Sr. Cloud & Network Security Engineer (vapt) Job in Cloudibn

Job Location: Pune, Maharashtra.

Industry : IT/ ITeS

Relevant Experience required: 3+ years experience.

Position : Sr. Cloud & Network Security Engineer (VAPT)

Mandatory:

• 3-5+ years of hands on experience in Cloud and Network Security -vulnerability assessment and penetration testing (VAPT)
• Graduate in Computer Science, IT, Cyber Security or MCA.
• Certified in Cloud Security Domain such as CEH, CISSP etc

Job Description:

• Develop Security automation and APIs in the Public Cloud across the key pillars of security namely IAM, CICD Security, Security Logging, Incident Response, Data Protection, Compliance Validation. Security Analytics, Vulnerability Management, Platform and Application Threat Modelling
• Collaborate with Security Platform and Services teams to build and integrate existing security solutions.
• Act as an advocate of information security policies, standards and as a mechanism to enable the business effectively while managing risk appropriately.
• Cloud & Network Security Architecture Review.
• Perform unauthenticated and authenticated vulnerability assessment (VA) assessments of servers, applications, network/security/infrastructure devices as per defined frequency annually.
• Perform penetration testing (PT) for internal and internet facing servers.
• Create comprehensive assessment report with details of vulnerabilities identified, categorization of the risks by assessment of potential impact and detailed remediation/recommendation for all the identified risks.
• Provide technical assistance to clarify the reported issues to the relevant teams and provide required support to resolve the issues. Explain the issues in layman language to the business teams.
• Hands on experience in automated vulnerability and web scanners (e.g. Qualys, Nessus, AppScan, Web inspect, Accunetix, Burp suite Pro, etc) is desirable.
• Technical knowledge of Windows and UNIX operating systems, networking, security & network devices.
• Gain deep security-level knowledge of cloud environments, continuous monitoring solutions to understand and explain security risks and mitigation techniques.
• Strong knowledge of the OWASP Top 10, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.
• Strong knowledge of security vulnerability, risk, threat, exploitation, technical & business impact
• Experience in automation of VAPT work to reduce manual efforts and simplify the process
• Should have knowledge to implement a risk-based approach to Vulnerability Management. Good to know TVM products like Kenna Security, RiskSense etc.
• Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
• Should have prepared audit reports and findings tracker sheets for applications.
• Should be used to researching the latest security best practices, reading up on new threats and vulnerabilities and disseminate this information within the team as well as the organization.
• Should have knowledge in preparing policy, procedure, standard and guidelines for VAPT
• Coaching/ mentoring team members on technical/functional/ operational/ aspects and expertise relevant to security testing
• Stakeholder management Need to interact and communicate with IT, Application, Development, Business teams for VAPT work
• Stay current on cloud security policies, standards, regulations, and best practices.

Skills required/Expertise:

• 3-5 years of proven experience in vulnerability assessment and penetration testing
• Tools Qualys, Tenable Nessus, IBM AppScan, Web inspect, Accunetix, Burp suite Professional, Metasploit Professional
• Knowledge
• Proficient in written and oral English communication skills.
• Strong organizational, teamwork, multi-tasking and time-management skills.
• Manage a team during project execution as needed for the smooth execution of the project.
• Expertise in security epics across Data Protection, Compliance Validation, Vulnerability Analysis, Network Security, Infrastructure Security, CICD Security, Identity and Access Management, Logging and Monitoring, Incident Response, Big Data and Analytics, and Resiliency.