1193 Penetration Testing Jobs - Page 39

Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a clients needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a proven, high energy, results oriented GRC professional, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established GRC Professional, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security and compliance posture For attending the walk-in, please fill the form https://forms.gle/wLS8HtPyFZQKA4jf8 (Copy and paste in a browser) 1. SOC L3 Experience: 6+ years Skills: SIEM, IDS/IPS, EDR tools, log/packet analysis, TCP/IP, Linux/Windows, threat intelligence Tools: Splunk, QRadar, Crowdstrike, NetWitness Certifications (preferred): CISSP, CEH, CISM, GCIH 2. Offensive Security Specialist / Penetration Tester-L3 Experience: 6+ Skills: Web/API/Mobile Pentesting, Threat Modeling, Code Review, DAST, Cloud & Microservices security Tools: Burp Suite, Metasploit, Cobalt Strike, Nmap Languages: Python, Go, Java, JavaScript, C++ Certifications (preferred): OSCP, OSCE, OSWE, GPEN, CEH 3. GRC Security Consultant-L3 Experience: 8+ years Skills: Risk assessments, audits, ISO/NIST/PCI/GDPR frameworks, GRC tools, TPRM, vendor/client management Certifications: ISO 27001 LA/LI, CISSP, CISA, CIPP, CCSP, CCSK Note: Immediate to 30 days' notice preferred.

Position Overview: We are seeking a proactive IT GRC professional to strengthen our governance, risk, and compliance framework. This role involves ensuring regulatory compliance, conducting IT risk assessments, managing audits, and driving policy implementation across technology functions. Ideal candidates will have a strong understanding of SEBI, RBI, and other regulatory guidelines relevant to the broking industry, along with hands-on experience in IT controls, cyber risk, and compliance reporting. Role & responsibilities: Implement, and maintain IT GRC frameworks, policies, procedures, and controls. Tracking compliance / regulatory requirements and ensure on timely reporting and closure. Maintain and Update Technology activity tracker. Drafting of documentations likes policy, procedure and SOPs, reports. Co-ordinating with various teams for receipt of timely data/ information to various regulatory authorities. Managing IT/ Technology audit like System Audit, IT General Controls audit, and other technology compliances etc. Facilitates audits, coordinate with various internal and external stakeholders for audit related data. Liaising with auditors for any follow-up actions etc. Managing ISO 27001:2022, ISO 22301: 2019 internal and external audits, along with preparedness and review of relevant documentation. Knowledge of Application Security, Vulnerability Assessment and Penetration Testing. Co-ordinate with various technology teams for closure of observations. Evaluating the best industry practice followed and identify the various process improvements and implementations. Preferred candidate profile: 1) 6 to 10 years of experiences in Information Technology infrastructure, IT audits. 2) Experience in managing information technology management, GRC, System, ISO 27001:2022, ISO 22301: 2019, ITGC audit. 3) Candidate should have Good knowledge of SEBI, RBI, CERT- IN, and other regulatory guidelines and framework. 4) Good interpersonal, communication, documentation, presentation skills and problem solving skills.

Design and implementing, managing, and monitoring security measures to protect our SaaS applications and the data of our customers. You will work closely with cross-functional teams to ensure our cloud security practices meet industry standards and comply with relevant regulations. As a SAAS Security Specialist, the individual will be a member of the Global Information Security team ensuring that Invesco s landscape is secure. You Will Be Responsible For: Develop and implement security strategies, policies, and procedures for SaaS applications. Security Posture Management: Implement and manage security posture management solutions using Adaptive Shield to continuously assess and improve the security of our SaaS applications. SaaS Application Onboarding: Lead the onboarding process for new SaaS applications, ensuring they meet security standards using MDCA and CrowdStrike Adaptive Shield. User Access Management: Implement and manage user access controls within SaaS applications using MDCA and Adaptive Shield. Data Encryption: Ensure data encryption standards are met across all SaaS applications. Vulnerability Management: Conduct regular vulnerability assessments and penetration testing using MDCA and Adaptive Shield to identify and mitigate security risks. Secure Development Practices: Collaborate with development teams to integrate security best practices into the software development lifecycle, ensuring secure-by-default solutions. Risk Assessment: Conduct regular security assessments and threat modeling to identify and mitigate potential risks in SaaS applications Monitor and respond to security incidents, vulnerabilities, and threats in the cloud environment. Defining technical security requirements related to cloud workloads that require integration with IAM, Security Groups, Data and Information Protection, CI/CD pipelines, Kubernetes, Security Information Event Monitoring (SIEM) systems integration, and others Researching and designing current and future cloud security solutions to improve compliance with NIST Framework and Cloud Security Alliance guidance by working to identify common patterns for template provisioning Developing and deploying infrastructure as a code scripts to implement and optimize security controls and mechanisms of a cloud infrastructure Supporting cloud projects, tactical initiatives and provide hands on implementation of various security technologies & processes with focus on cloud security. Support key business and tech projects related to Cloud Transformation. Providing appropriate support activities such as patches, upgrades, break fix and improvements Providing appropriate cloud security engineering and support activities such as patches, upgrades, enhancements Providing metrics and periodic updates on various projects assigned Investigating, documenting, and reporting on information security issues and emerging trends related to cloud environments globally Optimize existing automation solutions for performance and reliability. Staying updated with the latest technologies and tools in automation and continuously improving skills. Other Attend scheduled meetings with Team Lead/Department/Town Hall representation Become familiar with company methodologies Actively participate with Team Lead in creating personal development plan Provide the Team Lead with ideas to enhance or improve team processes and procedures and ensure agreed procedures are followed Attend scheduled training sessions Administrative activities - time sheets/compliance requests Work Experience / Knowledge: 5 - 8 years experience in an information security role, supporting SAAS Applications security programs and security engineering/architecture in complex enterprise environments Minimum of 7 years of experience in SaaS security, with hands-on experience using MDCA and Adaptive Shield. hands-on experience designing, configuring, and implementing enterprise-wide Cloud security solutions across AWS, Azure, Oracle and other major cloud providers, including microservices security Experience with cloud deployment orchestration, automation, and security configuration management Proficiency in one or more scripting languages such as Python and Powershell, including JSON Experience with blueprints, patterns, and guidelines that standardize and accelerate organizational cloud adoption and align to industry compliance frameworks such as SOX, PCI-DSS, HIPPA, NIST, ISO, GDPR, SOC1/2, etc. Knowledge of various security methodologies and processes, and technical security solutions, such as Prisma Cloud, Wiz, Container security, McAfee CASB, SIEM (Qradar/Splunk), IAM, Virtual Palo Alto, and other workload protection and security solutions Inter-personal skills / Other attributes required: Strong problem-solving capabilities with an analytical, methodical approach Excellent verbal and written communication skills, including impressive email communication abilities. Can articulate complex technical issues in a manner understandable to non-technical individuals. Adaptable to working in a global, multicultural environment. Exhibits a structured, disciplined approach to work with keen attention to detail. Displays disciplined time management skills. Capable of multitasking and handling multiple initiatives concurrently. Self-motivated and proficient in working with minimal supervision. Responds positively under pressure to meet tight deadlines. Can work effectively both independently and as a collaborative team player. Thrives on challenging work and exhibits a strong desire to learn and advance. Formal Education: BTech in Computer Science or Bachelors degree in Computer Science Our benefit policy includes but not limited to: Competitive Compensation Flexible, Hybrid Work 30 days Annual Leave + Public Holidays Life Insurance Retirement Planning Group Personal Accident Insurance Medical Insurance for Employee and Family Annual Health Check-up 26 weeks Maternity Leave Paternal Leave Adoption Leave Near site Childcare Facility Employee Assistance Program Study Support Employee Stock Purchase Plan ESG Commitments and Goals Business Resource Groups Career Development Programs Mentoring Programs Invesco Cares Dress for your Day

Job Description: Prudent Technologies and Consulting is hiring for a fast-growing Cybersecurity team that supports a customer base including the world s largest organizations. We have an immediate opening for a Senior Application Security Consultant. The role requires an experienced offensive consultant who understands application security testing methodologies, frameworks, tools and reporting. As a Senior Consultant you will perform and lead technical teams to conduct thorough security assessments as well as perform field related research. Candidates should be familiar with a variety of technologies including web, mobile, API, AI/LM, cloud, desktop, single sign-on and OAuth. Responsibilities: Consult with technical and non-technical client stakeholders Collaborate with Sales teams to assist in scoping efforts Lead projects and mentor less experienced consultants Perform advanced comprehensive penetration tests, adhering to industry-standard best practices Conduct penetration testing across diverse environments, including desktop applications, mobile applications, web applications, cloud environments, on-prem environments, APIs and AI/LM Document and report vulnerabilities, show proof-of-concepts where applicable, and provide detailed explanations to highlight severity, business impact, and tailored remediation steps Manages priorities and tasks to achieve utilization targets Participate in research and development efforts to improve the Cybersecurity practice Qualifications: Required Qualifications: 5+ years of direct experience performing manual penetration testing assessments on desktop applications, mobile applications, web applications, cloud environments, API and AI/LM Proficient at using penetration testing tools such as Burp Suite, DAST scanners, Metasploit and Nessus to identify and exploit vulnerabilities Able to write deliverable reports, including executive summaries and presentations, and status reports for clients Understanding of industry-standard security frameworks (e.g., OWASP and MITRE ATT&CK) Excellent project management, leadership, time management, and client consulting skills Preferred Qualifications: Bachelor s degree in computer science, information security, or related field Relevant certifications (e.g., OSCP and/or OSWE) Experience with scripting languages such as Python and Bash Experience with application development, systems engineering, or similar Published CVE/CWE contributions, participation in CTF events and independent research projects Education: Direct work experience performing application penetration testing assessments; ability to begin testing immediately with guidance on Prudent s specific approach and methodology

Responsibility: Oversee product cyber security in high-complexity development projects from acquisition to start of production (SOP) according to ISO/SAE 21434 or UNECE R-155. Planning & Development: Develop security activities and evaluate development efforts. Evaluation & Approval: Approve security concepts and strategies throughout development phases. QCT Targets: Achieve Quality, Cost, and Time targets related to cyber security work products. Tasks / Areas of Responsibility Planning & Guidance: Independently plan necessary cyber security activities and provide guidance to colleagues. Risk Analysis: Analyze product scope for cyber security risks, considering known weaknesses and vulnerabilities. Coordination: Define a holistic product cyber security concept. Coordinate with customers, suppliers, and subcontractors. Report to customers and obtain information from subcontractors. Support: Assist the development team in selecting security-compliant technologies and cryptographic procedures. Verification Methods: Define verification methods like fuzzing, vulnerability scanning, and penetration testing. Assessments & Training: Prepare cyber security assessments and implement training measures. Communication: Facilitate communication within the global HELLA cyber security network to improve processes. YOUR QUALIFICATIONS Bachelors OR masters degree in engineering ISO-21434 certification OR working experience CISSP certification is preferred Location - Hinjewadi Phase - 1.

