639 Fortify Jobs - Page 3

Summary Position Summary ApplicationSecurity—Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’sCyberRiskServiceshavebeenrecognizedasaleaderbyanumberofindependentanalystfirms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do As a Senior Consultant in the hybrid operate business, you are responsible for adhering to the defined operatingproceduresandguidelinesinoperatingthe applicationsecurityservicesintheManagedServicesmodel, which includes the following: UnderstandandbecompliantwiththeServiceLevelAgreementsdefinedfortheDevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoringandperformingthe securitydesignreview,architecturereview,threatmodeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how theapplicationenvironmentoperatesinasecureenvironmentandhowexceptionsarehandledduring operations; Facilitateuseoftechnology-basedtoolsormethodologiestocontinuouslyimprovethemonitoring, management and reliability of the service; Performmanualandautomatedsecurityassessmentofthe applications; Involvedintriaginganddefecttrackingprocesswiththedevelopmentteamandhelpingtheteamto fix issues at the code level based on the priority of the tickets; BealiaisonbetweentheApplicationdevelopmentandinfrastructureteam,andintegratethe processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying,researchingandanalyzingapplicationsecurityeventswhichmayincludeemergingand existing persistent threats to the client's environment; and Performingactivemonitoringandtrackingofapplicationrelatedthreatactorsandtactics,techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependenciesfortheirday-to-dayoperations.Theprocessenablestheclienttoaddresskeyvulnerabilitiesandrisks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threattoanorganization.Thisdetectionofapplicationthreats/vulnerabilitiesiscarriedoutusingauniqueblendofour applicationsecuritytestingandmonitoringtoolsandintelligencedatacollectedthroughourvastexperiencewithinthe Advice and Implement business. Required: Minimumof5-7 years’experienceinapplicationsecuritydevelopment,securitytesting,deploymentand security management phases; Deepinterestinapplicationspecificvulnerabilities,codedevelopmentandinfrastructure knowledge; Investigativeandanalyticalproblem-solving skills; Experienceincollecting,analyzing,andinterpretingqualitativeandquantitativedatafromdefinedapplication security services related sources (tools, monitoring techniques etc.) KnowledgeandexperienceofOWASPTop10,SANSSecureProgramming,SecurityEngineering Principles; Hands-onexperienceinperformingcodereviewofdotNet,JavaandSwiftand objectiveC code; Hands-onexperienceinrunning,installingandmanagingSAST,DAST , SCA andIASTsolutions,suchasCheckmarx, Fortify and Contrast in large enterprise Understandingofleadingvulnerabilityscoringstandards,suchasCVSS,andabilitytotranslatevulnerability severity as security risk; Hands-onexperienceonatleastoneCI/CDtoolsetandbuildingpipelines usingTeamcity,Bamboo,Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; HandsonexperienceoncontainertechnologysuchasKubernetes,Dockers,AKS, EKS. Knowledgeofcloudenvironmentsanddeploymentsolutionssuchasserverless computing; Handsonexperiencein penetrationtestingofmobile,desktopandweb applications; Musthaveexperienceinwritingcustomexploitationscriptsand utilities; Possessionofexcellentoralandwrittencommunication skill; Knowledgeofoneormorescriptinglanguagesforautomationandcomplex searches; MusthavecloudsecurityspecializationinSecurity; and Certificationsuchas EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc.are preferred. Preferred: Bachelor’sincomputerscience orothertechnical fields; Experienceincloud service providerssuchasAWS, GCP, Azure, Oracleare preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. SolidanddemonstrablecomprehensionofInformationSecurityincludingOWASP/SANS,SecurityTestCase development(ormis-usecase). Understandingofsecurityessentialsincluding;networkingconcepts,defensestrategies,andcurrentsecurity technologies Abilitytoresearchandcharacterizesecuritythreatstoincludeidentificationandclassificationofapplicationrelated threat indicators Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin theirown way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-basedlearning,andeLearning.DeloitteUniversity(DU):TheLeadershipCenterinIndia,ourstate-of-the-art, world-classlearningcenterintheHyderabadoffice,isanextensionoftheDUinWestlake,Texas,andrepresents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandare continuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesour diversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301449

Summary Position Summary ApplicationSecurity—Solution Delivery Advisor Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’sCyberRiskServiceshavebeenrecognizedasaleaderbyanumberofindependentanalystfirms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do As a Consultant in the hybrid operate business, you are responsible for adhering to the defined operatingproceduresandguidelinesinoperatingthe applicationsecurityservicesintheManagedServicesmodel, which includes the following: UnderstandandbecompliantwiththeServiceLevelAgreementsdefinedfortheDevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoringandperformingthe securitydesignreview,architecturereview,threatmodeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how theapplicationenvironmentoperatesinasecureenvironmentandhowexceptionsarehandledduring operations; Facilitateuseoftechnology-basedtoolsormethodologiestocontinuouslyimprovethemonitoring, management and reliability of the service; Performmanualandautomatedsecurityassessmentofthe applications; Involvedintriaginganddefecttrackingprocesswiththedevelopmentteamandhelpingtheteamto fix issues at the code level based on the priority of the tickets; BealiaisonbetweentheApplicationdevelopmentandinfrastructureteam,andintegratethe processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying,researchingandanalyzingapplicationsecurityeventswhichmayincludeemergingand existing persistent threats to the client's environment; and Performingactivemonitoringandtrackingofapplicationrelatedthreatactorsandtactics,techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependenciesfortheirday-to-dayoperations.Theprocessenablestheclienttoaddresskeyvulnerabilitiesandrisks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threattoanorganization.Thisdetectionofapplicationthreats/vulnerabilitiesiscarriedoutusingauniqueblendofour applicationsecuritytestingandmonitoringtoolsandintelligencedatacollectedthroughourvastexperiencewithinthe Advice and Implement business. Required: Minimumof3-5years’experienceinapplicationsecuritydevelopment,securitytesting,deploymentand security management phases; Deepinterestinapplicationspecificvulnerabilities,codedevelopmentandinfrastructure knowledge; Investigativeandanalyticalproblem-solving skills; Experienceincollecting,analyzing,andinterpretingqualitativeandquantitativedatafromdefinedapplication security services related sources (tools, monitoring techniques etc.) KnowledgeandexperienceofOWASPTop10,SANSSecureProgramming,SecurityEngineering Principles; Hands-onexperienceinperformingcodereviewofdotNet,JavaandSwiftand objectiveC code; Hands-onexperienceinrunning,installingandmanagingSAST,DAST , SCA andIASTsolutions,suchasCheckmarx, Fortify and Contrast in large enterprise Understandingofleadingvulnerabilityscoringstandards,suchasCVSS,andabilitytotranslatevulnerability severity as security risk; Hands-onexperienceonatleastoneCI/CDtoolsetandbuildingpipelines usingTeamcity,Bamboo,Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; HandsonexperienceoncontainertechnologysuchasKubernetes,Dockers,AKS, EKS. Knowledgeofcloudenvironmentsanddeploymentsolutionssuchasserverless computing; Handsonexperiencein penetrationtestingofmobile,desktopandweb applications; Musthaveexperienceinwritingcustomexploitationscriptsand utilities; Possessionofexcellentoralandwrittencommunication skill; Knowledgeofoneormorescriptinglanguagesforautomationandcomplex searches; MusthavecloudsecurityspecializationinSecurity; and Certificationsuchas EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc.are preferred. Preferred: Bachelor’sincomputerscience orothertechnical fields; Experienceincloud service providerssuchasAWS, GCP, Azure, Oracleare preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. SolidanddemonstrablecomprehensionofInformationSecurityincludingOWASP/SANS,SecurityTestCase development(ormis-usecase). Understandingofsecurityessentialsincluding;networkingconcepts,defensestrategies,andcurrentsecurity technologies Abilitytoresearchandcharacterizesecuritythreatstoincludeidentificationandclassificationofapplicationrelated threat indicators Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin theirown way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-basedlearning,andeLearning.DeloitteUniversity(DU):TheLeadershipCenterinIndia,ourstate-of-the-art, world-classlearningcenterintheHyderabadoffice,isanextensionoftheDUinWestlake,Texas,andrepresents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandare continuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesour diversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301444

