870 Penetration Testing Jobs - Page 15

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityIQ Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- Expected to be an SME In SailPoint IIQ Implementation- Collaborate and manage the team to perform- Interact with Client, Gather the requirements and recommend optimal designs for client requirement- Engage with multiple teams and contribute on key decisions- Lead the team and manage the deliverables and review the deliverables of other junior team members Professional & Technical Skills: - Must To Have Skills: Proficiency in SailPoint Identity IQ- Strong understanding of IAM/IGA concepts- Experience in designing and implementing SailPoint IIQ- Hands-on experience with SailPoint IIQ Implementation, customization, workflows, application onboarding etc.- Familiarity with standard compliance standards Additional Information:- The candidate should have a minimum of 7.5 years of experience in SailPoint IdentityIQ- This position is based at our Bengaluru office- A 15 years full time education is required Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityIQ Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitate the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in strategic discussions to enhance security protocols and contribute to the overall security posture of the organization. Roles & Responsibilities:- Work on Sailpoint IIQ development and integration- Collaborate with the team to perform.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and frameworks.- Conduct regular assessments and audits to ensure compliance with security policies and standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in SailPoint IdentityIQ.- Must have :Application onboarding experience, worked on Rules and workflows. Strong understanding of cloud security principles and best practices.- Experience with identity governance and administration solutions.- Familiarity with regulatory compliance frameworks such as GDPR, HIPAA, or ISO 27001.- Ability to analyze and mitigate security risks associated with cloud environments. Additional Information:- The candidate should have minimum 3 years of experience in SailPoint IdentityIQ.- This position is based in Bangalore.- A Bachelor or college degree in related field or equivalent work experience is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityNow Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. You will engage in discussions to refine security strategies and provide insights that enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of cloud security measures to identify areas for improvement.- Collaborate with cross-functional teams to ensure alignment of security practices with business objectives. Professional & Technical Skills: - Must To Have Skills: Proficiency in SailPoint IdentityNow.- Good To Have Skills: Experience with cloud security frameworks and compliance standards.- Strong understanding of identity governance and administration.- Experience in implementing security controls in cloud environments.- Familiarity with risk assessment methodologies and security best practices. Additional Information:- The candidate should have minimum 3 years of experience in SailPoint IdentityNow.- This position is based at our Kolkata office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : CyberArk Privileged Access Management Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Develop and implement security architecture solutions.- Conduct security assessments and define security requirements.- Collaborate with cross-functional teams to ensure security measures are integrated.- Stay updated on the latest security trends and technologies.- Provide guidance and support to junior security professionals. Professional & Technical Skills: - Must To Have Skills: Proficiency in CyberArk Privileged Access Management.- Strong understanding of security architecture principles.- Experience in implementing cloud security controls.- Knowledge of security compliance standards and regulations.- Hands-on experience with security tools and technologies. Additional Information:- The candidate should have a minimum of 3 years of experience in CyberArk Privileged Access Management.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : ServiceNow Governance, Risk, and Compliance (GRC) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : BTECH Summary :As a Security Architect, you will be responsible for defining the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve documenting the implementation of the cloud security controls and transitioning to cloud security-managed operations using ServiceNow Governance Risk and Compliance (GRC) as the primary skill. Roles & Responsibilities:- Lead the development and implementation of the cloud security framework and architecture using ServiceNow Governance Risk and Compliance (GRC) as the primary skill.- Ensure that the cloud security framework and architecture meet the business requirements and performance goals.- Document the implementation of the cloud security controls and transition to cloud security-managed operations.- Collaborate with cross-functional teams to ensure that the cloud security framework and architecture are aligned with the overall security strategy.- Stay updated with the latest advancements in security architecture design and integrate innovative approaches for sustained competitive advantage. Professional & Technical Skills: - Must To Have Skills: Experience in ServiceNow Governance Risk and Compliance (GRC).- Good To Have Skills: Security Architecture Design.- Strong understanding of cloud security framework and architecture.- Experience in documenting the implementation of cloud security controls and transitioning to cloud security-managed operations.- Solid grasp of security strategy and cross-functional collaboration. Additional Information:- The candidate should have a minimum of 5 years of experience in ServiceNow Governance Risk and Compliance (GRC).- The ideal candidate will possess a strong educational background in computer science, information technology, or a related field, along with a proven track record of delivering impactful security solutions.- This position is based at our Gurugram office. Qualification BTECH

