59 Nexpose Jobs

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Vulnerability Management Analyst with hands-on experience using Rapid7 InsightVM (Nexpose) to help manage, monitor, and improve our vulnerability management lifecycle. This role will be responsible for identifying, assessing, and coordinating remediation of security vulnerabilities across our systems, networks, and applicationsRoles & Responsibilities:-Operate and manage the Rapid7 InsightVM platform for continuous vulnerability scanning and reporting.-Perform regular vulnerability scans on endpoints, servers, cloud infrastructure, and network devices.-Analyze scan results, assess risk levels, and prioritize remediation efforts based on business impact and threat intelligence.-Develop and maintain dashboards and reports to track vulnerability metrics and remediation progress.-Work with the patch management team to ensure timely patching and system updates.-Conduct validation and retesting after remediation to ensure vulnerabilities are resolved.-Assist in vulnerability disclosure and response processes.-Provide input on improving scanning accuracy, asset inventory, and security configurations.-Stay current with emerging vulnerabilities, exploits, and security threats.Professional & Technical Skills: -Experience in vulnerability management or information security.-Hands-on experience with Rapid7 InsightVM or Nexpose is required.-Strong analytical, communication, and documentation skills.-Ability to interpret technical vulnerabilities and communicate their impact to non-technical stakeholders. Additional Information:- The candidate should have minimum 3 years of experience in Infrastructure Security Vulnerability Management Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Date: Sep 1, 2025 Job Requisition Id: 62442 Location: Indore, MP, IN YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation. At YASH, we’re a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth – bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future. We are looking forward to hire Vulnerability Assessments Professionals in the following areas : Preferred Qualifications The team members shall prepare the assessment plans, test cases, and test scenarios to perform the penetration testing. Experience in web application, infrastructure and network Vulnerability Assessment & Penetration Testing. Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g.: Qualys, Nessus, Nexpose, Acunetix, Metasploit, Burp Suite Pro, Netsparker etc. Experience in using security frameworks such as Metasploit, Kali Linux, OSSTM etc. Experience and knowledge of Penetration testing of servers, and any assets (OS, infra & network). Experience and knowledge of Web Application Security standards such as OWASP/SANS etc. The Security Test Engineer should have the ability to stay organized and possess excellent communication skills. Experienced in preparing and presenting detailed penetration testing report. The security test engineer will be part of the audit team that shall conduct security audits for the clients to identify the gaps in terms of web security. Skills Conducting vulnerability scans and recognizing vulnerabilities in security systems assessing the robustness of security systems and designs Network analysis tools to identify vulnerabilities. Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit. Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable. Creation of vulnerability metric and remediation-related dashboards and reports. Understands and advises on enterprise policies and technical standards with specific regard to vulnerability assessment and penetration testing. Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities. Maintain awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis). Ability to fully understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs. Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies. Working Knowledge Cybersecurity principles Security source code review vulnerabilities Cyber threats and vulnerabilities System and application security threats and vulnerabilities General attack stages (e.g.: foot printing and scanning, enumeration, gaining access) Escalation or privileges, maintaining access, network exploitation, covering tracks) Ethical hacking principles and techniques; penetration testing principles, tools, and techniques. Use of penetration testing tools and techniques and social engineering techniques Ability to effectively prioritize and execute tasks in a high-pressure environment. Must be adaptable to changes in the work environment, comfortable with multiple competing demands and able to deal with frequent change, delays or unexpected events in a calm and logical manner. Minimum qualifications Bachelor's degree or equivalent practical experience. 8 years of relevant work experience within areas of penetration testing Previous experience with systems administration and/or programming. Mandatory certifications:Offensive Security Certified Professional (OSCP) At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale. Our Hyperlearning workplace is grounded upon four principles Flexible work arrangements, Free spirit, and emotional positivity Agile self-determination, trust, transparency, and open collaboration All Support needed for the realization of business goals, Stable employment with a great atmosphere and ethical corporate culture

