3,644 Penetrationtester jobs in India
Penetration Tester - Information Security
Posted 13 days ago
Job Viewed
Job Description
Responsibilities:
- Conduct comprehensive penetration tests on web applications, network infrastructure, mobile applications, and cloud environments.
- Identify, analyze, and document security vulnerabilities and their potential impact.
- Develop and execute detailed attack scenarios to simulate real-world threats.
- Utilize a wide range of penetration testing tools and methodologies (e.g., Metasploit, Burp Suite, Nmap, OWASP Top 10).
- Perform vulnerability assessments and provide clear, actionable recommendations for remediation.
- Create detailed reports outlining findings, risks, and mitigation strategies for technical and non-technical audiences.
- Stay current with the latest attack vectors, exploits, and security best practices.
- Collaborate with development and IT operations teams to ensure vulnerabilities are addressed promptly and effectively.
- Participate in security architecture reviews and provide input on secure design principles.
- Assist in the development and maintenance of penetration testing methodologies and procedures.
- Contribute to security awareness initiatives by sharing knowledge and insights from testing activities.
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
- Minimum of 4 years of hands-on experience in penetration testing and vulnerability assessment.
- Strong understanding of networking protocols, operating systems, and common web/mobile application vulnerabilities.
- Proficiency in scripting languages (e.g., Python, Bash) for automating tasks.
- Demonstrated experience with various penetration testing frameworks and tools.
- Excellent analytical and problem-solving skills, with meticulous attention to detail.
- Ability to clearly articulate technical findings and provide practical solutions.
- Relevant security certifications such as OSCP, CEH, CISSP, or GPEN are highly desirable.
- Experience with cloud security testing (AWS, Azure, GCP) is a plus.
- Ability to work independently and manage time effectively in a remote setting.
Information Security Manager
Posted 3 days ago
Job Viewed
Job Description
This position is responsible for the leadership of the India Information Security (IS) department as part of the Global Information Security Directorate. Areas of responsibility will include coordination with the other IS Departments to ensure standard enforcement of security polices and controls, interfacing with local India IT teams and business leaders, and mitigating risks to the organization's information assets.
**Responsibilities :**
+ Manage India Information Security team's day to day operations.
+ Support the global Security Operations (SecOps) department to safeguard digital assets by assisting with detecting, investigating, and resolving cybersecurity threats
+ Assist the global Governance, Risk & Compliance (GRC) department with enforcing cybersecurity policies, overseeing cybersecurity risk, facilitating cybersecurity compliance audits, and conducting cybersecurity awareness training.
+ Assist the global Cybersecurity Infrastructure and Design (CID) department with management and maintenance of the cybersecurity systems, platforms, and controls.
+ Implement Secure Software Development Lifecycle (SSDLC) in India office by enforcing the compliance of global policies, processes, procedures and principles.
**Qualifications**
+ Bachelor's degree in Cyber/Information Security or Information Technology, Computer Science, Computer Engineering
+ Professional certifications such as CISSP, CISM, or equivalent multi-domain cybersecurity focused certification.
+ At least 10 years of experience in IT security management, with a proven track record of managing teams in global matrix environment
+ Experience with security technologies: EDR, SIEM, SOAR, CASM, CASB, CSPM, IAM, PAM
+ Excellent communication and interpersonal skills to effectively engage internal stakeholders.
+ Demonstrated ability to analyze complex security issues, devise solutions, and enforce established security controls.
+ Strong leadership skills to drive standardization of processes, procedures, and principles.
This job posting will remain open a minimum of 72 hours and on an ongoing basis until filled.
**Job** Engineering
**Primary Location** India-Maharashtra-Mumbai
**Schedule:** Full-time
**Travel:** No
**Req ID:**
**Job Hire Type** Experienced Not Applicable #BMI N/A
Information Security Consultant
Posted 3 days ago
Job Viewed
Job Description
Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion - it's a place where you can grow, belong and thrive.
**Your day at NTT DATA**
The Risk Analyst is a seasoned subject matter expert, responsible for assessing and managing risks to ensure the security, integrity, and resilience of the organization's operations and services.
This role involves identifying potential threats, analyzing vulnerabilities, and providing recommendations to mitigate risks.
Through proactive risk assessment and collaboration with cross-functional teams, this role contributes to the organization's efforts to maintain a secure and compliant environment.
**Key responsibilities:**
+ Analyzes risk to business activities and operations.
