Cybersecurity Lead, Information Security Engineer, SIEM & Threat Management, DevSecOps & CI/CD Security, Zero Trust Architecture (ZTA), IAM & Privileged Access Management (PAM), Penetration Testing & Ethical Hacking, ISO 27001, NIST, SOC2 Compliance, Incident Response & Risk Management, Kubernetes & Cloud Security,
Job Title: Lead Information Security Engineer (Cybersecurity Lead)
Location:
About YSECIT
on-premises data centers, DevOps pipelines, and enterprise applications
Key Responsibilities
1. Security Strategy & Governance
- Define and implement
enterprise-wide cybersecurity strategy
aligned with business goals. - Establish
security policies, standards, and compliance frameworks
(ISO 27001, SOC2, NIST, GDPR). - Conduct
risk assessments, audits, and vulnerability management
across IT infrastructure. - Collaborate with senior leadership to
develop a security roadmap
for the organization.
2. Security Operations & Threat Management
- Lead
threat intelligence, incident detection, and response
programs. - Design and implement
SIEM (Security Information & Event Management) solutions
for proactive monitoring. - Establish
intrusion detection & prevention systems (IDS/IPS), endpoint security, and log analytics
. - Monitor and analyze
cyber threats, vulnerabilities, and attack vectors
to strengthen security posture.
3. DevSecOps & On-Prem Infrastructure Security
- Embed
security best practices in CI/CD pipelines
(GitLab CI/CD, ArgoCD). - Implement
container security scanning (Trivy, Clair, AquaSec) and runtime protection
. - Define
Zero Trust Architecture (ZTA) principles
for network and infrastructure security. - Ensure
encryption, access control, and firewall configurations
in on-prem Kubernetes clusters
.
4. Identity & Access Management (IAM)
- Implement and manage
Role-Based Access Control (RBAC) and Privileged Access Management (PAM)
. - Ensure
multi-factor authentication (MFA) and least privilege access control
across IT systems. - Conduct
periodic access reviews and audits
to prevent insider threats.
5. Security Awareness & Compliance
- Lead
security awareness training programs
for employees. - Ensure compliance with
global and industry-specific regulations
. - Conduct
penetration testing, red teaming, and security drills
. - Develop
incident response plans and disaster recovery strategies
.
Key Skills & Technologies
Cybersecurity Governance (ISO 27001, NIST, SOC2, GDPR, PCI DSS)
SIEM, IDS/IPS, Endpoint Security (ELK Stack, Splunk, Suricata, Wazuh, OSSEC)
DevSecOps & Secure CI/CD (GitLab CI/CD, ArgoCD, SAST, DAST, KICS)
Cloud & On-Prem Security (Zero Trust, RBAC, Kubernetes Security, Encryption, Firewalls)
IAM & Authentication (LDAP, OAuth, SAML, MFA, PAM, AD)
Penetration Testing & Ethical Hacking (Metasploit, Burp Suite, Nmap, OWASP ZAP)
Qualifications
Bachelors or Masters degree
in Cybersecurity, Computer Science, or IT.8-12 years
of experience in enterprise cybersecurity
roles.- Experience in
on-prem infrastructure security and compliance
. - Proven experience with
SIEM, IDS/IPS, IAM, and DevSecOps tools
. Industry certifications preferred
: CISSP, CISM, CEH, OSCP, CRISC.- Strong
analytical, leadership, and problem-solving skills
.
Why Join YSECIT?
Build & lead cybersecurity from the ground up
How to Apply?
manushree.raju@ysecit.com
