Principal Cyber Security Engineer - Cloud
Quest Global
- Bangalore, Karnataka
- Permanent
- Full-time
This role requires a strategic understanding of the business, customer/ patient needs, product technology and the purpose & values of our company to successfully deliver on the group priorities. A hands-on experience and interest in latest security standards, protocols, products and systems is mandatory for the success of this role.
Essential Responsibilities
- Support software development teams in building a security by design mindset by supporting implementation and code inline with the Application Security Program mandates.
- Implement solutions that meet security and privacy requirements defined in the security plans, risk assessments, policies, and procedures.
- Implement designs in accordance with secure software design guidelines to achieve desired security requirements and controls with the support of development leads, security architects and product owner(s).
- Implement features in line with the architecture via designs, coding, reviews and tests. Perform Proof of Concept (POC) activities as necessary.
- Review, Analyze and mitigate SAST, DAST, SCA and penetration test findings in collaboration with the developers for various non-medical and software as medical devices (SaMD) product lifecycles
- Support development of SBOM across multiple product lines
- Implement enhancements to software security controls across cloud-based medical products.
- Participate in post-market product analysis to support vulnerability investigations as required as well as be engaged in continuous security monitoring
- Security developer able to support software development teams on secure coding practices and application security test report generation and interpretation for various coding languages and environments.
- Experience with secure software development lifecycle and practices including SAFe/ Agile methodologies for software development
- Understanding of security by design principles and architecture level security concepts, experienced with threat modeling and assessments
- Experience in implementing security technologies/techniques in cloud-based systems like Cryptographic Algorithms/Cipher Suites, Public key Infrastructure (PKI)), network security protocols, OAuth, 2-factor authentication, and data at rest encryption standards
- Experience implementing OWASP Top10 application security guidelines
- Experience with cloud-based design and security controls (e.g. network security, instance hardening, identify and access control, configuration best practices)
- Experience with penetration testing methodologies and tools including environmental configuration, security analysis, audits and reviews
- Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.
- Aware of international privacy requirements & cross industry trends.
- Desired: Exposure to Healthcare IT or medical device industry
- Desired: Experience integrating security tools into CI/CD pipelines
- Desired: Experience with AWS security controls
- Bachelor's degree in Computer Science, a related field or equivalent demonstrated experience and knowledge
- Minimum 4+ years of experience in software development or related fields.
- A minimum 2 years technical experience implementing cybersecurity requirements in cloud/hosted server environment
- A minimum 2 years working with each of the following:
- Software development experience using web/application software technologies such as C/C++, Java, .Net, python, etc.
- Experience analyzing, interpreting and mitigating security findings from multiple sources including SAST, DAST, SCA and penetration tests.
- AWS security, secure networking, and network hardening strategies
- Experience implementing Conditional Access & MFA solutions
- Privileged access management
- Professional Cyber security certifications: CISSP/OSCP/SSCP are a plus