1692 Cloud Security Jobs - Page 41

Hireflex247 provides top-tier tech consultants to global clients across the UK and Europe. We re currently hiring Cyber Security Engineers who are passionate about automation, cloud security, and building secure systems at scale. What You ll Work On Improve and automate cloud infrastructure security Perform threat modeling and risk assessments Build tools to detect and fix security misconfigurations Collaborate with DevOps and engineering teams to secure CI/CD pipelines Drive security reviews and ensure compliance (GDPR, NIS2, ISO27000) Key Skills We re Looking For Automated Security Testing (SAST, SCA, IaC, Container Scanning) CI/CD Tools GitHub Actions, Azure DevOps Cloud Platforms Google Cloud Platform (GCP) or Azure Strong understanding of API Security and Infrastructure Security Kubernetes & Infrastructure-as-Code (e.g., Terraform) Familiarity with Compliance Standards (GDPR, ISO27001, etc.) DevSecOps experience Security Architecture and Design Review skills Passion for reducing risks and building secure systems at scale Job Type: Job Location: Apply for this position Are you willing to work & report at Flexible hours? * Allowed Type(s): .pdf, .doc, .docx Years of Experience LinkedIn Profile Link * By using this form you agree with the storage and handling of your data by this website. *

About Us . Role Summary The Channel Account Manager (CAM) is accountable for managing our Growth Sophos partners for the West and South Region. They are responsible for developing joint business plans with partners to hit revenue and profitability targets by developing MDR services, MSP and next-gen portfolio opportunities, as well as new logo, up-sell, cross-sell and renewal conversations with existing customers. What you will do Develop relationships at all levels across the partner for West and South region to drive revenue growth and profitability; particularly for mid-market customers, MSP and Managed Detection and Response (MDR). Build and execute business plans that identify, develop and close incremental opportunities to deliver outstanding growth for the partner and Sophos. Enable partners to take full advantage of Sophos comprehensive solution and services portfolio to improve their customer s security protection and response. Directly support partners to qualify and close complex customer deals, engaging wider sales and sales engineer teams where required to gather insights and ensure accurate business forecasting. Own and manage the frequent joint business review and planning process between Partners and Sophos decision makers, incl. clearly defined KPI s and SMART goals with agreed outcomes. Collaborate to develop marketing plans with partners to drive incremental sales pipeline ensuring high return on investment from activities like lead gen campaigns and events. Coordinate the involvement of Sophos staff, including product management, sales, SE, marketing, support, service, and management resources to meet partner performance objectives and partner expectations. Drive high renewal rates by ensuring partners focus on their renewals and build an engagement plan to align Sophos and Partner teams, identify new business and cross sell opportunities. Motivate, educate, and ensure Partner sales and technical staff are go-to-market ready, provide access to certification and training materials and develop an enablement plan. What you will bring 8-10 years of Cybersecurity Channel Sales experience and managing West South territory Strong experience working with Partners Distributors in IT Security Experience coordinating selling security solutions. Should have prior CRM experience (preferable Salesforce) Prior experience on Power BI and Microsoft office Strong prior experience in partner presentation and enablement #LI-Hybrid #B1 Ready to Join Us At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they dont check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Dont let a checklist hold you back - we encourage you to apply. Whats Great About Sophos Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information. Our people - we innovate and create, all of which are accompanied by a great sense of fun and team spirit Employee-led diversity and inclusion networks that build community and provide education and advocacy Annual charity and fundraising initiatives and volunteer days for employees to support local communities Global employee sustainability initiatives to reduce our environmental footprint Global fitness and trivia competitions to keep our bodies and minds sharp Global wellbeing days for employees to relax and recharge Monthly wellbeing webinars and training to support employee health and wellbeing Our Commitment To You We re proud of the diverse and inclusive environment we have at Sophos, and we re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know. Data Protection If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

About Us . Role Summary MDR Sales Lead is an overlay Sales function. The person would be a second layer of specialised engagement with the existing Enterprise customers, prospects and is expected to have an in-depth understanding of the managed security services and market opportunity available. Person should be able to position the MDR services effectively and appropriately with the customers and build the business opportunity for Sophos India working closely with all the stakeholders across the Globe. What you will do As the Sales Leader for MDR Services, you would be the lead for Services Sales for the country. You will be a part of defining the strategy for MDR Services growth in India, strengthen key relationships with C-level executives, build visibility for and expand business for Sophos India MDR Services. You will work closely with Regional Heads and Sales Leaders for the Account/partner management teams, Presales and Solution Leaders and drive the right engagement with customers to showcase the strength of the Sophos MDR services. You will also partner with other functional teams across Product, Compliance, Operations and Enablement to remove barriers and ensure flawless execution and success of the customer engagement. The ideal candidate will possess Sales and Technical knowledge with exposure to sales and delivery of Security Services that enables him or her to develop and execute the plan, to meet Order and Revenue objectives. The person is also expected to be a self-starter who will elevate the conversation with customers to strategic levels and build long standing relationships for Sophos India. Develop and execute the plan to meet and exceed book of orders Revenue targets. Effectively position Sophos MDR Services You should possess excellent inter-personal skills to seamlessly collaborate with the entire Sales team. Manage all the moving parts of the business with the relevant stakeholders Opportunity ownership and qualification / creation of funnel, forecast deal closures. Provide Market insights and competition updates to stakeholders. Maintain operational discipline in all execution parameters; respond to all weekly, monthly, quarterly updates in time as may be expected on an on-going basis. Support Sales team effectively through regular conversations and support them in handling their respective customer patches effectively to enable them to meet their targets and objectives. Handle training activities with the sales teams as may be required. What you will bring Min 5-10 years of Cyber security industry experience with minimum 5 years in security services selling. Any Security certifications will be an advantage, but not a must. Must show demonstrable experience in having developed C-level relationships. Demonstrate business acumen in presenting solutions on an ROI basis, strategies, successful penetration of territories for services business growth and across an entire spectrum of buyers, influencers and C-Level decision makers. Relationship with Enterprise level of customer, >5000 users Prior CRM experience (preferable Salesforce) #LI-Hybrid #B2 Ready to Join Us At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they dont check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Dont let a checklist hold you back - we encourage you to apply. Whats Great About Sophos Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information. Our people - we innovate and create, all of which are accompanied by a great sense of fun and team spirit Employee-led diversity and inclusion networks that build community and provide education and advocacy Annual charity and fundraising initiatives and volunteer days for employees to support local communities Global employee sustainability initiatives to reduce our environmental footprint Global fitness and trivia competitions to keep our bodies and minds sharp Global wellbeing days for employees to relax and recharge Monthly wellbeing webinars and training to support employee health and wellbeing Our Commitment To You We re proud of the diverse and inclusive environment we have at Sophos, and we re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know. Data Protection If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Number of Openings* 1 ECMS Request no in sourcing stage * 529290 Duration of contract* 11 Months Total Yrs. of Experience* 12+ Relevant Yrs. of experience* 10 Detailed JD *(Roles and Responsibilities) Skill Set : SAP Security / GRC Functional Experience : 13+ Years Seasoned SAP Security / GRC consultant with hands on experience of working in multiple SAP implementations and coordination with the team. This a client facing role, so a person should have good communication skills and should be well versed with the business practices with knowledge on SAP S4 Pubic cloud security roll-out methodology. India SAP S4 Public cloud hands on is welcome. Mandatory skills* SAP S/4 Security / GRC Consultant Desired skills* SAP S/4 with S/4 public cloud Domain* Security/GRC Approx. vendor billing rate excluding service tax(Currency should be in relevance to the candidate work location) INR 10,000 Per day Delivery Anchor for screening, interviews and feedback* Precise Work Location(E.g. Bangalore Infosys SEZ or STP) Pune SEZ, Pune TBEL client location BGCheck ( Before OR After onboarding) TBD Any client prerequisite BGV Agency* Is there any working in shifts from standard Daylight (to avoid confusions post onboarding) * General Shift - IST Is there a requirement of subcons to work from office or let us know if this WFH. Work from Client Office / Infosys Office As per Infosys Policy

