Industry / Sector / Domain
One of the leading Life Sciences/ Pharma companies in India
- Conducting security testing (e.g., penetration testing, red teaming) on the actual platform, including infrastructure and application layer
- Re-evaluating the actual security by simulating a real cyber attacker, identifying vulnerabilities, and leading to action recommendations on how to close findings
- Authoring new or updated policies and procedures for internal partner and stakeholder input.
- Conducting a technical cloud security configuration/hardening assessment (e.g., to verify security configuration of AWS account)
- Providing a hands-on verification of the security of the actual AWS instance/account and actively improving security by changing configuration in line with best practices.
- Engagement of a third party to perform a security review in line with typical industry standards (e.g., CIS Critical Security Controls, ISO 27001)
- Providing some level of assurance but is limited to the depth of the actual review/certification
- Preparing and delivering communication and training to educate teams on the evolving compliance landscape and new or updated policies and related changes.
- 10+ years related work experience in driving cybersecurity, privacy, and risk management programs in medium to large enterprise organizations.
- 4+ years of related experience in the healthcare, diagnostics, and / or pharmaceutical industry, preferred.
- Professional with detailed technical knowledge of techniques and standards for authentication and authorization, applied cryptography, security vulnerabilities and remediation
- Ability to advise on architecture decisions at technical and product level
- Adequate knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols, and cloud infrastructure
- Experience in Agile Development and DevSecOps tooling such as Dynamic Application Security Testing, Static Application Security Testing, Container and application vulnerability scanning
- Understanding the relationship with Product Owner, DevOps and rest of the Security team
- Excellent knowledge of HIPAA, GDPR, and other privacy relevant legislation and regulations
- Good understanding of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation
- Great interest in all aspects of security and privacy research and development
- Excellent verbal and written communication skills in English are a must
Follow us on Linkedin to stay updated on exciting opportunities