Information Security Architect - IT

Information Security Architect

Experience : 9 - 15 years

Job Location : Hyderabad

MUST HAVES :

- Design, build, implement and support enterprise-class security systems.

- Implement and operationalize RCSIRT, SOAR, SIEM, DLP, Network monitoring, and Forensic tools.

- Minimum 3 implementations experience on Azure Sentinel

- Minimum 4 years of experience as an Architect

Qualification :

- B.E/B. Tech/M. Tech/MS in a relevant field i.e. computer science, cyber security etc.

- Strong knowledge of incident management, problem management, and change management best practices.

- Relevant industry certification such as CISA/CISM/CSA/CEH/ CISSP / SANS GSOC /GIAC/GCFA etc. (at least two) is highly desirable.

- Superior communication skills and ability to brief senior government officials.

- Overall 9+ years of Information Security / Cybersecurity experience.

- Expertise with industry-standard frameworks (ISO, NIST, GDPR, PCI).

Skills :

- Strong security mindset.

- Strong hands-on experience of the security technologies such as SIEM, APT threats, VA/PT, Malware analysis, Forensics, Incident response tools, DLP, NGAV, EDR, CASB, PIM/PAM, Firewall, Proxy, Email Security, Cloud Security, WAF etc.

- Developing and implementing enterprise SOC, Blue team and Read teams with incident response, forensics, threat haunting strategy and solutions.

- Questions status quo and navigates through roadblocks.

- Security project management and planning.

- Defining problems, collecting, and analyzing data, establishing facts and drawing valid conclusions.

- Using judgment and ingenuity in maintaining objectives and technical standards

Job Objective :

- Responsible to design, plan, implement, enriches the overall security posture for a system or service, maintains security documentation and developing architecture patterns and security approaches to new technologies.

- To drive compliance goals with appropriate policies, process adherence, and process improvisation to achieve operational objectives of incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring security events.

Experience : 9+ years

Key requirements :

- Design, build, implement and support enterprise-class security systems.

- Align organizational security strategy and infrastructure with overall business and technology strategy.

- Plan, researched and designed robust security architectures for any IT project.

- Implement and operationalize RCSIRT, SOAR, SIEM, DLP, Network monitoring, Forensic tools with at least 3 implementations experience on Azure Sentinel, Splunk, Exabeam Fusion SIEM, Securonix next-generation-SIEM, XDR, CrowdStrike Falcon, McAFee EDR, Mimecast, ProofPoint, Zscaler, McAFee, McAFee DLP, ManageEngine Service Desk Plus & Data Security Plus, Qualys Guard, Qualys Web Application Scanner, DeepSource, Microsoft Intune.

- Expert in Cloud Security Architecture & Implementation including vendors like Azure, AWS, GCP, etc.,

- Should possess Integration experience with cross-platforms to improve the overall orchestration of security tools.

- Well versed with well-known security frameworks such as ISO 27001:2013 / NIST CSF / PCI DSS / ISO 22301 / STRIDE / MITRE / SSAE16 etc.

- Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge.

- Implementation of security measures to meet business goals, customer needs and regulatory requirements.

- Perform or supervise vulnerability testing, risk analyses and security assessments.

- Should be able to optimize security solutions including firewall, VPN, routers, IDS scanning technologies and servers to meet compliance.

- Work on projects with high strategic impact, setting a strategy that can be used in the long term and across the breadth of the organization.

- Create solutions that balance business requirements with information and cybersecurity requirements.

- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements

- Test security systems to ensure they behave as expected

- Define, Implement and maintain corporate security policies and procedures

- Train users in implementation or conversion of systems

- Respond immediately to security-related incidents and provide thorough remedial solutions and analysis

- Regularly communicate vital information, security needs and priorities to higher management.

Experience :

- Utilizing emerging technologies to design and implement security solutions; monitoring and improving those solutions while working with an information security team.

- Consulting and engineering in the design and development of security best practices; implementation of security measures to meet business goals, customer needs and regulatory requirements.

- Well versed with well-known security frameworks such as ISO 27001:2013 / NIST CSF / PCI DSS / ISO 22301 / STRIDE / MITRE etc.

- Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.

- Security considerations of cloud computing, including data breaches, hacking, account hijacking, malicious insiders, third parties, authentication, APTs, data loss and DoS attacks.

- Information systems auditing, monitoring, controlling, and assessment process

- Incident response management.

- Risk assessment and management methodology.

- Identity and access management; tracking and creating/enforcing policies that govern access sensitive technology resources and information assets.