Role: AWS DevOps Engineer Skillset: AWS, Terraform, CI/CD Pipeline Kubernetes (AKS) Experience: 6-8 years Certification: AWS Certified Location: Noida and Chennai Professional Experience in: Cloud-native software architecture (Microservices, Patterns, DDD, ) Working with internal developer platforms such as backstage AWS Platform (Infrastructure, Services, Administration, Provisioning, Monitoring ) Managing Kubernetes (AKS) Operations Networking Autoscaling High Availability GitOps based deployments (argocd) Working with basic web technologies (DNS, HTTPS, TLS, JWT, OAuth2.0, OIDC, etc ) Container Technology such as Docker Infrastructure as Code via Terraform Experience in: Cloud Monitoring, Alerting, Observability mechanisms e.g. via Elastic Stack Defining, Implementing and Maintaining build and release pipelines -> Continuous Deployment Working with git version control systems Code Collaboration Platforms (AWS DevOps, GitHub) Cloud Security patterns Developing software based on Spring Spring Boot Preparation of Release and deployment scripts (In test and production environments) BE, MCA, BTech

Cloud Security Test Engineer This role has been designed as Onsite with an expectation that you will primarily work from an HPE office. Who We Are: Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today s complex world. Our culture thrives on finding new and better ways to accelerate what s next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE. : Aruba is an HPE Company, and a leading provider of next-generation network access solutions for the mobile enterprise. Helping some of the largest companies in the world modernize their networks to meet the demands of a digital future, Aruba is redefining the Intelligent Edge - and creating new customer experiences across intelligent spaces and digital workspaces. Join us redefine what s next for you. What you ll do: Design and execute complex penetration tests against cloud-native applications, infrastructure, and data stores. Exploit vulnerabilities in cloud platforms, such as AWS, Azure, and GCP, using advanced techniques and tools. Assess the security posture of cloud-native applications, microservices, and serverless architectures. Develop and execute attack scenarios that simulate real-world threats, including supply chain attacks, privilege escalation, and lateral movement. Lead and mentor a team of experienced penetration testers, providing guidance and support on advanced techniques and tools. Assign tasks, review deliverables, and ensure project timelines are met. Develop and maintain standard operating procedures for complex penetration testing activities. Must have B.E / B.Tech / M.Tech / MCA in Computer Science or Information Technology Must have a minimum of 2 to 6 years penetration testing, with a strong focus on cloud environments. In-depth understanding of cloud technologies (AWS, Azure, GCP) and their security implications. Proficiency in advanced penetration testing tools and techniques, such as Burp ,ZAP,Metasploit, Cobalt Strike, and PowerSploit. Experience with container technologies (Docker, Kubernetes) and serverless architectures. Strong scripting skills (Python, PowerShell) for automation and custom tool development. Experience with security orchestration, automation, and response (SOAR) platforms. Active security certifications such as OSCP, CSSLP or related is strongly desired . Ability to work well under minimal supervision. Requires strong interpersonal, organizational, written and verbal communication skills. What you need to bring: 4-8 years ofexperience Experience with threat hunting, red team assessments and intelligence gathering techniques. Knowledge of emerging security threats and vulnerabilities. Experience with cloud-native security controls and best practices. Strong understanding of cryptography and network protocols. Ability to think critically and creatively to identify and exploit vulnerabilities Additional Skills: Cloud Architectures, Cross Domain Knowledge, Design Thinking, Development Fundamentals, DevOps, Distributed Computing, Microservices Fluency, Full Stack Development, Release Management, Security-First Mindset, User Experience (UX) What We Can Offer You: Health Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing. Personal Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have whether you want to become a knowledge expert in your field or apply your skills to another division. Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. Lets Stay Connected: Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE. #india #aruba Job: Engineering Job Level: TCP_03 HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity . Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

SUMMARY Our client is IT MNC part of one of the major insurance groups based out of Germany and Europe. The Group is represented in around 30 countries worldwide, with Over 40,000 people worldwide, focusing mainly on Europe and Asia. Our client offers a comprehensive range of insurances, pensions, investments and services by focusing on all cutting edge technologies majorly on Could, Digital, Robotics Automation, IoT, Voice Recognition, Big Data science, advanced mobile solutions and much more to accommodate the customers future needs around the globe thru supporting millions of internal and external customers with state of-the-art IT solutions to everyday problems & dedicated to bringing digital innovations to every aspect of the landscape of insurance. Job Location: Hiranandani Gardens, Powai, Mumbai Mode: Work from Office Requirements Key Responsibilities: : Business-Cybersecurity Alignment: o Work closely with business stakeholders, IT security teams, and cross-functional teams to ensure cybersecurity initiatives align with the organization’s broader business goals. o Translate business needs into technical security requirements that can be effectively executed by the security and IT teams. Risk Analysis & Security Assessments: o Conduct risk assessments in the context of hybrid IT environments (cloud, on-premises, and edge) to identify security gaps and vulnerabilities. o Collaborate with security teams to evaluate existing security controls and recommend solutions to mitigate identified risks, balancing business needs with security requirements. Cybersecurity Frameworks & Compliance: o Ensure that all business and technical security requirements comply with relevant regulatory compliance frameworks (e.g., NIST CSF, ISO 27001, GDPR, HIPAA). o Support audits and compliance assessments, identifying any gaps between current practices and regulatory standards. (must have) Security Process Improvement: o Identify opportunities for process improvements within the cybersecurity function, including streamlining security incident response, access management processes, and threat detection workflows. o Develop business cases for proposed security improvements, including cost-benefit analyses and risk assessments. The Business Analyst will have comprehensive responsibilities spanning multiple cybersecurity domains, and should have expertise in at least 5 of the following areas o SIEM Sentinel & Security Operations: Manage and optimize SIEM solutions, particularly Sentinel, for effective monitoring, incident detection, and security event correlation across hybrid environments. Collaborate with security operations teams to ensure proper configuration, tuning, and reporting within SIEM platforms to support proactive threat management. o Security Tools & Technology Integration: Work with security teams to implement and optimize security tools such as SIEM (e.g., Splunk, Microsoft Sentinel), EDR (e.g., CrowdStrike, MS Purview/Defender), SOAR platforms, CASB (Cloud Access Security Broker), and Threat Intelligence systems. Help define and document requirements for the integration of cybersecurity tools into the broader security ecosystem. o User Access Management (UAM) & RBAC: Work closely with identity and access management teams to ensure the implementation of UAM and RBACsystems that align with the organization's security policy and business requirements. Support the development of processes for managing user roles, privileges, and access rights across enterprise systems. o Cloud & Encryption Security: Ensure that security policies and controls are applied across both on-premises and cloud environments(AWS, Azure, Google Cloud), addressing challenges related to cloud security, data encryption, and access management. Collaborate with technical teams to implement strong encryption methods for data - in - transit, data-at-rest, and data-in-use in line with organizational security policies. o AI & ML in Cybersecurity: (Good to have) Contribute to the use of AI/ML technologies to enhance threat detection, anomaly identification, and predictive analytics within the organization’s security operations. Collaborate with data scientists and security teams to define requirements for AI/ML-based security models and incident response automation. o SOAR Integration & Incident Response: Assist with the integration of Security Orchestration, Automation, and Response (SOAR) solutions into the incident response lifecycle to streamline response times and automate repetitive tasks. Support the continuous improvement of incident response procedures and playbooks, ensuring a consistent, rapid, and efficient approach to security incidents. Benefits

A security architect with 12+ years of experience with multi-security skills in Network security, endpoint security, Vulnerability and other domains. Is able to design and architect security solutions (create HLD/LLDs, etc) . He/She should be a SME in one or two core areas like network security (PA, Cisco firewalls , VPN, etc.). Is able to architect and Implement solutions and be the Technical escalation point. Detailed JD: Lead the design, implementation, and optimization of cybersecurity infrastructure solutions, including firewalls, VPNs, IDS/IPS, endpoint security, SIEM, and network security architectures. Assess client environments for vulnerabilities and risks; develop remediation plans aligned with best practices and compliance requirements. Provide expert consulting on infrastructure security strategy, architecture, and technology selection. Collaborate with cross-functional teams (network, application, cloud, and compliance) to ensure integrated security posture. Proven expertise with security technologies such as firewalls (Palo Alto, ZScalar, Cisco, Fortinet, Check Point), SIEM (Splunk, QRadar), endpoint protection, VPNs, and network segmentation. Knowledge of regulatory frameworks and compliance standards such as NIST, ISO 27001, PCI-DSS, HIPAA, GDPR. Mandatory skills: Palo Alto Prisma access (SASE) (SC-CAN, RN and MU SPN, Templates, Device Groups, System updates, Plugin, CIE, Portal & Gateway MU, HIP, EDL, Security Profiles & groups, SSL Decryption, User ID, App ID, Threat prevention AV, AS, IPS Sanboxing) Palo-alto NGFW Palo Cortex Data lake Zscaler Products Expertise Hands-on experience with Zscaler Internet Access (ZIA) Hands-on experience with Zscaler Private Access (ZPA) Familiarity with Zscaler Client Connector (ZCC) Networking Fundamentals Strong understanding of TCP/IP , DNS , HTTP/HTTPS , and IP addressing Knowledge of routing protocols (e.g., BGP, OSPF) Familiarity with firewalls , proxies , and VPNs Security Concepts Deep understanding of network security principles Experience with cloud security , zero trust architecture Knowledge of SSL/TLS , encryption , and certificate management Cloud Networking AWS, Azure, Aviatrix, VPC, Vnet, UDR, NSG, ASG, Terraform, Github, Spokegateways & TGW Checkpoint Firewalls Next Generation Firewalls VSX, PBR, Dyanamic Routing etc Desired/Secondary Skills: Firepower Firewalls FXOS Chassis Administration Proxy Solution Web Security Appliance VPN Solution (Global Protect & Cisco Anyconnect) Identiity Service Engine (NAC, Policy enforcement, 802.1x, Profiling & SGT) Intrusion Prevention System Firewall Management Suites (ASDM, CSM, FMC, SMA, MDM, Panorama) Secure Hosting Gateway (Cloudflare, Umbrella, WAF) Role & responsibilities Preferred candidate profile

We are seeking a highly skilled and experienced Senior Cloud Native Developer to join our team and drive the design, development, and delivery of cutting-edge cloud-based solutions on Google Cloud Platform (GCP). This role emphasizes technical expertise, best practices in cloud-native development, and a proactive approach to implementing scalable and secure cloud solutions. Responsibilities Design, develop, and deploy cloud-based solutions using GCP, adhering to architecture standards and best practices Code and implement Java applications using GCP Native Services like GKE, CloudRun, Functions, Firestore, CloudSQL, and Pub/Sub Select appropriate GCP services to address functional and non-functional requirements Demonstrate deep expertise in GCP PaaS, Serverless, and Database services Ensure compliance with security and regulatory standards across all cloud solutions Optimize cloud-based solutions to enhance performance, scalability, and cost-efficiency Stay updated on emerging cloud technologies and trends in the industry Collaborate with cross-functional teams to architect and deliver successful cloud implementations Leverage foundational knowledge of GCP AI services, including Vertex AI, Code Bison, and Gemini models when applicable Requirements 5+ years of extensive experience in designing, implementing, and maintaining applications on GCP Comprehensive expertise in using GCP services, including GKE, CloudRun, Functions, Firestore, Firebase, and Cloud SQL Knowledge of advanced GCP services, such as Apigee, Spanner, Memorystore, Service Mesh, Gemini Code Assist, Vertex AI, and Cloud Monitoring Solid understanding of cloud security best practices and expertise in implementing security controls in GCP Proficiency in cloud architecture principles and best practices, with a focus on scalable and reliable solutions Experience with automation and configuration management tools, particularly Terraform, along with a strong grasp of DevOps principles Familiarity with front-end technologies like Angular or React Nice to have Familiarity with GCP GenAI solutions and models, including Vertex AI, Codebison, and Gemini models Background in working with front-end frameworks and technologies to complement back-end cloud development Capability to design end-to-end solutions integrating modern AI and cloud technologies

Integrate security controls into the CI/CD pipelines to ensure automated, continuous security in application deployments Collaborate with DevOps teams to create automated security checks using tools such as Bicep, Terraform, and Ansible Monitor and maintain infrastructure as code (IaC) security standards using Bicep and Terraform for both cloud platforms Manage and maintain infrastructure security and monitoring systems Develop and maintain CI/CD pipelines across multiple environments Implement and manage SAST and DAST tools to identify and remediate security vulnerabilities in the codebase Conduct vulnerability assessments, threat detection, and security risk analysis Understand and remediate system vulnerabilities and security issues Collaborate with team members to improve the company s engineering tools, systems, procedures, and data security Create and maintain security related documentation Support incident response and problem management teams by providing containment actions and incident analysis Ensure secure, scalable, and highly available infrastructure in line with best practices Develop and enforce cloud security policies, procedures, and controls that align with organizational standards and compliance Secure cloud platforms through robust identity management, encryption, and monitoring mechanisms

Company: MMC Corporate Description: We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon/Noida. This is a hybrid role that has a requirement of working at least three days a week in the office. Senior Manager - Cyber Security Cloud Infrastructure Vulnerability Management What can you expect? To oversee and manage the security posture of the organization s entire cloud environment across all regions globally. This critical role requires a deep understanding of cloud security principles, Cloud Service Provide (CSP) platforms, and the ability to leverage sophisticated cloud tooling to proactively identify, detect, assess, report vulnerabilities and threats. We will count on you to: Cloud Security Management 1. Multi Cloud Expertise: Possess in depth knowledge of leading cloud platforms (AWS, Azure, GCP, etc.) and their security best practices. 2. Develop and implement a comprehensive cloud security strategy aligned with industry standards and the organization s risk tolerance. 3. Proactively access and harden cloud infrastructure configurations to minimize attack surface and potential vulnerabilities. 4. Identity and Access Management (IAM): Enforce and maintain granular IAM policies across all cloud environments to ensure least privilege access. Vulnerability Detection and Threat Response 1. Perform continuous asset discovery to identify and track all cloud resources, including servers, databases, storage, network devices, etc. 2. Conduct regular, continuous, and adhoc vulnerability scanning to identify and prioritize security vulnerabilities and potential threats. 3. Monitor for emerging threats and zero day vulnerabilities utilizing threat detection and response program. 4. Identify and remediate misconfigurations that can lead to security breaches. 5. Container Security. Ensure the security of containerized workloads by scanning images for vulnerabilities and enforcing best practices. 6. Collaborate and lead remediation teams on plans for identified vulnerabilities, leveraging the security cloud vulnerability s automation capabilities where applicable. 7.Prioritization of security patch management to ensure timely patching of security vulnerabilities in cloud infrastructure and applications based on vendor recommendation. 8. Generate regular reports on vulnerabilities, trends, remediation progress, and security cloud posture. Cloud Security VM Operations 1. Standardization: Enforce established security policies and procedures across all cloud environments. 2. Compliance Management: Maintain compliance with industry regulations (e.g., GDPR, NYDFS, Privacy, etc.) and internal security policies. 3. Security Incident Response: Assist in IR investigations and remediation of cloud security incidents, leveraging the security cloud system s vulnerability tool to analyze activities, logs, and identify root causes. Security Cloud System s Vulnerability Tool 1. Advance the tool s configuration: Assessment of configurations policies, rules, and alerts to maximize its effectiveness in identifying and mitigating cloud vulnerabilities and security risks. 2. Analyze data generated by the tool to identify trends, patterns, and potential security issues. 3. Maintain and support custom automation workflows within the tool streamline remediations processes and improve efficiency. 4. Integrate the tool with broader security tools (SIEM, CMDB, SOAR, SOC, etc.) to create a comprehensive security informed program 5. Actively monitor the tool s alerts and notifications, prioritizing critical security vulnerabilities and issues. a. Alert triage and prioritization to accurately assess the severity and potential impact of alerts, assigning appropriate priority levels. b. Ensure remediation management to create and manage remediation tasks to timely resolve identified vulnerabilities and misconfigurations. c. Maintain SLA adherence to monitor and resolve alert response and remediation times. d. Conduct thorough root cause analysis through investigations to determine the root cause of vulnerability remediation failures and implement alternative solutions. e. Generate regular reporting and metrics on vulnerabilities and threats for alert trending and remediation effectiveness. What you need to have: Security Cloud Tools: Assist with the evaluation and selection of vulnerability management tools that integrate seamlessly with various cloud environments and provide fine granular access controls and CMDB attributers such as asset ownership. Integration: Integrate the security cloud tools with other security tools and systems, including the SIEM solutions, change ticketing systems, etc Launch awareness campaigns to promote secure practices and vulnerability management, emphasizing the unique challenges of cloud environments. Collaborate with development, business CISOs, operations, and cloud teams to ensure effective vulnerability management practices throughout the SDLC, cloud, and production environments. What makes you stand out? Experience in Cyber Cloud Infrastructure Vulnerability Management Why join our team: We help you be your best through professional development opportunities, interesting work and supportive leaders. We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities. Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being. Marsh McLennan (NYSE: MMC) is the world s leading professional services firm in the areas of risk, strategy and people. The Company s more than 85,000 colleagues advise clients in over 130 countries. With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh provides data-driven risk advisory services and insurance solutions to commercial and consumer clients. Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com , or follow us on LinkedIn and X . Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person

Company: MMC Corporate Description: We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon. This is a hybrid role that has a requirement of working at least three days a week in the office. Associate Director - Cyber Security Cloud Infrastructure Vulnerability Management What can you expect? To oversee and manage the security posture of the organization s entire cloud environment across all regions globally. This critical role requires a deep understanding of cloud security principles, Cloud Service Provide (CSP) platforms, and the ability to leverage sophisticated cloud tooling to proactively identify, detect, assess, report vulnerabilities and threats. We will count on you to: Cloud Security Management 1. Multi Cloud Expertise: Possess in depth knowledge of leading cloud platforms (AWS, Azure, GCP, etc.) and their security best practices. 2. Develop and implement a comprehensive cloud security strategy aligned with industry standards and the organization s risk tolerance. 3. Proactively access and harden cloud infrastructure configurations to minimize attack surface and potential vulnerabilities. 4. Identity and Access Management (IAM): Enforce and maintain granular IAM policies across all cloud environments to ensure least privilege access. Vulnerability Detection and Threat Response 1. Perform continuous asset discovery to identify and track all cloud resources, including servers, databases, storage, network devices, etc. 2. Conduct regular, continuous, and adhoc vulnerability scanning to identify and prioritize security vulnerabilities and potential threats. 3. Monitor for emerging threats and zero day vulnerabilities utilizing threat detection and response program. 4. Identify and remediate misconfigurations that can lead to security breaches. 5. Container Security. Ensure the security of containerized workloads by scanning images for vulnerabilities and enforcing best practices. 6. Collaborate and lead remediation teams on plans for identified vulnerabilities, leveraging the security cloud vulnerability s automation capabilities where applicable. 7.Prioritization of security patch management to ensure timely patching of security vulnerabilities in cloud infrastructure and applications based on vendor recommendation. 8. Generate regular reports on vulnerabilities, trends, remediation progress, and security cloud posture. Cloud Security VM Operations 1. Standardization: Enforce established security policies and procedures across all cloud environments. 2. Compliance Management: Maintain compliance with industry regulations (e.g., GDPR, NYDFS, Privacy, etc.) and internal security policies. 3. Security Incident Response: Assist in IR investigations and remediation of cloud security incidents, leveraging the security cloud system s vulnerability tool to analyze activities, logs, and identify root causes. Security Cloud System s Vulnerability Tool 1. Advance the tool s configuration: Assessment of configurations policies, rules, and alerts to maximize its effectiveness in identifying and mitigating cloud vulnerabilities and security risks. 2. Analyze data generated by the tool to identify trends, patterns, and potential security issues. 3. Maintain and support custom automation workflows within the tool streamline remediations processes and improve efficiency. 4. Integrate the tool with broader security tools (SIEM, CMDB, SOAR, SOC, etc.) to create a comprehensive security informed program 5. Actively monitor the tool s alerts and notifications, prioritizing critical security vulnerabilities and issues. a. Alert triage and prioritization to accurately assess the severity and potential impact of alerts, assigning appropriate priority levels. b. Ensure remediation management to create and manage remediation tasks to timely resolve identified vulnerabilities and misconfigurations. c. Maintain SLA adherence to monitor and resolve alert response and remediation times. d. Conduct thorough root cause analysis through investigations to determine the root cause of vulnerability remediation failures and implement alternative solutions. e. Generate regular reporting and metrics on vulnerabilities and threats for alert trending and remediation effectiveness. What you need to have: Security Cloud Tools: Assist with the evaluation and selection of vulnerability management tools that integrate seamlessly with various cloud environments and provide fine granular access controls and CMDB attributers such as asset ownership. Integration: Integrate the security cloud tools with other security tools and systems, including the SIEM solutions, change ticketing systems, etc Launch awareness campaigns to promote secure practices and vulnerability management, emphasizing the unique challenges of cloud environments. Collaborate with development, business CISOs, operations, and cloud teams to ensure effective vulnerability management practices throughout the SDLC, cloud, and production environments. What makes you stand out? Experience in Cyber Cloud Infrastructure Vulnerability Management Why join our team: We help you be your best through professional development opportunities, interesting work and supportive leaders. We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities. Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being. Marsh McLennan (NYSE: MMC) is the world s leading professional services firm in the areas of risk, strategy and people. The Company s more than 85,000 colleagues advise clients in over 130 countries. With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh provides data-driven risk advisory services and insurance solutions to commercial and consumer clients. Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com , or follow us on LinkedIn and X . Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person Attachments

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : Equivalent Qualification Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will document the implementation of the cloud security controls and transition to cloud security-managed operations. Your typical day will involve designing and implementing security solutions, collaborating with cross-functional teams, and ensuring the integrity and confidentiality of data. Roles & Responsibilities: - Expected to be an SME, collaborate and manage the team to perform. - Responsible for team decisions. - Engage with multiple teams and contribute on key decisions. - Provide solutions to problems for their immediate team and across multiple teams. - Design and implement security solutions to protect the organization's cloud infrastructure. - Collaborate with cross-functional teams to ensure the integrity and confidentiality of data. - Manage and monitor security controls to detect and respond to security incidents. - Stay up-to-date with the latest security trends and technologies. - Conduct security assessments and audits to identify vulnerabilities and recommend remediation measures. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Architecture Design. - Strong understanding of cloud security principles and best practices. - Experience in designing and implementing security controls for cloud environments. - Knowledge of security frameworks and standards such as ISO 27001 and NIST. - Experience with cloud security tools and technologies. - Good To Have Skills: Experience with network security and firewall management. - Familiarity with identity and access management (IAM) solutions. - Knowledge of encryption and cryptographic techniques. - Experience with security incident response and forensic investigations. - Solid understanding of risk assessment and management methodologies. Additional Information: - The candidate should have a minimum of 5 years of experience in Security Architecture Design. - This position is based at our Bengaluru office. - An Equivalent Qualification is required. Equivalent Qualification

Job Description: Conduct regular risk assessment to identify key IT and Cybersecurity risk areas and ensure those are appropriately covered in the annual IT audit plan. Advanced Networking principles/ software engineering principles/ information security principles, Additional knowledge and domain expertise specific to the job profile. (knowledge of information security management, auditing skills, network/systems/application security). Ensure that all audit work is thorough, complete, and has been performed in accordance with TVS Credit's Internal Audit standards, Regulatory guidelines (RBI) and other relevant industry standards, depending on the focus area of the review. Build strong working relationships with TVS Credit's leadership and their respective teams. Execute various IT/IS audit engagements including risk assessments, audit planning, audit testing, control evaluation, audit report drafting, and follow-up and verification of issue closure. Be accountable for meeting deliverable deadlines, adhering to department and professional standards and utilizing consistent methodology. Communicate audit findings to management and identify opportunities for improvement in the design and effectiveness of key controls. Required Qualifications, Capabilities And Skills: At least 5 years of relevant experience Must have experience with core cybersecurity operations and one or more cyber security tools/process areas (e.g. network security, end point security, email security, cloud security, attack simulation, cyber threat modelling etc.) Must have demonstrated knowledge of technology processes, such as change management, security operations, technology operations, and business resiliency, as well as application and infrastructure controls. Knowledge of various cybersecurity functions such as cybersecurity operations, attack simulation (red team, blue team), vulnerability management, cybersecurity tools/processes across network, endpoints, cloud environments, cyber threat modeling (knowledge of MITRE ATT&CK framework), etc. Analytical skills and a thirst for knowledge and new experiences. Ability to effectively manage multiple, concurrent projects and meet deadlines while working both independently and in a team environment. Good verbal and written communication; and presentation skills. Ability to adapt to a fast-paced culture, changes in the environment and shifts in priorities. Highest professional standards, integrity, and ethical behavior. Enthusiastic, self-motivated, effective under pressure and willing to take personal responsibility/accountability. Rigor in tracking and follow up of IS audit open points Basic knowledge of AL-ML models and the embedded risks and the audit testing procedures to be carried out for testing the controls. Data Analysis skills on complex and voluminous data.

Experience Required: 15+ Years (Relevant in SDR and Cybersecurity SaaS) Location: Hyderabad Position Overview: We are seeking a dynamic and experienced Sales Development Leader to build, mentor, and lead a high-performing team of Sales Development Representatives (SDRs) . The ideal candidate will bring deep expertise in cybersecurity and SaaS sales , strategic leadership capabilities, and a proven track record in building scalable SDR operations aligned with business growth goals. Key Responsibilities: Team Leadership & Development Lead, coach, and scale the SDR team to exceed qualified lead generation and pipeline goals. Establish performance metrics, drive accountability, and foster a high-performance culture. Design and implement training programs focused on product knowledge, outreach strategy, and sales technologies. Sales & Pipeline Strategy Develop and execute scalable outbound and inbound sales development strategies, especially within the cybersecurity/SaaS domain. Collaborate with Lead Development Representatives (LDRs) to optimize top-of-funnel lead generation. Monitor and manage pipeline health and conversion metrics. Process & Technology Optimization Continuously refine and enhance the SDR playbook and outreach processes. Leverage CRM and sales enablement tools to drive data-informed decisions and productivity. Ensure SDR integration into CI/CD pipelines and feedback loops with sales and marketing. Cross-Functional Collaboration Work closely with marketing, product, and sales teams to align messaging and campaigns. Ensure a seamless handoff of qualified leads to the sales team, maximizing conversion and customer satisfaction. Analytics & Reporting Measure and report on SDR performance, conversion rates, and ROI of initiatives. Use analytics tools to uncover trends, refine strategy, and forecast future pipeline growth. Customer & Market Insights Understand customer pain points and align outreach messaging accordingly. Stay informed on cybersecurity industry trends, buyer behaviors, and competitor landscape. Required Skills & Experience: Cybersecurity Sales Expertise Deep understanding of cybersecurity technologies (e.g., MDR, XDR, Zero Trust, Cloud Security). Proven ability to engage with technical buyers and C-suite executives on cybersecurity topics. Strategic Sales Leadership Experience leading and scaling SDR teams in B2B SaaS and/or technology services. Demonstrated ability to execute high-impact lead generation and sales development strategies. Executive-Level Management Experience managing large, distributed SDR teams. Skilled in coaching, performance management, and achieving team KPIs. Data-Driven Decision Making Proficient in using CRM platforms (e.g., Salesforce) and analytics tools. Able to derive actionable insights from performance data to inform strategy. Technical & Digital Fluency Strong knowledge of sales and marketing automation tools, sales enablement platforms, and AI-driven targeting tools. Customer-Centric & Outcome-Oriented Deep understanding of the cybersecurity buyer journey and how to align SDR efforts accordingly. Proven ability to drive measurable outcomes and contribute to overall business success. Preferred Qualities: Experience in presenting data and strategic outcomes to executive leadership. Strong cross-functional collaboration skills and ability to influence internal stakeholders. Passion for continuous learning and promoting team development. Ability to manage change and navigate a fast-paced, evolving environment.

What You'll Do Avalara, Inc. is the leading provider of cloud-based software that delivers a broad array of compliance solutions related to sales tax and other transactional taxes. What is it like to work at Avalara? Come find out! We are committed to the following success traits that embody our culture and how we work together to accomplish great things: Fun. Passion. Adaptability. Urgency. Simplicity. Curiosity. Humility. Ownership. Optimism. Avalara is looking for Detection Engineer to join the Detection and Response Team. The ideal candidate will have a track record in incident response, demonstrating advanced technical expertise and leadership capabilities. Your role will be of an Incident Response Analyst, you will help protect Avalara. This includes detecting, investigating, and mitigating security incidents. You will also be a key contributor in improving our incident response capabilities. You will report to Security leadership at Avalara. This is a remote position. #LI-Remote What Your Responsibilities Will Be You will perform incident response activities and workstreams as the Incident Response Senior Analyst. You will monitor security systems, including Intrusion Detection Systems (IDS), Endpoint Detection and Response (EDR) platforms, software firewalls, and Security Information and Event Management (SIEM) platforms. Gather and analyze evidence from affected systems, logs, and network traffic. You will conduct detailed investigations of security incidents to determine the root cause, scope, and impact. Document all aspects of security incidents, including timelines, actions taken, and lessons learned. Perform forensic analysis of compromised systems to identify the techniques and tactics used by attackers, or as directed by Legal. Collaborate with cross-functional teams including Engineering, IT, Security Operations, Legal, HR, and Compliance to manage and mitigate incidents. Strengthen KPIs and metrics for measuring response effectiveness and provide clear and consistent reporting to internal stakeholders. Participate in rotating On Call shifts that utilize a paging system in case a security event requires attention. What You'll Need to be Successful 5+ years experience in Security Incident Response. Experience across the information security domain, including familiarity with endpoint, email, network, cloud security, vulnerability management, incident response, and threat intelligence. Experience with log analysis, network security, digital forensics, and incident response investigations. Ability to script code using Python or an equivalent language. Bachelor's degree in computer science, information security, or relevant experience. Certifications related to digital forensics and incident response

