Condé Nast is a global media company producing the highest quality content with a footprint of more than 1 billion consumers in 32 territories through print, digital, video and social platforms. The company’s portfolio includes many of the world’s most respected and influential media properties including Vogue, Vanity Fair, Glamour, Self, GQ, The New Yorker, Condé Nast Traveler/Traveller, Allure, AD, Bon Appétit and Wired, among others.
Job Description
Location:
Bengaluru, KA
This role sits within the Cyber Security team reporting into the Security Architecture and Engineering Manager and provides the team with security engineering expertise to ensure our various security tools, technologies and solutions are well placed, properly configured and finely tuned to provide the team with the visibility and data to allow us to proactively identify, respond to and mitigate threats and vulnerabilities.
This is a "lead" role, therefore the successful candidate will bring a high level of knowledge and experience from providing security engineering services into multi-disciplinary security teams. The successful candidate holder will manage our current security tooling and support the implementation of further security tools and solutions to defend against cyber attacks and other threats.
This successful candidate will also work with our infrastructure and networking colleagues to configure and tune the tools used by those teams, to ensure the SOC team receives the necessary logs, data and alerts.
You will continuously monitor and test our systems, making sure that our security defences are up to date and providing optimal performance.
The successful candidate will already be well embedded into the security engineering culture and will demonstrate full understanding of the landscape of tools, technologies and solutions that form the backbone of security management and will have held similar security engineering roles at large organisations.
You must have demonstrable expertise in identifying security gaps in our current toolsets and the placement to propose remedies that will enable us to leverage existing and new tools, processes and other technologies, to provide a dedicated integrated approach across our digital and enterprise environments.
To be successful you will have an understanding of Security Threat and Risk Assessment methods as well as experience of performing security architecture reviews and change management reviews, ensuring any impact to our security controls and risk posture is identified and considered prior to providing approval. The candidate should also have worked on PAM or IAM projects previously and have knowledge of mainstream Privileged Access Management solutions and Identity Access Management solutions.
Duties:
Work with the Security Architecture team to develop, enhance and improve the Conde Nast’s security solutions and tools.
Administer, manage and maintain our CyberArk platform.
Administer, manage and maintain our Vulnerability Management system used across regions.
Perform ongoing administration, maintenance and development of our SIEM solution.
Perform ongoing administration, maintenance and development of our InsightIDR solution, including the NDR Platform.
Ensure our security tools provide actionable alerts and insights to our Security Operations Centre, enabling us to better detect and respond to threats.
Review change requests that may have an impact on Conde Nast’s security posture as part of the change review process.
Work to implement technical security controls across our regions.
Work closely with our Security Architect to ensure tooling is deployed as per the design, supporting the architect with the low level design where required.
Lead the implementation of new solutions across our regions to ensure we deliver secure compliant security solutions.
Assist with ensuring regions adhere to security policies which have been published centrally, where gaps exist, work with the architecture team to develop solutions to close these gaps.
Work with our DevOps teams to implement security controls in the cloud environments used, such as AWS and Google Cloud Platform.
Required Skills/Experience:
Exp 7 - 10 years, with at least 2 years experience in a lead/senior role
This role is central to the continuing changes and improvements that we are making in the way security is delivered at Conde Nast. To be successful, the candidate will need to have and demonstrate an in-depth knowledge and experience of several of the following areas, along with a proactive focused attitude;
Expertise in at least 3 of these domains:
Security Architecture and Engineering - min 5 years
Communication and Network security - min 5 years
Privileged Access Management - min 5 years
Identity and Access Management (IAM) - min 5yrs
Security Assessment and Testing - min 3 years
Experience of implementing and maintaining Vulnerability Management solutions, as well as performing day to day administration.
Experience of having implemented and maintained Rapid 7 InsightIDR.
Experience with log management and/or SIEM technologies such as Splunk, InsightIDR NextGen SIEM etc.
Experience of having worked with or supported CyberArk Privilege Cloud.
Knowledge of Windows, Linux, Network, Firewall, NDR technologies
Good understanding of Active Directory, DNS, LDAP and Okta (or other identity management provider)
Understanding of security and compliance frameworks including NIST and PCI-DSS
Ability to explain vulnerabilities to different audiences — technical and business.
Experience of having managed and maintained XDR Platforms or solutions such as Sophos Intercept X, Crowdstrike, SentinelOne
Experience of having managed and maintained Secure Cloud Network Analytics.
Demonstrable experience of implementing, configuring and tuning security tools
Thorough knowledge of the AWS service offerings.
Knowledge of monitoring and verifying the implementation of IT security baselines within the IT organisation.
Must have expert level knowledge and experience on the following IT security categories: Security Information and Event Management (SIEM), Network Detection and Response (NDR) and Vulnerability Management (VM)
Proficiency in Python, Powershell, JavaScript or other scripting languages.
Knowledge of cloud, containers, kubernetes beneficial
Excellent communication and presentation skills
Excellent written language skills
Primary Skills: Insight IDR including NDR (Network Detection and Response), Vulnerability Management (Rapid 7), SIEM (Security Information and Event Management ; Networking ; AWS
Secondary Skills: DMARC Solutions (i.e. OnDMARC ; Mimecast ; Dmarcian etc.) ; DLP Solutions (Google Workspace) ; IAM & PAM solutions (Identity & Access Management Solutions - Ping; Okta; CyberArk) ; Secure Cloud Analytics (Cloud NDR) ; EDR / XDR solutions
Educational Qualifications:
Any of the following certifications would be advantageous:
Security Qualifications: CISSP, CISSP-ISSAP, TOGAF, Security +, AWS Certified Security; AWS Solutions Architect
Networking qualifications: CCNA ; CCNP ; CompTIA Network+
What happens next?
If you are interested in this opportunity, please apply below, and we will review your application as soon as possible. You can update your resume or upload a cover letter at any time by accessing your candidate profile.
Condé Nast is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, familial status and other legally protected characteristics.
