ITILITE - Manager - Information Security

Job Purpose:

The person appointed will be part of the Information Security Team and responsible for defining and embedding best practices in information security policies, standards and processes based on ISO 27001, NIST Cyber Security Framework (CSF), SOC2 and PCI-DSS Frameworks. Reporting to the CISO, this role will advise and enable technical teams to make security decisions and provide guidance, ensuring the effective use of common tools and patterns. This role will also be actively involved in security implementation (SSDLC). Have a proactive responsibility to assist in the delivery of secure systems and implement proportionate controls by working with Product, Change, Risk, IT, Engineering and DevOps teams.

- An ideal Candidate is the champion of security in the engineering and infosec org.

- S/he will develop, support, tune and deploy security solutions across the product offering.

- S/he will lead the compliance and governance activities including standards, process and audits

Primary day-to-day job duties involve -

- Governance, Risk Management and Compliance

- Internal/External Audits

- ISO27001, SOC2, PCI-DSS, GDPR

- Application Security

- Security Code Reviews

- Application Logging

- IT Security (On prem)

- Infra Security (Cloud)

- Information Security Awareness and Training:

Responsibilities :

Web and Database Application Security :

- Engineers, configures, deploys, and maintains Web Application Firewall solutions

- Develops advanced scripts for manipulation of multiple data repositories to support analyst requirements

- Develops advanced alerts/reports to meet the requirements of key stakeholders

- Develops scalable security management tools and processes

- Develops automation for security tools management and workflow integration

- Collaborates with key stakeholders within Information Security and Engineering teams to develop specific use cases to address specific business needs

- Creates WAF rules to mitigate threats and implements best practices

Application Logging:

- Lead logging enrollments from multi-tier applications into the enterprise logging platforms

- Develop specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow

- Develops advanced scripts for manipulation of multiple data repositories to support analyst requirements

- Develop advanced reports to meet the requirements of key stakeholders

- Develop scalable security management tools and processes

- Engineers, configures and deploys Enterprise SIEM/SEM solutions on Prem and in the Cloud

- Develop automation for security tools management

Application Security:

- Knowledge of SSDLC processes

- Required knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools

- Experience in exploiting web apps and web services security vulnerabilities including cross-site scripting, cross-site request forgery, SQL injection, DoS attacks, XML/SOAP, and API attacks.

- Excellent understanding of OWASP Risks, Vulnerabilities and Mitigation Mechanisms

- Experience with Web Application Firewall management and rules

- Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework etc.)

- Excellent understanding of common network and web protocols

- Excellent understanding of DDoS techniques and mitigation mechanisms

Cloud Security:

Application Logging:

- Expertise in Log aggregation, Correlation and alerting using commercial and Opensource tools such as Apache Metron , OSSEC , ELK Stack

- Experience in administration of commercial and Opensource SIEM solutions such as LogRhythm Splunk, IBM QRadar or McAfee

Cyber Defense and Incident Response:

- Solid understanding of events, related fields in log records and alerts reported by various data sources such as Windows/Unix systems, IDS/IPS, AV, HIDS/HIPS, WAFs, firewalls, and web proxies

- Prior experience in Security Operations and Incident Response

- Excellent understanding of Cyber Security Operations, Incident Response processes

Infrastructure management and support:

- System administration experience in Unix/Linux environment

- Experience working in a large enterprise environment

- Experience integrating solutions in a multi-vendor environment

Database Security:

- Experience in database security and administration (Oracle, MySQL/SQL, DB2)

- Experience working with Big Data platforms/non-relational databases

- Experience working with Hadoop

- Experience developing Data Analytics/Anomaly detection algorithms.

Security Code Reviews:

- Review the code for OWASP recommendations and specifically for

- Data Validation

- Authentication

- Session Management

- Authorization

- Cryptography

- Error Handling

- Logging

- Security Configuration

Development Experience: (Good to have not mandatory):

- Expert Python Scripting, Shell scripting. Development experience in Python, Java or Ruby is an advantage.

- Excellent experience with Regular Expressions

Qualifications:

- Over 6-9 years of experience in Cybersecurity space.

Key competencies/behaviors:

- Proactive; Influencer; Collaborative.

- Ability to prioritise effectively.

- Ability to adapt to new technologies and learn quickly.

Qualifications:

- BE/BS and/or MSc Information Security desirable.

- CISSP, CSSP, CISM, Cybersecurity or similar certifications.

- ISO 27001 Lead Implementer or Lead Auditor certification preferable