20 Sans Jobs

We are looking for an experienced Application Security Engineer with 23 years of hands-on experience in security testing across web, mobile, API, and cloud environments. You will perform in-depth manual and automated testing, identify vulnerabilities using frameworks like OWASP and NIST, and provide actionable remediation guidance with clear PoCs. This role involves close collaboration with development and DevOps teams to integrate security into the SDLC, support secure coding practices, and contribute to threat simulations and R&D efforts. Strong knowledge of CVSS, MITRE ATT&CK, and scripting skills (Python, Bash) are essential, along with the ability to clearly communicate security findings to both technical and non-technical stakeholders Key Responsibilities: Conduct hands-on security testing of web applications, mobile apps, cloud environments, and APIs, identifying security vulnerabilities based on industry-standard methodologies (e.g., OWASP, SANS, NIST). Evaluate the risk and severity of discovered vulnerabilities using frameworks such as CVSS and document findings with clear Proof-of-Concepts (PoCs), highlighting real-world business impact and custom remediation guidance. Collaborate with development teams to explain vulnerabilities, answer technical queries, and recommend secure coding practices and mitigation strategies. Participate in research and development (R&D) initiatives, including the discovery of new attack vectors, tooling improvements, and security automation. Contribute to secure SDLC processes, including secure design reviews, code reviews alongside DevOps and architecture teams. Assist in conducting threat simulations, adversary emulation, and red team exercises when required. Maintain awareness of emerging threats, CVEs, and vulnerability trends affecting web, mobile, and cloud technologies. Required Skills & Tools 2-3 years of hands-on experience in security testing or penetration testing across web, mobile, API, and/or network layers. Bachelors degree in Computer Science or a related technical field (or equivalent experience). Having published CVEs is considered a strong advantage. Solid knowledge of OWASP Top 10, MITRE ATT&CK, and Secure Coding Guidelines. Strong understanding of manual testing approaches — not just tool-assisted scans. Hands-on experience with reporting, PoC generation, and remediation consulting. Scripting or automation skills in Python, Bash for creating custom tools. Effective communication skills to interact with both technical and non-technical stakeholders.

As an experienced Application Security Manager, you will play a crucial role in leading our security initiatives to ensure the integrity, confidentiality, and availability of our systems and data. Your responsibilities will involve integrating security tools, standards, and processes into the product life cycle (PLC), training developers and QA personnel on security knowledge, supporting application security tool deployments, and managing periodic penetration testing exercises. You will be tasked with creating, integrating, and managing threat modeling processes/practices, following SSDLC and application framework, as well as managing secure configuration/hardening guidelines and compliance. Additionally, you will need to create and manage application security KPIs, KRIs compliance reports, and dashboards. Your role will also require hands-on experience with tools and processes related to SAST, DAST, API Security, and Threat Modelling. Furthermore, you will oversee Infosec functions by coordinating with various stakeholders such as the App Team, Vendors, Auditors, and Regulators. It is essential to have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST, as well as experience with cloud environments (AWS) and WAF (Imperva, Akamai). Knowledge of Network and Data Security is considered a plus. In terms of qualifications and experience, we are looking for candidates with 8-10 years of hands-on experience in application security. A strong understanding of application security best practices, frameworks, and security technologies is required. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes is essential. Familiarity with regulatory requirements and compliance standards, such as RBI and SEBI, is beneficial. Excellent communication, interpersonal, analytical, and problem-solving skills are important for this role. A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required, while a Master's degree or relevant certifications are preferred.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. To provide security monitoring and support to Client's technology platforms, network, applications, crew, and environments in response to incidents of varying severity and perform other security monitoring/incident response functions as needed. **Duties and Responsibilities:** - Support Client Data Loss Prevention (DLP) initiatives through monitoring and investigation of email, network, and endpoint DLP alerts. - Performs remediation actions to resolve incidents relating to violations of Client Information Security policies. - Establishes and maintains effective service relationships with business users - keeping them informed of the status of their security requests and tickets; understanding their business needs and escalating as necessary; providing non-technical answers to security questions that come in via email or hotline; and explaining the rationale behind security policies, procedures, and monitoring. - Keeps management within the department informed by communicating progress, issues, concerns, and opportunities. Assesses and immediately notifies the manager of any potential information security breach and security issues that may have a negative impact on business operations. - Identifies opportunities to improve the quality, efficiency, and effectiveness of the team. - Adheres to Client Information Security policies and departmental procedures, along with following industry best practices. - Works with other departments (within and outside of Information Security) to communicate appropriate and consistent security requirements. - Participates in the development of team and departmental objectives. - Participates in special projects and performs other duties as assigned. - Supporting the clients" team by acting as an interim team member (e.g. security officer, security manager, security analyst.) - Should independently manage the assigned project/engagement with minimal oversight/guidance from the manager. **Qualifications:** - Undergraduate degree in information/cybersecurity, an information technology-related field, or equivalent combination of training, certifications, and experience. - 4-6 years related experience. - CompTIA Security+, ISC2 CISSP, SANS, or other similar certifications are a plus but not required. - Knowledge of security concepts, theories, and best practices. - Ability to analyze and demonstrate problem resolution skills. - Demonstrated ability to work collaboratively as well as independently, with attention to detail. - Demonstrated ability to be flexible and exercise good judgment. - Demonstrated strong organization and time management skills. - Strong verbal, written, and interpersonal communication skills. - Ability to deal effectively with various levels of business unit crew and management. - Experience on Elastic SIEM, Tines SOAR, and CrowdStrike EDR is good to have. **Special Factors:** - Willing to work in a hybrid model (3 days in the office) in a rotational shift. - Weekend availability/flexibility to work weekends is a MUST. - Willing to support the US shift (Night shift),

