1268 Nessus Jobs - Page 7

Experience : 5.00 + years Salary : INR 2000000-2200000 / year (based on experience) Expected Notice Period : 7 Days Shift : (GMT+05:30) Asia/Kolkata (IST) Opportunity Type : Remote Placement Type : Full Time Permanent position(Payroll and Compliance to be managed by: PRAEFERRE) (*Note: This is a requirement for one of Uplers' client - PRAEFERRE) What do you need for this opportunity? Must have skills required: CASB, Cloud Security, complaince, Encryption, ISO 270001, Oauth/MFA, SIEM, SOAR, GCP PRAEFERRE is Looking for: Cyber Sec JD ⁠⁠Technical Experience Security fundamentals Encryption (AES, RSA, TLS, SSL) Authentication & authorization (OAuth, SAML, MFA) Secure network architecture (firewalls, VPN, IDS/IPS) Data loss prevention (DLP) tools Symantec DLP, Forcepoint, Microsoft Purview, etc. Cloud security AWS, Azure, GCP data protection services (KMS, IAM policies, encryption at rest/in transit). Vulnerability management Nessus, Qualys, OpenVAS. Endpoint and database security Access controls, database encryption, masking/obfuscation. ⸻ ⁠ ⁠Compliance & Regulatory Knowledge GDPR (UK/EU data privacy laws). UK Data Protection Act 2018. ISO 27001 information security management systems. PCI DSS (if handling payment data). HIPAA (if handling health data). ⸻ ⁠ ⁠Risk & Incident Management Performing risk assessments for data storage and processing. Creating data classification and handling procedures. Incident response – identifying, containing, and remediating data breaches. Writing security policies and SOPs. ⸻ ⁠ ⁠Tools & Platform Experience SIEM systems (Splunk, QRadar, Microsoft Sentinel). CASB (Cloud Access Security Broker) tools. Security automation tools (SOAR platforms). ⸻ ⁠ ⁠Soft Skills Strong analytical thinking to spot risks. Communication skills to explain risks to non-technical stakeholders. Documentation skills for compliance audits. ⸻ ⁠ ⁠Typical Job Role Examples Entry-level: IT Security Analyst, Junior Data Protection Officer, SOC Analyst. Mid-level: Information Security Engineer, Data Security Analyst, Security Compliance Specialist. Senior-level: CISO, Data Protection Officer, Security Architect. How to apply for this opportunity? Step 1: Click On Apply! And Register or Login on our portal. Step 2: Complete the Screening Form & Upload updated Resume Step 3: Increase your chances to get shortlisted & meet the client for the Interview! About Uplers: Our goal is to make hiring reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant contractual onsite opportunities and progress in their career. We will support any grievances or challenges you may face during the engagement. (Note: There are many more opportunities apart from this on the portal. Depending on the assessments you clear, you can apply for them as well). So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Experience : 5.00 + years Salary : INR 2000000-2200000 / year (based on experience) Expected Notice Period : 7 Days Shift : (GMT+05:30) Asia/Kolkata (IST) Opportunity Type : Remote Placement Type : Full Time Permanent position(Payroll and Compliance to be managed by: PRAEFERRE) (*Note: This is a requirement for one of Uplers' client - PRAEFERRE) What do you need for this opportunity? Must have skills required: CASB, Cloud Security, complaince, Encryption, ISO 270001, Oauth/MFA, SIEM, SOAR, GCP PRAEFERRE is Looking for: Cyber Sec JD ⁠⁠Technical Experience Security fundamentals Encryption (AES, RSA, TLS, SSL) Authentication & authorization (OAuth, SAML, MFA) Secure network architecture (firewalls, VPN, IDS/IPS) Data loss prevention (DLP) tools Symantec DLP, Forcepoint, Microsoft Purview, etc. Cloud security AWS, Azure, GCP data protection services (KMS, IAM policies, encryption at rest/in transit). Vulnerability management Nessus, Qualys, OpenVAS. Endpoint and database security Access controls, database encryption, masking/obfuscation. ⸻ ⁠ ⁠Compliance & Regulatory Knowledge GDPR (UK/EU data privacy laws). UK Data Protection Act 2018. ISO 27001 information security management systems. PCI DSS (if handling payment data). HIPAA (if handling health data). ⸻ ⁠ ⁠Risk & Incident Management Performing risk assessments for data storage and processing. Creating data classification and handling procedures. Incident response – identifying, containing, and remediating data breaches. Writing security policies and SOPs. ⸻ ⁠ ⁠Tools & Platform Experience SIEM systems (Splunk, QRadar, Microsoft Sentinel). CASB (Cloud Access Security Broker) tools. Security automation tools (SOAR platforms). ⸻ ⁠ ⁠Soft Skills Strong analytical thinking to spot risks. Communication skills to explain risks to non-technical stakeholders. Documentation skills for compliance audits. ⸻ ⁠ ⁠Typical Job Role Examples Entry-level: IT Security Analyst, Junior Data Protection Officer, SOC Analyst. Mid-level: Information Security Engineer, Data Security Analyst, Security Compliance Specialist. Senior-level: CISO, Data Protection Officer, Security Architect. How to apply for this opportunity? Step 1: Click On Apply! And Register or Login on our portal. Step 2: Complete the Screening Form & Upload updated Resume Step 3: Increase your chances to get shortlisted & meet the client for the Interview! About Uplers: Our goal is to make hiring reliable, simple, and fast. Our role will be to help all our talents find and apply for relevant contractual onsite opportunities and progress in their career. We will support any grievances or challenges you may face during the engagement. (Note: There are many more opportunities apart from this on the portal. Depending on the assessments you clear, you can apply for them as well). So, if you are ready for a new challenge, a great work environment, and an opportunity to take your career to the next level, don't hesitate to apply today. We are waiting for you!

Job Requirements Penetration Test Engineer – Product Cyber Security - We are looking for an experienced and certified Embedded and Application Penetration Tester to join our Product Cybersecurity team. In this role, you will be responsible for conducting comprehensive security assessments of our products including embedded devices, web applications, thick-client applications, and mobile applications. ESSENTIAL DUTIES AND RESPONSIBILITIES Conduct comprehensive security assessments of Wabtec products, including embedded devices, IoT devices, thick client applications, mobile and web applications, Use penetration testing and Red Team techniques to discover and exploit vulnerabilities Create findings reports and communicate to stakeholders Perform compliance testing of embedded systems with respect to IEC-62443-4-2 standards Explore new ways to exploit devices by dumping and analyzing firmware (incl reverse engineering) Interact with and test JTAG, UART, and other hardware debug interfaces Provide guidance on vulnerability remediation to engineering teams Manage the penetration testing request process and backlog/pipeline Recommend and implement improvements to testing processes and methodologies Support PSIRT and Vulnerability Disclosure processes and activities Promote security awareness through hacking demonstrations, CTF events .. Proactively perform threat hunting for any new vulnerabilities/risk associated with products and applications. Be up to date with cybersecurity trends and share information on new exploits, vulnerabilities to the appropriate stakeholders. Collaborate with cross-functional teams and stakeholders to identify and mitigate security risks. Work Experience QUALIFICATIONS & SKILLS: Bachelor's degree in computer science, cybersecurity, or a related field 4-6 years of experience in web, network and embedded/IoT applications penetration testing Strong expertise in various penetration testing techniques and attack frameworks such as MITRE ATTCK, PTES standards, fuzz testing, brute force attacks, OWASP top 10 tests, and more Hands-on experience with penetration testing tools including open-source tools, such as Metasploit and the Kali Linux tool set, Nessus, Qualys guard, nmap, Wireshark and Burp Suite etc. Demonstrate strong manual penetration testing skills and techniques that are required besides automated tools and frameworks Good understanding of embedded systems security testing including firmware security, secure configuration analysis, secure boot, physical port testing (USB, serial, CAN, wireless, etc.,) Knowledge of the secure SDLC and vulnerability/risk lifecycle Knowledge of common vulnerability frameworks such as CVSS, and OWASP top 10 Experience with hardware debug tools and test equipment Solid understanding of network security and penetration testing methodologies Strong problem-solving and critical thinking skills Excellent communication and report writing abilities Certification in a relevant area such as OSCP, OSWP, GPEN, CPTC, or CPTE is highly desired Excellent communication and presentation skills Ability to collaborate effectively as part of a global cross functional team, working independently with minimal supervision.

