1262 Application Security Jobs - Page 47

Role Purpose The role incumbent is focused on implementation of roadmaps for business process analysis, data analysis, diagnosis of gaps, business requirements & functional definitions, best practices application, meeting facilitation, and contributes to project planning. Consultants are expected to contribute to solution building for the client & practice. The role holder can handle higher scale and complexity compared to a Consultant profile and is more proactive in client interactions. Do Assumes responsibilities as the main client contact leading engagement w/ 10-20% support from Consulting & Client Partners. Develops, assesses, and validates a client’s business strategy, including industry and competitive positioning and strategic direction Develops solutions and services to suit client’s business strategy Estimates scope and liability for delivery of the end product/solution Seeks opportunities to develop revenue in existing and new areas Leads an engagement and oversees others’ contributions at a customer end, such that customer expectations are met or exceeded. Drives Proposal creation and presales activities for the engagement; new accounts Contributes towards the development of practice policies, procedures, frameworks etc. Guides less experienced team members in delivering solutions. Leads efforts towards building go-to-market/ off the shelf / point solutions and process smethodologies for reuse Creates reusable IP from managed projects Mandatory Skills: Agile DevSecOps Consulting. Experience5-8 Years.

Role Purpose The purpose of this role is to provide significant technical expertise in architecture planning and design of the concerned tower (platform, database, middleware, backup etc) as well as managing its day-to-day operations Do Provide adequate support in architecture planning, migration & installation for new projects in own tower (platform/dbase/ middleware/ backup) Lead the structural/ architectural design of a platform/ middleware/ database/ back up etc. according to various system requirements to ensure a highly scalable and extensible solution Conduct technology capacity planning by reviewing the current and future requirements Utilize and leverage the new features of all underlying technologies to ensure smooth functioning of the installed databases and applications/ platforms, as applicable Strategize & implement disaster recovery plans and create and implement backup and recovery plans Manage the day-to-day operations of the tower Manage day-to-day operations by troubleshooting any issues, conducting root cause analysis (RCA) and developing fixes to avoid similar issues. Plan for and manage upgradations, migration, maintenance, backup, installation and configuration functions for own tower Review the technical performance of own tower and deploy ways to improve efficiency, fine tune performance and reduce performance challenges Develop shift roster for the team to ensure no disruption in the tower Create and update SOPs, Data Responsibility Matrices, operations manuals, daily test plans, data architecture guidance etc. Provide weekly status reports to the client leadership team, internal stakeholders on database activities w.r.t. progress, updates, status, and next steps Leverage technology to develop Service Improvement Plan (SIP) through automation and other initiatives for higher efficiency and effectiveness Team Management Resourcing Forecast talent requirements as per the current and future business needs Hire adequate and right resources for the team Train direct reportees to make right recruitment and selection decisions Talent Management Ensure 100% compliance to Wipro’s standards of adequate onboarding and training for team members to enhance capability & effectiveness Build an internal talent pool of HiPos and ensure their career progression within the organization Promote diversity in leadership positions Performance Management Set goals for direct reportees, conduct timely performance reviews and appraisals, and give constructive feedback to direct reports. Ensure that organizational programs like Performance Nxt are well understood and that the team is taking the opportunities presented by such programs to their and their levels below Employee Satisfaction and Engagement Lead and drive engagement initiatives for the team Track team satisfaction scores and identify initiatives to build engagement within the team Proactively challenge the team with larger and enriching projects/ initiatives for the organization or team Exercise employee recognition and appreciation Deliver NoPerformance ParameterMeasure1Operations of the towerSLA adherence Knowledge management CSAT/ Customer Experience Identification of risk issues and mitigation plans Knowledge management2New projectsTimely delivery Avoid unauthorised changes No formal escalations Mandatory Skills: Application Security Risk. Experience5-8 Years.

Role is SAP subject matter expert/architect role for Security. Key responsibilities will involve working with Business Stakeholders, understanding requirements, translating user requirements into SAP IT scope, assessing impact on application & connected systems, estimating high level schedule and efforts to implement solution and ensure successful technical delivery Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Candidate must have minimum 3-5 years of solid SAP Security Implementation experience with focus on Role authorizations. Solid implementation and hands-on experience in S/4HANA Experience in working with stakeholders and leading SAP security projects. Sound understanding of SOD - segregation of duties. Support technical requirement gathering, develop prototypes/PoCs/recommend solutions with limited information from the business, delivery quality technical specifications and documentation Preferred technical and professional experience SOX/GRC Control experience

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools. Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

Job Title: Application Security Engineer SAST & DAST Experience Required: 3 to 8 Years Location: Hyderabad / Bangalore / Chennai / Mumbai / Pune / Kolkata / Gurgaon Mode of Interview: MS Teams (12 rounds) Notice Period: 0 to 30 Days Job Overview: We are looking for an experienced Application Security Engineer specializing in SAST & DAST to join our growing team. The ideal candidate will be responsible for integrating security throughout the software development lifecycle (SDLC), implementing and managing security tools, and driving security best practices across the organization. Key Responsibilities: Implement and manage application security testing activities throughout the development, deployment, and maintenance phases. Perform Static Application Security Testing (SAST) using tools like Checkmarx and Fortify . Execute and manage Dynamic Application Security Testing (DAST) tools such as AppScan and WebInspect . Conduct secure code reviews in languages including Java, .NET, Swift, Objective-C . Integrate security tools in DevOps pipelines and CI/CD environments (e.g., Jenkins, TeamCity, Bamboo, Chef, Puppet). Apply OWASP Top 10 , SANS Secure Coding Practices , and Security Engineering Principles during development and assessment. Analyze, triage, and report vulnerabilities using CVSS scoring and determine business impact. Perform penetration testing for web, mobile, and desktop applications. Implement mobile security testing techniques, including bypassing SSL pinning , root detection , reverse engineering , and manifest analysis . Work with containerized environments such as Docker and Kubernetes . Utilize at least one scripting language (e.g., Python, Bash, PowerShell) for automation or security tooling. Required Skills & Experience: Strong experience with SAST and DAST tools (Checkmarx, Fortify, AppScan, WebInspect) Familiarity with OWASP Top 10 , secure coding practices, and vulnerability remediation Proficient in secure code review for Java, .NET, Swift, Objective-C Solid understanding of DevSecOps practices and security toolchain integration Hands-on experience with CI/CD tools (Jenkins, TeamCity, Bamboo, etc.) Experience with container security in Docker/Kubernetes environments Knowledge of CVSS scoring and vulnerability risk assessment Understanding of mobile application security techniques and concepts Experience with scripting in Python, Bash, or equivalent Preferred Qualifications: Security certifications (e.g., CEH, OSCP, GWEB, GWAPT, Security+ ) Exposure to cloud environments (AWS, Azure, GCP) from a security standpoint Familiarity with automated testing tools like Selenium Experience working in Agile and DevOps environments Interested Candidates can share your updated resume to subashini.gopalan@kiya.ai

