15 Cvss Jobs

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders" cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats. In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Developer, Application Security. The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers" security journey with tried and true best practices. We are a Java, Python, and React shop combined with world-class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It's challenging and rewarding! If you are up for the challenge, come join us. You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities. Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk. Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python. Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered. Experience developing in, and securing, Javascript and React a plus. Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus. Detail-oriented with problem-solving, communication, and analytical skills. Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation. Excellent understanding and utilization of OWASP. Demonstrated ability to secure API; Techniques, patterns, will be assessed. Experience designing and implementing application security solutions for web and or mobile applications. Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects. Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities. Demonstrable experience in understanding patching and library upgrade paths including interdependencies. Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus. Capability to deploy, provide maintenance for, and operationalize scanning solutions. Hands-on ability to conduct scans across application repositories and infrastructure. Must be willing to work extended hours and weekends as needed. Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts. Preferred Qualifications: You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE. Proficient with penetration testing tools such Burp suite, Metasploit or ZAP. You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better. As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation. Capability to develop operational process from scratch or improve current processes and procedures through well-thought-out hand-offs, integrations, and automation. Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications. Understanding of modern endpoint security technologies/concepts. Adept at working with distributed team members. What Cowbell brings to the table: Employee equity plan for all and wealth enablement plan for select customer-facing roles. Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours, and much more. Professional development and the opportunity to learn the ins and outs of cyber insurance, cybersecurity as well as continuing to build your professional skills in a team environment. Equal Employment Opportunity: Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE Transparency, Resiliency, Urgency, and Empowerment, we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk. At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards. We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.,

At Capgemini Invent, you will play a crucial role in driving transformation by blending strategic, creative, and scientific capabilities to deliver cutting-edge solutions for our clients. Your expertise in Vulnerability Management tools such as Rapid7, Qualys, and Tenable will be instrumental in implementing and managing security vulnerabilities both on-premises and in the cloud. You will also be responsible for setting up vulnerability scanning profiles and demonstrating a strong understanding of the vulnerability management lifecycle. In addition, your role will entail in-depth knowledge across various core domains including Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management. It is essential for you to possess knowledge of system security vulnerabilities, remediation techniques, and tactics, as well as the ability to effectively communicate testing findings to managers and network administrators. Your proficiency in simplifying complex technology concepts for non-technical audiences will be highly valued. Your profile should showcase a good understanding of the risk score acceptance process for vulnerabilities, the ability to generate customized reports, and support in mitigating vulnerabilities. Automation knowledge in existing processes, familiarity with Zero Day Vulnerabilities, and understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques are also important aspects of this role. Moreover, your comprehension of operating systems, applications, infrastructure, cloud computing services, OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle will be beneficial. Strong oral, verbal, and written communication skills are essential for effective collaboration and sharing of insights. Working at Capgemini offers a supportive environment with flexible work arrangements that prioritize work-life balance. You will have access to career growth programs and diverse professional opportunities tailored to your development. Additionally, you can enhance your skills with valuable certifications in cutting-edge technologies like Generative AI. Capgemini is a global leader in business and technology transformation, empowering organizations to navigate the digital and sustainable world with tangible impact. With a diverse team of over 340,000 members in more than 50 countries, Capgemini leverages its 55-year heritage to unlock the value of technology for clients worldwide. From strategy and design to engineering, the company delivers end-to-end services and solutions driven by market-leading capabilities in AI, cloud, and data, complemented by deep industry expertise and a robust partner ecosystem. In 2023, Capgemini reported global revenues of 22.5 billion, reflecting its commitment to addressing the comprehensive business needs of its clients.,

