Solution Architect- Security- AWS

SecOps team at Xenonstack is looking for a Senior Security Engineer who can analyze computer networks, ensure they are running securely, and foresee possible security issues that may arise in the future. A senior security engineer's duties include, but are not limited to, designing, implementing, maintaining, and operating information system security controls and countermeasures.

The ideal candidate should be highly skilled in all aspects Microsoft based systems, Linux/Unix based systems, network protocols and packet analysis. Your responsibility includes detecting and responding to sophisticated threats with information from a wide variety of sources.

• Detect and respond to sophisticated threats with information from a wide variety of sources, and ensure similar scenarios are prevented in the future

• Debug, review potentially harmful Edge extensions (JavaScript Programs) to understand their operation and impact on the browser ecosystem.

• Perform in-depth dynamic and static file analysis as well as reverse engineering to determine the nature of unknown or potentially malicious files found during investigations

• Review the code to learn abuse patterns and identify product vulnerabilities within the extension ecosystem. Identify CVEs that affect Edge Extensions through exploit proof of concepts

• Use Open Source intelligence (OSINT) to research vulnerabilities in support of cyber related incidents

• Proactive monitoring for security threats and timely triage of Security Alerts and escalations.

• Event analysis, attack identification, and performing investigations

• Driving security issues throughout the incident response process ensuring compliance and risk is managed end-to-end

• Develop forensic and malware analysis capabilities in support of ongoing incident response activities

• Identify metadata information within malicious code (IOCs/TTPs) and develop organizational detection/prevention mechanisms

• Collaborate with other Microsoft Security teams to gain greater visibility into Microsoft malware detection capabilities

• Cultivate in-depth knowledge of security systems and the life cycle of network threats, attacks, attack vectors, and methods of exploitation.

• Perform URL/domain analysis to identify and report any malicious indicators associated with the resource and evaluate associated risks

• Collaborates with products/engineering for architectural and design reviews to identify and mitigate risks

• Shares security knowledge with products/engineering, advocates use of good security designs and patterns, raises awareness of bad security designs and anti-patterns

• Knowledge of administration of Microsoft based systems, Linux/Unix based systems

• Knowledge on network protocols and packet analysis

• Experience with various DBMS.

• Experience in VAPT Applications, Network, and Cloud Technologies.

• Proficiency in manual and automated techniques for penetration testing and executing

• vulnerability assessments (injection, privilege escalation, fuzzing, buffer overflows, etc.)

• Ability to analyse vulnerabilities appropriately characterizes threats, and provide sound remediation advice

• Familiarity with commercial testing applications (i.e. Burp, dbProtect, Acunetix, SonarQube)

• Knowledge of network protocols and network monitoring like sniffing(e.g. Wireshark, tcpdump)

• Knowledge of tools used for Thick clients, web application, and mobile security testing.

• Hands-on knowledge on OWASP top 10, SANS Top 20.

• Strong understanding of PCI DSS and SOC2.

• Experience in SIEM and SOC solutions.

• Coding/scripting experience (Python, Ruby, C, Assembly, Bash, PowerShell, etc.)

• Excellent communication skills

• Attention to detail

• Analytical mind and Problem Solving Aptitude

• Strong Organizational skills

• Visual Thinking

Education : B.E/B.Tech in Computer Science or a related technical degree or M.S/M.Tech in Information Security.