Summary Position Summary ApplicationSecurity—Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’sCyberRiskServiceshavebeenrecognizedasaleaderbyanumberofindependentanalystfirms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do As a Senior Consultant in the hybrid operate business, you are responsible for adhering to the defined operatingproceduresandguidelinesinoperatingthe applicationsecurityservicesintheManagedServicesmodel, which includes the following: UnderstandandbecompliantwiththeServiceLevelAgreementsdefinedfortheDevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoringandperformingthe securitydesignreview,architecturereview,threatmodeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how theapplicationenvironmentoperatesinasecureenvironmentandhowexceptionsarehandledduring operations; Facilitateuseoftechnology-basedtoolsormethodologiestocontinuouslyimprovethemonitoring, management and reliability of the service; Performmanualandautomatedsecurityassessmentofthe applications; Involvedintriaginganddefecttrackingprocesswiththedevelopmentteamandhelpingtheteamto fix issues at the code level based on the priority of the tickets; BealiaisonbetweentheApplicationdevelopmentandinfrastructureteam,andintegratethe processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying,researchingandanalyzingapplicationsecurityeventswhichmayincludeemergingand existing persistent threats to the client's environment; and Performingactivemonitoringandtrackingofapplicationrelatedthreatactorsandtactics,techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependenciesfortheirday-to-dayoperations.Theprocessenablestheclienttoaddresskeyvulnerabilitiesandrisks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threattoanorganization.Thisdetectionofapplicationthreats/vulnerabilitiesiscarriedoutusingauniqueblendofour applicationsecuritytestingandmonitoringtoolsandintelligencedatacollectedthroughourvastexperiencewithinthe Advice and Implement business. Required: Minimumof5-7 years’experienceinapplicationsecuritydevelopment,securitytesting,deploymentand security management phases; Deepinterestinapplicationspecificvulnerabilities,codedevelopmentandinfrastructure knowledge; Investigativeandanalyticalproblem-solving skills; Experienceincollecting,analyzing,andinterpretingqualitativeandquantitativedatafromdefinedapplication security services related sources (tools, monitoring techniques etc.) KnowledgeandexperienceofOWASPTop10,SANSSecureProgramming,SecurityEngineering Principles; Hands-onexperienceinperformingcodereviewofdotNet,JavaandSwiftand objectiveC code; Hands-onexperienceinrunning,installingandmanagingSAST,DAST , SCA andIASTsolutions,suchasCheckmarx, Fortify and Contrast in large enterprise Understandingofleadingvulnerabilityscoringstandards,suchasCVSS,andabilitytotranslatevulnerability severity as security risk; Hands-onexperienceonatleastoneCI/CDtoolsetandbuildingpipelines usingTeamcity,Bamboo,Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; HandsonexperienceoncontainertechnologysuchasKubernetes,Dockers,AKS, EKS. Knowledgeofcloudenvironmentsanddeploymentsolutionssuchasserverless computing; Handsonexperiencein penetrationtestingofmobile,desktopandweb applications; Musthaveexperienceinwritingcustomexploitationscriptsand utilities; Possessionofexcellentoralandwrittencommunication skill; Knowledgeofoneormorescriptinglanguagesforautomationandcomplex searches; MusthavecloudsecurityspecializationinSecurity; and Certificationsuchas EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc.are preferred. Preferred: Bachelor’sincomputerscience orothertechnical fields; Experienceincloud service providerssuchasAWS, GCP, Azure, Oracleare preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. SolidanddemonstrablecomprehensionofInformationSecurityincludingOWASP/SANS,SecurityTestCase development(ormis-usecase). Understandingofsecurityessentialsincluding;networkingconcepts,defensestrategies,andcurrentsecurity technologies Abilitytoresearchandcharacterizesecuritythreatstoincludeidentificationandclassificationofapplicationrelated threat indicators Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin theirown way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-basedlearning,andeLearning.DeloitteUniversity(DU):TheLeadershipCenterinIndia,ourstate-of-the-art, world-classlearningcenterintheHyderabadoffice,isanextensionoftheDUinWestlake,Texas,andrepresents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandare continuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesour diversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301449

Summary Position Summary ApplicationSecurity—Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’sCyberRiskServiceshavebeenrecognizedasaleaderbyanumberofindependentanalystfirms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do As a Senior Consultant in the hybrid operate business, you are responsible for adhering to the defined operatingproceduresandguidelinesinoperatingthe applicationsecurityservicesintheManagedServicesmodel, which includes the following: UnderstandandbecompliantwiththeServiceLevelAgreementsdefinedfortheDevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoringandperformingthe securitydesignreview,architecturereview,threatmodeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how theapplicationenvironmentoperatesinasecureenvironmentandhowexceptionsarehandledduring operations; Facilitateuseoftechnology-basedtoolsormethodologiestocontinuouslyimprovethemonitoring, management and reliability of the service; Performmanualandautomatedsecurityassessmentofthe applications; Involvedintriaginganddefecttrackingprocesswiththedevelopmentteamandhelpingtheteamto fix issues at the code level based on the priority of the tickets; BealiaisonbetweentheApplicationdevelopmentandinfrastructureteam,andintegratethe processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying,researchingandanalyzingapplicationsecurityeventswhichmayincludeemergingand existing persistent threats to the client's environment; and Performingactivemonitoringandtrackingofapplicationrelatedthreatactorsandtactics,techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependenciesfortheirday-to-dayoperations.Theprocessenablestheclienttoaddresskeyvulnerabilitiesandrisks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threattoanorganization.Thisdetectionofapplicationthreats/vulnerabilitiesiscarriedoutusingauniqueblendofour applicationsecuritytestingandmonitoringtoolsandintelligencedatacollectedthroughourvastexperiencewithinthe Advice and Implement business. Required: Minimumof5-7 years’experienceinapplicationsecuritydevelopment,securitytesting,deploymentand security management phases; Deepinterestinapplicationspecificvulnerabilities,codedevelopmentandinfrastructure knowledge; Investigativeandanalyticalproblem-solving skills; Experienceincollecting,analyzing,andinterpretingqualitativeandquantitativedatafromdefinedapplication security services related sources (tools, monitoring techniques etc.) KnowledgeandexperienceofOWASPTop10,SANSSecureProgramming,SecurityEngineering Principles; Hands-onexperienceinperformingcodereviewofdotNet,JavaandSwiftand objectiveC code; Hands-onexperienceinrunning,installingandmanagingSAST,DAST , SCA andIASTsolutions,suchasCheckmarx, Fortify and Contrast in large enterprise Understandingofleadingvulnerabilityscoringstandards,suchasCVSS,andabilitytotranslatevulnerability severity as security risk; Hands-onexperienceonatleastoneCI/CDtoolsetandbuildingpipelines usingTeamcity,Bamboo,Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; HandsonexperienceoncontainertechnologysuchasKubernetes,Dockers,AKS, EKS. Knowledgeofcloudenvironmentsanddeploymentsolutionssuchasserverless computing; Handsonexperiencein penetrationtestingofmobile,desktopandweb applications; Musthaveexperienceinwritingcustomexploitationscriptsand utilities; Possessionofexcellentoralandwrittencommunication skill; Knowledgeofoneormorescriptinglanguagesforautomationandcomplex searches; MusthavecloudsecurityspecializationinSecurity; and Certificationsuchas EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc.are preferred. Preferred: Bachelor’sincomputerscience orothertechnical fields; Experienceincloud service providerssuchasAWS, GCP, Azure, Oracleare preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. SolidanddemonstrablecomprehensionofInformationSecurityincludingOWASP/SANS,SecurityTestCase development(ormis-usecase). Understandingofsecurityessentialsincluding;networkingconcepts,defensestrategies,andcurrentsecurity technologies Abilitytoresearchandcharacterizesecuritythreatstoincludeidentificationandclassificationofapplicationrelated threat indicators Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin theirown way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-basedlearning,andeLearning.DeloitteUniversity(DU):TheLeadershipCenterinIndia,ourstate-of-the-art, world-classlearningcenterintheHyderabadoffice,isanextensionoftheDUinWestlake,Texas,andrepresents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandare continuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesour diversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301449