At Capgemini Invent, we believe difference drives change. As inventive transformation consultants, we blend our strategic, creative and scientific capabilities, collaborating closely with clients to deliver cutting-edge solutions. Join us to drive transformation tailored to our client's challenges of today and tomorrow. Informed and validated by science and data. Superpowered by creativity and design. All underpinned by technology created with purpose. Your role involves expertise in Vulnerability Management tools such as Rapid7, Qualys, and Tenable. You should have hands-on experience in implementing and managing security vulnerabilities both on-premises and in the cloud. Additionally, setting up vulnerability scanning profiles and a strong knowledge and understanding of the vulnerability management lifecycle are essential. It is crucial to have in-depth knowledge across all core domains including Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management. Understanding system security vulnerabilities, remediation techniques, and tactics is required. You should be able to comprehend vulnerability testing methodology and effectively communicate testing findings to managers and network administrators. Furthermore, the ability to communicate complex technology to non-tech audiences in a simple and precise manner is essential. Your Profile should include a good understanding of the risk score acceptance process of vulnerabilities, ability to create customized reports, support in the mitigation of vulnerabilities, and knowledge of automation in the existing process. Understanding of Zero Day Vulnerabilities and their process, TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques are also important. You should have knowledge of operating systems, applications, infrastructure, and cloud computing services, along with an understanding of OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle. Good oral, verbal, and written communication skills are necessary for this role. What you will love about working here is the recognition of the significance of flexible work arrangements to provide support. Whether it's remote work or flexible work hours, you will have an environment that allows for a healthy work-life balance. Career growth is at the heart of our mission, with an array of career growth programs and diverse professions crafted to support you in exploring a world of opportunities. Equip yourself with valuable certifications in the latest technologies such as Generative AI. Capgemini is a global business and technology transformation partner, helping organizations accelerate their dual transition to a digital and sustainable world while creating tangible impact for enterprises and society. With a responsible and diverse group of 340,000 team members in more than 50 countries, Capgemini is trusted by clients to unlock the value of technology to address the entire breadth of their business needs. The Group reported 2023 global revenues of 22.5 billion.,

At BMC, trust is not just a word - it's a way of life! We are an award-winning, equal opportunity, culturally diverse, and fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, as we believe that you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! BMC Software is currently seeking a motivated and skilled individual to join the Product Security Group in a senior technical position. The successful candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, and penetration testing. As a penetration tester, you will play a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. **Roles And Responsibilities:** - Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. - Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. - Provide expert guidance on application security best practices. - Research and develop new penetration testing methodologies, tools, and techniques. **Qualifications & Skills:** - 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. - Penetration testing experience is essential; prior participation in bug bounty programs is a plus. - Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). - Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. - Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. - Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. - Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. - Ability to think creatively and analytically to identify and exploit vulnerabilities. - Strong problem-solving skills when encountering unexpected challenges during testing. - Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. - Meticulous attention to detail in documenting findings and creating reports. - Effective time management skills to meet project deadlines and testing schedules. - High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. **Preferred Skills:** - Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). - Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks. BMC's culture is built around its people. With over 6000 brilliant minds working together across the globe, you won't be known just by your employee number, but for your true authentic self. If you are unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experiences to ensure we face the world together with the best ideas.,

Job Purpose and Impact The Professional, Surface Area Management job safeguards the organization's digital assets by identifying and mitigating security vulnerabilities. With limited supervision, this job maintains vulnerability management systems' effectiveness and improves the organization's overall cybersecurity posture. Key Accountabilities The Professional Vulnerability Analyst job safeguards the organizations digital assets by identifying, assessing, and helping remediate vulnerabilities across the global enterprise. With limited supervision, this job maintains vulnerability management systems' effectiveness and improves the organizations overall cybersecurity posture through close coordination with stakeholders such as IT, security engineering, and application owners. This includes the following: Analyzing vulnerability data from tools such as Tenable, Qualys, or Rapid7. Prioritizing vulnerabilities based on risk context. Tracking remediation process and driving accountability with system owners through ticketing systems like Jira or ServiceNow. Strong communication and collaboration skills to work effectively across IT and security teams. Generate and present reports on vulnerability trends, SLA compliance, and risk posture. Support vulnerability scanning operations and troubleshoot scan coverage issues. Collaborate with other cyber security teams like Threat Intelligence to validate and enrich findings. Assist in patch validation and change coordination for remediation activities. Contribute to the tuning of scanning tools and development of custom dashboards. Stay informed on emerging threats, CVEs, zero-days, and best practices in vulnerability management. Solid understanding of CVSS, MITRE ATT&CK, and modern threat landscapes. Familiarity with remediation strategies on Windows, Linux, networking equipment, and cloud services (AWS, Azure, GCP, and/or OCI) - focused specialty in cloud services is a plus. Qualifications Minimum requirement of 2 years of relevant work experience. Typically reflects 3 years or more of relevant experience.

