933 Penetration Testing Jobs - Page 18

At Cadence, we hire and develop leaders and innovators who want to make an impact on the world of technology. Position: Sr. Information Security Analyst Grade: IT3 Location: Noida/Bangalore Job Description: Key Responsibilities Led and implement security architecture and solutions to safeguard enterprise systems, networks, and data. Conduct vulnerability assessments, penetration testing, and risk assessments to identify and mitigate security threats. Develop and enforce security policies, procedures, and best practices to ensure compliance with internal standards and industry regulations. Collaborate with cross-functional teams to design secure systems and provide guidance on secure coding practices and vulnerability management. Continuously monitor the security landscape for new threats and ensure proactive defense mechanisms are in place. Required Skills Qualification Hands-on experience in securing corporate environment. Hands-on experience in security frameworks (NIST, ISO 27001, CIS) and experience with risk management and compliance Hands-on experience securing Windows (Workstations and Servers), Linux (Workstations and Servers), and Mac Hands-on experience conducting risk management by identifying gaps and providing strategies for mitigation. Hands-on experience documenting vulnerability assessment results in a clear and actionable format. Expertise in network security, firewalls, IDS/IPS, and security monitoring tools such as SIEM Proficiency with cloud security technologies (AWS, Azure, GCP) and securing cloud-based infrastructure. Experience with incident response, forensics, and managing security incidents from detection to resolution. Determines security violations and inefficiencies. Knowledge of mergers and acquisitions Experience: Should have relevant experience of at least 6-10 years. Qualification: Engineering (Computers, Electronics, IT) or equivalent We re doing work that matters. Help us solve what others can t.

Skills Required : Secure Architecture and Design, Application & API Security, Cloud & Container Security, Infrastructure & Network Security, Cryptography, Stakeholder Engagement, Mentorship Posted On : Secure Architecture and Design, Application & API Security, Cloud & Container Security, Infrastructure & Network Security, Cryptography, Stakeholder Engagement, Mentorship Education/Qualification : Bachelors or Masters Desirable Skills : cyber security, Cloud Security, Cryptography

The candidate will have expertise in penetration testing, cloud security, compliance frameworks (HIPAA, PCI DSS), security documentation, and security tools such as Qualys, Burp Suite, and other industry-standard solutions Strong communication skills and the ability to document security processes effectively are essential for this role Key Responsibilities Penetration Testing Vulnerability Management Perform penetration testing on web applications, networks, and cloud environments to identify security vulnerabilities Utilize tools like Burp Suite, Qualys, Nessus, Metasploit, and other scanning tools to detect threats Work with development and operations teams to remediate vulnerabilities and strengthen security posture Cloud SecurityEnsure cloud security best practices for AWS, Azure, and other cloud platforms Implement security controls for cloud-hosted applications and workloads Conduct security assessments and recommend security enhancements Compliance Regulatory Security Ensure compliance with HIPAA, PCI DSS, ISO 27001, NIST, and other security frameworks Conduct audits, risk assessments, and compliance gap analysis Assist in developing policies, procedures, and security documentation to meet regulatory requirements Security Operations Incident Response Monitor security logs and alerts for threat detection and response Work with security teams to investigate and mitigate security incidents Conduct forensic analysis in the event of security breaches Documentation Communication Develop and maintain security policies, procedures, and technical documentation Create security reports and communicate findings effectively to stakeholders Provide security training and awareness programs for employees Location - Bengaluru, Noida, Pune, Mumbai, Hyderabad, Mohali, Panchkula, Chennai.

HCL Tech uses Qualys tools for various roles, including those in security, infrastructure management, and penetration testing. Job descriptions often specify experience with Qualys tools, such as vulnerability scanning and configuration management , and may also require proficiency in other security technologies and certifications like CEH. 1. Security Roles: Vulnerability Assessment and Penetration Testing (VAPT): HCL Tech uses Qualys tools for identifying vulnerabilities in systems and applications. VAPT Testers need experience with Qualys and other penetration testing tools. Security Operations Engineer: This role involves implementing and managing security measures, including those related to vulnerability management and cloud security posture management (CSPM) using Qualys. Tools/Qualys: This role involves administering and operating Qualys, potentially alongside other PKI solutions like ADCS or AppViewX. 2. Infrastructure Management: Administration and Operations of PKI: Qualys is sometimes used in conjunction with PKI solutions to manage certificates and related configurations, including CSR creation, certificate push, and secure connections. 3. General Requirements: Security Domain Experience: Many roles require experience in managing security infrastructure, including vulnerability management and configuration management, where Qualys is often utilized. In summary, HCL Tech utilizes Qualys tools for various security-related tasks, including vulnerability assessment, infrastructure management, and cloud security posture management. Specific requirements vary depending on the role, but experience with Qualys is often a valuable asset

Look for immediate joiner. Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS) We should look for a candidate who has deep and diverse hands on exp in above skills Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps This profile requires a candidate with hands on Application Security experience specific to mobile applications Communication should excellent

SUMMARY Our client is IT MNC part of one of the major insurance groups based out of Germany and Europe. The Group is represented in around 30 countries worldwide, with Over 40,000 people worldwide, focusing mainly on Europe and Asia. Our client offers a comprehensive range of insurances, pensions, investments and services by focusing on all cutting edge technologies majorly on Could, Digital, Robotics Automation, IoT, Voice Recognition, Big Data science, advanced mobile solutions and much more to accommodate the customers future needs around the globe thru supporting millions of internal and external customers with state of-the-art IT solutions to everyday problems & dedicated to bringing digital innovations to every aspect of the landscape of insurance. Job Location: Hiranandani Gardens, Powai, Mumbai Mode: Work from Office Requirements Roles & Responsibilities: Define project scope, objectives, and deliverables in collaboration with stakeholders. Develop comprehensive project plans, including timelines, budgets, and resource allocation. Manage and coordinate project teams, including security engineers, analysts, and other technical resources. Track project progress, identify and manage risks and issues, and implement effective mitigation strategies. Ensure adherence to project management methodologies and best practices. Stay up-to-date with the latest cyber security trends and technologies. Skill & Competencies: Strong track record of delivering IT projects in a large, complex environment. (7 years), especially experience in the implementation of financial and regulatory requirements in the CFO context in Group-wide systems and their integration Proven 5+ years experience as a PM Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience (typically 5+ years) managing IT projects, with a significant focus on cyber security initiatives.

Not Applicable Specialism Microsoft Management Level Senior Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. Those in application security at PwC will be responsible for providing security services to development teams including code scanning, readiness testing, and penetration testing to enable application teams to build and deploy secure applications in Production. You will utilise a riskbased methodology and shiftleft approach to engage early in the software development lifecycle. & Summary Responsibilities 1. Review application source code based on the industry standard security frameworks and organizations internal security policy. 2. Running the source code scan and analyzing the results derived from the SAST platform. 3. Coordinate with application development teams to ensure identified gaps are fixed in proper time. 4. Work with the application development team to eliminate false positives, to clarify compensating security controls. 5. Closely work with issue management team to ensure proper remediation plans are in places with well documented records. 6. Collaborate with senior developers and architects to ensure security best practices and secured design patterns are followed. 7. Work closely with other team members, including project leads, regional leads and territory security leadership team. 8. Provide regular updates on progress and issues to project managers and stakeholders 9. Strong knowledge of secure coding practices and common security vulnerabilities (e.g., OWASP Top 10). 10. Strong knowledge of Industry standard SAST tools (e.g. Veracode, Fortify on Demand). 11. Strong knowledge of Industry standard SCA tools (e.g. Blackduck). 12. Strong knowledge in manual and toolbased code review process, focusing on OWASP methodology. 13. Strong Knowledge of security vulnerability identification and remediation methodologies. 14. Familiarity with industry standard security frameworks and policies. 15. Strong knowledge of DevSecOps practices and integration of security within CI/CD pipelines. Mandatory skill sets VAPT, source code analysis, remediation, mitigation, vulnerability assessment, SAST, SCA, application security, white box testing, Veracode, Checkmarx , source code review. Preferred skill sets CI/CD Pipelines Years of experience required 47 Years Education qualification B.Tech/B.E. Education Degrees/Field of Study required Bachelor of Technology, Bachelor of Engineering Degrees/Field of Study preferred Required Skills Code Review Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Application Security, Application Security Assessment, Azure Data Factory, Cloud Application Development, Cloud Security, Coding Standards, Communication, Creativity, Cybersecurity, DevOps Practices, Embracing Change, Emotional Regulation, Empathy, Endpoint Security, Forensic Investigation, Hosting Controllers, Inclusion, Information Security, Intellectual Curiosity, Learning Agility, LoadRunner (Software Testing Tool) {+ 30 more} Travel Requirements Government Clearance Required?

is a next-generation technology and product engineering company at the forefront of innovation in Generative AI, Agentic AI , and autonomous intelligent systems . We build intelligent, secure, and scalable digital platforms that power the future of AI across industries. Role Overview: We are looking for a Senior Security Specialist with 8+ years of experience in cybersecurity, cloud security, and application security. You will be responsible for identifying, mitigating, and preventing threats across our technology landscape particularly in AI-powered, data-driven environments. This role involves leading penetration testing efforts , managing vulnerability assessments , and implementing best-in-class security tools and practices to protect our platforms and clients. What we are looking from an ideal candidate? Design and implement robust security architectures for cloud-native and on-prem environments. Conduct penetration testing (internal/external, network, application, API) and deliver clear remediation strategies. Perform regular vulnerability assessments using industry-standard tools and frameworks. Lead threat modeling and risk assessments across systems, services, and data pipelines. Collaborate with development and DevOps teams to integrate security in SDLC and CI/CD pipelines ( DevSecOps ). Define and enforce security policies, incident response procedures, and access controls. Monitor for security breaches and investigate security events using SIEM and forensic tools. Ensure compliance with global standards such as ISO 27001 , SOC 2 , GDPR , and HIPAA . Provide guidance on secure implementation of AI/ML components and data protection strategies. Preferred Skills: What skills do you need? Requirements: 8+ years of experience in information security , application security , or cybersecurity engineering . Proficient in penetration testing methodologies and use of tools such as Burp Suite , Metasploit , Nmap , Wireshark , Nessus , OWASP ZAP , Qualys , etc. Deep experience in vulnerability management , patching, and security hardening practices. Strong understanding of OWASP Top 10 , CWE/SANS Top 25 , API security, and secure coding principles. Hands-on experience with cloud security (AWS, Azure, or GCP), IAM, firewalls, WAFs, encryption, and endpoint security. Familiarity with SIEM , EDR , IDS/IPS , and DLP solutions. Knowledge of DevSecOps and tools like Terraform , Kubernetes , Docker , etc. Excellent problem-solving, analytical, and incident-handling capabilities. Preferred Qualifications: Certifications such as CISSP , CISM , CEH , OSCP , or AWS Security Specialty . Experience working on security aspects of AI/ML platforms , data pipelines , or model inferencing . Familiarity with governance and compliance frameworks (e.g., PCI-DSS, HIPAA). Experience in secure agile product environments and threat modeling techniques. What We Offer: A mission-critical role securing next-gen AI systems Opportunity to work with an innovative and fast-paced tech company High visibility and leadership opportunities in a growing security function Compensation is not a constraint for the right candidate

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. Cloud Segment Information Security Officer (SISO- GL28) Location - Gurgaon Position Overview: The Cloud Segment Information Security Officer (SISO) is responsible for overseeing and implementing security measures to protect the organization's cloud-based data and infrastructure. This role involves developing cloud-specific security strategies, managing risks, ensuring compliance, and leading incident response efforts. A key aspect of this role is fostering strong relationships and partnerships with business leaders and stakeholders to ensure security measures align with business objectives. Primary Responsibilities: Cloud Security StrategyDevelop and implement security strategies tailored to the cloud segment to ensure the protection of cloud-based data and infrastructure Risk ManagementIdentify, assess, and mitigate security risks associated with cloud operations and technologies Incident ResponseLead incident response efforts for security breaches within the cloud segment, including investigation, containment, and remediation ComplianceEnsure compliance with relevant cloud-specific regulations and standards CollaborationWork closely with other IT teams and cloud segment leaders to integrate security measures into cloud services and applications Training and AwarenessSupport security training and awareness programs for employees within the cloud segment to promote a security-conscious culture Policy DevelopmentDevelop and enforce security policies and procedures specific to cloud operations Audit and AssessmentSupport security audits and assessments to ensure the effectiveness of security measures within the cloud segment Business PartnershipFoster strong relationships with business leaders and stakeholders to ensure security measures support and enhance business objectives. Collaborate with business units to understand their needs and provide tailored cloud security solutions Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Proven experience in developing and implementing cloud security strategies Experience in leading cloud incident response efforts Experience in conducting cloud security audits and assessments Solid knowledge of cloud risk management and security architecture Familiarity with cloud compliance regulations and security monitoring tools Proven excellent collaboration and communication skills Demonstrated ability to conduct training and develop cloud security policies Demonstrated ability to build and maintain relationships with business leaders and stakeholders

