10 Sans Jobs

Job Description -: Experience of 4+ years • Hands-on experience of conducting security assessments of Web Applications, Mobile Applications, Web Services/APIs, Thick-clients. • Experience in tools such as burpsuite, nessus, nmap, acunetix, metasploit, checkmarx, etc. • Experience with Open Web Application Security Project (OWASP),SANS, Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. • Ability to explain technical vulnerabilities to both technical and non technical audience highlighting business risk. • Knowledge of at least one cloud technology (AWS, Azure,GCP) is desirable, preferrably AWS and Azure. • Good understanding of coding best practices and standards. • Good knowledge of at least one of the following programming/scripting languages viz. python, ruby, C#, powershell, C/C++, Java • Good communication skills. • Critical thinking and good problem-solving abilities. • Organized in planning and time management skills are preferred. • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable. Roles & Responsibilities -: Conduct vulnerability assessment and penetration testing for application, and other infrastructure Conduct application security assessment of web applications, mobile applications, thick-client application and API. Conduct configuration reviews for Operating System, Database, Middleware, Firewall, Routers, Switches and other infrastructure. Conduct red-team assessments Conduct cloud security assessments Conduct source-code review using automated and manual approaches Ensure timely execution of projects, delivery of status updates and final reports. Stay abreast of the latest updates in technology, security trends, vulnerabilities, exploit techniques and security news. Proficient in Ms-Excel and Powerpoint.

Highest Qualification: Any Full Time Graduate Note: Hands on experience in ISO 27001 Implementation is mandatory for this role Experienced in managing cyber security services like Cyber Risk Compliance consulting. Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web mobiles appsec, secure code review) Should be adept at conducting gap analysis, risk assessments, Impact assessments, governance and strategy development, Have worked with organizations to develop and implement various industry security standards like, IS0 27001, ISO 20000, PCI DSS, SOC2, GDPR, Privacy standards etc... Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Specific Duties and Responsibilities Include: To manage cyber security projects across EMEA region for cyber security services like Cyber security testing cyber consulting Maintaining margins Business development like having presales discussions with various teams Assist in Business development of various security standards Must Have Skills: Excellent communication and presentation skills. Able to effectively interact with various clients/sales teams and manage clients Good to have Skills / Certification: ISO27001:2013 Lead Auditor CISSP, CISA, CISM, ISO22301, OSCP, CEH, SANS, Cloud certifications, Privacy certifications like CIPP/E, CIPM Qualification: BE/ BTech, MCA, MBA with specialization in Information Security

Notice Period: Immediate/0-15 Days Joiners Only Job Description: We are seeking a highly experienced VP to lead and enhance our cybersecurity audit and assurance programs. The ideal candidate will have extensive experience in conducting and managing penetration testing, red teaming, social engineering assessments, secure code reviews, and full-scale IT and cybersecurity assessments. This leadership role involves overseeing security audits, and strengthening our clients overall security posture. Key Responsibilities: Lead cybersecurity audits and assurance programs across IT systems, applications, and infrastructure for our clients. Oversee penetration testing, red teaming, and social engineering assessments, ensuring effective security testing strategies. Manage secure code reviews and application security assessments to identify and remediate vulnerabilities. Collaborate with SOC teams, vulnerability management teams, and security engineers to enhance threat detection and mitigation. Evaluate third-party security risks and conduct supplier security assessments. Provide executive-level reports on security assurance findings, risks, and mitigation strategies. Ensure compliance with global security standards and frameworks. Mentor and develop a team of cybersecurity auditors, penetration testers, and security analysts. Qualifications and Skills: 15-20 years of experience in cybersecurity audits, security assessments, and assurance programs. Deep expertise in penetration testing, red teaming, social engineering tactics, and secure coding. Strong knowledge of security frameworks such as OWASP, SANS, CIS, NIST 800-53, ISO 27001, SOC 2, and PCI DSS. Experience with security testing tools (Burp Suite, Metasploit, Kali Linux, etc.). Ability to engage with executive leadership and present security risks effectively. Certifications preferred: CISSP, CISA, OSCP, CEH, CRTP, or equivalent.

Must-Have: Bachelor's degree in Computer Science/Information Science or related field Deep knowledge of Qualys AWS Infrastructure and Security Knowledge Analyze PEN tests and Bug Bounty findings 2-3 years experience as a Security Analyst at a SaaS company knowledge of SAST and DAST Exposure to Application Security Architectures such as NIST, OWASP, TOGAF, SWE/SANS Nice to have : Knowledge of Security Scorecard Self motivated individual ready to contribute from day one Knowledge of CIS/STIG requirements Excellent collaboration skills in working with cross functional teams. Excellent writing and oral skills Significant attention to detail CEH, CISSP, CISM or similar certification Good knowledge of SOC1/SOC2, ITIL and ISO 27001 Well-developed analytical and problem-solving skills with a results oriented focus AWS security certification will be preferred

Notice Period: Immediate/0-15 Days Joiners Only Job Description: We are seeking a highly experienced VP to lead and enhance our cybersecurity audit and assurance programs. The ideal candidate will have extensive experience in conducting and managing penetration testing, red teaming, social engineering assessments, secure code reviews, and full-scale IT and cybersecurity assessments. This leadership role involves overseeing security audits, and strengthening our clients overall security posture. Key Responsibilities: Lead cybersecurity audits and assurance programs across IT systems, applications, and infrastructure for our clients. Oversee penetration testing, red teaming, and social engineering assessments, ensuring effective security testing strategies. Manage secure code reviews and application security assessments to identify and remediate vulnerabilities. Collaborate with SOC teams, vulnerability management teams, and security engineers to enhance threat detection and mitigation. Evaluate third-party security risks and conduct supplier security assessments. Provide executive-level reports on security assurance findings, risks, and mitigation strategies. Ensure compliance with global security standards and frameworks. Mentor and develop a team of cybersecurity auditors, penetration testers, and security analysts. Qualifications and Skills: 15-20 years of experience in cybersecurity audits, security assessments, and assurance programs. Deep expertise in penetration testing, red teaming, social engineering tactics, and secure coding. Strong knowledge of security frameworks such as OWASP, SANS, CIS, NIST 800-53, ISO 27001, SOC 2, and PCI DSS. Experience with security testing tools (Burp Suite, Metasploit, Kali Linux, etc.). Ability to engage with executive leadership and present security risks effectively. Certifications preferred: CISSP, CISA, OSCP, CEH, CRTP, or equivalent.