What You'll Do This security analyst will be part of a team tasked with identifying, tracking and verifying the remediation of vulnerabilities in internal and external applications and systems. This role involves performing deep-dive analysis of vulnerabilities, operating vulnerability scanning tools, and building relationships with other groups within the IT organization. Monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services. Conduct continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets. Advise employees responsible for remediation on the best reduction and remediation practices Review and analyze vulnerability data to identify trends and patterns Regularly report on the state of vulnerabilities, including their criticality, exploit probability, business impact, and remediation strategies. Serve as a point of contact for new and existing vulnerability-related issues. Provide vulnerability education and guidance to stakeholders, developers, IT and business leaders as needed. Maintain documentation related to vulnerability policies and procedures. Perform other duties as assigned. Qualifications Bachelor's degree in a technical discipline 3-5 years of experience in security operations, vulnerability management or IT operations Skills Ability to analyze and understand vulnerabilities and exploits Proficiency with commercial and open source vulnerability management solutions. Understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques. Understanding of operating systems, applications, infrastructure, and cloud computing services. Understanding of OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle. Capacity to comprehend complex technical infrastructure, managed services, and third-party dependencies. Preferably some experience with vulnerability management across AWS, Azure, or Google cloud Platform. Experience in threat hunting, adversary emulation, or red teaming exercises is a plus. Strong communication skills: Ability to communicate effectively across all levels of the organization. Project management skills: Strong project management, multitasking, and organizational skills.

The Manager, Exposure Management plays a crucial role in identifying, analyzing, and mitigating cybersecurity exposures across enterprise systems. Your focus will be on vulnerability management, attack surface monitoring, and web application scanning to ensure timely detection and response to risks impacting the organization's digital footprint. It is essential to possess strong technical expertise, attention to detail, and the ability to collaborate across teams to influence remediation activities and enhance security posture. Key Responsibilities - Operate enterprise vulnerability scanning platforms, validate findings, and monitor remediation efforts effectively. - Continuously assess the organization's internal and external attack surface for untracked assets, misconfigurations, and exposed services. - Identify and manage asset ownership across business units, ensuring accurate data consistently reflected in the configuration management database (CMDB). - Collaborate with infrastructure, application, and business stakeholders for prompt and comprehensive updates to asset and ownership records. - Configure, execute, and analyze web application security scans, working closely with development teams to address identified issues. - Prioritize vulnerabilities based on exploitability, threat intelligence, and business impact using structured frameworks and tools. - Prepare detailed reports and dashboards tailored for various audiences, from technical teams to executive leadership. - Partner with IT, infrastructure, and cybersecurity stakeholders to facilitate risk-informed remediation activities. - Contribute to continuous process enhancements and tool optimization throughout the exposure management lifecycle. Basic Qualifications - A Bachelor's degree in Computer Science, Information Security, Engineering, or a related technical field, along with a minimum of 10 years of experience in cybersecurity, focusing on vulnerability or exposure management. - A Master's degree in Computer Science, Information Security, Engineering, or a related technical field, combined with at least 8 years of experience in cybersecurity, with a focus on vulnerability or exposure management. Preferred Qualifications - Hands-on experience with tools like Tenable, Qualys, Rapid7, or similar platforms. - Familiarity with web application scanning tools and techniques. - Experience in managing or supporting a CMDB and asset lifecycle processes in a large organization. - Understanding of frameworks such as CVSS, MITRE ATT&CK, and NIST CSF. - Strong communication and analytical skills to effectively communicate technical risks to business stakeholders. - Experience supporting compliance and regulatory programs within a global business context. In addition to competitive benefits programs, we offer health insurance, professional development opportunities, and an Employee Assistance Programme to help you achieve your personal goals. At our organization, we value the expertise, creativity, and passion of our employees and strive to create an inclusive environment that promotes growth, innovation, and diversity. Join us and be part of The Carrier Way, where you can make a difference. Apply now!,

