Massil Technologies - Cyber Security Engineer - Vulnerability Management (6-8 yrs)

Job Description

Company Overview :

We are a leading provider of innovative technology solutions, committed to delivering state-of-the-art cybersecurity services to safeguard organizations against a constantly evolving threat landscape.

We are looking for a skilled Cyber Security Expert to join our team in Bangalore.

The ideal candidate will have experience in protecting IT infrastructure, identifying vulnerabilities, and deploying the best defense mechanisms for safeguarding our systems and data.

Key Responsibilities :

Cyber Security Strategy: Develop, implement, and continuously improve the organization's cybersecurity strategy to safeguard sensitive data, systems, and networks.

Risk Assessment & Vulnerability Management : Perform risk assessments, identify potential vulnerabilities, and ensure the timely application of security patches and updates.

Threat Monitoring & Incident Response: Monitor network and systems for security breaches, respond to incidents, and provide remediation measures in real time.

Penetration Testing & Ethical Hacking: Conduct regular penetration tests to identify vulnerabilities and weaknesses in systems and applications; provide recommendations for strengthening security.

Security Architecture & Design: Design and implement secure network architecture, including firewalls, VPNs, IDS/IPS, and secure cloud environments.

Data Protection: Ensure proper encryption protocols and data loss prevention mechanisms are in place for sensitive data across the organization.

Compliance & Governance: Ensure compliance with cybersecurity standards, frameworks, and regulations (e.g , GDPR, HIPAA, ISO 27001, NIST) and lead audits when required.

Security Tools & Technologies : Utilize advanced security tools (e.g , Splunk, Wireshark, Nessus, Metasploit) to detect and respond to potential threats.

Security Awareness & Training: Provide security awareness training to employees to recognize potential threats such as phishing, social engineering, and other forms of cyber attacks.

Collaboration & Reporting: Work with the IT, engineering, and compliance teams to enforce security policies and report on security posture to senior management.

Cloud Security: Implement and monitor security controls in cloud environments (AWS, Azure, GCP) for workloads, storage, and data management.

Technical Skills & Requirements: Core Skills: Cybersecurity Tools: Expertise with security monitoring tools (e.g , Splunk, Wireshark, Nessus, Qualys, Metasploit) and SIEM (Security Information and Event Management) systems.

Firewalls & VPNs: Experience with firewalls (e.g, Cisco ASA, Palo Alto), IDS/IPS, VPN, and proxy servers.

Penetration Testing & Ethical Hacking: Proficiency in performing penetration tests using tools like Burp Suite, Kali Linux, OWASP ZAP, Nmap.

Cloud Security: In-depth knowledge of AWS, Azure, or Google Cloud security services such as AWS IAM, AWS Shield, AWS WAF, and other cloud-native security tools.

Cryptography & Encryption: Strong understanding of encryption algorithms, SSL/TLS protocols, and data protection standards (e.g , AES, RSA).

Incident Response: Hands-on experience with incident detection, response, and resolution procedures.

Vulnerability Management: Expertise in identifying and managing vulnerabilities, and remediation (patch management, asset inventory).

Endpoint Protection: Familiarity with endpoint security solutions like Symantec, CrowdStrike, McAfee, and Sophos.

Network Security: Strong understanding of network security protocols (e.g , IPsec, HTTPS, DNSSEC) and secure network architectures.

Security Frameworks: Experience with common security frameworks and standards such as ISO 27001, NIST, CIS Controls, and PCI DSS.

Security Automation: Familiarity with security automation tools (e.g , Ansible, Terraform, Chef).

Nice-to-Have Skills: Certifications: Relevant certifications such as CISSP, CISM, CEH, CompTIA Security+, or AWS Certified Security Specialty.

DevSecOps: Experience with DevSecOps practices and integrating security into the CI/CD pipeline.

SIEM Tools: Experience working with Splunk, LogRhythm, or QRadar for advanced threat detection.

Malware Analysis: Knowledge in analyzing and mitigating malware, trojans, ransomware, and viruses.

Security Audits: Experience with security audits and penetration testing to validate existing security measures.

Soft Skills: Analytical Mindset: Strong problem-solving skills with the ability to analyze complex security threats and incidents.

Attention to Detail: High attention to detail and ability to identify vulnerabilities or areas that require improvement.

Communication: Excellent written and verbal communication skills to convey complex security concepts to technical and non-technical stakeholders.

Team Collaboration: Ability to work collaboratively within a team and effectively communicate across departments.

Time Management: Strong organizational and time-management skills to handle multiple tasks and deadlines efficiently.

Qualifications :

- Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).

- 5-8 years of professional experience in cybersecurity, with a focus on network security, incident response, and vulnerability management.

- Proven experience working with cloud environments such as AWS, Azure, or GCP.

- Demonstrated expertise in applying security best practices to both on-premise and cloud infrastructures