Hexaware is a dynamic and innovative IT organization committed to delivering cutting-edge solutions to our clients worldwide. We pride ourselves on fostering a collaborative and inclusive work environment where every team member is valued and empowered to succeed.
Hexaware provides access to a vast array of tools that enhance, revolutionize, and advance professional profile. We complete the circle with excellent growth opportunities, chances to collaborate with highly visible customers, chances to work alongside bright brains, and the perfect work-life balance.
With an ever-expanding portfolio of capabilities, we delve deep into and identify the source of our motivation. Although technology is at the core of our solutions, it is still the people and their passion that fuel Hexaware's commitment towards creating smiles.
"At Hexaware we encourage to challenge oneself to achieve full potential and propel growth. We trust and empower to disrupt the status quo and innovate for a better future. We encourage an open and inspiring culture that fosters learning and brings talented, passionate, and caring people together."
We are always interested in, and want to support, the professional and personal you. We offer a wide array of programs to help expand skills and supercharge careers. We help discover passion-the driving force that makes one smile and innovate, create, and make a difference every day.
The Hexaware Advantage: Your Workplace Benefits • Excellent Health benefits with low-cost employee premium. • Wide range of voluntary benefits such as Legal, Identity theft and Critical Care Coverage • Unlimited training and upskilling opportunities through Udemy and Hexavarsity
Who we are?
At Hexaware Technologies, we are a leading global IT Services company, dedicated to driving digital transformation and innovation for businesses around the world. Founded in 1990, Hexaware has grown into a global trusted partner for enterprises, offering comprehensive AI empowered services including IT Consulting, Application Development, Infrastructure and Cloud Management and Business Process services.
At Hexaware we are a community of creative, diverse, and open-minded Hexawarians creating smiles through the power of great people and technology.
We pride ourselves on our people-centric culture and commitment to sustainability. Our diverse team of over 30,000 professionals across 30 countries is driven by a shared passion for innovation and excellence. We foster a collaborative environment where creativity and continuous learning are encouraged, enabling our employees to thrive and grow.
What would you do?
The Consultant will provide experienced application logging consultants with deep technical skills for Client's Application Logging and Monitoring Audit Issue Remediation initiative. These services will follow the guidance provided by Client's Cyber Defense team and comply with FHFA regulations, Client policies, and relevant industry standards, as provided at Client's discretion. The Consultant will support a large-scale effort focused on gathering and analyzing security logs from over 433 business applications and 36 high-risk systems, including SaaS, Commercial of the shelf (COTS), Cloud and internally developed applications. This will involve interviewing Subject Matter Experts (SMEs) from each business unit, completing detailed questionnaires on available logs, developing logging strategy for each individual application, onboarding existing logging mechanisms into the Splunk environment, developing logging strategy and architecture for SaaS and cloud applications using SaaS posture management products and Cloud Access Security Broker (CASB) and assisting with the development of a backlog and exception process as needed.
Specifically, the Services may consist of, but not be limited to providing assistance with the following activities and providing all relevant Deliverables in the performance of such Services:
Responsibilities:
Develop a project plan to conduct application logging capability review against Client provided application risks indicators, audit requirements and application architecture specific industry standards for Cloud, SaaS, COTS and on-prem custom applications.
Conduct interviews with application SMEs to understand logging capabilities of each in scope application.
Develop and administer questionnaires to capture detailed information about each application's logging structure and security events.
Identify and document available security logs for the specified scopes: Access Account Changes, Authentication, Authorization Failures, Access to Restricted Data, Data Export, Input Validation Failures, Object Creation / Deletion, and Privilege Escalation.
Catalog the application specific data to integrate into a business intelligence and reporting tool
Collaborate with cross-functional teams to prioritize and manage a backlog of logging enhancement initiatives.
Provide recommendations (based on Client direction) regarding development of remediation alternatives for gaps identified during interviews
Document exception plans as per Client audit documentation standard for applications which cannot meet application logging audit requirements
Recommend application logging and continuous monitoring design and architecture (based on Client direction) which can be automated using existing SIEM tools and industry leading technologies for SaaS applications like SaaS Posture Management Platforms
Ensure designed architecture can be integrated with Client Enterprise Security architecture specifically SIEM, Identity, DLP and CASB platforms
Provide recommendations to both internal teams, COTS and SaaS application vendors for future log enhancements based on findings from interviews and assessments.
Required Skills:
Strong understanding of application security principles and logging best practices
Knowledge of SaaS native application security architectures (Salesforce, Workday, M365, ServiceNow and other enterprise SaaS applications
Knowledge of various application types (SaaS, COTS, in-house) and their logging capabilities.
Experience with log management and analysis tools, specifically Splunk
Experience with CASB for end-to-end log analysis and visibility of Cloud and SaaS applications
Familiarity with FFIEC compliance and regulatory requirements related to security logging and monitoring.
Experience with identification of controls, operational auditing techniques, risk assessments, business process and internal IT control documentation and testing, gap identification, selection and implementation of related tools (GRC).
Background in conducting interviews, assessments, and documentation for large-scale projects.
Ability to work independently and manage multiple tasks effectively.
Excellent communication skills, with the ability to engage with technical and non-technical stakeholders.
Prior experience in a similar role within financial services or regulated industries.
Certification in information security (e.g., CISSP, CISM) is a plus.
What you'll get from us:
Insert US/employee benefits here e.g.: • Competitive Salary • Company Pension Scheme • Comprehensive Health Insurance • Flexible Work Hours and Hybrid Work Options • XX days paid annual holidays + public holidays. • Professional Development and Training Opportunities • Employee Assistance Program (EAP) • Diversity, Equity, and Inclusion Initiatives • Company Events and Team-Building Activities
Equal Opportunities Employer:
Hexaware Technologies is an equal opportunity employer. We are dedicated to providing a work environment free from discrimination and harassment. All employment decisions at Hexaware are based on business needs, job requirements, and individual qualifications. We do not discriminate based on race including colour, nationality, ethnic or national origin, religion or belief, sex, age, disability, marital status, sexual orientation, parental status, gender reassignment, or any other status protected by law. We encourage candidates of all backgrounds to apply.