9 Cis Benchmarks Jobs

Colt provides network, voice and data centre services to thousands of businesses around the world, allowing them to focus on delivering their business goals instead of the underlying infrastructure. Why we need this role This role is critical to protecting both internal telecom infrastructure and customer-facing security services. It ensures the secure deployment and management of technologies across backbone, edge, and cloud environments, while supporting the delivery and integration of managed security solutions for customers. The role plays a key part in incident response, vulnerability management, and maintaining robust security standards. By collaborating across engineering, operations, and product teams, it helps embed security into every layer of the network and service lifecycle, ensuring resilience, compliance, and customer trust. What You Will Do Security Product Engineering (Customer-Facing Focus) Support deployment and integration of customer security products such as managed firewalls, SD-WAN, SASE platforms, and DDoS mitigation solutions. Perform configuration, troubleshooting, and tuning of security services in customer environments. Assist in onboarding, proof-of-concept testing, and support transitions to operations for customer security services. Work with solution architects to operationalize and maintain secure design patterns and templates. Infrastructure Security (Internal Focus) Deploy and manage security technologies across the telecom backbone, edge, and data centre infrastructure (e.g., firewalls, IDS/IPS, SIEM, PAM, NAC). Collaborate with network and systems teams to secure IP/MPLS transport, SDN platforms, automation tools, and cloud workloads. Monitor and analyse security events and alerts, responding to incidents and escalating as appropriate. Assist with vulnerability assessments, patch management validation, and configuration hardening. Document and maintain infrastructure security standards, configurations, and runbooks. Support & Collaboration Participate in security incident response, root cause analysis, and remediation efforts. Provide input on threat modelling, security testing, and design reviews for internal and external services. Stay current on security threats, tooling, and telecom-relevant vulnerabilities. Collaborate cross-functionally with engineering, operations, product, and customer support teams. What We&aposre Looking For Must haves 37 years of experience in security engineering and/or network engineering Solid understanding of TCP/IP, routing, firewalls, VPN, and network segmentation principles. Hands-on experience with security tools such as firewalls (Fortinet, Palo Alto, etc.), SIEM/SOAR, IDS/IPS, EDR, or vulnerability scanners. Familiarity with Linux, scripting (Python, Bash), and infrastructure-as-code concepts. Knowledge of secure configuration standards (e.g., CIS benchmarks) and common protocols (e.g., BGP, DNS, SNMP). Might haves Experience supporting or delivering telecom or ISP infrastructure. Exposure to customer-facing security services or managed security environments. Familiarity with regulatory and industry standards (e.g., NIST, ISO 27001, UK TSA). Certifications such as Security+, GSEC, GCIA, or equivalent are a plus. Telecom or carrier experience strongly preferred Skills Cyber Security Architecture IT Architecture Methodologies Cyber Security Tools/Products Cyber Security Planning Security Compliance Education A Masters of Bachelors degree such as Computer Science, Information Security or related field What We Offer You Looking to make a mark At Colt, youll make a difference. Because around here, we empower people. We dont tell you what to do. Instead, we employ people we trust, who come together across the globe to create intelligent solutions. Our global teams are full of ambitious, driven people, all working together towards one shared purpose: to put the power of the digital universe in the hands of our customers wherever, whenever and however they want. We give our people the opportunity to inspire and lead teams, and work on projects that connect people, cities, businesses, and ideas. We want you to help us change the world, for the better. Diversity and inclusion Inclusion and valuing diversity of thought and experience are at the heart of our culture here at Colt. From day one, youll be encouraged to be yourself because we believe thats what helps our people to thrive. We welcome people with diverse backgrounds and experiences, regardless of their gender identity or expression, sexual orientation, race, religion, disability, neurodiversity, age, marital status, pregnancy status, or place of birth. Most Recently We Have Signed the UN Women Empowerment Principles which guide our Gender Action Plan Trained 60 (and growing) Colties to be Mental Health First Aiders Please speak with a member of