csro - Bengaluru, India - PeopleLogic

    PeopleLogic
    PeopleLogic Bengaluru, India

    2 weeks ago

    Default job background
    Insurance
    Description

    Responsibilities

    The Cyber/Cloud Security and Risk Officer (CSRO) aims to contribute to the steering of strategy in terms of public cloud security, technical standards, processes, tools and risk management.

    · Defines, publishes and maintains processes for Security Governances, Risk and Compliance (GRC) for public cloud (AWS and Azure)

    · Define cyber controls for public cloud platform, whilst adhering to a centralized methodology

    · Updating and documenting security controls as an accountable part of the public cloud expertise team (e.g.: code security audit)

    · Recommending changes to policies or procedures based on new threats or vulnerabilities identified

    · Build and enforce hardening checklist comprises of industry's best practices for public cloud

    · Provide design time review and guidance to teams building and deploying solution to public/private/hybrid cloud. (Security by Design)

    · Conduct risk analysis and define/monitor associated mitigation/remediation plans

    · Validate and communicate on the hardening of services and assess the maturity of application/service/infra against the defined security framework

    · Carry out monitoring and propose functional improvements within the scope of intervention (security framework, risk analysis....),

    · Collecting evidence and performing technical and functional acceptance tests in the context of "infrastructure and service hardening" projects,

    · Conducting vulnerabilities scans with automated tools (SAST/DAST etc) to identify potential security issues

    · Support/advise the operational security teams (Operation Security Manager),

    · Security code review on all the developed infra components.

    Work location :Bangalore

    Work Experience :10 to 15

    Background and Requirement :

    · Expected Deliverables

    · Service/Application/Infra maturity reports (assessment report). Assessment against defined maturity model

    · Risk analysis file

    · Blueprint and/or technical notes,

    Services/Infrastructures security compliance reports based on the controls defined and specified (ex: vulnerability management, code audit,...).

    Specific Context

    · Cybersecurity:

    · Security audit and framework (ISO 27001, NIST, PCI-DSS): Intermediate to Expert

    · Pentest knowledge (OWASP, methodology, hacking): Intermediate to Expert

    · Public Cloud infrastructure & security (AWS, Azure): Intermediate

    · Security and Code Audit:

    · Amazon Web Application Firewall, Guard Duty, Inspector, IAM Access Analyzer, cloud Trail, Shield, Macie, Config, security Hub

    · Azure Security Center, Firewall, DDoS protection, Sentinel, Web Application Firewall (WAF),

    · Development knowledge (python, Git, ...)

    • · DevOps tooling and DevSecOps knowledg

    Mandatory skills:

    • Cyber security
    • Cloud security
    • risk management
    • Risk assessment
    • AWS CLOUD
    • Azure Cloud