Cyber Security Testing
4 weeks ago
Key skills mandatory/required:
Candidates are required with keywords/tools/frameworks like
Stride /
Dreed
/ Threat testing / cyber security from each section of the requirements table.
Please indicate your Yes and relevant years of working experience required in the Response & Comment field.CategorySub- CategoryRequirementResponseCommentsCybersecurity RiskThreat modellingList all identified threats based on STRIDE/DREAD methodology
Risk analysisPerform threat to risk analysis and list all respective risks associated with the IS, its operational model, deployment and intended use cases
Malicious Insider / Insider ThreatDescribe the considerations made to protect from malicious insider either within the company, a 3rd party supplier or managed service provider
Privileged Accounts Compromise / Abuse of Privileged AccessDescribe the considerations made to protect from unauthorized access by privileged users and special protections detect/prevent/response/
Malware and Ransomware ResilienceDescribe the considerations made to protect from malware and ransomware
Data Leakage ProtectionDescribe the considerations made to protect from data leakage
Applicable ICS ControlsList all applicable controls from SC ICS standards and map the selected controls to the respective risks i.e. threats -- risks -- controls
Vulnerability ManagementDescribe the considerations made to ease vulnerability management
Access control
Describe the IAM, RBAC/ABAC/DAC/etc, and MFA solutions in this design
Describe the automated mechanism to manage the service accounts including temporary and / or emergency accounts used to operate the system
Describe how the access management controls implemented by the system in accordance with the ICS standards and which mandatory access management controls arent, especially in cases where a self-built application or 3rd party service is used
Describe privileged account access, types used by the system, service provider and their access to the respective IS components and underline data
Describe if and how Separation of Duties and least privileged access are enforced
Describe if and how the system manages remote access
Describe how the respective controls prevent unauthorized access
Identification and Authentication
Describe the use of MFA solutions in this design for privileged and non-privileged users
Describe the use of SSO solutions in this design for privileged and non-privileged users
Describe the systems protection against replay attack (replay resistance)
Describe the use of cryptographic Authentication
Describe the use of federated credential management (if used)
Describe if and how the service uses / consumes cross-organization identities of users
Describe how Device/Component Identification & Authentication e.g. in microservice / SOA based architecture if preformed
Audit and AccountabilitySecurity Event LoggingDescribe the key events in the architecture that must be logged for security incident response
Describe the protection of the security logs against malicious / accidental modifications/deletions/
Audit LogsDescribe the creation and protection or Audit logs and audit log information, session audits, including audit-log retention compliance with applicable regulations)
Security Event MonitoringDescribe the key security events in the architecture that must be monitored
Describe the protection of the security logs against malicious / accidental modifications/deletions/
Describe how the IS monitor and control communications to interfaces of the system external and at key internal managed interfaces within the system, Managed interfaces include gateways, routers, firewalls, network-based malicious code analysis, virtualization systems, or encrypted tunnels implemented within a security architecture
Non-repudiationDescribe what measures are taken to prevent repudiation for the IS
Describe what measures are taken to ensure chain of custody for the IS
Penetration TestingDescribe the scope and frequency of penetration tests regime and its compliance with regulatory and ICS requirements
Configuration Management
Describe the system baseline configuration as well as if there is a configuration change control in place, its scope and capabilities\
Describe cryptography management of the system
Describe how unauthorized software execution is prevented on the IS and authorized software is explicitly allowed/enabled
Describe how system components inventory is maintained and updated by the service owner / supplier
Describe if the system allows only signed components to be installed / executed
Software Updates And PatchesDescribe how the system supports the deployment of security updates and patches, as well as the process of software patching, possible risks in case of failure and mitigation / recovery associated plans
Secrets ManagementDescribe how secrets in this design are protected
Non-Personal & Personally Identifiable Information (PII) Processing
Describe the data tagging, tracking and enforcement of the IS for PII
Describe how the system manages Consent and Specific/Special Categories of Personally Identifiable Information
Describe how the system protects Personally Identifiable Information throughout the data lifecycle and complies with regulatory requirements e.g. GDPR
Describe all data controllers and processors involved in the processing of PII data, their responsibilities, obligations, and scope consider GDPR, as well as other regulations in the scope of your assessment
Describe the data lifecycle, where and which data is stored, processed, communicated in the IS and between the IS and external IS systems
System and Communications Protection
Describe how the IS separates users and systems functionality
Describe how the IS isolates security functions
Describe how the IS Prevent unauthorized and unintended information transfer via shared system Resources e.g. cloud environment, shared memory, cache, etc.
