Assistant Manager-Information Security?

Job Description Inviting applications for the role of Assistant Manager-Information Security We are looking for a Threat Modeling Sr.Analyst/Architect to join our Global Information Security Team at Genpact. In this role, the candidate will be provided with an opportunity to research, analyze, design threat models and report on the emerging applicable cyber threats. In addition, this position seeks the candidate to notify the stakeholders with on-time, accurate findings on the targeted/sophisticated cyber threats and guide the leadership with practical approaches to thwart such attacks. The Threat Modeling Sr.Analyst/Architect is expected to work independently and produce effective mitigation strategies so that the organization stays a step ahead of the ever-evolving cyber threats. Responsibilities - The Threat Modeling Sr.Analyst/Architect needs to collect, analyze, and generate finished Threat Intelligence products and further leverage it to design and deliver relevant Threat Models to support Genpact LLC, its subsidiaries and additional lines of businesses. - The Threat Modelling Sr.Analyst/Architect role will require significant expertise from attack and/or intelligence domains. - The successful candidate should be highly technical and will likely come from an attack background (red team, pen testing etc) or intelligence background (if also having hands-on network/systems experience). - Candidates with threat modelling experience in tandem with previous attack/intelligence experience will be considered, as will candidates who do not have a threat modelling background and are presently working in attack/intelligence capacity & interested in transitioning to more of a hybrid role with threat modelling and controls responsibilities. - The responsibilities for this position include, but are not limited to: developing threat modeling processes that analyze the firm's ability to mitigate cyber-attacks across business and technology environments developing cyber threat scenarios to enable risk management and the secure deployment of key organizational initiative identifying areas for potential attacks and systemic security issues as they relate to threats and vulnerabilities, including recommendations for enhancements or remediation preparing and delivering written and verbal briefings to message threat modeling findings across all levels of the enterprise and monitoring the cyber threat environment to incorporate trends in potential attack activity. - Maintain awareness of the cyber threat landscape and provide key/relevant updates to the leadership and InfoSec teams. Qualifications we seek in you Minimum Qualifications - Bachelor's degree or equivalent experience - Excellent command of cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies - Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with a focus on recommendations for enhancements or remediation - Strong knowledge of: cloud computing, computer network defense, external organizations and academic institutions dealing with cybersecurity issues, financial authorities and regulations, identity management, incident management, information assurance, information management, information systems and network security and infrastructure design - Strong knowledge of cybersecurity activities associated with: requirements analysis, risk analytics and modeling, risk management emerging issues, risks, vulnerabilities and technologies and vulnerability assessment - Demonstrated attack experience in previous positions in functions such as red team operator or penetration testing - In lieu of attack experience, threat intelligence experience in conjunction with hands on systems/network experience will be considered. The candidate should have a technical background - Strong understanding of the following: networking fundamentals (all OSI layers, protocols), Windows/Linux/Unix/Mac operating systems, OS and software vulnerably and exploitation techniques, commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post exploitation (e.g. Cobalt Strike, Metasploit, Nmap, Nessus, Burp Suite), and familiarity with interpreting log output from networking devices, operating systems, and infrastructure services - Understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity - Foundational knowledge of: computer forensics legal, government and jurisprudence as they relate to cybersecurity operating systems and methods for intelligence gathering and sharing - Nice to have: experience or working knowledge with threat modeling methodologies such as Stride, Pasta, or comparable experience visually representing data and process flows in an enterprise environment, and/or leveraging the MITRE ATT&CK Framework. Preferred Qualifications/ Skills - Analyticalskills, excellent problem-solvingskills, ability to work within deadlines, excellent interpersonal and communicationskills. - - - - - -