About Marvell

Marvell's semiconductor solutions are the essential building blocks of the data infrastructure that connects our world. Across enterprise, cloud and AI, automotive, and carrier architectures, our innovative technology is enabling new possibilities.

At Marvell, you can affect the arc of individual lives, lift the trajectory of entire industries, and fuel the transformative potential of tomorrow. For those looking to make their mark on purposeful and enduring innovation, above and beyond fleeting trends, Marvell is a place to thrive, learn, and lead.

Your Team, Your Impact

What You Can Expect

• Strong track record in driving complex technical security programs across large organizations.
• Strong knowledge in infrastructure security risk-related activities and processes: Identification of critical assets, Analysis of threats & vulnerabilities, Assessment of IT infrastructure risks, and providing recommendations to mitigate the identified risks and application of appropriate countermeasures
• Monitor threat landscape - external facing footprint to perform security posture analysis
• Experience in determining vulnerability risk impact on key objectives and critical processes; ability to link risk management programs and initiatives to inform critical business strategies and processes.
• Conduct risk assessments and reviews for the security of designs considering Marvell's security standards aligned to industry standards such as ISO 27002 and NIST 800-53, compile risk register and track risk remediation plans
• Work on design, implementation, and verification of application security program, including validation of minimum security requirements for the web applications
• Managed third-party risk management programs at large enterprises.
• Monitor risk controls in the domains such as access controls, cloud, backup, recovery, network security, etc.
• Assess adequate access controls based on principles of least privilege and need-to-know, configuration baseline
• Assist in defining and implementing security programs, policies, procedures, and best practices to proactively address security concerns
• Participate in cyber incident responses to provide guidance related to cyber security risks and control assurance
• Assist in the development and delivery of training programs to enhance the awareness and understanding of technical risks among employees
• Experience in creating internal security dashboards and presenting it to the stakeholders
• Measuring ongoing metrics and improvements along with providing actionable intelligence to the extended IT teams
• Ability to analyze and apply information security risk management practices.
• Experience assessing project and technical documentation to ensure compliance with established policies, processes, and procedures
• Partner with Subject Matter Expert (SME) in key third-party risk domains & key functional areas to complete the due diligence as per the defined SLA
• Supporting the GRC team to conduct & manage internal cyber security audits
• Good Network and Security knowledge (Routing & Switching, Firewalls, proxy, VPN, IDS/IPS, and other security products) and understanding of OSI layers in networking and standard/non-standard protocols and service ports
• Sound understanding of Web application technologies, networks, operating systems (Windows, Unix, Linux), firewalls, and security engineering concepts

What We're Looking For

• Bachelor's or Master's degree in Information Technology or related field
• Minimum 14 years of progressive experience in cyber security plus managerial-related role
• Minimum 5-8 years experience in Vulnerability assessment, Configuration Audit, Web, third-party risk management, and Mobile application security in an enterprise environment
• Hands-on experience in conducting security reviews for critical network security controls such as firewalls, WAF, IPS, etc.
• Have a working knowledge of the NIST CSF and RMF frameworks
• Experience with Commercial and open-source IT Security tools like Tenable, Qualys, NMAP, Nessus, Acunetix, BurpSuite, Kali Distro, etc.
• Experience in VAPT, Secure configuration, and hardening based on CIS, OWASP, SANS, and CVE guidelines.
• Experience in working with global teams and time zones, tool vendors, and strong analytical and communication skills.
• Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
• Knowledge of network access, identity, and access management (e.g., public key infrastructure, OAuth, OpenID, SAML, SPML)
• Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning)
• CISSP, CRISC, CEH, OSCP, SANS GIAC GPEN, certification preferred

Expected Base Pay Range (USD)

The successful candidate's starting base pay will be determined based on job-related skills, experience, qualifications, work location and market conditions. The expected base pay range for this role may be modified based on market conditions.

Additional Compensation and Benefit Elements

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Any applicant who requires a reasonable accommodation during the selection process should contact Marvell HR Helpdesk at TAOps@marvell.com.