+ Identifies areas of potential loss or damage for current and proposed business and financial operations, processes, structures and cyber-risk exposure and quantifies impact
+ Implements and evaluates compliance with business and cyber risk-reduction policies, processes and standards.
+ May participate in the development and maintenance of disaster recovery and business continuity plans.
+ Supports organizational processes and programs for mitigation of financial risk, including administration of insurance.
+ May support and administer security and health/safety programs in addition to risk management activities.
+ Performs any other related task as required by management.
**To thrive in this role, you need to have:**
+ Strong understanding of risk assessment methodologies, global regulations, and compliance requirements.
+ Proficiency in data analysis tools and techniques for identifying trends, patterns, and potential risks.
+ Excellent analytical skills and attention to detail.
+ Effective communication skills to convey complex risk concepts to a global audience.
+ Cultural sensitivity and adaptability to work across different regions and time zones
+ Strong problem-solving skills and ability to work collaboratively with cross-functional and global teams.
**Academic qualifications and certifications:**
+ Bachelor's degree or equivalent in Business, Information Security, Risk Management or related field.
+ Relevant certifications such as CISM, CRISC, CISSP, CIPP preferred.
**Required experience:**
+ Seasoned years of experience as a Risk Analyst, preferably in a global organization with diverse operations.
**Workplace type** **:**
Hybrid Working
**About NTT DATA**
NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo.
**Equal Opportunity Employer**
NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.
**Third parties fraudulently posing as NTT DATA recruiters**
NTT DATA recruiters will never ask job seekers or candidates for payment or banking information during the recruitment process, for any reason. Please remain vigilant of third parties who may attempt to impersonate NTT DATA recruiters-whether in writing or by phone-in order to deceptively obtain personal data or money from you. All email communications from an NTT DATA recruiter will come from an **@nttdata.com** email address. If you suspect any fraudulent activity, please contact us ( ) .
Engineer, Information Security
Posted 3 days ago
Job Viewed
Job Description
Are you ready to accelerate your potential and make a real difference within life sciences, diagnostics and biotechnology?
At Pall Corporation, one of Danaher's ( 15+ operating companies, our work saves lives-and we're all united by a shared commitment to innovate for tangible impact.
You'll thrive in a culture of belonging where you and your unique viewpoint matter. And by harnessing Danaher's system of continuous improvement, you help turn ideas into impact - innovating at the speed of life.
As a global leader in high-tech filtration, separation, and purification, Pall Corporation thrives on helping our customers solve their toughest challenges. Our products serve diverse, global customer needs across a wide range of applications to advance health, safety and environmentally responsible technologies. From airplane engines to hydraulic systems, scotch to smartphones, OLED screens to paper-everyday Pall is there, helping protect critical operating assets, improve product quality, minimize emissions and waste, and safeguard health. For the exponentially curious, Pall is a place where you can thrive and amplify your impact on the world. Find what drives you on a team with a more than 75-year history of discovery, determination, and innovation.
Learn about the Danaher Business System ( which makes everything possible.
The Engineer, Information Security is responsible for designing, implementing an organisation's security systems and protocols to protect against security breaches, cyber-attacks, and other malicious activities.
They must develop and implement security tools, providing guidance and training to analysts on security best practices. They must collaborate with external security vendors and partners on the deployment of such tools and the best practices involved in keeping them operating optimally.
This position reports to the Director, Information Security and is part of the Information Technology Department located in Pune, India and will be an on-site role.
In this role, you will have the opportunity to:
+ Design and implement security controls, including access control, network segmentation, intrusion prevention and other tools, to mitigate risks and protect against security threats.
+ Evaluate emerging security technologies and make recommendations for their integration into the security architecture framework.
+ Conduct security reviews and risk assessments of new and existing IT systems, applications, and networks.
+ Create and maintain comprehensive documentation for security systems, procedures, and security incidents.
+ Participate in incident response planning and execute incident response procedures with security analysts in the event of a security breach.
The essential requirements of the job include:
+ Proven experience as a security engineer in a mid-sized organization, with 2+ years of experience in an engineering role.
+ Experience in building and maintaining security systems.
+ Hands-on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
+ Knowledge of security standards, frameworks and regulations such as ISO 27001, NIST, PCI DSS, and GDPR.
+ Exhibit good analytical skills, as well as the ability to work well in a demanding, dynamic environment.
Travel, Motor Vehicle Record & Physical/Environment Requirements:
+ Ability to travel - international travel up to 10% per year.
