Condé Nast is a global media company producing the highest quality content with a footprint of more than 1 billion consumers in 32 territories through print, digital, video and social platforms. The company’s portfolio includes many of the world’s most respected and influential media properties including Vogue, Vanity Fair, Glamour, Self, GQ, The New Yorker, Condé Nast Traveler/Traveller, Allure, AD, Bon Appétit and Wired, among others. Job Description Location: Chennai, TN To deliver the above, we are recruiting for the post of Security Operations Centre (SOC) Analyst. The SOC analyst will, reporting to the SOC Manager, participate in the securing of Conde Nast assets across global markets by delivering a dedicated, focused and high-performing function to the organisation, which includes; Security Event Monitoring Event Triage and Escalation Insider Threat monitoring and management Security Incident Analysis and Response Vulnerability Management Threat Review and Analysis Threat Hunting Escalation point for SOC The SOC Analyst will have the opportunity to develop skills across a broad range of security tools and solutions, many of which will be cutting-edge. Required Skills: Minimum 8 years of Security Operations experience with at least 7 years of experience working with event monitoring and management, preferably in a SOC setting. 24X7 Security Operations Centre (SOC) and ensure seamless delivery of monitoring service and SLA management Coordinate with global stakeholders to understand the infrastructure, application, and business process to understand the threat hunting and SOC Monitoring coverage. Supporting SIEM platforms to ensure adequate log source integrations and fine-tuning Demonstrated experience with endpoint telemetry, Malware analysis tools, Exploit kits and SIEM platforms(Splunk/IBM QRadar/ArcSight/Logrhythm) Tactically supports the Vulnerability Management (VM), in the areas of the security patch and remediation management, must have experience in(Rapid7, Nessus, Tenable or others) Work with the security Engineer to ensure all security tools and solutions are properly configured and maintained. Incident Response - Escalation point of contact for incident response activities and acts as needed as Incident manager to ensure proper protection or corrective measures have been taken, and follows procedures to contain, analyse, and eradicate malicious activity Threat Hunting - Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Experience with TIPs will be beneficial in developing the hypothesis. SPAM/Phishing analysis - Executes analysis of email-based threats to include understanding of email communications, platforms, headers, transactions, and identification of malicious tactics, techniques, and procedures In-depth knowledge of cyber defensive and offensive techniques, malware families and adversary tactics, techniques and procedures, MITRE ATT&CK, NIST Frameworks Knowledge of Cloud infrastructure and security(AWS, GCP and Azure). In-depth knowledge of Antivirus - McAfee/Symantec/Sophos In-depth knowledge of EDR solutions(Sophos XDR/Crowdstrike/FireEye HX/SentinelOne/McAfee EDR/Symantec EDR) Hands-on experience in managing any of the SOAR solutions (Rapid7 SOAR/InsightConnect/Swimlane/IBM Security Resilient) Sound working knowledge of firewalls and VPNs: Palo-alto/FortiGate, VPN: Appgate VPN/Any other VPN Hands-on experience with Network Detection and Response tools (Rapid7, Cortex or any other NDR tools) Fundamental knowledge of the principles of Identity and access management Fundamental knowledge of Encryption & PKI. Good understanding of Proxies, WAF, Cyber deception technology, Windows, UNIX/Linux Security best practices Provides audit, analysis, and material support for cyber-related validation, certification, standards, governance, process, infrastructure, deployment and ongoing maintenance. Experience in using a scripting language to automate tasks. Good communication and presentation skills Experience of working in a fast-paced, globally dispersed environment Good analytical, problem-solving solving and interpersonal skills Educational Qualifications: B.Tech/M.Sc IT Certification CompTia Security+, CompTia CySA+, SIEM Associate Admin or any similar SIEM admin certification SSCP or similar certification What happens next? If you are interested in this opportunity, please apply below, and we will review your application as soon as possible. You can update your resume or upload a cover letter at any time by accessing your candidate profile. Condé Nast is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, familial status and other legally protected characteristics.