Redefine the future of customer experiences. One conversation at a time. We re changing the game with a first-of-its-kind, conversation-centric platform that unifies team collaboration and customer experience in one place. Powered by AI, built by amazing humans. Our culture is forward-thinking, customer-obsessed and built on an unwavering belief that connection fuels business and life; connections to our customers with our signature Amazing Service , our products and services, and most importantly, each other. Since 2008, 100,000+ companies and 1M+ users rely on Nextiva for customer and team communication. If you re ready to collaborate and create with amazing people, let your personality shine and be on the frontlines of helping businesses deliver amazing experiences, you re in the right place. Build Amazing - Deliver Amazing - Live Amazing - Be Amazing The AI Security and Compliance Engineer is responsible for working with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle. The engineer applies knowledge of AI and application security risks and threats to design and implement appropriate, cost-effective security controls during development, deployment, and operation of AI based applications. The engineer defines and promotes the implementation guidelines for data classification, segregation, and access controls to AI model inputs and training data to ensure data confidentiality and privacy for different data sources and user groups. The engineer performs audits and vulnerability assessments, penetration testing and supports mitigation of findings. Key Responsibilities: Ensure AI products have security and privacy by design. Establish and document policies and guidelines for data classification and data used for training to prevent leaks of sensitive data. Work with development and compliance teams to ensure secure and compliant AI development throughout the product lifecycle to meet customer, regulatory, and contractual obligations. Monitor and audit AI systems and development processes for compliance with policies, regulations and contractual obligations. Monitor and respond to security incidents involving AI systems. Create AI-specific incident management procedures to address AI related security incidents. Enhance the resilience of AI systems against potential threats by implementing cyber security best practices, controls, and tools to protect AI models from threats such as those in the OWASP AI Top Ten, including supply chain and model poisoning threats and attempts to access, modify, and exfiltrate confidential information via the query interface. Establish policies and guidelines for access controls, limitations and guardrails on usage and prompts for AI inputs and API s. Ensure proper access controls on API s and processing pipelines, and segregation of data. Create, update, and maintain threat models for a wide variety of software projects. Provide AI security training for internal development teams. Maintain current knowledge of AI risks, threats, and AI testing tools and techniques. Perform other duties to support the technical and operational security of the organization as required. Qualifications: Bachelor s degree in an IT related field or equivalent experience and 2-5 years of experience in working in IT security, software development, or AI development. Desired certifications - one or more of the following: CISSP (Certified Information Systems Security Professional), Certified Information Security Manager (CISM), SSCP (Systems Security Certified Practitioner), CCSP (Certified Cloud Security Professional) or CompTIA Security+. Understanding of Application Security and Data Security for applications and AI, such as the OWASP Top 10 and the OWASP Top 10 for Generative AI. Proficiency in and strong working knowledge of AI technologies and models such as Llama and ChatGPT. Experience and understanding of threats and risks related to web applications and API s, particularly with AI based applications. General knowledge of security implications of threats and vulnerabilities related to networks, servers, operating systems, applications, and databases. Experience with vulnerability management, patching, and mitigation assessment. Experience working within and implementing policies for a security framework such as ISO 27001 and NIST. Flexibility to work off-hours to support global project teams and maintenance windows. Ability to support 24x7 on-call for incident response on a rotating basis. Experience developing software, scripting and using SQL queries to automate controls, processes and reporting. Competencies: Strong analytical problem-solving skills and attention to detail. Organization, Time Management & Prioritization - Self-starter that focuses on key priorities; plans, organizes, schedules and executes on tasks and projects in an efficient and productive manner. Ability to form productive relationships across the organization to accomplish information security objectives. Ability and willingness to learn all aspects of the information security field. Professional verbal and written communication skills in English. Expresses ideas using clear, effective and efficient language. Listens patiently and attentively. Adapts to the purpose of the communication with appropriate style, substance, detail, confidence and channel. Possess the ability to manage multiple channels of communication simultaneously; phone, email, tickets, and chat. Able to assess, document, and prioritize identified security flaws and vulnerabilities based on risk. Total Rewards Our Total Rewards offerings are designed to allow our employees to take care of themselves and their families so they can be their best, in and out of the office. Our compensation packages are tailored to each role and candidates qualifications. We consider a wide range of factors, including skills, experience, training, and certifications, when determining compensation. We aim to offer competitive salaries or wages that reflect the value you bring to our team. Depending on the position, compensation may include base salary and/or hourly wages, incentives, or bonuses. Medical - Medical insurance coverage is available for employees, their spouse, and up to two dependent children with a limit of 500,000 INR, as well as their parents or in-laws for up to 300,000 INR. This comprehensive coverage ensures that essential healthcare needs are met for the entire family unit, providing peace of mind and security in times of medical necessity. Group Term & Group Personal Accident Insurance - Provides insurance coverage against the risk of death / injury during the policy period sustained due to an accident caused by violent, visible & external means. Coverage Type - Employee Only Sum Insured - 3 times of annual CTC with minimum cap of INR 10,00,000 Free Cover Limit - 1.5 Crore Work-Life Balance - 15 days of Privilege leaves per calendar year, 6 days of Paid Sick leave per calendar year, 6 days of Casual leave per calendar year. Paid 26 weeks of Maternity leaves, 1 week of Paternity leave, a day off on your Birthday, and paid holidays Financial Security - Provident Fund & Gratuity Wellness - Employee Assistance Program and comprehensive wellness initiatives Growth - Access to ongoing learning and development opportunities and career advancement At Nextiva, were committed to supporting our employees health, well-being, and professional growth. Join us and build a rewarding career! Established in 2008 and headquartered in Scottsdale, Arizona, Nextiva secured $200M from Goldman Sachs in late 2021, valuing the company at $2.7B.To check out what s going on at Nextiva, check us out on Instagram , Instagram (MX) , YouTube , LinkedIn , and the Nextiva blog . #LI-RQ1 #LI-Hybrid

