7 Cve Jobs

As a Product Security Architect, you will be responsible for providing privacy and security technical expertise to support the product team throughout the product development lifecycle. You will collaborate with the Product Security Leader to ensure compliance with Healthcare Product Cybersecurity Standards. Your key responsibilities will include assessing the privacy and cybersecurity state of the product, defining product roadmap features, and coordinating product development for cybersecurity enhancements. You will work on security architecture, product development coordination, defect management for cybersecurity issues, and ensuring adherence to cloud standards for cloud-based products. Additionally, you will be responsible for creating and maintaining Product and Security Manual documentation, as well as delivering Product Cybersecurity Standard artifacts in collaboration with the Product Security Leader. In this role, you will lead product Security Technical Design Reviews, ensure compliance with regulatory standards, and participate in post-market product vulnerability monitoring. Your expertise will be crucial in addressing customer concerns related to privacy and security, as well as providing technical guidance on vulnerability mitigation and design changes. To excel in this position, you should possess strong soft skills such as the ability to work independently, contribute as an individual contributor, and focus on self-planning activities. Mandatory technical skills include Security Engineering, globally recognized Cyber Security Certifications, and knowledge of security technologies like cryptography, authentication management, and security tools such as SAST, DAST, and Penetration Testing. Experience in product engineering, knowledge of cloud infrastructure, and familiarity with medical software/device engineering are desirable skills for this role. Additional experience in standard software engineering, penetration testing, and red teaming activities would be beneficial. If you have a passion for cybersecurity, experience in product security architecture, and a desire to contribute to the development of secure products in a healthcare environment, this role could be a great fit for you.,

You will be joining Infinite Convergence Solutions, Inc., an industry leader in next-generation messaging and mobility solutions for carriers and enterprises worldwide. Our offerings include the enterprise-grade, secure mobile messaging platform - NetSfere Enterprise, the customer engagement platform - NetSfere Omnichannel, and a comprehensive range of scalable, next-generation wireless communication technologies - NetSfere Mobile Solutions. Having a rich heritage built on acquisitions from Motorola, Nokia, and Alcatel-Lucent, and with over 2000 years of combined experience in mobile and messaging technologies, our platforms cater to more than 500 million subscribers globally, processing over one trillion messages annually. Headquartered near Chicago, we also maintain offices in the United States, Germany, UK, India, and Singapore. For further information, please visit www.infinite-convergence.com and www.netsfere.com. Please note: This is a 5 days Work From Office (WFO) position. As part of your role, you will be actively engaged in identifying and addressing security vulnerabilities. You will be required to engage in day-to-day development activities using C/C++ or Java. Additionally, you will play a key role in shaping the product roadmap by defining features and functionalities. Your responsibilities will also include scanning products, analyzing security reports, presenting findings to the team, and collaborating on solutions. Furthermore, you will provide support across development, testing, deployment, and documentation tasks. To qualify for this position, you should hold a BS in Computer Science or Software Engineering (or equivalent), with an MS degree considered a plus. The ideal candidate will have over 5 years of development experience in the telecommunications or security domains, with proficiency in C/C++ and Java. A solid grasp of information security concepts, the ability to analyze security reports, and familiarity with NIST, CVE, and CWE standards are essential. You should be capable of understanding scores and CVSS vectors, reproducing reported vulnerabilities, and actively resolving them to ensure product security and integrity.,

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion its a place where you can grow, belong and thrive. Your day at NTT DATA The Senior Associate Vulnerability Assessment Specialist is a developing subject matter expert, responsible for conducting vulnerability assessments, analyzing findings, and providing expert recommendations to mitigate security risks within the organization&aposs systems and infrastructure. This role requires collaboration with cross-functional teams, and performs vulnerability assessments, analyzes findings, and provides recommendations to mitigate security risks. Key responsibilities: Conducts vulnerability scans using automated tools and manual techniques to identify vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and determine the severity, exploitability, and potential impact of identified vulnerabilities. Assesses the potential risks associated with identified vulnerabilities. Collaborates with system owners, administrators, and IT teams to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Conducts advanced vulnerability assessments, including application security assessments, penetration testing, and code review, to identify complex vulnerabilities and security weaknesses. Utilizes manual testing techniques and industry-standard methodologies. Utilizes and manages vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Configures and fine-tunes scan policies and parameters to enhance assessment accuracy and coverage. Prepares comprehensive vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Participates in security awareness programs and provide training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Foster a culture of security awareness within the organization. Participates in incident response efforts related to vulnerabilities, collaborate with cross-functional teams, and contribute to post-incident analysis. Identifies root causes, provide recommendations for improvement, and drive preventive measures. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, collaboration, and alignment on vulnerability management goals. Builds relationships and influence stakeholders to drive remediation efforts. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Performs any other related task as required. To thrive in this role, you need to have: Understanding of vulnerability assessment methodologies, tools, and industry best practices. Good understanding of networking concepts, operating systems, and common software vulnerabilities. Proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Strong knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Good written and verbal communication skills to prepare comprehensive reports and communicate technical information to diverse stakeholders. Familiarity with security frameworks, standards, and regulatory compliance requirements. Ability to collaborate and work effectively with stakeholders and cross-functional teams. Academic qualifications and certifications: Bachelor&aposs degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or GIAC Certified Web Application Penetration Tester (GWAPT) are beneficial. Required experience: Moderate level of relevant experience in information security or related roles, with a focus on conducting vulnerability assessments and driving remediation efforts. Moderate level of demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, penetration testing, or code review Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today. Show more Show less

