Senior Information Security Engineer (Linux, Cloud)

Want more jobs like this?

Get Software Engineering jobs in Hyderabad, India delivered to your inbox every week.

Get Jobs

Send me The Muse newsletters for the best in career advice and job search tips.

By signing up, you agree to our Terms of Service & Privacy Policy.

Job Responsibilities

• Administer Linux systems for Security vulnerability remediation.
• Administer and configure AWS cloud services for remediating security vulnerabilities.
• Investigate security alerts and identify a security resolution.
• Create security automation jobs on automation systems like Jenkins, ArgoCD and Ansible.
• Receiving and responding to cyber security alerts and security incident reports.
• Actively calling and leading security incident bridges and coordinating internal incident response efforts between first responders, and operations teams, and managed security services.
• Configure, support and manage SIEM and related tools, processes and procedures.
• Overseeing the incident management process and team members involved in resolving the incident.
• Collecting intrusion artifacts (e.g., source code, malware, trojans) and using discovered data to enable mitigation of potential cyber defense incidents within the enterprise.
• Coordinating and providing expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents.
• Defining information system security requirements and functionality.
• Producing formal and informal reports, briefings, and direct input to the customer.
• Support Model N business teams to achieve and maintain their security and compliance posture in accordance with regulatory requirements including but not limited to Sarbanes Oxley (SOX), SOC, ISO 27001, ISO, HIPAA, PCI-DSS, HITRUST, FedRAMP, etc.  Validate on-going compliance of policies and processes/procedures in support of requirements and ensure that controls operate effectively.
• Responsible for quality and on-time execution of periodic audit activities such as change management review, SDLC review, audit of release process and CI/CD, Segregation of duties etc.
• Review architecture, integrate compliance and security into solution designs, assess risks of security gaps, and develop remediation plan. Perform follow-up activities related to remediate gaps, drive remediation efforts.
• Thorough understanding of the latest security principles, techniques, and protocols
• Can communicate to senior leaders, provide recommendations, and excels at gaining multi-team alignment.
• Knowledge of industry best practices for foundational security elements including network devices and system-level hardening
• Serve as point of contact to work closely with cross functional teams - Engineering/ product security/ IT/ corporate security teams to identify risk to the business/ product and other areas necessary to identify risks to the business.
• Display technical excellence in Cloud Native technologies as well as multidisciplinary capabilities in coding, and networking.
• Be able to map technical controls to the risk they solve and help create business justification for the necessary technical solutions

Job Qualification

• 5+ years of experience in Information Security, Security Architecture, Threat Management and Security Operations.
• Cloud security essentials in at least one of AWS, OCI, or Azure.
• Drive security vulnerability remediation on cloud assets.
• Configure AWS services for attaining security best practices and CIS benchmarks
• Broad security subject matter expertise in areas such as network security, endpoint security, malware analysis, reverse engineering, and cloud etc.
• Experience with a SIEM and SOAR platform.
• Experience with building incident response tooling and scripting language skills.
• Must have experience supporting and driving ISO 27001, SOC, PCI DSS readiness and audit (e.g., control design review, control operating effectiveness audit, assessment write -ups and control documentation review, audit evidence upload, supporting audit walkthroughs with auditors, etc.) 
• Certification preferred (but not a requirement) in one or more of the following: CISA, CISM, Cloud platforms.
• Expert communicator with a track record of operating, partnering with and influencing up to and including exec-level stakeholders.
• Ability to organize, conduct and drive meetings and outcomes with little to no manager involvement.  Must be aware of and deliver quality stakeholder engagement experience. 
• Ability to work closely with auditors, regulators, and internal stakeholders and articulate technical concepts
• Ability to multitask and manage simultaneous projects