Platform Engineer Bangalore, Karnataka, India As a member of the Digital Factory Platform team, the Platform Engineer is responsible for development of automation strategy, roadmap, KPIs, standards and practices for the platform and agile product teams This is in support of the transformation towards fully automated testing & deployments for our application teams, as part of a wider GT transformation project Leveraging solutions and services delivered by Platform team, the Platform Engineer will help drive adoption of Cloud and DevSecOps tooling throughout the organization What you ll be DOING What will your essential responsibilities include? Define the Platform automation (DevSecOPs ) strategy /integration patterns, roadmap, KPIs, standards and practices for the platform and agile product teams Assess Product team requirements and propose automation solutions Experience in implementing release automation frameworks (branching strategies / release deployment strategies - Blue Green/Canary ,rolling) using tools such as Azure DevOps , Bit bucket, teamscity, datadog,Harness ,Jenkins, Git,JFrog ,Docker ,Kubernetes and OpenShift Provide hands-on assistance with automated embedded security testing (Static application security testing ,SCA & Dynamic application security testing) Mentor and collaborate with the Product Scrum teams on automation best practices Implement containerization using Docker and orchestrate deployments with Kubernetes, ensuring scalability and portability of products in scope Implement and enforce security compliance checks within the CI/CD pipeline, ensuring adherence to industry standards and regulatory requirements Own and lead the design and implementation of automation frameworks Create and run automation training /overview sessions Delivering CI CD pipeline templates for reuse Regularly assess and enhance the DevSecOps processes to improve efficiency, security, and overall development practices Stay informed about emerging technologies and best practices in the DevSecOps space Knowledge of Selenium, JIRA ,Rest Assured, SonarQube, CheckMarx,JFROG X Ray & Qualys In-depth knowledge of Guidewire architecture and components Understanding of Guidewire security features Proficiency in Git for version control Experience with CI/CD tools (Bit bucket, Teamcity) Excellent scripting skills in Python, Shell, or PowerShell Experience with automation frameworks Familiarity with SAST and DAST tools Knowledge of Data Dog is a plus Azure API Management, Azure Logic Apps, Azure Service Bus, Azure Event Grid, Azure Functions, Azure Data Factory Knowledge of security compliance frameworks (OWASP, NIST) Familiarity with Dynatrace,ELK stack, Splunk, or similar tools Understanding of integrating security into the development lifecycle Knowledge of static analysis, dynamic analysis, and penetration testing Familiarity with secure coding practice Exposure on Guidewire CI CD tools, JIRA, Azure /AWS, OpenShift, GHE, JFrog /Nexus Artifactory, Willingness to learn new tech & tools, Terraform, Docker Terraform, Kubernetes You will report to the Head of Digital Factory Delivery What you will BRING We re looking for someone who has these abilities and skills: Required Skills and Abilities: Excellent understanding of Automation frameworks /best practices Effective understanding of Scrum Agile methodology and experience working in a Scrum team Adaptable to new/different strategies, programs, technologies, practices, cultures, etc ; comfortable with change, able to easily makes transitions Effective communication skills, both verbal and written Proven ability to clearly articulate goals and desired outcomes and influence key decisions to ensure deliverables are met Proven ability to establish and maintain effective relationships and leverage those relationships to deliver on goals Bachelor s degree or equivalent work experience Desired Skills and Abilities: Ability to effectively integrate colleagues and teams which are currently disparate, and introducing new technologies and process Proven planning and organization skills, creating work schedules, prioritizing workload, preparing in advance and setting realistic timescales xaxl com/sustainability

Web Application Security Expert Bangalore, Karnataka, India Your role is to ensure that AXA XLs web applications are protected via the necessary security controls This involves understanding our applications, their vulnerabilities (if any) and identifying the best methods to protect those applications This could involve helping the developers securely code applications, development of WAF rules or the disablement of particular WAF rules from the application What you ll be DOING What will your essential responsibilities include? Assess applications for WAF applicability Ensure web application firewalls are correctly configured and deployed Build, maintain and operate current AXA XL processes for WAF deployment and operation Educate the organization on web application protection strategies and implementations Work with various stakeholders to build knowledge and ensure our applications are protected Act as an intermediary between AXA teams to ensure security is appropriate for the risks we face, and the business can move forward in an agile way You will report to Global Head of Transversal Application Services What you will BRING We re looking for someone who has these abilities and skills: Required Skills and Abilities: Application Vulnerabilities: An understanding of vulnerabilities which can affect web applications Web Application Firewall knowledge: Understanding of web application firewalls, deployment and usage strategies, mitigation strategies in order to aid Web Application Firewall rules knowledge: Knowledge and experience in using rules within web application firewalls including knowledge of regular expressions and their usage in rules Application Protection Strategies: Understanding of methods for protecting web applications without the need for a web application (e g secure password hashing, secure coding practices) Desired Skills and Abilities: Negotiation Skills: The ability to negotiate with various parties to agree an approach that is successful for all parties IT Service Management/ServiceNow Knowledge: Understanding of the processes of Service Management and Service Now to aid in developing tickets to support processes and procedures for WAF management Penetration testing experience: Experience of the penetration testing practices particularly focused on web application testing and being able to understand the standard practices used for testing applications Training & Awareness: The ability to educate and train parts of the organization about WAF s and secure coding practices Who WE are AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks For mid-sized companies, multinationals and even some inspirational individuals we don t just provide re/insurance, we reinvent it How? By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business property, casualty, professional, financial lines and specialty With an innovative and flexible approach to risk solutions, we partner with those who move the world forward Learn more at axaxl com What we OFFER Inclusion AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic At AXA XL, we know that an inclusive culture and a diverse workforce enable business growth and are critical to our success That s why we have made a strategic commitment to attract, develop, advance and retain the most diverse workforce possible, and create an inclusive culture where everyone can bring their full selves to work and can reach their highest potential It s about helping one another and our business to move forward and succeed Five Business Resource Groups focused on gender, LGBTQ+, ethnicity and origins, disability and inclusion with 20 Chapters around the globe Robust support for Flexible Working Arrangements Enhanced family friendly leave benefits Named to the Diversity Best Practices Index Signatory to the UK Women in Finance Charter Learn more at axaxl com / about-us / inclusion-and-diversity AXA XL is an Equal Opportunity Employer Total Rewards AXA XL s Reward program is designed to take care of what matters most to you, covering the full picture of your health, wellbeing, lifestyle and financial security It provides competitive compensation and personalized, inclusive benefits that evolve as you do We re committed to rewarding your contribution for the long term, so you can be your best self today and look forward to the future with confidence Sustainability At AXA XL, Sustainability is integral to our business strategy In an ever-changing world, AXA XL protects what matters most for our clients and communities We know that sustainability is at the root of a more resilient future Our 2023-26 Sustainability strategy, called Roots of resilience , focuses on protecting natural ecosystems, addressing climate change, and embedding sustainable practices across our operations Our Pillars: Valuing nature: How we impact nature affects how nature impacts us Resilient ecosystems - the foundation of a sustainable planet and society - are essential to our future We re committed to protecting and restoring nature - from mangrove forests to the bees in our backyard - by increasing biodiversity awareness and inspiring clients and colleagues to put nature at the heart of their plans Addressing climate change: The effects of a changing climate are far reaching and significant Unpredictable weather, increasing temperatures, and rising sea levels cause both social inequalities and environmental disruption Were building a net zero strategy, developing insurance products and services, and mobilizing to advance thought leadership and investment in societal-led solutions Integrating ESG: All companies have a role to play in building a more resilient future Incorporating ESG considerations into our internal processes and practices builds resilience from the roots of our business We re training our colleagues, engaging our external partners, and evolving our sustainability governance and reporting AXA Hearts in Action: We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as AXA XL s Hearts in Action programs These include our Matching Gifts program, Volunteering Leave, and our annual volunteering day - the Global Day of Giving For more information, please see axaxl com/sustainability

