Application And Infrastructure Security Specialist Job in Sarvika Technologies Pvt. Ltd

Job Description:

This position will be responsible for the implementation and support of AWS cloud infrastructure and security. This position requires a seasoned individual, who has hands-on experience in IT infrastructure management on AWS and security from the ground up to support critical business applications.

Must-Have Skills:

• Understanding and experience with ISO 27001 & PCI DSS.
• Bachelor s degree in the field of Information Security, Computer Science, or highly related program.
• Should have experience in VPN, NAT Gateway, Transit Gateway, VPC Peering
• Experience or understanding of governance, risk, and compliance (GRC) processes and solutions.
• Experience in information security and auditing.
• Experience with AWS Security tools (WAF, Inspector, GuardDuty, Cloud Watch)
• Background in security controls, auditing, network, and system security.
• Excellent understanding of OWASP Risks, Vulnerabilities, and Mitigation Mechanisms
• Experience with Web Application Firewall management and rules
• Ability to express technical concepts in business terms.
• Experience in comprehensive Windows / Linux Systems security
• Experience of working on Cloud and Infrastructure security
• One of the following certifications: CEH, CHFI, ISO 27001 LA

Good-to-Have Skills:

• Experience of Systems Administration experience and AWS services.
• Identifying system vulnerabilities and securing AWS environments.
• Hands-on experience with setting VPC, subnet, routing Tables, Security Group, NACL
• Experience in configuring Amazon Cloudfront, securing with WAF
• Strong written / verbal communication skills and customer interaction skills with users of all levels.
• Working knowledge of web and application server architecture for public clouds.
• Advanced experience and knowledge of networking and cybersecurity.

Roles and Responsibilities:

Responsible for the provisioning, installation/configuration, operation, and maintenance of cloud instances and other AWS services and their security AWS cloud environment.

• Setup and build AWS infrastructure related to various resources VPC, EC2, S3, EBS, ELB, Security Group, and RDS, AMI
• Experience working with IAM in order to create new users, roles, and groups
• Design and implemented Security using VPC, IAM, Security Groups and NACL
• Experience on Backup and Restoration from the snapshot and managing encrypted snapshots
• Implementing security group and NACL for Inbound/Outbound access
• Experience working with SNS
• Understand storage requirements, create configure S3 storage, and maintain the ACL.
• Strong knowledge of encryption of S3 and other storage types.
• Should have experience with cloud trail and compliance
• Conduct vulnerability assessments of applications using various open-source and commercial tools
• Required knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools Burpsuite, Nessus, Metaspoilt
• Code review for known security flaws using software like Qualys
• To carry out advanced technical analysis on application intrusions
• Analyze scan reports and suggest remediation/mitigation plan
• Providing rich client-specific reports
• Hands-on experience on Infrastructure, Networks, Web Application, Database security
• Demonstration of proof of concepts for exploits, manual penetration testing
• Security configuration review of database /servers / firewalls / switches / routers, etc
• Knowledge of operating systems preferably network equipment s system (Linux and Windows) and network hardening
• Research and maintain proficiency in computer application exploitation, tools, techniques, countermeasures, and trends in computer application vulnerabilities
• Responsible for managing IT Audit, policies & security compliance norms.
• Carry out IT security Audit as per ISO 27001.
• Knowledge of OWASP top 10 vulnerabilities.
• Develop and Manage all IT awareness and training program which helps to increase employee
• Resolve security incidents related to identify vulnerabilities, risks, and protection needs and establish IT vulnerability reporting criteria.
• Provide expert guidance and solution development for operationalizing and maturing security practices
• Align initiatives with ISO 27001 and other industry standards
• Mentor others on security best practices
• Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, etc.)
• Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings.
• Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables.