careers

Job Description

As a penetration tester, you’ll simulate cyber-attacks in order to identify and report security flaws on computer systems, networks and infrastructure, including internet sites.

You can choose to specialise in manipulating a particular type of system, such as:

• Networks
• Windows, Linux and Mac operating systems
• embedded computer systems
• SCADA (supervisory control and data acquisition) control systems
• Internet of Things (IoTs).
• Web and mobile applications

Core Consulting Skills:

• Demonstrated communication and presentation skills
• Effective written skills
• Ability to research and develop new security offerings
• Comfortable working in a project based / client serving model
• Ability to lead and shape client expectations
• Help drive pursuits and engage in complex deals, matching outcomes to expectations
• Ability to work easily with diverse and dynamic teams
• Ability to work in a matrix management model

Security Domain Knowledge:

• In-depth hands on knowledge on Black Box, Grey Box and white box Security assessments
  Perform security code reviews of software applications, developed in various languages (i.e. Java, ASP, .NET, PHP etc.).
• Knowledge on Vulnerability assessment, penetration testing and configuration review for network and system components.
• Should have holistic view of all Security domains across IT, Mobile, Cloud, IoT, and OT. With experience of successfully Solutioning Security managed services and winning business with global customers.
• Threat profiling and Threat modeling understanding.
• Should be able to execute social engineering attacks such as phishing, vishing, dumpster diving etc.
• Expert knowledge in compromising applications, servers, network devices, etc.
• Good knowledge in performing VoIP penetrating testing.
• Ability to test the cyber perimeter defenses of an organization.
• Have performed Red teaming exercises.
• Manual assessment to identify false negative observation.
• Prepare a detailed report on vulnerabilities identified and present findings to business owners and the security team.
• Consult on vulnerability remediation and solution formulation.
• Asset classification understanding as per criticality and CIA factor.
• Report writing and presentation skills.

Required Technical and Professional Expertise

• At least 3 years of experience in penetration testing and red team.
• At least 2 years of hands on technical experience in working on projects related to one of these areas:
• Web Application penetration test.
• Mobile application penetration test.
• IOT & SCADA penetration test.
• Network penetration test.

Preferred Tech and Prof Experience

• 4 years of experience in penetration testing and red team.
• One or more of the following certifications:
• GIAC Penetration Tester (GPEN) Certification
• Offensive Security Certified Professional (OSCP)
• Certified Ethical Hacker (CEH) Certification
• company certification schemes from major vendors and equipment providers like Microsoft (MCP, MCSE) or CISCO (CCNA Security).

How to Apply

Please send your resume to hr@secure-networksco.com and put the position name in the email subject

Job Description

You will provide our clients with guidance pertaining to security and privacy regulatory and industry standard requirements, security risk assessments, and GRC consulting.

• Support vendor risk management engagements and formalized risk analysis engagements.
• Support and guide information risk and security discussions with technical and non-technical groups.
• Identify enterprise information security and compliance related problems and challenges; research and develop technical solutions to rectify them.
• Assist with documenting enterprise information security programs and related components.
• Analyse client security programs for maturity and performance relating to industry accepted best practices.
• Develop recommendations for remediating risk and compliance gaps.
• Evaluate information security risk for business environment controls and industry requirements.
• Provide client guidance for information security best practices.
• Follow standard methodologies for evaluating industry security controls based on formulized security frameworks.
• Execute in dynamic, fast paced environments with tight deadlines.
• Draft deliverable documentation to meet client security needs.
• Create security roadmaps for client security program development and improvement.

Core Consulting Skills:

• Demonstrated communication and presentation skills
• Effective written skills
• Ability to research and develop new security offerings
• Comfortable working in a project based / client serving model
• Ability to lead and shape client expectations
• Help drive pursuits and engage in complex deals, matching outcomes to expectations
• Ability to work easily with diverse and dynamic teams
• Ability to work in a matrix management model

Security Domain Knowledge:

In-depth knowledge of the following:

• Evaluate information security risk in for business environment controls and industry requirements
• Must be able to assess clients against a wide variety of security and compliance frameworks (ISO 27001 – COBIT – PCI – ITIL – NIST-etc..).
• Security policy, process, procedures, and standards development.
• Develop security and compliance Dashboard and KPI.
• Conduct Information Risk Assessments as assigned to the team. Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews in order to collect and review relevant materials necessary to produce results of the assessment.
• Clearly and concisely document and communicate risk assessment results with requestor, security architects and management, as appropriate.
• Conduct and formulate appropriate risk scoring, as it relates to threat, vulnerability, likelihood, impact, security controls/counter-measures, etc.
• Understand and contribute to inventory of risk register tracking, scoring and associated risk statements.
• Perform follow up activities related to exceptions, risk acceptance, corrective action plans and additional mitigation activities.
• Communicate risk treatment methodology; risk avoidance, risk acceptance, risk transference and risk mitigation to appropriate groups.

Required Technical and Professional Expertise

• Bachelor’s degree in Information Technology or related field, or four or more years of work experience.
• 3 – 5 years’ experience in Information Security and/or Information Risk Management and/or Information Technology
• 1 – 3 years’ experience within Information Security Governance, Risk and/or Compliance functions and activities
• 1 – 3 years’ experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences
• Experience in security governance, risk assessments and regulatory/controls.
• Experience with the security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices.
• Experience with the development and implementation of information security policies, standards and related procedures for security programs.
• CISM or CISA certification.
• Familiarity with technologies such as intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms

Preferred Tech and Prof Experience

• 5 – 7 years’ experience in Information Security and/or Information Risk Management and/or Information Technology
• 5 – 7 years’ experience in Information Security and/or Information Risk Management and/or Information Technology
• Strong analytical experience
• Understanding of available Governance Risk and Compliance (GRC) tool experience such as ARCHER
• Ability to assess clients against a wide variety of security and compliance frameworks including State based privacy and security regulations, SOX, GDPR, NIST-CSF, ISO/27001/2.
• Ability to provide risk-based recommendations based upon the size and complexity of the client’s organization.
• Consulting and Privacy experience.
• Investigative and analysis skills with the ability to handle confidential information.
• Presentation skills with the ability to convey ideas and interface with C-levels and tactical implementers.
• Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action.
• Verbal skills that include the ability to clearly articulate thoughts, be persuasive and to deliver presentation and training to all levels of management.
• Written communication skills for use in preparing formal documentation including deliverables, Statements of Work, proposals, white papers, and case studies.
• Interpersonal and customer relationship skills.

How to Apply

Please send your resume to hr@secure-networksco.com and put the position name in the email subject.

Job Description

The Cyber Security Pre-Sale Engineer will be the technical bridge between our Sales Representatives, our channel partner network and their pre-sales customers will possess deep technical cyber security expertise combined with process control expertise. Successful application engineering or a technical sales support track record designing and implementing cyber security technologies and solutions is needed for this role. The Profile will develop collaborative technical relationships with customer prospects and develop solutions to meet their needs. This work includes architecting, designing and presenting the market leading solutions, bills of materials (BOMs) and proposals.

Core Consulting Skills:

• Demonstrated communication and presentation skills
• Effective written skills
• Ability to research and develop new security offerings
• Comfortable working in a project based / client serving model
• Ability to lead and shape client expectations
• Help drive pursuits and engage in complex deals, matching outcomes to expectations
• Ability to work easily with diverse and dynamic teams
• Ability to work in a matrix management model

Security Domain Knowledge:

• Good understanding of infrastructure security domain and components. Technologies and products in the segment and hands on experience on these products
• Experience of evangelizing and creating Consulting offerings and service propositions around Infrastructure Security Domain across Service areas, Architectures and Frameworks (NIST, CIS, CSA etc.)
• Experience in engaging senior customer stakeholders and unearthing, identifying & creating demand for Consulting & Advisory services opportunities and closing the orders
• Experience of delivering end to end consulting projects with recommendations that lead into downstream business for the practice
• Good commercial orientation with experience of estimating consulting projects sizing and pricing
• Ability to understand business challenges or requirements from customer and provide solution approach with relevant technology stacks
• Ability to understand new technology trends and translate them into meaningful solutions and services
• Worked in a vendor eco system of technologies and products and include these components as per customer requirements
• Pre-sales support for MSS) and security consulting opportunity for designated accounts in support of key territory sales and account plans to achieve and exceed defined targets
• Own and positively develop the relationships with key technical decision makers and influencers within the target customers
• Drive new sales opportunities by proactively engaging with the technical community within target accounts
• Engaging customers and partners, capturing requirements, proposing technical solution and overseeing the selection of technologies/products, scoping and estimating resources and effort needed to deliver the business value solutions to the customer successfully and achieving high level of customer satisfaction – to own and manage the whole process
• Engage with customers as a trusted advisor, listening and understanding their challenges and requirement – both technical and business, and clearly articulate and communicate to the sales team, and document them
• Research and develop appropriate working solution and value proposition, engaging with the respective solution principal and services partner (including our MSS product team and professional services), to address customer requirement
• Scope and clearly translate defined requirements, proposed solutions and value proposition into proposals/Statement of Work (SOW).
• Present and articulate our value proposition to customers at all levels within the organization both technical and business audience (including C-levels)
• Demonstrate a strong knowledge of the solutions and services offered by overall
• Proactively engage customer both new and existing, to provide update on the latest security trend, changes in the threat landscape, and new product and services offering
• Be a trusted advisor who provide sound security advise to customer and help them establish business case, including TCO and ROI justification, and shape requirement
• Be the voice-of-customer, channeling constructive feedback from value customer to provide market-driven inputs to our product and services team
• Be the solution owner, taking lead and working with cross-functioning team including professional services, product management, sales and marketing to drive the development of market-driven solution and services, and also for marketing events
• Ensure personal technical, communication and commercial skills are kept up to date to ensure successful execution of role, e.g. maintaining CPE, attending training, webinars

Required Technical and Professional Expertise

• Must have degree or diploma in Computer Science, Engineering and Information Systems or related, with a focus or major in IT Security being highly desirable
• Must have at least 5 years of strong hands-on experience in IT Security with at least 2 years in technical solutions and presales
• Must have experience working in a customer-facing role and comfortable presenting to a small to medium audiences on both technical and business related topics
• Must have working experience in a MSS or familiar with the operation of a Security Operation Center (SOC)
• Must have working technical knowledge of security technologies (across multiple domains such as Firewall, Network IPS, SIEM, DLP, Cloud Security etc), information security concepts and familiar with security products (Checkpoint, Palo Alto, Cisco, Splunk, McAfee, Symantec etc) and the security market place.
• Experience in preparing technical architecture blueprint and responding to large scale complex RFP is highly desirable
• Professional security related qualification such as CISSP, CISM, CRISC, CISA, GIAC or equivalent are highly desirable
• Working knowledge and familiarity with GRC and Offensive Security consulting services (e.g. penetration testing, PCI audit, security assessment) is highly desirable (pre-sales perspective)
• Working knowledge and familiarity with Virtualization and Cloud technology is desirable
• Broad experience and understanding of regulatory framework and guidelines in the region is highly desirable
• Broad experience and understanding of industry standards, framework and best practices such as ISO27001, PCI DSS, NIST, etc is highly desirable
• Broad experience and understanding of security trend, threat landscape and framework such as the cyber kill-chain
• Excellent oral and written communication skills
• Experience on firewalls, IDS / IPS, Load balancers & WAF, DDoS prevention, reverse proxy products
• Experience on web proxy, email proxy, NAC, firewall orchestrators and related products
• Experience across endpoint security technologies AV, HIPS, Application control, File integrity monitoring, DLP, EDR, APT, disk and file encryption
• Knowledge of AWS, Azure, Oracle cloud and Google cloud for deployment of infrastructure & End Point security solution
• Experience on SDN controllers like VMware NSX, Cisco ACI, Openstack for integration of security components
• Experience on hypervisor (VMware, Hyper-V, HP, KVM) security and controls. Integration of hypervisors with security solutions and configuration
• Knowledge in regulatory standards and processes like ISO 27001, SOC 1 and 2, HIPAA, PCI DSS

Preferred Tech and Prof Experience

• 7 or more years of experience
• Professional certification across different technology domains ( SIEM – Firewalls- endpoint security -DLP – data classification – cloud security – network security)

How to Apply

Please send your resume to hr@secure-networksco.com and put the position name in the email subject.