Greetings potential candidate, We are looking for a Security Assessment & Compliance Specialist with 3-6 years of experience to join our team at Netsach, a Cyber Security Company based in Dubai. As a Security Threat Assessment & Compliance Specialist, you will be responsible for conducting testing on bank installations using focused threat-based methodologies to identify vulnerabilities, enhance Cyber readiness, and ensure security controls and system configurations adhere to compliance standards. Your role will involve collecting open source intelligence on threats, developing Cyber assessment plans, assessing The bank group installations & controls, and providing insight on IT technology assets. Key Responsibilities: - Conduct testing on bank installations using threat-based methodologies - Identify, expose, and exploit vulnerabilities to enhance Cyber readiness - Review security controls and system configurations to ensure compliance - Collect open source intelligence on threats and vulnerabilities - Develop Cyber assessment plans and conduct assessment tests - Ensure threat controls and systems are appropriately configured - Identify and track IT risks and remediate gaps through operational activities - Provide threat activity reporting and insight on IT technology assets - Manage ad-hoc review and reporting requests from stakeholders Requirements: - Bachelor's or Master's degree in Computer Science, Mathematics, or related field - Master's Degree in Business Management or equivalent - Certifications such as CISSP, OSCP, OSCE, CREST, GPEN, SANS GWAPT - 3-5 years of experience in technical Cyber security - Proficiency in Bash scripting, Perl, Python, and Machine Learning frameworks - Experience with malware scanning tools and mobile digitization platforms - Familiarity with threat modeling frameworks such as STRIDE, PASTA, and VAST - Knowledge of Cloud, DBMS, Containerization Technologies, and Microservices/API architecture - Strong technical background covering heterogeneous technologies and multiple security domains - Deep experience in vulnerability assessment, threat evaluation, and mitigation recommendations - Extensive experience with Security scanning solutions like Tenable Security Center, Tripwire, Rapid Scan, Qualys - Ability to integrate open source frameworks and solutions for unified reporting If you meet the above requirements and are passionate about Cybersecurity, we would love to hear from you. Join us in our mission to enhance Cyber readiness and ensure compliance in the banking sector. Thank you, Emily Jha emily@netsach.co.in,

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Privilege Password Management CyberArk. Experience: 8-10 Years.

