ControlCase

Compliance as a Service

You are here: Home / Company / Careers

Current Openings

IT Audit Manager (QSA)

The IT Security Audit Manager leads security assessments of client IT environments against various industry standards and regulations including PCI, HITRUST, ISO 27001/2, HIPAA, Sarbanes-Oxley, and others. The Audit Manager (QSA) works with the client, and other ControlCase teams, over the life of the project to ensure that security controls are appropriate and compiles the information gathered in a final assessment report.

RESPONSIBILITIES

  • Leads execution of multiple concurrent technology assurance and project audits primarily as engagement supervisor in accordance with rigorous policy and work paper standards and within tight timeframes
  • Assesses key risks and controls and designs innovative and appropriate broad based coverage across a technology and/or business activity, exhibiting exceptional judgment regarding issue identification, issuing draft findings to client management, and drafting and issuing final audit reports with limited guidance
  • Functions as a team leader and is an expert at organizing and leading teams/projects, helping recruit/hire candidates, and on-boarding, training, providing interim performance feedback and helping coach those team members
  • Transfers knowledge and understanding of audit methods and critical/complex business information
  • Develops valuable and trusting relationships with internal business partners by executing efficient audit work and offering suggestions to enhance risk management based on an enterprise-wide view of technology risk management
  • Managing certification projects along with team to ensure clients meet their compliance and certification goals
  • Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks, exposures, define and implement compensating controls
  • Work independently to collect, consolidate and analyze information required for the evaluation of security controls and gaps
  • Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI, HITRUST, ISO 27001/2, HIPAA, Sarbanes-Oxley, etc.)
  • Extensive travel to client sites as needed

DESIRED SKILLS

  • At least 7-8years of experience in an IT security audit, assessment, and/or compliance role
  • Strong knowledge of the PCI-DSS security standards
  • Current or former PCI-QSA certification, with experience preparing and presenting Reports on Compliance (ROCs)
  • Strong background in auditing IT Security controls. Demonstrated leadership and the ability to successfully manage multi-functional or diverse areas
  • One of the following certifications is must: CISM, CISSP, CISA
  • Ability to travel up to 60% annually
  • Excellent project management and time management skills. Capable of tracking and executing numerous parallel activities, work efficiently and independently with minimal supervision
  • Self-motivated and self-enabler
  • Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
  • Outstanding problem solving and analytical skills with ability to turn findings into strategic imperatives
  • Ability to communicate effectively, in both written and verbal formats, with senior executive-level leaders

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

PCI Qualified Security Assessor (QSA)

The PCI QSA performs security assessments of client IT environments against various PCI SSC standards and regulations including PCI DSS, PA-DSS, P2PE etc. The PCI QSA performs these assessments both remotely and at client sites, gathering evidence of controls in place to assess the controls and identify gaps.

RESPONSIBILITIES

  • Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks and vulnerabilities within the client environments
  • Able to analyze cardholder data flows (business and application data flows) and accordingly identify the risks to cardholder data
  • Provide in-house training to clients on PCI DSS awareness
  • Work independently to collect, consolidate and analyze evidences of clients PCI DSS compliance and meet the internal quality assurance requirements
  • Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI DSS, PA-DSS, P2PE.)
  • Extensive travel to client sites as needed

DESIRED SKILLS

  • Bachelor’s degree in telecommunications or in computer science. A specialization in information assurance is preferred
  • At least 5 years’ overall experience in information security
  • Ability to review network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) configurations and analyze network architectures
  • Ability to review system hardening (Servers/ Virtualization Devices/ Cloud Infrastructure/ Databases)
  • In-depth knowledge and experience in IT Security, including access controls, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption and key management best practices etc.
  • In-depth knowledge and experience with PCI DSS, Risk Management Standards (OCTAVE/ NIST/ISO)
  • Either of the following certifications is mandatory: CISSP/ CISM/ CISA/ GIAC GSNA
  • Good knowledge of common office tools
  • Excellent in English – written and spoken
  • Good project management and time management skills

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

IT AUDITOR

The IT Security Auditor performs security assessments of client IT environments against various industry standards and regulations including PCI, Hitrust, ISO 27001/2, HIPAA, Sarbanes-Oxley, and others. The IT Security Auditor performs these assessments both remotely and at client sites, gathering evidence of controls in place to assess the controls and identify gaps. The Auditor works with the client, and other ControlCase teams, over the life of the project to ensure that security controls are appropriate and compiles the information gathered in a final assessment report.