We are looking for a skilled and motivated Penetration Tester to join our DART (Detection and Response Team) and help deliver high-impact Penetration Testing as a Service (PTaaS) engagements to our global clients. This is a hands-on role focused on continuous testing, real-world simulations, and providing actionable insights using industry-leading tools like Metasploit Pro and CIS-CAT Pro. Youll be part of a CREST-aligned team helping financial institutions, government bodies, and mid-market clients secure their infrastructure, web applications, cloud platforms, and internal networks. Key Responsibilities Perform internal and external network penetration testing Conduct web application and API testing using OWASP and custom test cases Simulate real-world attack vectors including privilege escalation and lateral movement Execute configuration audits using CIS-CAT Pro for hardening validation Design and run automated and manual exploit campaigns using Metasploit Pro Prepare detailed reports with technical findings, business risk, and remediation guidance Participate in client scoping sessions and debriefs Collaborate with the development and infrastructure teams to validate remediations Contribute to continuous improvements of our PTaaS platform and methodology What Were Looking For 36 years in penetration testing, red teaming, or offensive security Strong knowledge of security testing methodologies (OWASP, PTES, MITRE ATT&CK) Hands-on experience with Metasploit Pro, Burp Suite, CIS-CAT Pro, or similar tools Certifications preferred : OSCP, CREST CRT, CRTO, or equivalent Preferred candidate profile Familiarity with cloud security (Azure, AWS, M365) and Active Directory attacks Strong report writing and client communication skills

What Youll Do Build & Lead: Recruit, mentor and grow a high-performing security squad. Operate in Ambiguity: Help the Numerator International organization identify and triage the most impactful security practice upgrades and implementations. Influence & Evangelize: Partner with product/app teams to improve security monitoring, manage inbound triage, and threat modeling. Hands-On Security: Own vulnerability management, incident playbooks and regular security reviews. Metrics & Reporting: Bring existing key security KPIs (e.g. MTTR on incidents, open vuln counts) to the International teams and drive continuous improvement. Advocate Innovation: Prototype new tools or practices—while not the main focus, you’ll make the case. Requirements Must-Have 5-6+ years in application/cloud security (SaaS preferred) Proven track record building small, cross-functional security teams Strong stakeholder skills—able to persuade engineers and execs alike Hands-on with code reviews, pen tests, CI/CD security gates CI/CD pipelines and deployment Terraform & Ansible Excellent written/ verbal English Nice-to-Have SOC2 & PenTest experience CISSP, CISM or equivalent GitHub Advanced Security tooling Deep familiarity with AWS/Azure security services (CloudWatch / Defender) Experience with DevSecOps toolchains (Sentinel, JupiterOne, JumpCloud / Kace / ESET, etc.)

Educational Requirements Bachelor of Engineering Service Line Data & Analytics Unit Responsibilities A day in the life of an Infoscion As part of the Infosys delivery team, your primary role would be to interface with the client for quality assurance, issue resolution and ensuring high customer satisfaction. You will understand requirements, create and review designs, validate the architecture and ensure high levels of service offerings to clients in the technology domain. You will participate in project estimation, provide inputs for solution delivery, conduct technical risk planning, perform code reviews and unit test plan reviews. You will lead and guide your teams towards developing optimized high quality code deliverables, continual knowledge management and adherence to the organizational guidelines and processes. You would be a key contributor to building efficient programs/ systems and if you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you!If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Additional Responsibilities: Knowledge of more than one technology Basics of Architecture and Design fundamentals Knowledge of Testing tools Knowledge of agile methodologies Understanding of Project life cycle activities on development and maintenance projects Understanding of one or more Estimation methodologies, Knowledge of Quality processes Basics of business domain to understand the business requirements Analytical abilities, Strong Technical Skills, Good communication skills Good understanding of the technology and domain Ability to demonstrate a sound understanding of software quality assurance principles, SOLID design principles and modelling methods Awareness of latest technologies and trends Excellent problem solving, analytical and debugging skills Technical and Professional Requirements: DBT Developer Preferred Skills: Technology->Cloud Security->Microsoft Azure - Threat Detection & Response->Azure Sentinel

Dear Candidate, We are looking for a Cloud DevSecOps Engineer to embed security across the CI/CD pipeline and automate the enforcement of security controls in cloud environments. Key Responsibilities: Integrate security tools into DevOps pipelines (SAST, DAST, IaC scanning). Automate security policies using tools like Sentinel, OPA, or Azure Policy. Implement least-privilege IAM, secrets management, and audit logging. Ensure compliance with cloud security frameworks (CIS, NIST, ISO 27001). Work with developers, security teams, and platform engineers. Required Skills & Qualifications: Hands-on experience with CI/CD tools (GitHub Actions, GitLab CI, Jenkins). Proficiency in IaC and security tools (Terraform, Checkov, Prisma Cloud, Aqua). Knowledge of cloud security (AWS, Azure, or GCP). Familiarity with container security (Kubernetes, Docker, Falco). Security certifications (e.g., CCSP, AWS Security Specialty) are a plus. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Role: AWS DevOps Engineer Skillset: AWS, Terraform, CI/CD Pipeline & Kubernetes (AKS) Experience: 6-8 years Certification: AWS Certified Location: Noida and Chennai Professional Experience in: Cloud-native software architecture (Microservices, Patterns, DDD, ) Working with internal developer platforms such as backstage AWS Platform (Infrastructure, Services, Administration, Provisioning, Monitoring) Managing Kubernetes (AKS) Operations Networking Autoscaling High Availability GitOps based deployments (argocd) Working with basic web technologies (DNS, HTTPS, TLS, JWT, OAuth2.0, OIDC, etc) Container Technology such as Docker Infrastructure as Code via Terraform Experience in: Cloud Monitoring, Alerting, Observability mechanisms e.g. via Elastic Stack Defining, Implementing and Maintaining build and release pipelines -> Continuous Deployment Working with git version control systems Code Collaboration Platforms (AWS DevOps, GitHub) Cloud Security patterns Developing software based on Spring & Spring Boot Preparation of Release and deployment scripts (In test and production environments)

