- Responsible for maintaining IT Infrastructure security
Management of detection and protection against various attack mechanisms including :
i. Patch(s) Compliance
ii. Standard and Hardened Build Compliance
iii. Vulnerability Management and Penetration Testing
iv. Regular reporting and evidence of key security controls
v. Security event L1 triage and response (IPS, Advanced malware, Anti-virus, Email)
vi. SPAM management
vii. Web filtering
viii. Security Architecture Review
- Coordination with various infrastructure/support teams to ensure alignment of effective implementation of Infrastructure Security controls and processes.
- Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems.
- Identification and remediation of new vulnerabilities in organization Infrastructure.
- Coordinating Third party vendor vulnerability assessment, normalize Risk Rating, Tracking and remediation.
- Monitoring, alerting and escalation of security incidents and non-compliance with respect to Information Security policy & Standards.
- Identifying and maintaining Key metrics and SLA on Infrastructure Security.
- Maintaining adherence to technical controls as required by standards and frameworks i.e. ISO 27001, PCI, NIST
- Monitor Cyber space for emerging threats
- Contribute to the product roadmap for the Infrastructure Security tools and technology.
- Working Knowledge of leading Infrastructure Security vendors and products, multiple information security technologies and their strengths and shortcomings.
- Ensuring that new Infrastructure Security tools are implemented and supported effectively and efficiently by working closely with Application Support and Engineering teams.
- Work with project teams to ensure projects are implemented in adherence to security policies and standards.
- Technical liaison with external vendors and service providers for timely rectification of any related problems.
- Advising senior stakeholders on security/ risk issues relating to wider business environment
Experience and Qualifications Required :
- 10+ years of technical experience in IT Security, System & Networks Administration and Risk Assessment.
- Proven ability to quickly earn the trust of sponsors and key stakeholders; mobilize and motivate teams; set direction and approach; resolve conflict; deliver tough messages with grace; execute with limited information and ambiguity
- Capable of effective Team management, able to build strong relationships with the management
- Maintains detailed understanding of area of operation and can undertake methodical analysis to determine areas of risk and effectively present such findings and potential resolutions to Senior Management.
- Broad technical knowledge of infrastructure technologies i.e. Vulnerability assessment, Penetration testing, SIEM, DLP, Malware Protection, IDS, Wireless IPS, DMZ and Firewall Security.
- Strong understanding of Windows and UNIX operating systems.
- Well versed in implementing technical controls for ISO 27001, PCI for Infrastructure Security domain.
- Knowledge of all the known security mechanism like authentication, authorization, logging, cryptography and the associated threats.
- Knowledge of applications, middleware, databases, network, different operating systems and software architecture
- CISSP/ISO 27001/CEH(Mandatory) will be an added advantage
- Excellent Influencing skills, Self-motivated, flexible, with a - can do- attitude.
- Excellent problem-solving and critical-thinking skills
- Ability to remove barriers and enable teams to complete their objectives
- Focused and versatile team player that is comfortable under pressure
- Good understanding of business with technology alignment
- Extensive work experience in process based project management, and implementing metrics to manage and measure the working quantitatively
- Understanding of emerging technologies and corresponding security threats
- Ability to understand changes in business requirement, new technology areas, processes/methodologies which further apply in daily operation to improve Security organisation.