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Are you passionate about cybersecurity and looking for an exciting role where you can make a difference? If so, we have an opportunity for you! As a Security Specialist at Kyndryl, you will play a crucial role in enabling and securing our customer organizations, cultures, and ecosystems. Your responsibilities will be varied and dynamic, spanning asset classification models, risk assessment reports, information security policies, security solution scenarios, implementation plans, organization models, procedures, security services, security effectiveness evaluation reports, and security awareness workshops. You will be tasked with configuring, monitoring, and managing the performance of networks to maintain the quality of services, while also protecting organizational infrastructure from malicious cyber-attacks. As a key member of our team, you will assess, predict, prevent, and manage the risk of IT infrastructure and data, helping our customers stay ahead of the curve and ensure their systems are secure. You will develop and implement security policies and procedures, working closely with other departments to ensure that all security measures are in place and operating effectively. But that is not all – at Kyndryl you will have the opportunity to explore innovation in CyberSecurity data science – taking information that has been gathered and looking for areas to have that “Ah Ha” moment. Drawing conclusions and patterns from the data across single and multiple clients. Creating new ideas in the area of risk management and risk quantification. In addition to your technical responsibilities, you will also play a key role in raising awareness of potential security threats through technical security training on best practices. This is an exciting opportunity to help shape the culture of our clients' organizations and make a tangible impact on their security posture. If you have a passion for cybersecurity – governance, risk and compliance, are looking for a challenging and dynamic role, and want to work with a team of like-minded individuals, then we want to hear from you! Join us as a Security Specialist and help us secure the future of our clients' organizations. Your Future at Kyndryl Every position at Kyndryl offers a way forward to grow your career. We have opportunities that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Experience: 3 to 6 years of experience in IT security with a strong understanding of information security principles and best practices. Expertise in application security, vulnerability management, cloud security ( AWS, Azure) and threat modeling. Risk Management & Compliance (NIST, GDPR, PCI DSS) Experience with programming languages and technologies, including Java, APIs, ASP.Net, Spark, Python, and React.js. Strong ability to conduct independent application security assessments (ASA, API Security), security control assessments, and risk reviews. Hands-on experience in security processes within the Software Development Lifecycle ( Secure by Design in SDLC ). Knowledge of security tools, customer/business interaction, and strong communication & stakeholder management skills required Ability to analyze security architectures and provide relevant security policies and recommendations. In-depth knowledge of regulatory compliance frameworks such as GDPR, NYDFS, SCHREMS, DORA, ECB Audit, NIST, and SECAIA. Proficiency in cloud and network security, identity and access management (IAM), data encryption, and SIEM tools. Exposure to security tools like Qualys, Nessus, Nmap, Burp Suite, SonarQube, Netsparker, OWASP, and open-source security testing tools. Experience in planning and executing security action plans while maintaining security documentation as per organizational guidelines. Ability to drive Secure by Design principles throughout the SDLC and train teams on the latest security technologies. Excellent problem-solving skills, adaptability, and interpersonal skills to collaborate with cross-functional teams. Preferred Technical and Professional Experience: Proven track record in implementing security solutions and compliance projects for banking service platforms and applications. Hands-on experience in DevSecOps, API security, and secure software development practices. Strong knowledge of infrastructure security, including firewalls, routers, and Wi-Fi security. Experience with security automation, penetration testing, and risk acceptance management. Ability to train and mentor teams on secure coding practices and emerging security technologies. Strong communication and influencing skills, with the ability to engage effectively with business stakeholders and technical teams. Demonstrated ability to prepare security reports and maintain clear, structured communication with project stakeholders Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

About The Role We are looking for a skilled Application Security Engineer to strengthen our security posture by proactively identifying and mitigating vulnerabilities across our web applications, APIs, and mobile apps. The ideal candidate will have a strong background in penetration testing, secure code review, and security automation. Roles & Responsibilities(What will you do): -Perform penetration testing of web applications, APIs, and mobile apps, providing in-depth vulnerability analysis and remediation guidance. -Conduct manual and automated secure code reviews, primarily in Java, Python, and JavaScript. -Develop security automation solutions using Python to streamline testing, improve coverage, and reduce manual effort. -Work closely with development teams to ensure timely resolution of security issues within fast-paced release cycles. -Create and maintain threat models, applying threat modeling techniques to proactively identify and mitigate design-level security risks. -Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities, and attack vectors while effectively communicating security findings to stakeholders. What Makes You a Great Fit -1-5 years of experience in application security, penetration testing, or related fields. -Strong penetration testing expertise with tools like Burp Suite, OWASP ZAP, semgrep, MobSF, Jadx-GUI and other mobile security testing frameworks. -Experience integrating security into SDLC and familiarity with DevSecOps tools. -Proficiency in secure coding principles, OWASP Top 10, CWE, and exploit techniques. -Strong scripting skills (Python preferred) for security automation. -Excellent communication and stakeholder management abilities. -Passion for continuous learning and staying updated on security trends. -Certifications like OSCP, OSWE, CRTP, or a proven Bug Bounty track record and/or CTF partipation are a plus PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy

About NetApp NetApp is the intelligent data infrastructure company, turning a world of disruption into opportunity for every customer No matter the data type, workload or environment, we help our customers identify and realize new business possibilities And it all starts with our people, If this sounds like something you want to be part of, NetApp is the place for you You can help bring new ideas to life, approaching each challenge with fresh eyes Of course, you won't be doing it alone At NetApp, we're all about asking for help when we need it, collaborating with others, and partnering across the organization and beyond, Job Summary This role encompasses a broad range of security responsibilities, including advanced offensive security operations, application security reviews, secure code reviews, and implementation of the Secure Software Development Lifecycle (SSDLC) The successful candidate will simulate sophisticated attacks, conduct secure code reviews, and contribute to the development of security tools Responsibilities also include ensuring cloud security and Kubernetes security The ideal candidate will possess the ability to conduct offensive security operations and apply their expertise to application security They will perform threat modeling exercises with an attacker's mindset, leveraging their experience in bug bounty programs and red teaming simulations The candidate will implement mitigations at the code level and support the Blue Team in improving detection capabilities using SIEM tools This role requires a unique blend of skills and knowledge across multiple security domains, Job Requirements Conduct Red Team exercises, simulating APTs in cloud, container, and AD environments, Develop and execute adversary simulations based on the MITRE ATT&CK framework, focusing on assume breach scenarios, Simulate attacks on software supply chains and CI/CD pipelines, Perform in-depth penetration testing (both black-box and white-box) for web applications, APIs, and networks, Conduct secure code reviews in collaboration with development teams to identify , exploit and implement mitigations on code level, Integrate security tools and practices into the CI/CD pipeline, emphasizing DevSecOps methodologies, Conduct threat modeling, design, and architectural reviews to identify potential security risks in the software development lifecycle, Provide security guidance to development teams, assisting in risk mitigation and secure development practices, Collaborate with the Blue Team to improve detection capabilities and test defensive measures, Utilize SIEM tools for incident detection and response, providing insights to enhance monitoring and alerting mechanisms, Develop and maintain custom security tools and frameworks to automate security testing and monitoring, Stay informed about emerging threats, attack techniques, and security technologies, Education Bachelors degree in computer science, information security, or a related field (or equivalent experience), At least 6 years of experience in offensive security and Application security, Proven experience in offensive security, with a strong understanding of attack vectors and techniques, Relevant certifications such as OSWE, OSCP, CRTO, or similar, Significant contributions to security through Bug bounty programs, CVEs or recognized security research, Recognized public acknowledgments in security research, Experience with scripting or programming languages like Python, Go, or Ruby for developing custom attack tools/exploits, Familiarity with CI/CD tools such as GitHub Actions, Jenkins, or TeamCity, Knowledge of security practices of cloud computing platforms like AWS, Azure, GCP, as well as k8s, At NetApp, we embrace a hybrid working environment designed to strengthen connection, collaboration, and culture for all employees This means that most roles will have some level of in-office and/or in-person expectations, which will be shared during the recruitment process, Equal Opportunity Employer NetApp is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all laws that prohibit employment discrimination based on age, race, color, gender, sexual orientation, gender identity, national origin, religion, disability or genetic information, pregnancy, and any protected classification, Why NetApp We are all about helping customers turn challenges into business opportunity It starts with bringing new thinking to age-old problems, like how to use data most effectively to run better but also to innovate We tailor our approach to the customer's unique needs with a combination of fresh thinking and proven approaches, We enable a healthy work-life balance Our volunteer time off program is best in class, offering employees 40 hours of paid time off each year to volunteer with their favourite organizations We provide comprehensive benefits, including health care, life and accident plans, emotional support resources for you and your family, legal services, and financial savings programs to help you plan for your future We support professional and personal growth through educational assistance and provide access to various discounts and perks to enhance your overall quality of life, If you want to help us build knowledge and solve big problems, let's talk, Submitting an application To ensure a streamlined and fair hiring process for all candidates, our team only reviews applications submitted through our company website This practice allows us to track, assess, and respond to applicants efficiently Emailing our employees, recruiters, or Human Resources personnel directly will not influence your application, Apply

Join us as a Security Consultant at Barclays, responsible for supporting the successful delivery of Location Strategy projects to plan, budget, agreed quality and governance standards You'll spearhead the evolution of our digital landscape, driving innovation and excellence You will harness cutting-edge technology to revolutionise our digital offerings, ensuring unparalleled customer experiences, To be successful as a Security Consultant you should have experience with: Demonstrable understanding of security solutions and designs from a people, process and technology perspective; including security technologies, controls and assessment methodologies, Strong relationship, communication and stakeholder management skills, Knowledge of information security frameworks and standards such as ISO27001/2, NIST, PCI DSS and their application into diverse environments, Competent to discuss the underlying technology and security controls with product developers, Some Other Highly Valued Skills May Include Knowledgeable about existing best practices for integration of security controls, Understanding of cloud-based implementations and application security principles Understands core development methodologies and their associated technologies, Security qualification and / or proven track record in security consultancy and advisory, Good awareness and understanding of the Barclays business unit responsibilities and structure, You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills, This role is based in Pune, Purpose of the role To enable ?secure by design, supporting the banks change programmes, design and implement a secure systems and architecture across a broad set of security domains These include data security, security risk management, asset security, security architecture and engineering (incl cloud security), communications and networks, security operations, software development, security assurance testing, identity and access management (IAM), Accountabilities Control function or security guild responsible for technology change oversight and governance, Execution of security risk assessments and building threat models during the change & development lifecycle in order to identify vulnerabilities within the banks IT systems, applications and infrastructure, ensuring that compensating security controls and countermeasures are embedded in order to enhance security posture and resilience against cyber threats provision of timely communication of key findings and recommendations to stakeholders, Enablement of DevSecOps (and shift left), by providing engagement channels for customers and stakeholders who wish to engage early seeking security advice and input into their business plans and opportunities, or technology change designs, influencing key stakeholders in COO and CSO to create security strategies to enable business and technology evolution, Support and guidance to CISO, CIO and Product Team functions providing security reviews for prospective 3rd party technology products and services, Transfer of residual risks to the business/customer as required by the banks enterprise risk management framework, Collaboration with stakeholder and IT teams to support incident response and investigations using their knowledge of the banks technology systems sharing security insights, Participation in the development and maintenance of security policies, standards and procedures aligned to the banks risk tolerance, regulatory requirements and industry best practice, Assistant Vice President Expectations To advise and influence decision making, contribute to policy development and take responsibility for operational effectiveness Collaborate closely with other functions/ business divisions, Lead a team performing complex tasks, using well developed professional knowledge and skills to deliver on work that impacts the whole business function Set objectives and coach employees in pursuit of those objectives, appraisal of performance relative to objectives and determination of reward outcomes If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard The four LEAD behaviours are: L Listen and be authentic, E Energise and inspire, A Align across the enterprise, D Develop others, OR for an individual contributor, they will lead collaborative assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments They will identify new directions for assignments and/ or projects, identifying a combination of cross functional methodologies or practices to meet required outcomes, Consult on complex issues; providing advice to People Leaders to support the resolution of escalated issues, Identify ways to mitigate risk and developing new policies/procedures in support of the control and governance agenda, Take ownership for managing risk and strengthening controls in relation to the work done, Perform work that is closely related to that of other areas, which requires understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function, Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategy, Engage in complex analysis of data from multiple sources of information, internal and external sources such as procedures and practises (in other areas, teams, companies, etc) to solve problems creatively and effectively, Communicate complex information 'Complex' information could include sensitive information or information that is difficult to communicate because of its content or its audience, Influence or convince stakeholders to achieve outcomes, All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship our moral compass, helping us do what we believe is right They will also be expected to demonstrate the Barclays Mindset to Empower, Challenge and Drive the operating manual for how we behave,

Role & responsibilities Strong knowledge on manual secure code review against common programming languages (Java, C#) Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA Preferred candidate profile •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Experience in one or more of the following a plus: AI pen testing. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation

Experience in software engineering role, with experience in DevOps and network administration. Experience with any Scripting languages such as PowerShell, Azure CLI or Batch files C++, C#, Python, Java, Cyber Security background, and medical device development experiences are a plus. Extensive experience with Virtual Machines in an R&D environment. Experience with Cloud platforms such as AWS or Azure. Demonstrated success in delivering results on technical challenges. Good understanding of Healthcare domain (regulations and standards) and Medical software development process is desired. Experience with Active Directory domain administration including group policies and certificate authorities is desired. Understanding of code signing certificates is desired. Bachelors degree in software engineering or related discipline. Experience in software engineering role, with experience in DevOps and network administration. Overall 5 to 12 years of experience in DevSecOps.

