195 Vulnerability Jobs

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. We are currently seeking an experienced professional to join our team in the role of Lead consultant specialist In this role you will: Hunting for malicious or anomalous activity across the enterprise, using existing tools. Acting in co-ordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organization. Researching new and existing threat actors and associated tactics, techniques and procedures (TTPs); developing a detailed understanding of their potential impact to the organization, providing recommended solutions for improving our defensive and detective capability. Collaboration with the wider Cybersecurity functions, e.g., Red Team, to develop hypotheses for new attack techniques and evasion methods. Coordinating threat hunting activities, leveraging intelligence from multiple internal and external sources. Reviewing incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them. Providing expert analytic investigative support on large scale and complex security incidents. Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes Training, developing, mentoring, and inspiring colleagues across the function in area(s) of specialism, strengthening Cybersecurity Operations capabilities. Represent HSBC Global Cybersecurity Operations at internal awareness and external cybersecurity forums. Collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose. Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources. Requirements To be successful in this role, you should meet the following requirements: Excellent investigative skills, insatiable curiosity, and an innate drive to win. Instinctive and creative, with an ability to think like the enemy. Strong problem-solving and trouble-shooting skills Deep knowledge of hacker culture Developed external peer network for sharing intelligence. Self-motivated and possessing of a high sense of urgency and personal integrity. Excellent understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws. Excellent understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards. Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc.) using open source, vendor purchased and bespoke/in-house developed solutions. Experience in computer forensics, vulnerability analysis, cyber security analysis, penetration testing and/or network engineering. Highest level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors Expert level knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems. Expert Knowledge and technical experience of 3rd Party Cloud Computing platforms such as AWS, Azure and Google

We are seeking a driven and dynamic Sponsorship Sales Executive to spearhead commercial growth across our international cybersecurity conferences. In this role, you ll be responsible for prospecting, pitching, and closing sponsorship deals for four high-impact, paid-attendance events annually , across the U.S., Europe, and India. This is a high-opportunity role ideal for a junior to mid-level B2B sales professional with the drive to scale an already-profitable sponsorship business. You ll own relationships with tech vendors, security solution providers, and recruitment-focused brands looking to connect with cybersecurity professionals, practitioners, and product buyers. You will be the bridge between Payatu s world-class conferences and the industry leaders who want to be part of them What You ll Do Design and implement a strategic sales plan aligned with event goals and audience profiles Identify potential sponsors based on each conference s unique audience and value proposition, targeting security vendors, product companies, training firms, and CISO-aligned brands Drive consistent revenue by selling sponsorship packages, exhibition booths, speaking slots, and branding opportunities Maintain and grow key sponsor relationships with regular check-ins and ROI-driven engagement Provide feedback on pricing, packaging, and event enhancements based on client input Stay informed about industry trends, emerging tech players, and competitor event Use CRM (HubSpot\/Salesforce) to log activities, report forecasts, and analyze performance What You Bring Skills & Experience: 2-5 years of B2B sales experience, preferably within the enterprise tech\/cybersecurity event industry Background selling to cybersecurity vendors or CISO-focused organizations is a strong plus Strong research and digital prospecting abilities Proficiency in CRM tools (e.g., HubSpot, Salesforce) Skills & Attributes: Self-starter who thrives in an independent, high-accountability environment Exceptional communication and negotiation skills Organized, persistent, and results-driven Passion for the cybersecurity industry or willingness to quickly become fluent in it Why Join ISMG Payatu? Be a part of a globally recognized cybersecurity brand with strong market demand Join a purpose-driven company at the intersection of cybersecurity innovation and education Drive real impact in a high-growth business with clear runway for earnings and advancement Work with a supportive, passionate team that values creativity and results. Ready to help shape the future of cybersecurity events? Apply now and be part of something impactful. Location: On-site at our office in Mumbai. Compensation: from 15 to 20 LPA depending on experience level.

About the Role The Staff Software Engineer on the Vulnerability Coverage team will help set technical direction for delivering accurate vulnerability coverage to our customers in a timely manner. They will serve as an expert and owner for a portion of the overall coverage portfolio, participate in architectural discussions and successfully deliver new capabilities and coverage from conception to release. In addition to hands-on development, they will work closely with the product management team, mentor engineers and contribute to roadmap planning. The Staff Software Engineer s role is responsible for providing technical leadership and does not have people-management responsibilities. In this role, you will: Build, maintain, and release high-quality vulnerability coverage by becoming an expert in specific areas of our security coverage portfolio. Build, maintain and release new services and plugins for generating new vulnerability coverage Be involved in driving the design and planning of upcoming features, our engineers are first class stakeholders in all parts of the development process Partner with internal teams such as Product Management to ensure our customer needs are met Build a deep understanding of the processes involved in maintaining and improving our vulnerability coverage portfolio The skills you ll bring include: A minimum of 8 years experience in software development using Python Experience working with Java, Spring and Databases is a plus Experience with Cloud based deployments e.g. AWS / GCP / Azure Experience with IaC e.g. Terraform / Ansible Experience with virtualization and containers Familiarity with CI/CD pipelines such as Jenkins and proficiency with version control systems such as GitHub BEng, BSc or related technical field Ability to plan, organize and drive a complex project across multiple organizations Excited by technology, curious and eager to learn, with the ability to mentor junior team members The attitude and ability to thrive in a high-growth, evolving environment Collaborative team player who has the ability to partner with others and drive toward solutions Strong creative problem solving skills Solid communicator with excellent written and verbal communications skills both within the team and cross functionally Demonstrable experience of delivering complex solutions to customers Experience with cloud services and infrastructure such as AWS would be advantageous We know that the best ideas and solutions come from multi-dimensional teams. That s because these teams reflect a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don t be shy - apply today. About Rapid7 At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what s possible and drive extraordinary impact. Here, we re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 10,000 global customers ahead of whatever s next. Join us and bring your unique experiences and perspectives to tackle some of the world s biggest security challenges. #LI-SJ1 Security and Compliance Rapid7 is committed to keeping customers secure. As a first line of defense, all employees are expected to uphold the highest standards of security and privacy, ensuring the protection of sensitive information and compliance with relevant regulations.