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : RSA Archer Platform Administration Good to have skills : Governance Risk & Compliance (GRC) Platform OperationsMinimum 5 year(s) of experience is required Educational Qualification : Bachelors degree in computer science, IT, information systems management or equivalent area Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Your typical day will involve designing and implementing security solutions, collaborating with cross-functional teams, and ensuring the integrity and confidentiality of data. Roles & Responsibilities:- Expected to be an SME, collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Design and implement security solutions to protect the organization's cloud infrastructure.- Collaborate with cross-functional teams to ensure the integrity and confidentiality of data.- Develop and maintain security policies, standards, and procedures.- Conduct risk assessments and vulnerability scans to identify potential security threats.- Stay up-to-date with the latest security trends and technologies.- Train and educate employees on security best practices.- Monitor and respond to security incidents and breaches.- Perform regular security audits and assessments.- Ensure compliance with industry regulations and standards.- Implement and manage security controls and technologies.- Conduct security awareness programs for employees.- Assist in incident response and recovery efforts.- Participate in security incident investigations.- Contribute to the development and improvement of security policies and procedures. Professional & Technical Skills: - Must To Have Skills: Proficiency in RSA Archer Platform Administration.- Good To Have Skills: Experience with Governance Risk & Compliance (GRC) Platform Operations.- Strong understanding of cloud security frameworks and architectures.- Experience in documenting and implementing cloud security controls.- Knowledge of security best practices and industry standards.- Familiarity with risk assessment methodologies and vulnerability management.- Ability to analyze and interpret security logs and events.- Excellent problem-solving and decision-making skills. Additional Information:- The candidate should have a minimum of 5 years of experience in RSA Archer Platform Administration.- This position is based at our Kolkata office.- A Bachelor's degree in computer science, IT, information systems management or equivalent area is required. Qualification Bachelors degree in computer science, IT, information systems management or equivalent area

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Governance Good to have skills : Security Architecture DesignMinimum 7.5 year(s) of experience is required Educational Qualification : BTECH Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- Expected to be an SME- Collaborate and manage the team to perform- Responsible for team decisions- Engage with multiple teams and contribute on key decisions- Provide solutions to problems for their immediate team and across multiple teams- Develop and implement security policies and procedures- Conduct security assessments and audits- Stay updated on the latest security trends and technologies Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Governance- Strong understanding of security architecture design- Experience in implementing cloud security controls- Knowledge of security compliance standards- Hands-on experience with security tools and technologies Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Governance- This position is based at our Gurugram office- A BTECH degree is required Qualification BTECH

About the Role As part of the Research and Development function, the global Cloud DevOps team combines software development and cloud operations to provide continuous integration and delivery of cloud-enabled products and solutions. Responsible for deployment and continuous monitoring to ensure various cloud-specific customer requirements/SLAs are met. As a Principal Cloud Operations Developer, you will utilise your experience to continually improve the security posture of AVEVAs Cloud solutions, as well as lead and implement improvements to the deployment process and our monitoring and reporting capabilities. You will also support and guide development teams and create best-practice templates and processes. Working closely with your development and portfolio colleagues, together you will bring new solutions to the cloud following a standard framework to ensure they are operationally secure, stable and scalable. The global, 24x7 nature of the team means there may be a requirement for occasional work outside of the standard day and to be on call as part of a shared team rota. Key responsibilities Provide timely and effective response to incidents, particularly security incidents, to minimize the impact on our customers and keep colleagues updated as required. Work with development teams to advise and contribute to security improvements, cloud architecture, operational stability, cost management and reporting requirements for our cloud solutions. Independently learn, gain expertise and then lead implementations of new capabilities and tools supporting security and infrastructure governance and monitoring. Continually develop and improve DevOps processes, adding value through optimization, automation and effective reporting. Proactively manage cloud environment security to minimize service impacting issues. Ensure new services meet required security and operational readiness standards before being accepted into operations. Ensure on-going compliance to security practices and policies. Provide subject matter expertise to business stakeholders as required. Stay current on security industry trends, tools and best practices. Qualifications The following list applies to Azure and/or AWS Platforms. Hands-on in cloud infrastructure as code development, with the ability to lead architecture and technology evaluations and decisions. Willingness to learn cloud security principles, practices and tools. Strong enterprise software development experience preferably with e.g. C# .NET. Expertise in PowerShell, Bash and/or Node JS scripting. Knowledge of API development, REST, microservices and serverless architectures. Knowledge and experience of operational support, software development and deployment methodologies and principles. Strong written, verbal and presentation skills, able to convey information clearly and concisely to technical and non-technical audiences. Attention to detail, diligent and tenacious. Excellent analysis and dissemination skills. High degree of personal motivation and ability to self-manage. Maintains and develops relevant industry and technology knowledge. Preferred Qualifications Web application development. Experience/expertise in authentication and authorisation protocols such as OpenID Connect. Experience/expertise in DNS, TLS and network architectures. Experience in web application security principles and practices, or penetration testing. Certifications in Azure and/or AWS. Hands-on experience working within an Information Security accredited framework e.g. ISO27001, 27017/18. Experience working in Agile software development such as Scaled Agile Framework (SAFe).