We are looking for an experienced Application Security Engineer with 23 years of hands-on experience in security testing across web, mobile, API, and cloud environments. You will perform in-depth manual and automated testing, identify vulnerabilities using frameworks like OWASP and NIST, and provide actionable remediation guidance with clear PoCs. This role involves close collaboration with development and DevOps teams to integrate security into the SDLC, support secure coding practices, and contribute to threat simulations and R&D efforts. Strong knowledge of CVSS, MITRE ATT&CK, and scripting skills (Python, Bash) are essential, along with the ability to clearly communicate security findings to both technical and non-technical stakeholders Key Responsibilities: Conduct hands-on security testing of web applications, mobile apps, cloud environments, and APIs, identifying security vulnerabilities based on industry-standard methodologies (e.g., OWASP, SANS, NIST). Evaluate the risk and severity of discovered vulnerabilities using frameworks such as CVSS and document findings with clear Proof-of-Concepts (PoCs), highlighting real-world business impact and custom remediation guidance. Collaborate with development teams to explain vulnerabilities, answer technical queries, and recommend secure coding practices and mitigation strategies. Participate in research and development (R&D) initiatives, including the discovery of new attack vectors, tooling improvements, and security automation. Contribute to secure SDLC processes, including secure design reviews, code reviews alongside DevOps and architecture teams. Assist in conducting threat simulations, adversary emulation, and red team exercises when required. Maintain awareness of emerging threats, CVEs, and vulnerability trends affecting web, mobile, and cloud technologies. Required Skills & Tools 2-3 years of hands-on experience in security testing or penetration testing across web, mobile, API, and/or network layers. Bachelors degree in Computer Science or a related technical field (or equivalent experience). Having published CVEs is considered a strong advantage. Solid knowledge of OWASP Top 10, MITRE ATT&CK, and Secure Coding Guidelines. Strong understanding of manual testing approaches — not just tool-assisted scans. Hands-on experience with reporting, PoC generation, and remediation consulting. Scripting or automation skills in Python, Bash for creating custom tools. Effective communication skills to interact with both technical and non-technical stakeholders.

