3 Cpent Jobs

Synopsis of the role Looking for a Cyber Security staff with audit experience in consulting/cooperate on ISO 27001, Internal Cyber security reviews of customers and Vendor Infosec Risk assessments. What Youll Do Risk Management: Identify, assess, and mitigate information security risks to the organization&aposs assets, data, and systems. Compliance: Ensure compliance with relevant laws, regulations, and industry standards, such as GDPR, NIST, PCI-DSS, and ISO 27001. Handle Internal and External ISO 27001:2013 Audits. Perform customers (members) security Risk assessments, due Diligence Onboarding & reviews. Manage and coordinate for all regulatory (RBI etc) submissions Security Awareness: Develop and implement security awareness training programs for employees to promote a culture of security. Incident Response: Develop and manage incident response plans to ensure prompt and effective response to security incidents. Vulnerability Management: Implement vulnerability management processes to identify, classify, and remediate vulnerabilities in systems and applications. Security Architecture (Cloud and On Prime) : Design , review and implement secure architectures for systems, networks, and applications. Third-Party Risk Management: Assess and mitigate information security risks associated with third-party vendors and service providers. What Experience You Need Masters or Bachelor&aposs degree in Computer Science or Electronic & telecommunication, Information Security, or related field. Certifications: CPENT, CEH ISO 27001, or CISA certification preferred. Experience: Minimum 4 -5 years of experience in information security. Strong knowledge of information security principles, risk management, and compliance. Excellent communication skills. Experience with cloud security platforms and technologies Soft skills: Time management - Effective time management and prioritizing Collaboration - Ability to work & collaborate with cross functional teams Adaptability: Ability to adapt to changing security landscapes and professional environments. What Could Set You Apart People management skills & Positive attitude Good Communication skill Passion to continuously learn and work to add value to the organization security environment. Show more Show less

We are looking for someone who has good hands on experience in VAPT. This role is with one of the government department of Maharashtra. Education: B.E/B. Tech / M.Sc. (Comp. Sci) / MCA / MBA/ M. Tech degree or equivalent. Should be a certified auditor. 6 or more years of overall experience with at least 6 years of relevant experience in Vulnerability Analysis, Penetration Testing and/or forensics. Must have experience in managing at least 3 projects for large, enterprise scale Clients. should have at least two industry certifications as mentioned below: 1. Licensed Penetration Tester (LPT) 2. Certified Penetration Testing Professional (CPENT) 3. Certified Expert Penetration Tester (CEPT) 4. GIAC Penetration Tester (GPEN) 5. CompTIA PenTest+ 6. Certified Ethical Hacker (CEH) 7. Certified Mobile and Web App Penetration Tester (CMWAPT) 8. Computer Hacking Forensic Investigator (CHFI) 9. Certified Information System Auditor (CISA) 10. Certified Information Security Manager (CISM) 11. Other acceptable industry related certification in VAPT. 12. OSCP

Here's an updated version of the job description, incorporating your specified details: Staff Product Security Engineer (Embedded & IoT) Work Flexibility: Hybrid Work Mode: Hybrid Location: Bengaluru Work Flexibility Definitions: Remote Role allows you to work the majority to 100% of time from an alternate workplace. These roles could have travel expectations, and you must work within the country of the job requisition location. Field-based – You can expect to regularly work a majority to 100% of time at customer facilities and has a set territory or expectation to travel within a set boundary. Almost all sales roles would likely be qualified as field-based. Onsite – Role is 100% located at a company facility. Some ad hoc flexibility may be available depending on role, level, and job requirements. Manufacturing roles and any role that requires physical presence at the office would qualify under this category. Hybrid – You can expect to regularly work in both an alternate workplace and a company facility. Roles that are partially remote or co-located would qualify as hybrid, and the expectation to be on site would be defined and agreed upon by your manager/supervisor. What you will do: Provide technical leadership and guidance to a team of Web, Embedded, and IoT Security engineers. Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices. Leverage DevSecOps to embed security testing ( SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation ) into all phases of the Software Development Life Cycle (SDLC). Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services. Develop and maintain comprehensive test plans, methodologies, and tools for security testing. Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies. Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions. Lead the Software Bill of Materials (SBOM) Management program , ensuring accurate identification and documentation of software components and dependencies. Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management. What you need: Required Qualifications: Bachelor's or Master’s in Computer Science Engineering or a related field. 4 to 10 years of experience in product security, with a strong focus on embedded systems and IoT . Experience with threat modeling, risk assessment , and security architecture reviews for Embedded Systems and IoT solutions. Proficiency in C, C++, and Python programming languages. Familiarity with relevant security standards and frameworks such as OWASP, NIST Cybersecurity Framework , and ISO 27001 . Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context. Preferred Qualifications: Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit , and experience applying DevSecOps principles. Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python. Understanding of Cloud-based environments like Azure and AWS . At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams. Additional Details: Travel Percentage: 10% Mode of Interview: Face-to-Face