Location
Work from home | India
Job description
As a Senior Security Engineer at Hiver, you will have a critical role in performing vulnerability assessments and Penetration tests along with driving the remediation across the engineering teams.
Own the cloud security program and concentrate efforts on continuous improvement of the cloud security configurations aligned to global standards like NIST CSF, ISO 27001, SOC 2, etc
What you will be working on
- Policy Development and Enforcement: Develop, implement, and maintain policies, procedures, standards, and associated plans based on industry best practices such as ISO 27001, SOC2, GDPR, etc. Ensure rigorous enforcement of these policies.
- Risk Assessment and Management: Conduct technology-based gap risk assessments, third-party risk assessments, and security governance. Manage exceptions against Hiver standards to maintain risk at an acceptable level.
- Compliance Checks: Perform compliance checks for user access management on network, servers, and applications. Additionally, ensure compliance with security and hardening standards for network, servers, applications, and workstations.
- Compliance Reporting: Prepare compliance reports and remediation plans based on periodic reviews of application, workstation, server, and network device configurations.
- Data Loss Prevention (DLP) and CASB: Monitor and maintain compliance of Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) for all applications, infrastructure, and systems supporting Hiver operations to prevent data leakage.
- SDLC Risk Assessment: Conduct risk assessments on applications during the Software Development Life Cycle (SDLC) and perform compliance checks related to access control and data sanitization.
- Risk Register Management: Identify, document, and maintain an information security risk register. Regularly report to the security lead and other stakeholders.
- Third-Party Risk Management: Provide monitoring, independent oversight, and facilitate the execution and continuous improvement of third-party risk management and M&A programs and processes.
- Security Control Automation: Influence security control automation efforts to enhance security and compliance at scale.
- Audit Representation: Represent Hivers security posture in both internal and external audits.
- Security Awareness: Drive security awareness initiatives and conduct regular training on Hiver s security policies and standard requirements through training sessions, communication, and workshops.
What we are looking for
- A bachelor s degree in information technology or a related field provides a strong foundation.
- A minimum of 3-5 years of professional experience in information security practices, with at least 2 years specializing in Governance, Risk, and Compliance (GRC) domains.
- Proficiency in security policy management and a deep understanding of security standards and frameworks, including ISO 27001:2022,SOC2 and GDPR.
- Solid grasp of operational and organizational structures, including experience in global, matrix organizations, and third-party risk management.
- Strong knowledge of core security principles such as least privilege access, defense in depth, preventative vs. detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response.
Â
Job tags
Salary