Role Overview Niva Bupa is looking for seasoned Cybersecurity Experts to safeguard sensitive data, ensure compliance with regulatory frameworks, and strengthen the security posture of our healthcare insurance ecosystem. The role demands strong expertise in threat management, data protection, cloud security, and regulatory compliance with hands-on technical knowledge across the full cybersecurity stack. Key Responsibilities Develop, implement, and maintain enterprise-wide cybersecurity strategy, frameworks, and controls. Monitor, detect, and respond to cyber threats and incidents using SIEM and SOC processes. Conduct Vulnerability Assessments, Penetration Testing (VAPT), Red/Blue/Purple team exercises . Perform digital forensics, root cause analysis, and incident response (IR) lifecycle management. Define and enforce policies for Data Privacy, Identity & Access Management (IAM/PAM), and DLP . Secure infrastructure across network, endpoint, application, database, and cloud environments . Implement security controls for Cloud (AWS, Azure, GCP), Containers (Docker, Kubernetes) . Manage and tune security tools such as Firewalls, WAF, IDS/IPS, EDR, SIEM, SOAR, CASB, DDoS protection . Work with DevOps teams to embed security in CI/CD pipelines ( DevSecOps practices ). Ensure compliance with IRDAI, RBI, GDPR, HIPAA, ISO 27001, NIST, PCI-DSS, SOC2 . Conduct third-party/vendor risk assessments and ensure supply chain security. Lead business continuity & disaster recovery (BCP/DR) from a security standpoint. Drive security awareness programs for employees and stakeholders. Technical Skills Required Core Security Areas Network Security : Firewalls, IDS/IPS, VPN, Zero Trust, SD-WAN, NAC. Endpoint Security : EDR/XDR solutions (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender). Application Security : OWASP Top 10, SAST, DAST, RASP, API security. Cloud Security : CSPM, CWPP, CASB; secure configuration of AWS, Azure, GCP. Identity & Access Management : IAM, PAM (CyberArk, Okta, Ping, Azure AD, SailPoint). Data Protection : DLP solutions, encryption (AES, RSA, TLS, PKI), key management, tokenization. Security Operations : SIEM (Splunk, QRadar, ArcSight, ELK), SOAR, threat hunting, SOC operations. Threat & Vulnerability Management : Qualys, Nessus, Rapid7, Burp Suite, Metasploit. Incident Response & Forensics : EnCase, FTK, Volatility, Wireshark, memory forensics. DevSecOps : Container scanning (Aqua, Twistlock, Snyk), CI/CD pipeline security, IaC scanning. Governance, Risk & Compliance (GRC) : RSA Archer, ServiceNow GRC, ISO/NIST frameworks. Advanced Areas Red/Blue/Purple Teaming : Adversary simulation, MITRE ATT&CK framework. Malware Analysis : Reverse engineering, sandboxing. Blockchain & IoT Security : Secure protocols, device hardening. AI/ML Security : Model poisoning, adversarial attacks (good-to-have for advanced roles). Threat Intelligence : STIX/TAXII, MISP, integrating CTI feeds. Required Qualifications Bachelor’s/Master’s in Computer Science, Information Security, or related discipline. Certifications (one or more preferred): CISSP, CISM, CISA, CRISC (Governance & Risk). CEH, OSCP, OSWE, GPEN (Offensive Security). CCSP, CCSK, AZ-500, AWS Security Specialty (Cloud Security). ISO 27001 LA/LI, PCI-DSS, HIPAA, GDPR compliance certifications. Soft Skills Strong analytical, troubleshooting, and documentation skills. Excellent communication skills to interact with business and technical stakeholders. Ability to handle high-pressure security incidents and provide timely resolution. Leadership capability for senior roles (mentoring SOC teams, driving projects).

Location: Chennai, Tamil Nadu, India Job ID: R0100836 Date Posted: 2025-09-04 Company Name: HITACHI ENERGY TECHNOLOGY SERVICES PRIVATE LIMITED Profession (Job Category): Engineering & Science Job Schedule: Full time Remote: No Job Description: The Opportunity: Hitachi Energy is a global technology leader that is advancing a sustainable energy future for all. We serve customers in the utility, industry and infrastructure sectors with innovative solutions and services across the value chain. Together with customers and partners, we pioneer technologies and enable the digital transformation required to accelerate the energy transition towards a carbon-neutral future. We are advancing the world’s energy system to become more sustainable, flexible, and secure whilst balancing social, environmental, and economic values. Modular Advanced Control for HVDC (MACH™), is the brain in HVDC transmission systems. This system is designed to run 24/7 for thirty years or more, allowing the HVDC system to be controlled and protected in the most reliable way throughout its lifetime. The system consists of Control & Protection Main Computers, Station Control and Monitoring servers, Operator Workstations, Digital Signal Processing units, Input / Output systems and Valve Control Units. How you will make an impact: To evaluate the cyber security functionalities of products and improve the security posture. You will work to fulfill security compliance requirements for the products. You will be responsible to perform Threat modeling/ Security assessment for products. To perform operating system and network devices hardening, to allow only necessary function for products operation. You will be contributing to verification of Cybersecurity functionality on control system components. You will be participating in the Vulnerability handling of the products. You will be responsible for ensure compliance with applicable external and internal regulations, procedures, and guidelines. Living Hitachi Energy’s core values safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business. Your Background: Required Bachelor’s or Post Graduate degree in Engineering Required 2-6 years of experience in Cybersecurity. Good understanding of cybersecurity principles like cybersecurity architecture, defense in depth, default deny, least privilege, compartmentalization, privilege initiation, AAA etc. Good understanding of cybersecurity controls like, IDS/IPS (host/network), hardening, security policies, Malware Protection, Filtering, NGFW etc. Required knowledge in Networking, Patch Management, Security standards like IEC 62443, ISO 27001. Hands-on experience with protocols like HTTP, HTTPS, SSL, SSH, ICMP, DHCP, L2TP, PPTP, DNS, SNMP, RDP, NTP. Hands-on experience in automation using Python, PowerShell and Batch scripts also with Security tools like NMAP, Nessus, Wireshark, etc. Knowledge of protocols like IEC 61850, Goose, Modbus are added advantages, Windows and Virtual Machine Administration. Certifications like MCP/MCITP/MCSE/CEH/CISSP/CISA are advantage. Strong Collaborations, training and mentoring skills. Good interculture sensitivity, sense of ownership and responsibility. Aptitude to learn new Technology. Excellent communication, both verbal & written in English. More about us Excited about a new opportunity? If this sounds like you, we’d like to see your application! Our selection process is ongoing, so don’t wait—apply today! Qualified individuals with a disability may request a reasonable accommodation if you are unable or limited in your ability to use or access the Hitachi Energy career site as a result of your disability. You may request reasonable accommodations by completing a general inquiry form on our website. Please include your contact information and specific details about your required accommodation to support you during the job application process. This is solely for job seekers with disabilities requiring accessibility assistance or an accommodation in the job application process. Messages left for other purposes will not receive a response.

We are seeking a Senior Cybersecurity Analyst with L3-level expertise to join our dynamic team. As a key defender of our clients digital assets, you will lead efforts to protect enterprise networks and infrastructure against an evolving threat landscape. With a focus on early threat detection, in-depth analysis, and ransomware defense, you will monitor security systems, mitigate risks, and ensure the integrity and availability of critical systems. If you thrive in high-stakes environments and have a passion for outsmarting cyber threats, we want you on our team. Key Responsibilities Real-Time Security Monitoring : Implement and manage advanced security monitoring tools to provide visibility into client networks. Analyze logs, alerts, and traffic to detect anomalies and potential threats. Proactive Threat Detection : Utilize SIEM, IDS/IPS, and EDR platforms to identify and triage Indicators of Compromise (IOCs). Validate and prioritize alerts to mitigate risks swiftly. Vulnerability Management : Conduct regular vulnerability assessments and penetration tests to identify weaknesses. Develop and prioritize remediation strategies to strengthen client defenses. Ransomware Defense Leadership : Leverage expertise in ransomware attack vectors and trends to deploy robust controls, including EDR, anti-malware, and email security solutions. Enhance and maintain ransomware-specific incident response plans. Security Infrastructure Management : Configure and maintain firewalls, VPNs, and other security appliances to ensure optimal performance and protection. Incident Response Expertise : Lead containment, eradication, and recovery efforts during security incidents, including ransomware attacks. Perform post-incident analysis to prevent recurrence. Collaboration and Compliance : Work cross-functionally to maintain a secure environment and ensure compliance with industry regulations and standards. What You Bring Bachelors degree in Computer Science, Cybersecurity, or a related field (or equivalent experience). 5+ years of hands-on cybersecurity experience, with proven L3-level expertise in threat detection, incident response, and security operations. Deep knowledge of network security, cryptography, secure coding, and threat modeling. Proficiency with tools such as Wireshark, Nessus, Burp Suite, CrowdStrike, Palo Alto, or similar. Strong experience with SIEM platforms, EDR solutions, and firewall management. Familiarity with cloud security (AWS, Azure, or similar). Exceptional analytical and problem-solving skills. Strong communication skills to articulate complex security concepts to technical and non-technical stakeholders. Bonus Points Industry certifications (e.g., CISSP, CEH, CISM, OSCP, CompTIA Security+). Proficiency in scripting (Python, Bash, PowerShell) for automation. Experience with Zero Trust architecture or secure access solutions (SASE, ZTNA). Knowledge of regulatory compliance frameworks and security audits. Position works for our US based parent organisation TechHeights LLC. Job Types : Full-time, Permanent Schedule Monday to Friday Rotational shift Shift Availability Overnight Shift (Required) Night Shift (Preferred) (ref:hirist.tech)