Summary Position Summary ApplicationSecurity—Solution Delivery Advisor Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’sCyberRiskServiceshavebeenrecognizedasaleaderbyanumberofindependentanalystfirms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do As a Consultant in the hybrid operate business, you are responsible for adhering to the defined operatingproceduresandguidelinesinoperatingthe applicationsecurityservicesintheManagedServicesmodel, which includes the following: UnderstandandbecompliantwiththeServiceLevelAgreementsdefinedfortheDevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoringandperformingthe securitydesignreview,architecturereview,threatmodeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how theapplicationenvironmentoperatesinasecureenvironmentandhowexceptionsarehandledduring operations; Facilitateuseoftechnology-basedtoolsormethodologiestocontinuouslyimprovethemonitoring, management and reliability of the service; Performmanualandautomatedsecurityassessmentofthe applications; Involvedintriaginganddefecttrackingprocesswiththedevelopmentteamandhelpingtheteamto fix issues at the code level based on the priority of the tickets; BealiaisonbetweentheApplicationdevelopmentandinfrastructureteam,andintegratethe processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying,researchingandanalyzingapplicationsecurityeventswhichmayincludeemergingand existing persistent threats to the client's environment; and Performingactivemonitoringandtrackingofapplicationrelatedthreatactorsandtactics,techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependenciesfortheirday-to-dayoperations.Theprocessenablestheclienttoaddresskeyvulnerabilitiesandrisks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threattoanorganization.Thisdetectionofapplicationthreats/vulnerabilitiesiscarriedoutusingauniqueblendofour applicationsecuritytestingandmonitoringtoolsandintelligencedatacollectedthroughourvastexperiencewithinthe Advice and Implement business. Required: Minimumof3-5years’experienceinapplicationsecuritydevelopment,securitytesting,deploymentand security management phases; Deepinterestinapplicationspecificvulnerabilities,codedevelopmentandinfrastructure knowledge; Investigativeandanalyticalproblem-solving skills; Experienceincollecting,analyzing,andinterpretingqualitativeandquantitativedatafromdefinedapplication security services related sources (tools, monitoring techniques etc.) KnowledgeandexperienceofOWASPTop10,SANSSecureProgramming,SecurityEngineering Principles; Hands-onexperienceinperformingcodereviewofdotNet,JavaandSwiftand objectiveC code; Hands-onexperienceinrunning,installingandmanagingSAST,DAST , SCA andIASTsolutions,suchasCheckmarx, Fortify and Contrast in large enterprise Understandingofleadingvulnerabilityscoringstandards,suchasCVSS,andabilitytotranslatevulnerability severity as security risk; Hands-onexperienceonatleastoneCI/CDtoolsetandbuildingpipelines usingTeamcity,Bamboo,Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; HandsonexperienceoncontainertechnologysuchasKubernetes,Dockers,AKS, EKS. Knowledgeofcloudenvironmentsanddeploymentsolutionssuchasserverless computing; Handsonexperiencein penetrationtestingofmobile,desktopandweb applications; Musthaveexperienceinwritingcustomexploitationscriptsand utilities; Possessionofexcellentoralandwrittencommunication skill; Knowledgeofoneormorescriptinglanguagesforautomationandcomplex searches; MusthavecloudsecurityspecializationinSecurity; and Certificationsuchas EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc.are preferred. Preferred: Bachelor’sincomputerscience orothertechnical fields; Experienceincloud service providerssuchasAWS, GCP, Azure, Oracleare preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. SolidanddemonstrablecomprehensionofInformationSecurityincludingOWASP/SANS,SecurityTestCase development(ormis-usecase). Understandingofsecurityessentialsincluding;networkingconcepts,defensestrategies,andcurrentsecurity technologies Abilitytoresearchandcharacterizesecuritythreatstoincludeidentificationandclassificationofapplicationrelated threat indicators Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin theirown way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-basedlearning,andeLearning.DeloitteUniversity(DU):TheLeadershipCenterinIndia,ourstate-of-the-art, world-classlearningcenterintheHyderabadoffice,isanextensionoftheDUinWestlake,Texas,andrepresents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandare continuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesour diversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301444

Summary Position Summary ApplicationSecurity—Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’sCyberRiskServiceshavebeenrecognizedasaleaderbyanumberofindependentanalystfirms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do As a Senior Consultant in the hybrid operate business, you are responsible for adhering to the defined operatingproceduresandguidelinesinoperatingthe applicationsecurityservicesintheManagedServicesmodel, which includes the following: UnderstandandbecompliantwiththeServiceLevelAgreementsdefinedfortheDevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoringandperformingthe securitydesignreview,architecturereview,threatmodeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how theapplicationenvironmentoperatesinasecureenvironmentandhowexceptionsarehandledduring operations; Facilitateuseoftechnology-basedtoolsormethodologiestocontinuouslyimprovethemonitoring, management and reliability of the service; Performmanualandautomatedsecurityassessmentofthe applications; Involvedintriaginganddefecttrackingprocesswiththedevelopmentteamandhelpingtheteamto fix issues at the code level based on the priority of the tickets; BealiaisonbetweentheApplicationdevelopmentandinfrastructureteam,andintegratethe processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying,researchingandanalyzingapplicationsecurityeventswhichmayincludeemergingand existing persistent threats to the client's environment; and Performingactivemonitoringandtrackingofapplicationrelatedthreatactorsandtactics,techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependenciesfortheirday-to-dayoperations.Theprocessenablestheclienttoaddresskeyvulnerabilitiesandrisks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threattoanorganization.Thisdetectionofapplicationthreats/vulnerabilitiesiscarriedoutusingauniqueblendofour applicationsecuritytestingandmonitoringtoolsandintelligencedatacollectedthroughourvastexperiencewithinthe Advice and Implement business. Required: Minimumof5-7 years’experienceinapplicationsecuritydevelopment,securitytesting,deploymentand security management phases; Deepinterestinapplicationspecificvulnerabilities,codedevelopmentandinfrastructure knowledge; Investigativeandanalyticalproblem-solving skills; Experienceincollecting,analyzing,andinterpretingqualitativeandquantitativedatafromdefinedapplication security services related sources (tools, monitoring techniques etc.) KnowledgeandexperienceofOWASPTop10,SANSSecureProgramming,SecurityEngineering Principles; Hands-onexperienceinperformingcodereviewofdotNet,JavaandSwiftand objectiveC code; Hands-onexperienceinrunning,installingandmanagingSAST,DAST , SCA andIASTsolutions,suchasCheckmarx, Fortify and Contrast in large enterprise Understandingofleadingvulnerabilityscoringstandards,suchasCVSS,andabilitytotranslatevulnerability severity as security risk; Hands-onexperienceonatleastoneCI/CDtoolsetandbuildingpipelines usingTeamcity,Bamboo,Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; HandsonexperienceoncontainertechnologysuchasKubernetes,Dockers,AKS, EKS. Knowledgeofcloudenvironmentsanddeploymentsolutionssuchasserverless computing; Handsonexperiencein penetrationtestingofmobile,desktopandweb applications; Musthaveexperienceinwritingcustomexploitationscriptsand utilities; Possessionofexcellentoralandwrittencommunication skill; Knowledgeofoneormorescriptinglanguagesforautomationandcomplex searches; MusthavecloudsecurityspecializationinSecurity; and Certificationsuchas EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc.are preferred. Preferred: Bachelor’sincomputerscience orothertechnical fields; Experienceincloud service providerssuchasAWS, GCP, Azure, Oracleare preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. SolidanddemonstrablecomprehensionofInformationSecurityincludingOWASP/SANS,SecurityTestCase development(ormis-usecase). Understandingofsecurityessentialsincluding;networkingconcepts,defensestrategies,andcurrentsecurity technologies Abilitytoresearchandcharacterizesecuritythreatstoincludeidentificationandclassificationofapplicationrelated threat indicators Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin theirown way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-basedlearning,andeLearning.DeloitteUniversity(DU):TheLeadershipCenterinIndia,ourstate-of-the-art, world-classlearningcenterintheHyderabadoffice,isanextensionoftheDUinWestlake,Texas,andrepresents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandare continuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesour diversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301449