Requirements: Bachelors degree in Computer Science, Information Technology, or a related field. Strong technical knowledge in areas such as Threat Intelligence, DDOS, Security Monitoring, and SIEM tools. Hands-on experience in vulnerability management, patching (OS & applications), and remediation practices. Proficiency in TCP/IP, networking concepts, and security technologies (e.g., firewalls, proxies, antivirus, IDPS). Experience with event correlation, incident response, and malware/threat analysis. Strong scripting skills and ability to automate security processes. Excellent communication skills and ability to work collaboratively in high-pressure situations. Preferences: Master’s degree in Information Systems or a related field. SIEM, Networking/Router, or Vulnerability Management Tool certifications/training. Exposure to data center or cloud security environments (certifications are a plus). Experience in penetration testing and security assessments. Familiarity with implementing and managing VPNs, secure gateways, and encrypted communications. Proven ability to conduct security research and recommend effective enhancements. Demonstrated passion for cybersecurity and a strong drive to stay updated with industry trends.

About the Role The Manger, Software Engineering will lead the Vulnerability Coverage team who are responsible for delivering vulnerability content to customers, ensuring accuracy and reliability. They will work closely with our product management team to align on roadmaps, prioritize new coverage, and drive long-term improvements with automation pipelines. Additionally, they will drive operational excellence, collaborate with security researchers and manage delivery of coverage for emerging threats. In this role, you will: Directly manage a team of Software Engineers, coaching and mentoring team members, including scoping work and prioritising tasks Mentor engineers and help grow their skills, identify growth areas, set expectations and provide feedback Manage projects and socialising progress across engineering teams and leadership Organize cross functional deliverables by creating project plans, access and document risks, communicate status, create staffing plans. Keep a keen eye on quality, and continue to drive improvements to testing, monitoring and alerting Work cross functionally with PM, UX and Engineering to address specific customer pain points and to think strategically about the future direction of the product Work closely with other managers and teams across the product to align efforts and initiatives The skills you ll bring include: 2-3 years experience in managing software engineering teams with a track record in developing and mentoring software engineers at all levels A demonstrable passion for all things software engineering with the ability to read design documents, a solid understanding of the software development lifecycle and the ability to read code BEng, BSc or related technical field Strong project management and program management skills with experience in managing multiple, high-impact projects A customer centric approach with the ability to drive that throughout your teams, understanding the customers needs and drivers and putting the customer at the forefront of all decision making A solid pulse on the security landscape would be an added benefit We know that the best ideas and solutions come from multi-dimensional teams. Teams reflecting a variety of backgrounds and professional experiences. If you are excited about this role and feel your experience can make an impact, please don t be shy - apply today. About Rapid7 At Rapid7, we are on a mission to create a secure digital world for our customers, our industry, and our communities. We do this by embracing tenacity, passion, and collaboration to challenge what s possible and drive extraordinary impact. Here, we re building a dynamic workplace where everyone can have the career experience of a lifetime. We challenge ourselves to grow to our full potential. We learn from our missteps and celebrate our victories. We come to work every day to push boundaries in cybersecurity and keep our 10,000 global customers ahead of whatever s next. Join us and bring your unique experiences and perspectives to tackle some of the world s biggest security challenges. Experience in communicating with variety of audience e.g. Executives, customers Strong cross-functional skills, with the ability and desire to build relationships with other teams including Product Management, UX and engineering teams to achieve broader company objectives Capable of managing through high-intensity situations when they arise #LI-SJ1 Security and Compliance Rapid7 is committed to keeping customers secure. As a first line of defense, all employees are expected to uphold the highest standards of security and privacy, ensuring the protection of sensitive information and compliance with relevant regulations.

The India Climate Collaborative (ICC) is hiring a Program Manager - Heat to lead the implementation of our emerging strategy on extreme heat resilience and climate-friendly cooling. This is a critical mid-level role focused on converting ideas into action driving program execution, building a domestic donor coalition, and strengthening cross-sector partnerships. The Program Manager will oversee the day-to-day delivery of ICC s heat program, coordinating stakeholders, managing key workstreams, organizing high-impact events, and ensuring alignment across internal teams. You will serve as a key bridge between knowledge, philanthropy, and action helping ICC translate insights into scalable solutions for heat resilience and equitable cooling in India. You will report to the Intelligence & Advisory Team Lead and collaborate closely with ICC s engagement, philanthropy, communications, and operations teams. Key Responsibilities 1. Programme Delivery & Implementation Support the execution of ICC s heat program strategy, translating priorities into clear workplans and deliverables. Manage the day-to-day operations of the program, including budgeting, timeline tracking, reporting, and outcome monitoring. Ensure strong project management discipline across workstreams such as heat vulnerability storytelling, sector mapping, or donor advisory services. 2. Donor Coalition Building Support and coordinate a donor coalition focused on heat and cooling helping align funders around shared priorities and catalyse new philanthropic capital. Develop clear investment cases, knowledge briefs, and donor-facing content to support engagement and stewardship. Serve as a relationship manager for coalition members, tracking interests, reporting progress, and facilitating collaboration. 3. Partnership Development & Stakeholder Engagement Build and manage relationships with key stakeholders across philanthropy, civil society, government, and the private sector. Identify and activate new partnerships that can unlock technical expertise, local implementation capacity, or policy leverage. Represent ICC in external dialogues and multilateral platforms to spotlight heat-related priorities and position ICC as a credible sector convener. 4. Convenings & Events Management Plan and deliver high-functioning events, including roundtables, bilateral meetings, thematic convenings, and workshops. Oversee event operations developing agendas, managing logistics, coordinating with speakers and attendees, and ensuring high-quality collateral and follow-up. Work with the communications team to showcase outcomes and build visibility for ICC s heat work across networks. 5. Research & Knowledge Management Commission or conduct focused research (eg, policy mapping, donor landscape, solution assessments) to inform ICC s strategy and offerings. Synthesize findings into clear, actionable knowledge products tailored for different audiences especially donors and implementation partners. Track developments in climate, urban, and cooling policy at national and international levels to keep ICC s program responsive and relevant. 6. Cross-Functional Collaboration Work across teams (engagement, communications, finance, operations) to ensure coherence, clarity, and executional excellence. Help coordinate aligned efforts across other ICC program verticals (eg, urban resilience, public health, energy, livelihoods). Proactively manage competing priorities and anticipate upcoming tasks to keep ICC s heat programming on track. Requirements 7-10 years of experience, and significant demonstrable experience in the climate/ adaptation/ resilience space. Added advantage if experience working on heat stress/ DRR. Proficiency in MS Office tools like Word, PowerPoint, Excel etc Effective communication and interpersonal skills (both written and verbal) Ability to manage external stakeholders, including partners and technical advisors Ability to process information from multiple sources, and compile and articulate in a presentable manner