We are seeking a highly skilled and motivated AI/ML Application Security Analyst with expertise in MLSecOps and large language models (LLMs) to join our clients team. The ideal candidate will possess a deep understanding of AI/ML technologies, security best practices, and the unique challenges associated with LLMs. This role involves securing AI/ML applications and systems throughout their lifecycle, from development to deployment, ensuring the integrity, confidentiality, and availability of data and models. Key Responsibilities: Conduct security assessments and audits of AI/ML applications, including LLMs, to identify vulnerabilities and risks. Develop and implement security measures and protocols tailored for AI/ML systems and LLMs, including secure coding practices, data protection, and model integrity. Monitor AI/ML applications for security breaches, perform incident response, and implement remediation strategies. Collaborate with data scientists, machine learning engineers, and IT teams to integrate security into the AI/ML development and deployment lifecycle (MLSecOps). Stay abreast of the latest security threats, vulnerabilities, and advancements in AI/ML security, with a focus on LLMs. Create and maintain comprehensive documentation for security policies, procedures, and incident reports. Provide security training and awareness programs for AI/ML development teams to promote best practices. Evaluate third-party AI/ML solutions and services for security compliance and risk management. Implement adversarial testing and robustness evaluation to defend against attacks on AI/ML models, particularly LLMs. Required Qualifications: Bachelors degree in Computer Science, Information Security, Data Science, or a related field. Proven experience in application security with a focus on AI/ML systems, MLSecOps practices, and large language models. In-depth knowledge of AI/ML frameworks and libraries (e.g., TensorFlow, PyTorch, Scikit-learn) and LLM platforms. Familiarity with secure coding practices, vulnerability management, and threat modeling. Strong understanding of data protection and privacy regulations (e.g., GDPR, CCPA). Hands-on experience with security tools and technologies (e.g., SIEM, IDS/IPS, encryption, authentication mechanisms). Excellent analytical and problem-solving skills, with a keen attention to detail. Strong communication skills and ability to work collaboratively in a cross-functional team environment. Preferred Qualifications: Masters degree in a relevant field. Industry certifications such as CISSP, CEH, OSCP, or specific AI/ML certifications. Experience with cloud security, particularly in AWS, Azure, or Google Cloud environments. Knowledge of adversarial machine learning, model robustness, and techniques to defend against such threats. Familiarity with MLOps practices and secure deployment methods for AI/ML models. Experience with containerization and orchestration technologies (e.g., Docker, Kubernetes). Specific experience with securing LLMs and understanding of their unique security challenges. ",

Responsibilities: Architect, build, and maintain highly scalable, resilient, and secure cloud infrastructure (e.g., AWS, Azure) tailored for high-throughput media applications. Lead the design, development, and continuous enhancement of sophisticated CI/CD pipelines to automate the build, test, and deployment of our media products and services. Champion and implement Infrastructure as Code (IaC) principles and practices using tools like Terraform, CloudFormation, or Ansible across all environments. Drive the strategy and implementation for containerization (Docker) and orchestration (Kubernetes - EKS, AKS) of media-centric applications. Establish and manage comprehensive monitoring, logging, alerting, and observability solutions (e.g., Prometheus, Grafana, ELK Stack, Datadog) to ensure optimal performance and rapid incident response for media services. Define and enforce application security best practices (DevSecOps) throughout the agile Software Development Lifecycle (SDLC). Mentor and provide technical leadership to DevOps engineers, fostering a culture of innovation, collaboration, and continuous improvement in cloud and DevOps practices. Establish technical design principles and operational best practices, driving their adoption across product portfolios to integrate operational readiness into the development lifecycle. Collaborate closely with software engineering, QA, and product teams to define infrastructure requirements, troubleshoot complex issues, and ensure the successful delivery of high-quality media technology solutions. Lead efforts in performance optimization, cost management, disaster recovery planning, and business continuity for all critical media services. Requirements: BS/MS/BTech in Computer Science, Engineering, or a related field preferred. 8+ years of progressive experience in DevOps, Site Reliability Engineering (SRE), or Cloud Operations, with lead, or architectural capacity within a product-centric SaaS or Media Tech environment. Deep understanding and substantial hands-on experience with fundamental services on major cloud platforms (AWS strongly preferred; GCP or Azure is a plus), including compute, networking, storage, databases, security, and observability services. Expertise in one or more scripting/programming languages such as Python, Go, Bash, or Ruby. Excellent hands-on experience with Kubernetes, Docker container technology, and associated ecosystem tools. Proven experience as a technical leader with a strong background in software development principles and scalable web application architectures. Deep technical knowledge of cloud-native architectures and technologies relevant to media streaming, content processing, and delivery. Proficiency in driving secure SDLC with established DevOps/DevSecOps practices, metrics, and tooling. Hands-on development experience with infrastructure as code frameworks; Terraform highly preferred. Expertise in CI/CD automation tools (e.g., Jenkins, GitLab CI, CircleCI, ArgoCD) and configuration management tools. Strong understanding of networking protocols, security best practices, and compliance standards relevant to media applications. Experience with monitoring, logging, and observability stacks (e.g., Prometheus, Grafana, ELK, Datadog). Prior experience in the Media Technology domain (e.g., video streaming, VOD, live broadcast, CDNs, digital rights management) is highly desirable.

Responsibilities: Architect, build, and maintain highly scalable, resilient, and secure cloud infrastructure (e.g., AWS, Azure) tailored for high-throughput media applications. Lead the design, development, and continuous enhancement of sophisticated CI/CD pipelines to automate the build, test, and deployment of our media products and services. Champion and implement Infrastructure as Code (IaC) principles and practices using tools like Terraform, CloudFormation, or Ansible across all environments. Drive the strategy and implementation for containerization (Docker) and orchestration (Kubernetes - EKS, AKS) of media-centric applications. Establish and manage comprehensive monitoring, logging, alerting, and observability solutions (e.g., Prometheus, Grafana, ELK Stack, Datadog) to ensure optimal performance and rapid incident response for media services. Define and enforce application security best practices (DevSecOps) throughout the agile Software Development Lifecycle (SDLC). Mentor and provide technical leadership to DevOps engineers, fostering a culture of innovation, collaboration, and continuous improvement in cloud and DevOps practices. Establish technical design principles and operational best practices, driving their adoption across product portfolios to integrate operational readiness into the development lifecycle. Collaborate closely with software engineering, QA, and product teams to define infrastructure requirements, troubleshoot complex issues, and ensure the successful delivery of high-quality media technology solutions. Lead efforts in performance optimization, cost management, disaster recovery planning, and business continuity for all critical media services. Requirements: BS/MS/BTech in Computer Science, Engineering, or a related field preferred. 8+ years of progressive experience in DevOps, Site Reliability Engineering (SRE), or Cloud Operations, with lead, or architectural capacity within a product-centric SaaS or Media Tech environment. Deep understanding and substantial hands-on experience with fundamental services on major cloud platforms (AWS strongly preferred; GCP or Azure is a plus), including compute, networking, storage, databases, security, and observability services. Expertise in one or more scripting/programming languages such as Python, Go, Bash, or Ruby. Excellent hands-on experience with Kubernetes, Docker container technology, and associated ecosystem tools. Proven experience as a technical leader with a strong background in software development principles and scalable web application architectures. Deep technical knowledge of cloud-native architectures and technologies relevant to media streaming, content processing, and delivery. Proficiency in driving secure SDLC with established DevOps/DevSecOps practices, metrics, and tooling. Hands-on development experience with infrastructure as code frameworks; Terraform highly preferred. Expertise in CI/CD automation tools (e.g., Jenkins, GitLab CI, CircleCI, ArgoCD) and configuration management tools. Strong understanding of networking protocols, security best practices, and compliance standards relevant to media applications. Experience with monitoring, logging, and observability stacks (e.g., Prometheus, Grafana, ELK, Datadog). Prior experience in the Media Technology domain (e.g., video streaming, VOD, live broadcast, CDNs, digital rights management) is highly desirable.

Join our Analytics team to design, build, and deploy scalable software solutions. Youll work closely with cross-functional teams including data scientists, engineers, and project managers to deliver high-quality, efficient code and continuously improve our development practices. What Youll Do: You will be #LI-hybrid based in Hyderabad and reporting to Engineering Manager Develop and maintain cloud-based solutions (AWS/Azure) using Python (especially FastAPI) Collaborate in an agile environment across the full product lifecycle Review technical proposals, estimate efforts, and recommend solutions Refactor, debug, and support both new and existing codebases Provide technical guidance and mentorship within the team Technology : Python (FastAPI), CI/CD pipelines, AWS/Azure About Experian Experience and Skills 5+ years of experience in Python Maintaining or using pipelines for building & deployment Knowledge of containerized solutions, Kubernetes, Docker Authentication and authorization, e.g. OAuth2 Azure or AWS development Good understanding of application security principles Additional Information Our uniqueness is that we celebrate yours. Experians culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering... the list goes on. Experians people first approach is award-winning; Worlds Best Workplaces 2024 (Fortune Global Top 25), Great Place To Work in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site and Glassdoor to understand why. Benefits Experian care for employees work life balance, health, safety and wellbeing. In support of this endeavor, we offer best-in-class family well-being benefits, enhanced medical benefits and paid time off. This is a hybrid remote/in-office role. Experian Careers - Creating a better tomorrow together Find out what its like to work for Experian by clicking here

Architect, build, and maintain highly scalable, resilient, and secure cloud infrastructure (e.g., AWS, Azure) tailored for high-throughput media applications. Lead the design, development, and continuous enhancement of sophisticated CI/CD pipelines to automate the build, test, and deployment of our media products and services. Champion and implement Infrastructure as Code (IaC) principles and practices using tools like Terraform, CloudFormation, or Ansible across all environments. Drive the strategy and implementation for containerization (Docker) and orchestration (Kubernetes - EKS, AKS) of media-centric applications. Establish and manage comprehensive monitoring, logging, alerting, and observability solutions (e.g., Prometheus, Grafana, ELK Stack, Datadog) to ensure optimal performance and rapid incident response for media services. Define and enforce application security best practices (DevSecOps) throughout the agile Software Development Lifecycle (SDLC). Mentor and provide technical leadership to DevOps engineers, fostering a culture of innovation, collaboration, and continuous improvement in cloud and DevOps practices. Establish technical design principles and operational best practices, driving their adoption across product portfolios to integrate operational readiness into the development lifecycle. Collaborate closely with software engineering, QA, and product teams to define infrastructure requirements, troubleshoot complex issues, and ensure the successful delivery of high-quality media technology solutions. Lead efforts in performance optimization, cost management, disaster recovery planning, and business continuity for all critical media services. Requirements: BS/MS/BTech in Computer Science, Engineering, or a related field preferred. 8+ years of progressive experience in DevOps, Site Reliability Engineering (SRE), or Cloud Operations, with lead, or architectural capacity within a product-centric SaaS or Media Tech environment. Deep understanding and substantial hands-on experience with fundamental services on major cloud platforms (AWS strongly preferred; GCP or Azure is a plus), including compute, networking, storage, databases, security, and observability services. Expertise in one or more scripting/programming languages such as Python, Go, Bash, or Ruby. Excellent hands-on experience with Kubernetes, Docker container technology, and associated ecosystem tools. Proven experience as a technical leader with a strong background in software development principles and scalable web application architectures. Deep technical knowledge of cloud-native architectures and technologies relevant to media streaming, content processing, and delivery. Proficiency in driving secure SDLC with established DevOps/DevSecOps practices, metrics, and tooling. Hands-on development experience with infrastructure as code frameworks; Terraform highly preferred. Expertise in CI/CD automation tools (e.g., Jenkins, GitLab CI, CircleCI, ArgoCD) and configuration management tools. Strong understanding of networking protocols, security best practices, and compliance standards relevant to media applications. Experience with monitoring, logging, and observability stacks (e.g., Prometheus, Grafana, ELK, Datadog). Prior experience in the Media Technology domain (e.g., video streaming, VOD, live broadcast, CDNs, digital rights management) is highly desirable.

Security engineer Protect our users and their data. 4+ years in security engineering. Encryption expertise. Threat modeling experience.