We are seeking a highly skilled and self-motivated Senior .NET Developer with deep expertise in secure application development. The ideal candidate will combine advanced .NET development skills with a strong foundation in application security, vulnerability assessments (VA), and secure coding practices (SCD). You will play a crucial role in leading a technical team, ensuring application security, and collaborating with stakeholders to deliver secure and high-performance applications. Key Responsibilities: Lead the design, development, and deployment of enterprise-grade applications using C#, ASP.NET, MVC, and .NET Core . Ensure secure coding practices in line with OWASP, SANS Top 25, and organizational standards. Conduct and guide team members in Vulnerability Assessment (VA) and Secure Code Development (SCD) . Review and implement modern security headers including CSP, HSTS, X-Content-Type-Options, X-Frame-Options, etc. Configure, optimize, and troubleshoot IIS web servers to ensure secure and high-performing hosting environments. Collaborate with application owners and conduct security-focused meetings with HODs to communicate risks, mitigation plans, and progress updates. Act as a subject matter expert during security audits, assessments, and compliance checks . Develop and maintain technical documentation , including security guidelines, server configurations, and incident reports. Mentor and lead a team of developers and security analysts to instill a culture of secure development practices. Required Skills & Qualifications: Strong hands-on experience with C#, ASP.NET, MVC, and .NET Core . Deep understanding of IIS server architecture and web application deployment best practices. Expertise in application security , including VA tools , OWASP Top 10 , SANS Top 25 , and CWE . Proficient in applying HTTP security headers and other web application security mechanisms. Excellent analytical, troubleshooting, and problem-solving skills. Strong communication and stakeholder management skills. Experience in leading teams and working in cross-functional environments. Preferred Qualifications: Certifications such as CEH , OSCP , CSSLP , or Microsoft Security Certifications . Exposure to DevSecOps practices and CI/CD security integration. Familiarity with cloud security (Azure/AWS) and containerized application security (Docker/Kubernetes).

We are seeking an experienced Application Security Specialist to join our team. As an Application Security Specialist, you will be responsible for conducting SSDLC security assessments, integrating security throughout the software development lifecycle, and ensuring that applications meet the highest security standards before deployment. Your key responsibilities will include conducting internal and third-party SSDLC risk assessments on critical assets and processes, coordinating with project teams to enforce security frameworks in all phases of the SSDLC, and preparing security effectiveness reports for management. You will also be tasked with performing SSDLC assessments aligning with security practices, ensuring that new applications undergo SSDLC assessments before induction into data centers, and defining and enhancing application security requirements for agile development and traditional architectures. Additionally, you will assist DevSecOps teams in creating secure CI/CD pipeline processes, follow up on and escalate closure of identified security gaps, and contribute to standardizing application security tools and methodologies. The ideal candidate should have at least 6 years of experience in Information Security with a focus on application and software security, along with 4 years of experience in software development lifecycle security reviews. You should also possess expertise in architecture reviews, software design reviews, threat modelling, and design flaw assessments, as well as hands-on experience with SAST, DAST, SCA, IAST, RASP, and other application analysis tools. Familiarity with OWASP, SANS, ISACA, NIST, IETF best practices is required, and the ability to develop detailed security frameworks for developers to integrate into the SDLC is essential. Preferred certifications include CISSP, CSSLP, Cloud Security Certifications, and DevSecOps Automation Certifications. If you meet these qualifications and are passionate about enhancing application security, we encourage you to apply for this position.,

