Location Name: Pune Corporate Office - Mantri
Job Purpose
Information security tech team member (with skip level reporting to CISO) who is proficient in maintaining & managing WAF technology, Information Security tool management & governance. Understanding of regulatory requirements, maintaining the tool compliance, configuring the tool policy, logs review & alert/incident handling. Driving information Security projects & Monitoring Key Risk Indicators (KRIs) for Information Security.
Duties And Responsibilities
A- Minimum required Accountabilities for this role
Application & Network Security Expertise
- Strong hands-on experience in Web Application Firewall (WAF) deployment, configuration, and management.
- Experienced in DDOS and BOT protection platform management and incident closures.
- Knowledge of network security concepts (BOT protection, Zero Trust, DDoS protection, SSL/TLS, IDS/IPS).
Security Monitoring & Automation
- Experience with SIEM tools (Sentinel / Splunk / QRadar ) for threat detection.
- Familiarity with automation tools ( SOAR / Ansible / Terraform) for security policy management.
Incident Response & Compliance
- Handling security incidents related to WAF, DDoS, and firewall breaches.
- Knowledge of compliance standards (PCI-DSS, OWASP Top 10, NIST). Responsible for Incident, Problem, Change Management & Service Request.
- Security agent / software compliance like AV/EDR, Vulnerability management tool, FIM, SIEM agent.
- Knowledge of strong in ITIL Process.
B- Additional Accountabilities Pertaining To The Role
- Design, implement, and manage WAF/DDOS/BOT policies to protect web applications from attacks (SQLi, XSS, OWAPS top 10 etc.).
- Maintain compliance as per organization compliance policy
- Work with SOC team to investigate security alerts and improve detection rules.
- Document security policies, configurations, and incident reports.
- Flexible to extend beyond work hours towards accomplishing assigned tasks.
- Interaction with OEM for Highly Critical technical support.
- Responsible for Reports & Technical documentation.
- Communicate effectively with stakeholders & cross function teams
- Strong troubleshooting, analytical, and communication skills
Key Decisions / Dimensions
Potential regulatory actions due to non-compliances|
- Identification of right contacts to channelise the issue/problem for closure.
- Review the alert/incident and categorised True positive / False positive and take require steps.
- Discuss observation response as applicable & improve security controls.
- Decide if the policy and procedure documents need changes based on new regulations or audit outcomes.
Major Challenges
- Handling of fast changing environment with variety of cloud service providers
- Handling of compliance expectations in stringent timelines
- Handling multiple stakeholders at a time
- Coordination with third party consultants who assist in auditing and compliance initiatives
Required Qualifications And Experience
Minimum 3+ years of experience in Web application monitoring (WAF)
Minimum 2+ years in Information / Cyber / application security.
- Work Experience
- Knowledge & hands-on experience in information security tool compliance & incident management (WAF, AV/EDR, Vulnerability management tool, FIM, SIEM agent)
- Sound knowledge on IT infrastructure, Information Security concept & tools, ISMS & BCMS frameworks, regulatory guidelines related to IT and cyber for NBFCs
- Experience in Project management.
- Positive attitude, Hard Worker and team player
- Excellent Communication and Leadership Skills
- Certifications like CEH (Ethical Hacking), Azure/AWS Security, WAF/application penetration testing would be an added advantage
- Cloud security knowledge with CSPM, CWPP experience would be added advantage
