CONMED Corporation · Mumbai, Maharashtra, · Remote
About the job
This is a remote position for candidates located in India.
The Cyber Security Engineer is responsible for understanding security tooling platforms, appropriate configuration & deployment of respective tools to ensure detection, prevention, and response capabilities to the organization. The Cyber Engineer is also responsible to ensure CONMED continues to remain compliant with GDPR, CCPA, HIPAA, and SOX (along with other industry specific requirements). This includes conducting vulnerability and risk assessments as part of the secure development lifecycle of all IT systems, maintaining SIEM technology, EDR, NDR, Secure Networking capabilities, DevSecOps, Application Security, Product Security, and cloud environments. Additional responsibilities include assisting in the development of policies, standards, baselines, guidelines and procedures. This is a remote position for candidates located in India.
Accountabilities
Requirements
The Cyber Security Engineer is responsible for understanding security tooling platforms, appropriate configuration & deployment of respective tools to ensure detection, prevention, and response capabilities to the organization. The Cyber Engineer is also responsible to ensure CONMED continues to remain compliant with GDPR, CCPA, HIPAA, and SOX (along with other industry specific requirements). This includes conducting vulnerability and risk assessments as part of the secure development lifecycle of all IT systems, maintaining SIEM technology, EDR, NDR, Secure Networking capabilities, DevSecOps, Application Security, Product Security, and cloud environments. Additional responsibilities include assisting in the development of policies, standards, baselines, guidelines and procedures. This is a remote position for candidates located in India.
Accountabilities
- Learn, understand, and apply skills towards security event tirage / incident response investigation.
- Develop comprehensive workflows, playbooks, and SOPs for response related activities.
- Operate as a technology driver, continuously improving the cybersecurity posture and maturity at CONMED by assisting with technology frameworks including but not limited to: ISO27001, Cyber Essentials Plus or NIST CSF.
- Identify and help drive the implementation of security operations / technological best practices to meet cyber maturity objectives.
- Conduct security audits and assessments, analyze results, identify remediation activities and/or compensating controls, and track remediation efforts to completion
- Conduct security architecture reviews to identify risks, providing risk mitigation recommendations; track remediation efforts
- Contribute to development of metrics & ongoing measurement to track compliance, risk and the effectiveness of the information security program
- Assist in evidence generation, collection and other activities in support of the following compliance requirements: HIPAA, CCPA, GDPR, and other global regulations
- Assist in the implementation of ISO 27001 Information Security Management System
- Evaluate global frameworks to meet local requirements and/or position CONMED in a competitive position (e.g. Cyber Essentials Plus)
- Participate in periodic information systems risk assessments.
- Participate in Business Continuity planning, Disaster Recovery planning and tabletop exercises
- Create project schedules & define dependencies, work with multi-functional teams & multiple stakeholders to complete project milestones
- Work with global offices to perform data mapping, auditing of systems and controls for compliance with corporate policies and global regulations
- Drive the creation of technical and tactical Incident Response SOPs to improve the security team capabilities.
Requirements
- Bachelor’s degree in a Computer Security related field or equivalent
- One of the following preferred certifications: Security+, CEH, AZ-500, SOC-200, OSCP, CISM
- 2+ years’ minimum experience in a cybersecurity role
- PMP certification a plus
- Experience managing and delivering infrastructure projects that involves integrating various technologies and/or replacement of older legacy technologies with newer technologies
- Experience in managing projects and providing detailed status/progress on a weekly basis
- Experience / solid understanding of industry frameworks, including but not limited to SOX, GDPR, ISO 27001, NIST CSF
- Prior experience as the technical lead for security assessment and new IT technology projects for a large enterprise
- Experience implementing information security best practices and implementing security frameworks
- Risk management experience
- Strong collaboration skills
- Excellent communication skills, able to analyze and clearly articulate complex issues and technologies in a global, multi-cultural, multi-language environment.
- Ability to effectively focus on assigned work, completing it with requisite quality
- Self-motivated and able to execute assigned tasks within the parameters agreed to with your manager
- Knowledge of network protocols, operating systems, and security tools
- Familiarity with common security tools and frameworks, such as NIST, OWASP, CIS, ISO, etc.
- Ability to breakdown cyber related technical terms for non-cyber team members.