Greetings, We are looking for a Security Assessment & Compliance Specialist with 3-6 years of experience to join our team at Netsach, a Cyber Security Company in Dubai. As a Security Threat Assessment & Compliance Specialist, your role will involve conducting testing for bank installations using threat-based methodologies to identify vulnerabilities, improve Cyber readiness, and review security controls and system configurations across IT systems to ensure security posture and compliance. Your responsibilities will include collecting open-source intelligence on threats and vulnerabilities related to the bank's technology stack, participating in event planning stages to develop Cyber assessment plans, ensuring that threat controls and systems are appropriately configured across the Group, identifying and tracking IT risks and gaps for remediation, providing threat activity reporting and insights on IT technology assets, and managing ad-hoc review and reporting requests from stakeholders. The ideal candidate should have a Bachelor's or Master's degree in Computer Science, Mathematics, or equivalent discipline, along with certifications such as CISSP, OSCP, OSCE, CREST, GPEN, SANS GWAPT. You should have 3-5 years of experience in technical Cyber security, proficiency in Bash scripting, Perl, Python, or R, expertise in Machine Learning frameworks and code development, familiarity with malware scanning tools, experience with mobile and digitization platforms, and knowledge of threat modeling frameworks like STRIDE, PASTA, and VAST. Moreover, you should have a strong technical background covering heterogeneous technologies and multiple security domains, deep knowledge of vulnerabilities in banking environments, expertise in threat assessment and mitigation, and experience in evaluating threats based on the latest threat landscape in EMEA & North Africa. Additionally, you should be well-versed in security scanning solutions such as Tenable Security Center, Tripwire, Rapid Scan, Qualys, and be able to integrate open-source frameworks and solutions into the Threat and Vulnerability solution environment for unified reporting. If you are passionate about Cybersecurity and possess the required skills and experience, we would like to hear from you. Thank You, Emily Jha emily@netsach.co.in,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-Cyber security, the EKM Team owns the Public Key Infrastructure (PKI) and is responsible for certificate lifecycle management, distribution, and key management. The Lead Info Security engineer will be a part of a team of subject matter experts to facilitate the protection of data at rest, in-transit, or in-use by providing systems of processes, technologies, and policies. We're looking for Security Analysts in the Risk Consulting team to work on various privacy/data protection related projects for our customers across the globe. As an influential member of the team, you will help create a positive learning culture, coach and counsel junior team members, and assist in their development. **Your key responsibilities include:** - Designing, developing, integrating, and deploying encryption and key management solutions both on-premises and in the cloud. - Defining business/technical strategies to reduce risk and improve the overall security posture of applications, platforms, and infrastructure. - Collaborating with stakeholders at all levels to understand security needs and prioritize the roadmap accordingly. - Ensuring projects are completed on time, within budget, and with high quality. - Supporting necessary compliance activities and developing runbooks, SOPs, and troubleshooting guides. - Continuously validating the team's products/solutions against policies, guidelines, procedures, and regulations to ensure compliance. - Supporting the client's team by acting as an interim team member (e.g., security officer, security manager, security analyst). **Skills and attributes for success:** - Being a good team player with excellent verbal and written communication skills. - Proficient in documentation and PowerPoint skills, with good social, communication, and technical writing skills. - Ability to prioritize tasks, work accurately under pressure, and follow workplace policies and procedures. - Strong analytical/problem-solving skills and the ability to work independently on projects with minimal oversight. **To qualify for the role, you must have:** - Bachelor's or master's degree in Computer Science, Information Systems, Engineering, or a related field. - At least 7+ years of experience in Information Security with subject matter expertise in PKI, CLM, HSM. - Excellent scripting skills and experience with developing SOPs, runbooks, CP/CPS. - Technical experience with a combination of CLM, KMS, and PKI services, along with Linux and Windows systems. - 2+ years of working experience in cloud technologies such as AWS, Azure, and Google Cloud Platform. - Knowledge of security technologies like Venafi, AppViewX CERT+, Luna HSM, Fortanix DSM, MS-PKI, Sectigo. **Ideally, you'll also have:** - Experience with data tokenization/data masking and leading high performing technical teams. - Security certifications such as CISSP, CISM, CRISC, AWS, Azure, SANS, etc. - Ability to provide strong customer service and willingness to work weekends and travel as required. **What we look for:** - A team of people with commercial acumen, technical experience, and enthusiasm to learn in a fast-moving environment with consulting skills. - An opportunity to be part of a market-leading, multi-disciplinary team of professionals, working with leading businesses across various industries. **What working at EY offers:** - Inspiring and meaningful projects with a focus on education, coaching, and personal development. - Support, coaching, and feedback from engaging colleagues. - Opportunities to develop new skills, progress your career, and handle your role in a way that suits you. EY exists to build a better working world, creating long-term value for clients, people, and society, and building trust in the capital markets. Join EY's diverse global teams to provide assurance, help clients grow and transform, and find new answers to complex issues facing the world today across assurance, consulting, law, strategy, tax, and transactions.,