Summary Position Summary ApplicationSecurity—Solution Delivery Advisor Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’sCyberRiskServiceshavebeenrecognizedasaleaderbyanumberofindependentanalystfirms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do As a Consultant in the hybrid operate business, you are responsible for adhering to the defined operatingproceduresandguidelinesinoperatingthe applicationsecurityservicesintheManagedServicesmodel, which includes the following: UnderstandandbecompliantwiththeServiceLevelAgreementsdefinedfortheDevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoringandperformingthe securitydesignreview,architecturereview,threatmodeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how theapplicationenvironmentoperatesinasecureenvironmentandhowexceptionsarehandledduring operations; Facilitateuseoftechnology-basedtoolsormethodologiestocontinuouslyimprovethemonitoring, management and reliability of the service; Performmanualandautomatedsecurityassessmentofthe applications; Involvedintriaginganddefecttrackingprocesswiththedevelopmentteamandhelpingtheteamto fix issues at the code level based on the priority of the tickets; BealiaisonbetweentheApplicationdevelopmentandinfrastructureteam,andintegratethe processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying,researchingandanalyzingapplicationsecurityeventswhichmayincludeemergingand existing persistent threats to the client's environment; and Performingactivemonitoringandtrackingofapplicationrelatedthreatactorsandtactics,techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependenciesfortheirday-to-dayoperations.Theprocessenablestheclienttoaddresskeyvulnerabilitiesandrisks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threattoanorganization.Thisdetectionofapplicationthreats/vulnerabilitiesiscarriedoutusingauniqueblendofour applicationsecuritytestingandmonitoringtoolsandintelligencedatacollectedthroughourvastexperiencewithinthe Advice and Implement business. Required: Minimumof3-5years’experienceinapplicationsecuritydevelopment,securitytesting,deploymentand security management phases; Deepinterestinapplicationspecificvulnerabilities,codedevelopmentandinfrastructure knowledge; Investigativeandanalyticalproblem-solving skills; Experienceincollecting,analyzing,andinterpretingqualitativeandquantitativedatafromdefinedapplication security services related sources (tools, monitoring techniques etc.) KnowledgeandexperienceofOWASPTop10,SANSSecureProgramming,SecurityEngineering Principles; Hands-onexperienceinperformingcodereviewofdotNet,JavaandSwiftand objectiveC code; Hands-onexperienceinrunning,installingandmanagingSAST,DAST , SCA andIASTsolutions,suchasCheckmarx, Fortify and Contrast in large enterprise Understandingofleadingvulnerabilityscoringstandards,suchasCVSS,andabilitytotranslatevulnerability severity as security risk; Hands-onexperienceonatleastoneCI/CDtoolsetandbuildingpipelines usingTeamcity,Bamboo,Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; HandsonexperienceoncontainertechnologysuchasKubernetes,Dockers,AKS, EKS. Knowledgeofcloudenvironmentsanddeploymentsolutionssuchasserverless computing; Handsonexperiencein penetrationtestingofmobile,desktopandweb applications; Musthaveexperienceinwritingcustomexploitationscriptsand utilities; Possessionofexcellentoralandwrittencommunication skill; Knowledgeofoneormorescriptinglanguagesforautomationandcomplex searches; MusthavecloudsecurityspecializationinSecurity; and Certificationsuchas EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc.are preferred. Preferred: Bachelor’sincomputerscience orothertechnical fields; Experienceincloud service providerssuchasAWS, GCP, Azure, Oracleare preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. SolidanddemonstrablecomprehensionofInformationSecurityincludingOWASP/SANS,SecurityTestCase development(ormis-usecase). Understandingofsecurityessentialsincluding;networkingconcepts,defensestrategies,andcurrentsecurity technologies Abilitytoresearchandcharacterizesecuritythreatstoincludeidentificationandclassificationofapplicationrelated threat indicators Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin theirown way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-basedlearning,andeLearning.DeloitteUniversity(DU):TheLeadershipCenterinIndia,ourstate-of-the-art, world-classlearningcenterintheHyderabadoffice,isanextensionoftheDUinWestlake,Texas,andrepresents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandare continuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesour diversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301444

We are seeking an experienced Application Security Manager to lead our security initiatives and ensure the integrity, confidentiality, and availability of our systems and data. This role is crucial in safeguarding our digital assets and maintaining compliance with industry standards. The manager of the application security program Responsibilities To Integrate security tools, standards, and processes into the product life cycle (PLC). Ensure that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities. Improve and support application security tool deployments including static analysis and runtime testing tools and secure development standards. Conduct and manage periodic penetration testing exercises through expert consulting, internal technology team, and managed services to identify the gaps and fulfill audit/regulator requirements. Create, Integrate and manage threat modelling process/ practices, following SSDLC and application framework. Manage the secure configuration/ hardening guidelines and compliance. Should create and manage application security KPIs dashboards. Should have strong hand-on experience of different tools, processes related to SAST, DAST, API Security and Threat Modelling. Should take care of Infosec functions by coordinating with various stakeholders (App Team, Vendors, Auditors, Regulators). Should have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST. Should have a good espouser to cloud environment (AWS) and WAF (Imperva, Akamai). Knowledge of Network and Data Security is a plus. Qualifications And Experience 8-10 years of hands-on experience in application security. Strong understanding of application security best practices, frameworks, and security technologies, like Checkmarx, Fortify, Burp Suite, OWASP ZAP, Acunetix etc. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes. Familiarity with regulatory requirements and compliance standards Excellent communication, interpersonal, analytical and problem-solving skills. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred. (ref:hirist.tech)

Company Description TruIntel Reform Foundation is dedicated to strengthening national security through intelligence reform, community awareness, and collaborative action. Our mission is to create a more secure and informed nation by improving intelligence systems and encouraging responsible citizen participation. We welcome passionate individuals to join us and contribute meaningfully to our vision. Together, we can fortify our intelligence network and ensure a safer future for all. Role Description This is a full-time on-site off Site role for a Member / Business Development Executive located in New Delhi. The role involves identifying and developing new Members, generating leads, managing members, and maintaining effective communication with stakeholders. Daily tasks include conducting market research, building and maintaining relationships with potential clients, and collaborating with internal teams to drive business growth. Qualifications Skills in New Business Development and Lead Generation Proficiency in Business and Account Management Strong Communication skills Effective problem-solving and analytical skills Ability to work collaboratively and independently Experience in the security or intelligence sector is a plus Bachelor's degree in Business, Marketing, or a related field

Summary Position Summary ApplicationSecurity—Solution Delivery Advisor Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’sCyberRiskServiceshavebeenrecognizedasaleaderbyanumberofindependentanalystfirms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do As a Consultant in the hybrid operate business, you are responsible for adhering to the defined operatingproceduresandguidelinesinoperatingthe applicationsecurityservicesintheManagedServicesmodel, which includes the following: UnderstandandbecompliantwiththeServiceLevelAgreementsdefinedfortheDevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoringandperformingthe securitydesignreview,architecturereview,threatmodeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how theapplicationenvironmentoperatesinasecureenvironmentandhowexceptionsarehandledduring operations; Facilitateuseoftechnology-basedtoolsormethodologiestocontinuouslyimprovethemonitoring, management and reliability of the service; Performmanualandautomatedsecurityassessmentofthe applications; Involvedintriaginganddefecttrackingprocesswiththedevelopmentteamandhelpingtheteamto fix issues at the code level based on the priority of the tickets; BealiaisonbetweentheApplicationdevelopmentandinfrastructureteam,andintegratethe processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying,researchingandanalyzingapplicationsecurityeventswhichmayincludeemergingand existing persistent threats to the client's environment; and Performingactivemonitoringandtrackingofapplicationrelatedthreatactorsandtactics,techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependenciesfortheirday-to-dayoperations.Theprocessenablestheclienttoaddresskeyvulnerabilitiesandrisks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threattoanorganization.Thisdetectionofapplicationthreats/vulnerabilitiesiscarriedoutusingauniqueblendofour applicationsecuritytestingandmonitoringtoolsandintelligencedatacollectedthroughourvastexperiencewithinthe Advice and Implement business. Required: Minimumof3-5years’experienceinapplicationsecuritydevelopment,securitytesting,deploymentand security management phases; Deepinterestinapplicationspecificvulnerabilities,codedevelopmentandinfrastructure knowledge; Investigativeandanalyticalproblem-solving skills; Experienceincollecting,analyzing,andinterpretingqualitativeandquantitativedatafromdefinedapplication security services related sources (tools, monitoring techniques etc.) KnowledgeandexperienceofOWASPTop10,SANSSecureProgramming,SecurityEngineering Principles; Hands-onexperienceinperformingcodereviewofdotNet,JavaandSwiftand objectiveC code; Hands-onexperienceinrunning,installingandmanagingSAST,DAST , SCA andIASTsolutions,suchasCheckmarx, Fortify and Contrast in large enterprise Understandingofleadingvulnerabilityscoringstandards,suchasCVSS,andabilitytotranslatevulnerability severity as security risk; Hands-onexperienceonatleastoneCI/CDtoolsetandbuildingpipelines usingTeamcity,Bamboo,Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; HandsonexperienceoncontainertechnologysuchasKubernetes,Dockers,AKS, EKS. Knowledgeofcloudenvironmentsanddeploymentsolutionssuchasserverless computing; Handsonexperiencein penetrationtestingofmobile,desktopandweb applications; Musthaveexperienceinwritingcustomexploitationscriptsand utilities; Possessionofexcellentoralandwrittencommunication skill; Knowledgeofoneormorescriptinglanguagesforautomationandcomplex searches; MusthavecloudsecurityspecializationinSecurity; and Certificationsuchas EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc.are preferred. Preferred: Bachelor’sincomputerscience orothertechnical fields; Experienceincloud service providerssuchasAWS, GCP, Azure, Oracleare preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. SolidanddemonstrablecomprehensionofInformationSecurityincludingOWASP/SANS,SecurityTestCase development(ormis-usecase). Understandingofsecurityessentialsincluding;networkingconcepts,defensestrategies,andcurrentsecurity technologies Abilitytoresearchandcharacterizesecuritythreatstoincludeidentificationandclassificationofapplicationrelated threat indicators Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin theirown way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-basedlearning,andeLearning.DeloitteUniversity(DU):TheLeadershipCenterinIndia,ourstate-of-the-art, world-classlearningcenterintheHyderabadoffice,isanextensionoftheDUinWestlake,Texas,andrepresents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandare continuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesour diversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301444