We are hiring AWS DevOps Engineer WAF & FinOps Specialist.. AWS DevOps Engineer WAF & FinOps Specialist - Aabasoft Technologies Pvt. Ltd. AWS DevOps Engineer WAF & FinOps Specialist We are looking for a highly skilled AWS DevOps Engineer with deep expertise in network security , Web Application Firewall (WAF) implementations , and cloud financial management (FinOps) . The ideal candidate will design and manage secure, scalable, and cost-optimized AWS network architectures while ensuring effective protection against cyber threats and aligning with best-in-class cloud financial governance practices. Design, deploy, and manage WAF solutions across AWS and hybrid infrastructures. Configure and administer core AWS networking services including VPCs, Route Tables, Transit Gateway, VPN, and Direct Connect. Collaborate with DevOps, Security, and Infrastructure teams to enforce zero-trust architectures and granular traffic policies . Monitor, assess, and respond to application-layer threats using AWS WAF, Shield, and Firewall Manager. Implement FinOps principles to optimize cloud networking costs and promote cost transparency. Develop and maintain dashboards for network traffic analysis and cost reporting . Partner with cross-functional teams to forecast network usage and reduce data transfer/inter-region costs. Conduct vulnerability assessments and ensure compliance with security frameworks (CIS, NIST, etc.). Automate deployment of network configurations and security policies using Terraform , CloudFormation , or similar IaC tools. Advanced knowledge of AWS networking (VPC, NACLs, Security Groups, Transit Gateway, PrivateLink). Hands-on experience with AWS WAF , AWS Shield , and Firewall Manager . Deep understanding of cloud-native networking and security architectures . Experience in applying FinOps best practices for cost optimization in AWS. Familiarity with AWS billing tools including Cost Explorer, cost allocation tags, and budgets. Experience with CDNs such as CloudFront and application-layer security integrations. Proficiency in scripting languages (e.g., Python , Bash ) and Infrastructure as Code tools. Understanding of regulatory compliance standards (ISO 27001, PCI-DSS, HIPAA) is a plus. AWS Certified Advanced Networking Specialty AWS Certified Security Specialty FinOps Certified Practitioner (FinOps Foundation)

Job Title: Principal Engineer Security & Cloud Engineering (Product & SC) Location: Hybrid Experience: 12+ years Employment Type: Full-time We are looking for a Principal Engineer to lead Security and Cloud Engineering efforts for our enterprise Java product with both On-Prem and SaaS deployments. This is a hands-on leadership role driving secure SDLC practices, DevSecOps automation, container security, and platform hardening. You will work closely with engineering, DevOps, QA, and compliance teams to protect the product and infrastructure from vulnerabilities and ensure compliance. Responsibilities Application & Infrastructure Security - Lead secure coding practices and integrate SAST, DAST, Penetration Testing, and vulnerability scanning into the development lifecycle. - Analyze and remediate findings from tools like SpotBugs, Polaris Synopsys, Acunetix, and custom security assessments. Threat Modeling & Risk Mitigation - Perform threat modeling, assess security risks including SQL injection, XSS, CSRF, and privilege escalation. - Guide teams on secure implementation patterns and anti-patterns. Cloud & Container Security - Harden Docker, Kubernetes, and SaaS infrastructure for multi-tenant, secure-by-design deployments. - Implement policies for image scanning, secrets management, network segmentation, and runtime security. Security Automation & DevSecOps - Automate security checks in CI/CD pipelines using tools like GitLab CI, Jenkins, SonarQube, etc. - Promote Infrastructure as Code (IaC) security and integrate tools for Terraform/Helm validations. Governance & Compliance - Define and enforce security standards aligned with OWASP, CIS Benchmarks, and industry best practices. - Maintain documentation and assist with security audits and compliance requirements. Mentoring & Collaboration - Mentor engineers on secure design, coding, and deployment practices. -Collaborate with product owners and engineering managers to drive secure feature development. Qualifications Required Qualifications . 12+ years of experience in application security, DevSecOps, or cloud security within enterprise Java environments. Strong knowledge of penetration testing, static/dynamic analysis, and tools like SpotBugs, Polaris, Acunetix, OWASP ZAP, etc. Expertise in secure coding, vulnerability assessment, and remediating common issues like SQL injection, XSS, and insecure deserialization. Hands-on experience with Docker, Kubernetes, Helm, and cloud-native security tooling. Familiarity with SaaS security concerns: multi-tenancy, access isolation, data encryption, and secure APIs. Experience integrating security into CI/CD pipelines and using GitOps principles. Preferred Qualifications Certifications such as OSCP, CEH, CISSP, or CKS (Certified Kubernetes Security Specialist). Prior experience with security automation, policy-as-code, or container scanning platforms (e.g., Trivy, Aqua, Prisma). Knowledge of threat modeling frameworks (e.g., STRIDE) and secure architecture principles. Exposure to Gen AI tools for secure code analysis, vulnerability triaging, or automated documentation. What We Offer Opportunity to influence product direction and architecture. A collaborative and learning-focused environment. Access to modern tools and Gen AI platforms. Competitive salary and performance bonus Health insurance Hybrid work model Company Description At Quest, we create and manage the software that makes the benefits of new technology real. Companies turn to us to manage, modernize and secure their business, from on-prem to in-cloud, from the heart of the network to the vulnerable endpoints. From complex challenges like Active Directory management and Office 365 migration, to database and systems management, to redefining security, and hundreds of needs in between, we help you conquer your next challenge now. We re not the company that makes big promises. We re the company that fulfills them. We re Quest: Where Next Meets Now. Why work with us! -Life at Quest means collaborating with dedicated professionals with a passion for technology. -When we see something that could be improved, we get to work inventing the solution. -Our people demonstrate our winning culture through positive and meaningful relationship. -We invest in our people and offer a series of programs that enables them to pursue a career that fulfills their potential. -Our team members health and wellness is our priority as well as rewarding them for their hard work. Quest is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. Come join us. For more information, visit us on the web at Quest Careers | Where next meets now. Join Quest. Job seekers should be aware of fraudulent job offers from online scammers and only apply to roles listed on quest.com/careers using our applicant system. Note: We do not use text messaging or third-party messaging apps like Telegram to communicate with applicants, so please exercise caution if you are approached in this way and only interact with people claiming to be Quest employees if they have an email address ending in @quest.com or @oneidentity.com #LI-SR1

