< NULLCON 2023 - Berlin />

Resume and Career Clinic

RESUME

Resume and Career Clinic

< Date: />

24th September 2023

< Time: />

10:20 AM to 11:45 AM IST

< Venue: />

Birla Institute Of Technology And Science, Goa, India

< Application Last Date: />

15th September 2023

< Introduction: />

The first step towards a new job or change in career in any industry is to have a proper resume—and Infosec is no different. It is always a great thing to have a solid resume of your skills and experience to make an impression on the hiring team.

At Nullcon, we have a focused track with guidance to provide the necessary tools and knowledge required for infosec job search, career development, and advancement. Resume reviews and career guidance sessions provided by industry recruiters and leaders.

Our community reviewers who have a huge amount of combined experience in interviewing, and vetting candidates are ready to put their experiences to work to help you by providing feedback and guidance.

Sign up for resume review and career guidance (Walk-ins will be allowed on first come first serve basis based upon availability) Please bring a paper copy of your current resume or your own laptop with a digital copy (no USB).

< Mentors for Resume and Career Clinic: />

Abhisek Datta - Maintainer, SafeDep; Previously Sr. Engineering Manager, Chargebee

Alan White - Head of Managed Defense Consulting, Google

Anant Shrivastava - Founder, Cyfinoid Research

Devesh Bhatt - Cybersecurity Leader, Adobe

Neelu Tripathy - Independent Security Consultant

Prashant Mahajan - Director, Payatu Australia Pty Ltd

Riyaz Walikar - Co-Founder, Kloudle

Vikas Goyal - Sr. Director IT and Cybersecurity, FIS

Speaker

Talk Title: The Career Switch: From QA to Cybersecurity Professional with Riddhi Shree

If you feel lost, let's talk, for my journey began from the same spot. What you know matters less than what you want to know.

Date: 24th September 2023
Time: 10:20 AM IST to 10:40 AM IST

Infosec

Infosec Jobs by our Sponsors & Partners

< Job Role: />

Staff Product Security Engineer

< Location: />

Hyderabad

< Technical Requirements: />

Container security, K8S patterns, Cloud service creation, deployment and operation, and security best practices in the cloud.

< Job Description: />

As a member of the DevSecOps team, you will design, develop, operate, and scale of our Enterprise Container Security program, providing container security services across ServiceNow. In addition, you’ll be able to apply your container security knowledge to our own containerized services for SAST, DAST, and SCA by helping with the development, deployment, integration, and scale of these services at ServiceNow. You will work closely with ServiceNow Security Organization, Build Engineering, Tools Engineering and Infrastructure Operations teams to build a world-class Enterprise Container Security program as well as deploy and maintain scalable containerized system images for application security toolchains.

< What you get to do in this role: />

  • Work closely with internal customers to build “paved roads” to easily onboard products to the container security program
  • Build, deploy, operate, and scale tools and processes that support the Container Security Program
  • Build and maintain automations to assist on-demand autoscaling services for our security services (SAST, SCA, DAST) using Kubernetes and AWS
  • Integrate vulnerability management services into Jenkins build jobs and the ServiceNow ALM platform
  • Support Security Champions Program relating to CI/CD integrations

Click here to learn more about the job https://smrtr.io/dz2zP

< Contact email: />

[email protected]

< Job Role: />

Incident Response Analyst

< Location: />

Hyderabad

< Technical Requirements: />

Splunk, SOAR knowledge, Public Cloud (AWS/Azure)

< Job Description: />

The Global Incident Response (GIR) team consists of three units: Triage, Incident Response and Incident Command.

You will be joining the Triage team as an Information Security Analyst monitoring the tools and systems that defend ServiceNow’s production and corporate environment.

  • Global Triage team is responsible to provide 24x7x365 continuous monitoring of correlated security event feeds and the appropriate triage and escalation in case of an identified security incident.
  • Triage team is the primary contact for any suspected security incident and works together with the Incident Response team on resolving incidents and remediating threats across Servicenow enterprise
  • Define relationships between seemingly unrelated events through deductive reasoning, come up with ways to do things faster, better and more effectively while maintaining a laser focus on quality.
  • You will work on a geographically diverse team to respond to threats that may arise against our infrastructure, and track incidents to closure, working across functional teams.
  • You may be called upon to assist with the deployment, integration and initial configuration of new security solutions or enhancements to existing security solutions; including network, and systems to improve overall platform security.
  • You will be required to engage an escalation point of contact in the On-Call rotation, to ensure that Global Incident Response team can respond to priority incidents in a timely manner, and must be willing to work weekend shift and hours outside of standard business hours, if necessary.
  • This role is a 18*7 role from Hyderabad which requires you to work in morning & afternoon shifts during holidays and weekends

Click here to learn more about the job https://smrtr.io/dz2zP

< Contact email: />

[email protected]

< Company: />

Microsoft

< Job Role: />

Senior Security Incident Handler

< Location: />

Hyderabad, Telangana, India

< Technical Requirements: />

  • 7+ years of experience in software development lifecycle, large-scale computing, modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), and/or operations incident response.
  • Demonstrated ability to communicate complex and technical issues to diverse audiences, orally and in-writing, in an easily understood, authoritative, and actionable manner.