It would be a plus if you also possess the following:
+ Bachelor's degree in computer science, Information Technology, or related field.
+ Professional certifications such as CISSP, Security+, CASP+, GIAC.
Pall Corporation, a Danaher operating company, offers a broad array of comprehensive, competitive benefit programs that add value to our lives. Whether it's a health care program or paid time off, our programs contribute to life beyond the job. Check out our benefits at Danaher Benefits Info ( .
At Pall we believe in designing a better, more sustainable workforce. We recognize the benefits of flexible, remote working arrangements for eligible roles and are committed to providing enriching careers, no matter the work arrangement. This position is eligible for a remote work arrangement in which you can work remotely from your home. Additional information about this remote work arrangement will be provided by your interview team. Explore the flexibility and challenge that working for Pall can provide.
Join our winning team today. Together, we'll accelerate the real-life impact of tomorrow's science and technology. We partner with customers across the globe to help them solve their most complex challenges, architecting solutions that bring the power of science to life.
For more information, visit .
Analyst, Information Security
Posted 3 days ago
Job Viewed
Job Description
Are you ready to accelerate your potential and make a real difference within life sciences, diagnostics and biotechnology?
At Pall Corporation, one of Danaher's ( 15+ operating companies, our work saves lives-and we're all united by a shared commitment to innovate for tangible impact.
You'll thrive in a culture of belonging where you and your unique viewpoint matter. And by harnessing Danaher's system of continuous improvement, you help turn ideas into impact - innovating at the speed of life.
As a global leader in high-tech filtration, separation, and purification, Pall Corporation thrives on helping our customers solve their toughest challenges. Our products serve diverse, global customer needs across a wide range of applications to advance health, safety and environmentally responsible technologies. From airplane engines to hydraulic systems, scotch to smartphones, OLED screens to paper-everyday Pall is there, helping protect critical operating assets, improve product quality, minimize emissions and waste, and safeguard health. For the exponentially curious, Pall is a place where you can thrive and amplify your impact on the world. Find what drives you on a team with a more than 75-year history of discovery, determination, and innovation.
Learn about the Danaher Business System ( which makes everything possible.
The role of Analyst, Information Security is a critical function within our organisation, which primarily involves the protection of digital assets and data from cyber threats, by analysing and improving the security measures in place.
The analyst will be responsible for managing the day-to-day operations of our security infrastructure, including monitoring, responding to security incidents, risk management and policy enforcement. They will need to have a strong understanding of security principles, experience with security tools, and the ability to work in a fast-paced, agile environment.
This position reports to the Director, Information Security and is part of the Information Technology Department located in Pune, India and will be an on-site role.
In this role, you will have the opportunity to:
+ Monitor for security events and alerts to detect and respond to incidents in a timely manner, meeting required metrics.
+ Investigate security incidents to determine root cause and impact.
+ Respond to security incidents by implementing appropriate remediation actions.
+ Support and maintain incident response plans.
+ Investigate and resolve security incidents and breaches highlighted by the Security Operations Centre, providing recommendations to prevent future incidents.
+ Manage security tools and technologies, intrusion detection and prevention systems, antivirus software, content filters IDS/IPS & NGFW.
.
The essential requirements of the job include:
+ 2+ years of experience in a security operations role.
+ Hands-on experience with security tools, such as SIEM, IDS/IPS, and vulnerability scanners.
+ Strong knowledge of security principles and best practices.
+ Good analytical and problem-solving skills.
+ Knowledge of security standards and regulations such as ISO 27001, NIST, PCI DSS, and GDPR.
Travel, Motor Vehicle Record & Physical/Environment Requirements:
+ Ability to travel - international travel up to 10% per year.
It would be a plus if you also possess the following:
+ Bachelor's degree in computer science, Information Technology, or related field.
+ Relevant certifications such as Security+, CASP+, GIAC.
Pall Corporation, a Danaher operating company, offers a broad array of comprehensive, competitive benefit programs that add value to our lives. Whether it's a health care program or paid time off, our programs contribute to life beyond the job. Check out our benefits at Danaher Benefits Info ( .
At Pall we believe in designing a better, more sustainable workforce. We recognize the benefits of flexible, remote working arrangements for eligible roles and are committed to providing enriching careers, no matter the work arrangement. This position is eligible for a remote work arrangement in which you can work remotely from your home. Additional information about this remote work arrangement will be provided by your interview team. Explore the flexibility and challenge that working for Pall can provide.
