Data Security Architect
Experience:7+years
location: Dubai
Notice: immediate -30days
Key responsibilities:
- Azure and Office 365 E5 security components deployment
- Understanding business requirements
- Be familiar with current trends with the digital workplace, including cloud journeys regarding Digital Workplace Technologies (Productivity, Collaboration, Mobility, End User Device) Developing and supporting presentations which resonate with senior stakeholders
Required Certifications:
- Office365 Security Administrator Associate
- Microsoft Azure Security Technologies AZ 500
- CISSP / CISM / CCSP (preferred)
Experience with following Components
The resource will primarily work on all the security requirements, configuration, troubleshooting and review required by CyberSec and TCM unit of the following components:
- Azure Security Center
- Azure AD RBAC
- Privileged Identity Management
- Conditional Access Policies
- Azure Advance Threat Protection
- Azure Information Protection and HYOK
- Enterprise mobility with Intune MAM and MDM Policies
- Office365 ATP and Mail-flow
- Microsoft cloud threat intelligence
- Microsoft Cloud Application Security CASB setup and monitoring
- Windows Defender ATP
- Policy configuration for One drive, SharePoint, Outlook, Teams and Office
- Azure AD Hybrid Join and Password Hash Sync
- Customer Lockbox and advanced compliance policies in Azure cloud
- AIP Data classification and creating DLP policies
Experience:7+years
location: Dubai
Notice: immediate -30 days
- Mobile Security iOS and Android
Technical Req:
Hands on experience with:
- Manual review of the code from a security standpoint and specifically the business logic functions, written in Swift/Objective-C and Kotlin/Java
- Assessing native applications written in Swift/Objective-C and Kotlin/Java
- Assessing applications built using cross-platform frameworks like Cordova, Xamarin, React Native and Ionic
- Reviewing Webview based Mobile Application which have cross platform support for both Android and iOS.
- Working on a Jailbreak/Root device with the ability to test on a hardened device (essential test cases)
- File system structure of iOS and Android
- Security assessment of Web applications/API security.
- Basic MAM and MDM policies and structures.
- Experience on working with tools for runtime analysis of Android applications: FRIDA, Xposed Framework, Objection, MobSF, Insepeckage etc.
- Knowledge of Linux operating system
- Formulating strong controls for storing sensitive information such as session id, encryption key, license key, etc. on the client side
- Reversing the iOS and Android application and reviewing the decompiled code (IDA Pro, Hex-Rays Ollydbg, etc.)
- Bypassing the client side controls such as Jailbreak/Root detection, SSL Pinning, anti-tampering and anti-debug
- Formulating the pattern for resiliency controls which cannot be easily bypassed using publicly available tweaks
- Evaluating secure usage of keychain and keystore for sensitive data storage
- Code obfuscation techniques
- Reviewing the output of the SAST tool and identifying false positive security issues
- Writing PoC scripts or IPA/APK as well as burp suite extenders
- Validating the mobile application controls as per the OWASP MASVS L1/L2/L3 Controls
- Validating the backend endpoint, that is being consumed by the mobile application, as per the OWASP ASVS
- Analyzing the mobile app components and its internals such as IPC, code signing, sandboxing, Android activities/services/content providers and broadcast receivers
- Working based on Agile principles
- Using SCMs for Code management
- Utilizing below tools during the mobile app assessment
- Frida
- Needle, Objection and MobSF
- XCode, Android Studio and their command line utilities
- Commercial SAST as well as IAST tools
- APK tool
- Burp Suite and its extenders including writing in-house tools, extenders and automated scripts.
Additional/Good to Have Skills:
- Good understanding of Android development.
- Experience on working with native as well as hybrid application development methodology.
- Good understanding of network security assessment.
- Security certifications like OSCP, OSCE, and CRT would be a plus.
- Good Knowledge of any one scripting language for automation of security test cases.