The Sr Tech Representative, IT OPs is responsible for daily production work tasks and provides advanced system-level support of multi-user operating systems, hardware and software tools, including installation, configuration, maintenance, and support of these systems. This position demonstrates excellent knowledge of systems analysis for hardware and software. Essential Functions/Core Responsibilities Coordinates as smart hands with different portfolio and technical workgroups Provide telephony support in performing installation and troubleshooting on desktops, voice and telephone applications/hardware Perform hardware and software upgrades, deployments Attend to break/fix engagement as required for technology related problems and issues received from both internal and external clients Prepare, maintain and submit reports and applicable records of computer hardware and software inventory by site and system Perform site maintenance and safety checks of assigned equipment Perform checks and ensure that antivirus definition, Microsoft patches are updated, vulnerability remediations Spend between 60% - 70 % of time clearing trouble tickets and work orders in a timely manner. Make necessary independent decisions to correct errors or discrepancies in trouble tickets as required Performs backup for the onsite servers

We are looking for fresh BE graduates who have specialized in Cybersecurity and are passionate about building a career in information security and ethical hacking. As a part of our security team, you will work on real-world projects involving vulnerability assessments, security testing, and risk analysis, while receiving hands-on training and mentorship. : Assist in performing vulnerability assessments and penetration testing of web and mobile applications. Support in security monitoring, log analysis, and incident handling. Contribute to the development of security policies, procedures, and documentation. Work closely with development and operations teams to identify and mitigate security risks. Stay updated on emerging threats and industry best practices in cybersecurity. Required Skills: Fundamental understanding of networking, firewalls, encryption, and authentication. Familiarity with OWASP Top 10, VAPT tools (e.g., Burp Suite, Nmap), and Linux commands. Knowledge of basic scripting (Python, Bash, or PowerShell) is a plus. Good communication and documentation skills. Passionate about security, ethical hacking, and solving complex problems. Preferred Certifications (Optional but Advantageous): CEH, CompTIA Security+, or any recognized security certification/course. Cyber Security-The role involves safeguarding; and applications from hackers and ensuring compliance with regulations. Graduates with strong technical knowledge; problem-solving skills; and attention to details. Required qualifications to be successful in this role: Bachelor of Engineering (BE) - 2024/2025 pass-outs (or most recent batch) Specialization in Cybersecurity, Information Security, or a related field Strong academic background with a focus on security-related coursework or projects. Education Criteria - 60% thru out the academics Skills: English Cyber Python

Full Stack Developer 6-8 years of working experience as a Full Stack Developer. Experience with Object Oriented Programming & Design, Object-relation Mapping (ORM), NodeJS, React.JS, JavaScript, PostgreSQL, C# .NET Framework 4.8, WCF, Web API, ASP.NET, WinForms, PL/ SQL. Designs, develops, tests, deploys and supports API-based systems focusing on industry best practices. Experience working on User Story development & enhancements, Incident & Request Management tasks. Good understanding for Agile scrum process Manages individual tasks and timelines under limited supervision. Seeking continuous quality improvements by performing Application Vulnerability remediation for supported systems. Assists in problem analysis and submits recommendations when appropriate. Proficiency in multiple tools of the full stack covering frontend frameworks, databases and deployments Demonstrated ability to quickly learn new technologies Ability to solve moderately complex problems, drawing upon technical experience, precedents, and judgement Strong communication skills, including ability to explain complex information in straightforward situations Hongkong Rotational Hours: Shift1 : Normal Business Hours: 7:00 AM to 4:00 PM IST Shift2: Normal Business Hours: 3:00 PM to 12:00 AM IST

Hring for Qualys Admin - Hyderabad Required Information Details Role Qualys Admin Required Technical Skill Set Qualys Guard Desired Experience Range 3-6 years Must-Have Must have experience with Qualys vulnerability scanning and reporting. Must have experience troubleshooting issues with database, CyberArk credentials, Qualys Cloud Agents in Windows, Linux, and MacOS. Knowledge of Cloud agent installation and troubleshooting. Good-to-Have Nice to have advanced knowledge of IP networking, routing, firewalling. Experience with developing reports in Qualys and any automation via Qualys API. Web application configuration and scanning.