Summary Position Summary ApplicationSecurity—Solution Delivery Advisor Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’sCyberRiskServiceshavebeenrecognizedasaleaderbyanumberofindependentanalystfirms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do As a Consultant in the hybrid operate business, you are responsible for adhering to the defined operatingproceduresandguidelinesinoperatingthe applicationsecurityservicesintheManagedServicesmodel, which includes the following: UnderstandandbecompliantwiththeServiceLevelAgreementsdefinedfortheDevSecOps services; Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoringandperformingthe securitydesignreview,architecturereview,threatmodeling, security testing, secure code review, secure build processes; Well versed with the application deployment and configuration baselines, and understanding of how theapplicationenvironmentoperatesinasecureenvironmentandhowexceptionsarehandledduring operations; Facilitateuseoftechnology-basedtoolsormethodologiestocontinuouslyimprovethemonitoring, management and reliability of the service; Performmanualandautomatedsecurityassessmentofthe applications; Involvedintriaginganddefecttrackingprocesswiththedevelopmentteamandhelpingtheteamto fix issues at the code level based on the priority of the tickets; BealiaisonbetweentheApplicationdevelopmentandinfrastructureteam,andintegratethe processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; Identifying,researchingandanalyzingapplicationsecurityeventswhichmayincludeemergingand existing persistent threats to the client's environment; and Performingactivemonitoringandtrackingofapplicationrelatedthreatactorsandtactics,techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependenciesfortheirday-to-dayoperations.Theprocessenablestheclienttoaddresskeyvulnerabilitiesandrisks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threattoanorganization.Thisdetectionofapplicationthreats/vulnerabilitiesiscarriedoutusingauniqueblendofour applicationsecuritytestingandmonitoringtoolsandintelligencedatacollectedthroughourvastexperiencewithinthe Advice and Implement business. Required: Minimumof3-5years’experienceinapplicationsecuritydevelopment,securitytesting,deploymentand security management phases; Deepinterestinapplicationspecificvulnerabilities,codedevelopmentandinfrastructure knowledge; Investigativeandanalyticalproblem-solving skills; Experienceincollecting,analyzing,andinterpretingqualitativeandquantitativedatafromdefinedapplication security services related sources (tools, monitoring techniques etc.) KnowledgeandexperienceofOWASPTop10,SANSSecureProgramming,SecurityEngineering Principles; Hands-onexperienceinperformingcodereviewofdotNet,JavaandSwiftand objectiveC code; Hands-onexperienceinrunning,installingandmanagingSAST,DAST , SCA andIASTsolutions,suchasCheckmarx, Fortify and Contrast in large enterprise Understandingofleadingvulnerabilityscoringstandards,suchasCVSS,andabilitytotranslatevulnerability severity as security risk; Hands-onexperienceonatleastoneCI/CDtoolsetandbuildingpipelines usingTeamcity,Bamboo,Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; HandsonexperienceoncontainertechnologysuchasKubernetes,Dockers,AKS, EKS. Knowledgeofcloudenvironmentsanddeploymentsolutionssuchasserverless computing; Handsonexperiencein penetrationtestingofmobile,desktopandweb applications; Musthaveexperienceinwritingcustomexploitationscriptsand utilities; Possessionofexcellentoralandwrittencommunication skill; Knowledgeofoneormorescriptinglanguagesforautomationandcomplex searches; MusthavecloudsecurityspecializationinSecurity; and Certificationsuchas EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc.are preferred. Preferred: Bachelor’sincomputerscience orothertechnical fields; Experienceincloud service providerssuchasAWS, GCP, Azure, Oracleare preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. SolidanddemonstrablecomprehensionofInformationSecurityincludingOWASP/SANS,SecurityTestCase development(ormis-usecase). Understandingofsecurityessentialsincluding;networkingconcepts,defensestrategies,andcurrentsecurity technologies Abilitytoresearchandcharacterizesecuritythreatstoincludeidentificationandclassificationofapplicationrelated threat indicators Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin theirown way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-basedlearning,andeLearning.DeloitteUniversity(DU):TheLeadershipCenterinIndia,ourstate-of-the-art, world-classlearningcenterintheHyderabadoffice,isanextensionoftheDUinWestlake,Texas,andrepresents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandare continuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesour diversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 301444

At Capgemini Engineering, the world leader in engineering services, we bring together a global team of engineers, scientists, and architects to help the world’s most innovative companies unleash their potential. From autonomous cars to life-saving robots, our digital and software technology experts think outside the box as they provide unique R&D and engineering services across all industries. Join us for a career full of opportunities. Where you can make a difference. Where no two days are the same. Your Role Perform static application security testing on source code using Fortify. Perform software composition analysis using Sonatype IQ Assist with scan onboarding and troubleshooting Integrate tools into Jenkins pipelines Collaborate with teams to remediate high/critical findings Generate and analyse SCA scan result Automate reporting and dashboards Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Your Profile Deep understanding of Source code review, SCA and SBOM Hands-on experience with SAST and SCA tool Fortify SCA, Sonatype IQ. Good understanding of secure coding practices for languages such as Java, .NET ,JavaScript,Python,etc. Strong knowledge of OWASP Top 10, CWE, and secure software development lifecycle (SSDLC). Familiarity with CI/CD pipelines and integrating security tools in DevOps. (Jenkins, GitHub) Security certifications such as OSCP, GWAPT, eWPTX, CEH, CRTP will be an added advantage. What Will You Love Working At Capgemini Every Monday, kick off the week with a musical performance by our in-house band - The Rubber Band. Also get to participate in internal sports events, yoga challenges, or marathons. At Capgemini, you can work on cutting-edge projects in tech and engineering with industry leaders or create solutions to overcome societal and environmental challenges. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. You will have the opportunity to learn on one of the industry's largest digital learning platforms, with access to 250,000+ courses and numerous certifications. Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, generative AI, cloud and data, combined with its deep industry expertise and partner ecosystem.

Information Security Manager – Network & Infrastructure Security Location : Thane Role Overview: We are looking for a skilled and strategic Information Security Manager to drive robust network, infrastructure and application security across hybrid customer environments. This role will lead initiatives to fortify both cloud-hosted and on-premise deployments while collaborating closely with cross-functional teams to align security with evolving business needs. Key Responsibilities: - Design and enforce security architecture across diverse infrastructure setups (cloud, on-prem, hybrid) - Implement network segmentation, firewall policies, and secure access controls - Lead proactive threat detection, vulnerability assessments, and incident response across customer touchpoints - Integrate security protocols into CI/CD workflows for both cloud and on-prem product versions - Collaborate with Engineering, DevOps, and Compliance teams to align security posture with deployment models - Manage identity and access management across varied hosting environments - Ensure ongoing compliance with relevant standards (ISO 27001, SOC 2, GDPR) Qualifications: - 7+ years of experience in infrastructure and network security, ideally with hybrid deployment exposure - Strong grasp of cloud security frameworks (AWS/Azure/GCP) and traditional data center security practices - Experience with tools like SIEM, IDS/IPS, firewalls, VPNs, and endpoint protection - Familiarity with DevSecOps practices - CISSP, CISM, or equivalent certifications are a plus Preferred Traits: - Ability to adapt security strategies for varied customer environments - Strong cross-team collaboration and communication skills - Proactive and strategic mindset with hands-on problem-solving abilities Job Types: Full-time, Permanent Pay: ₹1,200,000.00 - ₹1,500,000.00 per year Benefits: Health insurance Provident Fund Schedule: Day shift Ability to commute/relocate: Thane, Maharashtra: Reliably commute or planning to relocate before starting work (Preferred) Work Location: In person