our recruitment team if you require adjustments to our recruitment process to support you. For more information about our Inclusion and Diversity agenda, visit our DEI pages. Benefits Our benefits support you through all parts of life, for both physical and mental health. Flexible working hours and the option to work from home. Extensive induction program with experienced mentors and buddies. Opportunities for further development and educational opportunities. Global Family Leave Policy. Employee Assistance Program. Internal inclusion & diversity employee networks. A global network When you join Colt you become part of our global network. We are proud of our colleagues and the stories and experience they bring take a look at Our People site including our Empowered Women in Tech. Show more Show less

How is this team contributing to the vision of Providence Enterprise Security & Infrastructure (ESI) is committed to appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients). What will you be responsible for Lead the development, implementation, and continuous improvement of the organizations security governance, risk management, and compliance (GRC) strategies. Establish and maintain a comprehensive governance management framework, ensuring effective operational controls to address information security risks. Create, update, and enforce security policies, procedures, processes, standards, and guidelines to support the IT Governance Program, including the lifecycle management of internal controls. Drive risk management and governance initiatives in response to emerging technologies and evolving business needs. Oversee the remediation of information security issues and findings, ensuring both immediate corrective actions and sustainable long-term solutions to mitigate risks. Collaborate with senior leadership, business units, IT, and Legal to establish consistent processes for identifying, assessing, responding to, and reporting on IT risks. Champion the implementation of global IT GRC initiatives, ensuring alignment with organizational objectives and industry standards. Partner with program leadership to influence decision-making and foster unified progress towards security and compliance goals. Identify and lead cross-functional projects that enhance standardization, efficiency, and maturity within the GRC function. Provide effective leadership to GRC teams, including direct reports and contractorsdelegating tasks, coordinating efforts, fostering motivation, and conducting performance reviews in collaboration with HR. Directly manage and develop GRC teams, with responsibility for up to 10 caregivers. Stay current on best practices, legal requirements, and industry standards related to risk management and compliance frameworks such as NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL. Monitor industry trends and the regulatory environment, proactively adapting governance strategies to maintain compliance and organizational resilience. How is this team contributing to the vision of Providence Enterprise Security & Infrastructure (ESI) is committed to appropriately protecting all information relating to its caregivers and affiliates, as well as protecting its confidential business information (including information relating to its caregivers, affiliates, and patients). What will you be responsible for Lead the development, implementation, and continuous improvement of the organizations security governance, risk management, and compliance (GRC) strategies. Establish and maintain a comprehensive governance management framework, ensuring effective operational controls to address information security risks. Create, update, and enforce security policies, procedures, processes, standards, and guidelines to support the IT Governance Program, including the lifecycle management of internal controls. Drive risk management and governance initiatives in response to emerging technologies and evolving business needs. Oversee the remediation of information security issues and findings, ensuring both immediate corrective actions and sustainable long-term solutions to mitigate risks. Collaborate with senior leadership, business units, IT, and Legal to establish consistent processes for identifying, assessing, responding to, and reporting on IT risks. Champion the implementation of global IT GRC initiatives, ensuring alignment with organizational objectives and industry standards. Partner with program leadership to influence decision-making and foster unified progress towards security and compliance goals. Identify and lead cross-functional projects that enhance standardization, efficiency, and maturity within the GRC function. Provide effective leadership to GRC teams, including direct reports and contractorsdelegating tasks, coordinating efforts, fostering motivation, and conducting performance reviews