Product Overview Outseer Fraud Manager is an advanced, omnichannel fraud detection hub that provides risk-based, multi-factor authentication for organizations seeking to protect their consumers from fraud across digital channels. Powered by the AI/ML based Risk Engine, Outseer Fraud Manager is designed to measure the risk associated with a users login and post-login activities by evaluating a variety of risk indicators. Using powerful machine learning and fine-grained policy controls, this anti-fraud hub only requires additional assurance, such as out-of-band authentication and transaction signing, for scenarios that are elevated risk and/or violate rules established by an organization. This methodology provides transparent authentication for most of the users, ensuring a frictionless end user experience and high fraud detection rates. What youll achieve: As a Senior Application Security Engineer, you will take ownership of securing our applications throughout the software development lifecycle and provide strategic guidance to ensure the highest level of security across our organization. With your expertise, you will mentor and collaborate with cross-functional teams, drive the adoption of best practices, and implement robust security measures to protect our critical assets, data, and customer information from security threats and vulnerabilities. Essential Duties Drive the application security program, establishing strategic goals, objectives, and initiatives to enhance the overall security posture of our applications. Conduct comprehensive application security assessments, including manual penetration testing, code reviews, architecture reviews and vulnerability scanning, to identify and mitigate risks and vulnerabilities. Provide technical leadership and guidance to development teams, architects, and stakeholders on secure coding practices, security requirements, and the integration of security controls into the software development lifecycle. Develop and maintain application security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry best practices. Collaborate with development teams to perform threat modeling, identify security design gaps, and recommend appropriate security controls and countermeasures. Conduct security reviews of third-party applications and vendors to assess their security posture and ensure compliance with our security standards. Lead incident response efforts for application security incidents, coordinating with cross-functional teams to investigate, contain, and remediate security breaches or vulnerabilities. Stay up to date with emerging threats, vulnerabilities, and industry trends, and provide recommendations for proactive security enhancements. Mentor and train junior members of the application security team, providing guidance and knowledge transfer to develop their skills and expertise. Evaluate and recommend security tools, technologies, and frameworks to enhance application security capabilities and automate security processes. Desired Requirements Bachelors degree in computer science, Information Security, or a related field - or equivalent work experience. 8+ years of professional experience working as an Application Security Engineer or in a similar role, with a focus on securing web and mobile applications. In-depth knowledge of application security concepts, including secure coding practices, authentication and authorization mechanisms, encryption, and vulnerability assessment. Demonstrated experience conducting manual application penetration testing, code reviews, and vulnerability assessments. Strong understanding of web and mobile application frameworks, languages, and technologies (e.g., Java, JavaScript, Python). Proficiency in application security tools such as static code analysis (SAST), dynamic application security testing (DAST), and penetration testing frameworks. Expertise in cloud security concepts and practices, particularly in cloud-native environments (e.g., AWS, Azure, GCP). Deep knowledge of web application security vulnerabilities (OWASP Top Ten), attack vectors, and mitigation techniques. Strong scripting or programming skills for automation and tooling (e.g., Python, Bash, PowerShell). Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) are highly desirable. Administration of security tools such as: Anti DDoS WAF, SAST and DAST. Secure software development lifecycle (SSDLC) and DevSecOps practices. Leader that can influence, motivate, and direct a workgroup to achieve results. Excellent communication skills both verbal and written. Project leadership with the ability to prioritize multiple assignments and / or deliverables. Desired Behaviors Adaptability: Demonstrates flexibility and openness to change. Actively seeks and adopts improved approaches and processes. Proactive Action: Takes initiative and is driven by results. Takes ownership of actions and outcomes, meeting commitments and striving for high performance. Effective Workload Management: Makes timely decisions, prioritizes tasks effectively, solves problems, monitors results, and takes corrective action when necessary. Technical Proficiency : Possesses a solid understanding of their role and responsibilities, demonstrating competence in performing tasks and utilizing relevant technical skills. Continuous Learning : Takes personal responsibility for learning and development. Recognizes personal strengths and areas for improvement, actively seeks feedback, and embraces opportunities to learn. Effective Communication : Demonstrates strong facilitation and written communication skills. Clearly articulates ideas and proposals, actively listens to colleagues perspectives, and values diverse viewpoints. Collaboration: Shares information, fosters teamwork, and contributes to a positive work environment. Actively collaborates with others and encourages a sense of unity and cooperation among team members. Ethical Conduct and Competence : Acts with integrity and intent, displaying ethical character in all actions. Takes accountability for ones own behavior and aligns actions with the companys values and principles. Good Citizenship : Represents the values and interests of Outseer. Acts as a positive ambassador for the company and contributes to the overall well-being and success of the organization.

Product Overview Outseer Fraud Manager is an advanced, omnichannel fraud detection hub that provides risk-based, multi-factor authentication for organizations seeking to protect their consumers from fraud across digital channels. Powered by the AI/ML based Risk Engine, Outseer Fraud Manager is designed to measure the risk associated with a users login and post-login activities by evaluating a variety of risk indicators. Using powerful machine learning and fine-grained policy controls, this anti-fraud hub only requires additional assurance, such as out-of-band authentication and transaction signing, for scenarios that are elevated risk and/or violate rules established by an organization. This methodology provides transparent authentication for most of the users, ensuring a frictionless end user experience and high fraud detection rates. What youll achieve: As a Principal Application Security Engineer, you will drive the development and implementation of advanced security practices, policies, and frameworks to ensure the integrity and confidentiality of our applications. Your deep technical knowledge, combined with your leadership skills, will guide our organization in effectively managing and mitigating application security risks while fostering a culture of security excellence. Essential Duties Provide principal leadership to the application security program, helping set the strategic direction, goals, and objectives to enhance the overall security posture of our applications. Develop and implement advanced application security practices, including secure coding standards, threat modeling methodologies, and secure software development lifecycle (SDLC) processes. Conduct in-depth application security assessments, including code reviews, architecture reviews, and penetration testing, to identify and remediate complex security vulnerabilities and risks. Collaborate closely with development teams, architects, and stakeholders to provide expert guidance on secure coding practices, security design principles, and the selection and implementation of security controls. Define and maintain application security policies, standards, and guidelines, ensuring alignment with regulatory requirements and industry best practices. Drive the integration of security into the CI/CD pipeline and automated security testing tools and processes to enable secure and efficient application development and deployment. Evaluate and recommend emerging technologies, frameworks, and security tools to enhance application security capabilities, scalability, and efficiency. Lead incident response efforts for application security incidents, working with cross-functional teams to investigate, contain, and remediate security breaches or vulnerabilities. Stay current with the latest application security threats, vulnerabilities, and attack vectors, and provide strategic recommendations and guidance to mitigate emerging risks. Serve as a subject matter expert and thought leader on application security, representing the organization in external forums, conferences, and industry working groups. Desired Requirements Bachelors degree in computer science, Information Security, or a related field - or equivalent work experience. 10+ years of progressive experience in application security, with a focus on securing complex web and mobile applications. Extensive expertise in application security principles, secure coding practices, secure architecture design, and vulnerability assessment techniques. Strong knowledge of web and mobile application frameworks, languages, and technologies (e.g., Java, .NET, JavaScript, Python, Android, iOS). Proven experience conducting advanced application security assessments, including code reviews, architecture reviews, and penetration testing. Deep understanding of web application security vulnerabilities (OWASP Top Ten), advanced attack techniques, and mitigation strategies. Demonstrated ability to develop and implement secure software development lifecycle (SDLC) processes and integrate security into DevOps and CI/CD practices. Expertise in cloud security concepts and practices, with hands-on experience in cloud-native environments (e.g., AWS, Azure, GCP). Strong scripting or programming skills for automation and tooling (e.g., Python, Bash, PowerShell). Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) and active participation in industry forums or associations are highly desirable. Leader that can influence, motivate, and direct a workgroup to achieve results. Excellent communication skills both verbal and written. Project leadership with the ability to prioritize multiple assignments and / or deliverables. Desired Behaviors Change Facilitation : Encourages and supports continuous improvement of work practices and processes. Facilitates change by actively seeking opportunities for innovation and sharing ideas with the team. Execution Focus : Drives execution by effectively cascading departmental goals into individual goals. Sets high performance standards, communicates clear expectations, resolves problems, provides task clarity, and establishes boundaries. Team Influence : Provides coaching and mentorship, utilizing open and honest communication. Escalates when necessary to ensure compliance. Recognizes team members for their contributions and fosters and open environment. Motivational Mentorship : Keeps the team focused and motivated by delivering, knowing when to escalate issues, providing regular feedback, while maintaining open lines of communication. Technical Proficiency : Possesses a strong understanding of their own role and responsibilities and is familiar with the roles and tasks of team members. Demonstrates technical competence and provides guidance when needed. Effective Communication : Over-communicates by hosting regular team communication such as one-on-one meetings and team meetings. Ensures important and relevant information is cascaded to the team in a timely manner. Employee Involvement : Encourages employees to participate in decision-making processes, valuing their ideas and proposed solutions. Creates a culture of open dialogue and collaboration. Ethical Conduct and Competence : Displays ethical character and competence, earning the trust of others by acting with integrity and intention. Upholds the companys values and principles in all actions. Role Modelling : Sets a positive example by demonstrating high levels of commitment and energy. Acts as a role model for the organizations core values and maintains high standards of behavior. Influences others positively and contributes to a positive work culture at Outseer.