As one of the world s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world. If youre looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day! Job Description Your Team Our Information Security department is to protect Invesco s information and Information assets from all internal and external, deliberate, or accidental threats. The information security team will protect data from unauthorized access while maintaining the confidentiality, integrity, and availability of information. In addition, designing and maintaining the Security Policies and Standards while adhering to legislative and regulatory requirements, providing information security training for all employees, and ensuring the business continuity of Invesco. Your Role: Design and implementing, managing, and monitoring security measures to protect our SaaS applications and the data of our customers. You will work closely with cross-functional teams to ensure our cloud security practices meet industry standards and comply with relevant regulations. As a SAAS Security Specialist, the individual will be a member of the Global Information Security team ensuring that Invesco s landscape is secure. You Will Be Responsible For: Develop and implement security strategies, policies, and procedures for SaaS applications. Security Posture Management: Implement and manage security posture management solutions using Adaptive Shield to continuously assess and improve the security of our SaaS applications. SaaS Application Onboarding: Lead the onboarding process for new SaaS applications, ensuring they meet security standards using MDCA and CrowdStrike Adaptive Shield. User Access Management: Implement and manage user access controls within SaaS applications using MDCA and Adaptive Shield. Data Encryption: Ensure data encryption standards are met across all SaaS applications. Vulnerability Management: Conduct regular vulnerability assessments and penetration testing using MDCA and Adaptive Shield to identify and mitigate security risks. Secure Development Practices: Collaborate with development teams to integrate security best practices into the software development lifecycle, ensuring secure-by-default solutions. Risk Assessment: Conduct regular security assessments and threat modeling to identify and mitigate potential risks in SaaS applications Monitor and respond to security incidents, vulnerabilities, and threats in the cloud environment. Defining technical security requirements related to cloud workloads that require integration with IAM, Security Groups, Data and Information Protection, CI/CD pipelines, Kubernetes, Security Information Event Monitoring (SIEM) systems integration, and others Researching and designing current and future cloud security solutions to improve compliance with NIST Framework and Cloud Security Alliance guidance by working to identify common patterns for template provisioning Developing and deploying infrastructure as a code scripts to implement and optimize security controls and mechanisms of a cloud infrastructure Supporting cloud projects, tactical initiatives and provide hands on implementation of various security technologies & processes with focus on cloud security. Support key business and tech projects related to Cloud Transformation. Providing appropriate support activities such as patches, upgrades, break fix and improvements Providing appropriate cloud security engineering and support activities such as patches, upgrades, enhancements Providing metrics and periodic updates on various projects assigned Investigating, documenting, and reporting on information security issues and emerging trends related to cloud environments globally Optimize existing automation solutions for performance and reliability. Staying updated with the latest technologies and tools in automation and continuously improving skills. Other Attend scheduled meetings with Team Lead/Department/Town Hall representation Become familiar with company methodologies Actively participate with Team Lead in creating personal development plan Provide the Team Lead with ideas to enhance or improve team processes and procedures and ensure agreed procedures are followed Attend scheduled training sessions Administrative activities - time sheets/compliance requests The Experience You Bring: Work Experience / Knowledge: 5 - 8 years experience in an information security role, supporting SAAS Applications security programs and security engineering/architecture in complex enterprise environments Minimum of 7 years of experience in SaaS security, with hands-on experience using MDCA and Adaptive Shield. hands-on experience designing, configuring, and implementing enterprise-wide Cloud security solutions across AWS, Azure, Oracle and other major cloud providers, including microservices security Experience with cloud deployment orchestration, automation, and security configuration management Proficiency in one or more scripting languages such as Python and Powershell, including JSON Experience with blueprints, patterns, and guidelines that standardize and accelerate organizational cloud adoption and align to industry compliance frameworks such as SOX, PCI-DSS, HIPPA, NIST, ISO, GDPR, SOC1/2, etc. Knowledge of various security methodologies and processes, and technical security solutions, such as Prisma Cloud, Wiz, Container security, McAfee CASB, SIEM (Qradar/Splunk), IAM, Virtual Palo Alto, and other workload protection and security solutions Inter-personal skills / Other attributes required: Strong problem-solving capabilities with an analytical, methodical approach Excellent verbal and written communication skills, including impressive email communication abilities. Can articulate complex technical issues in a manner understandable to non-technical individuals. Adaptable to working in a global, multicultural environment. Exhibits a structured, disciplined approach to work with keen attention to detail. Displays disciplined time management skills. Capable of multitasking and handling multiple initiatives concurrently. Self-motivated and proficient in working with minimal supervision. Responds positively under pressure to meet tight deadlines. Can work effectively both independently and as a collaborative team player. Thrives on challenging work and exhibits a strong desire to learn and advance. Formal Education: BTech in Computer Science or Bachelors degree in Computer Science Full Time / Part Time Full time Worker Type Employee Job Exempt (Yes / No) Yes Workplace Model At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office. Why Invesco In Invesco, we act with integrity and do meaningful work to create impact for our stakeholders. We believe our culture is stronger when we all feel we belong, and we respect each other s identities, lives, health, and well-being. We come together to create better solutions for our clients, our business and each other by building on different voices and perspectives. We nurture and encourage each other to ensure our meaningful growth, both personally and professionally. We believe in diverse, inclusive, and supportive workplace where everyone feels equally valued, and this starts at the top with our senior leaders having diversity and inclusion goals. Our global focus on diversity and inclusion has grown exponentially and we encourage connection and community through our many employee-led Business Resource Groups (BRGs). What s in it for you? As an organization we support personal needs, diverse backgrounds and provide internal networks, as well as opportunities to get involved in the community and in the world. Our benefit policy includes but not limited to: Competitive Compensation Flexible, Hybrid Work 30 days Annual Leave + Public Holidays Life Insurance Retirement Planning Group Personal Accident Insurance Medical Insurance for Employee and Family Annual Health Check-up 26 weeks Maternity Leave Paternal Leave Adoption Leave Near site Childcare Facility Employee Assistance Program Study Support Employee Stock Purchase Plan ESG Commitments and Goals Business Resource Groups Career Development Programs Mentoring Programs Invesco Cares Dress for your Day In Invesco, we offer development opportunities that help you thrive as a lifelong learner in a constantly evolving business environment and ensure your constant growth. Our AI enabled learning platform delivers curated content based on your role and interest. We ensure our manager and leaders also have many opportunities to advance their skills and competencies that becomes pivotal in their continuous pursuit of performance excellence. To know more about us About Invesco: https: / / www.invesco.com / corporate / en / home.html About our Culture: https: / / www.invesco.com / corporate / en / about-us / our-culture.html About our D&I policy: https: / / www.invesco.com / corporate / en / our-commitments / diversity-and-inclusion.html About our CR program: https: / / www.invesco.com / corporate / en / our-commitments / corporate-responsibility.html Apply for the role @ Invesco Careers : https: / / careers.invesco.com / india /

Job Description Work with External Auditors as required, including facilitating interactions and documentation requests. Assist with compliance framework assessments including, but not limited to NYDFS, PCI DSS, SOC, SOX, GLBA, CIS, MTL and HIPAA. Coordinate external penetration test(s). Coordinate remediation of observations noted from Audit(s) or Gap Analyses. Conduct Internal Audits each quarter. Conduct New Product Audits. Review and edit policies as necessary, but no less than annually. Develop technical security training programs for application users, site security personnel, IT and HR staff globally. Coordinates audit activities with customers workload and schedule. Maintains the Internal Audit manual and leads updates to audit templates. Conducting investigations on irregularities and errors seen during the Audit. Conduct Table Top exercises including, but not limited to Business Continuity/Disaster Recovery and Incident Response. Update Risk Assessment(s) no less than annually. Complete internal vulnerability scans. Complete new hire training, including but not limited to KnowBe4 and BAI. Work with vendors, banks, partners as required to meet their compliance needs, including but not limited to, Questionnaires, RFPs, and Report Requests. Provide consultation and advisement to the business and project leads around compliance initiatives. Performance of other duties and responsibilities as assigned Comply with and enforce company policies and procedures Provide regular and predictable attendance considering any rights to leaves provided by law or company policy Perform all essential job functions without posing a direct threat of harm to yourself or others Effective written and verbal communication with subordinates, peers and supervisor Preferred candidate profile Demonstrate an ability to work under pressure to meet deliverables accurately and on time Excellent communication, interpersonal, organizational, time management and leadership skills Collaborate effectively with other teams within the Security and Compliance department, IT and the Organization Must be able to resolve problems on a daily basis, handle conflict and make effective decisions under pressure. Determination, Dependability, Integrity, Professionalism

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. As a Senior Information Security Engineering Consultant, your responsibilities include administration, maintenance, architecture, and engineering related to on-premise and cloud security solutions. This includes, direct support, technical ownership, and leading others with regards to the platforms. Additional responsibilities as needed, but may include security posture review and analysis, security vulnerability scanning, monitoring and alerting development and tooling, and security incident response. Primary Responsibilities Work on-call and non-standard hours when necessary Support team leads and Subject Matter Expert (SME) for approaches, procedures, and implementation of Cybersecurity systems, specifically perimeter firewalls Be able to troubleshoot in highly complex, technical situations within an enterprise organization Be able to identify and mitigate risks Capable of formulating and implementing procedures and systems Be able to document and communicate on an expert level Have or be in process of obtaining advanced certifications pertinent to area of expertise Collaborate in the development of training content for issues related to IT Cybersecurity Develops and oversees the development of innovative approaches and solutions to complex problems and issues Supports the monitoring and responses to security incidents, offering expertise to ensure prompt and effective resolution Collaborates with director, managers, project managers, architects and other technical personnel to ensure mitigation of risks to the company Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Graduate degree or equivalent experience 6+ years of experience in IT Security for large enterprise environments 5+ years of experience with next gen/firewall (ex. Palo Alto) 5+ years of experience with WAN/LAN routing, switching, proxy and firewall environments Work experience as a system security engineer or information security engineer Proven solid planning and problem-solving skills Proven ability to troubleshoot in highly complex, technical situations within a matrixed organization Preferred Qualification CompTIA Security +, or related certification, PCNSE, CCNA, Network +

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. This Senior Information Security Engineer is a member of the UHC A&I Tech Infra, Cloud and Data Services team that supports US Health Group and Student Resources,. This engineer will work with 4000+ agents as level 2 support for security incidents and investigation. Their primary function will be to monitor and respond to all vulnerabilities in Tanium, Tenable, and Security Platform. In addition the engineer will have primary responsibility of all updates throughout the infrastructure for the UHC lines of business that ingests over 200,000 MB of logs for Windows and RHEL Servers. This engineer will also work in Service Now to monitor queues and work incidents to resolution. This engineer will be working in both on-premise and azure cloud monitoring security and compliance. This engineer will work throughout the organization to quickly remediate any daily findings of new vulnerabilities that arise and create daily reports to show updated findings and tasks for remediation. Primary Responsibilities Core Tasks: Tanium, Security Platform, TVM remediate all vulnerabilities, patching Maintain cadence of monthly patching schedule for updates to all environments Operate and maintain security systems to protect data and systems and ensure auditability and compliance Respond, analyze, and resolve outages, incidents and/or threats Fulfill service requests Deploy new, update existing, replace or decommission solutions Work in Microsoft Endpoint Configuration Manager (MECM) for patching and Vulnerability remediation Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualification Full time graduate Core Tasks: Tanium, Security Platform, TVM remediate all vulnerabilities, patching Maintain cadence of monthly patching schedule for updates to all environments Operate and maintain security systems to protect data and systems and ensure auditability and compliance Respond, analyze, and resolve outages, incidents and/or threats Fulfill service requests Deploy new, update existing, replace or decommission solutions Work in Microsoft Endpoint Configuration Manager (MECM) for patching and Vulnerability remediation Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission. #Nic #Nic

