The key responsibilities of the roles are as follows:
- Effectively communicate with internal partners, customer managers and executives on technical and business issues.
- Experience giving presentations to technical and executive audiences, explaining Security solution concepts and benefits.
- Able to create security architecture and designs to meet customers’ requirements and deploy them in customer’s production environment.
- Create automation scripts/tools whenever required to improve the efficiency of security posture.
- Effectively able to lead and drive customer workshops and discussions.
Technical requirements:
Cyber Security and Identity:
- Hands-on and conceptual knowledge on Azure security components like Azure Security Center, Azure Sentinel, Microsoft Defender Suite.
- Hands-on Knowledge of AD Design and Migrations
Implement and Integrate Azure Active Directory
AD related technologies (ADFS, ADMS, AD PKI, ADRMS, AD CS, DIAD, ADH)
InfoSec:
- Perform threat modeling of the solution – identifying design-level threats & recommending mitigations
- Periodically deliver hands-on SDL trainings to developers, with focus on application security
- Perform security code review of the solution using manual and automated techniques
- Perform manual security testing of the application using proxy tools such as Burp
- Use automated scanners to scan the solution and filter false positives
- Good understanding of Microsoft .NET technologies
- Good understanding of Identity protocols (OpenId Connect, OAuth2.0 etc.)
- Good understanding of cloud technologies, preferably Azure
- Full understanding of the web stack, web security, common application vulnerabilities & mitigations
- Basic penetration testing skills
Aware of contemporary happenings, vulnerabilities & mitigations in application security space