Job Description

Dear Candidates,
We are looking for candidates with threat Modelling experience. Please find the below JD , Interested candidates share your profiles immediately on m.nayana@dynpro.in or call me on 9686298147.

• 4 yrs and above experience into cyber security.
• Knowledge of different types of Attacks / Threat landscape, owasp top 10.
• Good to have penetration testing / Threat Modeling hands-on experience
• Knowledge of security design and controls, vulnerability remediation
• Knowledge of authentication, authorization, cryptography - encryption / decryption, communication protocols.

Knowledge of different network components firewall, routers, proxy, waf etc .
This job role is responsible for operating as part of a global/local team within the Cybersecurity organisation, to analyse and execute activities around Cybersecurity process, controls, standards and regulatory requirements. The role will carry out some or all of the following activities:

• Ensure adherence to the three lines of defence organisational model with clear lines of responsibility, accountability and segregation of duties.
• Ensure compliance with internal audit and external regulators that any organisational changes are fit for purpose and meet their expectations
• Analyse and execute activities to ensure compliance with Cybersecurity policies and standards.
• Contribute to process, procedures and tool identification/development that will strength the banks response to threats and incidents
• Assess new technology products and projects utilising security technologies pertinent to the department
• Act as a role model to more junior members of the team
• Engagement with other Cybersecurity teams, senior management and members of the Business when confronted with potential security issues
• Expand their skills, knowledge and experience to enhance the overall capability of the function

Key responsibilities include:

• Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Secure Design review, Threat Modelling.
• Liaison with Developers, Architects, Project Managers to understand the working of an application, how effectively they are implemented and where security mechanisms are employed.
• Understand the business requirements, evaluate potential products / solutions and provide technical recommendations.
• Be "hands on" with technology and to contribute to the design, development and support of projects with the Security recommendations.
• Identify risks across the IT estate; including applications, databases, network and other infrastructure components
• Identify controls to ensure compliance with HSBC Information Security policies and standards.
• Contribute to process, procedures and tool identification/development.
• Expand their skills, knowledge and experience to enhance the overall capability of the function
• Management of senior stakeholders and problem solving
• Work on complex and technically challenging projects

Certifications, Qualifications & Experience (For the Job – not the Job holder. Minimum requirements of the Job) The ideal candidate for this position will have:

• Strong understanding of general security concepts and principles and application specific security concepts and principles.
• Strong understanding of applications design, architecture and risk management
• Strong understanding of Software Development Life Cycle (SDLC) with a focus on security
• Experience of Threat Modeling and assessing the impact and likelihood of threat scenarios is a must
• Understanding of emerging technologies and corresponding security threats
• Problem-solving and analytical skills
• Self-motivated individual who is adaptive to change

This position requires an individual who is:

• Typically educated to degree level or equivalent (ideally within IT security) with extensive experience within a Cybersecurity role
• Experience with Cyber Threat modelling, Risk assessment and/or security testing / ethical hacking, Security Architecture
• Skilled in at least 1 Cybersecurity Domain
• Minimum of 8 years in a Cybersecurity role as individual contributor and team member
• Experience within a leadership role (projects, resource etc.)
• Professional Qualification : CISSP, CRISC, GIAC or Cloud Security Certifications will be an added advantage