DevOps Security (remote)

Client Description:

HCL Technologies is a multinational information technology services and consulting company with offices in 50 countries, a global R&D network, "innovation labs" and "delivery centers", over 187,000 employees, and its customers include 250 of Fortune 500 and 650 of the 2,000 global companies.

Responsibilities:

Evaluate, select, design and configure security infrastructure systems in a

global environment.

Support and conduct internal audits, help mitigate findings and implement

improvement measures.

Identify, integrate, monitor and improve infosec controls by understanding

business processes.

Work in support of the Senior Information Security Engineer enhancing the security

direction for the organization including systems, networks, user services and vendor

development efforts.

Install, configure, manage, and maintain mission-critical enterprise applications such as

AV, patching, SIEM, DLP, log management and other technical controls.

Troubleshoot security system and related issues.

Assist with complex projects and ongoing support of security operations.

Conduct network and system tests via simulation or other means to highlight

and find any weaknesses that may be exploited.

Assist in defining security requirements and review of system to determine if they

have been designed to comply with established security standards. Develop new

standards as necessary.

Core activities:

Need to have a professional experience of at least 3-4 years acquired in monitoring

and improving DevSec Ops tools and processes.

Design, implement, support and evaluate security-focused tools, vulnerably

management tools and services.

Conduct periodic Vulnerability assessment.

Participate in incident handling and other related duties to support the information

security function.

Cloud Security Certifications like Azure Certified Security Specialty is preferred.

Industry recognized certification (CEH) is preferred

Candidate Profile:

Penetration Testing : Hands-On knowledge on running Penetration testing using some tools or scripts. Exposure to Accunetix, Detectify etc.

Azure WAF and Firewall configuration

Azure security – RBAC, AD, Application Gateway, "Azure defender for cloud", Azure policies etc.

Knowledge on IPS IDS systems (OSI layer 3, 4 and 7)

Network security ( Intermediate level)

Vulnerability testing tools – Nessus, Accunetix, Qualys etc.

Patch management

Code scanning tools – SonarCloud, Veracode etc..

External Library scanning tools – WhiteSoruce bolt, Synk etc..

Associate level security certification in AWS or Azure or GCP