Job Title: Lead Penetration Tester Location: India (Remote - Travel to Office Once a Month) Job Type: Full-Time Industry: Cybersecurity / Information Technology Work Hours: Standard IST hours Travel: Once a month to client/office location (as required) About the Role: We are seeking an experienced and highly skilled Lead Penetration Tester to lead security assessments, uncover vulnerabilities, and help build secure digital environments. This is a remote-first role with minimal travel (once per month) to our office/client location. You’ll be working closely with security architects, DevOps, and IT teams to identify weaknesses, simulate real-world attacks, and guide remediation efforts. Key Responsibilities: Lead and execute penetration testing engagements across web, mobile, APIs, cloud, and network environments. Develop and manage comprehensive penetration test plans and reporting workflows. Simulate real-world attacks using manual and automated techniques to uncover security flaws. Deliver detailed and prioritized vulnerability reports with actionable remediation guidance. Collaborate with product, infrastructure, and security teams to fix discovered vulnerabilities. Conduct threat modeling and risk assessments on new systems and architectures. Mentor and guide junior penetration testers and security analysts. Stay updated on the latest threat vectors, exploits, and cybersecurity trends. Required Skills & Experience: 6+ years of experience in penetration testing and ethical hacking. Strong knowledge of OWASP Top 10, MITRE ATT&CK, NIST standards, and CVSS scoring. Proficiency in tools like Burp Suite, Metasploit, Nmap, Nessus, Wireshark, and Kali Linux. Solid understanding of application security, network protocols, authentication mechanisms, and secure coding principles. Experience in testing APIs (REST, SOAP), mobile apps (Android/iOS), and cloud platforms (AWS, Azure, GCP). Familiarity with scripting languages (Python, Bash, PowerShell). Strong report writing and documentation skills. Good communication and stakeholder management capabilities. Preferred Qualifications: Certifications such as OSCP, OSWE, GPEN, CEH (Practical), or equivalent. Exposure to CI/CD pipelines and DevSecOps integration. Experience working with bug bounty platforms and responsible disclosure processes.

A career in our Cybersecurity, Privacy and Forensics will provide you the opportunity to solve our clients most critical business and data protection related challenges. You will be part of a growing team driving strategic programs, data analytics, innovation, deals, cyber resilency, response, and technical implementation activities. You will have access to not only the top Cybersecurity, Privacy and Forensics professionals at PwC, but at our clients and industry analysts across the globe. The Cyber Penetration Testing (CPT2) team focuses on delivering threat actor simulation services, device or application assessments, and penetration tests. You will help clients understand the tangible risks they face from a variety of threat actors and what they target to include different postures, scenarios, or targeted assets. Working as a member of CPT2 also provides the opportunity to directly help clients enhance or tune their preventative, and detective controls on a proactive basis. Our team focuses on assessment and recommendation services that blend deep technical manual tradecraft with targeted automation to simulate real threats to a client’s environments. As a part of this center of excellence, you will drive change at PwC’s clients by providing risk outside of the theoretical while contributing to the technical acumen of the practice and amplifying your own personal capabilities. To really stand out and make us fit for the future in a constantly changing world, each and every one of us at PwC needs to be an authentic and inclusive leader, at all grades/levels and in all lines of service. To help us achieve this we have the PwC Professional; our global leadership development framework. It gives us a single set of expectations across our lines, geographies and career paths, and provides transparency on the skills we need as individuals to be successful and progress in our careers, now and in the future. Responsibilities As a Senior Associate, you'll work as part of a team of problem solvers, helping to solve complex business issues from strategy to execution. PwC Professional skills and responsibilities for this management level include but are not limited to: Use feedback and reflection to develop self awareness, personal strengths and address development areas. Delegate to others to provide stretch opportunities and coach to help deliver results. Develop new ideas and propose innovative solutions to problems. Use a broad range of tools and techniques to extract insights from from current trends in business area. Review your work and that of others for quality, accuracy and relevance. Share relevant thought leadership. Use straightforward communication, in a structured way, when influencing others. Able to read situations and modify behavior to build quality, diverse relationships. Uphold the firm's code of ethics and business conduct. Job Description –Senior Associate, Cybersecurity (Penetration Testing) Role: Penetration Testing –Senior Associate Years of Experience : 4 to 8 years Minimum Degree Required: Bachelor’s or master’s degree in Computer Science/Communications or related field from reputed Indian universities Certification(s) Preferred: Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), Certified as GIAC Web Application Penetration Tester (GWAPT). Required Experience 4-8 years of industry experience in Web and Mobile Application security assessment Familiarity with application security guidelines/requirements from OWASP, OSSTMM, NIST CSF Experience in security assessment activities within a client’s environment, emphasizing manual stealthy testing techniques using commercially / freely available offensive security tools and utilities built into operating systems Hands on experience on security testing tools, such as Burp Suite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, Web Inspect or other tools included within the Kali Linux distribution Should have common programming and scripting skills such as Python, PowerShell, Ruby, Perl, Bash, JavaScript, or VBScript Must have in-depth knowledge of modern web and mobile applications Good knowledge of security fundamentals, Networking protocols, TCP/IP stack, systems architecture, and operating systems Good understanding of cloud technologies and its security best practices Additional Qualifications Good to have experience in presenting at national and international security conferences/events Required Communication, Presentations And General Skills Excellent communication skills and executive presence that enable effective engagement with senior stakeholders Excellent written skills, ability to interpret a security scenario & document a summary Participating actively in client discussions and meetings and communicating a broad range of potential add-on services based on identified weaknesses Demonstrates proven extensive abilities with leveraging creative thinking and problem-solving skills, individual initiative Communicating in an organized and knowledgeable manner in written and verbal formats including delivering clear requests for information and communicating potential conflicts Must communicate consistently and drive objectives, relying on fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance Good presentation, project management, facilitation and delivery skills as well as strong analytical and problem-solving capabilities Develop/Implement automation solutions and capabilities that are clearly aligned to client business, technology and threat posture Demonstrates ability to track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in client’s security strategy plans and architecture artifacts Professional and Educational Background Bachelor's Degree Preferred.

About the Role: 10 The Team: S&P Global is a leader in credit ratings, benchmarks and analytics for the global capital and commodity markets. Reporting to the Audit Director, you will be part of a global and diverse Audit team with coverage for enterprise-wide Applications. The S&P Global Internal Audit function is a global team with auditors located in the U.S., London, India, Tokyo, & Taiwan. The Divisional Technology Audit team is a critical unit of the global audit function and performs audits focusing on S&P Global Technologies (IT Applications and Information Security). The Impact: This role will be part of the IT Application audit team, focusing on audit plan management and execution of Technology audits globally. This role will provide you with a companywide perspective of the state of the internal technology environment and act in a trusted advisory capacity. What's in it for you: This role provides extraordinary learning opportunities and interacts with senior management across the Company. If you're right for this role, you will interact, meet and work with several key stakeholders in interesting and meaningful engagements. You'll love this job because it provides new opportunities for professional growth daily. You will leverage cutting edge digital next generation capabilities, including AI and data analytics practices to improve the audit activities. This role will be primarily accountable for S&P Global annual audit plan development and internal audits execution (planning, fieldwork and reporting phases). You will be responsible for performing annual and on-going risk assessment activities focused on Applications, Information and Cyber Security and the associated risks for S&P Global worldwide. The incumbent will be expected to conduct an independent audit and work effectively with members of the Audit Leadership team. Responsibilities: Lead application security audits, ensuring the efficient and timely execution of the approved Audit Plan. Conduct comprehensive security audits, including penetration testing, to identify vulnerabilities across applications, infrastructure, databases, operating systems, and cloud environments. Execute end-to-end audits in alignment with the annual audit plan, ensuring timely completion. Review audit outcomes and results, collaborating with key auditees to agree on remedial action plans and facilitate smooth audit processes. Leverage data analytics and automation to enhance the efficiency and quality of audit execution. Collaborate with key stakeholders within the divisional technology functions to enhance audit effectiveness. Stay informed about best practices in information security audits to ensure continuous improvement. Keep abreast of emerging security threats, trends, and technologies to enhance security posture and refine internal audit processes. What We're Looking For: 5+ years of experience handling several technology audits including web applications. Experience with a Big 4 firm would be an advantage. Experience in conducting penetration testing using tools such as Burp suite, Metasploit, NMAP, Nessus, etc. Exposure to Python programming and awareness of generative AI technologies. Knowledge of risk management frameworks and proficient in carrying out in-depth Applications security including configurations. Strong knowledge of cloud security and best practices for cloud penetration testing. Familiarity with data analytics tools such as Alteryx, Power BI, and Tableau is an advantage. Excellent report writing skills Strong written and oral communication, approachable style, and well-developed negotiation and listening skills Demonstrated experience in strong work ethic, initiative, teamwork, and flexibility in meeting department goals. Excellent team collaboration skills to deliver results, innovate and strive for excellence. Basic Qualifications: A Bachelor / master's degree in information technology or computer science or related major Preferred Qualifications: Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional - CISSP, CEH, Red Team, or Equivalent. At S&P Global, we don't give you intelligence, we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We're the world's foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Commodity Insights, S&P Mobility. For more information, visit What's In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology-the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwide-so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We're committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We're constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you can take care of business. We care about our people. That's why we provide everything you-and your career-need to thrive at S&P Global. Our benefits include: Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It's not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards-small perks can make a big difference. For more information on benefits by country visit: Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert: If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, pre-employment training or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group)

Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – More than 5years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing. Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred Professional and Technical Expertise : Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. . Preferred technical and professional experience Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