< Job Description: />

  • Performing cyber defense incident and/or vulnerability triage to determine scope, urgency, and potential risk impact.
  • Make high-stake decisions that enable expeditious remediation of risk to protect customers and Microsoft.
  • Track and document cyber defense incidents from initial escalation through final resolution.
  • Provide tactical security decisions and coordinate enterprise-wide cyber defenders to resolve incidents.
  • Send timely and clear executive updates explaining the risk to customers and Microsoft.
  • Advise and validate customer notifications and/or authoritative security guidance for customers.
  • Conduct incident analysis, produce reports, and briefs informing threat landscape trends and future investment areas to improve security.

< Contact email: />

https://jobs.careers.microsoft.com/global/en/job/1577526/Senior-Security-Incident-Handler

< Job Role: />

Security Operations Engineering IC3

< Location: />

Hyderabad, Telangana, India

< Technical Requirements: />

  • 5+ years of experience in security domain with 2+ years of Threat Hunting experience.
  • Exceptional operational rigor with real-world experience in SOC operations / Threat hunting / Incident Response.
  • Excellent technical writing and oral communication skills.
  • Ability to partner with stakeholder teams.
  • Systematic problem-solving mindset

< Job Description: />

  • Conduct investigations into major and critical security incidents affecting Microsoft.
  • Proactively hunt for threats within Microsoft's infrastructure and identify advanced persistent threats (APTs).
  • Discover potential automation opportunities or insights to enhance operational efficiency.
  • Manage critical stakeholder calls and meetings (including non-business hours) while addressing critical incidents.
  • Possess extensive knowledge of security concepts including cyber-attacks, techniques, threat vectors, risk management, and incident management.
  • Collaborate and advise product teams on enhancing Microsoft's first-party security products by offering actionable feedback for improvement.
  • Cultivate a positive and inclusive team environment, acting as a mentor and facilitator to develop a world-class cybersecurity team.

< Contact email: />

https://jobs.careers.microsoft.com/global/en/job/1616500/

< Company: />

Schneider Electric

< Job Role: />

Cybersecurity Penetration Tester R&D

< Location: />

Bangalore

< Technical Requirements: />

  • Bachelor's degree in Computer Science, Information Security, or related field. Relevant certifications (e.g., OSCP, OSCE, SANS GPEN, GXPEN, CRT) are a plus.
  • Knowledge of programming languages such as C, C++, Java, .Net or Javascript.
  • Knowledge of Windows and Linux, basic security, and networking principles.
  • Knowledge of reverse engineering tools, debuggers, and dynamic analysis techniques.

< Job Description: />

  • Lead engagements from kickoff with product owners through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines.
  • Experienced working with embedded systems and their respective security assessment.
  • Experience in network penetration testing, web, mobile (Both Android & iOS) and thick client penetration testing. (Recommended to have expertise in at least 2 domain)
  • Perform exploit and vulnerability research on Schneider electric products.
  • Knowledge of TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred.
  • Knowledge of at least one scripting language such as python, shell script, ruby, javascript etc.
  • Research fuzz testing tools and conduct penetration test on a variety of Schneider Electric products via communication interfaces such as Modbus, Wi-Fi, Bluetooth, and others.
  • Strong background in reverse engineering skills (Familiarity with IDA, Ghidra, etc.)
  • Ability to develop detailed PoC’s , train product teams and promote security awareness.
  • Stay up to date on the latest exploits and security trends.

< Contact email: />

[email protected]

[email protected]

< Job Role: />

Hardware Penetration Tester R&D

< Location: />

Bangalore

< Technical Requirements: />

  • Bachelor's degree in Computer Science, Information Security, or related field. Relevant certifications (e.g., OSCP, OSCE, SANS GPEN, GXPEN, CRT) are a plus.
  • Conduct process assessments (IEC 62443) and hacking activities on systems, products, solutions, and services
  • Conduct IT and OT cybersecurity vulnerability assessments and penetration testing
  • Penetration testing for IoT systems and their associated software (firmware, drivers, and applications), Responsible for supporting all cyber exploit development
  • Review hardware and software designs from a security point of view
  • Experience with embedded or real-time operating systems, and/or wireless infrastructure (Zigbee, Bluetooth, Radio Frequency, Cellular/4G/5G, WiFi) and tools (Ubertooth, HackRF, OpenSniffer)

< Job Description: />

  • 2+ years of experience in hardware hacking or embedded systems hacking.
  • Hardware security(JTAG, internal bus systems), kernel hacking, and reverse engineering
  • Excellent interpersonal skills
  • Familiarity with reverse engineering tools, debuggers, and dynamic analysis techniques
  • Be able to read C, C++, and assembly to find security-related issues
  • Have experience with Infrastructure Control Systems/Supervisory
  • Experience with scripting languages such as bash, PERL, Python, ruby, vb/wscript or powershell

< Contact email: />

[email protected]

[email protected]