Performing critical operations on our Development and Production environments to meet Security and Compliance requirements. Maintaining Security and Compliance by monitoring, scanning, configuring, and patching a vast variety of cloud devices including various Windows and Linux OS systems, VMs, VMware ESXi, K8s nodes/clusters, cloud storage, and networking devices. Maintaining tooling and automation for managing security and compliance process for our internal and client environments. Deploying new architecture, devices, and automation for Security needs. Managing access and change controls for our development and production environments. Maintaining logging, performing analysis, and compiling evidence for Securityand Compliance reviews of our environments. The role is very important in our ability to deliver valuable automated and integrated solutions as a premier offering in IBM Cloud. With this, we have an extremely high demand for meeting the most stringent Security and Compliance standards. In our fast-paced and expanding organization, we foster an environment of continuous innovation and working in agile teams, to deliver the latest technology and provide excellent support to our clients. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise 8+ years of Overall experience as Security/Compliance Engineer. 3+ years of experience with system automation, scripting, and development 1+ years of experience with Linux system administration or development 1+ years of experience with Windows system administration or development 1+ years of experience with secure engineering practices and standards 1+ years of experience with software engineering and testing 1+ years of experience with Python Strong communication skills in English Preferred technical and professional experience 1+ years of experience with IBM SOS process and tooling, e.g. Nessus, QRadar, Uptycs, CrowdStrike, etc. 1+ years of experience with Windows Active Directory administration or development 1+ years of experience with Microsoft Windows Update or Group Policy Objects (GPO) 1+ years of experience with Access Control with IBM AccessHub 1+ years of experience with ServiceNow, e.g. for Change Management 1+ years of experience with GitHub issue and code management 1+ years of experience with IBM Cloud Risk Management process 1+ years of experience with IBM PSIRT process 1+ years of experience with data privacy and handling 1+ years of experience with ethical hacking and Pentesting 1+ years of experience with Jenkins build and platforms 1+ years of experience with networking, and network security components, firewalls, gateways 1+ years of experience with security standards, authentication, authorization, and encryption protocols 1+ years of experience with VMware administration 1+ years of experience with VMware API integration development 1+ years of experience with IBM Cloud API integration development Experience with Compliance needs across Industry verticals - ISO 27001, SOC2, PCI, HIPAA, etc.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience. Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

About the Role: Grade Level (for internal use): 10 Key Responsibilities: Participate in planning, execution, and reporting phases of technical cyber based audits in line with industry standards and best practices. Ensure the timely and effective execution of all planned cyber and tech risk audits. Majorly drive the execution of audits fieldwork to ensure thorough and effective assessments of IT and cybersecurity controls by utilizing appropriate audit methodologies and tools (e.g., risk-based auditing, data analytics). Follow up on Management Action Plans (MAPs) / audit findings to ensure timely and effective remediation of identified issues. Assist the leadership in Risk Assessment activities and collaborate with stakeholders to help identify and prioritize key IT and cyber risks. Use of Data Analytics to analyse artifacts and derive the audit findings. Stay updated on emerging IT risks and controls, including cloud computing, cybersecurity threats, and data privacy regulations. Help document audit findings, audit reports, and participate in stakeholder meetings. Required Technical Skills: Proficiency in Networking, DLP, Endpoint and Cloud technologies (AWS, Azure, Google Cloud). Knowledge of cybersecurity principles and practices as well as sound understanding of Artificial Intelligence and its applications. Proficiency in Vulnerability Assessment and Penetration Testing (VAPT) and Red-teaming exercises. Extensive experience with IT Infrastructure technologies as well as sound understanding of Disaster Recovery and Resiliency. Proficiency in using audit tools and techniques (e.g., data analytics, risk assessment software). Soft Skills: Excellent interpersonal and communication skills. Strong report writing and documentation abilities. Ability to multi-task and work collaboratively with cross-functional teams. Strong project management and organizational skills. Qualifications: Bachelor's or Master's degree in Computer Science, Engineering, Information Technology, or a related field. Relevant certifications such as CISA, CISSP, or equivalent are preferred. Minimum of 6 years of experience in a similar role. Experience in technology audits, added advantage with a background in Big4 audit firms. Proven track record of leading technology audit projects and teams. What we offer: High visibility to leadership and the opportunity to make a significant impact. A collaborative and innovative environment. The chance to work on state-of-the-art technologies and solutions. A role that combines strategic thinking with hands-on execution. Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwideso we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Our benefits include: Health & WellnessHealth care coverage designed for the mind and body. Flexible DowntimeGenerous time off helps keep you energized for your time on. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group)

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles and Responsibilities: Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills: 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Preferred Skills: Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.