Describe how the IS protects against denial of service and how the system ensures the availability of its resources
Describe what types of networks and boundary isolation have been employed
Describe what controls are in place to prevent data exfiltration e.g. DLP/RMI
Describe what controls are in place to prevent/restrict incoming communication, protect against unauthorized physical connections, fail secure and provide host protection
Transmission Confidentiality and IntegrityDescribe which cryptographic mechanisms are in place and where to prevent unauthorized disclosure of information; detect changes to information during transmission
Describe the cryptographic key management i.e. how the IS establishes and manage cryptographic keys when cryptography is employed within the system
Describe how the system protects against spoofing and impersonation attacks as well as DNS related attacks
System and Information IntegritySoftware, Firmware, and Information IntegrityDescribe how the system protects the SW/FW and information integrity
Third Party Risk Assessment
If/when using a 3rd party vendor/SP e.g. IaaS/PaaS/SaaS/SP provide the TRSM assessment and SCM assessment of the respective tools/services/vendors used in the solution
Provide a detailed accounting of all security assurances provided by the supplier to prove it (i) maintains good cyber-security hygiene, (ii) obligation to comply with existing and future regulations (iii) obligations to grant access to the regulators with undue delay in case such access is warranted, (iv) agreement to subject to external audits conducted by an agreed 3rd party, (v) contractual agreement which provide sufficient assurances as defined by the organization risk appetite as well as regulatory requirements secure the company systems and or consumed services against (vi) contractual obligation to notify the company when a vulnerability / misconfiguration and / or malicious activity have been identified by the supplier with undue delay even if those dont have direct impact on the consumed services, (vii) contractual obligation to notify the company if its systems or services have been / or will be accessed by a nation exercise its rights under local legislation e.g. Germany / US using CloudAct to gain access to company data stored in AWS Frankfort data centres
-
Cyber security Engineer
4 weeks ago
Delhi, India Fadac Resources Full timeJob DescriptionOur client is a leading enterprise technology Integrator specialized in the deployment of dynamic and highly scalable ICT Infrastructure Solutions. Due to expansion, they are currently in need of aCyber Security Engineer.LOCATION : LagosRESPONSIBILITIES:Planning, implementing, managing, monitoring, and upgrading security measures for the...
-
Cyber Security Analyst-IT
4 weeks ago
Delhi, India Careers International Full timeJob DescriptionPosition Overview:The Cyber Security Analyst plays a critical role in safeguarding the digital assets and information of a Fast-Moving Consumer Goods (FMCG) company from cyber threats and attacks. This position involves monitoring, analyzing, and responding to security incidents, implementing security measures and controls, and providing...
-
Cyber Security Trainer
4 weeks ago
Delhi, India Futurense Technologies Full timeJob Title: Cyber Security TrainerLocation: Kanakapura, BangaloreJob Type: Full-timeJob Description:We are seeking a dynamic and experienced Cyber Security Trainer to join our team at our Kanakapura, Bangalore location. The ideal candidate will have a strong background in cybersecurity, a passion for teaching, and the ability to inspire and mentor B.Tech CSE...
-
Cyber Security Sales
6 days ago
Delhi, Delhi, India GS2 CYBER SECURITY Full timePay: ₹30,000.00 - ₹40,000.00 per month Day range: - Monday to Friday Supplemental pay types: - Commission pay - Performance bonus **Experience**: - total work: 2 years (preferred) Work Location: In person
-
Cyber Security Specialist
5 days ago
delhi, India L A Technologies Pvt Ltd Full timeCompany DescriptionL.A Technologies is a specialized group of IT professionals based in Mumbai Metropolitan Region. We provide top-notch services in Networking, Securities, Wireless, and Server platforms for Internet and business applications. Our team includes certified professionals in Cisco, Microsoft, Certified Auditors, and Linux, as well as a network...
-
Cyber Security Engineer
4 weeks ago
Delhi, India Teradyne Full timeOur PurposeTERADYNE, where experience meets innovation and driving excellence in every connection. We are fueled by creativity and diversity of thought and in our workforce. Our employees are challenged to innovate and learn something new every day.We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and...
-
Cyber Security Specialist
1 week ago
delhi, India JOOLA INDIA Full timeJob Title: Cyber Security SpecialistLocation: Bengaluru, India (WFO)Company Description:JOOLA was first established in 1952 and built a global reputation as a pioneer in table tennis. In 2022, JOOLA expanded into the rapidly growing pickleball scene and quickly attracted the biggest names in the sport. As an official table tennis sponsor for three Summer...
-
Cyber Security Engineer
3 weeks ago
Delhi, India DriveSec Technologies Full timeCompany DescriptionDriveSec Technologies is a leading organization that empowers and enables companies to drive security and enhance workplace, infrastructure, and technological security processes. Our mission is to bridge the gap between technical teams and business teams, fostering a shift-left culture and mindset for secure growth. We prioritize a...
