11+ SANS Jobs in India
Apply to 11+ SANS Jobs on CutShort.io. Find your next job, effortlessly. Browse SANS Jobs and apply today!
About us:
HappyFox is a software-as-a-service (SaaS) support platform. We offer an enterprise-grade help desk ticketing system and intuitively designed live chat software.
We serve over 12,000 companies in 70+ countries. HappyFox is used by companies that span across education, media, e-commerce, retail, information technology, manufacturing, non-profit, government and many other verticals that have an internal or external support function.
To know more, Visit! - https://www.happyfox.com/
Responsibilities:
- Perform manual and automated application penetration tests and provide suggestions to harden our products
- Participate regularly in the development and release process to identify and report security vulnerabilities in the code being shipped
- Conduct regular audits on all Features/APIs of the product and reports vulnerabilities to the development team
- Keep up with industry trends in the security space
- Triage inbound vulnerability reports with an appropriate level of urgency and track them until they are resolved by Engineering teams
- Should be able to understand different elements of our NodeJS, Python and similar stacks and provide guidance on secure software development practices to the team
- Scale our application security engineering team
Requirements:
- Strong verbal and written communication skills
- Has worked on Web Application Security Testing for a reasonably complex application. The mobile experience is a plus
- Good knowledge of secure software development guidelines from authoritative bodies like NIST, OWASP, SANS
- Hands-on experience in performing manual/automated security assessments with open-source/commercial security tools
As a Security Researcher in SaaS security posture management, your primary responsibility will be to conduct research on emerging security threats and vulnerabilities in SaaS environments and to develop and implement strategies to mitigate those risks. Specifically, your job duties will include: Conducting in-depth research on emerging security threats and vulnerabilities in SaaS environments.
- Analyzing data and security logs to identify potential threats and take proactive measures to prevent them.
- Developing and implementing security policies and procedures to protect against security threats in SaaS environments.
- Collaborating with other members of the IT team to implement security measures and ensure compliance with industry standards and regulations.
- Keeping up-to-date with the latest security technologies and trends in SaaS security posture management.
- Communicating findings and recommendations to management and other stakeholders.
- Participating in incident response and resolution activities in the event of a security breach in SaaS environments.
- To be successful in this role, you should have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, and have experience in researching emerging security threats and vulnerabilities in SaaS environments. You should also have strong analytical and problem-solving skills, and hold industry certifications such as CISSP, CEH, or OSCP. Excellent communication and collaboration skills are essential to work effectively with cross-functional teams.
Job Description
Cyber Threat Intelligence & Threat Hunting - Subject Matter Expert (B3-2)
Responsibilities:
Perform threat research, create actionable threat advisories, and derive hunting queries based on the evolving threat vectors.
Understand APT groups, Conduct deep dive technical analysis of cyber-attack tools, tactics, and procedures. Create hypothesis and perform active threat hunting.
Minimum Requirements:
10+ years of overall experience, 7+ years of experience in cyber threat intelligence, malware analysis (Reverse engineering)
Hands-on experience with writing threat hunting hypothesis & active threat hunting
Experience with YARA rule and OpenIOC signature creation.
Experience with multi-tiered mission-critical systems.
Experience in opensource sandbox and honeypots.
Preferred Certification
GIAC Cyber Threat Intelligence (GCTI)
C| TIA (Certified Threat Intelligence Analyst)
CCTIA by the NICCS
This profile will include following responsibilities:
- Perform Web Application Security Testing
- Perform Mobile Application Security Testing
- Scan Network for Security Vulnerabilities
- Co-ordinate with the clients for Project related queries
- Undertake meeting with the client teams for discussing security issues and recommendations
- Create detailed security reports
- Keep track of project progress & send regular updates
- Research on Open source security tools & new security topics
- Create Security Knowledge base for the teamThe candidate should be we well versed with application security concepts, including the mitigation techniques:
- Web Application Security – OWASP Top 10
- Mobile Application Security – Mobile OWASP Top 10
- Threat Modelling
- Risk Rating Frameworks
- Web Traffic Interception (For Web/Mobile apps)
- SSL
- Network Concepts
- Web Development Basics - HTTP/HTML/JavaScript
- Basic Mobile Application Concepts (either Android or IOS)
Operations and Technical Advice
Monitoring applications over WAF for Security incidents (24*7 Service Window)
WAF Implementation, and Day-to-Day Task ,Application Integration, Testing ,Learning ,Blocking , Migrations.
Application Security Understanding,Creating, modifying, or implementing policies or rules.
Add, remove, and modify, update security policy parameters and attack signatures policies as per Airtel Africa business requirement and standard practices
Understanding of Network Protocol
Hand-on Packet Capture /Analyser
Perform WAF signature & hotfix updates.
Quarterly review the created Policy/Rule with Client
Respond to Ticket management tool requests for WAF Incidents, Changes, and Services.
Coordinate with OEMs for product related issues and bugs
Integrate SIEM & monitoring tool with WAF virtual appliances
Upgrading the Radware OS version from N to N-1 shall be considered based on the criticality of discovered vulnerabilities during the VA scan.
Assist the Client team in mitigating vulnerabilities or observations reported during security audits, VA&PT, and regulatory technology audits (internal, external, and concurrent) for and in WAF
Analyse security breaches, make required changes/additions, and report RCA for any WAF security incident
Support Window 24X7 ,
Amazon Web Services (AWS)Job Responsibilities:
Experience: 8 Yrs to 12 Yrs
- Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
- Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
- have done any submission on Bug crowd or Bug Bounty.
- have developed tools or scripts for web pen test on GitHub.
- Certified on OSCP
- Threat Modeling
- Network scan in stealth mode or simple scan using Nmap and Burp suite
Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Developing different ways to solve the existing threats and security issues.