About Role: Were looking for an experienced Security Tester to evaluate and strengthen the security of web and mobile applications. The role involves identifying vulnerabilities, performing penetration tests, and working closely with development teams to resolve issues. Security Tester Web and Mobile Applications Position: Security Tester Location: Coimbatore /Karur Experience Required: 3+ years Employment Type: Full-time Key Responsibilities Perform security testing for web/mobile apps (Android/iOS) Conduct vulnerability scanning and manual penetration testing Work closely with development teams & QA teams to fix identified issues and ensure vulnerabilities are addressed. Analyse APIs and code (static/dynamic). Ensure OWASP Top 10 and Mobile Top 10 coverage. Prepare detailed reports with fixes and support secure coding practices. Develop and execute security test plans and test cases. Stay up to date with the latest security threats, tools, and methodologies. Participate in security incident response activities. Assist in secure coding best practices and training. Required Skills Knowledge of HTTP, cookies, sessions, tokens Tools: Burp Suite, ZAP, MobSF, Postman, Frida Familiarity with SAST/DAST tools (e.g., SonarQube, Checkmarx) Understanding of encryption, authentication, secure storage Scripting in Python, Bash Preferred Qualifications Bachelor's degree in Computer Science, Information Security, or related field. 3+ years of experience in security testing or penetration testing. Certifications: CEH must to have. Strong understanding of application and network security concepts. Excellent problem-solving and analytical skills. Bonus Skills Secure DevOps & CI/CD pipeline awareness Cloud security basics (AWS, GCP, Azure) Reverse engineering for mobile apps Risk Analysis

Job Description Vacancy for Cataract Surgeon (Ophthalmologist) Qualification: MBBS in Any Specialization, MS/MD in Opthalmology Experience : 1-5 Years Location: The Retina Centre, Rukminigaon, Guwahati Job Description : Surgeons with experience of doing Phaco surgery in topical/ LA independently. Candidates should be well versed with all OPD and clinical procedures of Ophthalmology and Refractive procedures.

Qualification : MBBS in Any Specialization, MS/MD in Opthalmology Experience : 1-5 Years Location: The Retina Centre, Rukminigaon, Guwahati Job Description : Surgeons must have experience of doing surgery independently. Also needs to be experienced in dealing with all OPD and clinical procedures of Ophthalmology.

ROLE AND CONTEXT NEED TO DO NEED TO KNOW Purpose: The job holder is responsible to lead and manage the end-to-end lifecycle of Vulnerability Assessment and Penetration Testing (VA/PT) for all digital assets and applications at Adani Ports and Logistics, ensuring timely execution, risk mitigation, and compliance with cybersecurity standards. Main Priorities: Plan and execute VA/PT projects across digital assets. Identify, assess, and report vulnerabilities and risks. Collaborate with IT and development teams for remediation. Ensure compliance with cybersecurity standards (ISO 27001, NIST, GDPR). Provide regular updates and final reports to stakeholders. Drive continuous improvement in VA/PT processes. Key Outputs: Project plans, Gantt charts, and KPIs for VA/PT activities. Detailed vulnerability and penetration testing reports. Risk assessments and prioritized remediation strategies. Compliance documentation and incident RCA reports. Final project summaries and executive reports. Technical documentation and internal training materials. Continuous improvement and lessons-learned reports. Relationships: Internal - ICD External - Client Reportees: NA Key Performance Metrics: Timely execution of VA/PT projects. Number and severity of vulnerabilities identified and remediated. Compliance rate with security standards and frameworks. Stakeholder satisfaction with reporting and communication. Reduction in incidents caused by known vulnerabilities. Effectiveness of training and awareness programs. Qualifications: Bachelor s degree in Cybersecurity, IT, Computer Science, or a related field. Skills/ Knowledge: Strong understanding of VA/PT methodologies and tools (e. g. , Nessus, Metasploit, Burp Suite). Familiarity with operating systems, network protocols, and security frameworks. Knowledge of ISO 27001, NIST, GDPR compliance. Strong project management and documentation skills. Excellent communication, leadership, and problem-solving abilities. Certifications (if any): CEH, Security+, OSCP (preferred) or equivalent cybersecurity certifications Experience (add relevant Exp also) 5-8 years in cybersecurity. Minimum 3-4 years in vulnerability assessment and penetration testing.

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology. Position: Sr. Information Security Analyst Grade: IT3 Location: Noida/Bangalore Job Description: Key Responsibilities Led and implement security architecture and solutions to safeguard enterprise systems, networks, and data. Conduct vulnerability assessments, penetration testing, and risk assessments to identify and mitigate security threats. Develop and enforce security policies, procedures, and best practices to ensure compliance with internal standards and industry regulations. Collaborate with cross-functional teams to design secure systems and provide guidance on secure coding practices and vulnerability management. Continuously monitor the security landscape for new threats and ensure proactive defense mechanisms are in place. Required Skills Qualification Hands-on experience in securing corporate environment. Hands-on experience in security frameworks (NIST, ISO 27001, CIS) and experience with risk management and compliance Hands-on experience securing Windows (Workstations and Servers), Linux (Workstations and Servers), and Mac Hands-on experience conducting risk management by identifying gaps and providing strategies for mitigation. Hands-on experience documenting vulnerability assessment results in a clear and actionable format. Expertise in network security, firewalls, IDS/IPS, and security monitoring tools such as SIEM Proficiency with cloud security technologies (AWS, Azure, GCP) and securing cloud-based infrastructure. Experience with incident response, forensics, and managing security incidents from detection to resolution. Determines security violations and inefficiencies. Knowledge of mergers and acquisitions Experience: Should have relevant experience of at least 6-10 years. Qualification: Engineering (Computers, Electronics, IT) or equivalent We re doing work that matters. Help us solve what others can t.

