Information Security Specialist

Information Security Specialist

Experience: 5 - 10 Years Exp
Salary : Competitive
Preferred Notice Period: Within 30 Days
Shift: 10:00AM to 7:00PM IST
Opportunity Type: Remote
Placement Type: Permanent

(*Note: This is a requirement for one of Uplers' Partners)

What do you need for this opportunity
Must have skills required :
VAPT, Pen Testing, Cloud Security, Security Monitoring, endpoint security, Incident Response, Compliance
Good to have skills :
security frameworks (GDPR, NIST, SOC 2) and regulatory standards. ● Familiarity with security automation and orchestration tools. ● SDLC (Software Development Lifecycle) and integration with CI/CD pipelines. ● SIEM tools (Splunk, AWS Security Hub) and security analytics platforms. ● (Docker, Kubernetes) and related tools. ● threat intelligence platforms and APT detection.


Our Hiring Partner is Looking for:
Information Security Specialist who is passionate about their work, eager to learn and grow, and who is committed to delivering exceptional results. If you are a team player, with a positive attitude and a desire to make a difference, then we want to hear from you.

Role Overview Description
Job Description – Information Security Specialist
CLOUDSUFI is a Data Science and Product Engineering organization building Products and Solutions for Technology and Enterprise industries. We firmly believe in the power of data to transform businesses and make better decisions. We combine unmatched experience in business processes with cutting-edge infrastructure and cloud services. We partner with our customers to monetize their data and make enterprise data dance.

Our Values
We are a passionate and empathetic team that prioritizes human values. Our purpose is to elevate the quality of life for our family, customers, partners, and the community.
Diversity and Inclusivity CLOUDSUFI is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified candidates receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, or national origin status. We are dedicated to providing equal opportunities in employment, advancement, and all other areas of our workplace. Please explore more at https://www.cloudsufi.com/

What we are looking for
CLOUDSUFI is seeking a highly skilled Information Security Specialist to join our dynamic security team. This individual will play a crucial role in securing our cloud infrastructure, ensuring the safety of our endpoints, conducting penetration testing on various applications, and ensuring compliance with ISO 27001, PCI DSS, and other regulatory frameworks. The ideal candidate should have expertise in AWS security, Datadog monitoring, Sophos security, and penetration testing across mobile, web, and API environments. Additionally, the candidate will be responsible
for enforcing the highest security standards and practices within our financial lending
Organization.

Key Responsibilities:
● AWS Security Management
○ Secure and manage the AWS infrastructure, implementing best practices around IAM,
VPC, KMS, GuardDuty, and CloudTrail.
○ Conduct regular security assessments and vulnerability scans across AWS environments.
○ Design and implement secure cloud network architectures and CI/CD pipelines.
○ Monitor cloud environments for security risks and compliance gaps, ensuring secure
application deployment and operations.

● AWS orchestration via Terraform script
● Datadog Security Monitoring
○ Set up and maintain Datadog’s Security Monitoring and log management systems across AWS and on-premise infrastructure.
○ Configure custom alerts and dashboards to identify and respond to security incidents
promptly.
○ Leverage Datadog’s capabilities to monitor application performance and network
performance from a security perspective.

● Endpoint Protection (Sophos)
○ Deploy, configure, and manage Sophos Endpoint Protection across all endpoints (servers, laptops, mobile devices).
○ Monitor endpoint security status, investigating alerts, and ensuring malware, ransomware, and other threats are mitigated.
○ Conduct regular security audits and provide recommendations for endpoint hardening and security improvements.

● Penetration Testing
○ Conduct penetration testing on web applications, mobile applications, and APIs to identify vulnerabilities, threats, and weaknesses.
○ Perform ethical hacking to uncover flaws such as SQL injections, XSS, CSRF, and others.
○ Provide actionable reports with remediation steps for discovered vulnerabilities and work with development teams to ensure fixes are implemented.

● Compliance and Audit
○ Ensure compliance with ISO 27001, PCI DSS, and other relevant standards in the context of a financial lending organization.
○ Lead or support internal and external audits, gap analyses, and compliance activities.
○ Develop and maintain compliance documentation, including policies, procedures, and risk management plans.
○ Stay current with regulatory changes and ensure the organization's security practices align with updated standards.

● Security Incident Management
○ Work with incident response teams to investigate, contain, and resolve security incidents.
○ Perform root cause analysis of incidents and assist in developing remediation strategies.
○ Ensure that incidents are documented and that lessons learned are incorporated into
future security practices.

Mandatory Skills Required
● Cloud Security (AWS): Advanced understanding of AWS security services such as IAM, KMS, CloudTrail, VPC, GuardDuty, and Inspector.
● Endpoint Security: Hands-on experience with Sophos Endpoint Protection and EDR tools.
● Penetration Testing: Experience with tools like Burp Suite, OWASP ZAP, Postman, and custom scripts to perform web, mobile, and API penetration testing.
● Security Monitoring: Proficiency in Datadog Security Monitoring, log management, and creating alerts and dashboards.
● Compliance: Deep understanding of ISO 27001, PCI DSS, and financial security regulations.
● Vulnerability Management: Experience with vulnerability scanning tools, risk assessments, and
remediation techniques.
● Incident Response: Hands-on experience in incident detection, triage, and mitigation in cloud environments.

Secondary Skills Required
● Knowledge of other security frameworks (GDPR, NIST, SOC 2) and regulatory standards.
● Familiarity with security automation and orchestration tools.
● Strong understanding of secure SDLC (Software Development Lifecycle) and integration with
CI/CD pipelines.
● Experience with SIEM tools (Splunk, AWS Security Hub) and security analytics platforms.
● Knowledge of container security (Docker, Kubernetes) and related tools.
● Experience with threat intelligence platforms and APT detection.
Mandatory Certifications Required
● Certified Information Systems Security Professional (CISSP) or equivalent.
● AWS Certified Security – Specialty (or equivalent AWS certification).
● Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) for
penetration testing.
● Certified Information Security Auditor (CISA) or ISO 27001 Lead Auditor is a plus.
● PCI Professional (PCIP) or PCI Internal Security Assessor (ISA) is a strong plus.
Preferred Qualifications
● Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
● Familiarity with Agile or DevOps methodologies for security integration into SDLC.
● Experience working in the financial industry, particularly in financial lending or fintech
environments.
Minimum and Maximum Experience Required
● Minimum Experience: 3–5 years of hands-on experience in information security, specifically in cloud security, endpoint protection, and penetration testing.
● Maximum Experience: 8–10 years of experience, including leading security initiatives and teams, with a focus on regulatory compliance (ISO, PCI DSS).

Salary & Benefits—Best in Industry

How to apply for this opportunity

1. Register or login on our portal
2. Click 'Apply,' upload your resume and fill in the required details.
3. Post this click ‘Apply Now' to submit your application.
4. Get matched and crack a quick interview with our hiring partner.
5. Land your global dream job and get your exciting career started!

About Our Hiring Partner:
We exist to eliminate the gap between “Human Intuition” and “Data-Backed Decisions” Data is the new oxygen, and we believe no organization can live without it. We partner with our customers to get to the core of their problems, enable the data supply chain and help them monetize their data. We make enterprise data dance! Our work elevates the quality of lives for our family, customers, partners and the community.

About Uplers:
Our goal is to make hiring reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant opportunities and progress in their career. We will support any grievances or challenges you may face during the engagement. You will also be assigned to a dedicated Talent Success Coach during the engagement.

(Note: There are many more opportunities apart from this on the portal. Depending on the assessments you clear, you can apply for them as well).

So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!