RESPONSIBILITIES

  • Interface with clients to review and analyze complex systems (Applications, operating systems, databases, and Networking devices), to identify risks, exposures, define and implement compensating controls
  • Work independently to collect, consolidate and analyze information required for the evaluation of security controls and gaps
  • Produce final reports on compliance to detail the controls observed during security assessments in accordance with various security standards and regulations (PCI, Hitrust, ISO 27001/2, HIPAA, Sarbanes-Oxley, etc.)
  • Extensive travel to client sites as needed

DESIRED SKILLS

  • Bachelor’s degree in telecommunications or in computer science. A specialization in information assurance is preferred
  • 3-5 years’ experience in IT security operations
  • In-depth knowledge and experience in IT Security and Telecommunications, including access controls, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, etc.
  • In-depth knowledge and experience with ISO 27000 series, PCI DSS, HIPAA, SOX and risk analysis methodologies and security standards
  • The following certifications are an asset: CISSP, CISM and CISA
  • Good knowledge of common office tools
  • Proficient in English – written and spoken
  • Good project management and time management skills

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

APPLIANCE – APAC & AMERICAS (LOCATION: MUMBAI, INDIA)

RESPONSIBILITIES

  • Able to multi-task and deliver consistently on deadlines.
  • To optimize System performance of SIEM, will be able to provide analysis report to team.
  • Able to roll-out changes across the Board with accuracy.
  • Should be able to act as a Single point of contact for the technical tower in front of the customer management. Ensure proper communication and quick resolution as a crisis manager.
  • Drives day to day operations and work plan allocation/management.
  • Take corrective actions based on the customer satisfaction surveys.

DESIRED SKILLS

  • Expert in Linux operating system any flavor (Red Hat / Ubuntu)
  • Have a solid working knowledge of networking technology and tools, firewalls, proxies, and the OSI Model, including TCP/IP protocols and standards
  • Effective communication (written, verbal and listening), organization and time management skills.
  • Willing/able to handle the client
  • Experience on handling client facing environment.
  • Knowledge of SIEM and information security will be an added advantage.
  • Willing and able to travel (up to 50%)

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

SIEM OPERATION ENGINEER (LOCATION: MUMBAI, INDIA)

RESPONSIBILITIES

  • Study current status of Logging for a customer and bring them to expected state to ensure they are using latest version of ControlCase SIEM, parsing of logs etc. in a predefined period.
  • Develop, Support and Enhance event parsing, log collection and storage, compliance automation and identity monitoring activities.
  • Develop & Enhance processes and procedures around security event management.
  • Configure queries, correlation rules, dashboards, alerts, searches, reports, etc., based on operating systems, platform, data type, and other reporting elements.
  • Troubleshoot log collection from networking devices, operating systems, databases, security applications, and more.
  • Gather and understand technical requirements related to functionality, design, and integration.
  • Install and configure the SIEM including all its components, local & or remote log collectors.
  • Plan & execute SIEM migration activities.
  • Identify, design & implement use cases to address PCI compliance along with specific enterprise security requirement.
  • Preferred Certification: CEH, RHCSS, GIAC, GCIH, GCIA, GREM, SANS.

DESIRED SKILLS

  • Expertise with use of regular expressions.
  • Knowledge of building and managing SIEM rules, reports and offenses.
  • TCP/IP, LINUX operating system and features such as vi, iptables, ssh, cat, tail, grep etc
  • Knowledge about security technologies such as firewalls, encryption using keys, SSL, HTTPS, SSH, intrusion detection, routing switch ACLs, VLAN, Span Ports, Network IDS / IPS platforms.
  • Knowledge of building and managing SIEM rules, reports.
  • Experience with enterprise SIEM architecture and components.
  • Experience with either Alien Vault, AccelOps, Qradar, Splunk, Nitro, LogRythm, ArcSight, OSSIM or others will have added advantage.
  • You need to be dedicated, smart & hunger for learning/experimenting with new technologies/tools etc. Good interpersonal, verbal and written communication skills. Result oriented with good analytical skills.
  • Ability to exercise prudent judgment and offer knowledgeable advice. Ability to work both independently and in a team environment.
  • Knowledge on Security standards like PCI-DSS, ISO 27001, etc.
  • Have a solid working knowledge of networking technology and tools, firewalls, proxies, and the OSI Model, including TCP/IP protocols and standards.

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.

CaaS – SECURITY TESTING CONSULTANT (LOCATION: MUMBAI, INDIA)

RESPONSIBILITIES

  • Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for our global clients
  • Review and define requirements for information security solutions
  • Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications)
  • Participate in Security Assessments of networks, systems and applications
  • Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets

DESIRED SKILLS

  • Familiarity with vulnerability scanning techniques
  • Experience with various security tools and products like Nessus, Nexpose, Metasploit, nMap
  • AppScan, BurpSuite, Wireshark and tools available on Kali Linux
  • Broad expertise with multiple operating systems such as Linux and Windows, and network services (HTTP, Databases, etc.) and their inherent security issues
  • Vulnerability analysis and application reversing skills
  • Understanding of cryptography principles
  • Ability to present complex, technical information to a variety of audiences, both technical and non-technical, in written and/or oral formats
  • Proficient in the use of word processing and spreadsheet based toolsets

WHAT YOU NEED TO DO NOW

If this looks like an opportunity you’d be interested in right now, please share your updated resume at jobs@controlcase.com, mentioning the Position title in the Subject Line.
If you feel you know someone who would be a good fit for this job, please feel free to pass along this job posting.