This position is a part of a centralized team of systems administrators, systems engineers, and application developers. Being part of information security team, the responsibilities will include security reviews, application testing, vulnerability assessment and penetration testing, implementation of security policies, procedures, IT audits of PSWC application, network and data center infrastructure.  

Key responsibilities

•   Performs day-to-day Information Security functions pertaining to access control on various software products, network, and processes
•   Ensure the data security of PSW assets including data encryption, hashing, tokenization, and key management practices that protect data across all applications and platforms
•   Protect the trade related data & information that is confidential in nature
•   Provide guidance to application architects to manage threats and to take preventive measures during application development lifecycle
•   Conduct manual application security testing and source code auditing for a variety of technologies
•   Conduct vulnerability assessment and penetration testing targeting critical data, services, and environments
•   Report underlying security issues and recommend enhanced security protections
•   Perform incidental response and related duties, as required
•   Create a standard set of requirements, technical designs, and recommended configurations necessary to design, implement and deploy our security capabilities in partnership with internal and external partners
•   Assists with technical direction in designing and implementing security solutions for PSW technical infrastructure and business applications
•   Evaluates and implements security devices such as firewalls, IDS, IPS, threat correlation tools, vulnerability scanning and penetration testing tools, encryption capabilities
•   Conduct vulnerability assessment tests/penetration tests to identify any flaws in conjunction with Software Testing team and CTO.
•   Develops test plan and implements rigorous testing prior to rollout of new systems into the production environment
•   Correlate and tune network, system, and application devices for security events
•   Perform routine audits to ensure compliance with security policies
•   Research and evaluate the latest security products to combat the latest threats
•   Participates in developing long term strategies for conducting system penetration, vulnerability and web application testing, risk assessments, policy creation
•   Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities – where possible identify the persons responsible for security breaches within PSW
•   Schedule and oversee conduct of periodic security audits
•   Advise, where required, the participating government agencies of PSW in matters related to cyber security; and
•   Any other related duty assigned by the COO or CEO

Required Skillset:

•   Knowledge and understanding of common information security management frameworks, such as ISO/IEC 27001, NIST, OWASP and other standards & practices
•   Networking concepts related to TCP/IP, switching and routing, microservices
•   Well versed with Linux and virtualization technology (VMWare)
•   Should have knowledge of application security with familiarity of tools for conducting web application vulnerability scanning and source code analysis
•   Understanding of security architecture definitions and its implementation
•   Hands-on experience of securing routes, DNS, DNS and Email security, VPN, DDOS mitigation technologies/tools and proxy services
•   Hands on with hardware and security software tools such as SIEM/SOAR, policies implementation on network and systems, identity, and access management, securing software development life cycle, DLP, Web Application Firewall (WAF), threat and risk management/mitigation etc.
•   Experienced in Firewall, IDS/IPS, sandboxes and other security tools and technologies – Fortinet, Huawei, Cisco
•   Must have conducted vulnerability assessments and penetration testing with subsequent security tightening
•   Experience with writing security policies and SOPs and IT audits will be a plus
•   Should be able to help in writing scope and technical evaluation of security products

Qualification and Experience:

•   Bachelor’s degree in a technology/engineering/Information Security related field required; and
•   A professional security management certification (CISSP/CISM/CEH or similar preferred)
•   Minimum 5 to 6 years of hands-on experience in Data & information security in a large enterprise environment