Skip to main content

AVP – Security Engineering

Navi Mumbai, India

This position is closed as on 2019-11-30

 

Reporting Structure

The person would report to Sr.VP, Cyber Security

Education

  • University degree in the field of computer science or IT

Qualifications

  • Proven work experience as a system security engineer or information security engineer
  • Experience in building and maintaining security systems
  • Thorough understanding of the latest security principles, techniques, and protocols
  • Detailed technical knowledge of database and operating system security
  • Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, etc.
  • Experience with network security and networking technologies and with system, security, and network monitoring tools
  • Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
  • Excellent knowledge of application and mobile development languages, database and security best practices related to the same
  • Good project management skills and excellent oral and written communication skills
  • Problem solving skills and ability to work under pressure

Experience (years)

  • A minimum of 12+ years of IT experience with at least 6 years developing and implementing Applications (Client, Web and Mobile) and having knowledge of databases; managing security staff for at least 5 years in technical leadership roles

Industry

  • Financial Domain (Banking / NBFC experience is desirable)

Responsibilities

  • Engineer, implement and monitor security measures for the protection of computer systems, networks and information
  • Identify and define system security requirements
  • Design computer security architecture and develop detailed cyber security designs
  • Prepare and document standard operating procedures and protocols
  • Configure and troubleshoot security infrastructure devices
  • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
  • Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
  • Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls
  • Coordinate with the enterprise system and network teams to ensure alignment between security and enterprise architectures
  • Coordinate with the enterprise application development teams to ensure alignment between security and enterprise architectures
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the organisation's reputation.
  • Define application and database related security policies, guidelines, strategy
  • Define security guidelines for application development (secure SDLC, Secure coding practises etc.)
  • Create Application Security Life Cycle (ASLC) framework which includes developing threat modelling practises into product life cycle
  • Define approach and conduct vulnerability assessment and penetration testing
  • Work with SoC team to define event correlation rules related to application and database threats and vulnerabilities, ensure all events related to application threats are tracked to closure
  • Assist in Incident management and Business Continuity Management
  • Risk assessment for new technology procurement /development
  • Supporting Vendor Security activities to ensure 3rdparty software and development meets ReBIT security standards

 

Certifications (any one)

  • CEH: Certified Ethical Hacker
  • CCNP Security: Cisco Certified Network Professional Security
  • GSEC / GCIH / GCIA: GIAC Security Certifications
  • CISSP: Certified Information Systems Security Professional