IT security experience in the application, systems or network layers Experience with security tools such as IDS, HIDS, FIM, Web Application Firewalls, vulnerability scanners.
Experience with encryption technologies, DRM, PKI, secure coding Knowledge of AWS security (Security groups, config rules, access controls, segmentation, logging and alerting) Scripting and coding abilities are a plus Excellent communication skills.
Classify and track incidents through identification and resolution. Operate vulnerability management tools, such Nessus, Burp Suite, etc. to perform internal and external vulnerability assessments.
Deploy, manage and monitor IDS/IPS and WAF, to identify and assess network and application layer threats. Serve as a point of contact for application, network, and cloud security inquiries.
Provide advice and assistance to teams to improve security posture.
Develop a system that provides metrics to support Information Security initiatives and security awareness across the company.
Participate in various security audits with external consultants like SOC1, SOC2 and SOC3. Prepare necessary security documentation and evidence during audits.
Promote awareness of applicable security policies and standards. Implement or coordinate remediation required by audits, as necessary. Review of security documentation and architecture to provide approvals for application deployments, firewall rules, etc.
Must have managed enterprise-level IT Security infrastructure, implementation projects including Designs, builds and delivers physical, logical and personnel Security measures to fulfil the Legal, Regulatory and business requirements.
Good knowledge in ISO 2700x, experience of lead auditor – specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organization’s risk management.
Experience / knowledge on mobile OS (iOS, Android) is a plus
Possess current security certifications, a plus (e.g., 2700x, CCSP, CISSP, CEH).
Experience of development & deployment in Cloud infrastructure & associate protocols (Azure, IoT Hub…)
DevOps (/DevSecOps) experience is a plus
Ability to demonstrate feasibility of proposed architecture through mock-up / Prototyping