Senior information securityPosted: Sept. 29, 2022, 5:48 a.m. - Full Time - Bangalore
*About the team* The Security Engineering team is a part of the central Information security function which is primarily responsible for architecture reviews, efficacy and efficiency of the existing security controls, threat modelling, assessment of the various security controls / technologies based on the gaps identified, security metrics, analytics, automation etc. This team owns the security controls and reviews them on a regular basis to ensure controls are working as designed and all features of a product are being used to the maximum.
About the role Flipkart is seeking a skilled, technocrat, motivated, strong security mindset and collaborative Senior Information Security Engineer in the Security Engineering team. You will serve as an expert and be a mentor to the Security Engineering team members. You will be a strong communicator and influencer, demonstrate curiosity to learn and understand the business.
What you’ll do: ● Security review of the architecture for the new projects and existing infrastructure setup. ● Ensure efficacy of security controls deployed. Work with the technical operations team to understand security controls / tech deployed and come up with recommendations to address gaps and also take full advantage of the deployed technologies. ● Conduct threat modelling based on well known standards / frameworks such as STRIDE, PASTA etc. ● Identifying and defining the requirements of the overall security of the information processing systems. ● Identify security gaps, exposures and develop mitigation plans ● Build and execute on organisations roadmaps ● Automation & Scripting as required ● Defining and maintaining security procedures, standards,guidelines and procedures as required.
What you’ll need: ● Bachelor’s degree in information technology or other related field. ● Very strong security mindset ● At least 6-8 years of working experience in domains related to information security ● Minimum of 2-3 years of implementation experience in Security technologies (at least 2-3) such a Next Gen Firewall / IDS / IPS / NAC / CASB / EDR / WAF / AV / DLP / ATP / PIM / PAM / DAM / SIEM etc. ● Minimum of 2-3 years of implementation experience in Security technologies (at least 2-3) such as Next Gen Firewall / IDS / IPS / NAC / CASB / EDR / WAF / AV / DLP / ATP / PIM / PAM / DAM / SIEM, proxy etc. ● Very good understanding of Operating systems (Windows, Linux), VDI etc. ● Knowledge and understanding of cloud security. ● Good understanding of security frameworks, standards such as ISO 27001, NIST, CIS etc. ● Experience in security architecture reviews and driving cross-functional programs. ● Strong skills in security principles such as least privilege access, defence in depth, preventative vs detective controls, network security, cloud security, application security, endpoint security, data protection, and incident response. ● Solid understanding of operational and organisational structures. ● Possess of information security certifications (at least two) such as CISSP/CISM/CISA/CRISC/CCSP/ISO 27001/ TOGAF etc. ● Excellent problem solving, interpersonal,communication and presentation skills. ● Able to work independently and efficiently, as well as with others, to meet deadlines in a fast-paced environment.