About the Role: Grade Level (for internal use): 10 The Team: S&P Global is a leader in credit ratings, benchmarks and analytics for the global capital and commodity markets. Reporting to the Audit Director, you will be part of a global and diverse Audit team with coverage for enterprise-wide Applications. The S&P Global Internal Audit function is a global team with auditors located in the U.S., London, India, Tokyo, & Taiwan. The Divisional Technology Audit team is a critical unit of the global audit function and performs audits focusing on S&P Global Technologies (IT Applications and Information Security). The Impact: This role will be part of the IT Application audit team, focusing on audit plan management and execution of Technology audits globally. This role will provide you with a companywide perspective of the state of the internal technology environment and act in a trusted advisory capacity. What’s in it for you: This role provides extraordinary learning opportunities and interacts with senior management across the Company. If you’re right for this role, you will interact, meet and work with several key stakeholders in interesting and meaningful engagements. You’ll love this job because it provides new opportunities for professional growth daily. You will leverage cutting edge digital next generation capabilities, including AI and data analytics practices to improve the audit activities. This role will be primarily accountable for S&P Global annual audit plan development and internal audits execution (planning, fieldwork and reporting phases). You will be responsible for performing annual and on-going risk assessment activities focused on Applications, Information and Cyber Security and the associated risks for S&P Global worldwide. The incumbent will be expected to conduct an independent audit and work effectively with members of the Audit Leadership team. Responsibilities: Lead application security audits, ensuring the efficient and timely execution of the approved Audit Plan. Conduct comprehensive security audits, including penetration testing, to identify vulnerabilities across applications, infrastructure, databases, operating systems, and cloud environments. Execute end-to-end audits in alignment with the annual audit plan, ensuring timely completion. Review audit outcomes and results, collaborating with key auditees to agree on remedial action plans and facilitate smooth audit processes. Leverage data analytics and automation to enhance the efficiency and quality of audit execution. Collaborate with key stakeholders within the divisional technology functions to enhance audit effectiveness. Stay informed about best practices in information security audits to ensure continuous improvement. Keep abreast of emerging security threats, trends, and technologies to enhance security posture and refine internal audit processes. What We’re Looking For: 5+ years of experience handling several technology audits including web applications. Experience with a Big 4 firm would be an advantage. Experience in conducting penetration testing using tools such as Burp suite, Metasploit, NMAP, Nessus, etc. Exposure to Python programming and awareness of generative AI technologies. Knowledge of risk management frameworks and proficient in carrying out in-depth Applications security including configurations. Strong knowledge of cloud security and best practices for cloud penetration testing. Familiarity with data analytics tools such as Alteryx, Power BI, and Tableau is an advantage. Excellent report writing skills Strong written and oral communication, approachable style, and well-developed negotiation and listening skills Demonstrated experience in strong work ethic, initiative, teamwork, and flexibility in meeting department goals. Excellent team collaboration skills to deliver results, innovate and strive for excellence. Basic Qualifications: A Bachelor / master’s degree in information technology or computer science or related major Preferred Qualifications: Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional – CISSP, CEH, Red Team, or Equivalent. About S&P Global Corporate: At S&P Global, we don’t give you intelligence, we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We’re the world’s foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Commodity Insights, S&P Mobility. For more information, visit www.spglobal.com ​ S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or other legally protected categories, subject to applicable law. What’s In It For You? Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global. Our benefits include: Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert: If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com . S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here . ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group) Job ID: 319659 Posted On: 2025-09-03 Location: Hyderabad, Telangana, India

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role As a System Administrator at Kyndryl, you’ll solve complex problems and identify potential future issues across the spectrum of platforms and services. You’ll be at the forefront of new technology and modernization, working with some of our biggest clients – which means some of the biggest in the world. There’s never a typical day as a System Administrator at Kyndryl, because no two projects are alike. You’ll be managing systems data for clients and providing day-to-day solutions and security compliance. You’ll oversee a queue of assignments and work directly with technicians, prioritizing tickets to deliver the best solutions to our clients. One of the benefits of Kyndryl is that we work with clients in a variety of industries, from banking to retail. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. You’ll also get the chance to share your expertise by recommending modernization options, identifying new business opportunities, and cultivating relationships with other teams and stakeholders. Does the work get challenging at times? Yes! But you’ll collaborate with a diverse group of talented people and gain invaluable management and organizational skills, which will come in handy as you move forward in your career. Your future at Kyndryl Every position at Kyndryl offers a way forward to grow your career, from Junior System Administrator to Architect. We have opportunities for Cloud Hyperscalers that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. One of the benefits of Kyndryl is that we work with clients in a variety of industries, from banking to retail. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Expertise 5+ Years of experience in IT / IT Security & Compliance role. In depth & Hands on Knowledge of Latest Vulnerability Assessment & Risk Prioritization process and tools like Qualys, Nessus, Skybox, Kenna, Rapid7 & Metasploit. Ability to respond appropriately in case of Cyber Security Incidents as per Response & Remediation SLAs Knowledge of identifying IT Threats proactively. Understanding of Network Devices like Firewall, Switches, routers, Micro-segmentation etc. Understanding of Servers, Databases & Application Security basics & hardening procedures. Knowledge of Windows as well as Non-Windows OS Platforms. Vulnerability gaps assessments, patch recommendations to close gaps Knowledge of CIS, NIST, DoT regulatory understanding etc. based hardening of infrastructure (both on premise and cloud) Knowledge of latest technologies and Cloud Security, CSPM, Micro-segmentation. Identify, assess, track and report on security risks and issues identified in due diligence processes, self-assessments, architectural reviews, change management, cyber exercises, reviews, and audits. Ideate and leverage Gen AI to identify and visualize cybersecurity risk at scale Cloud Risk and Compliance Management Understanding of security design principles, controls, guardrails, across multi cloud platforms Well versed with the Zero Trust Architecture Framework and implementation and maturity Partner with Technology, Cloud, Infrasec, Info-Sec and Gen AI engineering teams, in both leading and supporting capacities. Preferred Technical and Professional Experience Automation experience, especially IaaS (infrastructure as a code) Vulnerability management Microsoft Active Directory and federation services Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world. Attack & Penetration Testing - Senior As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills And Attributes For Success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pentest Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 3 years of work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 3-9 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, you’ll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

About The Role Grade Level (for internal use): 10 The Team S&P Global is a leader in credit ratings, benchmarks and analytics for the global capital and commodity markets. Reporting to the Audit Director, you will be part of a global and diverse Audit team with coverage for enterprise-wide Applications. The S&P Global Internal Audit function is a global team with auditors located in the U.S., London, India, Tokyo, & Taiwan. The Divisional Technology Audit team is a critical unit of the global audit function and performs audits focusing on S&P Global Technologies (IT Applications and Information Security). The Impact This role will be part of the IT Application audit team, focusing on audit plan management and execution of Technology audits globally. This role will provide you with a companywide perspective of the state of the internal technology environment and act in a trusted advisory capacity. What’s In It For You This role provides extraordinary learning opportunities and interacts with senior management across the Company. If you’re right for this role, you will interact, meet and work with several key stakeholders in interesting and meaningful engagements. You’ll love this job because it provides new opportunities for professional growth daily. You will leverage cutting edge digital next generation capabilities, including AI and data analytics practices to improve the audit activities. This role will be primarily accountable for S&P Global annual audit plan development and internal audits execution (planning, fieldwork and reporting phases). You will be responsible for performing annual and on-going risk assessment activities focused on Applications, Information and Cyber Security and the associated risks for S&P Global worldwide. The incumbent will be expected to conduct an independent audit and work effectively with members of the Audit Leadership team. Responsibilities Lead application security audits, ensuring the efficient and timely execution of the approved Audit Plan. Conduct comprehensive security audits, including penetration testing, to identify vulnerabilities across applications, infrastructure, databases, operating systems, and cloud environments. Execute end-to-end audits in alignment with the annual audit plan, ensuring timely completion. Review audit outcomes and results, collaborating with key auditees to agree on remedial action plans and facilitate smooth audit processes. Leverage data analytics and automation to enhance the efficiency and quality of audit execution. Collaborate with key stakeholders within the divisional technology functions to enhance audit effectiveness. Stay informed about best practices in information security audits to ensure continuous improvement. Keep abreast of emerging security threats, trends, and technologies to enhance security posture and refine internal audit processes. What We’re Looking For 5+ years of experience handling several technology audits including web applications. Experience with a Big 4 firm would be an advantage. Experience in conducting penetration testing using tools such as Burp suite, Metasploit, NMAP, Nessus, etc. Exposure to Python programming and awareness of generative AI technologies. Knowledge of risk management frameworks and proficient in carrying out in-depth Applications security including configurations. Strong knowledge of cloud security and best practices for cloud penetration testing. Familiarity with data analytics tools such as Alteryx, Power BI, and Tableau is an advantage. Excellent report writing skills Strong written and oral communication, approachable style, and well-developed negotiation and listening skills Demonstrated experience in strong work ethic, initiative, teamwork, and flexibility in meeting department goals. Excellent team collaboration skills to deliver results, innovate and strive for excellence. Basic Qualifications A Bachelor / master’s degree in information technology or computer science or related major Preferred Qualifications Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional – CISSP, CEH, Red Team, or Equivalent. About S&P Global Corporate At S&P Global, we don’t give you intelligence, we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We’re the world’s foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Commodity Insights, S&P Mobility. For more information, visit www.spglobal.com S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or other legally protected categories, subject to applicable law. What’s In It For You? Our Purpose Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress. Our People We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global. Our Benefits Include Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring And Opportunity At S&P Global At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here. Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group) Job ID: 319659 Posted On: 2025-09-03 Location: Hyderabad, Telangana, India