Configuring and implementing intrusion detection systems and firewalls.
Security product development, testing, and implementation.
Responsible for security technology research, penetration testing, and vulnerability scanning.
Please follow the below inputs.
The shift will starts from 03:00 PM to 12 AM (fixed for few months),
OSCP certification(Not mandatory, preferable)
Below are the primary key skills:
Total Application Security Experience:
Total Security Architecture Experience:
IOT(optional)
MOBILE
WEB
AWS(Mandatory)
NETWORKING
THREAT MODELS
|
Desired Skills |
To have skills: · Proven technical expertise in cyber security domains, i.e. endpoint security, application security testing. · Knowledge and experience in public cloud solutions. · Knowledge on network security, networking concepts and architectural implementations. · Knowledge on vulnerability testing and define proper remediation’s. · Shell scripting experience - Shell/Bash/Python. · Working experience of Linux operation.
Desire to have skills: · One or more of the following cyber security certifications: CEH, CISSP, OSCP, SSCP CCSP. · Excellent problem solving, and follow-up skills. · Ability to convey technical security concepts to non-technical audiences. |
-
- Manage a team of highly skilled security engineers
- Responsible for the security of all Ola applications.
- Enforce Security in SDLC, and ensure any identified vulnerabilities are fixed before a feature goes to production.
- Participate in the design review discussions to identify any security loophole, and recommend a secure design solution.
- Partner with engineering leaders across the company to help them prioritize security issues in their products.
- Run the Ola’s Bug Bounty program effectively.
- Develop a roadmap for future work to enhance security, derive a project plan, and ensure the completion of the project within the timelines.
- Mentor the team members and work towards their career growth.
Minimum Qualifications
- 7+ years of work experience in security engineering, including 2+ years of proven hands-on technical management experience of security engineers.
- Experience recruiting and managing technical teams, including performance management.
- Technical experience across security disciplines – web/mobile app security, infrastructure security, security operations center.
- Experience building relationships with stakeholders and business leaders.
- Must have Coding experience at least in one language.
- Knowledge of standards like PCI-DSS, ISO27001, GDPR etc.
BS/MS in Computer Science or equivalent experience
C#
Python
JavaThe Cyber Security Analyst will help to assess, plan, and enact security measures to protect the Hubbell organization from security breaches and attacks on its computer networks and systems. This job involves simulating attacks to identify vulnerabilities, testing new software to help protect the
company & data, and assisting users in adhering to new regulations and processes to ensure safety and compliance. The Cyber Security Analyst will work as part of the Security Operations team to execute, monitor and report-out on the scheduled tasks associated with maintaining the overall cyber hygiene for the company
Respond and investigate security breaches and other cybersecurity incidents.
Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs.
Work in conjunction with the cybersecurity team to develop automation for scheduled tasks and reporting
Respond to specific threats, evaluating company exposure, and risk.
Assist in the execution of penetration testing.
Research security enhancements and make recommendations to management.
Stay up to date on cybersecurity trends, threats, and remediation
Attend daily security operations meetings
Qualifications
A degree in Computer Science, IT, Systems Engineering or a related qualification
2-3 years of experience with software development in C-Sharp, Python or Java
2 years of experience with scripting tools such as PowerShell, Unix Bash and Bourne
Familiarity with patch management
Familiar with common cyber frameworks and tools such as NIST and MITRE Attack
Awareness of common cybersecurity threats and hacking methodologies
Preferred
Previous experience with Incident response and forensics
Knowledge Network security and segmentation
JavaPython- 5+ Years of leading an engagement.
- 5+ Years developing and implementing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms.
- 4+ Years on any Cloud Platform (AWS, Azure, Google, others).
- Master's or Bachelor's degree in Information Science / Information Technology, Computer Science.
- Deep hands-on experience leading the design, development and deployment of business software at scale.
- Experience with service-oriented architectures, private and public clouds and web services security.
- Strong skills in security principles such as least privilege access, defense in depth, preventative vs detective controls, Infrastructure and Network Security, Data protection, and Incident response.
- Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography.
- Experience advising customers on architectures meeting industry standards such as PCI DSS, ISO 27xxx, SOC, HIPAA, GDPR, and NIST/DoD frameworks.
- Experience with enterprise risk management methods and techniques to drive successful outcomes in a global enterprise environment.
- Good understanding of Enterprise Networks, Security and Identity Access Management.
- Configuration management using CloudFormation and/or Chef/Puppet.
- Experience with agile approaches and Experience in DevOps or DevSecOps, and how they impact risk management and compliance.
- Hands-on technical expertise in technology automation, implementation, integration, and/or deployment using scripting and/or IaaC.
- Knowledge of professional software engineering practices & best practices for the full software development life cycle, including coding standards, code reviews, source control management, libraries building, build processes, testing, and operations.
- Demonstrated ability to mentor other software developers to maintain architectural vision and software quality.
- Experience taking a lead role developing complex software systems that have successfully been delivered to customers.
- Ability to travel to customer sites as needed.
PREFERRED QUALIFICATIONS:
- AWS Solutions Architect Certified.
- AWS Security Speciality Certified.
- CISSP, CCSP, CISM, and/or other comparable certifications.
Requirements:
- Overall experience in the field of Information risk and security related initiatives/ projects.
- Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
- Ability to understand business concepts and integrate business risk elements into security operations.
- Experience in conducting VAPT.
- Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
- Strong ethics and understanding of ethics in business and information security.
- Should have exposure to Code review, Network VA/PT and App VA/PT work.
- Understanding and familiarity with common code review methods and standards.
- Experience with code scanning toolsets such as Fortify and Ounce.
- Understanding of HTTP and web programming.
- Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
- In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.
Follow Cutshort