The Cyber/Cloud Security and Risk Officer (CSRO) aims to contribute to the steering of strategy in terms of public cloud security technical standards processes tools and risk management.
Defines publishes and maintains processes for Security Governances Risk and Compliance (GRC) for public cloud (AWS and Azure)
Define cyber controls for public cloud platform whilst adhering to a centralized methodology
Updating and documenting security controls as an accountable part of the public cloud expertise team (e.g.: code security audit)
Recommending changes to policies or procedures based on new threats or vulnerabilities identified
Build and enforce hardening checklist comprises of industrys best practices for public cloud
Provide design time review and guidance to teams building and deploying solution to public/private/hybrid cloud. (Security by Design)
Conduct risk analysis and define/monitor associated mitigation/remediation plans
Validate and communicate on the hardening of services and assess the maturity of application/service/infra against the defined security framework
Carry out monitoring and propose functional improvements within the scope of intervention (security framework risk analysis....)
Collecting evidence and performing technical and functional acceptance tests in the context of infrastructure and service hardening projects
Conducting vulnerabilities scans with automated tools (SAST/DAST etc) to identify potential security issues
Support/advise the operational security teams (Operation Security Manager)
Security code review on all the developed infra components.
Work location :
Bangalore
Work Experience :
10 to 15
Background and Requirement :
Expected Deliverables
Service/Application/Infra maturity reports (assessment report). Assessment against defined maturity model
Risk analysis file
Blueprint and/or technical notes
Services/Infrastructures security compliance reports based on the controls defined and specified (ex: vulnerability management code audit ).
Specific Context
Cybersecurity:
Security audit and framework (ISO 27001 NIST PCIDSS): Intermediate to Expert
Pentest knowledge (OWASP methodology hacking): Intermediate to Expert
Public Cloud infrastructure & security (AWS Azure): Intermediate
Security and Code Audit:
Amazon Web Application Firewall Guard Duty Inspector IAM Access Analyzer cloud Trail Shield Macie Config security Hub
Azure Security Center Firewall DDoS protection Sentinel Web Application Firewall (WAF)