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders" cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats. In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Developer, Application Security. The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers" security journey with tried and true best practices. We are a Java, Python, and React shop combined with world-class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It's challenging and rewarding! If you are up for the challenge, come join us. You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities. Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk. Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python. Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered. Experience developing in, and securing, Javascript and React a plus. Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus. Detail-oriented with problem-solving, communication, and analytical skills. Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation. Excellent understanding and utilization of OWASP. Demonstrated ability to secure API; Techniques, patterns, will be assessed. Experience designing and implementing application security solutions for web and or mobile applications. Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects. Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities. Demonstrable experience in understanding patching and library upgrade paths including interdependencies. Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus. Capability to deploy, provide maintenance for, and operationalize scanning solutions. Hands-on ability to conduct scans across application repositories and infrastructure. Must be willing to work extended hours and weekends as needed. Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts. Preferred Qualifications: You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE. Proficient with penetration testing tools such Burp suite, Metasploit or ZAP. You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better. As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation. Capability to develop operational process from scratch or improve current processes and procedures through well-thought-out hand-offs, integrations, and automation. Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications. Understanding of modern endpoint security technologies/concepts. Adept at working with distributed team members. What Cowbell brings to the table: Employee equity plan for all and wealth enablement plan for select customer-facing roles. Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours, and much more. Professional development and the opportunity to learn the ins and outs of cyber insurance, cybersecurity as well as continuing to build your professional skills in a team environment. Equal Employment Opportunity: Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE Transparency, Resiliency, Urgency, and Empowerment, we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk. At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards. We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.,

We are looking for a motivated Information Security Analyst to run Information Security processes . The main focus area will be Vulnerability Management . You will be responsible for: - Analysing vulnerabilities, - Providing necessary information and guidance to IT Technology Owners, - Monitoring remediation actions. You will have the ability to continuously learn about technologies and associated vulnerabilities, practice interactions with IT stakeholders and get detailed understanding of corporate processes (e.g. IT Change Management, Software Development). SPECIFIC ASSIGNMENTS: You will be working on running the Vulnerability Management processes. You will participate in assessing and evaluating vulnerabilities. You will have the opportunity to work with vulnerability assessment technologies from industry leaders. Your task will be to get understanding of the issue, inform respective IT Technology Owner and provide guidance on recommended action and monitor the execution. In the constantly changing world of emerging vulnerabilities and bit IT landscape of Eurofins you will have numerous opportunities to learn new aspects of vulnerabilities and get better, in-depth understanding of their underlying details. Your role is strategic for the organization running the vulnerability management process is key to secure the Company, build strong layer of defence and improve Companys external posture! Technical details, leading security products, industry best practices, guidelines - you will be working with them on day-to-day basis to grow your security skills and improve Eurofins IT environment. Experience: If you have: Previous experience in IT Security or Vulnerability Management with having experience (at least 5 years) Willingness to learn and motivation to act towards the achievable goal is key for us! On the role of Senior Information Security Analyst, you can utilize your technical skills: understanding of various IT technologies (IT infrastructure and application level), IT general knowledge, principles of software development and understanding of web technologies, utilizing CVEs, collecting and processing information from vulnerability databases, working with leading industry products and services (e.g. Qualys, Nessus, Security Scorecard, BitSight, ServiceNow etc. ), assessing and evaluating cloud-based solutions and cloud services. As you'll be working in an international environment, your English needs to be excellent . You have to be an effective communicator (both to technical and non-technical professionals), convincing that your concepts are relevant and important for the whole organization. Other skills you'll need are orientation on details, team collaboration, problem solving. Qualifications Educational background in IT or Information Security. Any related IT Security certification would be an added advantage.

