation.
- Monitor security logs and liaise with the teams monitoring the security logs for the entire on-prem and cloud infrastructure to identify potential threats, vulnerabilities, indicators of compromise, and report anomalies to the management.
- Daily monitoring and administration of deployed security infrastructure and cybersecurity technologies, based on the business requirement. Take full ownership of cybersecurity technologies and work with the team for optimization of technologies for security posture enhancement.
- Help teams in designing, deploying and maintaining Disaster Recovery setup and practices for the deployed cybersecurity technologies, and implementing the Disaster Recovery operations over Cloud platforms.
- Day-to-day operations management and continual improvement of cybersecurity technologies, such as but not limited to DAM, IAM, PAM, CASB, Cryptography Suite, (on-prem or cloud deployment), Cloud Security technologies in M365, Azure and GCP, among other prominent leading cybersecurity technologies.
- Provide security inputs to the technical design and architecture of cybersecurity technologies andIT technologies during the design stage and ensure they meet the security standards and best practices, and validate the incorporation of all the security requirements before deployment of solution/technology.
- Provide security inputs during the designing / development / configuration of application in the cloud infrastructure, and validate the incorporation of all the security requirements before application deployment.
- Review, update and maintain Technical High-Level and Low-Level Designs and documentation related to Cybersecurity technologies and Cloud Security infrastructure.
- Provide assurance of secure configuration, administration, and operations of Access Management, Data Discovery, Data Classification, Information Rights Management, Asset Management, Disaster Recovery, and Application Security over the on-prem and Cloud platforms.
- Provide inputs and guidance to IT teams and other Business Units on the Cloud Security and Compliance roadmaps, architecture design, security baselining, security hardening, configuration and compliance reviews, identity and access governance for Cloud infrastructure.
- Ensure that Cloud infrastructure is deployed and managed in-line with the organization's information security policies, defined security baseline controls, cloud security best practices, international standards, and local regulations.
- Formulate and implement security processes, procedures, standards and guidelines for all the cybersecurity technologies deployed over on-prem and cloud infrastructures.
- Reporting weekly and monthly reports for the clients and infrastructure under area of responsibility.
- Conducting technical security awareness sessions for the IT and other technical teams as required.
- Assist Information Security Managers with periodic audits and compliance activities and oversee the implementation of required remediation activities.
- Maintain knowledge of new and emerging cybersecurity technologies, threats and ensure the entire infrastructure is secured from the evolving threat landscape.
- Apply technical knowledge and insights to create a modernization roadmap for entire Cloud Infrastructure and Services.
- Conduct presentation of Cloud Solutions to key stakeholders including peers, leadership team, non-technical team and clients.
- Conduct and lead technical workshops with the peers and clients, if required.
- Perform comparative analysis of proposals in response of RFP/RFI.
- Comprehends RFPs and develop cost effective solution in RFP response.
- Manage and prioritize multiple assigned tasks to meet established deadlines.
- Liaise with IT teams and vendors for the security incident and problem resolution.
- Ensure compliance with all approved policies and processes.
- Ensure an approved change request is followed during all the cybersecurity technology changes.
- Take ownership of all the assigned projects and tasks and follow the agreed timelines.
- Upgrade knowledge and skills in the cybersecurity domain continuously.
Background:
- Knowledge and experience in wide range of cybersecurity technologies, both on-prem and cloud security technologies.
- Extensive knowledge on Cloud Security technologies in M365, Azure and GCP cloud infrastructures.
- Knowledge and confidence in approaching network technologies in Public and Private Cloud environments.
- Knowledge of cybersecurity tools such as, PAM, SIEM, UEBA, IAM Systems, MDM, Endpoint Security, WAF, Patch Management Tools, Malware Heuristics, Database Firewall, SSL Encryption, Email Security, etc.
- Knowledge of Data Security Technologies management (both on-prem or cloud deployment) such as Data Loss Prevention, Data Classification, Information Rights Management, Web Filtering, UEM security, etc. Experience with ForcePoint DLP, ForcePoint CASB, Boldon James Data Classification, M365 AIP, M365 CASB, M365 DLP, IRM tools, Web Proxy tools will be an added advantage to conduct the daily operations.
- Delinea / Thycotic PAM experience would be an added advantage. EntraID IAM and Microfocus IAM experience would be an added advantage.
- Experience in identifying, handling, reporting and remediating data security incidents on day-to-day basis.
- Experience in Disaster Recovery Setup for cybersecurity technologies, data security technologies and InfoSec Governance technologies.
- Knowledge and willingness to contribute towards management and governance of Disaster Recovery and Cyber Resilience.
- Deep understanding of cloud service architecture with emphasis on security in the cloud
- Strong understanding of Private cloud, Public Clouds and Hybrid clouds (GCP, Azure, M365)
- Solid understanding of modern information security methodologies and standards, especially in cloud environment
- Cloud security and Information Security certifications are desired
- Professional experience working with networks and security architecture in cloud environments is an added advantage
- Knowledge of Linux and Windows Operating Systems.
- Experience of integrating cybersecurity and cloud security technologies with SIEM solutions.
- Practice with modern DevSecOps with automation (nice to have), and ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
- Shift flexibility, including the ability to provide after-hours support when needed as per the business requirements
- Experience working with internal and client Service Management platforms and Knowledge Management systems for Security Incident, Problem and Change tracking as well as procedures.
- Experience or know-how of implementing and migrating from traditional environments to Hybrid Cloud services (On-Premise Private and public CSPs) in a variety of distributed computing environments.
- Experience or know-how of administration and securing Active Directory Services and Active Directory Federation Services (ADFS).
- Experience contributing to common compliance frameworks as well as mapping between different compliance requirements.
- Ability to review technical reports and provide risk mitigation solutions from activities such as Penetration Testing, Vulnerability Management and/or web-based application assessments.
- Demonstrated breadth of security expertise in various sub domains such as encryption, identity, incident response, etc.
- Experience with risk assessment methodologies and risk reporting.
- Proven background in clearly writing complex technical documents that can be presented across a varied enterprise corporate audience.
- Excellent knowledge of cyber-security incident response protocols (e.g., identification, impact assessment, containment, remediation, evidence handling, technical reporting, etc.) and safeguarding information.
- Hands-on experience with security tools such as Metasploit, Wireshark, Nessus, Burpsuite, Acunetix, Appscan, Nexpose, Checkmarx, Fortify, Veracode, Kali Linux and developing exploits will be an added advantage.
- Good understanding of the following network and security domains (not limited to):
- Secure SDLC
- Network automation tools, protocol analyzers, packet filtering, web proxy, and network operating systems
- Attacks and countermeasures (such as DHCP starvation, DNS spoofing, Email spoofing, Phishing, DDOS, ARP Poisoning, XSS, CSRF, SQL injection, etc.)
- Switches, routers, wireless controllers, access points, load balancers, Next-Generation Firewalls, IDS/IPS, threat management solutions, and vulnerability scanners
- Cryptography and PKI
- TCP/IP layer security, Computer networking, routing, switching, etc.
- Firewall, IDS/IPS, Routers, Switches
- Windows, UNIX, and Linux operating systems
- Secure coding practices
- Threat Modelling
- Security monitoring tools
- ISO 27001, ISO 22301, NIST, SOC, and SOX compliance assessments
|