Skills Required : Secure Architecture and Design, Application & API Security, Cloud & Container Security, Infrastructure & Network Security, Cryptography, Stakeholder Engagement, Mentorship Posted On : Secure Architecture and Design, Application & API Security, Cloud & Container Security, Infrastructure & Network Security, Cryptography, Stakeholder Engagement, Mentorship Education/Qualification : Bachelors or Masters Desirable Skills : cyber security, Cloud Security, Cryptography

The candidate will have expertise in penetration testing, cloud security, compliance frameworks (HIPAA, PCI DSS), security documentation, and security tools such as Qualys, Burp Suite, and other industry-standard solutions Strong communication skills and the ability to document security processes effectively are essential for this role Key Responsibilities Penetration Testing Vulnerability Management Perform penetration testing on web applications, networks, and cloud environments to identify security vulnerabilities Utilize tools like Burp Suite, Qualys, Nessus, Metasploit, and other scanning tools to detect threats Work with development and operations teams to remediate vulnerabilities and strengthen security posture Cloud SecurityEnsure cloud security best practices for AWS, Azure, and other cloud platforms Implement security controls for cloud-hosted applications and workloads Conduct security assessments and recommend security enhancements Compliance Regulatory Security Ensure compliance with HIPAA, PCI DSS, ISO 27001, NIST, and other security frameworks Conduct audits, risk assessments, and compliance gap analysis Assist in developing policies, procedures, and security documentation to meet regulatory requirements Security Operations Incident Response Monitor security logs and alerts for threat detection and response Work with security teams to investigate and mitigate security incidents Conduct forensic analysis in the event of security breaches Documentation Communication Develop and maintain security policies, procedures, and technical documentation Create security reports and communicate findings effectively to stakeholders Provide security training and awareness programs for employees Location - Bengaluru, Noida, Pune, Mumbai, Hyderabad, Mohali, Panchkula, Chennai.

HCL Tech uses Qualys tools for various roles, including those in security, infrastructure management, and penetration testing. Job descriptions often specify experience with Qualys tools, such as vulnerability scanning and configuration management , and may also require proficiency in other security technologies and certifications like CEH. 1. Security Roles: Vulnerability Assessment and Penetration Testing (VAPT): HCL Tech uses Qualys tools for identifying vulnerabilities in systems and applications. VAPT Testers need experience with Qualys and other penetration testing tools. Security Operations Engineer: This role involves implementing and managing security measures, including those related to vulnerability management and cloud security posture management (CSPM) using Qualys. Tools/Qualys: This role involves administering and operating Qualys, potentially alongside other PKI solutions like ADCS or AppViewX. 2. Infrastructure Management: Administration and Operations of PKI: Qualys is sometimes used in conjunction with PKI solutions to manage certificates and related configurations, including CSR creation, certificate push, and secure connections. 3. General Requirements: Security Domain Experience: Many roles require experience in managing security infrastructure, including vulnerability management and configuration management, where Qualys is often utilized. In summary, HCL Tech utilizes Qualys tools for various security-related tasks, including vulnerability assessment, infrastructure management, and cloud security posture management. Specific requirements vary depending on the role, but experience with Qualys is often a valuable asset

Look for immediate joiner. Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS) We should look for a candidate who has deep and diverse hands on exp in above skills Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent

SUMMARY Our client is IT MNC part of one of the major insurance groups based out of Germany and Europe. The Group is represented in around 30 countries worldwide, with Over 40,000 people worldwide, focusing mainly on Europe and Asia. Our client offers a comprehensive range of insurances, pensions, investments and services by focusing on all cutting edge technologies majorly on Could, Digital, Robotics Automation, IoT, Voice Recognition, Big Data science, advanced mobile solutions and much more to accommodate the customers future needs around the globe thru supporting millions of internal and external customers with state of-the-art IT solutions to everyday problems & dedicated to bringing digital innovations to every aspect of the landscape of insurance. Job Location: Hiranandani Gardens, Powai, Mumbai Mode: Work from Office Requirements Roles & Responsibilities: Define project scope, objectives, and deliverables in collaboration with stakeholders. Develop comprehensive project plans, including timelines, budgets, and resource allocation. Manage and coordinate project teams, including security engineers, analysts, and other technical resources. Track project progress, identify and manage risks and issues, and implement effective mitigation strategies. Ensure adherence to project management methodologies and best practices. Stay up-to-date with the latest cyber security trends and technologies. Skill & Competencies: Strong track record of delivering IT projects in a large, complex environment. (7 years), especially experience in the implementation of financial and regulatory requirements in the CFO context in Group-wide systems and their integration Proven 5+ years experience as a PM Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience (typically 5+ years) managing IT projects, with a significant focus on cyber security initiatives.