Join our winning team today. Together, we'll accelerate the real-life impact of tomorrow's science and technology. We partner with customers across the globe to help them solve their most complex challenges, architecting solutions that bring the power of science to life.
For more information, visit .
Information Security Specialist
Posted 1 day ago
Job Viewed
Job Description
EdgeVerve Finacle is hiring DevSecOps Developer – Secure Coding & Automation
Required Skills:
3 to 6 years of experience in building secure applications using any popular programming language like Java / Node.js / C / C++ / Python.
Strong scripting skills in Python, Shell, or similar languages for automation and tooling.
Should be able to design, develop, test, and deploy high-quality, reusable, and maintainable code.
Hands-on experience with RESTful APIs, microservices architecture, and secure software development practices.
Good understanding of DevSecOps principles, including integration of security into DevOps pipelines.
Experience in generating security test cases or code using AI/ML-based tools or frameworks.
Good to have skill - solid knowledge of core security areas, including:
- SSL/TLS protocols
- Encryption techniques
- Authentication & Authorization
- Web application security
- Full-stack application security
- DevSecOps Integration
- AI-Driven Security Test Case Generation or Code generation
- Familiarity with Cloud Security Frameworks
- Experience in automating security testing workflows across CI/CD pipelines.
Experience with IDEs (e.g., IntelliJ, VS Code), version control systems (e.g., Git), build tools (e.g., Gradle/Maven), and unit testing frameworks.
Familiarity with design patterns and principles (e.g., SOLID).
Ability to work independently and collaboratively in cross-functional teams.
Excellent communication, collaboration, and problem-solving skills.
Information Security Manager
Posted 1 day ago
Job Viewed
Job Description
Position Overview
The Manager of Information Security is responsible for overseeing the development, implementation, and management of an organisation's information security program. This role involves ensuring the confidentiality, integrity, and availability of corporate data and IT systems, protecting them from cyber threats and vulnerabilities. The Manager will work closely with various teams to establish and enforce security policies, conduct risk assessments, and lead incident response efforts.
Key Responsibilities
- Lead the creation of security awareness programs for employees to foster a security-conscious culture.
- Maintain and report on the status of the organisation’s security posture to leadership.
- Conduct regular risk assessments to identify vulnerabilities and threats to critical systems and data.
- Work with the business to evaluate security risks associated with new projects, third-party vendors, and technologies.
- Prioritise and recommend security measures to mitigate identified risks.
- Lead efforts to perform security audits and assessments, ensuring adherence to compliance and regulatory requirements.
- Lead the response to security incidents, including identification, containment, eradication, recovery, and post-incident analysis.
- Develop and maintain incident response plans, conduct tabletop exercises, and ensure effective communication during a crisis.
- Collaborate with legal, communications, and management teams during and after incidents, particularly for breach notifications and regulatory reporting.
- Oversee the day-to-day operations of security technologies and tools (e.g., SIEM, firewalls, endpoint security, intrusion detection systems).
- Ensure continuous monitoring of security events and threats, performing analysis and response as needed.
- Maintain and optimise vulnerability management programs, including patching and remediation efforts.
- Foster a collaborative and effective security team, ensuring appropriate skill sets and training programs.
- Work closely with IT and other departments to ensure that security is integrated into all stages of system development and operations.
- Ensure compliance with relevant legal, regulatory, and industry standards for data protection and cybersecurity.
- Maintain documentation for audits, certifications, and external assessments.
- Coordinate with external auditors and regulators, as needed.
- Stay current on evolving security threats, vulnerabilities, and technologies.
- Continuously evaluate and improve security processes, tools, and policies.
- Participate in industry forums, conferences, and professional groups to enhance knowledge and best practices.
Required Qualifications
- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent work experience).
- At least 3-5 years of experience in information security.
- Deep knowledge of information security principles, frameworks (NIST, ISO 27001,PCI-DSS, SOC2 Type II), and compliance requirements.
- Hands-on experience with security tools and technologies (e.g., SIEM, firewalls, intrusion detection/prevention systems, endpoint protection, DLP, E-mail Security).
- Strong understanding of risk management and incident response practices.
- Proven ability to manage and lead security teams in a dynamic, fast-paced environment.
- Strong communication skills, both written and verbal, with the ability to convey complex security concepts to non-technical stakeholders.
Preferred Qualifications
- Security certifications such as ISO27001 Lead Auditor or CISA (Certified Information Systems Auditor).
