
DevOps Security (remote)
Descrierea jobului
Client Description:
HCL Technologies is a multinational information technology services and consulting company with offices in 50 countries, a global R&D network, "innovation labs" and "delivery centers", over 187,000 employees, and its customers include 250 of Fortune 500 and 650 of the 2,000 global companies.
Responsibilities:
Evaluate, select, design and configure security infrastructure systems in a
global environment.
Support and conduct internal audits, help mitigate findings and implement
improvement measures.
Identify, integrate, monitor and improve infosec controls by understanding
business processes.
Work in support of the Senior Information Security Engineer enhancing the security
direction for the organization including systems, networks, user services and vendor
development efforts.
Install, configure, manage, and maintain mission-critical enterprise applications such as
AV, patching, SIEM, DLP, log management and other technical controls.
Troubleshoot security system and related issues.
Assist with complex projects and ongoing support of security operations.
Conduct network and system tests via simulation or other means to highlight
and find any weaknesses that may be exploited.
Assist in defining security requirements and review of system to determine if they
have been designed to comply with established security standards. Develop new
standards as necessary.
Core activities:
Need to have a professional experience of at least 3-4 years acquired in monitoring
and improving DevSec Ops tools and processes.
Design, implement, support and evaluate security-focused tools, vulnerably
management tools and services.
Conduct periodic Vulnerability assessment.
Participate in incident handling and other related duties to support the information
security function.
Cloud Security Certifications like Azure Certified Security Specialty is preferred.
Industry recognized certification (CEH) is preferred
Candidate Profile:
Penetration Testing : Hands-On knowledge on running Penetration testing using some tools or scripts. Exposure to Accunetix, Detectify etc.
Azure WAF and Firewall configuration
Azure security – RBAC, AD, Application Gateway, "Azure defender for cloud", Azure policies etc.
Knowledge on IPS IDS systems (OSI layer 3, 4 and 7)
Network security ( Intermediate level)
Vulnerability testing tools – Nessus, Accunetix, Qualys etc.
Patch management
Code scanning tools – SonarCloud, Veracode etc..
External Library scanning tools – WhiteSoruce bolt, Synk etc..
Associate level security certification in AWS or Azure or GCP