Pay: Based on the Market Standards
· Serve as a thought leader, solutions visionary, and technology expert clearly communicate cloud
· Participate in product security incident response activities and assist with identifying and driving the resolution
· Evaluate and recommend new and emerging techniques and technologies for building and operating secure applications
· Conduct formal tests on web-based applications, networks, server, cloud and other types of computer systems on a regular basis
· Simulate attacks on networks, firewalls, operating systems, and web applications
· Contribute to creating reports of vulnerability and penetration test results
· Identify and monitor vulnerabilities, patches, and application security defects
· Track the remediation & mitigation of known vulnerabilities, and drive them to resolution
Verify adherence to company security policies and procedures.
· Support the company's product as a point of contact for questions regarding security practices and processes, respond to customer security questionnaires.
· Design and develop security controls, best practices, and documentation.
· Design and develop security controls and processes that align with company policies and satisfy other compliance requirements.
· Evaluate, recommend, and implement security controls to protect cloud services and information assets.
· Provide subject matter expertise to support internal business partners.
· Consult with business groups and provide guidance on security-related topics.
· Good hands on experience in penetration testing tools
· Knowledge in systems engineering is required.
· Familiar with DevOps and Agile methodology
· Experience with Amazon Web Services and related technologies (EC2, IAM, KMS, EMR, S3, VPC, Lambda, etc.)
· Experience understanding protocols, such as SSL/TLS, CIFS, HTTP/S, DHCP, SMTP, LDAP/S, NFS, SNMP, and DNS
· Experience in networking concepts and services, such as VPNs, IPsec, PKI, and TCP/IP
· Ability to translate security requirements implementation into formal written procedures
· Knowledge of OSI Layer 7 Model, Network Architecture and Network Topology
· Experience with both virtual and containerized computing environments
· Strong experience in performing Threat analysis Risk assessment (TARA) including threat modeling and Vulnerability analysis
· Knowledge in the field of security verification including how to define test cases, perform static analysis, pen-testing approaches
· Demonstrated ability to interpret security requirements from compliance documents, create technical solutions, and explain complex security concepts to non-technical business partners.
· Organized, responsive, and highly thorough problem solver
· Strong written and oral communication skills
· MS/M.tech or BS/B.tech in Computer Science or related field, or equivalent work experience required