Company Profile: Founded in 1976, CGI is among the largest independent IT and business consulting services firms in the world. With 94,000 consultants and professionals across the globe, CGI delivers an end-to-end portfolio of capabilities, from strategic IT and business consulting to systems integration, managed IT and business process services and intellectual property solutions. CGI works with clients through a local relationship model complemented by a global delivery network that helps clients digitally transform their organizations and accelerate results. CGI Fiscal 2024 reported revenue is CA$14.68 billion and CGI shares are listed on the TSX (GIB.A) and the NYSE (GIB). Learn more at cgi.com. Position: Lead Analyst/Associate Consultant Experience: 8 to 12 years Category: Software Development/ Engineering Location: Bangalore / Hyderabad / Chennai / Pune / Mumbai Position ID: J0125-0745 Employment Type: Full Time Education Qualification: Bachelors degree in Computer Science or related field or higher with minimum 8 years of relevant experience. 8+ years of penetration testing experience, preferably in highly regulated industries and for global clients Proficiency with scripting and programming languages, mainly Python Perform Penetration Testing for networks (internal & external), applications, APIs & cloud assessments Vulnerability identification and analysis Collaborate with team members and stakeholders to define project scopes, review test results, and determine remediation steps Advanced problem-solving skills Any security certifications are a plus Strong written and verbal communication skills Ability to work autonomously with little directional oversight Ability to lead a project and multiple testers Commitment to quality and on-schedule delivery; and a proven ability to establish and meet milestones and deadlines Customer-focused mentality to understand and appropriately respond to customers business needs Draft reports and communicate complex security concepts and test findings to clients and stakeholders Make expert recommendations to help clients improve their information security program Work on researching & developing utilities, toolkits, processes, tactics, and techniques Required qualifications to be successful in this role: Must to have skills-Penetration testing, DAST Testing, SAST Testing, OWASP top 10 Good to have skills- Python Skills: Java Python Vulnerability Assessment(IAVA) Vulnerability Testing (IAVT)

industries Overview Banking, financial services and insurance (BFSI) Fintech Media Global Capability Centers Technology Healthcare E-Commerce Oil and Gas Need different solutions Ikrux s scalable solutions adapt to your needs, ensuring robust protection without compromise. Job Category: AWS CI/CD security pipelines python STRIDE Job Type: Full Time Job Location: Gurugram We are hiring for an Application Security Architect with 6 to 9 years of experience for a role based in Gurgaon . The candidate will be responsible for designing and implementing secure application architecture for AWS-hosted environments . Key responsibilities include ensuring secure-by-design initiatives across the SDLC , conducting threat modeling , and producing Architecture Decision Records (ADRs) . The role involves close collaboration with DevOps, software engineers, security teams, and cloud architects . The candidate will define secure coding standards , design CI/CD security pipelines , and integrate tools such as SAST, DAST, MAST, SCA , and IaC scanning . You ll develop security reference architectures for AWS microservices, containers, and serverless setups. The role also involves incident response , vulnerability remediation , and participating in governance, audits, and compliance . Required qualifications include 7+ years in application security or related roles , with 3+ years of hands-on AWS experience using services like IAM, KMS, Terraform, and CodePipeline . Proficiency in Python, Java, Go , or Node.js , along with knowledge of OWASP Top 10 and STRIDE threat modeling , is expected. Security certifications such as GWEB, GPEN , or AWS Certified Solutions Architect are highly desirable.

YOU MUST HAVE: Bachelor s degree or equivalent work experience in Cyber Security or Information Technology Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among stakeholders WE VALUE: Understanding of Agile software development practices. Understanding DevsecOps and have a good working understanding of tooling specific to CI/CD pipelines and security tooling. Information Security accreditation (CISSP/CSSLP or other security related certifications) Experience with widely used security tools like SD Elements, BlackDuck Hub, Microsoft Threat modeling tool, SAST (Coverity, SonarQube), DAST (Burp, ZAP, AppSpider), Fuzzing, Vulnerability management and continuous monitoring tools Sound understanding of Cryptography, encryption algorithms, Public Key Infrastructure (PKI), Secure boot and Open-source risk management. YOU MUST HAVE: Bachelor s degree or equivalent work experience in Cyber Security or Information Technology Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among stakeholders WE VALUE: Understanding of Agile software development practices. Understanding DevsecOps and have a good working understanding of tooling specific to CI/CD pipelines and security tooling. Information Security accreditation (CISSP/CSSLP or other security related certifications) Experience with widely used security tools like SD Elements, BlackDuck Hub, Microsoft Threat modeling tool, SAST (Coverity, SonarQube), DAST (Burp, ZAP, AppSpider), Fuzzing, Vulnerability management and continuous monitoring tools Sound understanding of Cryptography, encryption algorithms, Public Key Infrastructure (PKI), Secure boot and Open-source risk management. Key Responsibilities: Lead efforts with the development teams to manage product risk and apply the appropriate security controls Drive best in class security requirements into product and service offerings. Provide architecture and best practices guidance in building secure Honeywell products. Support product security process activities including threat modeling, security requirements, security reviews, threat vulnerability assessments and risk management for IA applications. Must have product architecture and development background with Secure software development lifecycle experience. Understanding of security by design principles and architecture level security concepts up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities Containers, and VMs, through secure configurations and performing periodic security reviews. Lead efforts in mentoring and training the engineering development community and facilitate adoption of shift-security-to-left practice Lead new initiatives that add value to SDL processes and procedures Key Responsibilities: Lead efforts with the development teams to manage product risk and apply the appropriate security controls Drive best in class security requirements into product and service offerings. Provide architecture and best practices guidance in building secure Honeywell products. Support product security process activities including threat modeling, security requirements, security reviews, threat vulnerability assessments and risk management for IA applications. Must have product architecture and development background with Secure software development lifecycle experience. Understanding of security by design principles and architecture level security concepts up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities Containers, and VMs, through secure configurations and performing periodic security reviews. Lead efforts in mentoring and training the engineering development community and facilitate adoption of shift-security-to-left practice Lead new initiatives that add value to SDL processes and procedures

