The Security team is responsible for building, enforcing and reporting on information security maturity across products by adopting, adapting and extending Enterprise Corporate standards and tools. The products are a critical component of the global financial markets, so building and ensuring information security compliance is an extremely important function.
• Working with the Director of Security Operations Engineering you will be implementing and enforcing corporate security standards
• Responsible for the successful operations of all security tools and technologies and participates in or drives security reviews for new products and services.
• Partners closely with the scrum teams, DevOps leads, Product Development managers, and Product Managers to improve the operating risk posture, improve security maturity, and mitigate risks.
• Implement the best practices in Database privacy and Security, Privilege access management (for application and database) and Recertification, data redundancy and disaster Recover scenarios
• Collect and analyze available vulnerability data to identify risks, and manage remediation.
• Aggressively but realistically eliminate technical debt that leads to security vulnerabilities.
• Assist in performing risk assessments and developing remediation plans for identified risks.
• Work with Internal Audit team ensuring audit compliance of all the products.
• Documents wiki, run books, and trains others to help operationalize and automate DevSecOps.
• Works across engineering teams to prioritize flaws and with external entities to respond to security issues and concerns.
• Continuously identifies areas needing improvement, creates action plans, and executes to implement changes in a timely manner
• Strong knowledge of NIST standards and the NIST Cybersecurity Framework.
• Strong knowledge in Database Security framework and implementation specifics on RDBMS platforms like SQL Server, Oracle on Linux/Windows Platforms.
• Experience with complex SaaS and Corporate IT services environments
• Expertise with administering security technology controls (firewalls, orchestration platforms, anti-malware, forensics, IAM, IDS, DLP, open-source, etc.)
• Experience with security automation and technology and process integrations with CI/CD pipelines.
• Experience with creating Analytics Dashboards with Tableau for the underlying asset data.
• Experience managing security in DevOps and SaaS environments.
• Experience with AWS and best practices for monitoring an IaaS environment
• Familiarity with operating enterprise security technologies and establishing enterprise security processes.
• Familiarity and experience with standards and compliance frameworks ISO, SANS, OWASP, NIST, SSAE SOC, ITIL, etc.
- BE Computer Science and Engineering (Computer Science)