Cybersecurity Director Reporting to the RingCentral CISO, this role will collaborate closely with local leadership to lead and orchestrate day to day tasks and business initiatives. The position will oversee and lead the local Security Operations, Compliance, Application Security, and Trust teams in India. Job Scope Developing and implementing security policies and procedures to protect organization's data and systems Leading security teams and coordinating efforts across various departments in multiple regions Ensuring compliance with relevant global and in-country regulations and standards Driving vendor risk management and customer trust programs Overseeing security operations related programs including incident response, vulnerability management, and threat intelligence Maintain solutions for firewalls, WAFs, IDS/IPS, and endpoint security infrastructure Leading security engineering efforts to design and implement secure systems and applications Conducting regular security assessments and audits to identify and mitigate risks Formulate data discovery techniques on both structured and unstructured data and work with engineering teams to guide implementation Advise technical leadership on the proper safeguard of data residing on and transiting through virtual and physical assets Collaborating with executive leadership to align security initiatives with business objectives Minimum Qualifications Bachelors degree or Advanced Degree in Computer Science, Information Technology, Cybersecurity, or relevant technical security certifications such as SANS 10+ years of extensive experience in IT and cybersecurity roles, with a proven track record in managing security teams and projects Security certifications a plus (CISSP, CISM, CISA, CCSP, OSCP, CEH, etc) Required Knowledge and Skills In-depth understanding of cybersecurity principles and best practices. Experience with compliance frameworks such as ISO 27001, NIST, and GDPR Strong technical skills in areas like network security, application security, data protection, and security architecture Proficiency in risk management, supply chain security, and incident response Leadership and management skills to effectively lead security teams and projects Excellent communication skills to interact with stakeholders, customers, and auditors at all levels Analytical and problem-solving abilities to identify and address security challenges

Role & responsibilities 6-8 Yrs years of combined IT and hashtag security work experience with a broad range of exposure to cybersecurity, systems analysis, application development and/or systems administration and 3+ years of configuration Mgmt. experience. Some cloud knowledge like Microsoft Azure , Cloud/Endpoint, Prisma, Wiz or similar CSPM/ CNAPP Familiarity with SANS Top 25 controls, OWASP Top 10 and/or MITRE ATT&CK framework Preferred candidate profile Familiarity with SANS Top 25 controls, OWASP Top 10 and/or MITRE ATT&CK framework Perks and benefits

About The Role : Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led

About The Role : Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No Performance Parameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index 7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led

What youll be doing... The Verizon Product Security Team ensures security by design product engineering and architecture for both consumer and business products. As a Principal Security Architect, you will work to conduct security assessments on both Consumer and Business products and solutions. You will help to create, define, and implement security controls and tooling in conjunction with product development teams and product owners. You will manage multiple projects with a degree of impact and complexity that must be carefully controlled to support the internal business unit security requirements. You will also work in conjunction with security stakeholders in other areas of the business and make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. You will also manage work that involves coordination with multiple organizations and is the focal point within the group. Help implement Secure Software Development Lifecycle (SSDLC) practices and use automation where possible Work with the product development teams to perform security design/code reviews and vulnerability assessment. Provide security guidance to Engineering and Product teams. Contribute to security architecture and assist in building and rolling out processes for secure code development and deployment involving truly cutting edge technology Contribute to security policy, standards, and guidelines related to Information Security Evaluate and operationalize new technologies for securing the organization Create security user stories and security test cases for products that are tailored to the product attributes and technology Support and advise product owner and product development teams by ensuring technical and architectural feasibility, readiness and compliance. What were looking for You'll need to have: Bachelors degree or one or more years of work experience. Experience in cybersecurity. Experience with security requirements analyses, building threat models, performing security design reviews, applying zero trust principles. Knowledge of application security vulnerabilities, secure coding, attack surfaces and countermeasures. Knowledge of S-SDLC, best practices for secure coding, understanding of OWASP Top 10, CIS Top 20 Even better if you have one or more of the following: Understanding of Docker, Kubernetes, container security best practices. Experience with Threat Management and Monitoring tools (like CrowdSrike, GuardDuty, Tenable, CloudTrail, Cloudwatch) and container security tools. Experience with building security and hardening Cloud Containers, Cloud OS, on-premise/cloud storage, like Cassandra, MongoDB, Data Warehouse and Object-Based storage. Hands on experience on security testing like SAST, DAST, SCA and Pen testing Understanding of authentication protocols like OID, OAuth2.0, SAML Hands-on experience in securing software development projects using iOS/Android platforms Familiar with Content Streaming Services Security like DRM, CA (Widevine, Playready, FairPlay) Experience with application programming (C/C++/Java/Kotlin/Swift/JavaScript or any other languages) and the overall software development life cycle. Written and verbal skills for communicating security concepts and solutions. Ability to prioritize between and execute on multiple work streams. Excellent organizational and interpersonal skills. One of more of the following certifications: CISSP, CISM, SANS, CCSK.