US Citizen
Green Card
EAD (OPT/CPT/GC/H4)
H1B Work Permit
Corp-Corp
W2-Permanent
W2-Contract
Contract to Hire
Consulting/Contract
UG :- - Not Required
PG :- - Not Required
No of position :- ( 1 )
Post :- 12th Dec 2023
o Collaborate with cross-functional teams to understand business requirements and provide security recommendations for cloud-based projects
o Assist application and infrastructure solution teams in architecting and implementing secure business solutions utilizing IaaS and PaaS components and services
o Conduct security design reviews for proposed cloud solutions, identifying and addressing potential vulnerabilities and threats
o Document formal project artifacts – business requirements, high-level architecture and design documentation, low-level architecture and design documentation
o Consult solution team on vulnerability and penetration test assessment findings
o Provide general security support and consulting throughout the engagement
Security Governance Responsibilities
o Develop, enhance, and maintain security standards, policies, and procedures for cloud-based systems, ensuring alignment with best practices and regulatory requirements, while focusing on cloud-specific security controls
o Create and update security design patterns for various business scenarios in the cloud, ensuring consistent and effective security practices across projects
o Provide expert advice on regulatory compliance (e.g., GDPR, HIPAA) and industry best practices related to cloud security
o Utilize the NIST CSF, CIS, CSA CCM to guide and enhance company security posture
General Responsibilities
Conduct technical security assessments and create minimum security baselines for both on-premises and cloud applications and services, identifying vulnerabilities and providing remediation requirements and recommendations
o Lead security attestation efforts for cloud PaaS services, working closely with internal teams and external vendors to ensure compliance with security requirements
o Collaborate with the wider security team to support response and remediation of security incidents, as well as proactively identify potential security risks
o Apply threat modeling frameworks (e.g., STRIDE, PASTA, MITRE ATT&CK) to assess and address security threats and vulnerabilities for new and existing applications and services
o Provide technical and project leadership for IT security solutions
o Full cycle engagement and leadership - analysis, requirements development, solution request-for-proposal (RFP) support, design, documentation, implementation, operationalization, and maintenance
o Definition of control effectiveness metrics and establishment of on-going visibility and reporting
o Integration into product-related lifecycle activities
o Development of operational plan for transition of the security solution to run
o Evangelize agile culture and DevSecOps shift-left mentality within and outside of information security department
o Actively participate in team scrum activities in a hybrid productized and projectized environment
o Properly document and manage scrum stories from sprint to sprint, ensuring timely updates
o Provide input for development of domain/product-related roadmaps, tactical execution plans with SMART OKRs (objectives and key results), and assist in related activities (e.g. current state documentation, gap analysis, resource estimations)
o Focus on self-service, automation opportunities and quality of supporting documentation