in collaboration with HR. Directly manage and develop GRC teams, with responsibility for up to 10 caregivers. Stay current on best practices, legal requirements, and industry standards related to risk management and compliance frameworks such as NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL. Monitor industry trends and the regulatory environment, proactively adapting governance strategies to maintain compliance and organizational resilience. What would your day look like Regularly collaborate with business leaders, application, and product owners to evaluate security needs and impacts of security decisions on business processes as well as to communicate risks. Drive implementation of framework, policies, standards, and other security requirements. Conduct gap analysis and implement Standards Frameworks like NIST CSF, NIST 800-53 v5, CIS Benchmarks, HIPAA, PCI DSS, SOX 404, and ITIL. Develop and revise Policies, Standards, Processes, and guidelines for the enterprise through change management. Perform security reviews, attestations, assessments and serve as a Liaison between various teams within Cybersecurity. Collaboare with business function owner on deliverables, support team in understating and meeting business requirements. Manage expectations and effectively communicate to colleagues, project team members, sponsors, stakeholders, business leaders, as well as internal and external security stakeholders and leaders. Promote and raise awareness of Cyber-Security programs and posture, driving change and influencing proper Cyber Security hygiene within the organization. Who are we looking for 4-year University (Bachelors) degree in Computer Science, Information Security, Cyber Security or related field. Minimum 10 years of experience in an Information Security/GRC role. Minimum 5 years of experience in IT Risk Management Role. Preferred 3 years of experience in Healthcare, Pharma or Bio-Technology organization. Strong project management skills to simultaneously work on multiple projects concurrently. Experience with managing a GRC tool support life cycle. Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level. Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently. Ability to lead a team and collaborate with other leaders throughout the organization. Ability to effectively prioritize and execute tasks in a high-pressure environment Preferred knowledge of Information Security standards (ISO/IEC 27001, 27002, NIST CSF, NIST SP 800-53, CIS Controls). Show more Show less

As a member of the Vulnerability Management Services team at Atos Group, you will play a crucial role in executing vulnerability scanning and managing VM programs for our clients. Your responsibilities will include completing projects within budgeted efforts and agreed timelines with high-quality deliverables. You will utilize various scanning solutions such as SAINT, Nessus, Tenable.io, Tenable.sc, Qualys, etc., to perform vulnerability scanning and gain a deep understanding of client network architecture and infrastructure to be scanned. Moreover, you will be involved in threat identification, vulnerability identification, and control analysis, as well as developing customized reports and dashboards based on client expectations. Proactiveness in project planning and execution, likelihood determination, impact analysis, and risk determination are key aspects of this role. You will also prioritize risks, provide solution recommendations, and document findings, identifying the business risks posed by weaknesses identified during assessments. Collaboration with both business and technical teams within and outside the organization will be essential for project scope definition, execution, and closure. The ideal candidate for this role should have at least 5 years of experience in Vulnerability Scanning, with expertise in tools like Qualys, Tenable, Rapid7, etc. Additionally, you should possess the ability to understand and explain vulnerabilities to stakeholders, knowledge of platforms such as Windows, Linux, Unix, Mac OS, Cisco, Juniper, as well as familiarity with standards like PCIDSS, CIS Benchmarks, etc. A flexible approach to working on challenging activities, creative problem-solving skills, strong communication, and writing abilities are crucial for success in this role. Join us at Atos Group to expand the possibilities of data and technology, now and for generations to come. Let's grow together.,