Your Impact As part of the Product Security team, you must have a strong understanding of information security processes across product development lifecycle including secure coding principle, static code / dynamic scanning, application penetration testing, container security, cloud security, supply chain security and threat modelling the applications. You should be familiar with the industry best practices for information security policies and product security. standards. You will have the opportunity to collaborate with the product stakeholders such as product development, cloud operation, system architects, security champions, Global Information Security on the Product security process and customer escalations/support What The Role Offers Please review the below write up and highlight for any corrects Strategic Planning: Align application security initiatives with business goals; refine Product Security processes and tools. Technical Leadership: Stay updated on the latest trends and advancements in application security and apply them to continually improve the organizations security program. Recommend mitigations for vulnerabilities; manage third-party and open-source software risk. Architecture and Design: Review application designs for security best practices. Design, enhance, and advocate for the threat modelling process. Conduct threat modelling and advise product teams on implementing appropriate security controls. Security Reviews: Conduct security assessments throughout the development lifecycle. Collaborate with development teams to remediate security vulnerabilities. Code Review and Analysis: Conduct code reviews and implement automated code analysis tools. Secure Development Practices: Enforce secure coding practices, train developers in secure coding. Incident Response/Customer Escalations: Lead incident response efforts related to application security incidents. Work with cross-functional teams to investigate and remediate security breaches. Policy and Standards: Develop and enforce application security policies; ensure compliance with industry standards. Security Testing: Oversee the implementation of security testing methodologies Conduct Penetration Testing activity for applications/systems Security Awareness: Promote security awareness across engineering; conduct training for development teams on Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Collaboration: Collaborate with cross-functional teams, including development, operations, GIS, etc., to integrate security into all aspects of the software development lifecycle and improve security maturity. Documentation and Reporting: Maintain comprehensive documentation of security processes/policies; produce maturity status reports for senior management. Generate reports and conduct peer reviews. Research and Innovation: Stay informed on emerging threats and vulnerabilities, and proactively implement innovative security solutions. Vendor and Tool Evaluation: Evaluate and recommend security tools/technologies; Manage vendor relationships What You Need To Succeed 5 - 8 years of experience with the relevant technologies Bachelors degree in engineering, computer science or equivalent is preferred Industry standard best practices on application security controls, requirements, features, and specifications Application security issues, weaknesses, vulnerabilities, threats, risks, and impacts of exploitation Familiarity with Security Standards and groups (OWASP, PCI, SANS, OSSTMM etc.) Strong vulnerability assessment experience of web, mobile and thick client applications, RESTful & JSON APIs, web servers, databases, and hosting environments (cloud, off-cloud, Containers) Strong experience in manual vulnerability assessment and penetration testing Hands on experience on Application Security tools such as Fortify, WebInspect, Burp, etc. Experience in planning, researching and developing security policies, standards and procedures in line with industry best practices A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes, (i.e. the ethical hacker mentality) Preferably to have application security penetration testing related certifications, (e.g. GWAPT, OSWE, OSCP, GPEN, CPTE, CEH, GWEB, GCIH, etc.) Highly desirable to have general information security related certifications, (e.g. CISSP, CISM, GSEC, CCSP, etc.) Should have excellent team playing and collaborative skills, to work with multiple stake holders. Strong analytical, troubleshooting, writing, communication, and consultancy skills Possess a commitment to quality and a thorough approach to work.

