Description :

About the role :

The Senior System Security Specialist Role is responsible for establishing, managing, and continuously improving the organizations security assurance program, including Vulnerability Assessment (VA), Penetration Testing (PT), Application Security (AppSec), and Secure Coding initiatives.

This role ensures that development, infrastructure, and operations teams follow strong security engineering practices, comply with applicable security standards, and continuously improve the organizations security posture.

Role & responsibilities :

- Design, implementation, sustenance and continual improvement of System Security Practices.

- Define and periodically review Secure Configuration Standards for various platforms/ systems/ devices exist in the environment.

- Define and periodically review Secure Code and Application Security Guidelines/ standards.

- Management of System Security Testing Activities covering Secure Configuration Reviews, Vulnerability Assessment, Penetration Testing, Application Testing Tests, API Security Testing, Secure Code Review, RedTeam Exercises, Firewall Rulebase Reviews, URL Filtering Policy Review, etc.

- Conduct Secure Network Architecture Reviews.

- Conduct Cloud Security Assessment.

- Conduct Phishing Awareness Exercises (e. awareness sessions, random assessments etc.

- Define and assess implementation of security standards for new security/ network devices/ solutions/ products/ platforms/ systems.

- Participate in system commissioning and de-commissioning to ensure compliance with security standards.

- Participate in Change Management Reviews.

- Governance of System Security Practices (e. implementation of practices, closure status of findings, service provider engagements etc.

- Provide recommendations/ guidance to various stakeholders (e. IT Infra, Cloud Administrators, Application Developers, Application Support etc.) for closure of System Security Findings to ensure timely closure of findings.

- Conduct Risk Assessment of System Security findings.

- Management of Service Providers to ensure effective delivery of System Security Testing and related Services.

- Support internal & external audits for System Security Practices.

- Ensure team is always audit ready to effectively handle internal & external audits for System Security Practices.

- Define roadmap and implement changes in the practices to ensure Continual Improvement in System Security Practices.

- Present roadmap and implementation status for continual improvement to CISO and Information Security Committee.

- Present status of System Security Practices along with the closure status of System Security Findings and Risks to CISO and Information Security Committee.

Preferred candidate profile :

- Bachelors or Masters degree in Information Technology, Information Security, Cyber Security, Computer Science, or a related field.

- 5 to 6 years of progressive experience in System Security Practices.

- Having Managerial experience along with hands-on experience will be preferred.

- Relevant certifications such as ISO27001, CEH, OSCP, CISSP will be preferred.

- Understanding of regulatory frameworks and industry standards (ISO 27001, PCI-DSS, SOC2, RBI, DPDP Act, etc.

- Good Communication (verbal & written) and Personal skills.

- Risk oriented Managerial thought process is must.

- Quick learning and adaptive abilities.