Assistant Manager Cyber Security (Web Apps Sec)

Our employees are our company's greatest asset - they are our real competitive advantage. We possesse immense power of innovation, immagination and a desire to attract and retain the best; provide them with encouragement, stimulus, and make them feel that they are an integral part of the company's mission.

Purpose: 

AM Cybersecurity (Apps Security and Data Protection) will provide security advice, tools, solutioning, etc related to various internal and external web applications like KE Live, KE Website, K-Solar and various 3rd party software integrations via APIs. The professional will be expected to participate in project planning, designing, capacity projections, hands-on implementation, complex integration work, security assessment, hardening of configurations, trouble shooting, maintaining, upgrading, and defining policy/procedure for all IT-infrastructure in use. This role will work in close collaboration with internal/external stakeholders to review, detect, report and triage with findings against cyber threats and breaches.

Education: 

Experience of at least 1-2 years in field of cybersecurity, out of which 1 year experience in VAPT. A bachelor’s degree in Computer Science, Cyber Security, or a related technical field. Certifications like CEH, CC, CCNA shall be preferred.

Areas of Responsibility:

Security Assessment:

Security assessment of the company wide projects

Including organizational wide changes in platforms, software, hardware, or appliance-based solutions related to network and communication technologies that are implemented on any infrastructure level

Review of design and workflows/Ensure end to end secure workflows

Performs vulnerability assessments, risk, business impact, reputation impact, controls, and suggests treatment strategies

Threats and vulnerability identification in the project/requested change

Ensuring all vulnerabilities/critical findings should be patched/fixed before going on production/Live

Review and approve requests for changes, Service requests, special service requests considering Governance policies

Threat Management /Threat and Risk Assessment

Responsible for handling Vulnerability management & pen-testing of the entire infrastructure including but not limited to vulnerability assessment of various web apps within IT and OT Landscapes.

Assist in security upgrades and patch installation for all low to critical Findings

Hunt for threats from inside and outside KE

Communicate cyber events to internal and external stakeholders

Suggests fixation or remediation of detected vulnerabilities to maintain a high-security standard

Perform tests and uncover network vulnerabilities with security teams

Assists in OTVA activities

Tools: Nipper, Metasploit, Netsparker, Nessus professional, Tenable SC and other open source tools for VAPT

Stake Holder Management:

Lead the creation and procurement of awareness deliverables and learning content, leveraging various channels for effective delivery, measures the usage of the content and its effectiveness, and develops metrics 

Establish a security awareness network with key stakeholders throughout the organization to understand risks and business objectives including Legal, Governance, ETS, EBS, Generation, Transmission, Distribution

Owns and manages relationships with security education and awareness related vendors

KE provides equal employment opportunity (EEO) to all persons regardless of age, color, origin, physical or mental disability, race, religion, creed, gender, marital status, status with regard to public assistance or any other characteristic protected by federal, state or local laws.