Role Overview: The Security Engineer is a technical security position in the F5 Security Incident Response Team (F5 SIRT). Addressing security issues in F5 products is the responsibility of the F5 Security Incident Response Team (F5 SIRT). The F5 SIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to F5 products and networks. The Security Engineer is well versed in a breadth of security threats, incident handling methodologies and offensive/defensive attack vectors. The Security Engineer follows incident handling procedures to drive mitigation of security incidents and will be called to perform attack analysis, configuration suggestions, and potential onsite interaction. A Security Engineer can handle multiple active issues of diverse scope simultaneously while maintaining good communication, particularly written communication to our customers, and accepts ownership of issues until a resolution is delivered or a business as usual state is returned, providing high customer satisfaction. When not engaged in incidents, an Security Engineer will mentor other security related issues. A good candidate has a deep passion for security and a desire to help develop a security mindset in others. The role also requires a strong ability to work with incomplete information and to adapt to changing priorities. Sounds interesting? Read on! What Youll Do: Primary Responsibilities Responsible for upholding F5s business code of ethics & for promptly reporting violations of the code or other company policies Manages multiple issues and prioritizes based upon customer and business needs, without direction Provides F5 customers with a consistently high-quality support experience Assist Senior Security Engineer with other tasks as required based upon business operation needs Effectively engages supporting escalation personnel, without direction Participate in weekend support rotation Product Vulnerability Response and Management Work with the PD Platform Security team to maintain the 3rd Party Module Vulnerability Triage information Open Escalation when requested by Platform Security to investigate orphaned Vulnerability bugs Participate in the release meetings and triage bugs for release Assist ENE owners with ENE006 SRs that are in deadlock or stalled Perform threat and vulnerability management, monitoring of CVE and vendor notifications Monitor the F5SIRT shared mailbox, identify external researchers and create SRs where necessary to be assigned to Security Engineers Customer Security Incident Response Provide incident handling and drives both attack analysis and mitigation options Participate in tier 2 and tier 3 security support Follows processes defined in F5s Quality Management System (QMS) Mentoring Security SRs to resolution - Proactively monitors Securty Service Request (SR) with long Time to Resolution (TTR) Working with F5 SIRT Specialists to handle ESRP cases Maintain incident documentation, participate in post-mortems, and write incident reports. Working with SR Security Engineers on post-mortem for ESRP incidents Tracking attack trends and threat intelligence from different sources Monitors security issues in order to identify and act upon them as they occur Active Mentoring Running workshops to help F5 SIRT Specialists build hands-on experience in a lab environment in order to better prepare for dealing with attacks in the real environment With Sr. Sec Eng Simulating typical customer network environment (in terms of versions, modules, network devices), running different attacks, documenting security incident response plan and exercising it Work closely with others to develop incident response plans Building Security Mindset - Security Evangelism Running regional F5 SIRT meetings Handling reactive mentor questions on Security from F5 SIRT Specialists and NSEs Monitor F5 SIRT email Creating security presentations for a wide audience Engages in on-going training within the security field and with F5 products May lead projects and provide guidance/training to less experienced staff and mentoring. Evaluate and execute cross-functional security initiatives across the enterprise. Work with cross functional Engineering teams to ensure all systems are properly remediated according to our policies and standards. What Youll Bring: Minimum of 5 years of related experience in a technical security role such as support, monitoring or consulting (e.g. pen testing) working with relevant technologies Appropriate security based qualification; CISSP, GCIH (or demonstrated skills and ability to obtain certification) more than one certification preferred. Strong understanding of industry standards such as CVE, CPE, and CVSS Experience with security incident handling processes, procedures and methodologies. Technical experience with identifying and mitigating a breadth of attacks such as DDoS, web application, DNS and other network attacks. Knowledge with common security vulnerabilities and the ability to judge their severity Experience with working security incidents at corporate production environments Experience working with network and packet analysis tools BA/BS degree or equivalent experience Knowledge with Web Application Firewalls, Firewalls and IPS/IDS Experience with network vulnerability scanners OS hardening and security best practices Hands on technical experience with andvery knowledgeable on LAN/WAN operations, and/or networking hardware required CVE and CERT experience Knowledge of security offensive/defensive techniques and methodologies. Understanding of security attack/defense methodologies (e.g. DNS, network TCP/IP, SSL and HTTP) Intermediate understanding and working knowledge of TCP/IP, SSL, DNS, HTTP and common protocols. Knowledge of network and security monitoring tools Coding experience having in addition to Python knowledge in other scripting languages Familiarity with load balancers, WAFs and common network architectures Working knowledge of standard UNIX/Linux command line tools Ability to generate new training and knowledge sharing content via various delivery method Proven track record in a team environment Analytical thinker with strong attention to detail Must be able to read, write and speak English fluently, including technical concepts and terminology. Must be able to relay technical information to customers with varying skill levels Ability to create attack Proof of Concepts Experience with incident tracking software, Seibel experience a plus

At Capgemini Invent, we believe difference drives change. As inventive transformation consultants, we blend our strategic, creative and scientific capabilities,collaborating closely with clients to deliver cutting-edge solutions. Join us to drive transformation tailored to our client's challenges of today and tomorrow.Informed and validated by science and data. Superpowered by creativity and design. All underpinned by technology created with purpose. Your role Expertise on Vulnerability Management tools- Rapid7/Qualys/Tenable. Hands on experience in Implementation and Managing Security vulnerabilities (on-prem and cloud). Hands on experience in setting up vulnerability scanning profiles. Strong Knowledge & Understanding on vulnerability management lifecycle. In depth knowledge across all core domains Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management knowledge on system security vulnerabilities, remediation techniques and tactics. should understand vulnerability testing methodology and be able to communicate testing finding to managers and network administrators. Ability to communicate complex technology to no tech audience in simple and precise manner. Your Profile Good understanding on Risk score acceptance process of the vulnerabilities. Ability to create customized Reports. Support in the mitigation of vulnerabilities. Automation knowledge in the existing process. Understanding of Zero Day Vulnerabilities and their process. Understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques. Understanding of operating systems, applications, infrastructure, and cloud computing services. Understanding of OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle. Good in Oral, Verbal, and Written communication skills. What you will love about working here We recognize the significance of flexible work arrangements to provide support. Be it remote work, or flexible work hours, you will get an environment to maintain healthy work life balance. At the heart of our mission is your career growth. Our array of career growth programs and diverse professions are crafted to support you in exploring a world of opportunities. Equip yourself with valuable certifications in the latest technologies such as Generative AI.