"> Urgent Opening For ServiceNow SecOps Lead Location : Chennai / Hyderabad / Pune Experience : 4 To 10 Year Opportunity : Full Time Desired Competencies (Technical/Behavioral Competency ) Must-Have ServiceNow implementation experience in Security operations Security Incident Response, Vulnerability Response, Threat Intelligence, Configuration Compliance or modules ServiceNow implementation experience in ITSM modules (Incident, Problem, Change, CMDB & Asset not limited to) will be an added advantage. Working experience in implementation of catalog items and record producers. Working experience in configuring Security incident response applications and OOB/ custom integration build with SIEM tool/ TI enrichment tools Experience in building email integration for importing suspicious emails as Security incidents (Phishing use case) Working experience in configuring Vulnerability response applications and integration with one of vulnerability scanner tool Build service requests from customer requirements including requests, request items and tasks using workflows -to manage data flows from the customer to the support teams providing the service Uses scripting tools and Service Now functionality create script to automate rote tasks being done in Service Now. Performs integrations and process automation using Service Now Orchestration. Load, manipulate and maintain data between ServiceNow and other systems. Thorough understanding of ServiceNow Security incident response and Vulnerable Item processes Performs system and integration testing with sample and live data Monitor health, usage, and overall compliance of the application. Job Location: Chennai , Hyderabad , Pune First Name As per Pancard Last Name As per Pancard Email Mobile Number Total Experience Relevant Experience Notice Period --Select-- 30 days 45 days 60 days 90 days Immediate Serving Notice Period Last Working Date Current Location --Select-- Bangalore Hyderabad Mumbai Pune Chennai Kolkata Delhi Noida Gurugram Other Location Certifications Key Skills Upload Your Resume Allowed File Types: .pdf, .doc, .docx, .jpg File size should be below 5 MB. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Submit

A brief about the job: Ayekart is at the forefront of revolutionising the food and agricultural landscape by delivering innovative and impactful solutions tailored to the industry. We seek a dynamic and experienced SVP / VP of Engineering and Delivery to join our team. The ideal candidate should deeply understand the fintech and supply chain industry, particularly B2B SaaS products and API Banking. Key Responsibilities: Leadership Management: Lead and manage a high-performing engineering team, fostering a culture of innovation, collaboration, and continuous improvement. Provide technical guidance, mentorship, and career development for team members. Collaborate with cross-functional teams, including Product, Design, and Operations, to align engineering efforts with business goals. Drive the execution of engineering initiatives, ensuring on-time delivery of high-quality products. System Designs Architecture: Design and oversee the implementation of scalable, secure, and high-performance software architectures. Lead the architectural decisions for complex, distributed systems, ensuring alignment with industry best practices and business requirements. Stay updated with the latest trends in system design and architecture trends to ensure our technology stack remains cutting-edge. Technical Expertise: Hands-on involvement in software development, particularly in Node.js and React.js, to set technical standards and guide the team. Ensure the engineering team can adopt best practices in coding, architecture, and security. Drive innovation in AI technologies, integrating AI/ML models into our fintech product offerings. Added advantage if experienced in Loan Origination Systems (LOS), Loan Management Systems (LMS), Business Correspondents (BC), and Co-lending product development. Implement robust security practices to protect data and ensure compliance with relevant regulations. Lead the development of secure coding practices, conduct regular security audits, and manage vulnerability assessments. Oversee the design and optimisation of database schemas and queries to ensure performance, scalability, and reliability. Ensure the effective use of database technologies, including relational and NoSQL databases. API Banking s Fintech Integration: Strong awareness of API banking and its integration into fintech solutions. Drive the development and integration of API-based services for seamless connectivity with banking and financial systems. AI s Machine Learning: Led the integration of AI/ML technologies into the product, working closely with data scientists and machine learning engineers. Drive AI-driven innovation and identify opportunities to leverage AI for business growth. Contribute to the company s strategic direction by aligning engineering goals with business objectives. Develop and manage the engineering budget, ensuring efficient use of resources. Team Development s Culture: Build and nurture a strong engineering culture that values diversity, inclusion, and professional growth. Organise and participate in code reviews, technical workshops, and team-building activities. Experience: 15+ years of software engineering experience with a strong track record of leadership in a senior engineering and delivery role. Advanced proficiency in Node.js and React.js will be an added advantage. Strong experience in system design, architecture, and distributed systems. In-depth knowledge of security best practices and secure coding standards. Hands-on experience with database technologies (SQL, NoSQL). Experience with AI/ML technologies and their integration into software products. Knowledge and experience with Loan Origination Systems (LOS), Loan Management Systems (LMS), Business Correspondents (BC), and Co-lending product development. Awareness of API banking and fintech integrations. Proven experience in managing and scaling engineering teams. Strong ability to mentor, coach, and develop engineering talent. Ability to align technical initiatives with business goals. Experience in driving innovation and continuous improvement in a fast-paced environment. Soft Skills: Excellent communication and interpersonal skills. Strong problem-solving abilities and decision-making skills. Ability to work collaboratively with cross-functional teams.

