Screatives Software Services Private Limited jobs - Cyber Security

Qualifications:

• 6+ years of work experience in Information Technology or Operational Technology, with a focus in security.
• Experience with applying industry-standard controls such as CIS Benchmarks, STIGs, or SRGs.
• Experience developing hardening and asset configuration in a manner that can be reproduced (using procedures or scripts) consistent with controls frameworks such as NIST 800-53 or CIS Benchmarks.
• Experience performing vulnerability assessment with tools such as Tenable Nessus and Qualys
• Experience troubleshooting, verifying and documenting case of false positives vulnerabilities
• Experience producing security compliance documentation to justify deviation from compliance
• Technical knowledge of operating system and network security to be able to implement and perform system administration of assets in the lab.
• Hands-on experience in security systems, including network security technologies such as firewalls and IDS/IPS, wireless network security, authentication systems, log management, and encryption.
• Hands on experience implementing and operating Virtual Machine systems in VMWare or Microsoft Hyper-V
• Hands-on experience performing trouble shooting and managing network connectivity in a Lab
• Hands-on experience performing semi-automated patching across the wire for Windows and Linux systems.
• Strong English communication skills that include the capability to clearly communicate information security concepts and risks both orally and in writing
• Demonstrated ability to work as part of a team.
• Able to reliably complete assignments with limited supervision, and to help lead the actions of others to accomplish complex or extended work assignments.
• Experience working in a global environment across multiple time zones.
• Position will require working evening hours

PREFERRED QUALIFICATIONS:

• Cybersecurity certifications such as Security+, CCNA Security, or GIAC, including GICSP, are desirable, as is working towards CISSP.
• Hands-on experience with information security on cloud (e.g. AWS and Azure) environment
• Experience in working in a healthcare delivery organization or a medical device manufacturer is desirable.
• Experience working with embedded products and devices is a plus.
• Familiarity with security standards and frameworks including NIST 800-53, HITRUST, IEC 62443, and/or ISO 27001 and development of Risk ratings would be an advantage.
• Experience performing software security testing of products using software code analysis tools is a plus.

Responsibility:

• Ensuring test activities meet test and lab operations objectives.
• Responsibility for conducting product security testing using Tenable Nessus and other Security Test Tools.
• Perform routine vulnerability assessment of products and provide assessments of the vulnerability of these products to known and emergent risks.
• Conducting and/or analyzing vulnerability assessments to validate system compliance with Risk Management Framework controls and DISA Security Technical Information Guidelines (STIGS) and/or CIS Benchmarks
• Participate in and assist with the development of test protocols.
• Responsibility for validating and analyzing the security test results, producing summary reports and interpretation.
• Responsible to develop solutions that remediate vulnerability findings in a manner that can be implemented in future product baselines.
• Implement and operate PKI certificate-based authentication and log aggregation solutions to collect information from assets in the lab
• Responsible for strict configuration control of assets in the test environment. This may require implementation of product or platform patching and updates, as well as record keeping.
• Implement and operating patch management solutions for Windows and Linux systems (including WSUS in Windows, and various Linux package management solutions)
• Implement and operating antivirus and endpoint protection solutions (preferably in an industrial or healthcare setting)
• Capable of making use of corporate Governance and Risk Compliance processes, where test findings are captured and raised for review and incorporation in product engineering design.
• Implementation of representative product test implementations for customer configurations.
• Prepare and document standard operating procedures and protocols to help ensure the security of our products as they are designed, developed, supported, and used.
• Responsibility for the development and maintenance of the lab design, test operations and relevant documentation.
• Maintain security and implementation of the lab environment.
• Provides local leadership and expertise to junior team members.
• Uphold the company’s core values of Integrity, Innovation, Accountability, and Teamwork
• Demonstrate behaviour consistent with the company’s Code of Ethics and Conduct
• It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects for corrective action to be implemented and to avoid recurrence of the problem
• Duties may be modified or assigned at any time to meet the needs of the business.