Trivandrum India Technology Full time 7/23/2025 J00169686 Equifax is where you can power your possible. If you want to achieve your true potential, chart new paths, develop new skills, collaborate with bright minds, and make a meaningful impact, we want to hear from you. Our Senior Quality Automation Engineer will work amongst the QA team to evaluate user stories, develop manual test plans, write and design automation scripts to ensure quality control standards are achieved. We need a Quality Automation Engineer who will be successful in growing, developing, and implementing automated testing solutions to maximize testing coverage and reduce test cycle time. We are looking for a team leader who embraces the Agile mindset which includes positive attitude, thirst for knowledge, goal of team success, pragmatism and a willingness to fail. What you’ll do Responsible for development, implementation, and maintenance of automation frameworks, and tools development to support overall test architecture for cloud environments in order to achieve a continuous testing objective that facilitates quality delivery, reduces manual test efforts, increased efficiency and execution time and cost reduction. Provide reporting data and dashboards to ensure visibility of quality across products, builds and environments. Ensure enforcement of testing policies, standards and guidelines to drive a consistent testing framework across the business. Participate as a global team player and lead, pro-actively and collaboratively take part in all testing related activities and establish partnerships with key stakeholders in the Product Management, Development, and the Technology Operations teams to drive overall Quality Engineering from inception to production. Work with geographically dispersed agile teams including multi-vendor resources and Scrum teams to meet continuous testing and display critical, quality-oriented, skeptical thinking about the product Eagerly automate and apply advanced engineering to the quality assurance discipline by continually identifying new technologies and disciplines as they emerge and sharing best practices that may be adopted across the enterprise. Recommend strategies and methods to improve test plans and test processes Manage the team by assigning tasks, setting priorities and monitoring progress Provide guidance, support and training to the team members and help them improve their skills and productivity. Flexible, proactive and innovative attitude What experience you need BS or MS degree in Computer Science or Business or equivalent job experience required 8+ years of software testing and automation experience Hands on experience in testing tools - Selenium, Bruno, Karate, Cucumber, Jenkins, SQL, Language : Java/Python, TestNG is a must What could set you apart Experience with cloud technologies Excellent coding and analytical skills Ability to create good acceptance and integration test automation scripts and integrate with Continuous integration (Jenkins) and code coverage tools (Sonar, Clover) to ensure 80% or higher code coverage Strong development skills and can code with Java and Spring Experience working in a TDD/BDD environment and can utilize technologies such as JUnit, Rest Assured, Appium, Jbehave/Cucumber frameworks, APIs (REST/SOAP) Understanding of Continuous Delivery concepts and can use tools including Jenkins/Bamboo and vulnerability tools such as Sonar, Checkmarx/Fortify, etc. We offer a hybrid work setting, comprehensive compensation and healthcare packages, attractive paid time off, and organizational growth potential through our online learning platform with guided career tracks. Are you ready to power your possible? Apply today, and get started on a path toward an exciting new career at Equifax, where you can make a difference! Who is Equifax? At Equifax, we believe knowledge drives progress. As a global data, analytics and technology company, we play an essential role in the global economy by helping employers, employees, financial institutions and government agencies make critical decisions with greater confidence. We work to help create seamless and positive experiences during life’s pivotal moments: applying for jobs or a mortgage, financing an education or buying a car. Our impact is real and to accomplish our goals we focus on nurturing our people for career advancement and their learning and development, supporting our next generation of leaders, maintaining an inclusive and diverse work environment, and regularly engaging and recognizing our employees. Regardless of location or role, the individual and collective work of our employees makes a difference and we are looking for talented team players to join us as we help people live their financial best. Equifax is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

About The Company Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications Experience Required: 4+ years in Cybersecurity, with 2+ years hands-on Anti APT tool and in IR Reports To: Security Operations Lead / SOC Manager Location: Jaipur Job Type: Full-time, Customer locations Job Summary We are looking for a highly skilled Anti-APT and Incident Response Specialist to lead the detection, analysis, and remediation of sophisticated cyber threats, including Advanced Persistent Threats (APTs). The candidate will work closely with threat intelligence, SOC, and forensic teams to respond to incidents, contain threats, and fortify the environment against future attacks. Key Responsibilities Anti-APT Operations: Monitor for indicators of APT campaigns using threat intelligence feeds, SIEM, EDR, NBAD, and anomaly detection tools. Identify and analyze tactics, techniques, and procedures (TTPs) used by threat actors aligned with MITRE ATT&CK. Leverage threat intelligence to proactively hunt and neutralize stealthy threats. Incident Response (IR) Lead and execute all phases of incident response: identification, containment, eradication, recovery, and lessons learned. Perform forensic analysis on systems and logs to determine the root cause, scope, and impact of security incidents. Collaborate with IT, SOC, and legal/compliance teams during major incidents and breach investigations. Create and maintain IR playbooks, response workflows, and escalation procedures. Detection And Prevention Work with SIEM and SOAR teams to improve alert fidelity and develop custom correlation rules. Coordinate with endpoint, network, and cloud teams to plug gaps and strengthen defenses post-incident. Assist in configuring anti-APT technologies like sandboxing, deception platforms, and EDR/XDR solutions. Required Skills And Qualifications Strong knowledge of APT groups and attack frameworks (e.g., MITRE ATT&CK, Lockheed Martin Kill Chain). Hands-on experience in incident response, digital forensics, threat hunting, and malware analysis. Proficiency with tools such as: EDR (e.g., CrowdStrike, SentinelOne, Carbon Black) SIEM (e.g., Splunk, QRadar, ArcSight) Forensics tools (e.g., FTK, EnCase, Volatility) Threat intel platforms (MISP, Anomali, ThreatConnect) Strong understanding of Windows/Linux internals, memory/process analysis, and network forensics. Experience writing detection rules (Sigma, YARA) and incident reports. Preferred Qualifications Certifications: GCIH, GCFA, GNFA, CHFI, OSCP, or similar. Experience with APT campaigns linked to sectors like government, BFSI, or critical infrastructure. Exposure to cloud incident response (Azure, AWS, GCP) and OT/ICS threat environments. Education Requirements BE, B.Tech in IT/CS/ECE, BCA, BSc CS and MCA Certification CEH/CSA/CHFI

Roles And Responsibilities Hands-on development experience and in-depth knowledge of Java 5+, Spring Boot & MVC : Expertise in Java programming with a strong understanding of modern frameworks and design patterns, particularly Spring Boot and MVC architecture. Hands-on development experience with REST API : Proven ability to design, implement, and maintain robust RESTful web services. Hands-on development experience with JavaScript & CSS : Strong front-end development skills, including the ability to create interactive and responsive web interfaces. Proficiency in SQL : Solid understanding of relational databases and experience with SQL for data manipulation and querying. Hands-on experience with web/application servers such as Tomcat : Practical knowledge of deploying, configuring, and managing applications on servers like Tomcat. Strong troubleshooting and debugging skills : Exceptional problem-solving abilities with a keen eye for identifying and resolving technical issues quickly. Good English communication skills (verbal and written) : Excellent communication abilities to effectively collaborate with team members, stakeholders, and clients. Good To Have Experience with GIT, Swagger, Maven : Familiarity with version control systems (GIT), API documentation tools (Swagger), and build automation tools (Maven) for efficient development workflows. API testing tools such as Postman : Experience with tools like Postman for testing and validating API functionality. Experience in creating unit tests using JUnit : Ability to write and maintain unit tests to ensure code quality and reliability. Experience with markup languages such as JSON and YML : Proficiency in working with data interchange formats (JSON) and configuration files (YML). Experience using quality and security scan tools such as Sonar and Fortify : Knowledge of integrating and utilizing tools to ensure code quality and security compliance. Experience with Agile methodology : Practical experience in Agile development processes, including sprint planning, stand-ups, and retrospectives. Experience working in public cloud environments like AWS : Familiarity with cloud services and infrastructure, specifically AWS, for deploying and managing applications. (ref:hirist.tech)