We are looking for Application Security Engineer to take ownership of security testing for enterprise products deployed on mainframe environments. In this role, you will assess application-layer security risks, identify vulnerabilities in product implementations, and lead secure architecture reviews. The ideal candidate brings deep offensive security skills along with familiarity in testing applications running on or integrated with IBM mainframe systems. Primary Roles and Responsibilities: Conduct penetration testing and red teaming exercises targeting mainframe environments and the surrounding application ecosystem. Perform code-assisted and black-box penetration testing against enterprise applications/systems interacting with RACF, DB2, CICS, MQ, and related subsystems. Identify risks in authentication, authorization, data handling, and communications within mainframe-integrated products. Create threat models and guide product teams in mitigating high-impact vulnerabilities early in the SDLC. Drive remediation efforts through hands-on collaboration and secure design guidance. Author technical reports and deliver executive summaries tailored to various audiences. Stay current on vulnerabilities, exploits, and testing techniques relevant to legacy enterprise technologies and mainframe ecosystems. Assess common integration patterns (SOA, REST/JSON, MQ) for security risks. To ensure you re set up for success, you will bring the following skillset & experience: 5+ years of experience in penetration testing, with a specialization in systems/applications integrating with mainframe environments. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services Whilst these are nice to have, our team can help you develop in the following skills: Industry certifications such as OSCP, OSCE, CRTP, GIAC GPEN, GXPN, or CISSP. Background in regulated industries such as banking, insurance, or government, where mainframes are core infrastructure. Knowledge of COBOL, PL/I, or other mainframe-centric programming languages. Experience with compliance standards like PCI-DSS, NIST, or SOX as they apply to mainframes.

Are you interested in automating the build and deployment process of the application with ensuring the application security? If yes, then Payatu is the place for you. We are always in search of passionate people to expand our renowned Bandit family at Payatu. In the quest for Bandits, here is an excellent opportunity we would like to share with you. Who we are? Payatu is an ISO certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual. What we look for outside work parameters? Your expertise is your primary qualification, not your degree or certification. Your publicly known contributions are your credentials. Papers you have written, tools you have developed are your references. Your write-up reflects your interests and ethics. Your published exploits, your CTF scores, and hall of fame listings are the testimonies of your work. Your research paper was published and presented at conferences. You are learning from the community and enthusiastically contributing back. You are a perfect technical fit if: Strong fundamental of application and network protocols. Stronghold on Web application security concept and penetration testing skill. Good command of at least one programming language. Good understanding of OWASP Top 10 and other web-related vulnerabilities as well as logic flaws. Hands-on experience in performing penetration testing of web-based applications preferably in the financial domain. Good to have experience in working alongside the development/QA teams. Good report writing and presentation skills. Should be able to suggest optimum security improvements to application components. You Have All Our Desired Qualities, if: Experience in web application and web service security assessment. You have a history of publishing or presenting good research. You have the knack of finding security bugs in everything you touch. You like automating stuff. You like writing tools. You have excellent written and verbal communication skills and the ability to express your thoughts clearly. You have the skill to articulate and present technical things in business language. You can work independently as well as within a team and meet project schedules and deadlines. You have strong problem solving, troubleshooting, and analysis skills. You are passionate about your area of expertise and self-driven. You are comfortable working in a dynamic and fast-paced work environment. You are Self-driven, proactive, hardworking, team-player. You are working on something on your own in your field apart from official work. Your everyday work will look like: Security assessment of web application and web service on various platforms. Back your findings with Proof-of-concept exploits. Collect evidence and maintain a detailed write-up of the findings. Understand and explain the results with impact on business and compliance status. Explain and demonstrate vulnerabilities to application/system owners. Provide appropriate remediation and mitigations of the identified vulnerabilities. Individually or collaboratively review the system designs, source code, configurations, communications for security gaps. Deliver results within stipulated timelines. Sharpen your saw with continuous research, learning, training on the latest tools and techniques, keeping up with new research, and sharing the same with the ecosystem. Communicate well using verbal and written skills, within and out of the team.

Job Track Description Requires formal education and relevant expertise in a professional, sales, or technical area. Performs technical-based activities. Contributes to and manages projects. Uses deductive reasoning to solve problems and make recommendations. Interfaces with and influences key stakeholders. Leverages previous knowledge and expertise to achieve results. Ability to complete work self-guided. College or university degree required. General Profile Requires knowledge and experience in field. Uses best practices and knowledge of business to improve products or services. Solves complex problems and takes a new perspective on existing procedures. Self-starter, requiring minimal guidance. Acts as a resource for colleagues with less experience. Functional Knowledge Requires conceptual expertise of theories, practices, and procedures. Business Expertise Has knowledge of best practices and team integration. Aware of the competition and what differentiates them. Impact Impacts a range of customer, operational, project or service activities. Works within broad guidelines and policies. Leadership Acts as a resource for colleagues with less experience. May guide small projects with manageable risks and resource requirements. Problem Solving Solves complex problems. Takes a new perspective on existing solutions. Exercises judgment based on the review of multiple information sources. reviewing many sources of information. Skills Clearly articulates difficult or sensitive information. Works to build consensus within a team. Responsibility Statements Supports the development of strategies for new client offerings. Ensures the effective use and application of resources. Assesses customer requirements and assists with the development of solutions. Reviews service and operating procedures to ensure compliance with industry standards and regulations. Works closely with the solutions team and sales, practice, and delivery leaders to develop the solution strategy and approach. Developing proficiency in market trends, best practices, and innovation. Performs other duties as assigned. Complies with all policies and standards.

