Application and Infrastructure Security Specialist

Experience: 4+ Yr
Number Of Position: 1
Location: Jaipur, Rajasthan

Job Description

This position will be responsible for the implementation and support of AWS cloud infrastructure and security. This position requires a seasoned individual, who has hands-on experience in IT infrastructure management on AWS and security from the ground up to support critical business applications.

Must Have Skills:

Understanding and experience with ISO 27001 & PCI DSS.
Bachelor’s degree in the field of Information Security, Computer Science, or highly related program.
Should have experience in VPN, NAT Gateway, Transit Gateway, VPC Peering
Experience or understanding of governance, risk, and compliance (GRC) processes and solutions.
Experience in information security and auditing.
Experience with AWS Security tools (WAF, Inspector, GuardDuty, Cloud Watch)
Background in security controls, auditing, network, and system security.
Excellent understanding of OWASP Risks, Vulnerabilities, and Mitigation Mechanisms
Experience with Web Application Firewall management and rules
Ability to express technical concepts in business terms.
Experience in comprehensive Windows / Linux Systems security
Experience of working on Cloud and Infrastructure security
One of the following certifications: CEH, CHFI, ISO 27001 LA

Good to Have Skills:

Experience of Systems Administration experience and AWS services.
Identifying system vulnerabilities and securing AWS environments.
Hands-on experience with setting VPC, subnet, routing Tables, Security Group, NACL
Experience in configuring Amazon Cloudfront, securing with WAF
Strong written / verbal communication skills and customer interaction skills with users of all levels.
Working knowledge of web and application server architecture for public clouds.
Advanced experience and knowledge of networking and cybersecurity.

Job Responsibilities:

Responsible for the provisioning, installation/configuration, operation, and maintenance of cloud instances and other AWS services and their security AWS cloud environment.

Setup and build AWS infrastructure related to various resources VPC, EC2, S3, EBS, ELB, Security Group, and RDS, AMI
Experience working with IAM in order to create new users, roles, and groups
Design and implemented Security using VPC, IAM, Security Groups and NACL
Experience on Backup and Restoration from the snapshot and managing encrypted snapshots
Implementing security group and NACL for Inbound/Outbound access
Experience working with SNS
Understand storage requirements, create configure S3 storage, and maintain the ACL.
Strong knowledge of encryption of S3 and other storage types.
Should have experience with cloud trail and compliance
Conduct vulnerability assessments of applications using various open-source and commercial tools
Required knowledge of open source and commercial application security tools and frameworks, including but not limited to Kali Web application testing tools Burpsuite, Nessus, Metaspoilt
Code review for known security flaws using software like – Qualys
To carry out advanced technical analysis on application intrusions
Analyze scan reports and suggest remediation/mitigation plan
Providing rich client-specific reports
Hands-on experience on Infrastructure, Networks, Web Application, Database security
Demonstration of proof of concepts for exploits, manual penetration testing
Security configuration review of database /servers / firewalls / switches / routers, etc
Knowledge of operating systems preferably network equipment’s system (Linux and Windows) and network hardening
Research and maintain proficiency in computer application exploitation, tools, techniques, countermeasures, and trends in computer application vulnerabilities
Responsible for managing IT Audit, policies & security compliance norms.
Carry out IT security Audit as per ISO 27001.
Knowledge of OWASP top 10 vulnerabilities.
Develop and Manage all IT awareness and training program which helps to increase employee
Resolve security incidents related to identify vulnerabilities, risks, and protection needs and establish IT vulnerability reporting criteria.
Provide expert guidance and solution development for operationalizing and maturing security practices
Align initiatives with ISO 27001 and other industry standards
Mentor others on security best practices
Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows authentication framework, etc.)
Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings.
Conduct/support periodic risk assessments and develop appropriate mitigation plans in support of deliverables.