You will be joining the Vulnerability Management Services team at Atos Group, a global leader in data-driven, trusted, and sustainable digital transformation. With an annual revenue of approximately 5 billion, Atos operates as a next-generation digital business with leading positions in digital, cloud, data, advanced computing, and security across more than 47 countries. By leveraging high-end technologies and a team of 47,000 world-class talents, Atos expands the possibilities of data and technology for current and future generations. Your role will be based in Mumbai (Onsite) with a required experience of 5 to 8 years and the highest qualification of any full-time graduate. As a part of the team, you will be responsible for executing vulnerability scanning and managing VM programs for clients. It is crucial to complete projects within budgeted efforts and agreed timelines while ensuring high-quality deliverables. Key Responsibilities: - Perform vulnerability scanning using tools like SAINT, Nessus, Tenable.io, Tenable.sc, Qualys, etc. - Gain a deep understanding of client network architecture and infrastructure - Identify threats, vulnerabilities, and perform control analysis - Develop customized reports and dashboards as per client expectations - Proactively plan and execute projects - Determine likelihood, analyze impacts, and assess risks - Prioritize risks, recommend solutions, and document findings - Identify business risks associated with weaknesses identified during assessments - Collaborate with both business and technical teams for project scope definition, execution, and closure Skills Required: - 5+ years of experience in Vulnerability Scanning with expertise in tools like Qualys, Tenable, Rapid7, etc. - Ability to understand and explain vulnerabilities to stakeholders - Knowledge of various platforms such as Windows, Linux, Unix, Mac OS, Cisco, Juniper, etc. - Familiarity with standards like PCIDSS, CIS Benchmarks, etc. - Flexibility in handling challenging activities and creativity in problem-solving - Strong communication and writing skills with fluency in verbal communication If you are looking to grow and thrive in a dynamic and innovative environment, we invite you to join us on this exciting journey at Atos Group.,

Looking for a challenging role If you really want to make a difference, make it with Siemens Energy. At Siemens Energy, we strive to energize society and combat climate change simultaneously. Our technology is crucial, but it is our people who truly make the difference. Innovative minds drive our progress, connecting, creating, and steering us towards revolutionizing the world's energy systems. The spirit of our employees fuels our mission. Our culture is characterized by individuals who are caring, agile, respectful, and accountable. We highly esteem excellence in all forms. Does this resonate with you Your new role will be both challenging and future-oriented, involving various responsibilities including: - Installation and Configuration: Installing and configuring Windows operating systems, software, and services on physical and virtual servers. - System Maintenance: Performing routine maintenance tasks such as applying patches, updates, and ensuring data backups. - Monitoring and Troubleshooting: Monitoring system performance, identifying issues, and resolving them promptly. - Security: Implementing security measures to protect data and prevent unauthorized access. - User Management: Managing user accounts, permissions, and access rights. - Documentation: Maintaining system configurations, processes, and procedures. - Support: Providing technical assistance to end-users for hardware and software-related issues. - Compliance: Ensuring compliance with company policies and industry regulations. - Network Management: Managing network infrastructure, including LAN, WAN, and data communications. - Strategic Planning: Contributing to system architecture, upgrades, and future system requirements. We are not looking for superheroes, just super minds with the following qualifications: - Minimum of 3 years of experience in Windows Server administration. - Expert-level knowledge of Windows Operating System (client and server). - Understanding of Windows network services (TCP/IP) and operational experience. - Strong knowledge of Active Directory Domain Structure. - Experience in Virtualization techniques such as Hyper-V and VMWare. - Knowledge of Backup Concepts (Windows Backups / Acronis / Veeam backup). - Understanding of Windows-based services (DNS, DHCP, RADIUS, CA, Group Policy Management, etc.). - Familiarity with Vulnerability Assessment tools (NESSUS, etc.). - Awareness of CIS benchmarks for Microsoft Operating systems. - Good English communication skills (written and oral) to engage with the Global team and customers. This role is based at Site (Gurgaon) with potential travel to other locations in India and beyond. Embrace this opportunity to work with teams that influence entire cities, countries, and the future landscape. Siemens comprises over 379,000 individuals across more than 200 countries, collectively building the future one day at a time. We are committed to diversity and encourage applications that reflect the communities we serve. Employment decisions at Siemens are merit-based and driven by qualifications and business requirements. Bring your curiosity and creativity to help us shape tomorrow.,

