Bengaluru, Karnataka · Information Technology Security Manager
Location : Bangalore (India)
Experience : 8 to 12 years
About Aurigo :
We are America’s leading enterprise SaaS provider helping public sector agencies plan and deliver over $450 billion worth capital infrastructure projects and realize up to 5% in savings.
Aurigo performs the entire configuration, implementation and delivery of its enterprise software solutions. These are multi-million-dollar projects typically spanning 6 months to two years.
Our customers include State agencies, Airports, large cities and counties, and major transit authorities who spend anywhere from $15K ARR to $3M ARR on our software subscription plans.
We are proud to be Great Place to Work Certified.
Role Description :
The Security Manager role will be part of the Cloud team at Aurigo which maintains the overall Cloud infrastructure which host Aurigo’s flagship platform Masterworks Cloud and Aurigo Essentials.
The SaaS environment is FedRAMP Ready, SOC2 Type 2 and ISO22301 : 2019 certified, catering to Government agencies in the US and Canada.
He / She shall ensure Aurigo’s security posture remains robust and evolves to effectively combat ever changing threat landscape.
Continually perform risk assessment and carry out risk treatment based on priority established by stakeholders.
Information Security is priority 1 at Aurigo to maintain the confidentiality, integrity and availability of our customer data.
The Security Manager will be responsible for all information security technical controls, policies, procedures and projects in Aurigo’s SaaS platform.
Desired Skills & Experience :
Bachelor’s Degree in Engineering / Technology (Computer Science / Information Science branches preferred).
Must have CEH / GIAC / OSCP and CISM / CISSP certification.
Must have strong understanding of Mobile and Cloud network security architecture.
Must have strong scripting language in Python / PowerShell.
Must have experience with MITRE attack framework.
AWS Security Specialty certification preferred.
Hands-on experience in Web Application / Mobile Application security.
Hands-on Vulnerability Assessment and Penetration Testing / Red Team exercise Experience.
Prioritize security findings and help Engineering and Cloud teams in resolving them at the earliest.
Hands-on experience with tools like Qualys, Nessus, BurpSuite, OWASPZAP, Metaspoilt etc.
Relevant professional experience or extensive experience in security activities (e.g. CTF, bug bounty, security research, publications, blog).
Knowledge of vulnerabilities lists like OWASP TOP 10, SANS 25 etc.
Lead information security planning processes to information security program in support of information systems and technology
Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services.
Stay abreast of information security issues and regulatory changes. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position
Continually perform risk analysis and carry out risk treatment based on priority established by stakeholders.
Lead information security incident response process. Convene a Security Incident Response Team as needed, to investigate and address security incidences that arise.
Lead a team of security engineers / security analysts.
Coach information security team to implement security controls, policies and procedures.
Lead security audits and assessments at Aurigo.
Work with different functions at Aurigo towards identifying vulnerabilities in the SaaS platform, implement additional security controls required.
Publish periodic security posture reports for executive management team.
Manage internal and external vulnerability assessment, penetration testing, Red Team exercise and ensure recommended remediation is carried out in time.