Bangalore, Karnataka, India
Information Technology
Michelin
Overview
App security analyst 1
- - - - - - - - - - - -
MISSION
As part of the Michelin Group's Cybersecurity Expert (Business Support, Business Protection, Promotion of Responsible Security Behavior), in a field defined by the Michelin (Department DOTI) for ISIT security activities at DOTI and as a member of the CSSI team at DOTI :
- He/she is the privileged point of contact for all security aspects of his/her entity and liaises with his/her management team for the implementation of and compliance with security rules and practices.
- Together with DOTI/SSI, he/she defines the security roadmap for his/her entity, communicates it and contributes to its adoption.
- Provides the necessary support to project teams and day-to-day operations to ensure that security requirements are effectively implemented (e.g. follow-up of action plans following penetration tests, MGSR (security guidelines by Michelin).
- Deploys the “Security by design” approach within the entity and contributes to security education and training, which includes but not limited to SAT (security acceptance testing), vulnerability management, obsolescence management, patch management, enforcement of strong authentication and security by design framework.
- Participates in the network of entity security correspondents and monitors the various ad-hoc subjects initiated with Group Security.
- Maintains a technological and innovation watch for elements specific to his entity in terms of safety, in line with the entity's needs and requirements (for all non-specific matters, other entities oversee safety watch).
- Conducts and provides first-level support for risk analysis within the entity's application perimeter and contributes to vulnerability detection and remediation (EBIOS analysis, vulnerability scan follow-up, patch forum).
- He/she contributes to the dissemination and evangelization of best practices and safety regulations, by coordinating a network of safety contacts within his/her entity.
- He/she will act as backup to the Team Lead technical team.
KEY EXPECTED RESULTS
PERFORMANCE MEASUREMENT
1 Security by design enforcement
- All projects should follow the best practices of SecByDesign, max deviation should not cross 0.02% defects
2 Vulnerability & Patch management
- Maintain the N-1 cycle and approach and ensure all assets, library and platform is updated with latest patch
3 Security Acceptance Testing
- All project should qualify the specific security requirement on project and should not over-cross the requirement
4 Obsolescence Management
- Life-cycle management of all ISIT assets, platform, OS, DB, Middleware, front-end, back-end and libraries
- Deviation should be mitigated within stipulated time-frame, maintain proactive eol and eos information and communicate with business for refresh
5 Security Authentication / Privilege management
- Strong security authentication for integrated system and human interacted software systems, if user is privilege then it must go thru MFA or Passwordless authentication mechanism.
- Generic ID’s and PKI certificate life-cycle should be maintained and managed within due course of time-line.
MAIN ACTIVITIES
By following security charter & process:
- Identifies evolution of critical assets and local points of contacts.
- Contributes to cybersecurity plan and evolutions of cybersecurity methods.
- Select CIS Framework controls, validate what is needed with respect to business services & solution
- Lead the business team to create right synergies between core security team and PNI security team
- Work with the business to promote a culture of Risk awareness and control and to ensure consistency of practice and approach.
- Being proactive to provide right learning content to your team of developer to adopt the security by design framework
- Ensure the implementation of good security practices by dev/indus/test/operation teams, including in devops mode.
- Ensure regular reviews of user accounts on the scope of consolidation to ensure a good level of security
- Ensure regular reviews to ensure that the observed scope is compliant and that there is no shadow IT, identify the possible shadow IT.
- Verifies project security architectures in conjunction with the DOTI and group security teams.
- Controls the security level of dev/indus/test/prod environments and compliance with security rules for multi-tenant cloud environments and outsourcing actions.
- Ensure timely creation of roadmap and leading discussion with business to ensure all platforms are refreshed on timely manner, OS/DB’s are updated once they are reaching their life-cycle, middleware, libraries are refreshed and used as and when they become obsolete
- Follows up progress of corrective action plans until closure.
Similar Jobs
View All
2 Hours ago
Program Manager
Information Technology
- 15 - 18 Yrs
- Gurgaon / Gurugram
We’re Hiring | Program Manager
Location: Gurugram, India
Domain: Program Management | Digital Systems | Java/.NET | Agile | Fintech/Supply Chain
Are you a strategic thinker with deep experience in program management of digital products? We’re lo...
2 Hours ago
Technical Fullstack Architect - Node.js
Information Technology
- 50,00,000 - 60,00,000 INR - Annual
- 12 - 18 Yrs
- Hyderabad
About the Role:
We are seeking a Fullstack Technical Architect with deep expertise in backend development using Node.js and proficiency in frontend technologies like React or any modern JavaScript framework. You will play a key role in building an...
3 Hours ago
Principal Engineer - Fullstack
Information Technology
- 30,00,000 - 40,00,000 INR - Annual
- 8 - 12 Yrs
- Mumbai
Looking for candidate who is enthusiastic to work in a Startup environment and build things from Scratch individually
Candidate has past experience in scalable consumer facing applications managing latency and traffic FullStack Individual Contribu...
3 Hours ago
Asst. Manager / Dy. Manager – Talent Acquisition
Automotive
- 4,00,000 - 8,00,000 INR - Yearly
- 4 - 8 Yrs
- West Bengal
We are looking for dynamic and experienced professionals for the Talent Acquisition team at our Kharagpur Plant location. The incumbent will be responsible for managing the full-cycle recruitment process for both technical and functional roles across...
1 Day ago
Data Analyst (Kannada Speakers)
AI & Machine Learning Advancement
- 1 - 1 Yrs
- Karnataka, India
For thousands of years, maps have provided humans with the knowledge they need to make decisions. As a Maps Evaluator, you will have the opportunity to provide ground truth for your town, city or country.
At Peroptyx, we are looking for Data Ana...
1 Day ago
Data Analyst (Telugu Speakers)
AI & Machine Learning Advancement
- 1 - 1 Yrs
- Andhra Pradesh, Telangana, India
For thousands of years, maps have provided humans with the knowledge they need to make decisions. As a Maps Evaluator, you will have the opportunity to provide ground truth for your town, city or country.
At Peroptyx, we are looking for Data Ana...
1 Day ago
Solution Architect – Databricks
Information Technology
- 40,00,000 - 50,00,000 INR - Annual
- 9 - 15 Yrs
- Mumbai
Summary role description:
Hiring for a Solution Architect – Databricks for global technology consulting and system integration firm specializing in data engineering, AI and ML.
Company description:
Our client is a US-headquarte...
1 Day ago
Interesting Job Opportunity: Utilli - Full Stack Developer - Node.js/React.js
Information Technology
- Bangalore, Karnataka, India
Job SummaryWe are seeking a highly skilled Full Stack Engineer to lead a team of developers in building and maintaining scalable web applications. This role requires a hands-on leader with deep expertise in JavaScript frameworks and modern developme...
Talk to us
Feel free to call, email, or hit us up on our social media accounts.
Email
info@antaltechjobs.in