We're Hiring: Vulnerability Management Engineer (Permanent Role) Location : Indiqube Platina, Commissariat Rd, Ashok Nagar, Bangalore Shift : Rotational | Type : Full-Time, Permanent Email to Apply : ankitm@infotreeservice.com Infotree Global Solutions is looking for a Vulnerability Management Engineer who is passionate about cybersecurity and risk mitigation. This is a great opportunity to join a dynamic team and work on cutting-edge security operations that make a real impact. What You'll Do: Lead the end-to-end vulnerability management lifecycle . Operate tools like Tenable Nessus , Cisco Kenna , and Vonahi vPentest . Analyze scan results, assess CVSS/CVE risks, and drive remediation efforts. Engage directly with clients to communicate findings and recommend improvements . Monitor zero-day threats and stay ahead of the threat landscape. What You Bring: 3+ years of hands-on experience with vulnerability scanning tools . Strong understanding of CVSS, CVE, NIST , and OWASP Top 10 . Technical know-how across Windows, Unix/Linux, AWS, and VMware . Ability to clearly explain technical results to both clients and stakeholders. Nice to Have: Certifications: CEH , Security+ , or PenTest+ . Experience in compliance frameworks like ISO, NIST, SOC . Join a company that values innovation, collaboration, and continuous learning. Ready to secure the future with us? Send your resume to: ankitm@infotreeservice.com

The Oracle Cloud Infrastructure (OCI) team can provide you the opportunity to build and operate a suite of massive scale, integrated cloud services in a broadly distributed, multi-tenant cloud environment. OCI is committed to providing the best in cloud products that meet the needs of our customers who are tackling some of the world's biggest challenges. We offer unique opportunities for smart, hands-on engineers with the expertise and passion to solve difficult problems in distributed highly available services and virtualized infrastructure. At every level, our engineers have a significant technical and business impact designing and building innovative new systems to power our customer's business critical applications. What is Security Products Group at OCI OCI Security Products Group is building comprehensive product portfolios to protect customers cloud environments with innovative approaches and hyperscale efficiency. Our core security pillars are: customer isolation, data encryption, security controls, visibility. Our vision is to build the most secure cloud environment for our customers to build their applications confidently on top of OCI. We are making strategic decision to heavily invest on detecting system vulnerabilities and threat activities, correlate and analyze problems, then remediate, notify and block attacks from malicious actors against customer cloud environment. We offer a rich set of services to help our customer to secure their data, flexible access to their environment, detect the vulnerabilities and treats in their environment, source code, applications and containers, take remediations to protect customers based on the industry best practice such as CVE and CIS. Our solutions will ensure customers confidently build their business in Oracle Cloud. Career Level - IC5 Who are we looking for We are looking for engineers with distributed systems experience. You should have experience with the design of major features and launching them into production. You've operated high-scale services and understand how to make them more resilient. You work on most projects and tasks independently. You have experience working with services that require data to travel long distances, but have to abide by compliance and regulations. The ideal candidate will own the software design and development for major components of Oracle's Cloud Infrastructure. You should be both a rock-solid coder and a distributed systems generalist, able to dive deep into any part of the stack and low-level systems, as well as design broad distributed system interactions. You should value simplicity and scale, work comfortably in a collaborative, agile environment, and be excited to learn. What are the biggest challenges for the team The biggest challenges for the team are reliability, performance and keep up in cybersecurity space. The dynamic and fast growth of the business is driving us to improve the ability of our systems to scale out and handle traffic patterns with full coverage that are several orders of magnitude greater than what we can support today. We understand that software is living and needs investment. The challenge is making the right tradeoffs, communicating those decisions effectively, and crisp execution. We need engineers who can build services that can reliably protect our customer cloud environment. We need engineers who can figure out how we can keep up our solution in a fast pace to securely protect our customers. We need engineers who can build services that enable us to offer even more options to customers and contribute to the overall growth of Oracle Cloud. Required Qualifications 10+ years distributed service engineering experience in a software development environment Experience driving feature design reviews, documentation, UX reviews, and working with Product Managers through the entire launch process Strong development experience in Java, C++, C#, or similar OO languages Strong knowledge of data structures, algorithms, operating systems, and distributed systems fundamentals Working familiarity with networking protocols (TCP/IP, HTTP) and standard network architectures Good understanding of databases, NoSQL systems, storage and distributed persistence technologies Experience building multi-tenant, virtualized infrastructure a strong plus Preferred Qualifications Hands-on experience developing services on a public cloud platform (e.g., AWS, Azure, Oracle) Building continuous integration/deployment pipelines with robust testing and deployment schedules Expertise in applying threat modeling or other risk identification techniques to develop security solutions Experience and understanding of Cryptography, DDoS, CVE, CIS, SAST, DAST, or similar security and compliance knowledge Career Level - IC5