KloudGin is looking for a Security Specialist to work with us on a continuous focus towards securing our organization and applications from various Information security / Application security and Infrastructure security threats. The candidate would be expected to implement Security best practices suited for the company and application. This includes anything between complex groups of back-end servers, the network and the applications running on the same. As Security Specialist, you would be a part of the Cloud Operation team and working with the team to implement the security best practices.
Desired Skills & Qualification:
- 5+ Years of experience in working on Security aspects
- Must be able to perform web Application vulnerability scans leveraging both tools, manual checks and perform security risk assessment
- Must be proficient in understanding various aspects of Application Security in a cloud environment and should have worked on tightening the security at all levels
- Should have experience in Qualys, Nessus, Nexpose, Saint, AWS Inspector, IBM AppScan, HP, Webinspect, Acunetix, NTOSpider, Burp Suite Pro
- Should be aware of various CIS Benchmarks and be able to tighten the application and database servers based on the guidance. Conduct checks on server level vulnerabilities and adhere to CIS benchmarks for the environments.
- Should be able to use both DAST and SAST tools to identify the vulnerabilities and work with the developers to fix and remediate the same
- Should conduct penetration testing using various tools and block the exposures in coordination with the development teams
- Ability to assess publicly and privately announced security vulnerabilities to determine the risk based on severity, threat likelihood and impact
- Good knowledge on SIEM tools and should be able to perform log monitoring using SIEM tools and manage the threats or attacks on the application / network.
- Should continuously enhance the security of the application to meet the industry best practices and should be able to translate Information Security policies and procedures into language that a business and/or technical person can understand
- Experience with network/infrastructure-level penetration testing
- Should be able to automate Secrets management across the application and Environments
- Must have experience on AWS landscape and understanding of security aspects related to EC2, VPC, CloudFront, WAF & Shield, Secrets Manager, Inspector.
- Expected to review latest threat in the industry and safeguard the application and environment against the same.
- AWS Certification along with awareness of CISSP certification will be a plus.