Design, implement, and assess cybersecurity controls across IT and OT environments. Conduct vulnerability assessments, develop secure architectures, and ensure compliance with standards Required Candidate profile Experienced in hands-on cybersecurity engineering and threat assessment with exposure to IT and OT. Strong in vulnerability scanning, architecture reviews, and cross-functional collaboration.

HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Amazon, Anthropic, Crypto.com , General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024. HackerOne Values HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability. Position Summary Based in our Pune 0ffice - 4-5 days a week. As a Triage Analyst at HackerOne, you will be the first point of contact for incoming vulnerability reports. Your role will focus on the initial intake, evaluation, and assignment of these reports, ensuring they are directed to the appropriate triage team members for further analysis. This position is ideal for someone with foundational knowledge of security vulnerabilities who is eager to develop their expertise in vulnerability triage. What You Will Do Initial Intake: Receive and process incoming vulnerability reports, ensuring that all necessary information is included before passing them on to the triage team. Preliminary Assessment: Conduct an initial assessment of the reports to identify obvious false positives and ensure they align with the program s scope. Collaboration: Work closely with the triage team to ensure smooth handoff and follow-up on any required additional information from hackers. Documentation: Assist in maintaining accurate records of report intake and initial findings, supporting the team in tracking and prioritizing reports. Communication: Provide clear and concise communication with hackers regarding the status of their submissions and any missing details required for further evaluation. Continuous Learning: Stay updated on the latest security trends and vulnerabilities to enhance your understanding and support your growth within the triage team. Validation: Responsible for validating quick wins, including redundant or basic vulnerabilities, ensuring they are efficiently and accurately assessed due to their ease and speed of validation. Minimum Qualifications 1+ years of experience working on vulnerability disclosure and bug bounty programs. 1+ years of experience of web application security testing Basic web and mobile application security understanding, including familiarity with the OWASP Top 10. Experience using basic security testing tools (e.g., Burpsuite). Strong attention to detail and ability to follow procedures for initial report intake. Excellent written and verbal communication skills. Self-motivated with a willingness to learn and grow within the security field. Excellent decision making skills Must be able to work from a HackerOne office in Pune 4-5 days per week Able to work shift work. We are hiring for the following shifts: 8am - 5pm IST, 12:30-9.30pm IST, and 6.30pm - 3.30am IST. English fluency India Compensation Bands: 2,160,000 INR - 2,385,000 INR per year #LI-MR1 Job Benefits: Health (medical, vision, dental), life, and disability insurance* Equity stock options Retirement plans Paid public holidays and unlimited PTO Paid maternity and parental leave Leaves of absence (including caregiver leave and leave under COs Healthy Families and Workplaces Act) Employee Assistance Program Flexible Work Stipend *Eligibility may differ by country Were committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR). Visa/work permit sponsorship is not available. Employment at HackerOne is contingent on a background check. HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws. This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time. For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

Job Description We are seeking a highly skilled Lead DevOps Engineer with strong On-Premise infrastructure expertise to join our team and drive the end-to-end deployment, scalability, and operationalization of machine learning models in production. You will collaborate closely with data scientists, data engineers, and DevOps teams to ensure seamless CI/CD, reproducibility, monitoring, and governance of ML pipelines. Key Responsibilities Design, implement, and maintain CI/CD pipelines for deploying and monitoring microservices efficiently in on-premise environments. Manage infrastructure as code using Terraform (or equivalent on-prem solutions) for repeatable and scalable provisioning. Deploy and optimize containerized applications using Docker across on-premise environments, integrating with systems such as Harbor (or other private registries), Vault, and on-prem messaging/file storage solutions. Apply best practices for securing Docker images, including vulnerability scanning, reducing image size, and optimizing build efficiency. Implement and maintain centralized logging, monitoring, and alerting systems (e.g., Prometheus, Grafana, ELK stack) to ensure system reliability and observability. Ensure security best practices across on-prem environments, including secrets management, access control, and compliance with organizational policies. (Nice to have) Design and manage multi-client architectures within shared pipelines and storage solutions (e.g., NFS, Object Storage). Qualifications 6+ years of experience in DevOps or MLOps with a strong focus on production-grade ML solutions in on-premise infrastructure. Strong expertise in CI/CD tooling, container orchestration (Docker, Kubernetes on-prem clusters), and on-premise infrastructure security. Proficiency in Terraform (or Ansible, Puppet, or similar tools) for infrastructure automation. Deep understanding of Docker, including best practices for securing, optimizing, and managing images. Experience implementing centralized logging and monitoring using on-prem tools (e.g., ELK, Prometheus, Grafana). Experience with security best practices, including secrets management, role-based access, and compliance in an on-premise environment. Experience with Docker Compose for local development and multi-container orchestration.

Evaluate assigned vulnerability reports submitted by hackers to determine the validity, risk and severity to HackerOne customers Collaborate with hackers to address missing information from reports as well as educate the HackerOne community members when reports are invalid Compose a technical summary for each valid report that includes clear and concise details regarding the impact, steps to reproduce and remediation advice Ensure clear and efficient communication between hackers and customers Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success Assess vulnerability findings and determine whether the submission is valid based on program policies, scope and impact. Independently reproduce reported vulnerabilities in a test environment and compose a technical summary for valid findings. Minimum Qualifications Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required) Hands-on experience doing security testing or ethical hacking on web and mobile applications Strong technical knowledge of OWASP top 10 Comfortable using security testing tools including Burpsuite Excellent written and verbal communication skills Experience using frameworks such as CVSS Self-motivated and able to manage your time and energy output while maintaining a consistent and sustainable operational rhythm This role is based in our Pune office and you must be able to work 4-5 days a week in office You must be open to and flexible around shift work., English fluency

Security Engineer - IT Services and Software Development company We are looking for a Security Engineer with 1 to 2 years of experience to help protect and secure our IT infrastructure. The role involves monitoring systems, conducting vulnerability assessments, and responding to security incidents. Key Responsibilities Monitor and respond to security threats and incidents. Perform vulnerability assessments and implement security best practices. Manage security tools (e.g., firewalls, SIEM, antivirus). Assist in system hardening and patch management. Help develop and enforce security policies. Collaborate with IT teams on security initiatives. Requirements Bachelor s degree in Computer Science, Information Security, or related field. 1 to 2 years of experience in cybersecurity or related roles. Knowledge of firewalls, VPN, encryption, and security tools. Familiarity with cloud security (AWS, Azure, GCP) and web application security is a plus Basic experience with vulnerability scanning and penetration testing. Strong problem-solving and communication skills. Good communication and collaboration skills. Security certifications (e.g., CompTIA Security+, CEH) are a plus.

