Cybersecurity Lead Job in Nashik at Winjit Technologies

Key Responsibilities:

IT Infrastructure Security:

• Secure IT infrastructure, including servers, workstations, and development endpoints, through hardening, patch management, and endpoint protection.
• Use tools like Axonius to monitor software compliance on developer workstations.
• Implement access controls and segmentation to protect critical infrastructure components.

Network Security:

• Implement and manage network security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs, to protect development and production networks.
• Monitor network traffic for anomalies and respond to potential threats, such as DDoS attacks or unauthorized access attempts.
• Conduct network vulnerability assessments and penetration testing to identify and mitigate risks.

Cloud Security:

• Secure cloud-based development and production environments (e.g., AWS, Azure, GCP) through configuration of IAM policies, encryption, and security groups.
• Implement cloud-native security tools (e.g., Azure Security Center) to monitor and protect cloud workloads.
• Assess and mitigate risks in cloud infrastructure, including containerized environments (e.g., Docker, Kubernetes).

Cybersecurity Operations

• Deploy, manage, and optimize security technologies such as firewalls, WAFs, endpoint protection (e.g., SentinelOne), web proxies (e.g., Zscaler), and SIEM solutions (e.g., Microsoft Sentinel).
• Monitor and respond to security alerts, conduct root cause analysis, and follow incident response protocols to contain and resolve threats.
• Conduct regular vulnerability assessments and penetration testing on code, infrastructure, and environments to identify and remediate security risks.

Secure Software Development

• Integrate security tools (e.g., SonarQube) into CI/CD pipelines to ensure early detection of code-level vulnerabilities.
• Guide developers in secure coding practices, addressing vulnerabilities per OWASP Top 10 and other industry standards.
• Enable a DevSecOps culture by automating security in the SDLC.

Threat and Risk Management

• Perform threat modelling and risk assessments across applications, APIs, and cloud platforms.
• Support incident response activities including forensics, impact analysis, and remediation planning.
• Stay current on evolving threats such as zero-day vulnerabilities and software supply chain attacks and translate them into actionable security measures.

Compliance & Standards

• Implement and enforce security controls based on frameworks like NIST 800-53, ISO/IEC 27001, SOC 2, GDPR, and PCI-DSS.
• Support internal and external audits by maintaining up-to-date documentation of security practices and controls.
• Ensure alignment between technical operations and regulatory requirements.

Collaboration with Engineering Teams

• Partner with development and infrastructure teams to embed security in DevOps workflows.
• Provide expertise on encryption, access control, and authentication best practices.
• Collaborate to secure cloud-native environments (e.g., AWS, Azure), containerized workloads, and API gateways.

Reporting & Communication

• Generate technical reports and security metrics for leadership, detailing threat trends, vulnerabilities, and remediation status.
• Communicate cybersecurity posture, requirements, and findings to both technical and non-technical stakeholders with clarity.

Qualifications and Skills

Education & Certifications:

• Bachelor’s degree in Cybersecurity, Computer Science, Software Engineering, or a related discipline.
• Professional certifications such as CISSP, CSSLP, CEH, or CompTIA Security+ are highly desirable.

Experience

• 5–8 years of cybersecurity experience, with a strong focus on the following areas:
• Network Security: 3+ years of hands-on experience securing enterprise networks, configuring firewalls (e.g., Palo Alto, Sophos), IDS/IPS systems, and VPNs. Expertise in network vulnerability scanning (e.g., Nessus, Qualys) and analyzing network traffic for threats.
• Cloud Security: 2+ years securing cloud platforms (e.g., AWS, Azure, GCP),including IAM, encryption, and cloud-native security tools. Experience with container security (e.g., Docker, Kubernetes) and securing serverless architectures.
• Cybersecurity Operations: 3+ years managing security operations, including SIEM (e.g., Splunk, QRadar), incident response, and threat hunting. Proven ability to respond to and mitigate security incidents.
• IT Infrastructure Security: 2+ years securing servers, workstations, and endpoints through hardening, patch management, and endpoint protection (e.g., CrowdStrike, SentinelOne). Experience with asset management tools like Axonius to ensure software compliance.
• 2–3 years securing software development environments or applications, with experience in application security testing (e.g., Burp Suite, OWASP ZAP) and DevSecOps practices.
• Familiarity with software supply chain security (e.g., dependency scanning) and securing CI/CD pipelines.

Technical Proficiency

• Hands-on expertise in SAST/DAST tools, EDR platforms, web proxies, and SIEM tools.
• Solid understanding of secure coding principles, application and container security (Docker, Kubernetes), and cloud architecture.
• Proficiency in scripting languages such as Python or Bash for automating security processes.

Soft Skills

• Analytical mindset with the ability to troubleshoot complex technical issues.
• Strong collaboration skills to partner effectively with cross-functional teams.
• Ability to prioritize in a fast-paced, agile development environment.

Over the years, both worked around the clock to build strategic solutions that made a difference in a wide range of AI and automation platforms for businesses. With a track record of successful clients, Winjit sublimed the outreach by establishing a presence at an international level, including the United States, United Kingdom, Australia, South Africa, and Singapore.