Job Area: Engineering Group, Engineering Group > Software Engineering Qualcomm Overview: Qualcomm is a company of inventors that unlocked 5G ushering in an age of rapid acceleration in connectivity and new possibilities that will transform industries, create jobs, and enrich lives. But this is just the beginning. It takes inventive minds with diverse skills, backgrounds, and cultures to transform 5Gs potential into world-changing technologies and products. This is the Invention Age - and this is where you come in. General Summary: As a Site Reliability Engineer (SRE), youll be part of a highly collaborative team focused on provisioning and maintaining infrastructure and services with stability, sustainability, and security always on your mind. You will work in a self-guided, cross-functional team responsible for everything from modernizing traditional services and applications to deploying new technology. You'll collaborate closely with software engineers, data scientists, and product managers to maintain and optimize our systems. If you're passionate about automotive technology, software reliability, and continuous improvement, this role is perfect for you. Your Guiding Principles: Automation You understand the power of automation and "infrastructure as code" concepts. Automation is your primary consideration in problem-solving. Collaboration: You share a common language with fellow engineers, understand their needs, and thrive working in a high trust collaborate culture in which people are rewarded for taking risks. Data-driven You understand why decisions are supported by facts and not opinions. You have experience applying logical approach to decision making. Skilled at metric collection and using that data to drive change. Debugging You understand debugging principles and are adept at applying them routinely and successfully. DevSecOps: You understand that DevSecOps is a culture which needs to be cultivated and you can help nurture those philosophies. Security You know how to layer appropriate security within solutions across the lifecycle. You understand the security implications and consequences of any deployment. Self-Driven: You understand how to prioritize work and time allocation at a personal and team level. Stability: You know what it means to deliver a service with a high degree of reliability and are intimately familiar with how disruptions impact consumers. Sustainability: You avoid one off solutions which are challenging to support. Instead, your solutions are aligned with team goals and strategic vision. You routinely dedicate cycles to reducing technical debt. What you have: Extensive Linux experience with servers and workstations. You can easily navigate the CLI, knowledgeable with typical Linux troubleshooting tools, and have a broad understanding of Ubuntu and RedHat. The ability to automate through scripting languages such as Python, Bash, Go, etc. The skill to provide sufficient automated test coverage of various implementations. You have familiarity with Jenkins, Puppet, Splunk, JIRA, Vault, Docker, AWS, Cloud services, etc. Ability to respond rapidly to changing landscapes while providing stable, reliable, and secure services to customers. You have a passion for continuous learning and leverage the scientific method to ensure nothing is taken for granted. Responsibilities: System Monitoring and Incident Response: Monitor system health, detect anomalies, and respond promptly to incidents. Investigate and troubleshoot issues related to services. Implement proactive measures to prevent service disruptions. Infrastructure Automation: Develop and maintain infrastructure-as-code (IaC) scripts for deployment and scaling. Automate routine tasks to improve efficiency and reduce manual intervention. Performance Optimization: Collaborate with development teams to optimize software performance. Identify bottlenecks and implement solutions to enhance system speed and reliability. Capacity Planning: Forecast resource requirements based on traffic patterns and business growth. Scale infrastructure to accommodate increasing demand. Security and Compliance: Ensure compliance with industry standards and best practices. Implement security controls and participate in security audits.

CyberShelter is looking for a hands-on and detail-oriented Offensive Security Tester to execute vulnerability assessments, penetration testing, and assist in red team operations under the guidance of senior team members. This role is ideal for individuals who are technically sound, passionate about ethical hacking, and eager to grow in the offensive security domain. Key Responsibilities Conduct technical assessments across: Web applications, mobile apps, APIs, thick clients and network infrastructure systems Execute standard VAPT tasks including reconnaissance, scanning, enumeration, exploitation, and post-exploitation. Prepare draft reports with findings, risk ratings, and remediation suggestions. Collaborate with senior team members during red team engagements, source code reviews, and architecture review assessments. Maintain test logs, tool outputs, and evidence for quality and compliance checks. Stay informed on new vulnerabilities, CVEs, and attack techniques. Qualifications Experience: 2 to 4 years of experience in offensive security, ethical hacking, or VAPT roles. Technical Skills: Familiar with OWASP Top 10, common CVEs, and exploit scenarios Basic scripting knowledge (Python, Bash, or PowerShell) preferred Exposure to security testing methodologies and reporting standards Certifications: OSCP, eJPT, CEH, or equivalent are a plus. Soft Skills: Eagerness to learn, ability to follow guidance, and good communication. Preferred Attributes Strong willingness to develop deep offensive security expertise Ability to work collaboratively in a fast-paced team environment Attention to detail and strong documentation habits

CyberShelter is seeking a Senior Offensive Security Tester to perform and oversee advanced security testing across applications, infrastructure, and cloud environments. As a senior member of the offensive security team, this role requires strong hands-on expertise in VAPT, red teaming exercises, and security assessments, along with leadership in task execution and mentorship of the testers. Key Responsibilities Conduct advanced vulnerability assessments and penetration tests on: Web applications, Mobile Apps (iOS/Android), APIs Network and infrastructure (on-prem and cloud) Thick client Execute red team exercises simulating real-world attack scenarios and lateral movement techniques. Perform source code reviews, threat modeling, and architecture review as required. Document findings with clear PoCs and detailed impact analysis for business stakeholders. Support the Offensive Security Lead in managing technical execution and ensuring adherence to methodology. Mentor and guide junior testers and analysts in tool usage, attack simulation, and reporting standards. Stay updated on emerging threats, exploits, and offensive tooling enhancements. Participate in client walkthroughs, support remediation discussions, and align assessments with business context. Qualifications Experience: 57 years of experience in offensive security testing, VAPT, or red teaming roles. Technical Skills: Strong understanding of OWASP Top 10, SANS/CWE, MITRE ATT&CK Familiarity with source code analysis and scripting (Python, Bash, PowerShell) Certifications: OSCP preferred; other certifications like eCPPT, CRTP, OSEP, or CREST Practitioner are a plus. Soft Skills: Good reporting skills, team collaboration, and attention to detail. Preferred Attributes Passionate about ethical hacking and continuous skill development Able to work independently on assigned tasks and manage priorities effectively Comfortable operating in a fast-paced, customer-facing environment Role & responsibilities