1)The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with the operation and construction of tools to assist in these tasks. 2)Well-versed with OWASP Top 10, SANS, NIST and WASC Threat Classifications 3)Expertise in Vulnerability Assessment and Penetration Testing of Web Applications, Networks and Cloud (AWS/Azure) 4)Expertise in Penetration testing of Mobile applications 5)Well versed in Source Code Reviews 6)Familiar with popular tools like Burp suite, Paros, OWASP ZAP, Wireshark Nessus, NTO Spider, Metasploit, Exploit DB, Kali etc. 7)Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them 8)Must be CEH certified 9)Excellent communication skills written and verbal

Job Title: Sr GRC Analyst Duration: Full time role Location: Bengaluru (Hybrid) Note: Looking for immediate joiners OR who can join in at least 20-30 days of notice. Job Description: Duties: Perform vendor risk assessments against all security domains Perform technical implementation assessments from a security perspective related to vendor integrations (i.e. API integrations, SFTP integrations, etc.) to validate the secure implementation of the third party service at the client Maintain and expand Customer Trust knowledge base Support customer security assessment requests Support customer audits Skills: Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, and SOC2. Great understanding of IT control frameworks (COBIT) and IT general controls Strong knowledge of information security concepts, risk and controls concepts Strong knowledge of standards such as ISO 27001/2, NIST CSF, NIST 800-53, TSC 2017 (SOC2), PCI DSS, etc. Strong knowledge of security control domains such as Asset Management, Configuration Management, SDLC, Logging and Monitoring, Data Security, Network Security, Security Governance, Identity Access Management, Vulnerability Management, etc. Proficiency in a wide spectrum of technical security controls encompassing logical access control, encryption , data loss prevention, secure coding practices, security architecture, vulnerability management, and network security technologies. Expert in conducting Vendor risk assessments and understand risk exposure of technology deficiencies and translating them to business impact Strong domain experience in security risk assessments Working knowledge of risk treatment and exception processes Strong knowledge of Security architecture design and review including key security controls related to authorization, authentication, and encryption of data in transit/at rest Ability to configure and/or maintain 3rd party customer audit management tools (such as OneTrust Compliance Automation or a similar tool) for automated evidence collection to support customer audits is a plus Ability to configure and/or maintain 3rd party vendor risk management tools (such as OneTrust vendor assessment or a similar tool) for third party risk assessments is a plus One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer Open to learning and working on new domains and technology Good written and spoken communications skills to explain and articulate technical concepts effectively to stakeholders including system engineers, and auditors Strong attention to detail and diligence

Role & responsibilities 1. Ability to conduct Vulnerability Assessments on systems, web applications, mobile applications and network devices. 2. Have basic knowledge of Penetration Testing & Exploitation. 3. Have Good Knowledge and experience of working on Application Level and Network Level Audit. 4. Should have the understanding of OWASP Top 10, SANS Top 25, NIST and other relevant framework. 5. Should have knowledge of server-side languages (any programming language). 6. Must be Familiar with Kali, Metasploit etc. 7. Should have good knowledge of Vulnerability Assessment tools - Application (Rational Appscan, Acunetix, Netsparker, Qualys, BurpSuit etc), Network (Nessus, Nexpose, NMap, OpenVAS etc.). Preferred candidate profile 1. B. Tech (CS/IT)/BCA/MCA/BSC/Diploma (No bar for deserving candidates). 2. CEH is mandatory. CHFI, OSCP, ECSA, ISO27k LA, etc. will be an added advantage. 3. Must have Good Communication skills. 4. Must be Passionate about information security.