Job Title: Lead Application Security/ Sr. Lead Application Security Experience Required: 4-8 years. Job Summary: Seeking for a highly skilled and experienced Application Security Specialist who will play a crucial role in ensuring the security and resilience of our organisations systems, networks, and infrastructure. He will be collaborating closely with development and operations teams to integrate security practices throughout the software development lifecycle. The role will involve identifying vulnerabilities, defining and implementing secure coding practices, conducting security assessments, performing day to day WAF & BOT operations and ensuring compliance with industry standards and regulations. Required Skills: The candidate should have minimum experience of 5 years in vulnerability assessment & penetration testing (VAPT) and WAF solutions. Mandatory: Proven experience in application security, with a focus on web and mobile applications. Proficiency in wide range of security tools and frameworks, such as Metasploit, Burp Suite, Nmap, Wireshark, Kali Linux, PowerShell Empire, Cobalt Strike, and others. Awareness of current cyber threats, attack trends, and threat actor tactics, techniques, and procedures. Familiarity with industry standards (e.g., OWASP Top 10, CWE) and regulatory requirements (e.g., GDPR, PCI-DSS). Experience in managing and optimizing WAF and BOT management systems. (e.g. Akamai, Cloudflare, Imperva etc.) Excellent communication and collaboration skills. Good to have: Experience with cloud security, container security and DevSecOps practices is desirable. Evaluate and implement WAF & BOT management solutions to detect, mitigate, and respond to bot activities. Experience in scripting and automation for WAF & BOT rule deployment and management (e.g., Python, PowerShell). Certification: Mandatory: Certifications such as Certified Red Team Operator (CRT), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or GIAC Penetration Tester (GPEN) are highly desirable. Good to have: Certifications such as CREST Practitioner Security Analyst (CPSA), Certified Expert Penetration Tester (CEPT) etc. Qualifications: 1. Bachelors degree in Computer Science, Information Security, or related field (or equivalent experience). 2. Strong understanding of networking protocols, operating systems, and security technologies. 3. Excellent analytical and problem-solving skills. 4. Proficient in at least one scripting language. Responsibilities: 1. Define and implement secure coding standards and practices. 2. Conduct security assessments, code reviews, and penetration testing. 3. Collaborate with development and operations teams to integrate security into the SDLC. 4. Identify and prioritize application security risks and vulnerabilities. 5. Design and implement security controls and solutions to mitigate risks. 6. Stay updated with emerging threats and industry best practices. 7. Drive compliance with relevant security standards and regulations. 8. Respond to and mitigate security incidents under WAF & BOT operations. 9. Contribute to security awareness and training programs.

Implement security-as-code principles and automate security controls in CI/CD pipelines. Conduct secure code reviews and assist developers in adopting secure coding practices. Deploy and manage security tools such as SAST, DAST, SCA, IAST, and container security solutions.

We are looking for a strategic and technically capable Cyber Defense Vulnerability Manager to lead vulnerability management initiatives within our Cyber Defense Operations (CDO) function. Responsible for the vulnerability remediation strategy, aligning with Arms global security standards and running the operational execution of the vulnerability management lifecycle. Responsibilities: Develop and lead strategic vulnerability management and Attack surface management initiatives across teams and geographies. Drive remediation accountability and ensure alignment with business risk profiles. Coordinate integration of threat intelligence and vulnerability scanning and Penetration Testing tools (eg, Tenable, Qualys) with ServiceNow workflows. Define Key Performance Indicators and metrics to govern remediation efficiency and SLA compliance. Collaborate with global teams, including Product Security, Red Team, Threat Intelligence, and Engineering. Provide leadership and mentoring to vulnerability analysts. Champion process automation and tooling enhancements. Drive operational transformation to mature existing processes, procedures and tooling. Lead the response efforts for major vulnerabilities in conjunction with security partners across the business. Act as a senior technical authority, as we'll as an escalation point for advanced response coordination. Scope and perform security reviews of platforms, web applications, mobile applications, and private and public cloud environments. Identify architectural deficiencies and implement vulnerability mitigation strategies to address. Required Skills and Experience: Demonstrable experience leading a vulnerability and Attack Surface management function in a global or enterprise-scale environment. Expertise in platforms like ServiceNow Vulnerability Management, Tenable, and third-party integrations. Sufficient understanding of web technologies to handle Web vulnerabilities. Solid understanding of security governance, frameworks (ISO 27001, NIST), and risk assessment practices. Demonstrated leadership in running multi-functional teams and stakeholder alignment. Ability to articulate security risk and remediation impact to executive audiences. Exposure to Networking, automation, scripting, and API integrations. Specialist technical knowledge spanning security and IT domains to enable a comprehensive response to vulnerabilities of the highest complexity, as we'll as cross organisational incident management. Detailed cyber security threat landscape knowledge and experience in bringing it to bear in response to a vulnerability. Nice To Have Skills and Experience: bachelors or masters in Cybersecurity, IT, or related field! Certifications such as CISSP, CISM, GIAC (GCCC, GCPM), or PMP. Understanding of Agile or DevSecOps practices

