Mininum Experience- 10+ years
Mandatory Skills Set- Cloud Security, Offensive and Defensive security principles, Penetration testing, SAST/DAST, VAPT, Security Compliances.
About us
CLOUDSUFI is a Data Science and Product Engineering organization building Products and Solutions for Technology and Enterprise industries. We firmly believe in the power of data to transform businesses and make better decisions. We combine unmatched experience in business processes with cutting edge infrastructure and cloud services. We partner with our customers to monetize their data and make enterprise data dance.
What are we looking for
CLOUDSUFI is seeking a Information Security Lead overseeing the organization’s information security framework, ensuring the confidentiality, integrity, and availability of all data. This role involves developing and implementing security policies, managing risk assessments, and addressing compliance requirements. The Infosec Lead will also lead incident response efforts,conduct regular security audits, and collaborate with cross-functional teams to mitigate vulnerabilities. Strong expertise in cybersecurity tools,frameworks, and best practices is essential for this role.
Roles & Responsibilities
➢ Work independently with vendors and collaborate with colleagues.
➢ Experience negotiating remediation timelines and/or remediating found issues independently.
➢ Ability to implement vendor platforms withinCI/CDpipelines.
➢ Experience managing/responding to incidents, collecting evidence, and making decisions.
➢ Work with vendors and internal teams to deploy criteria within WAF and fine-tune configurations based on application needs.
➢ Multitasking and maintaining a high level of concentration on assigned projects.
➢ Strong working knowledge of AWS security in general and familiarity with AWS native security tools.
➢ Promote security within the organization despite roadblocks, demonstrating resilience
and persistence.
➢ Define and integrate DevSecOps security requirements in projects.
➢ Articulate security requirements during architecture meetings while collaborating
with application and DevOps teams.
➢ Hands-on experience with various security tools and techniques, including:
➢ Trivy, Prowler, Port53, Snyk for container and application security.
➢ KaliDiscovery and vulnerability scanning for penetration testing and threat assessment.
➢ Network and website penetration testing (PT) to identify and remediate
security vulnerabilities.
➢ SAST and DAST tools for static and dynamic application security testing.
➢ API security testing
➢ Web/Mobile App SAST and DAST
Preferred Certification
➢ AWS Security /CISSP /CISM (Certified Information Security Manager)
Required Experience
➢ 8+ years of experience with AWS orchestration via Terraform scripts.
➢ 8+ years of experience withCloudWatch,CloudTrail, and GuardDuty.
➢ 8+ years of experience with AWS WAF.
➢ 6+ years of experience with Cloudflare or any other WAF tool.
➢ 6+ years of experience with Datadog or any other logging and monitoring tool.
➢ 6+ years of experience with Trivy or any other vulnerabilities and configuration issues in AWS.
➢ 6+ years of experience with Prowler or any other security issues in AWS or other cloud.
➢ 6+ years of experience with Snyk or any other tool for SCA, SAST and SBOM.
➢ 6+ years of experience with any SAST/DAST tool.
➢ Experience with PagerDuty.
➢ Ability to conduct nuanced threat assessments.
➢ Experience with SOPHOS.
➢ Significant experience with compliance regimes like PCI, SOC2, SOX, and HIPAA.
➢ Proficiency in Infrastructure asCode tools like Ansible, Terraform, andCloudFormation.
➢ Strong experience implementing security tools withinCI/CD pipelines.
➢ Expertise in cloud service providers, particularly AWS.
➢ Proven ability to oversee technological upgrades and improve cloud security environments.
➢ Skilled in developing, installing, configuring, and integrating IT tools and security processes.
➢ Competence in static and dynamic code analysis tools, interpreting results, and guiding teams to address gaps.
➢ Extensive experience in penetration testing, container security, and threat vulnerability assessments.
➢ Capability to assess technology architectures for vulnerabilities andrecommend improvements.
➢ Strong leadership in creating and managing security strategies and overseeing
information security audits.
➢ Expertise in developing and maintaining security policies, standards, and guidelines.
Non-Technical/ Behavioral competencies required
➢ Must have worked with US/Europe based clients in onsite/offshore delivery model
➢ Written communication, technical articulation, listening and presentation skills (8/10
minimum).
➢ Should have good conflict management.
➢ Should have superior persuasive and negotiation skills
➢ Should have demonstrated effective task prioritization, time management and
internal/external stakeholder management skills
➢ Should be a quick learner, self starter, go-getter and team player
➢ Should have experience of working under stringent deadlines in a Matrix organization
structure