Condé Nast is a global media company producing the highest quality content with a footprint of more than 1 billion consumers in 32 territories through print, digital, video and social platforms. The company’s portfolio includes many of the world’s most respected and influential media properties including Vogue, Vanity Fair, Glamour, Self, GQ, The New Yorker, Condé Nast Traveler/Traveller, Allure, AD, Bon Appétit and Wired, among others. Job Description Location: Bengaluru, KA This role sits within the Cyber Security team reporting into the Security Architecture and Engineering Manager and provides the team with security engineering expertise to ensure our various security tools, technologies and solutions are well placed, properly configured and finely tuned to provide the team with the visibility and data to allow us to proactively identify, respond to and mitigate threats and vulnerabilities. This is a "lead" role, therefore the successful candidate will bring a high level of knowledge and experience from providing security engineering services into multi-disciplinary security teams. The successful candidate holder will manage our current security tooling and support the implementation of further security tools and solutions to defend against cyber attacks and other threats. This successful candidate will also work with our infrastructure and networking colleagues to configure and tune the tools used by those teams, to ensure the SOC team receives the necessary logs, data and alerts. You will continuously monitor and test our systems, making sure that our security defences are up to date and providing optimal performance. The successful candidate will already be well embedded into the security engineering culture and will demonstrate full understanding of the landscape of tools, technologies and solutions that form the backbone of security management and will have held similar security engineering roles at large organisations. You must have demonstrable expertise in identifying security gaps in our current toolsets and the placement to propose remedies that will enable us to leverage existing and new tools, processes and other technologies, to provide a dedicated integrated approach across our digital and enterprise environments. To be successful you will have an understanding of Security Threat and Risk Assessment methods as well as experience of performing security architecture reviews and change management reviews, ensuring any impact to our security controls and risk posture is identified and considered prior to providing approval. The candidate should also have worked on PAM or IAM projects previously and have knowledge of mainstream Privileged Access Management solutions and Identity Access Management solutions. Duties: Work with the Security Architecture team to develop, enhance and improve the Conde Nast’s security solutions and tools. Administer, manage and maintain our CyberArk platform. Administer, manage and maintain our Vulnerability Management system used across regions. Perform ongoing administration, maintenance and development of our SIEM solution. Perform ongoing administration, maintenance and development of our InsightIDR solution, including the NDR Platform. Ensure our security tools provide actionable alerts and insights to our Security Operations Centre, enabling us to better detect and respond to threats. Review change requests that may have an impact on Conde Nast’s security posture as part of the change review process. Work to implement technical security controls across our regions. Work closely with our Security Architect to ensure tooling is deployed as per the design, supporting the architect with the low level design where required. Lead the implementation of new solutions across our regions to ensure we deliver secure compliant security solutions. Assist with ensuring regions adhere to security policies which have been published centrally, where gaps exist, work with the architecture team to develop solutions to close these gaps. Work with our DevOps teams to implement security controls in the cloud environments used, such as AWS and Google Cloud Platform. Required Skills/Experience: Exp 7 - 10 years, with at least 2 years experience in a lead/senior role This role is central to the continuing changes and improvements that we are making in the way security is delivered at Conde Nast. To be successful, the candidate will need to have and demonstrate an in-depth knowledge and experience of several of the following areas, along with a proactive focused attitude; Expertise in at least 3 of these domains: Security Architecture and Engineering - min 5 years Communication and Network security - min 5 years Privileged Access Management - min 5 years Identity and Access Management (IAM) - min 5yrs Security Assessment and Testing - min 3 years Experience of implementing and maintaining Vulnerability Management solutions, as well as performing day to day administration. Experience of having implemented and maintained Rapid 7 InsightIDR. Experience with log management and/or SIEM technologies such as Splunk, InsightIDR NextGen SIEM etc. Experience of having worked with or supported CyberArk Privilege Cloud. Knowledge of Windows, Linux, Network, Firewall, NDR technologies Good understanding of Active Directory, DNS, LDAP and Okta (or other identity management provider) Understanding of security and compliance frameworks including NIST and PCI-DSS Ability to explain vulnerabilities to different audiences — technical and business. Experience of having managed and maintained XDR Platforms or solutions such as Sophos Intercept X, Crowdstrike, SentinelOne Experience of having managed and maintained Secure Cloud Network Analytics. Demonstrable experience of implementing, configuring and tuning security tools Thorough knowledge of the AWS service offerings. Knowledge of monitoring and verifying the implementation of IT security baselines within the IT organisation. Must have expert level knowledge and experience on the following IT security categories: Security Information and Event Management (SIEM), Network Detection and Response (NDR) and Vulnerability Management (VM) Proficiency in Python, Powershell, JavaScript or other scripting languages. Knowledge of cloud, containers, kubernetes beneficial Excellent communication and presentation skills Excellent written language skills Primary Skills: Insight IDR including NDR (Network Detection and Response), Vulnerability Management (Rapid 7), SIEM (Security Information and Event Management ; Networking ; AWS Secondary Skills: DMARC Solutions (i.e. OnDMARC ; Mimecast ; Dmarcian etc.) ; DLP Solutions (Google Workspace) ; IAM & PAM solutions (Identity & Access Management Solutions - Ping; Okta; CyberArk) ; Secure Cloud Analytics (Cloud NDR) ; EDR / XDR solutions Educational Qualifications: Any of the following certifications would be advantageous: Security Qualifications: CISSP, CISSP-ISSAP, TOGAF, Security +, AWS Certified Security; AWS Solutions Architect Networking qualifications: CCNA ; CCNP ; CompTIA Network+ What happens next? If you are interested in this opportunity, please apply below, and we will review your application as soon as possible. You can update your resume or upload a cover letter at any time by accessing your candidate profile. Condé Nast is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, familial status and other legally protected characteristics.