About the Role: Grade Level (for internal use): 10 The Team: S&P Global is a leader in credit ratings, benchmarks and analytics for the global capital and commodity markets. Reporting to the Audit Director, you will be part of a global and diverse Audit team with coverage for enterprise-wide Applications. The S&P Global Internal Audit function is a global team with auditors located in the U.S., London, India, Tokyo, & Taiwan. The Divisional Technology Audit team is a critical unit of the global audit function and performs audits focusing on S&P Global Technologies (IT Applications and Information Security). The Impact: This role will be part of the IT Application audit team, focusing on audit plan management and execution of Technology audits globally. This role will provide you with a companywide perspective of the state of the internal technology environment and act in a trusted advisory capacity. What’s in it for you: This role provides extraordinary learning opportunities and interacts with senior management across the Company. If you’re right for this role, you will interact, meet and work with several key stakeholders in interesting and meaningful engagements. You’ll love this job because it provides new opportunities for professional growth daily. You will leverage cutting edge digital next generation capabilities, including AI and data analytics practices to improve the audit activities. This role will be primarily accountable for S&P Global annual audit plan development and internal audits execution (planning, fieldwork and reporting phases). You will be responsible for performing annual and on-going risk assessment activities focused on Applications, Information and Cyber Security and the associated risks for S&P Global worldwide. The incumbent will be expected to conduct an independent audit and work effectively with members of the Audit Leadership team. Responsibilities: Lead application security audits, ensuring the efficient and timely execution of the approved Audit Plan. Conduct comprehensive security audits, including penetration testing, to identify vulnerabilities across applications, infrastructure, databases, operating systems, and cloud environments. Execute end-to-end audits in alignment with the annual audit plan, ensuring timely completion. Review audit outcomes and results, collaborating with key auditees to agree on remedial action plans and facilitate smooth audit processes. Leverage data analytics and automation to enhance the efficiency and quality of audit execution. Collaborate with key stakeholders within the divisional technology functions to enhance audit effectiveness. Stay informed about best practices in information security audits to ensure continuous improvement. Keep abreast of emerging security threats, trends, and technologies to enhance security posture and refine internal audit processes. What We’re Looking For: 5+ years of experience handling several technology audits including web applications. Experience with a Big 4 firm would be an advantage. Experience in conducting penetration testing using tools such as Burp suite, Metasploit, NMAP, Nessus, etc. Exposure to Python programming and awareness of generative AI technologies. Knowledge of risk management frameworks and proficient in carrying out in-depth Applications security including configurations. Strong knowledge of cloud security and best practices for cloud penetration testing. Familiarity with data analytics tools such as Alteryx, Power BI, and Tableau is an advantage. Excellent report writing skills Strong written and oral communication, approachable style, and well-developed negotiation and listening skills Demonstrated experience in strong work ethic, initiative, teamwork, and flexibility in meeting department goals. Excellent team collaboration skills to deliver results, innovate and strive for excellence. Basic Qualifications: A Bachelor / master’s degree in information technology or computer science or related major Preferred Qualifications: Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional – CISSP, CEH, Red Team, or Equivalent. About S&P Global Corporate: At S&P Global, we don’t give you intelligence, we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We’re the world’s foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Commodity Insights, S&P Mobility. For more information, visit www.spglobal.com ​ S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or other legally protected categories, subject to applicable law. What’s In It For You? Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global. Our benefits include: Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert: If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com . S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here . ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group) Job ID: 319659 Posted On: 2025-09-03 Location: Hyderabad, Telangana, India

Lead - Internal Audit Hyderabad, India Finance 319659 Job Description About The Role: Grade Level (for internal use): 10 The Team: S&P Global is a leader in credit ratings, benchmarks and analytics for the global capital and commodity markets. Reporting to the Audit Director, you will be part of a global and diverse Audit team with coverage for enterprise-wide Applications. The S&P Global Internal Audit function is a global team with auditors located in the U.S., London, India, Tokyo, & Taiwan. The Divisional Technology Audit team is a critical unit of the global audit function and performs audits focusing on S&P Global Technologies (IT Applications and Information Security). The Impact: This role will be part of the IT Application audit team, focusing on audit plan management and execution of Technology audits globally. This role will provide you with a companywide perspective of the state of the internal technology environment and act in a trusted advisory capacity. What’s in it for you: This role provides extraordinary learning opportunities and interacts with senior management across the Company. If you’re right for this role, you will interact, meet and work with several key stakeholders in interesting and meaningful engagements. You’ll love this job because it provides new opportunities for professional growth daily. You will leverage cutting edge digital next generation capabilities, including AI and data analytics practices to improve the audit activities. This role will be primarily accountable for S&P Global annual audit plan development and internal audits execution (planning, fieldwork and reporting phases). You will be responsible for performing annual and on-going risk assessment activities focused on Applications, Information and Cyber Security and the associated risks for S&P Global worldwide. The incumbent will be expected to conduct an independent audit and work effectively with members of the Audit Leadership team. Responsibilities: Lead application security audits, ensuring the efficient and timely execution of the approved Audit Plan. Conduct comprehensive security audits, including penetration testing, to identify vulnerabilities across applications, infrastructure, databases, operating systems, and cloud environments. Execute end-to-end audits in alignment with the annual audit plan, ensuring timely completion. Review audit outcomes and results, collaborating with key auditees to agree on remedial action plans and facilitate smooth audit processes. Leverage data analytics and automation to enhance the efficiency and quality of audit execution. Collaborate with key stakeholders within the divisional technology functions to enhance audit effectiveness. Stay informed about best practices in information security audits to ensure continuous improvement. Keep abreast of emerging security threats, trends, and technologies to enhance security posture and refine internal audit processes. What We’re Looking For: 5+ years of experience handling several technology audits including web applications. Experience with a Big 4 firm would be an advantage. Experience in conducting penetration testing using tools such as Burp suite, Metasploit, NMAP, Nessus, etc. Exposure to Python programming and awareness of generative AI technologies. Knowledge of risk management frameworks and proficient in carrying out in-depth Applications security including configurations. Strong knowledge of cloud security and best practices for cloud penetration testing. Familiarity with data analytics tools such as Alteryx, Power BI, and Tableau is an advantage. Excellent report writing skills Strong written and oral communication, approachable style, and well-developed negotiation and listening skills Demonstrated experience in strong work ethic, initiative, teamwork, and flexibility in meeting department goals. Excellent team collaboration skills to deliver results, innovate and strive for excellence. Basic Qualifications: A Bachelor / master’s degree in information technology or computer science or related major Preferred Qualifications: Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional – CISSP, CEH, Red Team, or Equivalent. About S&P Global Corporate: At S&P Global, we don’t give you intelligence, we give you essential intelligence. The essential intelligence you need to make decisions with conviction. We’re the world’s foremost provider of credit ratings, benchmarks and analytics in the global capital and commodity markets. Our divisions include S&P Global Ratings, S&P Global Market Intelligence, S&P Dow Jones Indices and S&P Global Commodity Insights, S&P Mobility. For more information, visit www.spglobal.com S&P Global is an equal opportunity employer committed to making all employment decisions without regard to race/ethnicity, gender, pregnancy, gender identity or expression, color, creed, religion, national origin, age, disability, marital status (including domestic partnerships and civil unions), sexual orientation, military veteran status, unemployment status, or other legally protected categories, subject to applicable law. What’s In It For You? Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technology–the right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence®, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwide—so we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. From finding new ways to measure sustainability to analyzing energy transition across the supply chain to building workflow solutions that make it easy to tap into insight and apply it. We are changing the way people see things and empowering them to make an impact on the world we live in. We’re committed to a more equitable future and to helping our customers find new, sustainable ways of doing business. We’re constantly seeking new solutions that have progress in mind. Join us and help create the critical insights that truly make a difference. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you can take care of business. We care about our people. That’s why we provide everything you—and your career—need to thrive at S&P Global. Our benefits include: Health & Wellness: Health care coverage designed for the mind and body. Flexible Downtime: Generous time off helps keep you energized for your time on. Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills. Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference. For more information on benefits by country visit: https://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected and engaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. Recruitment Fraud Alert: If you receive an email from a spglobalind.com domain or any other regionally based domains, it is a scam and should be reported to reportfraud@spglobal.com. S&P Global never requires any candidate to pay money for job applications, interviews, offer letters, “pre-employment training” or for equipment/delivery of equipment. Stay informed and protect yourself from recruitment fraud by reviewing our guidelines, fraudulent domains, and how to report suspicious activity here. - Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to: EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only: The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf - 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group) Job ID: 319659 Posted On: 2025-09-03 Location: Hyderabad, Telangana, India

