Senior Cloud Security Manager

Our Partner is the industry leader in delivering cloud-based services for eLaw. Our market-leading software and services help legal-related organisations conquer their eDiscovery, Litigation, and Admin needs. We do this by providing a powerful SaaS platform with world-class support and engagement teams that help hundreds of law firms across the country manage large data sets, identify relevant information via AI and complex searches, and organise evidence to build compelling arguments to support their clients’ interests.

Our Partner is venturing into International markets and is opening a new office in Bangalore to meet the growing demand of clients.

As a Cloud Security Manager, you will play a critical role in delivering cloud-based solutions to support our clients' success. The role embeds you with a motivated development team, where you will identify, plan, and execute tasks that deliver real value to our clients. You’ll play multiple roles and contribute to our mission. This is a hands-on role and reports to the VP of Operations.

ROLES AND RESPONSIBILITIES

• Conduct regular vulnerability scans using automated tools to identify security weaknesses.
• Manage and track vulnerabilities from discovery to remediation.
• Prioritise vulnerabilities based on risk and impact and work with development teams to ensure timely resolution.
• Conduct comprehensive manual penetration tests on web applications, APIs, and mobile applications (APKs) to identify vulnerabilities.
• Document findings and provide detailed recommendations for remediation.
• Perform segmentation tests to ensure proper network segmentation and isolation of critical assets.
• Manage SAST, DAST and IAST solutions.
• Assist in defining and implementing security requirements for new payment solutions.
• Collaborate with product and engineering teams to integrate security best practices into the software development lifecycle.

KEY REQUIREMENTS:

• 5+ years of experience in Application Security or related roles and 3+ years of managerial experience in handling a team in a cloud-based SaaS environment.
• 3+ years of hands-on experience with advanced application security tools and Extensive experience in application security, with a focus on secure cloud software development practices and techniques.
• Experience with security testing tools and technologies, such as SAST, DAST, and IAST solutions.
• Experience in IT general controls and internal control areas is required, as is the comprehension of standards and methodologies related to OWASP, PTES, NIST, CIS, PCI DSS, and ISO 27001, Soc2 controls.
• A clear understanding of pentest methodologies and reporting.
• Great awareness of cybersecurity trends and hacking techniques.
• Experience with cloud security, containerization, and DevSecOps practices,
• Experience with developing and Implementing Cyber Security Policies.
• Risk Management Experience in a regulated environment.
• Knowledge of Cyber Security Regulations and Laws.
• Cyber Incident Response experience.
• Proficiency in programming languages commonly used in web application development, such as Java, Ruby, Python, or JavaScript.
• Certifications such as CISSP, CSSLP, CEH, or similar are highly desirable.
• Excellent analytical and problem-solving skills, with the ability to analyse complex application security issues and recommend effective solutions.
• Strong leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and communicate technical concepts to non-technical stakeholders.
• Ability to work under pressure in a fast-paced environment.
• Strong attention to detail with an analytical mind and outstanding problem-solving skills.