Our SaaS product is deployed on AWS. We have a small in-house technical team (in Canada) that built and supports the product. This team defined the deployment architecture and setup the AWS network. Our product handles highly sensitive, personal and corporate data. We require a security professional to assist in the following:
1. Penetration testing: (application and AWS network). Report all vulnerabilities and assist/collaborate with our team in mitigation strategies.
2. Network / Deployment audit: Heuristic + technical audit of our deployment and network architecture to ensure we are following best practices and not exposing unnecessary risks.
3. Security framework compliance: Assist in becoming compliant with a framework or standard that is appropriate to our business. Assist in framework selection (could include ISO27001, SOC2, GDPR, GLBA, COBIT, PCI, NIST or other.). Help evaluate compliance vs certification.
Your background:
* Network penetration testing
*CEH (certified ethical hacker or equivalent)
*Experience assisting with the compliance/certification in multiple frameworks (i.e. ISO, SOC, GDPR, etc)
*Certification in at least one or more of: AWS Architecture, CISA, CISSP or equivalent
What we need from you:
1. High level overview of your approach
2. Brief summary of past similar experience (link to Toogit or external project list is fine)
Our process:
* Review all responses
* Reply with any questions we have
* Setup a brief phone call (15-20 mins) with sort-listed candidates.
About the recuiterMember since Mar 14, 2020 Sudhir Vashist
from Kerala, India