US Citizen
H1B Work Permit
Corp-Corp
Consulting/Contract
UG :- - Not Required
PG :- - Not Required
No of position :- ( 1 )
Post :- 17th Nov 2022
§ Works regularly with system owners to present vulnerability findings, provide expert insight on findings, and drive remediation efforts through closure.
§ Performs technical and operational tasks to design, develop, implement and maintain security solutions using technologies and processes to uphold the confidentiality, integrity and availability of client's information assets
§ Collaborate with key stakeholders including senior leadership to research, develop, and implement an efficient security architecture to protect all sites, applications, services, and assets
§ Lead engineering projects to implement security controls, tools, and solutions and assist in projects to enhance client's Cyber Security Program; makes recommendations on technology strategies that monitor, protect against, and alert on anomalies
§ Experience assessing system compliance against security frameworks and developing risk mitigation plans and strategies
§ Manage day-to-day workflow to ensure security projects and associated operations are communicated, managed, and optimized
§ Develop and report on KPIs
§ Create process automations through scripting and API integrations
§ Participate in the change management process
§ Participate in incident response operations
§ Participate in internal and external audits as required
§ Perform other duties as assigned
Qualifications
Education/Experience
§ 4 Year / Bachelors Degree in Information Technology, Systems Engineering or a related field from a regionally accredited institution or equivalent experience in a technology related field with current certifications required
§ CISSP, CEH, CySA+, CSA, GPEN, OSCP, SSCP or similar certifications preferred
§ 7 years of recent professional and hands-on experience in Cyber Security Engineering role
Specific Skills/Knowledge
§ Experience configuring and managing the following:
o Vulnerability management platforms such as Rapid7 InsightVM, Qualys, Tenable.io
o Cloud security posture management tools such as Rapid7 Insight CloudSec, MS Defender for Cloud
o SAST/SCA/DAST/IAS tools such as Insight AppSec, Burp Suite Pro, SonarCloud
o UBA/UEBA SIEM platforms such as Secureworks, Insight IDR, Exabeam, Securonix
§ Advanced knowledge of system and application security threats and vulnerabilities e.g., buffer overflow, cross-site scripting, SQL injection, covert channels, MITM replay attacks
§ Experience with offensive security tools and techniques, red team, purple team
§ Experience with benchmarking and hardening systems and assets using CIS, STIG, etc.
§ Experience maturing vulnerability management programs and procedures
o Email protection technologies and techniques such as Proofpoint TAP/TRAPS, MS Defender for O365
o Next-gen endpoint solutions such as Cortex XDR
o CASB solutions such as MCAS
o DLP solutions such as MS Purview, Symantec
o Identity and Access Management solutions MFA, SSO, password vaulting
o NAC and remote access solutions such as Global Protect, Anyconnect, etc.
o Proxy solutions such as Prisma Access, Netscaler, etc.
o Rules and threat protections on firewalls such as Palo Alto, Fortinet, Cisco
§ Multiple cybersecurity related certifications from vendors such as: ISC2, SANS, CompTIA, EC-Council, AWS/Azure/Google, Offensive Security highly preferred
§ Incident detection, incident response, and forensics
§ Understanding of SOAR technology and solutions such as XSOAR, Swimlane, etc
§ Knowledge of HIPAA security and governance rules
§ Experience with the OWASP Top 10
§ Experience with the MITRE Attack Framework
§ Experience using security frameworks such as NIST CSF, ISO, HITECH
§ Basic knowledge of OSINT, deep web, dark web
§ Basic scripting experience in Python, PowerShell, or similar preferred
§ Demonstrated ability to document standard operating procedures
§ Experience working with various teams such as Infrastructure, Application Development, and Compliance
§ Excellent verbal and written communication skills, clear articulation of complex issues, and problem-resolution skills a must