5+ Years of experience in working on Security aspects
Must be proficient in understanding various aspects of Application Security in a cloud
environment and should have worked on tightening the security at all levels.
Ability to translate Information Security policies and procedures into language that a business and/or technical person can understand
Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint, AWS Inspector, Kali Linux)
Experience in Mobile Application testing including iOS and Android.
Experience with web application vulnerability scanning tools (Burpsuite Pro, Veracode)
Experience with network/infrastructure-level penetration testing
Excellent communication skills to collaborate with both external and internal stakeholders to maintain the overall Information Security for KloudGin.
Must have experience on AWS landscape and understanding of security aspects related to EC2, VPC, CloudFront, WAF, Shield, Secrets Manager, Inspector, CloudTrail, CloudWatch, Systems Manager, IAM, Config, etc.
Should be aware of various CIS Benchmarks and be able to tighten the application and database servers based on the guidance.
Experience in Application security and Mobile security Including OWASP technologies, vulnerability research and Mitigation.
Awareness of CISSP certification will be a plus
AWS Certification will be a plus
Certification in any of these or similar certifications – CEH, ECSA, OSCP will be a plus.
Responsibilities
To manage the Information Security Program and IT Operations at KloudGin.
To perform web Application vulnerability scans leveraging both tools and manual checks.
To use both DAST and SAST tools to identify the vulnerabilities and work with the developers to fix and remediate the same.
To perform application security risk assessments.
To conduct penetration testing using various tools and block the exposures in coordination with the development teams.
To manage the Security features of KloudGin application and support the Presale team in responding to prospects about KloudGin infrastructure and security.
To drive the Security Certification of the KloudGin product based on the above-mentioned security check based on the KloudGin releases.
To drive the external Audits and Governance at KloudGin including VAPT, SOC Audits, GDPR Reviews.
To drive and play the Project Manager role for the Disaster Recovery Drill of the application.
Assess publicly and privately announced security vulnerabilities to determine the risk based on severity, threat likelihood and impact
Conduct checks on server level vulnerabilities and adhere to CIS benchmarks for the environments.
To perform log monitoring using SIEM tools and manage the threats or attacks on the application / network.
Automation of Secrets management across the application and Environments.
Continuously enhance the security of the application to meet the industry best practices.
Review the latest threat in the industry and safeguard the application and environment against the same.
Manage the Security Onboarding and Offboarding for the employees at KloudGin.
Manage the IT Operations at KloudGin including end-point security and Antivirus management.