Not Applicable Specialism Microsoft Management Level Senior Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. Those in application security at PwC will be responsible for providing security services to development teams including code scanning, readiness testing, and penetration testing to enable application teams to build and deploy secure applications in Production. You will utilise a riskbased methodology and shiftleft approach to engage early in the software development lifecycle. & Summary Responsibilities 1. Review application source code based on the industry standard security frameworks and organizations internal security policy. 2. Running the source code scan and analyzing the results derived from the SAST platform. 3. Coordinate with application development teams to ensure identified gaps are fixed in proper time. 4. Work with the application development team to eliminate false positives, to clarify compensating security controls. 5. Closely work with issue management team to ensure proper remediation plans are in places with well documented records. 6. Collaborate with senior developers and architects to ensure security best practices and secured design patterns are followed. 7. Work closely with other team members, including project leads, regional leads and territory security leadership team. 8. Provide regular updates on progress and issues to project managers and stakeholders 9. Strong knowledge of secure coding practices and common security vulnerabilities (e.g., OWASP Top 10). 10. Strong knowledge of Industry standard SAST tools (e.g. Veracode, Fortify on Demand). 11. Strong knowledge of Industry standard SCA tools (e.g. Blackduck). 12. Strong knowledge in manual and toolbased code review process, focusing on OWASP methodology. 13. Strong Knowledge of security vulnerability identification and remediation methodologies. 14. Familiarity with industry standard security frameworks and policies. 15. Strong knowledge of DevSecOps practices and integration of security within CI/CD pipelines. Mandatory skill sets VAPT, source code analysis, remediation, mitigation, vulnerability assessment, SAST, SCA, application security, white box testing, Veracode, Checkmarx , source code review. Preferred skill sets CI/CD Pipelines Years of experience required 47 Years Education qualification B.Tech/B.E. Education Degrees/Field of Study required Bachelor of Technology, Bachelor of Engineering Degrees/Field of Study preferred Required Skills Code Review Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Application Security, Application Security Assessment, Azure Data Factory, Cloud Application Development, Cloud Security, Coding Standards, Communication, Creativity, Cybersecurity, DevOps Practices, Embracing Change, Emotional Regulation, Empathy, Endpoint Security, Forensic Investigation, Hosting Controllers, Inclusion, Information Security, Intellectual Curiosity, Learning Agility, LoadRunner (Software Testing Tool) {+ 30 more} Travel Requirements Government Clearance Required?

is a next-generation technology and product engineering company at the forefront of innovation in Generative AI, Agentic AI , and autonomous intelligent systems . We build intelligent, secure, and scalable digital platforms that power the future of AI across industries. Role Overview: We are looking for a Senior Security Specialist with 8+ years of experience in cybersecurity, cloud security, and application security. You will be responsible for identifying, mitigating, and preventing threats across our technology landscape particularly in AI-powered, data-driven environments. This role involves leading penetration testing efforts , managing vulnerability assessments , and implementing best-in-class security tools and practices to protect our platforms and clients. What we are looking from an ideal candidate? Design and implement robust security architectures for cloud-native and on-prem environments. Conduct penetration testing (internal/external, network, application, API) and deliver clear remediation strategies. Perform regular vulnerability assessments using industry-standard tools and frameworks. Lead threat modeling and risk assessments across systems, services, and data pipelines. Collaborate with development and DevOps teams to integrate security in SDLC and CI/CD pipelines ( DevSecOps ). Define and enforce security policies, incident response procedures, and access controls. Monitor for security breaches and investigate security events using SIEM and forensic tools. Ensure compliance with global standards such as ISO 27001 , SOC 2 , GDPR , and HIPAA . Provide guidance on secure implementation of AI/ML components and data protection strategies. Preferred Skills: What skills do you need? Requirements: 8+ years of experience in information security , application security , or cybersecurity engineering . Proficient in penetration testing methodologies and use of tools such as Burp Suite , Metasploit , Nmap , Wireshark , Nessus , OWASP ZAP , Qualys , etc. Deep experience in vulnerability management , patching, and security hardening practices. Strong understanding of OWASP Top 10 , CWE/SANS Top 25 , API security, and secure coding principles. Hands-on experience with cloud security (AWS, Azure, or GCP), IAM, firewalls, WAFs, encryption, and endpoint security. Familiarity with SIEM , EDR , IDS/IPS , and DLP solutions. Knowledge of DevSecOps and tools like Terraform , Kubernetes , Docker , etc. Excellent problem-solving, analytical, and incident-handling capabilities. Preferred Qualifications: Certifications such as CISSP , CISM , CEH , OSCP , or AWS Security Specialty . Experience working on security aspects of AI/ML platforms , data pipelines , or model inferencing . Familiarity with governance and compliance frameworks (e.g., PCI-DSS, HIPAA). Experience in secure agile product environments and threat modeling techniques. What We Offer: A mission-critical role securing next-gen AI systems Opportunity to work with an innovative and fast-paced tech company High visibility and leadership opportunities in a growing security function Compensation is not a constraint for the right candidate