What you will do Let s do this. Let s change the world. In this vital role the Senior Associate Data Security Engineer role will cover Data Loss Prevention (DLP) and Data Security Posture Management (DSPM) technologies. This role will report to the Manager, Data Security. This position will provide essential services that enable us to better pursue our mission. Sr. Associate Data Security Engineers operate, manage, and improve Amgen s DLP and DSPM solutions. In our Data Security team, they will operate data protection security technologies in a rapidly changing global security sector. They will work with other engineers and business units to help craft, build, coordinate, configure, and implement critical preventive and detective security controls related to the protection of Amgen data. This engineer will play a key role in designing, deploying, and maintaining solutions to build our rapidly growing operations. Roles & Responsibilities: Maintain the service delivery and working order of Amgen data security solutions across Amgen s global enterprise Execute Amgen service management processes such as Incident Management, change processes, and service improvements for Amgen s data security technologies Assist in the design and improvement of Amgen s data security technologies and solutions. Build scripts for the configuration and the testing of the solution Manage and perform analysis of escalated DLP events, engage with the business, fulfill legal hold requests, and provide executive reporting Work with business domain specialists to collect, analyze, build, tune and automate DLP policy sets Analyze events and logs for suspicious activity and opportunities to improve posture, processes, procedures, and protections. Consult to the Incident Response team on investigations Develop automation solutions in increase response times and reduce risk of identified incidents Participate in regular meetings and conference calls with the client, IT, business partners and vendors to help ensure technical coverage for new or existing projects across the business Functional Skills: Must-Have Skills: Knowledge of Cloud Access Security Platforms (Elastica, Netskope, SkyHigh, etc) Understanding of cloud and SAAS environments (AWS, O365, Box, Salesforce, etc) Solid experience with potential to grow knowledge in Linux/Windows OS and other infrastructure systems Experience with DLP and data protection technologies for a large global enterprise Demonstrated understanding on how emerging security technologies and data flows interoperate across complex, multi-cloud systems. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Master s degree and 1 to 3 years of experience OR Bachelor s degree and 3 to 5 years of experience OR Diploma and 7 to 9 years of experience. Preferred Qualifications: Good-to-Have Skills: Comfort with scripting (PowerShell, Python, etc) and expression development (SQL, Regex) Ability to develop documentation for Infrastructure Security implementations Basic experience with ITIL processes such as Incident, Problem, and configuration management Experience in complex enterprise environments with competing business priorities Professional Certifications (please mention if the certification is preferred or mandatory for the role): Systems Security Certified Practitioner (SSCP) or Security+ SANS Certifications Relevant vendor-specific certifications Soft Skills: Established analytical and gap/fit assessment skills. Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals Effective presentation and public speaking skills. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Position Purpose The purpose of the position is to help with the information security topics mentioned in the direct responsibilities. Responsibilities Direct Responsibilities - Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. - Engaging with organization wide risk and control groups, including internal audit and territory control teams. - Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls. Contributing Responsibilities Excellent understanding of development security and its implementation in systems: identification, authentication, access control and provisioning, alignment of jurisdiction to business process Knowledge of single-sign-on security strategies (e.g. SAML, OAUTH2, SiteMinder etc.) Excellent understanding of authentication related mechanisms (Kerberos, One Time Passwords, PKI) Good understanding of cryptography and its practical uses within secure application development Familiarity with common security vulnerabilities (e.g. OWASP Top 10) Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them. Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Technical & Behavioral Competencies Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarize key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity, Sonatype, Blackduck Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. Excellent Inter personal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills Specific Qualifications (if required) - CEH, SSCP, OSCP certified. - Technical Graduate (Computer Science) Preferable. Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral & written Ability to share / pass on knowledge Active listening Transversal Skills: (Please select up to 5 skills) Ability to understand, explain and support change Analytical Ability Ability to develop and adapt a process Ability to develop and leverage networks Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Bachelor Degree or equivalent Experience Level At least 7 years

