Job Summary
Experience:
8.00 - 14.00 Years
Industrial Type:
IT-Software/Software Services
Location:
Mumbai
Functional Area:
IT Software - Network Administration / Security
Designation:
DORA - SME
Key Skills:
Cybersecurity
Educational Level:
Graduate/Bachelors
Job Post Date:
2025-06-02 12:56:24
Stream of Study:
Degree:
BCA, BE-Comp/IT, BE-Other, BSc-Comp/IT, BSc-Other, BTech-Comp/IT, BTech-Other, MCA, ME-Comp/IT, ME-Other, MSc-Comp/IT, MSc-Other, MTech-Comp/IT, MTech-Other
Company Description
Our Company is the latest addition as an IT outsourcing provider for Group Worldwide. Supported by Companies Group, an 18 billion Euro organization operating in over 25 countries, company aims to offer technology services to the group. In the near future, Our company will drive its digital ambitions and establish offshore development centres in various cities across the country. Our Company will also focus on developing expertise and offering career opportunities in a wide range of technologies within the insurance sector.
Job Description
Exp: 8 to 14 Years
Job Location: Mumbai (Powai)
5 Days work from Office
Key Responsibilities:
The SME will have comprehensive responsibilities spanning multiple cybersecurity domains, and should have expertise in at least 5 of the following areas:
1. Lead the design and implementation of cybersecurity strategies, focusing on hybrid environments (combination of on-premises, private, and public cloud infrastructures).
2. Manage and optimize EDR solutions (e.g., CrowdStrike, Carbon Black) to ensure continuous monitoring, threat detection, and endpoint protection.
3. Contribute to the design of NextGen Firewalls (e.g., Fortinet, Check Point) for advanced threat prevention, network segmentation, and traffic filtering.
4. Support the Implemention of Network Access Control (NAC) policies to enforce security posture at the network perimeter and provide role-based access control (RBAC) for devices across the network.
5. Develop and enforce Data Loss Prevention (DLP) strategies to protect sensitive data from unauthorized access or exfiltration, particularly in hybrid work environments.
6. Lead the deployment of Cloud Security solutions (CASB) to monitor and enforce security policies across cloud platforms (AWS, Azure, GCP), ensuring secure data handling and compliance.
7. Integrate IAM solutions (e.g., Okta, Ping Identity) with IDP (Identity Providers), focusing on identity federation and secure authentication across cloud and on-prem environments.
8. Implement Privileged Access Management (PAM) solutions (e.g., CyberArk, BeyondTrust) to secure critical system access and reduce the attack surface from privileged user accounts.
9. Ensure the effective use of SIEM systems (e.g., Splunk, Microsoft Sentinel) for centralized log aggregation, threat detection, threat intelligence, and incident response.
10. Leverage SOAR (Security Orchestration, Automation, and Response) tools to automate and streamline incident response, reducing time to detection and mitigation.
11. Apply AI/ML technologies to enhance security analytics, enabling advanced threat detection, anomaly detection, and predictive security capabilities. (Good to have)
12. Design and enforce encryption protocols for data-at-rest, data-in-transit, and data-in-use, ensuring compliance with security and regulatory standards.
13. Manage security-related regulatory compliance (e.g., HIPAA, PCI DSS, GDPR, SOC 2), aligning policies and controls to industry frameworks such as NIST CSF v2 and ISO 27001.
14. Collaborate with IT, DevOps, and business teams to integrate security into the development lifecycle (DevSecOps) and ensure the continuous protection of applications and data. (Good to have)
15. Oversee periodic security assessments and vulnerability management to identify and address security risks across the entire IT infrastructure.
16. Lead incident response efforts, providing subject matter expertise on investigation, containment, and remediation of security incidents.
17. Foster a security-aware culture by delivering training programs and developing best practices for staff and stakeholders across the organization.
Qualifications:
• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• CISSP Certification
• At least 8 to 14 years of proven cybersecurity experience across multiple IT domains, with deep expertise in 5 key areas from the following:
? EDR (Endpoint Detection and Response) tools and strategies
? NextGen Firewalls, including advanced traffic filtering and threat prevention
? Network Access Control (NAC) and secure network segmentation
? Data Encryptions and Data Loss Prevention (DLP) technologies and policies for hybrid environments
? Cloud Security solutions (CASB) and securing data across cloud platforms
? Threat Intelligence & Incident Response
? Strong experience with SIEM platforms (Splunk, Microsoft Sentinel, QRadar) and the ability to set up real-time monitoring and alerting systems.
? Hands-on experience with IAM (Identity and Access Management), PAM (Privileged Access Management), IDP(Identity Providers), and Zero Trust architectures.
? Expertise in encryption methods for data-in-use, data-at-rest, and data-in-transit.
? Familiarity with AI/ML technologies in threat detection and advanced analytics.
• Experience in regulatory compliance frameworks (NIST, ISO 27001, PCI DSS, HIPAA, GDPR).
• Good communication skills to translate complex security concepts for technical and non-technical stakeholders.
• Ability to lead and mentor teams, as well as collaborate with multiple departments to embed security across the organization. (Good to have)