Education Requirements : BE, B.Tech in IT/CS/ECE, BCA, BSc CS and MCA Certification : Any ITSM Certification/CEH Job Summary: We are seeking an experienced ITSM and CIS Benchmarking Specialist to drive service management excellence and ensure systems are hardened according to industry best practices. The ideal candidate will have deep knowledge of ITIL-based ITSM practices and hands-on experience applying CIS Benchmarks for endpoint and server security compliance. Key Responsibilities: ITSM: Oversee the implementation and continuous improvement of ITSM processes aligned with ITIL framework (e.g., Incident, Change, Problem, Asset, and Configuration Management). Ensure accurate and timely incident/ticket management via ITSM tools (e.g., ServiceNow, BMC Remedy, Freshservice). Develop ITSM dashboards and reports to track SLAs, service availability, and operational KPIs. Collaborate with technical and business teams to streamline service workflows and automate manual tasks. Provide training and guidance on ITSM processes across teams. CIS Benchmarking: Perform security baseline assessments of servers, endpoints, and cloud environments using CIS Benchmarks . Coordinate with IT infrastructure and application teams to implement and validate CIS hardening steps. Use tools such as CIS-CAT Pro , SCAP , Tenable , or Qualys for benchmark scanning and reporting. Maintain a central repository of system configurations, benchmark reports, and deviation justifications. Support internal and external audits by providing CIS compliance evidence and remediation plans. Required Skills and Qualifications: 5+ years of experience in implementing and managing ITSM processes and tools. 5+ years of experience applying CIS Benchmarks across Windows, Linux, databases, or cloud platforms. Strong understanding of ITIL v3 or v4, with certification preferred. Familiarity with endpoint/server hardening, system configuration management, and patching. Experience using configuration and compliance management tools (e.g., Ansible, Chef, SCCM, GPO). Ability to document policies, procedures, and control deviations. Preferred Qualifications: ITIL Foundation or Practitioner certification. Experience in audit/compliance functions, particularly in regulated industries (BFSI, healthcare, government). Familiarity with ISO 27001, NIST 800-53, or other security frameworks.

Education Requirements : BE, B.Tech in IT/CS/ECE, BCA, BSc CS and MCA Certification : Any ITSM Certification/CEH Job Summary: We are seeking an experienced ITSM and CIS Benchmarking Specialist to drive service management excellence and ensure systems are hardened according to industry best practices. The ideal candidate will have deep knowledge of ITIL-based ITSM practices and hands-on experience applying CIS Benchmarks for endpoint and server security compliance. Key Responsibilities: ITSM: Oversee the implementation and continuous improvement of ITSM processes aligned with ITIL framework (e.g., Incident, Change, Problem, Asset, and Configuration Management). Ensure accurate and timely incident/ticket management via ITSM tools (e.g., ServiceNow, BMC Remedy, Freshservice). Develop ITSM dashboards and reports to track SLAs, service availability, and operational KPIs. Collaborate with technical and business teams to streamline service workflows and automate manual tasks. Provide training and guidance on ITSM processes across teams. CIS Benchmarking: Perform security baseline assessments of servers, endpoints, and cloud environments using CIS Benchmarks . Coordinate with IT infrastructure and application teams to implement and validate CIS hardening steps. Use tools such as CIS-CAT Pro , SCAP , Tenable , or Qualys for benchmark scanning and reporting. Maintain a central repository of system configurations, benchmark reports, and deviation justifications. Support internal and external audits by providing CIS compliance evidence and remediation plans. Required Skills and Qualifications: 2+ years of experience in implementing and managing ITSM processes and tools. 2+ years of experience applying CIS Benchmarks across Windows, Linux, databases, or cloud platforms. Strong understanding of ITIL v3 or v4, with certification preferred. Familiarity with endpoint/server hardening, system configuration management, and patching. Experience using configuration and compliance management tools (e.g., Ansible, Chef, SCCM, GPO). Ability to document policies, procedures, and control deviations. Preferred Qualifications: ITIL Foundation or Practitioner certification. Experience in audit/compliance functions, particularly in regulated industries (BFSI, healthcare, government). Familiarity with ISO 27001, NIST 800-53, or other security frameworks.

