Cyber Security Advisor- (#CC)

As Cyber Security Advisor, you’ll use your experience and skills to contribute to the quality and implementation of our client's software products for our customers.

Requirements:

Cross-functional Collaboration and Advocacy: Collaborate with IT, development, business units and operations teams to embed security into every aspect of the technology lifecycle. Advocate for security best practices, raising awareness and driving a security-first culture across the organization. Develop and implement automated security solutions to streamline security processes, improve efficiency, and enhance response capabilities.

Identity and access management: The candidate must have a strong technical understanding of identity and access management controls and must have experience working with Single-Sign-On and authentication and authorization protocols. Must have experience working with MS Entr ID suite of products

Data Protection & Data Classification: Develop, manage and enforce data protection controls to ensure data security is always maintained. The candidate must have technical experience with various security controls such as AWS Web Application Firewall (WAF), DLP and EDR solutions.

Threat modeling & Secure SDLC: Experience working in a product development environment and comfortable with conduction threat modeling for complex applications and platforms. They should be comfortable collaborating with senior software developers, architects and business leaders to ensure security controls are built into the application throughout the software lifecycle.

Continuous Improvement: Stay abreast of the latest security threats, trends, and technologies, especially in cloud (IaaS, SaaS, PaaS), IaC, and container environments. Proactively identify and investigate security threats by analyzing security logs, conducting threat hunting exercises, and implementing advanced detection mechanisms. Continuously evaluate and improve security tools and processes to address evolving security.

Experience and Qualifications of the Role

- Working experience performing security architecture review, code review and building security requirements for introduction of new technologies in a multi-cloud environment including SaaS applications.

- Working experience leveraging and customizing native & 3^rd party security tools to secure multi-cloud environments

- Working experience using Microsoft security suite including Entra ID, Defender Suite

- Hands-on experience working in multi-cloud environment with a deep understanding of cloud technology components such as networking, segmentation, virtualization, encryption, secrets & key management, serverless, container, Kubernetes and IaC

- Hands-on experience with cloud/infrastructure traffic analysis, anomaly detection, Web Application Firewall (WAF), IAM and security automation.

- Familiarity with security concepts such as secure-by-design, application architecture, Authentication (SSO, SAML, Azure AD), Perimeter security, Micro-segmentation and Zero-Trust.

- Hands-on experience with Policy as Code (PaC) using coding languages such as Python, Go, JavaScript, or YAML.

- Experience with security testing tools such SCA, SAST, DAST and Website analysis

- Minimum 10 years of experience with technology and at least 7-years in Information Security within cloud-native or SaaS technology environments.

- Extensive experience writing technical and business-friendly security documentation.

- Strong analytical, problem-solving, and communication skills. Ability to work collaboratively in a dynamic environment and manage tasks with attention to details.

- Strong written and verbal communication skills in English.

Computer Skills Needed to Perform this Job

Proficiency in Microsoft Tools and Platforms

Certificates, Licenses, Registrations

CISSP, CEH, OSCP, GCIH or other relevant security certification and experience