-
Cyber Security Application Vulnerability
4 weeks ago
Delhi, India Mindwise Solutions Private Limited Full timeCyber Security Application - Vulnerability Penetration Tester a. Qualifications: i. BE/ B.Tech/ M.Tech/ MSc/ MCA qualification or equivalent ii. At least one of the following certifications will be preferred -, CISM, CCNP Security, CEH, GCFA, GCFE b. Experience: i. Minimum of 5 year of cyber security with 2 years of Penetration Testing and Vulnerability...
-
Cyber Security Specialist
3 days ago
delhi, India SAEL Full timeAbout CompanySAEL Industries Ltd. (Formerly -Sukhbir Agro Energy Limited) professionally managed business group, with interests in diverse businesses including Rice Processing, Warehousing, Solar Energy, Biomass Energy, Exports, Organic Farming, and Bran Oil Extraction.Job Description:Planning, implementing, managing, monitoring, and upgrading security...
-
SOC Solution Architect
1 month ago
Delhi, India Pyramid Cyber Security and Forensic Full timeExperience in security technology & solutions, with deep expertise in the area of SIEM, analytics and or log management, SOC, SOAR, DLP, Data Encryption, Anti-phishing solution, Network Performance Management and Application Performance Management etc. - Research security standards, security systems and authentication protocols - Writing architectural...
-
Cyber Security L3
4 weeks ago
Delhi, India Yotta Infrastructure Solutions Full timeWe are Hiring Cyber Security L3 (IBM QRadar)YOE: 8 + YearsLocation: Panvel or Airoli (Navi Mumbai)Job ResponsibilitiesExperience in Threat & malware analysis.Active analysis on Security Vulnerabilities, Advisories, Incidents, and Attack techniques.Tuning the QRadar rules to remediate false positive security alerts.Creating QRadar rules to fulfill...
-
Cyber Security Specialist
5 days ago
Delhi, India SAEL Limited Full timeAbout CompanySAEL Industries Ltd. (Formerly -Sukhbir Agro Energy Limited) professionally managed business group, with interests in diverse businesses including Rice Processing, Warehousing, Solar Energy, Biomass Energy, Exports, Organic Farming, and Bran Oil Extraction.Job Description: Planning, implementing, managing, monitoring, and upgrading security...
-
Cyber Security Specialist
3 days ago
delhi, India SAEL Full timeAbout Company SAEL Industries Ltd. (Formerly -Sukhbir Agro Energy Limited) professionally managed business group, with interests in diverse businesses including Rice Processing, Warehousing, Solar Energy, Biomass Energy, Exports, Organic Farming, and Bran Oil Extraction. Job Description: Planning, implementing, managing, monitoring, and upgrading security...
-
Cyber Security Delivery Lead
1 month ago
delhi, India Tech Mahindra Full timePosition: - Delivery LeadGrade- 16-20yrs of experienceLocation-Bangalore/ Pune/ Hyd/ Noida/ MumbaiObjectiveDrive Security Delivery, Customer Satisfaction, Growth and Revenue AssuranceDesign and delivery aspects of technology risk and cyber securityProvides supervision for risk and control advisory services to help protect customers, assets, systems, and...
-
Cyber Security Analyst
5 days ago
delhi, India Atyeti Inc Full timeRole: Analyst I/ Senior / Lead Analyst - Applications Programming (Individual Contributor)Experience: 6- 14 YearsLocation: Hyderabad, Chennai, Mumbai (10+ years)Job Description*The Evaluation Analyst plays an essential role in the Cyber Threat Defense Framework. The CTEP Evaluation Analyst conducts threat and incident evaluations and identifies opportunities...
-
Security Engineer
2 days ago
Delhi, India AGS Cyber Full timeClient A leading provider of information security services. Specializing in application security, cloud security, IoT security and payment security services Role The Security Engineer (Penetration Testing & Application Security) will make a significant contribution to the company success by integrating security into the software development lifecycle of the...
-
Cyber Security Specialist
4 days ago
New Delhi, India SAEL Full timeAbout CompanySAEL Industries Ltd. (Formerly -Sukhbir Agro Energy Limited) professionally managed business group, with interests in diverse businesses including Rice Processing, Warehousing, Solar Energy, Biomass Energy, Exports, Organic Farming, and Bran Oil Extraction.Job Description: Planning, implementing, managing, monitoring, and upgrading security...
-
Cyber Security Specialist
7 days ago
Delhi, India We IT Global AB Full timeJob DescriptionThis is a remote position.We are looking for aCyber Security Specialist – Splunkfor our organization.IntroductionThis is a request for a proposal for services to assist our client’s Cyber Defense Center (CDC), in a program activity starting latest w2423. The details and scope of this request are outlined in the following sections.General...
-
Security Researcher
2 days ago
Delhi, India Altered Security Full timeWe are looking for top Security Researchers (Remote) with demonstrable expertise to join our team of experts! Altered Security is an information security startup with focus on edtech, hands-on learning and focused security assessments. It has offices in India and Singapore. We are experts in information security training, cyber ranges, online labs and...