FIND_THE_RIGHTJOB.

UST

Specialist I - Information Security

JOB_REQUIREMENTS

Hires in

Not specified

Employment Type

Not specified

Company Location

Not specified

Salary

Not specified

5 - 7 Years

1 Opening

Hyderabad

Role description

Role Proficiency:

With strong knowledge of various applicable compliance standards independently handle internal/external compliance audits and VAPT/Red Teaming assignments. Involve more in the risk assessment and remediations. Effectively communicate with customer to understand the requirements and clearly convey the requirements to team. Handle the assigned tasks with minimal supervision

Outcomes:

Should handle the assigned tasks from the allocated domain with minimal guidance from the leads. (Domain Examples: BCMS Risk assessment incident management HITRUST SOC customer assurance Awareness activities Data Privacy VAPT Red Teaming etc.)

Handle (with minimal guidance from the supervisors) internal/external compliance audits to ensure compliance with ISO 27001/ISO 22301/ISO 27701 requirement as well as process specific requirements.

Responsible for the effective documentation of internal audits (reports) external audit documentation.

Help the team for effective external audit facilitation and the related responsibilities.

Point out the non-conformance areas related to information security with assistance from the supervisor.

Ensure that policies are updated as and when required and eliminate the discrepancies of old policy versions.

Conduct information security awareness training programs for all the employees contractors and approved system users.

Evaluate IT Controls’ implementation and perform Risk Assessment.

Carry out technical vulnerability assessments of IT systems and processes to identify potential vulnerabilities. Make recommendations to control any risks identified and ensure that they are implemented.

Collect review and analyse latest technologies and tools.

Analyse user requirements and steps required to perform the VAPT/Red Teaming.

Interact with and communicate detailed technical requirements to the team.

Lead Security Assessment scoping independently based on security standards like OWASP.

Lead Web Application Penetration Testing Network Penetration Testing Mobile Penetration Testing and Code Review independently based on the guidance from leads.

Learn and understand existing and emerging security management practices.

Independently handle the evidence collection from multiple teams as part of any external audits.

Assist in customer assurance activities.

Assist in the process automation activities.

Mentor and Lead A band employees.

Measures of Outcomes:

Number of internal audits and security assessments conducted per year.

Number of external audit facilitation activities.

Number of Threats/Risks/Vulnerabilities reported per year.

Number of NCs in external audits on assigned domains.

Number of areas of responsibility on cross domains.

Performance of ISMS/BCMS/PIMS/QMS in the responsible centre/regions.

Awareness activities conducted and the percentage of adoption in the responsible centre/regions.

Noticeable initiatives taken to improve the process.

Less than two stake holder escalations.

More than three appreciation from the stakeholders/supervisors.

Outputs Expected:

Documentation:

Policy and Procedure amendments
Awareness training materials
Presentations decks for internal/ external discussions
Audit /Security Assessment reports

Process:

Internal ISMS audits – independently carry out audits
prepare audit reports and ensure timely closure of audit reports

Compliance Audits – Representation in certification audits
conduct preparatory session and evidence collection

Risk Assessment - IT Controls’ implementation and assess risks

Infosec activities – training material
conducting sessions
co-ordinate with other teams for trainings conducting

Customer Assurance – independently handle customer assurance requirements and evidence collection

Policy – Identify discrepancies in the policies and addressing it

Vulnerability Assessment and Penetration Testing/Red Teaming Activities

CM activities

Executing other location responsibilities

Monitoring:

Mentoring and leading A band employees

Training or certifications:

2 per year (1 certification and minimum 1 of UST trainings on ISMS domains)

Skill Examples:

Ability to understand prioritize and escalate tasks to resolve issues quickly and make decisions

Able to interpret all scenarios applicable to the business for identifying the potential risks associated with various functions/services.

Proficiency in Network Security Controls' implementation like IAM IPS/IDS E-Mail Security Controls Cloud Security Controls etc.

Proficiency in Technical Vulnerability Assessment and Management.

Strong compliance auditing knowledge.

Detail oriented customer oriented result delivery oriented analytical thinking

Strong Excel and Dashboard skills.

