What Working at Hexaware offers:
Hexaware is a dynamic and innovative IT organization committed to delivering cutting-edge solutions to our clients worldwide. We pride ourselves on fostering a collaborative and inclusive work environment where every team member is valued and empowered to succeed.
Hexaware provides access to a vast array of tools that enhance, revolutionize, and advance professional profile. We complete the circle with excellent growth opportunities, chances to collaborate with highly visible customers, chances to work alongside bright brains, and the perfect work-life balance.
With an ever-expanding portfolio of capabilities, we delve deep into and identify the source of our motivation. Although technology is at the core of our solutions, it is still the people and their passion that fuel Hexaware’s commitment towards creating smiles.
“At Hexaware we encourage to challenge oneself to achieve full potential and propel growth. We trust and empower to disrupt the status quo and innovate for a better future. We encourage an open and inspiring culture that fosters learning and brings talented, passionate, and caring people together.”
We are always interested in, and want to support, the professional and personal you. We offer a wide array of programs to help expand skills and supercharge careers. We help discover passion—the driving force that makes one smile and innovate, create, and make a difference every day.
Job Description:
Hexaware is currently seeking a dedicated Security Engineer to lead our projects in Dublin, California.
What will you do :-
The Security Engineer will be responsible for conducting vulnerability assessments and collaborating with various teams to address security issues. This position is responsible for all aspects of Vulnerability Patch Management (operations, governance and reporting). You will perform risk assessments to quantify vulnerabilities as critical, high, medium and low so risk can be proactively managed and brought to the correct levels of management to address and support timely remediation. This role will involve working closely with developers, system & network administrators, and senior leadership to protect our digital assets and ensure a robust security posture. The Information Security Engineer will help plan and carry out the organization’s information security strategy and program to include developing a set of security standards and best practices for the organization, developing policy and procedure, recommending security enhancements to management as needed, and developing strategies to respond to and recover from a security breach.
Skillset Needed:
- Primary Skills - Min 5 years Plus Hands on Experience on Application Security Testing ( SAST.DAST) , Vulnerability Management Assessment and Governance .Scripting Languages at least One Powershell, Python, Perl
Security Testing Tools - Tenable Nessus, Qualys, Synk, Burp, Zap
Secondary Skills - Knowledge of Information Security Governance Frameworks like NIST 800-53, ISO27K , Risk Management Frameworks
Essential Duties:
- Conduct regular Vulnerability Assessments & Penetration Testing to identify & mitigate risks.
- Analyse vulnerability scan results, prioritize vulnerabilities based on risk, threat intelligence, and potential business impact
- Review and collaborate with developers to remediate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) findings
- Collaborate cross-functionally with teams including IT/Enterprise, Security/Compliance, Engineering/Production and Leadership, ensuring vulnerabilities are addressed expeditiously and effectively.
- Aggregate vulnerability assessment results from partner teams, utilizing a combination of automated tools and manual reviews to identify potential weaknesses in systems, networks, and applications
- Prioritize vulnerabilities based on severity, risk level, and potential impact on the Patelco's business, functional & technical operations
- Facilitate remediation plans for identified vulnerabilities, collaborating with asset owning teams to ensure timely resolution.
- Monitor and track the progress of vulnerability remediation efforts, providing regular reports to management on the overall effectiveness of the program
- Implement vulnerability detection capabilities within the continuous integration and continuous delivery (CI/CD) pipeline and software development lifecycle (SDLC).
- Enhance the current Vulnerability Management Program for Patelco Credit Union
- Performs risk assessments to determine our stature against specific threats in order to recommend solutions
- Develop and recommend policies, standards and procedures that are in compliance with statutory and regulatory requirements that cover internal and external parties, physical security systems, internet and computer systems ? Backing up the Information Security Officer as needed
- Functional Competencies
- Experience in Vulnerability Management or related field such as Penetration Testing
- Strong knowledge of common vulnerabilities and exploitation techniques
- Strong knowledge of offensive security tactics techniques and procedures
- Proficiency with at least one scripting language (e.g.: Perl, Python, PowerShell)
- Knowledge of risk assessment tools, technologies, and methods
- Demonstrated ability to map vulnerability exploitation vectors commonly identified in frameworks like OWASP Top 10 & STRIDE.
- Knowledge of CIS Benchmarks and best practices for the secure configuration of information systems and applications.
- Experience maintaining and running vulnerability scanning and other security testing tools (e.g., Tenable/Nessus, Qualys, Snyk, Burp, ZAP etc.)
- Technical experience working with industry-wide frameworks and standards like MITRE ATT&CK
- Ability to communicate network security issues to peers and management
- An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
- An understanding of organizational mission, values, and goals and consistent application of this knowledge
- Experience with regulatory compliance, including risk management frameworks (e.g., NIST CSF/RMF)
- Experience with Security Orchestration, Automation, and Response (SOAR) platforms.
- Strong understanding of PCI, GLBA, and IS/IT risk assessment, the Federal Financial Institution Examination Council (FFIEC) IT examination handbooks, and National Institute of Standard and Technology (NIST) 800-53 and Cybersecurity Framework.
Equal Opportunities Employer:
Hexaware Technologies is an equal opportunity employer. We are dedicated to providing a work environment free from discrimination and harassment. All employment decisions at Hexaware are based on business needs, job requirements, and individual qualifications. We do not discriminate based on race including colour, nationality, ethnic or national origin, religion or belief, sex, age, disability, marital status, sexual orientation, parental status, gender reassignment, or any other status protected by law. We encourage candidates of all backgrounds to apply.
Find out more at Hexaware.com.
