Tech Mahindra
Location
Mumbai | India
Job description
Title :- Network Security Lead Experience : 6-9 Years Location : Mumbai Mode : WFO Notice Period : Immediate to 30 Days Shift Timings : 24/7 Must Have Skills: WAF (Web Application Firewall) LB DDOS Job Description: Primary Skill:
Network Security Lead (Firewall, LB,WAF,DDOS)& Application Security Lead ( VAPT, Web application Security) Secondary Skill : GRC ,IT & Infra Aduit Education must be BE/BTech or equivalent & 7yrs+ exp. Summary-Governance Risk & Compliance · Perform risk assessments and compliance reviews against regulatory requirements such as RBI Information Assurance, CIS,NIS and global ISMS standards such as ISO27001· Execute internal audits such as IT General Controls for on-premise IT infrastructure, Microsoft Azure cloud infrastructure, IT Project Management, IT Operations and Service Management including ISO20000, Information Security, Network and Application Architecture Security · Establish and govern the Information Security Policy Program across the organisation. Establish the GRC assurance program in association with security team for holistic assurance activity, in association with manager aligned with organisational security & compliance framework. · Endorse and Oversee Information Security Risk Assessment for strategical initiatives and information involved in the operational activities, Establish Compliance management program for the approved and applicable regional and international GRC relevant compliance. · Establish the performance management framework and metrics for measuring performance of governance and compliance related internal controls. · Knowledge of common information security management frameworks, such as CIS Benchmarks for AWS, Azure and GCP, Cloud Security Alliance Guidance for critical areas of focus in Cloud Computing, Cloud Controls Matrix, and NIST 800-53. · Establish GRC assurance management policies and processes to ensure the implementation posture and effectiveness of the controls across the organisation. · Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM). Core Accountabilities: · Perform penetration testing and vulnerability scanning on network/infrastructure, web and mobile applications along with configuration review on network appliances and servers. · Designing and implementing infra and network security solutions, and strong knowledge & administration of Firewall (Cisco & Paloalto), LB, WAF and DDoS. · Perform risk assessments and compliance reviews against regulatory requirements such as RBI & PCIDSS Information Assurance, CIS and global ISMS standards such as ISO27001· Carry out IT audits for government and private sector clients including stakeholder communication, observation buy-ins, and exit meetings · Execute internal audits such as IT General Controls for on-premise IT infrastructure, Microsoft Azure cloud infrastructure, IT Project Management, IT Operations and Service Management including ISO20000, Information Security, Network and Application Architecture Security · Conduct hands-on sessions comprising of OWASP and NIST penetration testing methodologies and secure source code guidelines for client’s Information Security teams · Knowledge of web Application security testing (Black, white and grey box) testing & Strong Web application security experience with thorough understanding of web application vulnerabilities and their mitigation · Experience in Secure code review would be an added advantage & thorough understanding of vulnerability assessment and sharing the mitigation / recommendation for the identified security weakness. · Analyze and closure of Security Incidents · Maximize productivity and manage onsite delivery of IT audits across multiple, simultaneous clients in accordance with project scopes and deadlines · Establish and govern the Information Security Policy Program across the organization. Establish the GRC assurance program in association with security team for holistic assurance activity · Establish the Information Security Risk Management process in association with manager aligned with organizational security & compliance framework. · Endorse and Oversee Information Security Risk Assessment for strategical initiatives and information involved in the operational activities. · Establish Compliance management program for the approved and applicable regional and international GRC relevant compliance. · Establish the performance management framework and metrics for measuring performance of governance and compliance related internal controls. · Enhance the objectives, re-evaluate goals and other compliance relevant requirements for the applicable compliance within organization. Assess and adopt new applicable regulatory and other compliances in liaison with the compliance officer. Regards, Sandeep Tech Mahindra [email protected]Job tags
Salary