Job Title: Manager Application Security Company Name: Info Edge India Ltd Job Description: As the Manager Application Security, you will be responsible for leading the application security initiatives within Info Edge India Ltd. You will work closely with development teams to ensure that security is integrated into the software development lifecycle. The role involves assessing potential vulnerabilities in applications, implementing security best practices, and ensuring compliance with security standards. You will also be responsible for conducting security assessments, managing security incidents, and providing guidance on secure coding practices. Additionally, you will collaborate with cross-functional teams to promote a culture of security awareness throughout the organization. Key Responsibilities: - Lead application security assessments and conduct security reviews of applications. - Develop and implement application security policies, standards, and guidelines. - Collaborate with development teams to integrate security into the software development lifecycle. - Conduct threat modeling and vulnerability assessments to identify security risks. - Provide training and support to developers on secure coding practices. - Monitor security trends and stay updated on emerging threats and vulnerabilities. - Respond to security incidents and coordinate incident response efforts. - Prepare reports and presentations for management on application security metrics and status. Skills and Tools Required: - Strong understanding of application security principles and best practices. - Experience with application security testing tools, such as static and dynamic analysis tools. - Familiarity with secure coding practices and frameworks (e.g., OWASP Top Ten). - Knowledge of security standards and compliance frameworks (e.g., ISO 27001, NIST). - Proficiency in one or more programming languages (e.g., Java, Python, C#). - Experience in conducting threat modeling and risk assessment. - Strong analytical skills and attention to detail. - Excellent communication and interpersonal skills to work collaboratively with various teams. - Certifications in application security (e.g., Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP)) are a plus.

Job Title: ============ Cyber Security Lead - BFSI Domain Job Location: -- Multiple Locations =============== Dubai - UAE Riyadh - Saudi Doha - Qatar Monthly Salary: ============= AED 10,000 - AED 15,000 per month [ Full TAX FREE Salary - Depending on Experience ] Type of job: ========= In office only, NO remote Project Duration: ============= 2 Years Desired Experience Level: ==================== 6- 10 Years Overall 5 Years or above Cyber security Experience Solid 5 Years or above with Cyber Security as Software Consultant Resposibilities ==================== Conducting audits to determine security violations or vulnerabilities Implementing security controls Upgrading networks to cohere with industry best practices Researching, testing, and implementing security technology Developing firewalls for network infrastructure Granting privileges to users based on their needs and use cases Monitoring network traffic for security incidents and events Investigating incidents and responding to events in real time You must be working as Cyber Security Consultant [ mandatory ] Certifications: =========== Any cyber security certificated is added for advantage No.of positions: ============== 03 Benefits: ======= - Long term (18 Months) Project - Good Salary - Full Tax Free Salary Job Ref code: ============ BFSI_CYBER_SEC_0525 Email: ===== spectrumconsulting1977@gmail.com ============================= If you are interested, please email your CV as ATTACHMENT with job ref. code [ BFSI_CYBER_SEC_0525 ] as subject