Job Title: Specialist I, Cyber Defense Operation Centre (TCF) Job Description We are looking for an experienced and proactive SOC Analyst – Level 2 (L2) to join our Managed Security Services Provider (MSSP) team. In this role, you will handle advanced security investigations, lead incident response for escalated cases, fine-tune detection capabilities, and mentor L1 analysts. You will be expected to have strong technical expertise across security platforms, incident handling processes, and threat analysis to ensure timely and accurate response to security incidents in a 24x7 environment. Key Responsibilities Investigate and respond to escalated security incidents from L1 analysts, ensuring timely containment, eradication, and recovery. Perform in-depth log and packet analysis to identify root causes and attack vectors. Correlate alerts across multiple data sources (SIEM, EDR, IDS/IPS, cloud, threat intel) for context-rich investigations. Conduct malware analysis (static/dynamic) and assess potential impact on client systems. Create and refine incident response playbooks, use cases, and correlation rules. Collaborate with threat intelligence teams to enrich investigations and proactively identify emerging threats. Lead the onboarding and configuration validation for new clients and POCs. Support tuning of SIEM and EDR rules to reduce false positives and improve detection accuracy. Mentor and provide technical guidance to L1 analysts, ensuring knowledge transfer and skill growth. Document detailed investigation reports for incidents, ensuring compliance with client and regulatory requirements. Tools & Technologies (proficiency in several is required) SIEM: Palo Alto XSIAM/XDR, Splunk, Microsoft Sentinel, QRadar, LogRhythm EDR: CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint, Palo Alto Cortex XDR Network Security: IDS/IPS (Snort, Suricata), Next-Gen Firewalls (Palo Alto, Fortinet, Cisco) Threat Intelligence: VirusTotal, Anomali ThreatStream, Recorded Future, MISP Forensics: FTK, EnCase, Volatility, Autopsy (awareness) Case Management: ServiceNow, JIRA, TheHive Cloud Security: AWS Security Hub, Azure Security Center, GCP Security Command Center Vulnerability Management: Qualys, Tenable Nessus, Rapid7 InsightVM Required Skills & Qualifications Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). Experience: 2–4 years in a SOC, incident response, or security operations role. Strong understanding of cyber attack techniques, MITRE ATT&CK framework, and incident handling methodologies. Proficiency in log analysis, endpoint forensics, and network traffic analysis. Experience with SIEM and EDR tool configuration, alert tuning, and custom rule creation. Working knowledge of scripting languages (Python, PowerShell, Bash) for automation and analysis is a plus. Preferred Certifications: GCIA, GCIH, CEH, CompTIA CySA+, Microsoft SC-200, or equivalent. Key Attributes for Success Strong problem-solving skills and ability to work on complex incidents under pressure. Excellent written and verbal communication for clear incident reporting and stakeholder updates. Collaborative mindset with the ability to mentor junior analysts and contribute to team development. Proactive in learning and adapting to evolving threats, tools, and best practices. Location: IND Gurgaon - Bld 14 IT SEZ Unit 1, 17th C & D and Gd Flr D Language Requirements: Time Type: Full time If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents R1649251

Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels. Job Purpose The purpose of this job role is to manage Information Security – Internal & External Vulnerability Assessment, Penetration Testing, Application Security Assessment, Source code review follow up, Wireless PT, ATM/POS security Assessment, Secure Configuration Review, Vulnerability management domains to enhance threat detection and mitigation capabilities within the Bank. This role is additionally responsible for enhancing cyber assurance and appropriate regulatory reporting of cyber security aspects. Key Accountabilities  Vulnerability management and Penetration Testing  Application security  Virtualization and container technologies (Docker, Kubernetes, OpenShift).  API Security  CI/CD assessment  IS Related compliance and regulatory reporting Vulnerability Management Job Duties & responsibilities  Manage periodic internal and external VA scanning for the bank’s production systems.  Analyze and report/present the vulnerabilities to multiple stakeholders for remediation and prioritization  Maintain intelligence network to discover any reported exploits, zero day vulnerabilities and its applicability to Bank.  Experience with tools such as Rapid7, Nessus, Metasploit, QualysGuard, etc. Security Testing & Application Security  Manage annual security testing program for the existing and new production systems.  Maintain tools and environment to support security testing, working with internal teams and consultants as required  Collaboratively work with Application Development / Security Mavens and guide them to follow the Security gates set in the Organization’s SDL.  Evaluate internal Technology Risk Processes as it relates to App Pentest, FOSS, Fortify SCA and provide process governance as well as though leadership concerning adjusting to future needs  Liaison with customer relation and team responsible to address the external requests related to AppSec  Coordinate Security Mavens training and manage monthly meetings  Manage and update Key Performance Indicators (KPI’s) for the Application Security Assurance Program  Coordinate with team members and TRM policy management to ensure control standards and policies are up to date  Manage the application security threat modeling process and coordinate application threat models against the Organization’s applications  Liaison with various internal teams (Application Development, IT Architecture, Corp. Procurement Services, Source Code Management, IT Asset Management) for Application security initiatives and automation efforts).  Manage new projects and initiatives related to application security as needs arise  Evangelize application security within the firm and work with Application Development Security Mavens to incorporate new program direction into applications  Coordinate with ASAP team members to track internal audit and regulatory assessments and address requests related to the Application Pentest, SAST ,DAST and SCR (Source code review)  Conduct presentations on application security topics for TRM and AD management  Provides regular status updates on all assigned tasks and deliverables.  Maintains issue logs, tracks/follows up on problems.  Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behaviour. Requirements  Overall 6+ years on experience in Information/Cyber Security  Experience in vulnerability management and application security for 4+ years  Experience in managing 5+ members team which may include vendor teams  Candidate should have worked in BFSI (preferred) Education / Preferred Qualifications  Graduation: BE IT/Computers/Electronics, B.Sc - Computers, M.Sc - Computers  Post-Graduation: PGDIT, MCA, MBA  Certification like CISSP, CISM, SANS, OSCP/OSCE and CREST (Prefered) Core Competencies  Excellent analytical and decision-making skill sets  Effective in Communication, documentation and report writing skills  Ability to consult and validate solutions to mitigates risks to business and systems Technical Competencies  VAPT - Rapid7, Nessus, Metasploit, QualysGuard, Burpsuite ,CI/CD tool etc.  Technical working knowledge (WAF, HIDS, IPS, Firewall, Networking Primary Location India-Tamil Nadu-Technology Centre Job Technology Schedule Regular Job Type Full-time Job Posting Sep 1, 2025, 8:00:00 AM

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role As a System Administrator at Kyndryl, you’ll solve complex problems and identify potential future issues across the spectrum of platforms and services. You’ll be at the forefront of new technology and modernization, working with some of our biggest clients – which means some of the biggest in the world. There’s never a typical day as a System Administrator at Kyndryl, because no two projects are alike. You’ll be managing systems data for clients and providing day-to-day solutions and security compliance. You’ll oversee a queue of assignments and work directly with technicians, prioritizing tickets to deliver the best solutions to our clients. One of the benefits of Kyndryl is that we work with clients in a variety of industries, from banking to retail. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. You’ll also get the chance to share your expertise by recommending modernization options, identifying new business opportunities, and cultivating relationships with other teams and stakeholders. Does the work get challenging at times? Yes! But you’ll collaborate with a diverse group of talented people and gain invaluable management and organizational skills, which will come in handy as you move forward in your career. Your future at Kyndryl Every position at Kyndryl offers a way forward to grow your career, from Junior System Administrator to Architect. We have opportunities for Cloud Hyperscalers that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. One of the benefits of Kyndryl is that we work with clients in a variety of industries, from banking to retail. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Expertise 5+ Years of experience in IT / IT Security & Compliance role. In depth & Hands on Knowledge of Latest Vulnerability Assessment & Risk Prioritization process and tools like Qualys, Nessus, Skybox, Kenna, Rapid7 & Metasploit. Ability to respond appropriately in case of Cyber Security Incidents as per Response & Remediation SLAs Knowledge of identifying IT Threats proactively. Understanding of Network Devices like Firewall, Switches, routers, Micro-segmentation etc. Understanding of Servers, Databases & Application Security basics & hardening procedures. Knowledge of Windows as well as Non-Windows OS Platforms. Vulnerability gaps assessments, patch recommendations to close gaps Knowledge of CIS, NIST, DoT regulatory understanding etc. based hardening of infrastructure (both on premise and cloud) Knowledge of latest technologies and Cloud Security, CSPM, Micro-segmentation. Identify, assess, track and report on security risks and issues identified in due diligence processes, self-assessments, architectural reviews, change management, cyber exercises, reviews, and audits. Ideate and leverage Gen AI to identify and visualize cybersecurity risk at scale Cloud Risk and Compliance Management Understanding of security design principles, controls, guardrails, across multi cloud platforms Well versed with the Zero Trust Architecture Framework and implementation and maturity Partner with Technology, Cloud, Infrasec, Info-Sec and Gen AI engineering teams, in both leading and supporting capacities. Preferred Technical And Professional Experience Automation experience, especially IaaS (infrastructure as a code) Vulnerability management Microsoft Active Directory and federation services Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Assistant/Associate Professor – Computer Science (Cyber Security) Department: Computer Science & Engineering Location: NIILM University, Kaithal, Haryana Job Type: Full-time | Regular Joining Date: Immediate ________________________________________ Minimum Qualifications & Experience · Master’s Degree (M.Tech/M.S) in Computer Science, Information Security, Cyber Security, or related field from a recognized university. · Ph.D. in Computer Science/Cyber Security preferred. · Minimum 2 years of teaching, research, or relevant industry experience in cyber security or allied domains. · Strong academic record; publications in peer-reviewed journals will be an added advantage. · Candidates should meet UGC/AICTE norms as applicable. ________________________________________ Key Responsibilities · Teach undergraduate and postgraduate courses in Computer Science with specialization in Cyber Security. · Develop, update, and deliver curriculum aligned with the latest trends in Cyber Security, AI, and Cloud Security. · Guide students in academic projects, research, and internships related to Cyber Security. · Engage in independent and collaborative research; publish in reputed journals and conferences. · Conduct practical sessions in security labs, focusing on Ethical Hacking, Network Security, Cryptography, and Incident Response. · Mentor students for academic and professional growth in security careers. · Organize workshops, seminars, hackathons, and guest lectures on Cyber Security. · Participate in departmental and university-level committees and academic initiatives. ________________________________________ Desirable Qualifications & Skills · Expertise in Cyber Security domains: Network Security, Ethical Hacking, Digital Forensics, Malware Analysis, Cloud & IoT Security. · Proficiency in tools and frameworks such as Kali Linux, Wireshark, Metasploit, Burp Suite, Nessus, and SIEM tools. · Knowledge of programming languages (Python, C/C++, Java) and scripting for security automation. · Familiarity with security certifications (CEH, CISSP, OSCP, etc.) is an advantage. · Excellent communication, analytical, and problem-solving skills. · Ability to collaborate on research and consultancy projects in Cyber Security. ________________________________________ Pay Scale ₹30,000 – ₹70,000 per month (commensurate with qualifications and experience). ________________________________________ Application Process Interested candidates should submit the following to hr@niilmuniversity.ac.in with the subject line: Application – Assistant/Associate Professor (Computer Science – Cyber Security) Updated CV Cover Letter mentioning the position applied for Scanned copies of academic and experience certificates Job Type: Full-time Pay: ₹30,217.45 - ₹70,036.40 per month Benefits: Paid time off Provident Fund Work Location: In person

Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.Job PurposeThe purpose of this job role is to manage Information Security – Internal & External Vulnerability Assessment, Penetration Testing, Application Security Assessment, Source code review follow up, Wireless PT, ATM/POS security Assessment, Secure Configuration Review, Vulnerability management domains to enhance threat detection and mitigation capabilities within the Bank. This role is additionally responsible for enhancing cyber assurance and appropriate regulatory reporting of cyber security aspects.Key Accountabilities Vulnerability management and Penetration Testing Application security Virtualization and container technologies (Docker, Kubernetes, OpenShift). API Security CI/CD assessment IS Related compliance and regulatory reportingJob Duties & responsibilitiesVulnerability Management:  Manage periodic internal and external VA scanning for the bank’s production systems. Analyze and report/present the vulnerabilities to multiple stakeholders for remediation and prioritization Maintain intelligence network to discover any reported exploits, zero day vulnerabilities and its applicability to Bank. Experience with tools such as Rapid7, Nessus, Metasploit, QualysGuard, etc.Security Testing & Application Security:  Manage annual security testing program for the existing and new production systems. Maintain tools and environment to support security testing, working with internal teams and consultants as required Collaboratively work with Application Development / Security Mavens and guide them to follow the Security gates set in the Organization’s SDL. Evaluate internal Technology Risk Processes as it relates to App Pentest, FOSS, Fortify SCA and provide process governance as well as though leadership concerning adjusting to future needs Liaison with customer relation and team responsible to address the external requests related to AppSec Coordinate Security Mavens training and manage monthly meetings Manage and update Key Performance Indicators (KPI’s) for the Application Security Assurance Program Coordinate with team members and TRM policy management to ensure control standards and policies are up to date Manage the application security threat modeling process and coordinate application threat models against the Organization’s applications Liaison with various internal teams (Application Development, IT Architecture, Corp. Procurement Services, Source Code Management, IT Asset Management) for Application security initiatives and automation efforts). Manage new projects and initiatives related to application security as needs arise Evangelize application security within the firm and work with Application Development Security Mavens to incorporate new program direction into applications Coordinate with ASAP team members to track internal audit and regulatory assessments and address requests related to the Application Pentest, SAST ,DAST and SCR (Source code review) Conduct presentations on application security topics for TRM and AD management Provides regular status updates on all assigned tasks and deliverables. Maintains issue logs, tracks/follows up on problems. Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behaviour.Requirements Overall 6+ years on experience in Information/Cyber Security Experience in vulnerability management and application security for 4+ years Experience in managing 5+ members team which may include vendor teams Candidate should have worked in BFSI (preferred)Education / Preferred Qualifications Graduation: BE IT/Computers/Electronics, B.Sc - Computers, M.Sc - Computers Post-Graduation: PGDIT, MCA, MBA Certification like CISSP, CISM, SANS, OSCP/OSCE and CREST (Prefered)Core Competencies Excellent analytical and decision-making skill sets Effective in Communication, documentation and report writing skills Ability to consult and validate solutions to mitigates risks to business and systemsTechnical Competencies VAPT - Rapid7, Nessus, Metasploit, QualysGuard, Burpsuite ,CI/CD tool etc. Technical working knowledge (WAF, HIDS, IPS, Firewall, Networking

This role will be focused on operating and improving Ford Motor Company Enterprise Vulnerability Management (EVM) efforts. Drive security vulnerability identification and assessment/rating, remediation requirements, secure computing practices, and application security (DAST, SAST, SCM). Daily monitoring of multiple information sources to process threat intelligence data regarding the release of security patches and mitigations of exploitable traits in software. Decision-making capability involving knowledge of software used in the Ford environment (in various active states), familiarity with exploitable traits and personal judgment in order to provide effective patch and mitigation evaluation. Provide cyber security consultation and direction to IT and business organizations. Coordinate cyber security requirements across business organizations and recognize common needs with potential for strategic solutions. Develop and keep up to date runbooks, Standard Operating Procedures, and collaboration tools. Develop and track metrics to measure and report performance. Basic Qualifications: Bachelor’s Degree (Computer Science or related) 3+ Years of relevant experience in Cyber Vulnerability Management roles Industry Certifications: Good to have relevant certifications like CEH, CompTIA Pentest+, CISSP, GIAC GEVA, GCIH, OSCP Required Skills The ability to collaborate with a globally located and diverse team of cybersecurity professionals working across organizational boundaries to protect Ford Motor Company. Strong written and verbal communication and organizational skills. Ability to work independently, follow a disciplined approach, and have an analytical mindset. Ability to work well in a small team and be flexible enough to work on any aspect of the team's needs. General understanding and awareness of vulnerability management processes, incident management procedures, and common exploit methods. Desired Skills General understanding of emerging technology areas a plus (cloud, social media, mobility, big data, connected vehicle) and their implications in regard to cybersecurity. Familiarity with SACM, eAssets, GRC, and EAMS and other Ford IT Asset management systems. Familiarity with analytics tools such as Qlik Sense/Dashboards is very desired. Knowledge of vulnerability scanning and penetration testing tools including QVM, Nessus, Qualys, Burp Suite and others. Programming skills including Python focused on scripting and automation. Requirement to work in shifts: 2-11:30 PM