- Experience with cloud security and securing cloud infrastructures (AWS).
- Knowledge of secure software development practices and DevSecOps.
- Experience in vulnerability management and penetration testing.
Be The First To Know
About the latest Penetrationtester Jobs in India !
Information Security Engineer
Posted 2 days ago
Job Viewed
Job Description
Job Summary:
We are seeking a highly motivated and independent Information Security Engineer to join
our information security team. The ideal candidate will possess a broad range of technical and compliance expertise across various information security domains. This role requires an individual who can work autonomously, manage multiple projects, and take ownership of security initiatives with minimal supervision. You will be instrumental in safeguarding our assets, ensuring regulatory compliance, and driving the continuous improvement of our security posture.
Key Responsibilities:
● Third-Party Risk Management (TPRM):
○ Conduct thorough due diligence and risk assessments of new and existing third-party
vendors and partners.
○ Review vendor security documentation, questionnaires, and audit reports to identify and
mitigate potential risks.
○ Collaborate with legal and procurement teams to ensure security requirements are
integrated into vendor contracts.
● Technical Risk Assessments:
○ Perform comprehensive technical risk assessments of security tools and infrastructure,
including SIEM (Security Information and Event Management) and SOC (Security
Operations Center) processes.
○ Analyze security logs, alerts, and incident data to identify vulnerabilities and recommend
remediation strategies.
○ Evaluate the effectiveness of security controls and provide recommendations for
enhancement.
● IT General Controls (ITGC):
○ Assess and ensure the effectiveness of IT General Controls relevant to financial reporting
and operational integrity.
○ Develop and implement ITGC frameworks and processes.
○ Support internal and external audits related to ITGC.
● Cloud Security:
○ Contribute to the design, implementation, and maintenance of secure cloud environments
(e.g., AWS, Azure, GCP).
○ Assess cloud security configurations, identify misconfigurations, and recommend best
practices.
○ Stay abreast of emerging cloud security threats and technologies.
● Regulatory Compliance:
○ Ensure adherence to information security guidelines and mandates from key regulators such
as SEBI, NSE, BSE, CDSL, etc.
○ Translate regulatory requirements into actionable security controls and processes.
○ Assist in preparing for and responding to regulatory audits and inquiries.
● Information Security Management System (ISMS):
○ Support the implementation and maintenance of our ISO 27001 certified Information Security
Management System (ISMS).
○ Participate in risk assessments, control selection, and internal audit activities related to ISO
27001.
○ Develop and update security policies, standards, and procedures in line with best practices.
● Project Management & Ownership Independence:
○ Lead and manage information security projects from inception to completion with minimal
guidance.
○ Prioritize tasks, manage timelines, and communicate progress effectively to stakeholders.
○ Proactively identify security gaps, propose solutions, and drive their implementation.
○ Ability to work independently, take initiative, and deliver high-quality results in a fast-paced
environment.
● General Information Security:
○ Assist in incident response planning and execution.
○ Conduct security awareness training.
○ Stay current with industry trends, threats, and security technologies.
Qualifications:
● Bachelor's degree in Computer Science, Information Security, or a related field.
● 4-6 years of progressive experience in information security roles.
● Proven experience across multiple information security domains, including TPRM, technical risk
assessments, cloud security, and regulatory compliance.
● Solid understanding of IT General Controls (ITGC).
● Demonstrable knowledge of regulatory requirements from bodies like SEBI, NSE, BSE, CDSL.
● Hands-on experience with ISO 27001 implementation and maintenance.
● Familiarity with SIEM/SOC operations and security monitoring tools.
● Excellent analytical, problem-solving, and decision-making skills.
● Strong written and verbal communication skills, with the ability to articulate complex security
concepts to both technical and non-technical audiences.
● Ability to work independently, manage multiple priorities, and meet deadlines.
Preferred Qualifications (Bonus Points):
● Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP certifications are a plus but not
mandatory).
● Prior experience in the SEBI regulated sector.
Information Security Analyst
Posted 2 days ago
Job Viewed
Job Description
Hi All,
Good afternoon!
We are urgently hiring for the role of Information Security Analyst with 7 to 12 years of experience with below required skills :
- Global Security operations center
- SIEM tools
- Splunk
- Incident Management
Interested candidates please apply on :
Information Security Analyst
Posted 2 days ago
Job Viewed
Job Description
About the company
Lexitas is a high growth company. The Company is built on a belief that having strong personal relationships with our clients, and providing reliable, accurate and professional services, is the driving force of our success.