Job Summary Experienced Vulnerability Management and penetration testing Governance lead will manage a team to oversee the identification, assessment, and remediation of security vulnerabilities across enterprise systems. This role will focus on establishing a proactive security posture, ensuring compliance with industry standards, and driving governance initiatives to mitigate risks effectively along with strong leadership and project management skills. Vulnerability Assessment: Lead regular vulnerability scans and penetration testing across infrastructure, cloud environments and outside-In. Security Baseline: Lead development and implementation of Security Baseline using CIS Benchmarks by determining the systems, applications, and network devices to be secured (e.g., Windows, Linux, Cloud, Docker, Kubernetes). Risk Analysis & Prioritization: Evaluate identified vulnerabilities based on severity, exploitability, and potential business impact. Remediation Planning: Collaborate with IT, security, engineering and entity teams to ensure timely remediation of high-risk vulnerabilities. Governance & Compliance: Develop and enforce security governance frameworks in line with industry standards (e.g., NIST, CIS, ISO 27001, PCI-DSS). Threat Intelligence Integration Leverage global threat intelligence feeds to stay ahead of emerging security threats and vulnerabilities. Security Policy Development: Define policies and best practices for vulnerability management, reporting, and remediation. Automation & Continuous Monitoring: Implement automated vulnerability scanning tools and ensure ongoing security assessments. Incident Response Support: Provide technical guidance in vulnerability-related security incidents and audits. Reporting & Metrics: Establish key risk indicators and provide executive reports on vulnerability trends and remediation progress. Experience: 12+ years in cybersecurity, vulnerability management, or Penetration testing roles. Technical Expertise: Hands-on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7, Nessus, OpenVAS), penetration testing and threat intelligence platforms. Penetration Testing & Ethical Hacking Experience with tools like Metasploit, Burp Suite, Nmap, and Wireshark for real-world security assessments. Security Framework Knowledge: Strong understanding of NIST, CIS benchmarks, OWASP Top 10, and CVSS scoring models. Compliance Awareness: Familiarity with regulatory standards affecting security risk management. Leadership & Communication: Ability to coordinate with multiple stakeholders, drive security improvements, and articulate risks effectively. Certifications such as CISSP, CISM, CEH, OSCP or equivalent. Experience in cloud vulnerability management (AWS, Azure, GCP). Knowledge of DevSecOps practices and security automation. Reinvent your world.We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Key Responsibilities: Lead and execute vulnerability assessments across enterprise systems using Qualys VMDR and related modules. Manage and optimize Qualys scanning infrastructure including scanner appliances and cloud agents. Develop and maintain scanning strategies and schedules for internal and external assets. Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with stakeholders. Generate detailed reports and dashboards using Qualys reporting tools and best practices. Ensure compliance with internal security policies and external regulatory requirements. Provide technical guidance and mentorship to junior team members. Collaborate with IT, DevOps, and application teams to integrate vulnerability management into CI/CD pipelines. Required Skills and Experience: 5+ years of experience in vulnerability assessment and management. Hands-on experience with Qualys VMDR, Patch Management, and Continuous Monitoring. Strong understanding of vulnerability lifecycle, CVSS scoring, and remediation workflows. Experience with asset discovery, host tracking, and scanning best practices. Familiarity with scripting (Python, PowerShell) for automation and integration. Knowledge of network protocols, operating systems, and web application security. Industry certifications such as CEH, CISSP, or Qualys certifications are a plus. Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Vulnerability Management. Experience3-5 Years.