Lead architecture and delivery of scalable Azure-based solutions. Drive cloud strategy, digital enablement of O&G workflows, team leadership, compliance, risk management, and continuous improvement. Required Candidate profile Experienced architect/lead with expertise in Azure cloud, Oil & Gas workflows, and team management. Proven skills in solution design, compliance, stakeholder engagement, and driving innovation

We are seeking a highly skilled and motivated Cloud Security Engineer with a strong background in security research, operations, and assurance, along with cloud architecture expertise. The role involves implementing security controls, conducting in-depth assessments of cloud services, and identifying secure configurations and misconfigurations across enterprise cloud environments.You will work closely with development, DevOps, and security teams to ensure that cloud infrastructure meets industry and organizational security standards. Key Responsibilities: Implement cloud-native and third-party security controls across AWS, Azure, and/or GCP environments. Conduct detailed security assessments of cloud services (IaaS, PaaS, SaaS) to ensure compliance with internal policies and industry frameworks. Identify and remediate secure misconfigurations and vulnerabilities using automated scanning and manual inspection techniques. Collaborate with cloud architects and security engineers to design and recommend secure infrastructure patterns. Stay updated with evolving cloud threats and vulnerabilities, and contribute to threat modeling and risk assessments. Develop scripts and tools to automate security monitoring and compliance validation. Document findings, remediation guidance, and contribute to security standards development. Required Skill Set:Technical Expertise: Strong knowledge of cloud platforms: AWS, Azure, or GCP Hands-on experience with CSPM (Cloud Security Posture Management) tools and cloud-native security services Deep understanding of IAM, encryption, network security, and data protection within cloud environments Experience with CI/CD security integration and DevSecOps practices Familiarity with security standards such as CIS Benchmarks, NIST, ISO 27001 Security Domains: Security Research: Ability to evaluate and analyze security trends, tools, and techniques Security Operations: Incident detection, log analysis, SIEM tools, and response processes Security Assurance: Risk assessments, compliance audits, and policy enforcement Cloud Architecture: Knowledge of secure cloud design patterns and service integrations Tools & Languages: Tools: Prisma Cloud, Wiz, AWS Security Hub, Azure Defender, GCP Security Command Center Scripting: Python Soft Skills: Strong analytical and problem-solving abilities Excellent verbal and written communication skills Team player with cross-functional collaboration experience Ability to manage priorities in a fast-paced environment

Key Responsibilities: 1. IT Control Testing and Evaluation: Plan and execute control testing of ITGCs and automated application controls. Evaluate design and operating effectiveness of controls related to: User access management (IAM) Change management System development lifecycle (SDLC) Backup & recovery IT operations and infrastructure security Document testing procedures, results, and exceptions in line with ERM standards. 2. Risk and Control Self-Assessments (RCSA): Support IT RCSA activities across technology platforms and infrastructure. Identify and assess IT risks, including cybersecurity threats and third-party/vendor risks. Collaborate with IT stakeholders to remediate identified control gaps and improve IT control posture. 3. Regulatory and Framework Compliance: Ensure alignment with regulatory requirements and industry frameworks such as: SOX (Sarbanes-Oxley) FFIEC, OCC, NIST, COBIT, ISO 27001 Monitor compliance with internal IT policies, procedures, and enterprise risk tolerance. 4. Stakeholder Engagement & Collaboration: Work closely with IT, Information Security, Compliance, and Internal Audit teams. Serve as the subject matter expert (SME) on IT control testing and risk identification. Communicate findings, risks, and recommendations clearly to technical and non-technical stakeholders. 5. Reporting and Documentation: Develop testing scripts, risk-control matrices, and evidence documentation. Prepare executive-level reports highlighting key findings, trends, and remediation status. Track control testing progress and report deviations from expected timelines or outcomes. 6. Continuous Improvement: Stay current with technology risk trends, emerging threats, and evolving compliance standards. Recommend enhancements to IT control testing methodologies, tooling, and governance processes. Key Qualifications: Education: Bachelors degree in Information Technology, Computer Science, Cybersecurity, Risk Management, or related fields. Advanced certifications are a plus. Certifications (preferred): CISA (Certified Information Systems Auditor) CRISC (Certified in Risk and Information Systems Control) CISSP, CGEIT, or ITIL certifications Experience: 810 years in IT risk management, internal audit, or control testing within financial services or technology-driven environments. Technical Skills: Strong knowledge of ITGCs, application controls, and system security principles Hands-on experience with GRC platforms (e.g., Archer, MetricStream, ServiceNow GRC) Familiarity with scripting or automation tools for testing/reporting is a plus Proficient in Excel, Power BI, or Tableau for data analysis and reporting Please share your cv at surbhi.malhotra@nlbtech.com

Job Description:The candidate will have expertise in penetration testing, cloud security, compliance frameworks (HIPAA, PCI DSS), security documentation, and security tools such as Qualys, Burp Suite, and other industry-standard solutions Strong communication skills and the ability to document security processes effectively are essential for this role Key ResponsibilitiesPenetration Testing & Vulnerability ManagementPerform penetration testing on web applications, networks, and cloud environments to identify security vulnerabilities Utilize tools like Burp Suite, Qualys, Nessus, Metasploit, and other scanning tools to detect threats Work with development and operations teams to remediate vulnerabilities and strengthen security posture Cloud SecurityEnsure cloud security best practices for AWS, Azure, and other cloud platforms Implement security controls for cloud-hosted applications and workloads Conduct security assessments and recommend security enhancements Compliance & Regulatory SecurityEnsure compliance with HIPAA, PCI DSS, ISO 27001, NIST, and other security frameworks Conduct audits, risk assessments, and compliance gap analysis Assist in developing policies, procedures, and security documentation to meet regulatory requirements Security Operations & Incident ResponseMonitor security logs and alerts for threat detection and response Work with security teams to investigate and mitigate security incidents Conduct forensic analysis in the event of security breaches Documentation & CommunicationDevelop and maintain security policies, procedures, and technical documentation Create security reports and communicate findings effectively to stakeholders Provide security training and awareness programs for employees