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. Cloud Segment Information Security Officer (SISO- GL28) Location - Gurgaon Position Overview: The Cloud Segment Information Security Officer (SISO) is responsible for overseeing and implementing security measures to protect the organization's cloud-based data and infrastructure. This role involves developing cloud-specific security strategies, managing risks, ensuring compliance, and leading incident response efforts. A key aspect of this role is fostering strong relationships and partnerships with business leaders and stakeholders to ensure security measures align with business objectives. Primary Responsibilities: Cloud Security StrategyDevelop and implement security strategies tailored to the cloud segment to ensure the protection of cloud-based data and infrastructure Risk ManagementIdentify, assess, and mitigate security risks associated with cloud operations and technologies Incident ResponseLead incident response efforts for security breaches within the cloud segment, including investigation, containment, and remediation ComplianceEnsure compliance with relevant cloud-specific regulations and standards CollaborationWork closely with other IT teams and cloud segment leaders to integrate security measures into cloud services and applications Training and AwarenessSupport security training and awareness programs for employees within the cloud segment to promote a security-conscious culture Policy DevelopmentDevelop and enforce security policies and procedures specific to cloud operations Audit and AssessmentSupport security audits and assessments to ensure the effectiveness of security measures within the cloud segment Business PartnershipFoster strong relationships with business leaders and stakeholders to ensure security measures support and enhance business objectives. Collaborate with business units to understand their needs and provide tailored cloud security solutions Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Proven experience in developing and implementing cloud security strategies Experience in leading cloud incident response efforts Experience in conducting cloud security audits and assessments Solid knowledge of cloud risk management and security architecture Familiarity with cloud compliance regulations and security monitoring tools Proven excellent collaboration and communication skills Demonstrated ability to conduct training and develop cloud security policies Demonstrated ability to build and maintain relationships with business leaders and stakeholders

Redefine the future of customer experiences. One conversation at a time. We re changing the game with a first-of-its-kind, conversation-centric platform that unifies team collaboration and customer experience in one place. Powered by AI, built by amazing humans. Our culture is forward-thinking, customer-obsessed and built on an unwavering belief that connection fuels business and life; connections to our customers with our signature Amazing Service , our products and services, and most importantly, each other. Since 2008, 100,000+ companies and 1M+ users rely on Nextiva for customer and team communication. If you re ready to collaborate and create with amazing people, let your personality shine and be on the frontlines of helping businesses deliver amazing experiences, you re in the right place. Build Amazing - Deliver Amazing - Live Amazing - Be Amazing The AI Security and Compliance Engineer is responsible for working with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle. The engineer applies knowledge of AI and application security risks and threats to design and implement appropriate, cost-effective security controls during development, deployment, and operation of AI based applications. The engineer defines and promotes the implementation guidelines for data classification, segregation, and access controls to AI model inputs and training data to ensure data confidentiality and privacy for different data sources and user groups. The engineer performs audits and vulnerability assessments, penetration testing and supports mitigation of findings. Key Responsibilities: Ensure AI products have security and privacy by design. Establish and document policies and guidelines for data classification and data used for training to prevent leaks of sensitive data. Work with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle to meet customer, regulatory, and contractual obligations. Monitor and audit AI systems and development processes for compliance with policies, regulations and contractual obligations. Monitor and respond to security incidents involving AI systems. Create AI-specific incident management procedures to address AI related security incidents. Enhance the resilience of AI systems against potential threats by implementing cyber security best practices, controls, and tools to protect AI models from threats such as those in the OWASP AI Top Ten, including supply chain and model poisoning threats and attempts to access, modify, and exfiltrate confidential information via the query interface. Establish policies and guidelines for access controls, limitations and guardrails on usage and prompts for AI inputs and API s. Ensure proper access controls on API s and processing pipelines, and segregation of data. Create, update, and maintain threat models for a wide variety of software projects. Provide AI security training for internal development teams. Maintain current knowledge of AI risks, threats, and AI testing tools and techniques. Perform other duties to support the technical and operational security of the organization as required. Qualifications: Bachelor s degree in an IT related field or equivalent experience and 2-5 years of experience in working in IT security, software development, or AI development. Desired certifications - one or more of the following: CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), SSCP (Systems Security Certified Practitioner), CCSP (Certified Cloud Security Professional) or CompTIA Security+. Understanding of Application Security and Data Security for applications and AI, such as the OWASP Top 10 and the OWASP Top 10 for Generative AI. Proficiency in and strong working knowledge of AI technologies and models such as Llama and ChatGPT. Experience and understanding of threats and risks related to web applications and API s, particularly with AI based applications. General knowledge of security implications of threats and vulnerabilities related to networks, servers, operating systems, applications, and databases. Experience with vulnerability management, patching, and mitigation assessment. Experience working within and implementing policies for a security framework such as ISO 27001 and NIST. Flexibility to work off-hours to support global project teams and maintenance windows. Ability to support 24x7 on-call for incident response on a rotating basis. Experience developing software, scripting and using SQL queries to automate controls, processes and reporting. Competencies: Strong analytical problem-solving skills and attention to detail. Organization, Time Management & Prioritization - Self-starter that focuses on key priorities; plans, organizes, schedules and executes on tasks and projects in an efficient and productive manner. Ability to form productive relationships across the organization to accomplish information security objectives. Ability and willingness to learn all aspects of the information security field. Professional verbal and written communication skills in English. Expresses ideas using clear, effective and efficient language. Listens patiently and attentively. Adapts to the purpose of the communication with appropriate style, substance, detail, confidence and channel. Possess the ability to manage multiple channels of communication simultaneously; phone, email, tickets, and chat. Able to assess, document, and prioritize identified security flaws and vulnerabilities based on risk. Total Rewards Our Total Rewards offerings are designed to allow our employees to take care of themselves and their families so they can be their best, in and out of the office. Our compensation packages are tailored to each role and candidates qualifications. We consider a wide range of factors, including skills, experience, training, and certifications, when determining compensation. We aim to offer competitive salaries or wages that reflect the value you bring to our team. Depending on the position, compensation may include base salary and/or hourly wages, incentives, or bonuses. Medical - Medical insurance coverage is available for employees, their spouse, and up to two dependent children with a limit of 500,000 INR, as well as their parents or in-laws for up to 300,000 INR. This comprehensive coverage ensures that essential healthcare needs are met for the entire family unit, providing peace of mind and security in times of medical necessity. Group Term & Group Personal Accident Insurance - Provides insurance coverage against the risk of death / injury during the policy period sustained due to an accident caused by violent, visible & external means. Coverage Type - Employee Only Sum Insured - 3 times of annual CTC with minimum cap of INR 10,00,000 Free Cover Limit - 1.5 Crore Work-Life Balance - 15 days of Privilege leaves per calendar year, 6 days of Paid Sick leave per calendar year, 6 days of Casual leave per calendar year. Paid 26 weeks of Maternity leaves, 1 week of Paternity leave, a day off on your Birthday, and paid holidays Financial Security - Provident Fund & Gratuity Wellness - Employee Assistance Program and comprehensive wellness initiatives Growth - Access to ongoing learning and development opportunities and career advancement At Nextiva, were committed to supporting our employees health, well-being, and professional growth. Join us and build a rewarding career! Established in 2008 and headquartered in Scottsdale, Arizona, Nextiva secured $200M from Goldman Sachs in late 2021, valuing the company at $2.7B.To check out what s going on at Nextiva, check us out on Instagram , Instagram (MX) , YouTube , LinkedIn , and the Nextiva blog . #LI-RQ1 #LI-Hybrid