We are looking for a Cyber Defense Vulnerability Incident Response Senior Analyst to join our growing Cyber Defense Operations (CDO) Centre. This role provides an outstanding opportunity to lead the response to critical vulnerabilities while also contributing to security incident handling and response. The ideal candidate will have a solid background in vulnerability management, with additional expertise in incident response. This is a great opportunity for someone who wants to deepen their understanding of the overlap between vulnerability management (VM) and incident response (IR). We are at an exciting moment in our transformation! Arm has a bold vision to develop technology that invisibly enables opportunity for a globally connected population. To achieve this, Arm is growing rapidly and developing new products. With new business capabilities, Arm is encountering new security challenges that require a thoughtful, adaptable approach to strengthen its cyber defences and detect respond strategy. Responsibilities: Vulnerability Management (Main Focus) Lead operational vulnerability management activities across infrastructure, applications, cloud, and third-party platforms. Validate findings and prioritize remediation based on business risk and threat intelligence. Collaborate with global IT, Engineering, and Security teams to drive vulnerability remediation efforts. Optimize and manage ServiceNow Vulnerability Management workflows. Act as technical lead in remediation planning, providing guidance and support to stakeholders. Collaborate with Red Team, Threat Intelligence, and Product Security to identify high-risk vulnerabilities. Lead Major vulnerability Incident response efforts in accordance with the response plan and policies. Incident Response (Secondary Focus) Support team in incident triage and response efforts as needed, particularly those involving vulnerability exploitation. Assist in forensic investigations and log analysis for potential Security Incidents. Contribute to the development of playbooks for vulnerability incident response. Deliver training and mentorship to junior analysts. Required Skills Experience: Demonstrable experience in vulnerability management, including implementation of scanning tools like Tenable, Qualys, or similar platforms. Hands-on experience with ServiceNow Vulnerability Management workflows and integrations. Experience with remediation coordination, risk-based prioritization, and vulnerability lifecycle management. Exposure to incident handling, including forensic and malware analysis basics. Solid understanding of cloud and container security vulnerabilities (AWS, Azure, GCP). Sufficient understanding of web technologies to manage Web vulnerabilities. Ability to articulate risk and technical topics clearly to non-technical stakeholders. Scripting and automation skills (eg, Python, PowerShell) to streamline workflows. Deep understanding of the cyber threat landscape and emerging exploitation trends. Nice-to-Have Skills Certifications: BSc or higher in Cybersecurity, Computer Science, or related field! Professional certifications: GIAC (GCIH, GCFA, GPEN), OSCP, or CISSP. Exposure to penetration testing or Red Teaming methodologies. Understanding of ITIL processes and project management principles

Happiest Minds Technologies is a Mindful IT Company that focuses on enabling digital transformation for enterprises and technology providers by leveraging disruptive technologies. With a 'Born Digital . Born Agile' approach, we offer digital solutions, infrastructure, product engineering, and security services across various industry sectors. Headquartered in Bangalore, India, Happiest Minds has a global presence in the U.S., UK, Canada, Australia, and the Middle East. Interested professionals can reach out to me ankita.patari@happiestminds.com Experience Details : 7 to 10 Years Location : Bangalore,Pune,Noida,Bhubneswar,Madurai,Coimabatore S kills: Burp suite, Vulnerability Assessment, Static/dynamic testing of mobile applications Job Description: Good written and verbal communication skills Hands on experience in Application security testing: Manual code walkthroughs, using Burp tool, NMap, Radioshark, Checkmarx etc., - Experience in both DAST and SAST - Preparation of detailed testing reports with vulnerabilities with CVSS scoring and remediations - Guiding developers in fixing the vulnerabilities - Knowledge of writing the test cases aligning with OWAP / NIST standards - Knowledge of External PT - Team management - Client management - Tracking and reporting of vulnerabilities - Understanding of Cybersecurity domain Thanks And Regards, Ankita Ghosh

We are looking for a skilled Cyber Testing Senior Associate 1 to join our team in Bengaluru. The ideal candidate will have between 5 and 10 years of experience in cyber testing, with expertise in manual and automated testing. Roles and Responsibility Perform security assessments, including static and dynamic application security testing. Conduct manual penetration testing on web applications, network devices, and other systems. Collaborate with clients in a fast-paced environment across various technology stacks and services. Develop, enhance, and interpret security standards and guidance. Demonstrate and promote security best practices, including secure development and cloud security. Assist with the development of remediation recommendations for identified findings. Identify and clearly articulate (written and verbal) findings to senior management and clients. Help identify improvement opportunities for assigned clients. Stay up-to-date with the latest security trends, technologies, and best practices. Work effectively within a team, fostering collaboration and open communication to deliver successful outcomes. Supervise and provide engagement management for other staff working on assigned engagements. Job Requirements Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent work experience. Expertise in web security, with extensive knowledge of vulnerabilities and the ability to identify and exploit them effectively. Minimum 5 years of experience in code review, application security testing, or web application development. Excellent written and verbal communication skills. Strong scripting skills, such as Python, Ruby, or Perl. Experience with cloud platforms, such as AWS, and knowledge of cloud security best practices. Familiarity with development technologies like Docker, CDK, Terraform, Java, Python, React, GraphQL, Javascript, JSON, REST, etc. Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices. Technical background in application development, networking/system administration, security testing, or related fields. Experience with both static application security testing (SAST) and dynamic application security testing (DAST) using various tools and techniques. Preferred but not required: one or more relevant certifications such as Offensive Security Web Assessor (OSWA), Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP), Burp Suite Certified Practitioner, or AWS Certified Security Specialist. Additional Info The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned with client requirements and deliverables.

