Lead SecOps

Minimum Experience: 10+ years

Mandatory Skills Set: Cloud Security, Offensive and Defensive security principles, Penetration testing, SAST/DAST, VAPT, Security Compliances.

About Us:
CLOUDSUFI is a Data Science and Product Engineering organization building Products and Solutions for Technology and Enterprise industries. We firmly believe in the power of data to transform businesses and make better decisions. We combine unmatched experience in business processes with cutting-edge infrastructure and cloud services. We partner with our customers to monetize their data and make enterprise data dance.

What Are We Looking For:
CLOUDSUFI is seeking an Information Security Lead overseeing the organization's information security framework, ensuring the confidentiality, integrity, and availability of all data. This role involves developing and implementing security policies, managing risk assessments, and addressing compliance requirements. The Infosec Lead will also lead incident response efforts, conduct regular security audits, and collaborate with cross-functional teams to mitigate vulnerabilities. Strong expertise in cybersecurity tools, frameworks, and best practices is essential for this role.

Roles & Responsibilities:

1. Work independently with vendors and collaborate with colleagues.
2. Experience negotiating remediation timelines and/or remediating found issues independently.
3. Ability to implement vendor platforms within CI/CD pipelines.
4. Experience managing/responding to incidents, collecting evidence, and making decisions.
5. Work with vendors and internal teams to deploy criteria within WAF and fine-tune configurations based on application needs.
6. Multitasking and maintaining a high level of concentration on assigned projects.
7. Strong working knowledge of AWS security in general and familiarity with AWS native security tools.
8. Promote security within the organization despite roadblocks, demonstrating resilience and persistence.
9. Define and integrate DevSecOps security requirements in projects.
10. Articulate security requirements during architecture meetings while collaborating with application and DevOps teams.
11. Hands-on experience with various security tools and techniques, including:
1. Trivy, Prowler, Port53, Snyk for container and application security.
2. Kali Discovery and vulnerability scanning for penetration testing and threat assessment.
3. Network and website penetration testing (PT) to identify and remediate security vulnerabilities.
4. SAST and DAST tools for static and dynamic application security testing.
5. API security testing.
6. Web/Mobile App SAST and DAST.

Preferred Certification:

1. AWS Security /CISSP /CISM (Certified Information Security Manager)

Required Experience:

1. 8+ years of experience with AWS orchestration via Terraform scripts.
2. 8+ years of experience with CloudWatch, CloudTrail, and GuardDuty.
3. 8+ years of experience with AWS WAF.
4. 6+ years of experience with Cloudflare or any other WAF tool.
5. 6+ years of experience with Datadog or any other logging and monitoring tool.
6. 6+ years of experience with Trivy or any other vulnerabilities and configuration issues in AWS.
7. 6+ years of experience with Prowler or any other security issues in AWS or other cloud.
8. 6+ years of experience with Snyk or any other tool for SCA, SAST and SBOM.
9. 6+ years of experience with any SAST/DAST tool.
10. Experience with PagerDuty.
11. Ability to conduct nuanced threat assessments.
12. Experience with SOPHOS.
13. Significant experience with compliance regimes like PCI, SOC2, SOX, and HIPAA.
14. Proficiency in Infrastructure as Code tools like Ansible, Terraform, and CloudFormation.
15. Strong experience implementing security tools within CI/CD pipelines.
16. Expertise in cloud service providers, particularly AWS.
17. Proven ability to oversee technological upgrades and improve cloud security environments.
18. Skilled in developing, installing, configuring, and integrating IT tools and security processes.
19. Competence in static and dynamic code analysis tools, interpreting results, and guiding teams to address gaps.
20. Extensive experience in penetration testing, container security, and threat vulnerability assessments.
21. Capability to assess technology architectures for vulnerabilities and recommend improvements.
22. Strong leadership in creating and managing security strategies and overseeing information security audits.
23. Expertise in developing and maintaining security policies, standards, and guidelines.

Non-Technical/Behavioral Competencies Required:

1. Must have worked with US/Europe based clients in onsite/offshore delivery model.
2. Written communication, technical articulation, listening, and presentation skills (8/10 minimum).
3. Should have good conflict management.
4. Should have superior persuasive and negotiation skills.
5. Should have demonstrated effective task prioritization, time management, and internal/external stakeholder management skills.
6. Should be a quick learner, self-starter, go-getter, and team player.
7. Should have experience of working under stringent deadlines in a Matrix organization structure.