We use cookies to offer you the best possible website experience. Your cookie preferences will be stored in your browser’s local storage. This includes cookies necessary for the website's operation. Additionally, you can freely decide and change any time whether you accept cookies or choose to opt out of cookies to improve website's performance, as well as cookies used to display content tailored to your interests. Your experience of the site and the services we are able to offer may be impacted if you do not accept all cookies. Press Tab to Move to Skip to Content Link Skip to main content Home Page Home Page Life At YASH Core Values Careers Business Consulting Jobs Digital Jobs ERP IT Infrastructure Jobs Sales & Marketing Jobs Software Development Jobs Solution Architects Jobs Join Our Talent Community Social Media LinkedIn Twitter Instagram Facebook Search by Keyword Search by Location Home Page Home Page Life At YASH Core Values Careers Business Consulting Jobs Digital Jobs ERP IT Infrastructure Jobs Sales & Marketing Jobs Software Development Jobs Solution Architects Jobs Join Our Talent Community Social Media LinkedIn Twitter Instagram Facebook View Profile Employee Login Search by Keyword Search by Location Show More Options Loading... Requisition ID All Skills All Select How Often (in Days) To Receive An Alert: Create Alert Select How Often (in Days) To Receive An Alert: Apply now » Apply Now Start apply with LinkedIn Please wait... Associate Consultant - Vulnerability Assessments Job Date: Sep 1, 2025 Job Requisition Id: 62442 Location: Hyderabad, TG, IN Pune, IN Indore, MP, IN, 452001 YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation. At YASH, we’re a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth – bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future. We are looking forward to hire Vulnerability Assessments Professionals in the following areas : Preferred Qualifications The team members shall prepare the assessment plans, test cases, and test scenarios to perform the penetration testing. Experience in web application, infrastructure and network Vulnerability Assessment & Penetration Testing. Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g.: Qualys, Nessus, Nexpose, Acunetix, Metasploit, Burp Suite Pro, Netsparker etc. Experience in using security frameworks such as Metasploit, Kali Linux, OSSTM etc. Experience and knowledge of Penetration testing of servers, and any assets (OS, infra & network). Experience and knowledge of Web Application Security standards such as OWASP/SANS etc. The Security Test Engineer should have the ability to stay organized and possess excellent communication skills. Experienced in preparing and presenting detailed penetration testing report. The security test engineer will be part of the audit team that shall conduct security audits for the clients to identify the gaps in terms of web security. Skills Conducting vulnerability scans and recognizing vulnerabilities in security systems assessing the robustness of security systems and designs Network analysis tools to identify vulnerabilities. Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit. Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable. Creation of vulnerability metric and remediation-related dashboards and reports. Understands and advises on enterprise policies and technical standards with specific regard to vulnerability assessment and penetration testing. Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities. Maintain awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis). Ability to fully understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs. Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies. Working Knowledge Cybersecurity principles Security source code review vulnerabilities Cyber threats and vulnerabilities System and application security threats and vulnerabilities General attack stages (e.g.: foot printing and scanning, enumeration, gaining access) Escalation or privileges, maintaining access, network exploitation, covering tracks) Ethical hacking principles and techniques; penetration testing principles, tools, and techniques. Use of penetration testing tools and techniques and social engineering techniques Ability to effectively prioritize and execute tasks in a high-pressure environment. Must be adaptable to changes in the work environment, comfortable with multiple competing demands and able to deal with frequent change, delays or unexpected events in a calm and logical manner. Minimum Qualifications Bachelor's degree or equivalent practical experience. 8 years of relevant work experience within areas of penetration testing Previous experience with systems administration and/or programming. Mandatory certifications:Offensive Security Certified Professional (OSCP) At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale. Our Hyperlearning workplace is grounded upon four principles Flexible work arrangements, Free spirit, and emotional positivity Agile self-determination, trust, transparency, and open collaboration All Support needed for the realization of business goals, Stable employment with a great atmosphere and ethical corporate culture Apply now » Apply Now Start apply with LinkedIn Please wait... Find Similar Jobs: Careers Home View All Jobs Top Jobs Quick Links Blogs Events Webinars Media Contact Contact Us Copyright © 2020. YASH Technologies. All Rights Reserved.

YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation. At YASH, we’re a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth – bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future. We are looking forward to hire Vulnerability Assessments Professionals in the following areas : Preferred Qualifications The team members shall prepare the assessment plans, test cases, and test scenarios to perform the penetration testing. Experience in web application, infrastructure and network Vulnerability Assessment & Penetration Testing. Experience in Vulnerability Assessment and Penetration testing using industry standard tools such as Vulnerability Scanners for e.g.: Qualys, Nessus, Nexpose, Acunetix, Metasploit, Burp Suite Pro, Netsparker etc. Experience in using security frameworks such as Metasploit, Kali Linux, OSSTM etc. Experience and knowledge of Penetration testing of servers, and any assets (OS, infra & network). Experience and knowledge of Web Application Security standards such as OWASP/SANS etc. The Security Test Engineer should have the ability to stay organized and possess excellent communication skills. Experienced in preparing and presenting detailed penetration testing report. The security test engineer will be part of the audit team that shall conduct security audits for the clients to identify the gaps in terms of web security. Skills Conducting vulnerability scans and recognizing vulnerabilities in security systems assessing the robustness of security systems and designs Network analysis tools to identify vulnerabilities. Maintain awareness of vulnerability information, complexity to exploit, and exploit availability or feasibility to create an exploit. Identify and recommend appropriate measures to manage and remediate vulnerabilities with the focus on reducing potential impacts on information resources to a level acceptable. Creation of vulnerability metric and remediation-related dashboards and reports. Understands and advises on enterprise policies and technical standards with specific regard to vulnerability assessment and penetration testing. Liaise with stakeholders to understand, prioritize, and coordinate vulnerability remediation activities. Maintain awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis). Ability to fully understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs. Engage cross-divisional teams and oversee the implementation of security recommendations by leveraging appropriate communication methods, tracking remediation of identified risks, mitigation strategies, plan activities and dependencies. Working Knowledge Cybersecurity principles Security source code review vulnerabilities Cyber threats and vulnerabilities System and application security threats and vulnerabilities General attack stages (e.g.: foot printing and scanning, enumeration, gaining access) Escalation or privileges, maintaining access, network exploitation, covering tracks) Ethical hacking principles and techniques; penetration testing principles, tools, and techniques. Use of penetration testing tools and techniques and social engineering techniques Ability to effectively prioritize and execute tasks in a high-pressure environment. Must be adaptable to changes in the work environment, comfortable with multiple competing demands and able to deal with frequent change, delays or unexpected events in a calm and logical manner. Minimum Qualifications Bachelor's degree or equivalent practical experience. 8 years of relevant work experience within areas of penetration testing Previous experience with systems administration and/or programming. Mandatory certifications:Offensive Security Certified Professional (OSCP) At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale. Our Hyperlearning workplace is grounded upon four principles Flexible work arrangements, Free spirit, and emotional positivity Agile self-determination, trust, transparency, and open collaboration All Support needed for the realization of business goals, Stable employment with a great atmosphere and ethical corporate culture

Skills: Web, Mobile, Network & Cloud Security Assessments, Vulnerability Assessment, Pen Testing, Threat Modelling, OWASP Top 10, ASVS, Source Code Reviews. Tools: Burp Suite, Kali Linux, Metasploit, NMAP, Nessus, Nexpose, Wireshark, sqlmap. Languages: Java, Python, Golang. Threat Detection and Analysis: Monitor network traffic, system logs, and security alerts to detect and analyze potential security threats, such as malware, intrusions, and unauthorized access.Incident Response: Develop and execute incident response plans to address and mitigate security incidents and breaches.Vulnerability Assessment: Identify vulnerabilities in software, hardware, and network configurations, and recommend patches and security updates.Security Monitoring: Continuously monitor and analyze security events, assess system vulnerabilities, and recommend security enhancements.Security Policies and Procedures: Develop and enforce security policies, standards, and procedures to ensure a consistent and secure computing environment.Access Control: Implement and manage access control systems, including user authentication, authorization, and password policies.Security Tools: Utilize a range of security tools, such as intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, antivirus software, and data encryption.

As a part of the Information Security operation team, you will be responsible for delivering crucial management and reporting services across various Information Security platforms. This role entails tasks such as configuration, creating tools (scripts, procedures, and templates), defining reports, and recommending best practices and procedures to enhance the overall security posture. Your responsibilities will also include actively engaging in security operational activities, developing procedures, methods, reports, and scripts to streamline the monitoring and measurement of enterprise-wide IT Security Solutions. Proactively identifying and addressing potential security risks and incidents, configuring and monitoring security infrastructure, conducting vulnerability scanning and reporting, monitoring various log sources to detect risks and issues, creating event log dashboards, reports, and alerts, and contributing to the enhancement of the overall IT security architecture. In addition, you should possess hands-on knowledge and proficiency with tools such as Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp, Paros Proxy, Nessus, Nexpose, Wireshark, SQLMap, among others. This position requires a minimum of 2 years of experience and a strong background in Information Security. Preferred certifications include CEH, CHFI, ECSA, LPT, OSCP, OSCE, OSEE, and OSWE. Your expertise and active involvement will play a pivotal role in maintaining a robust and secure IT environment.,

