Cyber Security Engineer
Gurgaon, Bangalore, Chennai, Hyderabad
Posted on 10 Nov 2023
Roles & Responsibilities:
Desired knowledge, experience, competence, skills etc
- Having broad knowledge of information security, understanding application, data threats and mitigation and security trends that are applicable for Digital Platforms
- Skills needed are centered around cloud-based applications (both Web and Mobile) hence understanding of the Cloud native security frameworks and controls are required. Hence it is desired to have good understanding of :
- DevOps using Cloud deployments.
- Secure cloud-based solutions
- Container security
- GCP Compute services like Cloud Run, Compute Engine, Kubernetes Engine, App Engine, etc. (or similar in other public cloud service provide like Azure, Yandex)
- Ensuring different cloud security policies in the various cloud resources/APIs /Accesses
- Strong knowledge of Cryptography, Keys/Token Management, Logging and Log parsing
- Working knowledge of Cyber Security Standards e.g: OWASP, NIST, PSI-DSS
- Comfortable in use of Confluence and Jira and creating automated reports, dashboards
- Experience performing security control reviews or audits
- Hand-on experience in doing one or more of the following Cyber Security activities: SCA, SAST, DAST/Application Penetration Testing, Vulnerability Scanning (Highly Desirable)
- Familiarity in using tools e.g Blackduck, Polaris, SonarQube, Kali Linux, Burp Suite, nmap, Sqlmap, Nikto, Dirb, SSLscan, metasploit, InsightVM/Rapid7, Python Scripts (Highly Desirable)
- Familiarity with Infrastructure automation tools and processes (Jenkins, Terraform, Ansible, Gitlab CI, etc.) – Desirable
- Hands-on experience with managing containerized environments (Docker, K8s, ACR) – Desirable
Job Description:
- Onboarding Software Applications for Secured Code Review e.g SCA, SAST
- Execute and evaluate the results and reports of various type of Application Security Testing: SCA, SAST, DAST, Penetration Testing
- Responsible for proactive identification and mitigation of cyber security aspects in applications
- Interact with Solution/Product Owner to perform Business Impact Analysis for Solution/Product – Evaluate the Information Security Scope, Impact Scenarios and Applicable Internal Controls and the Identify the Risk
- Work with all the stake holders e.g Solution Owner, Engineering Manager, Security Engineers, IT Infrastructure Owners to ensure that processes pertaining to Cyber Security and implemented and proactively followed in the respective Solutions/Product
- Collaborate with Product Engineering Teams to Triage the vulnerabilities detected through scanning or security testing and track the issues to closure
Education & Experience:
- B.E./B.Tech. in Computer Science/ IT or MCA would be preferred
- The candidate should have excellent communication skills with an ability to interact with non-technical stakeholders as well