Job Description: VAPT lead with experience in vulnerability assessment and penetration testing is preferred The resource should mandatorily have minimum 4 Years experience in VAPT Responsible for planning executing and managing infrastructure level vulnerability assessments and penetration testing activities across the organization s IT landscape Key Responsibilities: Lead and manage end to end Vulnerability Assessment and Penetration Testing VAPT activities across infrastructure components including networks servers endpoints and cloud environments Design and implement VAPT strategies tailored to organizational risk profiles and compliance requirements Conduct thorough assessments to identify security vulnerabilities simulate attack scenarios and evaluate the effectiveness of existing security controls Collaborate with infrastructure network and application teams to validate findings and support remediation efforts Prepare detailed technical reports and executive summaries outlining identified risks impact analysis and recommended mitigation strategies Ensure VAPT activities align with industry standards such as ISO 27001 NIST OWASP and CIS Benchmarks Maintain up to date knowledge of emerging threats tools and techniques in the vulnerability assessment and penetration testing domain Technical Requirements: Proven experience in conducting infrastructure level Vulnerability Assessment and Penetration Testing VAPT across networks servers endpoints and cloud environments Strong hands on expertise with VAPT tools such as Nessus Qualys Nmap Metasploit Burp Suite etc In depth understanding of network protocols system configurations and common vulnerabilities in enterprise IT environments Ability to identify analyze and prioritize security vulnerabilities and provide detailed remediation guidance to technical teams Preferred Skills: Technology->Application Security->Vulnerability Management

Summary : As a Senior Product Security Engineer, you will join our team of talented professionals dedicated to embedding continuous and seamless security into our engineering processes. You will contribute to the development and implementation of our Secure Software Development Lifecycle (S-SDLC), working across multiple technical teams to enhance our security posture. About the role : Promote secure-by-design architectures and implementations across all phases of our S-SDLC. Define product security standards, best practices, and processes with built-in governance and metrics. Develop new security capabilities, patterns and automation to integrate security throughout our development practices. Lead threat modeling sessions and secure code reviews (including of AI-based systems and products). Collaborate with cross-functional teams, including software engineering, platform engineering, QA, and operations. Accelerate security remediation through data analysis and support for product engineering teams. This central role will allow you to have maximum impact ensuring our products and applications meet the highest security standards to protect our customers. About you : Bachelor's degree in computer science or equivalent education experience. 7+ years of hands-on experience in software engineering or application security. Experience conducting security-focused threat modeling and code reviews across multiple technology stacks and programming languages. Experience with security tools (SAST, SCA, DAST, fuzzers a plus) and analyzing their findings. Proven analytical skills with ability to develop innovative solutions to complex security challenges. Both defensive and offensive mindset. Strong understanding of security principles (cryptography, authentication, authorization, etc.) and common vulnerabilities applicable to applications (web, desktop or mobile), APIs and cloud environments. Ability to identify, analyze, and mitigate common security vulnerabilities at both design and implementation levels. Knowledge of software engineering principles with experience designing and implementing secure systems, aligned with secure by design and secure by default principles Proficiency in writing code, tests, deployment logic, and API integrations. Any language welcomed. Python, GoLang, Java preferred. Excellent written and verbal communication skills with ability to articulate complex security concepts to diverse and cross-functional audiences. Preferred Qualifications Experience with a major cloud provider (AWS, Azure, Oracle Cloud or GCP). Experience with Infrastructure as Code (e.g., CDK, Terraform, ). Experience securing or developing systems using Large Language Models, RAG, and AI Agents. Experience with common authentication and authorization standards (SAML and OAuth). Experience with containerized application and container orchestration (Kubernetes, ECS, ). Knowledge of industry security frameworks and maturity models such as OWASP Application Security Verification Standard, CIS Benchmarks, NIST Cybersecurity Framework, OWASP SAMM or BSIMM. Relevant security certifications (e.g., OSCP, OSWE). Experience contributing to open-source security projects. Experience in security research, presenting at conferences, or publishing articles.