Network Security Engineer Job Description Sizing, Design, Deploy & Manage Firewall, IPS, Content Filtering & other NGFW functionalities - FortiGate /Palo Alto. Administrative experience on Network & Network Security builds spanned across Switching, Dynamic routing, Data communication and relevant protocols, various clustering mechanisms Extensive experience on Citrix based Load Balancers & Web Application Firewalls Experience on managing & supporting Cisco ISE Based TACACS Good Understanding on Data Center technologies like Virtualization, SDN/NFV using NSX, Hyper-Convergence, and other concepts within VMware needed for Network/Network Security DC Designs Understanding on concepts like Micro-Segmentation within NSX, FortiGate & Arista, Public & Private Cloud offerings within the Network Security space Experience on handling Major incidents which involves working with different stake holders for incident resolution Experience or Ability for the Root cause analysis Experience on supporting Security Assurance Tasks like Vulnerability Closure, Configuration Compliance, Risky Rule Review Support Security Incident Detection, response & mitigation Team Player with capability to train junior team members as required Familiar with ITIL framework Certifications Preferred: FortiGate / Palo Alto Total Experience: Minimum 5 years experience in infra security domain Level: Consultant / Sr. Consultant Shift: 24*7 shifts. Location: Any (Mumbai, Bangalore, Pune, Hyderabad, Chennai) (WFH + Work from office in hybrid mode)

Key Responsibilities: Conduct red team exercises to simulate sophisticated, real-world attacks and evaluate the effectiveness of security controls. Perform targeted penetration tests and vulnerability assessments to uncover and exploit security weaknesses. Develop and execute complex attack scenarios to challenge the organizations defenses. Collaborate with defensive security teams to remediate identified vulnerabilities and enhance security measures. Utilize and integrate advanced offensive security tools, such as Metasploit, Burp Suite, and Kali Linux, into the red team testing framework. Provide expert analysis and interpretation of red team tools and their results. Create and maintain detailed documentation related to red team activities, including test plans, attack scenarios, and incident response procedures. Contribute to the development and delivery of specialized security training and awareness programs focused on red team techniques. Ensure design and implementation of security controls and best practices from a red team perspective. Support the Offensive Security Lead in developing and refining the red team program. Assist with the evaluation and implementation of new red team technologies and improvements to existing processes. Qualifications: Bachelor s degree in computer science, Information Security, or a related technical field. 4+ years of experience in offensive security, with a focus on penetration testing and red teaming. In-depth understanding of encryption technologies, authentication protocols, and other security mechanisms. Preferred Skills: Relevant security certifications (e.g., OSCP, OSCE, CEH, GPEN). Key Responsibilities: Conduct red team exercises to simulate sophisticated, real-world attacks and evaluate the effectiveness of security controls. Perform targeted penetration tests and vulnerability assessments to uncover and exploit security weaknesses. Develop and execute complex attack scenarios to challenge the organizations defenses. Collaborate with defensive security teams to remediate identified vulnerabilities and enhance security measures. Utilize and integrate advanced offensive security tools, such as Metasploit, Burp Suite, and Kali Linux, into the red team testing framework. Provide expert analysis and interpretation of red team tools and their results. Create and maintain detailed documentation related to red team activities, including test plans, attack scenarios, and incident response procedures. Contribute to the development and delivery of specialized security training and awareness programs focused on red team techniques. Ensure design and implementation of security controls and best practices from a red team perspective. Support the Offensive Security Lead in developing and refining the red team program. Assist with the evaluation and implementation of new red team technologies and improvements to existing processes. Qualifications: Bachelor s degree in computer science, Information Security, or a related technical field. 4+ years of experience in offensive security, with a focus on penetration testing and red teaming. In-depth understanding of encryption technologies, authentication protocols, and other security mechanisms. Preferred Skills: Relevant security certifications (e.g., OSCP, OSCE, CEH, GPEN).

What awaits you/ Job Profile This role focuses on enhancing and monitoring cybersecurity measures within the software development lifecycle. The analyst creates security-related documentation, performs conformity checks, identifies IT risks, and ensures compliance with industry standards and best practices. What should you bring along Create cyber security related artefacts, such as IT risk reports, conformity checks and cyber threat modeling (OWASP) Monitor the software development process, performing configuration management, identifying safety, performance, and compliance issues Identify potential IT risks, including cybersecurity threats, system vulnerabilities, and compliance gaps Analyze the potential impact of these risks on the business and its customers and assess the likelihood and severity of risks Ensure IT systems and processes comply with relevant regulations and organizational policies Stay informed about changes in regulations and industry best practices Conduct risk assessments and audits Provide training and awareness programs on IT risk management Support IT projects and initiatives related to risk management Must have skill Strong understanding of IT compliance requirements and security principles, Cyber threat modeling (OWASP) Proficiency in risk evaluation and documentation. Ability to implement security monitoring solutions and respond to security incidents effectively. Experience in conducting vulnerability assessments and penetration testing for cloud applications. Understanding of integrating security into DevOps practices to ensure secure application development and deployment.