Job Description Senior Specialist, Emerging Talent Rotation Lead The Opportunity Based in Hyderabad, join a global healthcare biopharma company and be part of a 130- year legacy of success backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare. Be part of an organization driven by digital technology and data-backed approaches that support a diversified portfolio of prescription medicines, vaccines, and animal health products. Drive innovation and execution excellence. Be a part of a team with passion for using data, analytics, and insights to drive decision-making, and which creates custom software, allowing us to tackle some of the world's greatest health threats. Our Technology Centers focus on creating a space where teams can come together to deliver business solutions that save and improve lives. An integral part of our company’s IT operating model, Tech Centers are globally distributed locations where each IT division has employees to enable our digital transformation journey and drive business outcomes. These locations, in addition to the other sites, are essential to supporting our business and strategy. Role Overview The incumbent is responsible for strategizing and operationalizing core business processes associated with Our Company's Hyderabad IT Emerging Talent Rotation (ETR) Program, a rapidly expanding 2-year, 3 rotation program for full-time, entry-level employees, with the intent of identifying and developing the future generation of IT employees. The IT Emerging Talent Rotation Program is a part of IT’s Talent Programs (ETP). These programs cultivate the technical, business, and professional experience of student and entry-level technologists. What Will You Do In This Role Hiring and Onboarding Hire entry-level, full-time, Hyderabad based employees annually as a part of the IT Emerging Talent Rotation Program Manage onboarding and pre-onboarding logistics and activities for program members annually Leadership, Program Operations Management, and Planning Process stewardship including definition, execution, and continuous improvement of core business processes associated with the program such as the pre-onboarding/onboarding processes, rotation matching, rotation supervisors' engagement, end of the year performance process, post-program job placement process, training and support for program members and affiliates Collaborate with Senior Leaders to define valuable and meaningful assignments for rotation roles and the final placement process at the end of program. Identify and match employees to these opportunities Plan and execute multi-day virtual and in-person program meetings that advance program members’ learning and development such as ETR onboarding, commencement, staff meetings/ ETR townhalls, and training opportunities for both ETRs and supervisors Guide volunteer ETR leadership teams in delivering goals for the program e.g. Global Newsletter Committee, Onboarding Team, Townhalls etc. Track program budget Employee Development and Performance Management Responsible for employee performance management including consequence management, differentiation (feedback collection, year-end review process), HR transactional support etc. Collaborate with HR as needed Develop ETR program member proficiency within the core competencies to fortify technical and professional skills through partnership with a coaching team that includes rotation assignment manager. Proactively identify development opportunities for ETRs and coach them to deliver business results. Collaborate with Senior Leaders to manage employee transition from the program to regular employment Program Metrics and Process Improvements Work with Global ETR Program Lead to establish and track program metrics, benchmark against programs across our company and other industries. Continuously improve program processes to be more efficient and sustainable as the program expands Relationship Management Manage relationship with Recruiting and University Relations Teams, IT Divisional Leaders and IT areas, HR Business Partners, support for ETR Assignment Supervisors, global ETR program leads and global ETRs What You Should Have Qualification Education Minimum Requirement A degree in business, management, information technology, HR or project management preferred. Required Experience And Skills A minimum 4 years of professional experience in HR and/or IT development programs, preferably in talent program/project management and leadership. Must possess excellent interpersonal, deliberate communication, collaboration, negotiation, influencing and project management skills. Has demonstrated strong leadership, managerial experience, complex problem-solving skills, and team building abilities along with a sensitivity to diverse cultures / backgrounds. Demonstrated ability to independently execute innovative ideas within the legal/compliance environment at our Company. Demonstrated ability to execute and improve processes and to drive lasting change. Solid and demonstrated commitment to personal and/or direct report development. Must possess the ability to work independently with minimal coaching. Preferred Experience And Skills Working knowledge of development of new hires at the university level and experience with Next Generation talent Experience in multiple areas across the pharmaceutical business or IT or Leadership experience with the digital transformation strategy across the enterprise preferred. Ability to motivate others towards continuous improvement. Who We Are We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world. What We Look For Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today. #HYDIT2025 Current Employees apply HERE Current Contingent Workers apply HERE Search Firm Representatives Please Read Carefully Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. Employee Status Regular Relocation VISA Sponsorship Travel Requirements Flexible Work Arrangements Hybrid Shift Valid Driving License Hazardous Material(s) Required Skills Preferred Skills Job Posting End Date 08/1/2025 A job posting is effective until 11 59 59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. Requisition ID R335911

Job Responsibilities • Support asset development, process establishment. • Conducting application security assessments (web, mobile, web service, Infra etc.). These assessments involve manual testing andanalysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as HCL AppScan/HP Fortify or CMx. We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology. • Reporting/Dashboarding/Retesting and participation in conference calls with clients to review assessment results and consult with the clients on remediation options. • Participating/Driving conference calls with potential clients to scope out newly requested security projects and estimate effort and resource requirement to complete the project etc. Skills Required Mandatory: • 7+ years of strong Application Security experience in S-SDLC Threat Modeling, Code Review, Vulnerability Assessment, Penetration Testing. Web Service/API security testing, Firmware Assessment. • Expert in Application Security process establishment. • Through exposure on DevSecOps implementation/integration. • Deep hands on experience into Mobile application Security Android/iOS - reverse engineering/memory analysis etc. • Security tool experience - • HCL AppScan/CheckMarx/Veracode/Fortify /BurpSuite/Nmap/Nessus/Metasploit • Good exposure on penetration testing. Good to have one of the given certifications - OSCP/GPEN/GWAPT/CSSLP etc. • Independent global client handling AppSec delivery exposure. >=2years. • Moderate exposure on AppSec technical solutioning, estimation and RFP/RFI response, Client presentation. • Excellent interpersonal skill.

Hiring Application Security Exp: 5+ Years Notice Period : Preferring Immediate Joiners - 30 Days(If Serving and have LWD Confirmation) - Candidate who are in bench or not serving notice period dont apply Location: Marathahalli-Bangalore Mode Of Work : Hybrid Mandatory Skills Required : Application Security,Penetration Testing,SAST,DAST,IT Risk Assesment, Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity CEH/SSCP/OSCP certified. Mode of interview - 1st technical virtual & 2nd technical face to face in Marathahalli - Bangalore location - If you're available for face to face discussions on weekdays - Apply for this role. Interested candidates share your updated resume to suvetha.b@twsol.com

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any specific tools required Burpsuite, WebInspect, Fortify, Zap, Checkmarx Preferred Skills: Technology-Security Testing-Security Testing - ALL

Support asset development, process establishment. Conducting application security assessments (web, mobile, web service, Infra etc.). These assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing tools such as Burp Suite Professional and/or code review tools such as HCL AppScan/HP Fortify or CMx. We expect candidate to have experience doing similar assessments, candidate can be trained on any proprietary assessment methodology. Mandatory: 5+ years of strong Application Security experience in S-SDLC Code Review, Vulnerability Assessment, Penetration Testing. Web Service/API security testing Hands on experience into Mobile application Security Android/iOS - reverse engineering/memory analysis etc. Security tool experience - HCLAppScan/CheckMarx/Fortify/Veracode/Burp Suite Good exposure on penetration testing. Good to have one of the given certifications - OSCP/GPEN/GWAPT/CSSLP etc. Independent global client handling AppSec delivery exposure. >=2 years. Excellent interpersonal skill.