Platform Engineer Bangalore, Karnataka, India As a member of the Digital Factory Platform team, the Platform Engineer is responsible for development of automation strategy, roadmap, KPIs, standards and practices for the platform and agile product teams This is in support of the transformation towards fully automated testing & deployments for our application teams, as part of a wider GT transformation project Leveraging solutions and services delivered by Platform team, the Platform Engineer will help drive adoption of Cloud and DevSecOps tooling throughout the organization What you ll be DOING What will your essential responsibilities include? Define the Platform automation (DevSecOPs ) strategy /integration patterns, roadmap, KPIs, standards and practices for the platform and agile product teams Assess Product team requirements and propose automation solutions Experience in implementing release automation frameworks (branching strategies / release deployment strategies - Blue Green/Canary ,rolling) using tools such as Azure DevOps , Bit bucket, teamscity, datadog,Harness ,Jenkins, Git,JFrog ,Docker ,Kubernetes and OpenShift Provide hands-on assistance with automated embedded security testing (Static application security testing ,SCA & Dynamic application security testing) Mentor and collaborate with the Product Scrum teams on automation best practices Implement containerization using Docker and orchestrate deployments with Kubernetes, ensuring scalability and portability of products in scope Implement and enforce security compliance checks within the CI/CD pipeline, ensuring adherence to industry standards and regulatory requirements Own and lead the design and implementation of automation frameworks Create and run automation training /overview sessions Delivering CI CD pipeline templates for reuse Regularly assess and enhance the DevSecOps processes to improve efficiency, security, and overall development practices Stay informed about emerging technologies and best practices in the DevSecOps space Knowledge of Selenium, JIRA ,Rest Assured, SonarQube, CheckMarx,JFROG X Ray & Qualys In-depth knowledge of Guidewire architecture and components Understanding of Guidewire security features Proficiency in Git for version control Experience with CI/CD tools (Bit bucket, Teamcity) Excellent scripting skills in Python, Shell, or PowerShell Experience with automation frameworks Familiarity with SAST and DAST tools Knowledge of Data Dog is a plus Azure API Management, Azure Logic Apps, Azure Service Bus, Azure Event Grid, Azure Functions, Azure Data Factory Knowledge of security compliance frameworks (OWASP, NIST) Familiarity with Dynatrace,ELK stack, Splunk, or similar tools Understanding of integrating security into the development lifecycle Knowledge of static analysis, dynamic analysis, and penetration testing Familiarity with secure coding practice Exposure on Guidewire CI CD tools, JIRA, Azure /AWS, OpenShift, GHE, JFrog /Nexus Artifactory, Willingness to learn new tech & tools, Terraform, Docker Terraform, Kubernetes You will report to the Head of Digital Factory Delivery What you will BRING We re looking for someone who has these abilities and skills: Required Skills and Abilities: Excellent understanding of Automation frameworks /best practices Effective understanding of Scrum Agile methodology and experience working in a Scrum team Adaptable to new/different strategies, programs, technologies, practices, cultures, etc ; comfortable with change, able to easily makes transitions Effective communication skills, both verbal and written Proven ability to clearly articulate goals and desired outcomes and influence key decisions to ensure deliverables are met Proven ability to establish and maintain effective relationships and leverage those relationships to deliver on goals Bachelor s degree or equivalent work experience Desired Skills and Abilities: Ability to effectively integrate colleagues and teams which are currently disparate, and introducing new technologies and process Proven planning and organization skills, creating work schedules, prioritizing workload, preparing in advance and setting realistic timescales xaxl com/sustainability

