Cyber Security Engineer - Vulnerability Management (7-12 yrs)

Job Description :

Location : Bangalore (2 days in ITPL Whitefield, Bangalore & 1 day in Decathlon Anubhava, Bangalore)

Way OF Working : 3 days from office

Mandatory Skill :

- Technical knowledge of at least one major public cloud like AWS, GCP, Azure etc- AWS is Preferred

- Experience of vulnerability assessments, Penetration Testing, Web, Mobile Application & API pentest, identify access management etc

- Implementation On SSDLC ( Secure software development Lifecycle)

- Experience with Secure Code Review Tools such as Synk is a must have.

- Devsecops experience is Preferred

Responsibilities :

- Support Decathlon Digital teams by helping them integrate Cybersecurity from the solution choice and design phases

- Create security guidelines allowing teams to implement good practices within their scope

- Take part in cybersecurity architecture reviews of Decathlon infrastructures, platforms and applications

- Explore innovative Cyber topics, having an impact on the Decathlon business such as Artificial Intelligence.

- Provide technical contribution to risk analyzes in collaboration with the teams responsible for the scope and our Risk Management team

- Detect and qualify security vulnerabilities encountered in your daily life and propose remediation plans in collaboration with the teams in charge of the area concerned

- Share your knowledge of cybersecurity with your team and more broadly, with Decathlon Digital teams

- Ensure technological monitoring to guarantee the security of Decathlon's information system.

Technical scope (Must have) :

- Solid understanding of public cloud technologies with hands-on technical knowledge of at least one major public cloud like AWS, GCP, Azure etc.

- Hands on experience of vulnerability assessments, Penetration Testing, Web, Mobile Application & API pentest, identify access management etc.

- In Depth Knowledge of using Burpsuite, Metasploit, ZAP, Wireshark etc

- Experience with VAPT using Qualysguard and Nessus.

- Experience with security tools like Prisma Cloud etc is a must have.

- Develop, implement, and maintain the SSDLC framework across all software development projects.

- Proven ability to lead and manage incident response efforts.

- Network: interconnection, VPN, PAM, WAF, Proxy and Load Balancing.

- Conduct Architecture and Design review to provide guidance and security assurance around best practices and frameworks.

- Work closely with the DevOps teams and share security insight

- Experience with Secure Code Review Tools such as Synk is a must have.

- Testing and Techniques - ZAP, Wireshark, Sonarqube, Metasploit etc.

- Ability to document risks, security controls and evidence to ensure compliance