Information Technology Security Engineer - Mumbai, India - SNV AVIATION PRIVATE LIMITED

Description

Job Summary :

The Information and Cyber Security Engineer is responsible for implementing, and maintaining the organization's information security Posture. This role involves developing and maintaining security policies, standards, and procedures, as well as ensuring the integration of security controls across all technology and business processes. The role will collaborate with cross-functional teams to establish and enhance the overall security posture of the organization.

Key Responsibilities :

• Provide security-related input to the Infrastructure and Operations teams' processes, deployments, changes, security tools and processes to meet business requirements.
• Troubleshoot and remediate errors/failures related to security events, applications, network, storage, and so forth. Perform root cause analysis for major events.
• Assist in the development of secure architecture guidelines for the cloud, networks, systems, and endpoints.
• Determines baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM)
• Hands-on experience with vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple cloud, multiple operating system platforms, database, and application servers.
• Familiar with cloud-based enterprise security technologies. (AWS, Azure, GCP)
• Experience of the deployment and support of security products within the M365 security.
• Implementing hardening of cloud environments and implementing adequate security policies.
• Reviewing and evaluating currently used tools and policies/procedures/standards from the security area in the context of cloud migration - identifying gaps and adaptation

• Conduct regular risk assessments to identify potential vulnerabilities and threats.
• Provide recommendations for risk mitigation and risk acceptance.

• Develop, implement, and maintain an effective information security framework.
• Ensure alignment with industry standards and regulatory requirements.

• Design and implement security controls and solutions to safeguard information assets.
• Evaluate and select security technologies to meet organizational needs.
• Policy and Procedure Development :

• Develop and maintain information security policies, standards, and guidelines.
• Ensure policies are communicated, understood, and adhered to across the organization.

• Monitor and enforce compliance with relevant laws, regulations, and industry standards.
• Assist in audit preparations and responses.
• Collaboration and Training :
• Cross-functional Collaboration :
• Collaborate with IT, legal, compliance, and other departments to address security requirements.
• Provide security consultation for projects and initiatives.

• Develop and deliver security training programs for employees.
• Promote a security-aware culture throughout the organization.
• Incident Response and Governance :

• Develop and maintain an incident response plan.
• Participate in incident response activities, including investigations and documentation.

• Provide regular security status reports to executive leadership.
• Contribute to the development and maintenance of security governance structures.