Web Application Security Expert Bangalore, Karnataka, India Your role is to ensure that AXA XLs web applications are protected via the necessary security controls This involves understanding our applications, their vulnerabilities (if any) and identifying the best methods to protect those applications This could involve helping the developers securely code applications, development of WAF rules or the disablement of particular WAF rules from the application What you ll be DOING What will your essential responsibilities include? Assess applications for WAF applicability Ensure web application firewalls are correctly configured and deployed Build, maintain and operate current AXA XL processes for WAF deployment and operation Educate the organization on web application protection strategies and implementations Work with various stakeholders to build knowledge and ensure our applications are protected Act as an intermediary between AXA teams to ensure security is appropriate for the risks we face, and the business can move forward in an agile way You will report to Global Head of Transversal Application Services What you will BRING We re looking for someone who has these abilities and skills: Required Skills and Abilities: Application Vulnerabilities: An understanding of vulnerabilities which can affect web applications Web Application Firewall knowledge: Understanding of web application firewalls, deployment and usage strategies, mitigation strategies in order to aid Web Application Firewall rules knowledge: Knowledge and experience in using rules within web application firewalls including knowledge of regular expressions and their usage in rules Application Protection Strategies: Understanding of methods for protecting web applications without the need for a web application (e g secure password hashing, secure coding practices) Desired Skills and Abilities: Negotiation Skills: The ability to negotiate with various parties to agree an approach that is successful for all parties IT Service Management/ServiceNow Knowledge: Understanding of the processes of Service Management and Service Now to aid in developing tickets to support processes and procedures for WAF management Penetration testing experience: Experience of the penetration testing practices particularly focused on web application testing and being able to understand the standard practices used for testing applications Training & Awareness: The ability to educate and train parts of the organization about WAF s and secure coding practices Who WE are AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks For mid-sized companies, multinationals and even some inspirational individuals we don t just provide re/insurance, we reinvent it How? By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business property, casualty, professional, financial lines and specialty With an innovative and flexible approach to risk solutions, we partner with those who move the world forward Learn more at axaxl com What we OFFER Inclusion AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic At AXA XL, we know that an inclusive culture and a diverse workforce enable business growth and are critical to our success That s why we have made a strategic commitment to attract, develop, advance and retain the most diverse workforce possible, and create an inclusive culture where everyone can bring their full selves to work and can reach their highest potential It s about helping one another and our business to move forward and succeed Five Business Resource Groups focused on gender, LGBTQ+, ethnicity and origins, disability and inclusion with 20 Chapters around the globe Robust support for Flexible Working Arrangements Enhanced family friendly leave benefits Named to the Diversity Best Practices Index Signatory to the UK Women in Finance Charter Learn more at axaxl com / about-us / inclusion-and-diversity AXA XL is an Equal Opportunity Employer Total Rewards AXA XL s Reward program is designed to take care of what matters most to you, covering the full picture of your health, wellbeing, lifestyle and financial security It provides competitive compensation and personalized, inclusive benefits that evolve as you do We re committed to rewarding your contribution for the long term, so you can be your best self today and look forward to the future with confidence Sustainability At AXA XL, Sustainability is integral to our business strategy In an ever-changing world, AXA XL protects what matters most for our clients and communities We know that sustainability is at the root of a more resilient future Our 2023-26 Sustainability strategy, called Roots of resilience , focuses on protecting natural ecosystems, addressing climate change, and embedding sustainable practices across our operations Our Pillars: Valuing nature: How we impact nature affects how nature impacts us Resilient ecosystems - the foundation of a sustainable planet and society - are essential to our future We re committed to protecting and restoring nature - from mangrove forests to the bees in our backyard - by increasing biodiversity awareness and inspiring clients and colleagues to put nature at the heart of their plans Addressing climate change: The effects of a changing climate are far reaching and significant Unpredictable weather, increasing temperatures, and rising sea levels cause both social inequalities and environmental disruption Were building a net zero strategy, developing insurance products and services, and mobilizing to advance thought leadership and investment in societal-led solutions Integrating ESG: All companies have a role to play in building a more resilient future Incorporating ESG considerations into our internal processes and practices builds resilience from the roots of our business We re training our colleagues, engaging our external partners, and evolving our sustainability governance and reporting AXA Hearts in Action: We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as AXA XL s Hearts in Action programs These include our Matching Gifts program, Volunteering Leave, and our annual volunteering day - the Global Day of Giving For more information, please see axaxl com/sustainability

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you re set up for success, you will bring the following skillset & experience: 5+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.