Lexitas offers an array of services including local and national court reporting, medical record retrieval, process service, registered agent services and legal talent outsourcing. Our reach is truly national as well as international.
Lexitas is a MNC Company that has set up a subsidiary in Chennai, India – Lexitas India Pvt. Ltd. This Indian company will be the Lexitas Global Capability Center, helping build a world class IT development team, and over time serve as a Shared Services hub for several of the corporate functions.
For More Information -
This is a Full-Time Job located in Chennai, India.
Summary:
This position supports information security, privacy, risk and compliance programs and activities under the direction of the VP of Information Security or designated Information Security Manager. The position assists in developing and maintaining a comprehensive security program for Lexitas. Providing functional and technical support is important to maintain security posture and protection of electronically and physically stored information assets across our systems. Tasks include supporting design, implementation, configuration, documentation, and maintenance to mitigate risk to the business and its computing resources and assets, as well as collaborating with applicable providers, managing and monitoring tools, and facilitating applicable processes and procedures.
Key Roles and Responsibilities :
- Supports IT security, privacy, risk and compliance systems, processes, supporting activities, with the ability to lead activities and programs.
- Monitors computer networks and associated tools and provider services for security, privacy, risk and compliance issues
- Supports the project management, tracking, and documentation of Information, Privacy, Risk, and Compliance programs, processes, and activities
- Investigate security breaches and cybersecurity incidents.
- Documents security breaches and assesses impact.
- Performs and/or supports security tests, risk assessments, and audits to uncover network, application, and process vulnerabilities and provides guidance and training to ensure violations do not persist.
- Tracks and facilitates the mitigation of vulnerabilities to maintain a high security standard.
- Supports best practices for IT security, privacy and compliance.
- Performs and supports 3rd party vulnerability management and penetration testing.
- Research security enhancements and makes recommendations to management.
- Stays current on information technology trends and security standards.
- Prepares reports that detail security, privacy, and compliance risk assessment findings.
- Supports Security Operations Center functions including monitoring and supporting Incident Response activities.
- Supports all related IT Security, Privacy, Risk and Compliance policies and provides guidance to the business.
- Other Information Security, Privacy, Risk, and Compliance duties as required.
Skills and Abilities:
- Experience with computer network and application vulnerability management and penetration testing, and techniques.
- Solid understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
- Ability to identify and mitigate network and application vulnerabilities.
- Good understanding of patch management
- Proficient with various OS
- Excellent written and verbal communication skills
- Knowledge of firewalls, antivirus, and intrusion detection system concepts
- Ability to support and document areas of Information Security, Privacy, Risk, and compliance processes and programs.
- Ability to support incident response process.
- Experience directing 3rd Party providers in the areas of Information Security, Privacy, Risk and Compliance
- Support information security controls including physical and data security protecting the confidentiality, integrity and availability of information systems data.
- Preferred KSA’s:
- Strong working knowledge and experience with primary Information Security, Privacy, Risk, and compliance standards and frameworks such as NIST, SOC 2, HIPAA, PCI DSS, GDPR, etc.
- Experience administering information security software and controls.
- Experience supporting process for managing network and application security.
- Network and system administration experience a plus.
- Good understanding of Standard Information Security Baseline Frameworks, Business Continuity, and Disaster Recovery protocols and best practices.
- Exposure to ITIL (Incident/Change Management) – ITIL v3F preferred.
- Learns and monitors the business processes for the areas of primary support responsibility.
- Support annual Security Baseline Audits and execution of recommendations.
- As part of the technology team, performs “Help Desk” day-to-day tasks in support of Information Security, Privacy, Risk, and Compliance.
Education and Experience:
- Bachelor’s degree in computer science or related field strongly preferred.
- IAT Level-2 technical certification strongly preferred (Comp TIA Security+ or CISSP) or ability to obtain within first 90 days of hire.
- 5+ years’ experience performing role of Information Security Analyst or SOC
- Demonstrated experience in responding to, managing, and resolving security incidents.
- Experience with LAN/WAN networking concepts, IP addressing and routing concepts, Windows/Linux/Unix operating systems, Information Security concepts, and best practices.
- Experience with Windows/Linux/Unix operating systems, Information Security concepts, and best practices.
- Experience working with Security Information and Even Management (SIEM) system is a plus.