We're Hiring: Vulnerability Management Engineer (Permanent Role) Location : Indiqube Platina, Commissariat Rd, Ashok Nagar, Bangalore Shift : Rotational | Type : Full-Time, Permanent Email to Apply : ankitm@infotreeservice.com Infotree Global Solutions is looking for a Vulnerability Management Engineer who is passionate about cybersecurity and risk mitigation. This is a great opportunity to join a dynamic team and work on cutting-edge security operations that make a real impact. What You'll Do: Lead the end-to-end vulnerability management lifecycle . Operate tools like Tenable Nessus , Cisco Kenna , and Vonahi vPentest . Analyze scan results, assess CVSS/CVE risks, and drive remediation efforts. Engage directly with clients to communicate findings and recommend improvements . Monitor zero-day threats and stay ahead of the threat landscape. What You Bring: 3+ years of hands-on experience with vulnerability scanning tools . Strong understanding of CVSS, CVE, NIST , and OWASP Top 10 . Technical know-how across Windows, Unix/Linux, AWS, and VMware . Ability to clearly explain technical results to both clients and stakeholders. Nice to Have: Certifications: CEH , Security+ , or PenTest+ . Experience in compliance frameworks like ISO, NIST, SOC . Join a company that values innovation, collaboration, and continuous learning. Ready to secure the future with us? Send your resume to: ankitm@infotreeservice.com

Job Title: Application Security Engineer SAST & DAST Experience Required: 3 to 8 Years Location: Hyderabad / Bangalore / Chennai / Mumbai / Pune / Kolkata / Gurgaon Mode of Interview: MS Teams (12 rounds) Notice Period: 0 to 30 Days Job Overview: We are looking for an experienced Application Security Engineer specializing in SAST & DAST to join our growing team. The ideal candidate will be responsible for integrating security throughout the software development lifecycle (SDLC), implementing and managing security tools, and driving security best practices across the organization. Key Responsibilities: Implement and manage application security testing activities throughout the development, deployment, and maintenance phases. Perform Static Application Security Testing (SAST) using tools like Checkmarx and Fortify . Execute and manage Dynamic Application Security Testing (DAST) tools such as AppScan and WebInspect . Conduct secure code reviews in languages including Java, .NET, Swift, Objective-C . Integrate security tools in DevOps pipelines and CI/CD environments (e.g., Jenkins, TeamCity, Bamboo, Chef, Puppet). Apply OWASP Top 10 , SANS Secure Coding Practices , and Security Engineering Principles during development and assessment. Analyze, triage, and report vulnerabilities using CVSS scoring and determine business impact. Perform penetration testing for web, mobile, and desktop applications. Implement mobile security testing techniques, including bypassing SSL pinning , root detection , reverse engineering , and manifest analysis . Work with containerized environments such as Docker and Kubernetes . Utilize at least one scripting language (e.g., Python, Bash, PowerShell) for automation or security tooling. Required Skills & Experience: Strong experience with SAST and DAST tools (Checkmarx, Fortify, AppScan, WebInspect) Familiarity with OWASP Top 10 , secure coding practices, and vulnerability remediation Proficient in secure code review for Java, .NET, Swift, Objective-C Solid understanding of DevSecOps practices and security toolchain integration Hands-on experience with CI/CD tools (Jenkins, TeamCity, Bamboo, etc.) Experience with container security in Docker/Kubernetes environments Knowledge of CVSS scoring and vulnerability risk assessment Understanding of mobile application security techniques and concepts Experience with scripting in Python, Bash, or equivalent Preferred Qualifications: Security certifications (e.g., CEH, OSCP, GWEB, GWAPT, Security+ ) Exposure to cloud environments (AWS, Azure, GCP) from a security standpoint Familiarity with automated testing tools like Selenium Experience working in Agile and DevOps environments Interested Candidates can share your updated resume to subashini.gopalan@kiya.ai

To act as the SPOC for all third-party audits, especially from BFSI clients & create Network Infrastructure. JD: https://www.pinnacle.in/career/security-manager JD:https://www.pinnacle.in/career/network-manager To work purely from HO Nagpur