Pace Wisdom - Information Security Engineer - SAST/DAST (2-5 yrs)

Position Overview :

- We are seeking a highly skilled Information Security Engineer to manage Risk Assessment, Compliance, and Cloud & Infrastructure Security, with specialized expertise in healthcare security, cybersecurity analytics, and emergency preparedness.

- The ideal candidate will have experience designing secure applications and architectures, conducting SAST/DAST testing, managing cyber emergency preparedness, and ensuring robust security protocols across the enterprise.

- You will also be responsible for developing security policies and procedures and integrating cutting edge security practices to maintain the organization's security posture and compliance standards.

Key Responsibilities :

- Risk Assessment & Management : Perform internal and third-party risk assessments, conduct security audits, and manage vulnerability remediation.

- Develop mitigation strategies and report risks to senior management.

- Cloud & Infrastructure Security : Secure cloud environments (AWS, Azure, GCP) and on-prem infrastructure, ensuring access controls, encryption, and network security protocols are in place.

- Compliance Management : Oversee compliance with HIPAA, GDPR, DPDPA, and healthcare-specific regulations.

- Support audit preparation, conduct assessments, and ensure alignment with industry and privacy standards.

- Cybersecurity Analytics : Leverage cybersecurity analytics to monitor, identify, and respond to threats in real-time, utilizing data-driven insights to enhance overall security posture.

- Designing Secure Applications & Architectures : Collaborate with development teams to design and implement secure applications and system architectures, ensuring that security best practices are incorporated into the software development lifecycle.

- SAST & DAST : Implement Static and Dynamic Application Security Testing (SAST/DAST) to identify vulnerabilities and ensure secure coding practices throughout the development pipeline.

- Cyber Emergency Preparedness : Develop and maintain cyber emergency preparedness plans, including incident response, disaster recovery, and business continuity strategies.

- Electronic Surveillance & Corporate Security : Oversee and manage electronic surveillance systems to detect and prevent both physical and cybersecurity threats.

- Ensure seamless integration between corporate security measures and IT/cybersecurity strategies.

- Security Policies & Procedures : Develop, document, and maintain comprehensive security policies and procedures to ensure regulatory compliance and alignment with risk management frameworks.

- Incident Response : Lead investigations into security incidents, conduct root cause analysis, and recommend corrective actions to prevent future breaches.

- Collaboration & Training : Partner with IT, development teams, and external vendors to integrate security best practices into cloud and infrastructure environments.

- Provide training and awareness programs to staff on security policies and procedures.

Qualifications :

- 2-5 years of experience in information security, risk management, compliance, and healthcare security.

- Expertise in cybersecurity analytics, secure application design, and architectural security best practices.

- Strong knowledge of HIPAA, GDPR, DPDPA, and other healthcare-related compliance regulations.

- Hands-on experience with cloud security (AWS, Azure, GCP) and infrastructure security.

- Proficiency in SAST/DAST tools and vulnerability management.

- Experience with cyber emergency preparedness, incident response, and disaster recovery planning.

- Knowledge of electronic surveillance systems and corporate security measures to protect both physical and digital assets.

- Ability to document and maintain security policies, procedures, and standards.

- Strong analytical, communication, and problem-solving skills.

Certifications (Preferred) : CISSP, CISM, CRISC, CEH, AWS Certified Security Specialty, Azure Security Engineer, Certified HIPAA Professional (CHP), Certified Information Privacy Professional (CIPP/US), Certified Business Continuity Professional (CBCP).