locationsBangalore RMZ-ECO WORLDposted onPosted Yesterday time left to applyEnd DateJune 14, 2025 (28 days left to apply) job requisition idR177746 , India Job Family Group: Information Technology (IT) Worker Type: Regular Posting Start Date: May 15, 2025 Business unit: Projects and Technology Experience Level Experienced Professionals About The Role Whats the role As a Cyber Threat Prevention Advisor in the CyberDefence SecOps team, you'll join the Vulnerability team to manage and oversee vulnerability processes, ensuring they are trackable and measurable with robust tool support. Your team will lead the implementation of these processes within ServiceNow Security Operations (SecOps), establishing standard workflows and integrating them with IT service management processes executed by Line of Defence 1 within IRM. This role leverages market-standard tools and practices to streamline the architecture by reducing dependency on Collective. What youll be doing Asset Discovery: Set-up and lead adequate discovery of new Shell IT assets in Shell's legacy IT network, RES & Portfolio companies, Cloud environments and PCD and Retail environments. Ensure visibility in new areas such as Internet of Things and Cloud and investigate possibilities to keep track of IT assets. Automated Vulnerability Scanning: Maintain a portfolio of tools for automated vulnerability scanning with a focus on Business-Critical systems and systems that are available from the public Internet. Set-up regular scanning and make results available for further analytics in IRM investigation platform. Take appropriate action on vulnerabilities where required. Security Posture Reporting: Use the results from asset discovery, vulnerability scanning, penetration testing and attack simulation to provide an overview of vulnerabilities in Shell IT landscapes for different stakeholders including IRM LT and IDSO LT. Create specific reports for Business, Business Critical applications, IDSO service lines, External perimeters etc. Act as a Subject Matter Expert on implications of a vulnerability in an IT system and establishing the priority of applying security patches. Help creating prioritized overviews of Cyber vulnerabilities and putting these in a context of IT services and Business applications. Take mitigating actions coming out of identified threats or vulnerabilities either directly by the team or agree the actions with other parties in Shell. What you bring Bachelors degree in Computer Science, Information Technology, or related field 5-8 years of total experience in IT Security including at least 3-4 years of experience in Vulnerability Assessment Proficient in analysing network traffic using tools such as tcpdump or wireshark Strong experience in using open-source scanning tools such as nmap, nessus, metasploit and/or commercial tools such as Rapid7 or Qualys Knowledge in integrating Vulnerability Management into modern CI/CD Pipelines with 'shift-left' strategy Understanding of Network Security, Cloud Security, Endpoint Security, Application Security Understanding Cyber Threat Landscape and analyzing Threats from various sources. Assess new threats, rate threat per Shell ratings and collaborate with Threat team on new threat criticality Understanding of CVE id / CVSS score and metrics Familiar with application of Cybersecurity Benchmarks, NIST controls, PCI controls Lead security research proposals and Proof Of Concepts for Emerging Technologies and assessing Fit-For-Purpose Tools. Understanding of Cloud Security Posture Management (CSPM) Expertise in operating Application security tools like Rapid7 Appspider, Netsparker Knowledge on CI/CD pipeline able to understand the integration of security tools and guide the developers Understanding of Application security design and providing guidance to developers on secure design. Good understating of SAST/DAST concepts and process Knowledge of Mobile DAST scanning and vulnerabilities and remediation consultation Knowledge of Splunk, SecOps VR, basic querying and creating dashboards Additional Skills (Good to have): PCI-DSS Compliance Scan. SecOps VR Module in ServiceNow. Linux environment experience. Azure/AWS Cloud Console. Wiz.io tool knowledge. Advanced Splunk skills. What we offer You bring your skills and experience to Shell and in return you work with talented, committed people on one of the most important challenges facing our planet. Youll have the opportunity to develop the skills you need to grow in an environment where we value honesty, integrity, and respect for one another. Youll be able to balance your priorities as you become the best version of yourself. Progress as a person as we work on the energy transition together. Continuously grow the transferable skills you need to get ahead. Work at the forefront of technology, trends, and practices. Collaborate with experienced colleagues with unique expertise. Achieve your balance in a values-led culture that encourages you to be the best version of yourself. Benefit from flexible working hours, and the possibility of remote/mobile working. Perform at your best with a competitive starting salary and annual performance related salary increase our pay and benefits packages are considered to be among the best in the world. Take advantage of paid parental leave, including for non-birthing parents. Join an organisation working to become one of the most diverse and inclusive in the world. We strongly encourage applicants of all genders, ages, ethnicities, cultures, abilities, sexual orientation, and life experiences to apply. Grow as you progress through diverse career opportunities in national and international teams. Gain access to a wide range of training and development programmes. We'd like you to know that Shell has a > click here . - Shell in India Shell is a diversified energy company in India with 13,000 employees, and presence in Integrated Gas, Downstream, Power, Renewable and Upstream. Additionally, we have deep capabilities in R&D, digitalisation, and business operations. Our global strategy, Powering Progress, is designed to generate value for our shareholders, customers, and the wider society, and focuses on creating more value with less emissions. The strategy supports our purpose of providing more and cleaner energy solutions, with the aim of profitably transforming Shell into a net-zero emissions energy business by 2050. As India moves towards its target of net-zero emissions by 2070, Shell India aims to play a leading role in securing vital energy for today, while investing in, and helping to build, the energy system of the future through strategic investments in the country. Our Lubricants business serves over 50,000 consumers through a strong network of over 200 distributors, and operates an end-to-end value chain that spans conceptualization, development, and production at a world-class blending plant at Taloja. Through our 350-plus retail stations, we offer an integrated mobility experience including fuels, cafes, and convenience stores, with a prominent network of EV recharging facilities. Shell owns and operates a LNG re-gasification terminal at Hazira, Surat, with a capacity of 5 MTPA and a LNG truck-loading unit that plays a crucial role in helping meet Indias growing demand for gas across sectors. In 2022, Shell acquired Sprng Energy in a $1.55 billion deal to build an integrated energy transition business in the country. Sprng is a leading renewable energy company in India which develops and manages solar, wind, and hybrid power generation facilities and infrastructure. Our three capability centres across Bangalore and Chennai serve as a technology and innovation powerhouse for Shell globally, working as a delivery engine for core technical, digital, and finance processespioneering digital innovation and cutting-edge technologies across the energy sector. We also have strong academic partnerships and collaborations with leading universities and technology institutes to accelerate decarbonization efforts within the energy sector. We are committed to positively contributing to the communities in which we operate through programmes on STEM Education, Skilling, and Livelihood across India. We nurture and invest in startups developing initiatives focused on accelerating energy innovation through programs such as Shell E4 and Shell Eco-marathon. We also have strategic investments in new energy companies such as Husk Power, d.light, Orb Energy, and Cleantech Solar. DISCLAIMER: Please noteWe occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Shell/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Stakeholder Interaction Stakeholder Type Stakeholder Identification Purpose of Interaction Internal Technical Lead/ Project Lead Regular reporting & updates Security Intelligence (Practice) Coordination for security reasons External Customer To coordinate for all security breaches & resolutions Display Lists the competencies required to perform this role effectively: Functional Competencies/ Skill Leveraging Technology - Knowledge of current and upcoming technology (automation, tools and systems) to build efficiencies and effectiveness in own function/ Client organization - Expert Process Excellence - Ability to follow the standards and norms to produce consistent results, provide effective control and reduction of risk - Expert Functional/Technical - Knowledge of Network Security devices, firewalls, end points, SIEM, application security, IPS/IDS, VA / PT skills - Master Competency Levels Foundation Knowledgeable about the competency requirements. Demonstrates (in parts) frequently with minimal support and guidance. Competent Consistently demonstrates the full range of the competency without guidance. Extends the competency to difficult and unknown situations as well. Expert Applies the competency in all situations and is serves as a guide to others as well. Master Coaches others and builds organizational capability in the competency area. Serves as a key resource for that competency and is recognized within the entire organization. Behavioral Competencies Effective Communication Collaborative Working Execution Excellence Problem Solving & Analytical Skills Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT

About The Role Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information ? Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails ? Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA’s (90-95%), response time and resolution time TAT ? ? Mandatory Skills: SAP GRC - Governance-Risk-Compliance. Experience3-5 Years. Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

We are looking for a Product & Solution Security Professional Youll make a difference by: Mandatory Skills - Needs to be specialized in at least one/two of different areas: Secure Architecture & Design, Threat & Risk Analysis, Secure Project Integration. Network security firewall & network IDS, IPS PSSE will be primarily involved in the secure architecture and design, defines secure design principles, supports selection of secure suppliers and technologies and the development of secure configuration standards and security topics such as IDS, security patch management or Anti-Virus systems must be considered. Also, as part of project integration- defines, supervises, and tests the components/ subsystems with regards to system security, defines and establishes zones and conduits taking physical security concerns into account and prepares and performs security handover of complex systems to customers. Supports and consults the project leaders in implementing the required product & solution security. Supports project teams in conducting the corresponding security activities during the project execution process and / or services. Can support multiple projects and should occupy the function for the main part of is defined working time. Reports to the Project / Functional Lead and the Product & Solution Security Officer. Specification and maintenance of secure coding, secure design guidelines, configuration, and hardening guidelines Synchronize adequately with Information Security organization to ensure architecture and design, and integration IT-infrastructure is sufficiently secure. Specification and maintenance of security requirements for the project. Support for meeting international and regional security standards and regulations (like IEC62443, ISO27000, CENELEC, NIST, SANS) in the project. Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organization. Evaluation of third-party components regarding product & solution security. Clearance of implementation and documentation of security critical components (e.g., cryptographic functions, hidden function, firewall settings) Verification of implementation regarding security requirements (e.g., as part of system test, factory, or site acceptance test). This includes recommendation and creation of security testing tools. Validation (e.g., friendly hacking, penetration testing) to ensure that implementation fulfills security expectations. Involvement in the analysis and handling of security vulnerabilities & incidents. Sound understanding of Product and solution security topic. Hands on experience of Threat and Risk Analysis (TRA) Supporting the systems engineering for security issues. Monitoring and evaluation of vulnerabilities and security incidents Assessment of security-related requirements Proficient in MS Word, Excel (Writing Macros) and PowerPoint Management and Reporting Exhibiting excellent communication and analytical skills Desired Skills: 9+ years of experience is required. Great Communication skills. Analytical and problem-solving skills