FEEDS
Free job posting with access to all our channels? Mail us on navtej@myslate.co
Job Type
Work Type
Location
Experience
Job Description:
Policy & Compliance – Maintain IT/IS policies aligned with NIST, ISO 27001, UAE CB, and GDPR; ensure audit readiness via periodic reviews.
Risk Management – Lead enterprise risk assessments, maintain a dynamic cybersecurity risk framework, and prioritize remediation by business impact.
Zero Trust & Network Security – Design Zero Trust segmentation, mTLS, NDR, resilient perimeters, and secure remote access to block lateral movement and exfiltration.
VAPT – Plan VAPT across OS, AI, cloud, apps, network, and mobile; track remediation, coordinate external pen tests, and integrate findings into VM.
Cloud & Container Security – Embed DAST/SAST, container scanning, and SCA into CI/CD; enforce IaC scanning, image signing, runtime protections, CIS hardening, secrets management, and runtime containment (AWS/Azure/GCP).
Endpoint & Identity Protection – Operate EDR/XDR, secure boot, immutable images, automated patching, PAM with JIT elevation, HSM encryption, tokenization, ephemeral DB credentials, DLP, and data classification with retention/disposal.
Key Responsibilities:
Security Ops & Third-Party Governance – Run SIEM/MDR, SOAR, threat hunting, incident response with lessons learned; manage vendor due diligence, attestations, PIAs, and act as primary liaison for audits/regulators.
Maintain IT/IS policies aligned with NIST, ISO 27001, UAE CB, and PCI DSS; conduct periodic reviews.
Participate enterprise risk assessments and maintain a dynamic Cybersecurity Risk Management Framework.
Design and operate Zero Trust segmentation, mTLS, NDR, resilient perimeters, and secure remote access.
Plan and oversee VAPT across all environments (OS, AI, cloud, apps, network, mobile); manage remediation tracking.
Secure cloud/container environments (AWS/Azure/GCP) by embedding SAST/DAST, container scanning, SCA, IaC scanning, and runtime protections.
Operate and review security controls including SIEM, EDR, Email Security Gateway, WAF, Antivirus; conduct regular security reviews to assess effectiveness.