Condé Nast is a global media company producing the highest quality content with a footprint of more than 1 billion consumers in 32 territories through print, digital, video and social platforms. The company’s portfolio includes many of the world’s most respected and influential media properties including Vogue, Vanity Fair, Glamour, Self, GQ, The New Yorker, Condé Nast Traveler/Traveller, Allure, AD, Bon Appétit and Wired, among others. Job Description Location: Bengaluru, KA Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each month. The company is headquartered in London and New York, and operates in 32 markets worldwide, including China, France, Germany, India, Italy, Japan, Mexico & Latin America, Russia, Spain, Taiwan, the U.K. and the U.S, with local licensed partners across the globe. The Cyber Security Team provides the security services that underpin Conde Nast’s security posture and enhance the organisation's security profile. The Cyber Security Team is responsible for; Information Security and Cyber Risk management, Security Operations and the global SOC, Security Architecture and Application Security as well as Security Engineering. This role sits within the Cyber Security team reporting into the Security Architecture and Engineering Manager and provides the team with application security expertise that will allow the team to fully engage with the Development and Engineering teams and work with them to embed security into their development lifecycle. The successful candidate will own and manage Cyber Security relationships with key stakeholders within the Platform, Development and Engineering teams. Conde Nast employs a large development team that develops around 250 products or services across the business which are predominantly consumed by our customers across the globe. As such we have a massive focus on ensuring all products we build and develop are done so securely. We are seeking someone who is an SME in the areas of Application Security and DevSecOps and has worked in a lead role within a global organisation for a number of years. The ideal candidate will come from a development background and will have demonstrable expertise in Application Security, DevSecOps, S-SDLC and relevant CI/CD methodologies. The applicant will act as the lead on all Application Security initiatives as well as initiatives which support securing the overall development lifecycle. The post holder will use their experience and knowledge to identify security gaps in our current application development lifecycle and processes and propose remedies to improve security throughout the lifecycle. In addition you will support our efforts to implement a “shift security left” approach with recommendations that will enable us to operate in a truly dedicated DevSecOps manner. The applicant should have an understanding of Application Threat modelling methodologies and will have experience of performing Threat modelling having previously used various tools in performing these. The applicant should look to actively promote adoption and use of such methodologies and ensure security requirements are understood and embedded into the development lifecycle. Duties: Work collaboratively with Product, Engineering and Global Architecture teams to identify vulnerabilities in applications, at the design stage. Engage regularly with development teams to discuss any security concerns relating to products or applications. Act as an SME on application vulnerabilities and support with detailing remediation steps to developers. Provide advice where required to assist with remediation. Perform manual testing to ascertain whether vulnerabilities are true positives and validate automated test scan results if required. Administer, manage and maintain our SCA, SAST, IaC, Container and DAST security solutions, ensuring tooling is fit for purpose and providing value, as well as new features are being utilised. Support with onboarding development teams onto security tooling and integrating tools into their CI/CD pipeline, ensuring their applications are regularly being scanned for vulnerabilities. Drive security improvements and enhancements within the products and applications Conde Nast develops. Identify gaps in our application security controls and make recommendations for improvements to tooling or processes to resolve the gaps and improve security. Support with Code Reviews/Analysis. Knowledge of Java, Java Script and NodeJs is essential. Support with arranging third party penetration testing against key applications or services. Support with any application security related questions developers have when making design decisions that may impact the security posture of applications. Provide business stakeholders and the GRC team with reporting on application vulnerabilities and KRI’s across our application portfolio. Develop and maintain all documentation for our Application Security Tooling, including processes and procedures for onboarding and offboarding teams and utilising tools in general. Regularly update and maintain our Application Security standards, best practices and guidelines within Confluence to ensure developers have a central location to reference. Act as the Security Champion Program Co-ordinator, chairing meetings, bringing together Security Champions across development teams and ensuring Security requirements are published, passed onto teams and implemented as required. Required Skills: To be successful, the candidate will need to have and demonstrate the following knowledge, skills and experience, along with a proactive focused attitude; Minimum 5 years experience in Application Security and Engineering. Minimum 5 years experience in Secure Development Lifecycle Thorough knowledge of CI/CD and DevSecOps principles. Awareness of application security flaws and web application best practices (e.g. OWASP Top 10, CWE SANS Top 25) Understanding of STRIDE, or other Threat modelling or applicable methodologies Experience of working in a geographically dispersed organisation with varied stakeholders. Experience of implementing security within a DevOps environment i.e. adopting a shift-left approach within Application Security. Knowledge of cloud and containers essential (Kubernetes, AWS, Docker, AWS EKS) Experience of having worked with GitHub and GitHub actions is essential. Experience of using Static and Dynamic Code Analysis tools (Snyk and Rapid 7 AppSec are beneficial) Awareness and experience of the NIST framework and PCI-DSS Standard. Experience of container vulnerability scanning or securing containers. Experience of programming / development technologies, (this will be tested at interview) Experience of AWS WAF implementation and AWS services in general. Good communication, presentation and written language skills. Knowledge of development methodologies e.g. Agile Educational Qualifications: BS Computer Science or similar qualification Application Security certifications (CEH, CASE, CSSLP or similar) What happens next? If you are interested in this opportunity, please apply below, and we will review your application as soon as possible. You can update your resume or upload a cover letter at any time by accessing your candidate profile. Condé Nast is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, familial status and other legally protected characteristics.