Master

Consultant- Cyber Security Engineer

Consultant- Cyber Security Engineer2021-11-12T01:35:09-05:00<p><strong>Do you want to help us keep our technology estate safe from threats from the inside and outside?</strong></p> <p><em><span style="font-weight: 400;">ThoughtWorks is a global software consultancy with an aim to create a positive impact on </span></em><em><span style="font-weight: 400;">the world through technology. Our community of technologists thinks disruptively to </span></em><em><span style="font-weight: 400;">deliver pragmatic solutions for our clients' most complex challenges. We are curious minds </span></em><em><span style="font-weight: 400;">who come together as collaborative and inclusive teams to push boundaries, free to be </span></em><em><span style="font-weight: 400;">ourselves and make our mark in tech.</span></em></p> <p><em><span style="font-weight: 400;">The InfoSec team covers a broad domain of knowledge within the organization. Our work includes security consulting, risk management, cyber security, incident response, and more. It is a </span></em><em><span style="font-weight: 400;">very</span></em><em><span style="font-weight: 400;"> distributed team, spread across the Americas, United Kingdom, Germany, Spain, India, China, Southeast Asia, and Australia. Working effectively through different time zones is a must for us.&nbsp;</span></em></p> <p><em><span style="font-weight: 400;">Security Operations (SecOps) is a sub-squad of the InfoSec team, and plays an assurance role in ThoughtWorks cybersecurity program. As a part of the squad, you will work with other InfoSec squads (Security Intelligence, Center of Excellence, etc.) and TechOps (Technical Operations) teams to maintain and improve ThoughtWorks’ security posture by identifying and addressing information security threats to the organization.&nbsp;</span></em></p> <p><em><span style="font-weight: 400;">You are expected to be highly self-motivated, collaborating remotely with team members around the world without requiring much direct supervision.&nbsp;</span></em></p> <p><strong>Role responsibilities:</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Threat hunting &amp; event management:&nbsp;</span></li> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Identifying and responding to security threats gathered from various sources;</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Collaborating with InfoSec Security Intelligence squad to expand and improve means of threat hunting;</span></li> </ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Incident responding: as the first responder to an security incident, taking the lead in the incident management cycle, carrying out investigations with relative teams and providing technical support to mitigate the impact, and tracking the incident until closure;</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Vendor review: participate in the Thoughtworks’ vendor review process, assuring that security requirements are observed while adopting 3rd party products &amp; services.</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Help drive continuous improvement in the team's processes, including incident response, communication, reporting and knowledge management.</span></li> </ul> <p><strong>You'll bring:</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Professional working proficiency of the English language (C1 in </span><a href="https://en.wikipedia.org/wiki/Common_European_Framework_of_Reference_for_Languages"><span style="font-weight: 400;">CEFR</span></a><span style="font-weight: 400;">)</span></li> <li style="font-weight: 400;"><strong><em>(For internal recruiting only)</em></strong><span style="font-weight: 400;"> A solid understanding of how internal teams deliver business value to TW</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Thorough knowledge and practical experience in infrastructure and operations with AWS and/or GCP cloud service providers</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Ability to execute third-party vendor security risk assessments</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Skills in analyzing security alerts and determining impact and severity, including but not limited to:</span></li> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Identifying malicious software and traffic against ThoughtWorks resources and infrastructure</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Identifying weaknesses and vectors of compromise; Advising best practice configurations</span></li> </ul> </ul> <p><strong>Traits we are looking for:</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Strong sense of teamwork, commitment and delivery</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Strong capability of problem solving &amp; system thinking</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Good ability to communicate effectively with different types of audiences</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Good ability to categorize, visualize, and present findings to stakeholders</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Capable of self-management while following broad strategic objectives on a highly distributed and independent team</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Being able to prioritize and handle unplanned work, and manage varying levels of workload</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Diligence in keeping documentation and paperwork complete and up to date</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Strong interest in continued learning in the security domain</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Strong interest in continued learning about security vulnerabilities and how they translate into business risks</span></li> </ul> <p><strong>What will you learn?</strong></p> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Distributed work</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Security (competencies)</span></li> <ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Threat Modelling</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Technical and non-technical security measures</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Infrastructure and cloud security</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Incident management</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Vulnerability management</span></li> <li style="font-weight: 400;"><span style="font-weight: 400;">Proactive security intelligence analysis&nbsp;</span></li> </ul> <li style="font-weight: 400;"><span style="font-weight: 400;">Consulting skills</span></li> </ul> <p>&nbsp;</p>ThoughtworksBangaloreIndia