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 230,000 employees and business partners across 65 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. For additional information, visit us at www.wipro.com. Job Description Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No PerformanceParameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index >7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Mandatory Skills: Microsoft Endpoint Protection . Experience: 8-10 Years . Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 230,000 employees and business partners across 65 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. For additional information, visit us at www.wipro.com. Job Description Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Deliver No PerformanceParameter Measure 1 Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience, CSAT, educating and suggesting right control to the customers. 2 Support sales team to create wins % of proposals with Quality Index >7, timely support of the proposals, identifying opportunities/ leads to sell services within/ outside account (lead generation), no. of proposals led Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Job Description -: Experience of 4+ years • Hands-on experience of conducting security assessments of Web Applications, Mobile Applications, Web Services/APIs, Thick-clients. • Experience in tools such as burpsuite, nessus, nmap, acunetix, metasploit, checkmarx, etc. • Experience with Open Web Application Security Project (OWASP),SANS, Open Source Security Testing Methodology Manual (OSSTMM) methodologies and tools. • Ability to explain technical vulnerabilities to both technical and non technical audience highlighting business risk. • Knowledge of at least one cloud technology (AWS, Azure,GCP) is desirable, preferrably AWS and Azure. • Good understanding of coding best practices and standards. • Good knowledge of at least one of the following programming/scripting languages viz. python, ruby, C#, powershell, C/C++, Java • Good communication skills. • Critical thinking and good problem-solving abilities. • Organized in planning and time management skills are preferred. • Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) is desirable. Roles & Responsibilities -: Conduct vulnerability assessment and penetration testing for application, and other infrastructure Conduct application security assessment of web applications, mobile applications, thick-client application and API. Conduct configuration reviews for Operating System, Database, Middleware, Firewall, Routers, Switches and other infrastructure. Conduct red-team assessments Conduct cloud security assessments Conduct source-code review using automated and manual approaches Ensure timely execution of projects, delivery of status updates and final reports. Stay abreast of the latest updates in technology, security trends, vulnerabilities, exploit techniques and security news. Proficient in Ms-Excel and Powerpoint.

Highest Qualification: Any Full Time Graduate Note: Hands on experience in ISO 27001 Implementation is mandatory for this role Experienced in managing cyber security services like Cyber Risk Compliance consulting. Experience in setting up end to end Cyber Security frameworks, Compliance Standard implementation, including knowledge in testing (VAPT, Web mobiles appsec, secure code review) Should be adept at conducting gap analysis, risk assessments, Impact assessments, governance and strategy development, Have worked with organizations to develop and implement various industry security standards like, IS0 27001, ISO 20000, PCI DSS, SOC2, GDPR, Privacy standards etc... Should be able to understand and explain technical vulnerabilities Basic knowledge on Active directory, firewalls, SCCM, MacAfee security products, DLP, Secure coding practices and product security Specific Duties and Responsibilities Include: To manage cyber security projects across EMEA region for cyber security services like Cyber security testing cyber consulting Maintaining margins Business development like having presales discussions with various teams Assist in Business development of various security standards Must Have Skills: Excellent communication and presentation skills. Able to effectively interact with various clients/sales teams and manage clients Good to have Skills / Certification: ISO27001:2013 Lead Auditor CISSP, CISA, CISM, ISO22301, OSCP, CEH, SANS, Cloud certifications, Privacy certifications like CIPP/E, CIPM Qualification: BE/ BTech, MCA, MBA with specialization in Information Security

Notice Period: Immediate/0-15 Days Joiners Only Job Description: We are seeking a highly experienced VP to lead and enhance our cybersecurity audit and assurance programs. The ideal candidate will have extensive experience in conducting and managing penetration testing, red teaming, social engineering assessments, secure code reviews, and full-scale IT and cybersecurity assessments. This leadership role involves overseeing security audits, and strengthening our clients overall security posture. Key Responsibilities: Lead cybersecurity audits and assurance programs across IT systems, applications, and infrastructure for our clients. Oversee penetration testing, red teaming, and social engineering assessments, ensuring effective security testing strategies. Manage secure code reviews and application security assessments to identify and remediate vulnerabilities. Collaborate with SOC teams, vulnerability management teams, and security engineers to enhance threat detection and mitigation. Evaluate third-party security risks and conduct supplier security assessments. Provide executive-level reports on security assurance findings, risks, and mitigation strategies. Ensure compliance with global security standards and frameworks. Mentor and develop a team of cybersecurity auditors, penetration testers, and security analysts. Qualifications and Skills: 15-20 years of experience in cybersecurity audits, security assessments, and assurance programs. Deep expertise in penetration testing, red teaming, social engineering tactics, and secure coding. Strong knowledge of security frameworks such as OWASP, SANS, CIS, NIST 800-53, ISO 27001, SOC 2, and PCI DSS. Experience with security testing tools (Burp Suite, Metasploit, Kali Linux, etc.). Ability to engage with executive leadership and present security risks effectively. Certifications preferred: CISSP, CISA, OSCP, CEH, CRTP, or equivalent.