Excellent Presentation and communication skills

Excellent verbal and written communication skills required including the ability to effectively communicate in both highly technical and non-technical environments

A great problem solver with the knack of coaching others to do the same

Good at working in a team and with other teams

Good time management

A desire for continuous learning and skill development.

Self-motivated and enthusiastic

Knowledge Examples:

Should have a strong understanding of concepts of Information Security Business Continuity and Data Privacy VAPT Red Teaming and various compliance standards.
- Knowledge on ISO and other Compliance standards efficient to evaluate the security controls.
- Knowledge on ISO 22301/27001/9001/27701 Risk Management incident management awareness activities customer assurance etc.
- Knowledge on standard SDLC and project management life cycles.
- Knowledge on the operations of various functional units like HR REFM IT Finance etc. and units involved in IT Asset lifecycle management.
- Expert on security testing standards like OWASP Top 10 SANS 25 etc.
- Good at OWASP cheat sheets and other security frameworks.
- Expert on Linux commands.
- Expert on Scripting Languages like Shell Script Python etc.
- Development and Testing knowledge would an added advantage.
- Hands on experience in RSA Archer Postman Burp Suite Nessus Nmap Genymotion MobSF Drozer etc.
- Good to have Certifications like ISO 27001/22301/9001/27701 Lead Auditor/Implementor CISA CRISC SSCP ECSA (Practical) ECES CHFI OSEE etc.
Additional Comments:
About the Role We are looking for a Google SecOps Engineer with hands-on experience in Google Security Operations (Chronicle SIEM and SOAR) to join our cybersecurity team. The role focuses on maintaining, configuring, and optimizing Google SecOps environments to strengthen threat detection, monitoring, and response capabilities across the organization. The ideal candidate should be experienced in Chronicle and SOAR administration, log source onboarding, and Blindplane configuration as part of Google SecOps data pipeline setup. Key Responsibilities Manage, configure, and maintain Google Chronicle SIEM and Google SOAR platforms. Perform Blindplane configuration and onboarding of log sources to ensure reliable data flow into Chronicle. Onboard and validate logs from various cloud, endpoint, and network sources. Develop and maintain detection rules, parsers, dashboards, and use cases aligned with organizational security goals. Ensure data normalization and parsing follow Google UDM (Unified Data Model) standards. Troubleshoot and resolve issues related to log ingestion, parser errors, and data latency. Collaborate closely with SOC analysts during incident investigations and validation. Work with cross-functional teams to integrate and test new data sources. Maintain accurate documentation for configurations, log source mappings, and SIEM tuning changes. Stay updated on the latest Google Cloud security features, best practices, and Chronicle enhancements. Required Skills & Experience 3–5 years of experience in cybersecurity, security operations, or SIEM engineering. Hands-on experience with Google Chronicle SIEM and Google SOAR. Strong understanding of Blindplane setup, data pipelines, and source integration with Chronicle. Good grasp of SIEM rule creation, tuning, and detection engineering. Experience with GCP services such as Cloud Logging, Pub/Sub, and Security Command Center (SCC). Familiarity with MITRE ATT&CK framework and standard SOC processes. Proficient in log analysis, regex parsing, and troubleshooting log ingestion issues. Strong communication and documentation skills with an analytical mindset. Good to Have Certifications such as Google Professional Cloud Security Engineer, Chronicle Certified Engineer, or Siemplify SOAR Specialist. Experience with other SIEM platforms like Splunk, Elastic, QRadar, or LogRhythm. Exposure to multi-environment data ingestion or hybrid log management and Cribil

Skills

CyberSecurity,Google Secops,SIEM PLatform

About UST

UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.

Similar jobs

Security Engineer

LiveRamp

Hyderabad, Pakistan

4 days ago

Network & Security Engineer- Checkpoint & Fortinet

UST

Hyderabad, Pakistan

5 days ago

Email Security

Tata Consultancy Services (TCS)

Hyderabad, Pakistan

5 days ago

Developer III - Enterprise Solutions (Workday Security)

UST

Hyderabad, Pakistan

5 days ago

Analyst II - Information Security

UST

Hyderabad, Pakistan

5 days ago

AWS Security Engineer

UST

Hyderabad, Pakistan

5 days ago

Senior Cyber Security Professional

LiveRamp

Hyderabad, Pakistan

10 days ago

Term of use Privacy policy