CyberShelter is seeking a passionate and experienced Offensive Security Lead to spearhead our offensive security initiatives, including VAPT, red teaming, source code reviews, and advanced security assessments across a diverse range of platforms. This role requires strong technical leadership, hands-on expertise, client engagement, and the ability to guide and mentor a specialized team. Key Responsibilities Lead and manage the offensive security team responsible for: Vulnerability Assessment & Penetration Testing (Web, Mobile, APIs, Network, Infrastructure, Thick Clients) Red Teaming and adversary simulation Source code review, threat modeling, and secure architecture assessments Configuration reviews, segmentation testing, and wireless security assessments Own end-to-end project lifecycle including planning, execution, reporting, and customer walkthroughs. Review and validate findings, risk ratings, and ensure quality assurance across all deliverables. Collaborate with clients to understand business context, prioritize findings based on impact, and advise on remediation strategies. Drive threat-based assessment approaches aligned with MITRE ATT&CK, OWASP, and other frameworks. Stay current with evolving threat landscapes, tools, and industry best practices. Qualifications Experience: 810 years of hands-on experience in offensive security, red teaming, and advanced security assessments. Technical Skills: Expertise in manual and automated VAPT techniques across full tech stack Deep understanding of OWASP Top 10, SANS Top 25, NIST SP 800-115, etc. Exposure to DevSecOps, CI/CD security, and modern application stacks Certifications: OSCP, OSCE, OSEP, CRTP, CREST or equivalent (preferred) Soft Skills: Strong communication, leadership, client-facing experience, and documentation skills. Preferred Attributes Passionate about offensive security and continuous learning Ability to manage multiple concurrent projects and mentor junior team members Strategic mindset with strong operational execution capabilities

Job Summary: We are seeking an experienced Cyber Security Trainer to join our team. The ideal candidate will have a solid background in cybersecurity principles and practices, combined with a passion for teaching and helping students understand complex cybersecurity concepts. You will be responsible for delivering high-quality training sessions and supporting students as they develop skills essential to succeed in the cybersecurity field. Key Responsibilities: Deliver engaging and interactive training sessions on cybersecurity topics, including but not limited to network security, threat analysis, malware protection, digital forensic, and ethical hacking. Develop and update course materials, including presentations, handouts, and online resources, to reflect the latest cybersecurity trends and practices. Conduct hands-on labs and exercises to help students gain practical experience with cybersecurity tools and techniques. Assess students' understanding and progress through evaluations, assignments, and feedback sessions. Stay updated with the latest cybersecurity developments and incorporate new knowledge into training programs. Support and mentor students as they navigate their learning journey, answering questions, and providing guidance on cybersecurity career paths. Qualifications: Bachelors degree in Technology (BTech) or a Master’s in Computer Applications (MCA), or a Master's degree in Technology (MTech) 2-3 years of experience in cybersecurity or a related field, with proven knowledge of current cybersecurity threats, tools, and practices. Previous experience in teaching, training, or mentoring is highly desirable. Excellent communication skills, with the ability to simplify complex topics and engage a diverse audience. Strong knowledge of cybersecurity tools and technologies, such as firewalls, intrusion detection systems, SIEM, and vulnerability assessment tools. Preferred Skills: Relevant certifications in cybersecurity, such as CompTIA Security+, CISSP, CEH, or similar. Familiarity with e-learning platforms and digital training tools. Strong problem-solving skills and adaptability to different learning styles. Why Join Us: Opportunity to make a meaningful impact on the next generation of cybersecurity professionals. Collaborative and supportive work environment. Access to continuous learning and professional development opportunities.

Here's an updated version of the job description, incorporating your specified details: Staff Product Security Engineer (Embedded & IoT) Work Flexibility: Hybrid Work Mode: Hybrid Location: Bengaluru Work Flexibility Definitions: Remote Role allows you to work the majority to 100% of time from an alternate workplace. These roles could have travel expectations, and you must work within the country of the job requisition location. Field-based – You can expect to regularly work a majority to 100% of time at customer facilities and has a set territory or expectation to travel within a set boundary. Almost all sales roles would likely be qualified as field-based. Onsite – Role is 100% located at a company facility. Some ad hoc flexibility may be available depending on role, level, and job requirements. Manufacturing roles and any role that requires physical presence at the office would qualify under this category. Hybrid – You can expect to regularly work in both an alternate workplace and a company facility. Roles that are partially remote or co-located would qualify as hybrid, and the expectation to be on site would be defined and agreed upon by your manager/supervisor. What you will do: Provide technical leadership and guidance to a team of Web, Embedded, and IoT Security engineers. Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices. Leverage DevSecOps to embed security testing ( SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation ) into all phases of the Software Development Life Cycle (SDLC). Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services. Develop and maintain comprehensive test plans, methodologies, and tools for security testing. Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies. Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions. Lead the Software Bill of Materials (SBOM) Management program , ensuring accurate identification and documentation of software components and dependencies. Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management. What you need: Required Qualifications: Bachelor's or Master’s in Computer Science Engineering or a related field. 4 to 10 years of experience in product security, with a strong focus on embedded systems and IoT . Experience with threat modeling, risk assessment , and security architecture reviews for Embedded Systems and IoT solutions. Proficiency in C, C++, and Python programming languages. Familiarity with relevant security standards and frameworks such as OWASP, NIST Cybersecurity Framework , and ISO 27001 . Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context. Preferred Qualifications: Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit , and experience applying DevSecOps principles. Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python. Understanding of Cloud-based environments like Azure and AWS . At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams. Additional Details: Travel Percentage: 10% Mode of Interview: Face-to-Face

