cs operations & cloud / ia; access management / application security / risk , governance &amp..

access management and configuring cloud environments securely.
 Managing cryptography and encryption in the cloud.
 Monitoring for and responding to incidents in the cloud environment.
 Keeping cloud infrastructure current, making recommendations, and continually improving
cloud security technologies.
 Working with analysts, engineers, and other stack holders across the organization to
continually improve cyber resilience.
 Develop, implement, and execute the standard procedures for the Security operations &
administration.
 Interfacing with senior department officials, manage the incident response team, establishing
communications with appropriate team members and business units, providing status
updates.
 Develop and maintain the technical architecture of the system, enabling all the components
to perform as expected and meeting established service-level objectives for system uptime
 Develop and deploy content for individual SOC devices such as SIEM, DLP, IPS, Proxy etc.
including Rules, policies, reports, dashboards etc.
 Analyzing and reviewing escalated cases until closure. This includes investigating and
recommending appropriate corrective actions
 Performing threat simulations to identify potential risks.
Qualifications
 Degree In Computer Science
 7 years of experience with Security Architect and/or Engineering
 Experience working with cloud security and governance tools, cloud access security brokers
(CASBs), and server virtualization technology
 Developing and configuring use cases in SIEM to improve threat landscape coverage
 Developing connectors and parsers for in devices and enhancing the performance
 Review, Design & Configure architecture design for basic security platforms such as DLP,
PIM, NIPS & recommend solutions to fine-tune.Role 3 : Asst Manager Identity & Access ManagementJob Objective
 Ensures full compliance with the digital Identify & Access Management policies
Responsibilities
 Lead  Identity Access Management processes and associated policies
 Ensures the supporting technologies are implemented as per requirements CyberArk &
MCAS
 Collaborates with peer managers and IAM Architecture to maintain an ongoing IAM strategy and
create a production environment that addresses the needs of the business.
 Define KPIs, implement strategic direction and be hands-on where required in IAM/ PAM solution
implementation.
 Provides L3 support for privileged identity management tools & able to manage the PAM/IAM
team.
 Strong knowledge of PAM CyberArk tool / CyberArk PAS Vault, DR, CPM, PSM, PSMP.
 Setting up Cyberark EPV policies, Integration with Platforms, connector modification.
 DR environment to Performing compliance checks on CyberArk for IT security safes
 Providing alerts and reports appropriately Investigate Perform Privileged Access Reviews,
 Compliance Reporting, Access Control Processes, and other associated tasks with Privileged
User Management
 Support user access provisioning, authentication, and access management processes.
 Giving knowledge-sharing sessions to Internal stake holder to offer recommendations as a
CyberArk expert with best practices
 Knowledge of technologies - Passwordless solutions, SailPoint, CyberArk, MCAS & Zero Trust
access.
Qualifications
 7 Years of experience in IAM/PAM
 In-depth knowledge and experience various IAM technologies and CyberArk in specificRole 2 : Asst Manager Application Security
Job Objective
 Manages Application Security within the IndoGo Digital team
Responsibilities Participate in the implementation of full CI/CD pipeline lifecycle on hybrid environment i.e.
On-prem and Cloud.
 Implementation of Continuous Integration for .Net applications with Azure DevOps Service
and TFS 2018. Creation of CI pipeline and integrate with Static Code Analysis (Fortify),
Security, Testing, and Packaging.
 Ensure Application Teams have full visibility on all identified vulnerabilities and manage
exceptions in a timely manner
 Database dacpack file creation and deployment on database servers using CI/CD pipeline.
 Migrating TFS projects to GitLab service.
 Work with Application teams and suggest the best practices in DevOps methods by ensuring
compliance with the standards and best practices of Deloitte.
 Consult on DevSecOps requirements from diverse application/line of business partners
 Ensure that the service’s uptime and response time SLAs/OLAs are met or surpassed
 Design action plans to address CI/CD platform/tools/solutions’ shortcomings and difficulties
 Ensure incident tracking tools are updated in accordance with established norms and
processes, gather all essential data and document any discoveries and concerns
 Evaluates, develop, and implement secure solutions, based on approved enterprise security
architecture lead security architect reviews, reviews
 Participate in and lead a range of application security activities from Business-as-usual
(BAU) application security assessments to organizational changing project enhancements
Qualifications
 Experience in SDLC process and secure coding practices.
 Expertise on the full stack tools used to deploy and manage web applications; CICD with Git
and Jenkins.
 Expertise on hosting and managing micro-services with clarity on IaaS and PaaS concepts.
 Expertise on scripting languages (.NET preferably).
 Experience on Automating and orchestrating infrastructure.
 Experience on container orchestration tools like ECS, Kubernetes.
 Experience in monitoring and analyzing system logs and RCA for site reliability and
performance.
 Experience in Serverless deployments, containerization (Docker), load balancing, auto
scaling.
 Good knowledge on Linux, Windows and tomcat Apache environments.
 Experience with web application testing (Web, API and Mobile) and industry standards like
OWASP, SANS, MITRE etc.
 Shall have knowledge about threat modelling and Application Risk Assessment.
 Understanding of TFVS/GIT Branching and Merging process and managing multiple source
control repos.
 Should have knowledge on Container deployment on Kubernetes using Azure DevOps
service.
 Degree In Computer Science
 7 Years of experience in Cyber security Risk, governance & compliance
Role 4 : Manager Risk , Governance & Compliance.
Job Objective: Manages  digital’s Risk, Governance & Compliance framework
Responsibilities Support the Cyber security team Implements security controls, risk assessment framework,
and program that align to regulatory requirements, ensuring documented and sustainable
compliance that aligns with business objectives.
 Evaluates risks and develops security standards, procedures, and controls to manage risks.
Improves security positioning through process improvement, policy, automation, and the
continuous evolution of capabilities.
 Support in embedding Risk Standards; Policies and Procedures, Mandates, and other
related governance documentation.
 Implements processes, such as GRC (governance, risk, and compliance), to automate and
continuously monitor information security controls, exceptions, risks, testing. Develops
reporting metrics, dashboards, and evidence artifacts.
 Defines and documents business process responsibilities and ownership of the controls in
GRC tool/Manual. Schedules regular assessments and testing of effectiveness and
efficiency of controls and creates GRC reports.
 Updates security controls and provides support to all stakeholders on security controls
covering internal assessments, regulations, protecting Personally Identifying Information (PII)
data, and Payment Card Industry Data Security Standards (PCI DSS).
 Performs and investigates internal and external information security risk and exceptions
assessments.
 Documents and reports control failures and gaps to stakeholders. Provides remediation
guidance and prepares management reports to track remediation activities.
 Assists other staff in the management and oversight of security program functions.
 Trains, guides, and acts as a resource on security assessment functions to other
departments within the Organization
 Remains current on best practices and technological advancements and acts as the
technical resource for security assessment and regulatory compliance.
 Recommend improvements and provide solutions based on the outcome of assessments.
 Building risk awareness amongst staff by providing support and training within the company.
 Liaises with other risk units and internal stakeholders to effectively manage the risk
governance performance.
Qualifications
 Degree In Computer Science
 7 Years of experience in Cyber security Risk, governance & compliance