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment ..Interested candidate can share resume to ankita.patari@happiestminds.com Work Location: Belapur, Navi Mumbai Experience: 11-15 Years General Shift who can join with 30 days notice period Skills: Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10,OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation Job Description: Project Management - Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Bank and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application & Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management B.Sc (IT/CS) / B.Tech in Computer Science, Information Technology, or related field. CISSP, CISA, CISM, CRISC 11-15 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Thanks And Regards, Ankita Ghosh ankita.patari@happiestminds.com

We are looking for a skilled Application Penetration Tester with expertise in both manual and automated testing to join our Security and Privacy Risk Consulting group. The ideal candidate will have 5-10 years of experience, a strong understanding of various testing methodologies and tools, as well as a passion for uncovering vulnerabilities and identifying potential security risks. Roles and Responsibility Perform security assessments, including static and dynamic application security testing. Conduct manual penetration testing on web applications, network devices, and other systems. Collaborate with clients in a fast-paced environment across many technology stacks and services. Develop, enhance, and interpret security standards and guidance. Demonstrate and promote security best practices, including secure development and cloud security. Assist with the development of remediation recommendations for identified findings. Identify and clearly articulate (written and verbal) findings to senior management and clients. Help identify improvement opportunities for assigned clients. Stay up-to-date with the latest security trends, technologies, and best practices. Work effectively within a team, fostering collaboration and open communication to deliver successful outcomes. Supervise and provide engagement management for other staff working on assigned engagements. Job Requirements B.Tech in Computer Science, Engineering, or related field, or equivalent work experience. Expertise in web security, with extensive knowledge of vulnerabilities and the ability to identify and exploit them effectively. Minimum 5 years of experience in code review, application security testing, or web application development. Excellent written and verbal communication skills. Strong scripting skills (e.g., Python, Ruby, Perl). Experience with cloud platforms such as AWS and knowledge of cloud security best practices. Familiarity with development technologies like Docker, CDK, Terraform, Java, Python, React, GraphQL, Javascript, JSON, REST, etc. Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to company policies and best practices. Technical background in application development, networking/system administration, security testing, or related fields. Experience with both static application security testing (SAST) and dynamic application security testing (DAST) using various tools and techniques. Preferred but not required: one or more relevant certifications such as Offensive Security Web Assessor (OSWA), Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP), Burp Suite Certified Practitioner, or AWS Certified Security Specialist.

As an Associate Developer at IBM, you'll work with clients to co-create solutions to major real-world challenges by using best practice technologies, tools, techniques, and products to translate system requirements into the design and development of customized systems. In your role, you will be responsible for: Your primary responsibilities include: Working on the end-to-end feature development and solving challenges faced in the implementation. Collaborate with key stakeholders, internal and external, to understand the problems, issues with the product and features and solve the issues as per SLAs defined. Being eager to learn new technologies and implementing the same in feature development Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Hands on extensive experience on RPG language on AS/400 System I and have worked on Production system and Application Development. 3+ years of relevant experience working on mainframes. Should have technical expertise/hands on - Assembler, COBOL, JCL, CICS, VSAM, Inter-test, Fault Analyser, File-Manager, Control-M/Any other Scheduler etc. Should have expertise working on JIRA/Confluence/SharePoint/Any Change management tool (Remedy/Myservice/Service now etc.) Message Types and Transaction flows Preferred technical and professional experience Processing between Acquirers, Issuer & Acquiring gateways etc. Interact with different stake holders, gather and articulate the Requirements. Good communications skills to deal with the clients directly and set up calls to bring the Business and Delivery inline

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

Not Applicable Specialism Risk Management Level Associate Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisations security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purposeled and valuesdriven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . Summary Indepth knowledge and handson experience in VAPT , including Web Application Vulnerability Assessment Penetration Testing, Mobile Application Vulnerability Assessment Penetration Testing , API and Network Penetration Testing, Cloud Security, Network Security, SOC Monitoring and Incident management. Vulnerability Assessment and Penetration Testing (VA/PT) Conduct VAPT Program Management including Remediation and Closure Management Conduct secure configuration review Conduct/ Manage Secure Code review Conduct/ Manage API secure testing Conduct/ Manage VA/PT for new web/ app development Conduct/ Manage Application Security Conduct/ Manage Red Teaming Conduct/ Manage DevSec/DevSecOps Conduct/ Manage Patch Management Mandatory skill sets VAPT Indepth knowledge of security issues, exploitation techniques and remediation measures. Handson Experience in Vulnerability Assessments Penetration Testing (Automated + Manual) on business critical assets ( IP,Web,Mobile,API and AWS) Handson experience with wellknown security tools BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc Understanding of web application security vulnerabilities (OWASP Top 10), including XSS, SQL injection, CSRF, and others. Strong knowledge of network security concepts, firewalls, VPNs, IDS/IPS, and TCP/IP protocols. Familiarity with mobile security vulnerabilities in iOS and Android platforms, including reverse engineering, mobile app testing, and OWASP Mobile Security Project. Strong written and verbal communication skills for delivering clear, concise security reports and presenting findings to stakeholders. Preferred skill sets Strong organizational, teamwork, multitasking time management skills. Outstanding communication abilities. Ability to effectively communicate the required recommendations. Years of experience required 4+ Years Education qualification Minimum Qualification BE/ BTech Education Degrees/Field of Study required Bachelor of Technology, Bachelor of Engineering Degrees/Field of Study preferred Required Skills Burp Suite, Nessus Vulnerability Scanner, Structured Query Language (SQL) Optional Skills Teamwork No

Required skillset: Ability to handle security testing projects: Customer Interactions, Team monitoring. Able to derive security requirements Threat Model, TARA, SCA, SAST Able to drive the security standards in the applications like OWASP, SANS, CVSS, CWE, STRIDE, DREAD Good Technical Presentation skills, Team collaboration skills, training and mentoring must be preferred. Expertise in Tools like : Appscan, Fortify, Burpsuite, Kali Linux, Postman Expertise in REST API Penetration testing Handson experience in Embedded Device Security Testing with expertise in Secure Boot, Firmware Analysis, CAN/UDS/USB/JTAG interface security testing Expertise in implementing and executing the Cyber Security Solutions and Penetration Testing for Network and Embedded devices. Hands-on Experience in AWS/Azure Good Technical Presentation skills and Team collaboration skills must be preferred. Security Certifications like CEH, ECSA or equivalent. Role & responsibilities Preferred candidate profile