Application and Infrastructure Security Specialist
Experience: 4+ Years
|1||Jaipur||Immediate or 30 Days|
This position will be responsible for the implementation and support of AWS cloud infrastructure and security. This position requires a seasoned individual, who has hands-on experience in IT infrastructure management on AWS and security from the ground up to support critical business applications.
- Understanding and experience with ISO 27001 & PCI DSS.
- Bachelor’s degree in the field of Information Security, Computer Science, or highly related program.
- Should have experience in VPN, NAT Gateway, Transit Gateway, VPC Peering
- Experience or understanding of governance, risk, and compliance (GRC) processes and solutions.
- Experience in information security and auditing.
- Experience with AWS Security tools (WAF, Inspector, GuardDuty, Cloud Watch)
- Background in security controls, auditing, network, and system security.
- Excellent understanding of OWASP Risks, Vulnerabilities, and Mitigation Mechanisms
- Experience with Web Application Firewall management and rules
- Ability to express technical concepts in business terms.
- Experience in comprehensive Windows / Linux Systems security
- Experience of working on Cloud and Infrastructure security
- One of the following certifications: CEH, CHFI, ISO 27001 LA
- Experience of Systems Administration experience and AWS services.
- Identifying system vulnerabilities and securing AWS environments.
- Hands-on experience with setting VPC, subnet, routing Tables, Security Group, NACL
- Experience in configuring Amazon Cloudfront, securing with WAF
- Strong written / verbal communication skills and customer interaction skills with users of all levels.
- Working knowledge of web and application server architecture for public clouds.
- Advanced experience and knowledge of networking and cybersecurity.
Roles and Responsibilities:
Responsible for the provisioning, installation/configuration, operation, and maintenance of cloud instances and other AWS services and their security AWS cloud environment.
- Setup and build AWS infrastructure related to various resources VPC, EC2, S3, EBS, ELB, Security Group, and RDS, AMI
- Experience working with IAM in order to create new users, roles, and groups
- Design and implemented Security using VPC, IAM, Security Groups and NACL
- Experience on Backup and Restoration from the snapshot and managing encrypted snapshots
- Implementing security group and NACL for Inbound/Outbound access
- Experience working with SNS
- Understand storage requirements, create configure S3 storage, and maintain the ACL.
- Strong knowledge of encryption of S3 and other storage types.
- Should have experience with cloud trail and compliance
- Conduct vulnerability assessments of applications using various open-source and commercial tools
- Required knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools Burpsuite, Nessus, Metaspoilt
- Code review for known security flaws using software like – Qualys
- To carry out advanced technical analysis on application intrusions
- Analyze scan reports and suggest remediation/mitigation plan
- Providing rich client-specific reports
- Hands-on experience on Infrastructure, Networks, Web Application, Database security
- Demonstration of proof of concepts for exploits, manual penetration testing
- Security configuration review of database /servers / firewalls / switches / routers, etc
- Knowledge of operating systems preferably network equipment’s system (Linux and Windows) and network hardening
- Research and maintain proficiency in computer application exploitation, tools, techniques, countermeasures, and trends in computer application vulnerabilities
- Responsible for managing IT Audit, policies & security compliance norms.
- Carry out IT security Audit as per ISO 27001.
- Knowledge of OWASP top 10 vulnerabilities.
- Develop and Manage all IT awareness and training program which helps to increase employee
- Resolve security incidents related to identify vulnerabilities, risks, and protection needs and establish IT vulnerability reporting criteria.
- Provide expert guidance and solution development for operationalizing and maturing security practices
- Align initiatives with ISO 27001 and other industry standards
- Mentor others on security best practices
- Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, etc.)
- Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings.
- Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables.