Develop and oversee key performance indicators (KPIs) for security. Oversee service level agreements (SLAs) for security operations and create risk-b..
Develop and oversee key performance indicators (KPIs) for security.
Oversee service level agreements (SLAs) for security operations and create risk-based dashboards for reporting.
Create and implement a comprehensive vulnerability management program, including managing activities related to vulnerability assessment (VA) and penetration testing (PT).
Develop and implement security programs for network, server, and cloud environments, including onboarding processes and pre- and post-scanning activities.
Conduct periodic configuration reviews based on CIS benchmarks.
Manage the application security program by identifying and mitigating risks in collaboration with business application teams.
Collaborate in managing the endpoint security, network security, and server security programs.
Collaborate in managing the overall security operations management program.
At least 3-5 years of documented work experience in security engineering.
Prior practical knowledge of web, mobile, and cloud security.
Hands-on experience in constructing and maintaining security measures such as firewalls, intrusion detection systems, antivirus software, authentication systems, content filtering, etc.
Thorough understanding of IT infrastructure concepts across all layers, including Servers, Networks, End User Computing, and Cloud.
Experience in designing and implementing risk-based information security programs.
Hands-on experience in implementing standards such as ISO 27001, NIST, CIS, or equivalent.
Hands-on experience in designing, implementing, and managing Data Leak Prevention programs.
Hands-on experience in conducting application security assessments, both manual and tool-based.
Gained solid understanding of OWASP, CIS, and NIST guidelines for application security.
Experience in utilizing anti-malware solutions.
Experience in designing security programs for cloud services, including IAAS, PAAS, and SAAS.
Hands-on experience with native cloud security capabilities.
Experience in implementing cloud security solutions like CASB.
Excellent communication and presentation skills.
Experience in collaborating with mid-level and senior-level management, with the ability to understand business processes and requirements.
Understanding and effectively communicating security risks to core technology teams and business functions.
Preferred certifications: CISSP, CCSP, CISM, ISO 270001 LI/LA.