head security operation.

 Job Description The Cyber Security Engineer will have an opportunity to own and lead a charter to implement cyber security best practices and drive change within the organization. He/She will work closely with Product Engineering, Cyber security, Risk Management and Research and Threat Intelligence teams to architect, implement and manage the various cyber security initiatives within the company.Role and ResponsibilitiesThe Senior Cyber Security Engineer will Design, evaluate, deploy, manage, and fine tune the security infrastructure services and tools within the organizationAssess and automate cyber security processes for on-premises as well as cloud infrastructure and applicationsManage, monitor and mitigate cyber risks by implementing industry best practices, solutions and processes around cloud infrastructure security, network security, application security as well as data securityKeep UpToDate with advanced threats, vulnerabilities, latest security solutions and risk mitigation strategies used in cybersecurity operations.Contribute to various internal security initiatives such as Dev-sec-ops, security orchestration and automation etcQualifications and Education Requirements Degree in Computer Science or any Technical Discipline (B. E, B. Tech, BCA, MCA, B.Sc. (IT)) Knowledge, Skills and ExperienceAt least 8 years of experience in Network Security (Firewalls, IDS, IPS, Endpoint Security)Must have hands-on experience in at least 3 or more of the following - cloud security configuration, security monitoring for cloud workloads (AWS, GCP, Azure) and O365 environmentsinstalling, configuring SIEM (such as Splunk, QRadar, or any cloud SIEM, Azure Sentinel, AWS Cloud Watch, GuardDuty, Google Chronicle etc)Vulnerability Assessment Tools such as Nessus, QualysWeb Application Firewalls, CDN securityApplication security tools such as SAST, DAST, source code review tools such as Checkmarx etc.Detailed knowledge of securing operating systems, containers and databasesFamiliarity with Identity and Access Management Concepts (IAM, SSO etc)Experience in setting up Dev-Sec-Ops processes successfully using various tools such as Jenkins, Ansible, Puppet, Chef etc will be a huge plusAbility to automate repeatable security tasks through scripts and custom codeSelf-motivated and results-oriented, agile mindset, with excellent interpersonal and communication skills.Prior experience working with startups in a dynamic environment and SaaS companies would be an added advantageCertifications (desirable, but not mandatory)AWS / Azure /GCP security certification (any)SIEM Certification (any) 

Desired Competencies (Technical/Behavioral Competency)Must-HaveSecurity Testing, Application Penetration Testing, Vulnerability Assessment (VA), JAVAGood-to-HaveSQL, HTML, XML, Java Script SNResponsibility of / Expectations from the Role 1Security Testing (VAPT) of web applications, Mobile DevicesVulnerability management (SAST and DAST) Should have very good hands-on application PT tools.Vulnerability ManagementCandidate should be able to detect security issues and able to provide solutions to those.Examining patch releases by performing vigorous vulnerabilities analysis on themAnalyzing the defense protocols and social engineering aspect of an organizationEvading IDS (Intrusion detection systems, IPS (Intrusion prevention systems), Honeypots and Firewalls2Good communication skillGood understanding of application architecture and development technology stackHands-on experience working application server (Apache, Tomcat, JBOSS etc.)Knowledge of HTTP methods (POST, GET, PUT, DELETE, OPTIONS etc.)Web Service Testing with Rest API and SoapUI3Good trouble-shooting skillBasic knowledge of authentication protocols (SAML, OAuth, OpenID Connect, Dual AuthenticationPerform verification of remediated issuesWeekly review meeting to walk through the reports provided and discussion about other activitiesReview meeting with relevant stakeholdersProvide penetration testing report

1)Technical Skills – Must be able to identify and implement suitable solutions across all platforms (Windows, Linux, AWS, Azure and GCP) and at all compute levels (user endpoints, datacentre assets, cloud assets etc).2)Ability to interpret risks identified by clients and internal teams3)Support Information Security team for vulnerability remediation based on client requirements4)Point of contact for Information Security team for investigations in processes5)Coordinate with BCM team to trigger process BCP or DR, as required6)Implement Incident Response reporting and governance requirements7)Understanding of security governance, risk and compliance for both WNS and clients8)Experience working in a large enterprise environment.QualificationsBachelor's degree or equivalent experience in an IT-related discipline.Additional informationProfessional information security certifications like CEH, CISM, CISA etc.Ability to drive organizational change and work with multiple business units of an organization to effect changeStrong relationship building skills.A Promotor of risk awareness within the organization.Strong analytic and problem-solving skillsStrong management and organizational skillsStrong investigation skills and ability to constructively challengeWork independently and take ownership for an area of expertiseExcellent written, verbal communication and ability to create presentation and do management presentations.