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title And Summary Senior Software Engineer Overview Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart, and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. Services within Mastercard is responsible for acquiring, engaging, and retaining customers by managing fraud and risk, enhancing cybersecurity, and improving the digital payments experience. We provide value-added services and leverage expertise, data-driven insights, and execution. About Ethoca At Ethoca, you can join a team of top business and technology innovators who are transforming the industry. We are changing the payments landscape and reinventing the way global merchants and issuers combat fraud and reduce costs. Our services allow customers to focus on what really matters - increasing sales and creating a great customer experience. Our relentless customer focus is what makes us an award-winning company. Role As a Senior Software Engineer in Test / Senior Automation Engineer, you will: Play a crucial part in helping drive Quality initiatives across the teams Adhere to enterprise quality standards, processes and tools Responsible for developing and executing test plans for a single application, independently generating test data and recognizing test environment preparation needs Participate in project-level reviews, walkthroughs and inspections, and conducts test reviews, including test plans, requirements, cases and automation Achieve maximum coverage for test automation Responsible for automation and Continuous Integration (CI). Work closely with development team to identify defects early in the cycle through requirements analysis and code reviews. You Should Apply If Bachelor/Master’s Degree in Computer Science or equivalent work experience with exposure to quality engineering processes 6-8 years of overall experience. Sound knowledge of Java, Spring, JUnit, Eclipse IDE, Rest Assured, Appium, Jbehave/Cucumber frameworks, Databases, APIs (REST/SOAP), Continuous Delivery concepts and tools such as Jenkins/Bamboo, vulnerability tools such as Sonar, Checkmarx/Fortify, etc. Good knowledge of payments domain message flows, architecture, common design patterns, ISO message protocols, simulation/emulation tools highly desirable. Experience in multiple types of coding, software development, and/or using automation frameworks; Hands on experience in writing functional and integrational test cases; Exposure in building and using automation frameworks using technologies: Serenity, Cucumber, Browserstack, Selenium, others Experience testing APIs (REST) Experience in UI testing Well versed with writing complex database queries to validate data Ability to create good acceptance and integration test automation scripts and integrate with Continuous integration (Jenkins) Successfully developed high quality test strategies and text execution, recognized test environment preparation needs Experience in building automation frameworks, acceptance and integration test automation scripts, integrating with other tools. It Would Also Be Great If you have knowledge of working on cloud technology such as Azure, AWS you have knowledge of performance and security testing (e.g. Gatling , JMeter, Blazemeter). Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines. R-254001

Designation: Senior Software Engineer Qualification: B.E - Electronics/E&TC/Computer Location: Pune Experience: 7+ years Responsibilities: Design and develop high-volume, low-latency applications for mission-critical systems, delivering high availability and performance Contribute in all phases of the development lifecycle from concept and design to testing Write well-designed, testable, efficient code Ensure designs comply with specifications Prepare and produce releases of software components Support continuous improvement by investigating alternatives and technologies and presenting these for architectural review Collaborate with team members and other stakeholders to understand user requirements and translate them into reliable, intuitive software solutions Required Skills and Qualifications: Proven hands-on software development experience with a minimum of 5 years in Java development Profound insight into Java and JEE internals (Classloading, Memory Management, Transaction Management, etc.) Excellent knowledge of relational databases, SQL, and ORM technologies (JPA2, Hibernate) Experience with Spring Boot is mandatory Experience in developing web applications using at least one popular web framework (JSF, Wicket, GWT, Spring MVC) Experience with test-driven development Mastery in software engineering tools Ability to document requirements and specifications Familiarity with software development methodology and release processes Experience with Agile/Scrum development methodologies is a plus Implementing robust and secure coding practices to fortify software infrastructure against potential vulnerabilities

📍 Location : Pune / Hyderabad 🧠 Experience : 5–7 Years 💼 Type : Permanent 📄 Job Description We are seeking a skilled CyberSecurity Business Analyst – IAM & Secrets Management to join our dynamic cybersecurity team. This role is responsible for managing and enhancing the Identity & Access Management (IAM) controls with a focus on Secrets Management , access governance, and compliance reporting in a highly regulated environment. 🔐 Key Responsibilities 🔑 IAM & Secrets Management Define and enhance secrets management controls across machine-to-machine authentication systems. Support IAM operations by maintaining access governance for credentials, keys, and tokens. Provide subject matter expertise (SME) on secrets and credential management tools and best practices. 📊 Control Monitoring & MI Reporting Work with IAM Control Owners to define and track KPIs/KCIs/KRIs. Maintain dashboards and generate periodic reporting for Cybersecurity leadership and stakeholders. 🔄 Risk, Governance & Compliance Evaluate IAM controls against regulatory frameworks such as GDPR, SOX, PCI DSS, ISO 27001. Identify cybersecurity exposure risks and support remediation planning. Implement strong governance processes for continuous compliance and risk reduction. 🤝 Stakeholder Management Collaborate with business units, IT, cybersecurity, and operations teams across global regions. Provide support during audits and external reviews. Lead cross-functional teams to define IAM standards, policies, and procedures. 📈 Continuous Improvement & Documentation Recommend improvements for IAM and Secrets Management efficiency, security, and scalability. Prepare and maintain key project artifacts: project charters, plans, dashboards, reports, and closure documents. ✅ Required Skills & Experience 5–7 years in Cybersecurity, IAM, or Access Governance roles. Strong knowledge of IAM controls, credential governance, and secrets management frameworks. Hands-on experience in: Application Security tools: MicroFocus Fortify (SAST/DAST), Checkmarx, Black Duck/Sonatype IQ, Veracode, Synopsys Strong understanding of risk management and compliance metrics (KPIs, KRIs, KCIs). Familiarity with project management and governance frameworks. Excellent communication and presentation skills. Certifications such as CISSP, CISM, or other IAM-related credentials are preferred. 📌 Mandatory Skills Application Security – MicroFocus Fortify (SCA, SAST, DAST) Application Security – Open Source Tools (Black Duck, Sonatype IQ) Application Security – Veracode, Synopsys, Checkmarx IAM Governance, KPIs/KCIs, Risk Management Regulatory Framework Awareness (SOX, ISO 27001, PCI DSS, GDPR)

About BNP Paribas Group BNP Paribas Group is a leading European bank with a strong global footprint across 72 markets and more than 202,000 employees. The Group provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships”. About BNP Paribas India Solutions Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services. About Business Line/Function BNP Paribas Fortis is one of the largest payment processors in Europe. New and existing IT technologies are being developed and maintained out of Tribe Payments in Brussels following the agile methodology. Our teams work in multi-cultural and empowered squads who deliver new functionalities and enhancements on a frequent basis. Job Title Dev Engineer Date 1-Nov-24 Department ITG Location: Chennai Business Line / Function Fortis Reports To (Direct) Service Manager Grade (if applicable) (Functional) Number Of Direct Reports Directorship / Registration: NA Position Purpose As Java Developer with at least 10+ years of experience, you’ll be joining a squad being part of the Accounts Cluster or a squad being part of the Cash&Cards cluster in Tribe DailyBanking. You design, develop, test and maintain high-value, reusable and reliable applications. You identify and correct any sticking points and iron out any bugs. You stand guard over code quality, organisation and automation. You promote new technologies and good practices. Working in an agile mode with daily huddles and frequent production releases, whilst maintaining high quality standards. Responsibilities Direct, Contributing Responsibilities Direct Responsibilities Ensure together with the other squad members the implementation of changes requests, maintenance and future improvements. You help to define the development plan and acceptance criteria out of those requirements. You design, build, test and maintain the new & existing features with high performance, reusable, and reliable code. You focus on the best possible performance, quality, and uptime of the application by: Identifying & solving bottlenecks or bugs. Ensuring High Code quality, readability, and structure. Making smart automatization (if relevant). Creating/Updating the technical documentation to ensure service continuity. You embed the agile & the development best practices in your daily job. Contributing Responsibilities As Developer In a Squad You leverage your expertise to refine features in workable activities. You share your expertise & improvement ideas to enrich the squad’s backlog. You align and follow the priorities defined by the squad. You collaborate with your peers to deliver high quality service. Tecnhical Skills Java 8 , 17 Spring , SpringBoot RestAPI, XML and JSON Maven, Gitlab, Jenkins, Kubernetes Junit wiremock, spring test, mockito good understanding of application lifecycle and importance of testing Technical experience Java and object-oriented programming with at least 8-10 years of experience Api Development, RESTful APIs; Swagger JPA Junit, Cucumber Oracle, PLSQL SiteFactory, Spring, Spring MVC (Modal View Controler), Springboot Maven, Docker Secure coding Technical tools mastery Gilab, Jenkins, SonarQube, Fortify & NexusIQ IntellIij Agile and Scrum experience Business experience You have knowledge of banking and payments products. Knowledge about innovative and international payments is an asset. You have experience in process analysis of payments requirements. Technical & Behavioral Competencies Team player who promotes communication between internal and external stakeholders Result oriented: adapts to the context and wants to obtain the best possible result considering available means. Act and analyse proactively. Pragmatic and problem solver. Quick self-starter, pro-active attitude, self-motivated. Ability to work in a dynamic and multi-cultural environment. . Ability to build working relationships in a complex environment. Ability to manage stakeholders. Asking and giving feedback Skills Referential Specific Qualifications (if required) Behavioural Skills: (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral & written Attention to detail / rigor Creativity & Innovation / Problem solving Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to develop and adapt a process Ability to understand, explain and support change Analytical Ability Choose an item. Education Level Bachelor Degree or equivalent Experience Level At least 7 years