Security Engineer (Application Assurance) at Wipro Limited

Job Description
Security operations:

• Monitor investigate and report on incidents.
• Be able to be a part of an incident response team and triage.
• Assess security incidents quickly and effectively and communicate a course of action to Regional Security SMEs.
• Compile and maintain information security incident reports. Ensure that all incidents are recorded and tracked to meet audit and legal requirements.
• Oversee and conduct root cause analysis to identify gaps and recommendations ultimately remediating risks to the organisation.
• Provide content creation and policy tuning for multiple security detection and alerting tools.
• Effectively manage reported system, application and device vulnerabilities and through remediation and maintenance in adherence with incident response procedures.
• Define and maintain all the security governance documents that are required to support the strategy/solutions.
• Develop and optimize processes to improve security threat identification and remediation.
• Maintain active understanding of industry practices for threat analytics and incident response.
• Assisting developers in secure coding best practices, risk mitigation techniques, and threat modelling.
• Explain, present, demonstrate (when applicable) and document the operational impact of a particular vulnerability, threat or risk.
• Monitor and maintain approved baseline network topologies and configuration.
• Compile vulnerability and penetration testing reports according to the Global Security standard.
• Conduct Phishing campaigns.
• Provide security, technical, configuration, and architecture support to Regional security SME representatives as required.
• Keep the information security toolset plan for IT functions agile and current to constantly be able to address risk.
• Create and develop policies and standards to be applied to ensure proper controls are in place.
• Embed and manage the ISO 27001 compliance standard and ensure proper processes and structures are put in place
• Define a process of understanding data flows, categorisations, locations and architecture of servers to fully be able to interpret the outputs of the reports and action accordingly.
• Manage third party interactions and manage alerts appropriately
• Manage a vulnerability management system in line with current risk management system
• Create and maintain security awareness campaigns and perform training on key security aspects and process change.
• Day to day operational tasks as assigned.

Key Performance Areas

• Training and awareness
• Data Privacy laws
• Governance documentation
• Security planning and future view
• Guide and assist regions in security task
• Monthly health checks
• RFPs
• Audits

Skills and Knowledge

• Ability to conduct information security risk assessments
• Ability to create and execute security monitoring tool sets such as DLP, SIEM and Web Gateway, Cyber Protection.
• Exposure to cyber security or SOC monitoring.
• Strong technical ability.
• Stakeholder Management
• Ability to support an information security strategy that supports business needs
• Understanding of the NIST and ISO 27000 frameworks
• Business Acumen
• Interpersonal skills
• Multitask and quality focused.
• Good understanding of risk and compliance
• Understanding of business process analytics
• Project Management skills