Engineering at Innovaccer With every line of code, we accelerate our customers' success, turning complex challenges into innovative solutions. Collaboratively, we transform each data point we gather into valuable insights for our customers. Join us and be part of a team that's turning dreams of better healthcare into reality, one line of code at a time. Together, we’re shaping the future and making a meaningful impact on the world. About the Role We at Innovaccer are looking for an Security Engineer-II for SecOps who will be responsible to perform real time monitoring, analysis of the security events and administration of Security tools. This role will encompass the use of a broad range of security domains (Monitoring, Endpoint Security, Data Security, Cloud Security, VAPT). This role would be a great opportunity to learn and grow as you would be exposed to multiple security domains at single time. A Day in the Life Vulnerability Assessment & Penetration Testing. This role requires being available on call during weekends and off hours. Proficiency in Data Security will be preferred. Corporate IT Penetration testing like Wifi, Router, LAN, etc. Familiarization with AWS, Azure & GCP. Perform analysis of events generated by the DLP solution and follow defined process to escalate any potential incidents Triage, Investigate, document, and report on information security events. Partial Administration and Contribution to the configuration and maintenance of security solutions such as Antivirus, Data Leak Prevention, Host Intrusion Detection Systems (HIDS), Network Intrusion Detection Systems (NIDS), and Security Information and Event Management (SIEM). Integration of devices like Linux and Windows machines, Antivirus, Firewalls, IDS/IPS, Web Servers etc. Creation of Use Cases, dashboards based on the requirements. Supervising Continuity & Recovery activity with Cloud Engineering Team Exposure of Data Leak Prevention (DLP) Conduct security assessments on infrastructure and deliver reports detailing assessment observations and associated recommendations for information security program development to meet security and compliance standards. Governance of Cloud Infrastructure (AWS/Azure/GCP) Reviewing IAM roles and performing config audits on cloud infra. Work closely with DevOps, Engineering, Product departments to remediate security related issues and incidents Good to have proficiency in Scripting & Automation CEH, OSCP, OSCE, Security+ and other likewise security certifications is desirable What You Need Bachelor’s degree in Information Technology, Computer Science Engineering preferred Minimum 5 to 8 years of professional experience in Cybersecurity. Prior experience with core security technologies (Kali Linux, Network Security, Nessus). Strong understanding of TCP/IP Protocols, network analysis, security applications and devices, vulnerability management, and standard Internet protocols and applications. Proficient with OpenVAS, Nessus, nmap, etc. Experience in Cloud Security AWS Security Hub,, Azure Security Center. Familiar with Amazon AWS/Microsoft Azure services as an IaaS/PaaS containers (Dockers/Kubernetes). Reporting & incident management. Able to work independently, being a team player, ability to work well under pressure. Able to multi-task, prioritize, and manage time effectively. Collaborates effectively and communicates efficiently. Work in 24x7 environment. Proficient in opensource tools & technologies. Ready to take up more responsibilities along-with existing role. Here’s What We Offer Generous Leaves: Enjoy generous leave benefits of up to 40 days. Parental Leave: Leverage one of industry's best parental leave policies to spend time with your new addition. Sabbatical: Want to focus on skill development, pursue an academic career, or just take a break? We've got you covered. Health Insurance: We offer comprehensive health insurance to support you and your family, covering medical expenses related to illness, disease, or injury. Extending support to the family members who matter most. Care Program: Whether it’s a celebration or a time of need, we’ve got you covered with care vouchers to mark major life events. Through our Care Vouchers program, employees receive thoughtful gestures for significant personal milestones and moments of need. Financial Assistance: Life happens, and when it does, we’re here to help. Our financial assistance policy offers support through salary advances and personal loans for genuine personal needs, ensuring help is there when you need it most. Innovaccer is an equal-opportunity employer. We celebrate diversity, and we are committed to fostering an inclusive and diverse workplace where all employees, regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, marital status, or veteran status, feel valued and empowered. Disclaimer: Innovaccer does not charge fees or require payment from individuals or agencies for securing employment with us. We do not guarantee job spots or engage in any financial transactions related to employment. If you encounter any posts or requests asking for payment or personal information, we strongly advise you to report them immediately to our HR department at px@innovaccer.com. Additionally, please exercise caution and verify the authenticity of any requests before disclosing personal and confidential information, including bank account details. About Innovaccer Innovaccer activates the flow of healthcare data, empowering providers, payers, and government organizations to deliver intelligent and connected experiences that advance health outcomes. The Healthcare Intelligence Cloud equips every stakeholder in the patient journey to turn fragmented data into proactive, coordinated actions that elevate the quality of care and drive operational performance. Leading healthcare organizations like CommonSpirit Health, Atlantic Health, and Banner Health trust Innovaccer to integrate a system of intelligence into their existing infrastructure, extending the human touch in healthcare. For more information, visit www.innovaccer.com. Check us out on YouTube, Glassdoor, LinkedIn, Instagram, and the Web.

Date: Sep 1, 2025 Job Requisition Id: 62442 Location: Indore, MP, IN YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation. At YASH, we’re a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth – bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future. We are looking forward to hire Vulnerability Assessments Professionals in the following areas : Preferred Qualifications The team members shall prepare the assessment plans, test cases, and test scenarios to perform the penetration testing. Experience in web application, infrastructure and network Vulnerability Assessment & Penetration Testing. Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g.: Qualys, Nessus, Nexpose, Acunetix, Metasploit, Burp Suite Pro, Netsparker etc. Experience in using security frameworks such as Metasploit, Kali Linux, OSSTM etc. Experience and knowledge of Penetration testing of servers, and any assets (OS, infra & network). Experience and knowledge of Web Application Security standards such as OWASP/SANS etc. The Security Test Engineer should have the ability to stay organized and possess excellent communication skills. Experienced in preparing and presenting detailed penetration testing report. The security test engineer will be part of the audit team that shall conduct security audits for the clients to identify the gaps in terms of web security. Skills Conducting vulnerability scans and recognizing vulnerabilities in security systems assessing the robustness of security systems and designs Network analysis tools to identify vulnerabilities. Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit. Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable. Creation of vulnerability metric and remediation-related dashboards and reports. Understands and advises on enterprise policies and technical standards with specific regard to vulnerability assessment and penetration testing. Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities. Maintain awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis). Ability to fully understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs. Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies. Working Knowledge Cybersecurity principles Security source code review vulnerabilities Cyber threats and vulnerabilities System and application security threats and vulnerabilities General attack stages (e.g.: foot printing and scanning, enumeration, gaining access) Escalation or privileges, maintaining access, network exploitation, covering tracks) Ethical hacking principles and techniques; penetration testing principles, tools, and techniques. Use of penetration testing tools and techniques and social engineering techniques Ability to effectively prioritize and execute tasks in a high-pressure environment. Must be adaptable to changes in the work environment, comfortable with multiple competing demands and able to deal with frequent change, delays or unexpected events in a calm and logical manner. Minimum qualifications Bachelor's degree or equivalent practical experience. 8 years of relevant work experience within areas of penetration testing Previous experience with systems administration and/or programming. Mandatory certifications:Offensive Security Certified Professional (OSCP) At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale. Our Hyperlearning workplace is grounded upon four principles Flexible work arrangements, Free spirit, and emotional positivity Agile self-determination, trust, transparency, and open collaboration All Support needed for the realization of business goals, Stable employment with a great atmosphere and ethical corporate culture

We are looking for a motivated Information Security Engineer to support our growing cybersecurity team. This is an excellent opportunity for a recent graduate or early-career professional to gain hands-on experience across core security domains including monitoring, incident response, vulnerability management, and policy compliance. About Cimpress Led by founder and CEO Robert Keane, Cimpress invests in and helps build customer-focused, entrepreneurial mass customization businesses. Through the personalized physical (and digital) products these companies create,we empower over 17 million global customers to make an impression. Last year, Cimpress generated $3.5B in revenue through customized print products, signage, apparel, packaging and more. The Cimpress family includes a dynamic, international group of businesses and central teams, all working to solve problems, build businesses, innovate and improve. Business Unit: National Pen As a National Pen brand, Pens.com provides custom marketing solutions to 22 countries worldwide, fostering global connections between businesses and their customers. We specialize in personalized promotional products, including writing instruments, stationery, drinkware, bags, gifts, and trade show accessories. Our operations are supported by a network of 9 facilities across North America, Europe, Africa, and India. This global presence underscores our commitment to the timely delivery of our products and services to customers across the markets we serve. About The Role Key Responsibilities: Monitor security s and assist with incident triage and investigation. Support the configuration and use of SIEM, endpoint protection, and vulnerability scanning tools. Own and optimize SIEM, EDR, Microsoft defender for cloud and O365, CNAPP (Cloud native application protection platform)Cloud Security Tool, Cloud security IAM, and other security technologies. Assist in conducting periodic vulnerability assessments and patch validation. Help implement and enforce access control and authentication policies. Maintain security documentation, reports, and standard operating procedures (SOPs). Research and report on emerging threats, vulnerabilities, and best practices. Participate in security awareness initiatives and training sessions. Collaborate with DevOps and IT to embed security best practices across systems. Responding to and completing security requests from SOC, the lead security engineer, or security manager, with assistance from relevant technical teams as needed. Security event monitoring, data analysis and correlation, and escalation where appropriate, using security monitoring and management tools and their outputs. Vulnerability management data generation and analysis (running scans in Tenable, Crowdstrike, and analyzing outputs), and escalation to appropriate teams for remediation. Other duties as assigned. Required Skills & Qualifications Bachelor’s degree or Master degree in Computer Science or I.T, Cybersecurity, or a related field (or final year student). Basic understanding of security, networking, operating systems, cloud security (AWS/Azure/GCP) and information security principles. Familiarity with any of the following is a plus: SIEM tools (e.g., Splunk, Sentinel, Hunters) Vulnerability scanners (e.g., Nessus, Qualys, Orca) EDR(CrowdStrike, Cylance) Linux/Windows security IAM, PAM, and firewall solutions Microsoft Defender for cloud and O365 Orca Security: CNAPP Hands on experience in SOC (Security Operations Center) Strong communication and analytical skills. Eagerness to learn and grow in the field of cybersecurity. Certifications such as CompTIA Security+, Microsoft SC-900, CEH or similar are a plus. Preferred Attributes And Qualifications Willingness to learn and adapt in a fast-paced, evolving environment. Awareness of information security principles and ability to handle sensitive data responsibly. Clear and thoughtful communication, with attention to audience and context. Foundational knowledge or certifications in security, networking, or computing (e.g., CompTIA Security+, CCNA, or equivalent coursework). Up to 1–2 years of relevant experience or strong academic/internship background in security analysis or IT support. What You’ll Gain Real-world exposure to enterprise security tools and workflows. Mentorship from experienced InfoSec professionals. A clear career path to mid- and senior-level security engineering roles. Remote First-Culture In 2020, Cimpress adopted a Remote-First operating model and culture. We heard from our team members that having the freedom, autonomy and trust in each other to work from home and, the ability to operate when they are most productive, empowers everyone to be their best and most brilliant self. Cimpress also provides collaboration spaces for team members to work physically together when it's safe to do so or believe in office working will deliver the best results. Currently we are enabled to hire remote team members in over 20 US States as well as several countries in Europe: Spain, Germany, UK, Czech Republic, the Netherlands and Switzerland.