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers

Your day at NTT DATA The Security Consultant is a seasoned level role, responsible for translating clients cybersecurity requirements and customizing and implementing security solutions into specific systems, applications and product designs. This role identifies and develops the security solutions for clients using company products, outsourced technology solutions and technical tools. This role consults with clients regarding secure product configuration, deployment, and security patches to minimize security vulnerabilities and provides comprehensive scanning, penetration testing, vulnerability assessments, monitoring services and source code analysis and delivers detailed results to clients. This role guides and supports clients in the development and implementation of product security controls. What you'll be doing Key Responsibilities: Works on strategic projects that ensure the efficient and effective reaction to security breaches to mitigate immediate and potential threats. Uses mitigation, preparedness, response and recovery approaches to minimize business disruptions and commercial consequences. Offers detailed technical support investigation and analysis response activities and evaluate the effectiveness of and improvements to existing practices. Conducts regular threat and vulnerability assessments and determine deviations from acceptable configurations or policies. Participates in the assessment of the level of risk and support the development of appropriate mitigation countermeasures in operational and non-operational situations. Analyzes evidence to support network vulnerability mitigation. Supports peers in the management and implementation of the information security management system. Participates in the implementation of policies, processes and guidelines to ensure the standardization of security management throughout the organization. Applies tactics, techniques, and procedures to a full range of tools and processes related to administrative, criminal, and counterintelligence gathering (e.g., in-depth case analyses, continuous monitoring, malware analysis, clear documentation). Proactively searches through our critical infrastructure, systems and networks to detect and isolate advanced threats that may cause harm to our organization. Use both manual approaches and automated tools to identify, analyze, and report events and support the development of countermeasures to proactively protect against these threats in the future. Knowledge and Attributes: Strong understanding of information technology and information security Solid understanding of security risks and preventative controls Excellent understanding of security operational processes and controls Service consulting aptitude, focusing on the business, service and sales aspects Excellent verbal and written communication skills Demonstrate impeccable attention to detail are able to translate internal customer requirements into solutions Maintain up-to-date knowledge of security threats, countermeasures, security tools, and network technologies High level of drive and ability to work under pressure Ability to build and maintain cross-functional relationships with a variety of stakeholders Understanding of relevant laws, regulations, and compliance frameworks affecting the technology sector. Good ability to assess and manage cybersecurity risks at both organizational and project levels. Good knowledge of security frameworks and standards like NIST, ISO/IEC 27001, CIS, etc. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field. Industry relevant certifications such as CISSP, CISM, CEH, GSEC or CompTIA Security+ essential. Required Experience: Seasoned demonstrable experience in the Information Technology Security Industry or relevant experience in similar role within a related environment. Seasoned experience with security architecture design principles. Seasoned experience with industry compliance and standards such as ISO 27000, PCI DSS, NIST, HIPAA or others. Seasoned experience with security tools and techniques to cover SANS Top 25, OWASP or others. Seasoned experience working in a multi-team environment across multiple geographies. Workplace type : Hybrid Working

Your day at NTT DATA The Senior Associate Security Consultant is responsible for developing expertise in their area of specialization. This role is responsible for translating clients cybersecurity requirements and customizing and implementing security solutions into specific systems, applications and product designs. This role identifies and develops the security solutions for clients using company products, outsourced technology solutions and technical tools. This role consults with clients regarding secure product configuration, deployment, and security patches to minimize security vulnerabilities. In addition, this role provides comprehensive scanning, penetration testing, vulnerability assessments, monitoring services and source code analysis and delivers detailed results to clients, as well as guides and supports clients in the development and implementation of product security controls. What you'll be doing Key Responsibilities: Assists in conducting security assessments, vulnerability scans, and penetration tests to identify weaknesses in client systems. Analyzes security data, logs, and reports to detect and investigate security incidents or anomalies. Prepares and maintains documentation, including security assessment reports, findings, and recommendations. Collaborates with senior consultants to provide advice and support to clients on security best practices and risk mitigation strategies. Learns and uses various security tools and technologies for assessments and monitoring. Stays updated on the latest cybersecurity threats, vulnerabilities, and industry best practices. Assists in evaluating client systems for compliance with industry standards (e.g., ISO 27001, NIST) and regulatory requirements. Communicates effectively with clients to understand their security needs and concerns. Participates in training programs and certifications to develop expertise in cybersecurity. Knowledge and Attributes: Strong interest in cybersecurity and a desire to learn and grow in the field. Knowledge of basic cybersecurity concepts, principles, and best practices. Familiarity with common security tools and technologies is a plus. Excellent analytical and problem-solving skills. Effective communication skills, both written and verbal. Ability to work collaboratively in a team environment. Eagerness to stay up to date with the evolving cybersecurity landscape. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field. Industry relevant certifications such as CISSP, CISM, CEH, GSEC or CompTIA Security+ essential. Required Experience: Moderate level of demonstrable experience in the Information Technology Security Industry or relevant experience in similar role within a related environment. Moderate level of experience with security architecture design principles. Moderate level of experience with industry compliance and standards such as ISO 27000, PCI:DSS, NIST, HIPAA or others. Moderate level of experience with security tools and techniques to cover SANS Top 25, OWASP or others.

Your day at NTT DATA The Vulnerability Assessment Specialist is a seasoned subject matter expert, responsible for conducting advanced vulnerability assessments, identifying vulnerabilities, and provides expert recommendations to mitigate security risks to ensure the security and integrity of the organization's systems and infrastructure. This role requires collaboration with cross-functional teams, and they lead/perform vulnerability assessments, analyze findings, and provide recommendations to mitigate security risks and contributes to the improvement of vulnerability management practices. What you'll be doing Key Responsibilities: Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Conducts penetration tests using automated tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and prioritizes vulnerabilities based on severity, impact, and exploitability. Assesses the potential risks associated with identified vulnerabilities. Analyzes the business impact, likelihood of exploitation, and potential attack vectors to prioritize remediation efforts based on risk severity. Provides detailed remediation recommendations to system owners, administrators, and IT teams. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Utilizes vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools to conduct scans, configure scan policies, and fine-tune scan parameters for accurate and comprehensive assessments. Utilizes penetration testing tools such as Metasploit, Burp Suite, and similar tools to conduct tests, configure test policies, and fine-tune test parameters for accurate and comprehensive assessments. Prepares vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, coordination, and alignment on vulnerability management efforts. Communicates technical concepts and recommendations to non-technical stakeholders. Participates in security awareness programs and provides training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Promotes a culture of security awareness within the organization. Collaborates with incident response teams to identify and address vulnerabilities associated with security incidents. Provides support during incident response efforts and contribute to post-incident analysis and remediation. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Shares knowledge and provides guidance to improve vulnerability management practices. Shares knowledge and provides guidance to improve penetration testing practices. Contributes to open source security projects and the security community. Performs any other related task as required. Knowledge and Attributes: Seasoned understanding of vulnerability assessment methodologies, tools, and industry best practices. Seasoned understanding of penetration testing methodologies, tools, and industry best practices. Seasoned understanding of networking concepts, operating systems, and common software vulnerabilities. Solid proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Solid proficiency in using penetration testing tools such as Metasploit, Burp Suite, and similar tools. Seasoned knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Solid knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Excellent written and verbal communication skills to prepare vulnerability assessment reports and effectively communicate technical information to diverse stakeholders. Excellent collaboration and teamwork skills to work effectively with cross-functional teams and stakeholders. Seasoned familiarity with security frameworks, standards, and regulatory compliance requirements. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP)GIAC Penetration Tester (GPEN) or GIAC Certified Vulnerability Assessor (GCVA) are beneficial. Required Experience: Seasoned demonstrated experience in information security or related roles, with a focus on conducting vulnerability assessments and providing remediation recommendations. Seasoned demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, network security assessments, penetration testing, or code review. Experience in bug bounty programs and identifying zero-day vulnerabilities is a plus.