• Cyber Security Architect or Cyber Security CoE Head

Location Karnataka Bangalore
Experience Range 12 - 16 Years
Open

Skills Deep knowledge of NIST CSF, 800-53, ISO 2700X, SOC2 security frameworks Knowledge of data loss prevention (DLP) concepts and awareness of tools such as Symantec DLP/ Forcepoint DLP/ SolarWinds DLP Experience in Cloud PaaS components such as App Service, Traffic Manager, NSG, Front-Door, ExpressRoute, AWS DirectConnect, EC2, EBS, S3, RDS, VPC, and Cloudfront Experience in securing containers such as Kubernetes, and Docker Exposure to cybersecurity standards including NERC, CIP, HIPAA/HITRUST, an
Job Description
About Us
EVRY India and EVRY USA is a wholly-owned subsidiary of TietoEVRY — A leading digital services and software company. We offer a comprehensive portfolio of IT services and drive digital transformation across Banking & Financial Services, Insurance, Healthcare, Retail & Logistics, and Energy & Utility sectors. The organization has formed deep-rooted relationships with global enterprises, including Fortune 1000 companies, software firms (ISVs), and successful technology start-ups. Our knowledge pool and technical capabilities extend across new developments, re-engineering, application management, testing, and process support. We offer a comprehensive range of services, enabling business agility, growth, and innovation. EVRY India delivers IT services to a wide range of customers in the USA and Nordics through its global delivery centres in Bangalore & Chandigarh, India. EVRY India's process and project maturity is very high — the two offshore development centres in India are appraised at CMMI DEV Maturity Level 5 & CMMI SVC Maturity Level 5 and certified under ISO 9001:2015 & ISO/IEC 27001:2013. Our focus on quality and governance is evidenced by the long-standing relationships we have with our customers over our two decades of presence in the USA. We impact our client's business by optimizing domain knowledge, technology expertise with time-tested and robust engagement models. By introducing fresh insight and expertise, we help customers innovate new game-changing solutions and modernize their businesses to stay ahead in the competitive environment. About TietoEVRY Headquartered in Finland, TietoEVRY employs around 24,000 experts globally. With revenues of around USD 3.3 billion, TietoEVRY serves thousands of enterprises and public sector customers in more than 90 countries. Be it talent, speed to market, innovation, or cross-pollination of ideas across markets, TietoEVRY leverages India operations to compete globally.
Roles and Responsibility

Experience: 12 - 16 yrs

Position: Permanent (Work from office from Jan 2022)

 

Qualifications:

         Bachelors or Master's degree in Engineering

         MUST: Cyber Security certification (CISSP or CISM or CISA or ECSA)

         Additional Certifications Preferred: Certified in AWS or Azure and any other Infrastructure aspects (networking certifications)

 

Pre-requisites (Mandatory Skills)

         Minimum 2 – 4 years work experience as a Cyber Security Architect or Senior Security Analyst

         3 – 5 years experience in design and implementation of security measures for hardware, software, storage, and network platforms to ensure protection from cyber attacks, and any other possible harmful intrusions on datacenters and Cloud environments.

         Deep knowledge of NIST CSF, 800-53, ISO 2700X, SOC2 security frameworks

         Must be well-versed in conducting threat modelling, risk assessments, and security audits

         Must have experience in handling infrastructure security, and application security. Should be able to recommend resolutions to handle issues.

         Must have experience in security information and event management (SIEM) process framework and intrusion detection (IPS) tools such as Splunk / SolarWinds / IBM QRadar / Datadog

         Experience with Active Directory, Windows / Linux servers, Firewalls, Routers, WAPs, End Point Security, Virtualization Technologies, Mobile Device Management, Application Management, VPN, Asset Management, Patch Management, Vulnerability Scanners

         Must have worked at client locations in consulting assignments and open to travel up to 40% of time

 

Pre-requisites (Preferred Skills)

         Knowledge of data loss prevention (DLP) concepts and awareness of tools such as Symantec DLP/ Forcepoint DLP/ SolarWinds DLP

         Experience in Cloud PaaS components such as App Service, Traffic Manager, NSG, Front-Door, ExpressRoute, AWS DirectConnect, EC2, EBS, S3, RDS, VPC, and Cloudfront

         Experience in securing containers such as Kubernetes, and Docker

         Exposure to cybersecurity standards including NERC, CIP, HIPAA/HITRUST, and FISMA

Responsibilities Include

         Head the Cyber Security Center of excellence by enabling the organization to develop and implement security solutions, offerings, and capabilities

         Develop and maintain security architecture artifacts (eg: models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations

         Participate in application and infrastructure projects to provide security strategy, and advisory

         Work closely with Enterprise Architects to mentor, train, and validate the application teams on secure coding practices and to escalate concerns related to poor coding practices

         Conduct integrated information technology audits, including but not limited to pre/post-implementation phases, security testing, vulnerability scanning, privacy, data governance, and cybersecurity reviews using accepted audit and risk assessment frameworks

         Liaise with other security, enterprise, and solution architects and security practitioners to share best practices and insights.

         Examine cyber security controls, evaluate the design and operational effectiveness, determine exposure to risk and develop remediation strategies

         Review and stay current on security technologies, tools, services, and processes and make recommendations to the broader security, IT teams, compliance teams for their use, based on security, financial, and operational metrics

 

A+| A| A-