Soft Skills:
- Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective
- Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement “good architecture principles” to lower technical debt
- Assertive personality; should be able to hold her/his own in a project board or work group setting
- Superlative written and verbal communication skills; should be able to explain technical observations in an easy to understand manner
- Ability to work under pressure and meet tough/challenging deadlines
- Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not
- Strong understanding of Risk Management Framework and security controls implementation from an implementer standpoint.
- Has strong decision making, planning and time management skills.
- Can work independently.
- Has a positive and constructive attitude
Experience:7+years
location: Dubai
Notice: immediate -30days
- Deep conceptual understanding of the inner workings and security of:
- Container / Cloud Native Technology ~ Docker/equivalent Ecosystem - Building Images, Registries, Networking, Storage, Security
- Kubernetes
- Gloo (API Gateway)/equivalent
- Service Mesh (e.g. Istio with Envoy Proxy, LinkerD)
- HA Proxy
- Container Native Interface (CNI) like Weave, Flannel, Calico, etc.
- Kubernetes Network Policies
- Ingress Controllers (NGINX)
- Stateless Hosting
- Reverse Proxy (Envoy)
- Consul
- Prometheus/Grafana
- Secrets Management (HashiCorp Vault or similar)
- Application Performance Management
- Manage IQ
- Container Vulnerability & Threat Management
- SSO ~ Keycloak/equivalent (SAML, LDAP, MS AD)
- Nexus IQ/equivalent and relevant integrations like Gradle/Maven
- CI/CD Pipelines and relevant integrations like Jenkins, Jira, Sonar
- Background covering infrastructure components like Networking, Server platforms, storage, application structure (2-tier, 3-tier), Identity, Security (Encryption, PKI), load balancing
- Backend for Front-End Architectures including Interceptors
- Enterprise Caching and Layering Redis
- Micro-service Architecture including NoSQL and traditional RDBMS Storage
- Shell scripting skills (BASH, CSH)
- Working knowledge on
- FluentD
- Helm
- DataGrid
- JBoss
- Cloud Suite
- ELK
Core Responsibilities:
- Secure Design including but not just limited to Security Anti-Patterns, Cloud Native Interfacing for Application Suites
- Penetration Testing/Exploitation
- Secure Code Reviews understanding of relevant stack
- Security Automation using Scripting
- Ensuring Data Privacy and Security Requirements are fulfilled
- Risk Management
Communication/Stakeholder Management
Infrastructure Security Architect
Experience:8+years
location: Dubai
Notice: immediate -30days
Infrastructure
Education & Certifications:
- Master or Bachelors degree in computer science, information systems management or related field.
- CISSP, CEH, OSCP, OSCE or others.
Experience:
- 10 years of experience in information technology where mostly spent in infrastructure security architecture and engineering.
- Experienced in different infrastructure technologies, tools and trends covering IaaS, PaaS, Virtualization, Containers, Storage and Network related areas.
- Experienced in defining security baseline standards, best practices and security controls for various infrastructure technologies
- Experienced in Linux and Windows with various open source technologies
Skills:
- Comprehensive knowledge of infrastructure technologies, virtualization, operating systems, exchange, active directory, storage, database and networks
- Deep knowledge of Agile way of working Scrum/Kanban
- Should be able to define foundational security requirements for IaC, Ansible, Terraform, Kubviet, Kubernetes, OVM, OpenSource DB etc
- Should be able to provide security requirements for wide variety of tools used in achieving automation like Jenkins, GIT, Nexus etc
- Have worked with key security solutions and tools like Vault, PAM, SIEM, WAF, Firewall, IPS, IDS, DLP, PKI etc
- Perform Penetration Testing/Exploitation.
- Secure Code Reviews.
- Security Automation using Scripting.
- Strong Risk assessment skills.
- Strong coding and scripting skills.
- Knowledge of programming languages like .NET, Java, NodeJS, Angular JS, and secure coding practices.
- Knowledge of different cloud deployment models and cloud taxonomies
- Knowledge of ITSM and related tools
Email: Kiran.Veigas@happiestminds.com
No comments:
Post a Comment
Please give your feedback or Job Request here