Position Purpose Business Analyst for implementing GRC IT solutions in ServiceNow. Must have experience in implementing GRC solutions. Responsibilities D irect Responsibilities Lead the business requirements gathering process Collect and analyze requirements Animate workshops and meeting, write meeting minutes, follow up actions Prepare related documentation (functional design specifications, RACI, standard operating procedures, business workflow, user manuals etc.) Write User Stories, explain User Stories to developers Create training materials and conduct training sessions Follow up the development lifecycle steps requirements formalization, development testing, UAT coordination with stakeholders, transition to production organization, write release notes Assist users in user acceptance test (test scenarios, non-regression tests) Create and maintain the project planning, identify risks and handle it Ensure the post-implementation monitoring Provide regular project updates (meeting minutes, follow-up on action plan) Ensure proper escalation whenever required Contributing Responsibilities Manage assigned projects Ensure quality of service delivered by products Contribute to investigate user issues reported Technical & Behavioral Competencies Experience in Vulnerability Management processes and tools (Qualys, Rapid7, Tenable, Fortify, Sonarcube, Tanium, Nessus, Nexpose) Knowledge in any of the topics like IT Risk, SOX, Compliance, Control Plans, Action Plans, IT Continuity, Audit, ERM, ORM, Third Party Management Strong process analysis, mapping and design Practical experience of delivering change in IT environments Experience in project management and business analysis Excellent knowledge of the IT Project life cycle Proven track record of successful change management delivery within global banking industry or large organizations is a plus Knowledge and experience on GRC solutions (ServiceNow, Archer, GRC Enablon, eFront, Nasdaq Bwise) Knowledge on Agile methodologies

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Main Scope Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives. Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development/Production/CSIRT/Production Security teams. The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator. Responsibilities Direct Responsibilities WM IT Risk and Security Manager o Manage the WM IT Risk and Security local team in India by managing the recruitment, performances review as well as training and career-path development. o Coordinate with APAC WM security actors, including India-based resources. o Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture o Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process. o Periodic reporting of security status to WM CISO APAC and WM Global CISO o Contribute to the IT Risk and Cybersecurity Governance including procedural framework, Cybersecurity awareness and communication. o Ensure the regular reporting for management follow-up IT Security Compliance (delegation on WM APAC scope) o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets. o Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes. o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements o Ensure the compliance with the Third-party Technology risks and Cloud security. o Identify the process gaps and provide solutions. Application Security o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. o Identify and implement the latest security standards for internet facing and internal assets. o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing SAST, Dynamic Acceptance Security Testing DAST and Software Composition Analysis SCA). Perform Security risk assessments and reviews to be presented to respective committees. Ensure the adequate security level for all WM GAIM applications, whatever the IT project managers location and hosting provider. Production Security Oversight (delegation on WM APAC scope) o Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance. o Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress. o Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders. Contribute to the management of Cybersecurity incidents. CyberSecurity Program (delegation on WM APAC scope) o Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program. Contributing Responsibilities Coordination with IT Security actors o Reporting line to the WM GAIM Global CISO : alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard) o Coordination and control of security activities performed by APAC CIB Business Information Security and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope. o Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production. o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group. Technical & Behavioral Competencies Cybersecurity / Technical Value-added Competencies Cybersecurity Governance : framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM ELK products) DevSecOps : CI/CD toolchain knowledge of various tools o Source code management: sonarQuabe, bibucket, github/gitlab o Security application scanning (e.g. Sonatype/NexusIQ, Fortify, AppSpider, Qualys, DTR scan) o Automation/orchestration: Ansible tower, Jenkins Application Security: Threat modeling, Security architecture key concepts, exposure to various development framework and applicative landscape (Java/Web, Mobile applications, containerization/docker, kubernetes, API management, Cloud security) Vulnerability Management o Nexpose, Nessus Ethical Hacking Knowledge o Kali Linux knowledge (metasploit, nmap) Specific Qualifications (if required) Qualifications and Experience 10 years' experience in information security evaluation and design of technical architectures Functional as well as technical knowledge of the applications used within BNP Paribas Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies Team management experience is a must Preferred Master level in Computer science and Information Security Skills Referential Behavioural Skills : Communication skills - oral & written Ability to collaborate / Teamwork Decision Making Ability to deliver / Results driven Transversal Skills: Ability to set up relevant performance indicators Ability to develop and adapt a process Ability to manage a project Ability to develop others & improve their skills Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Master Degree or equivalent Experience Level At least 10 years Other/Specific Qualifications (if required) Other Value-added Competencies Advanced IT security certifications may be advantageous (such as CISM, CCSP, CSK, CEH, CISSP). Operational Risk and Permanent Control Data Analytics solutions (Tableau, PowerBI) and strong expertise in Dashboard/reporting

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology, and management consulting, tax, and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. USI is a member of RSM International, the sixth largest global network of independent accounting, tax, and consulting firms. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Risk Consulting helps clients across various industries by addressing the increasingly complex strategic, operational, compliance, and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Third-party risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence. Qualification and Minimum Entry Requirements Bachelor or Master degree in computer science with a minimum of 10 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Good knowledge of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST , aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing. Technical Requirements Web application penetration testing experience - familiarity with Burp, OWASP Top 10, etc Ability to recognize and validate significant findings past initial scanning/recon Web Services penetration testing (RESTful, CURL and SOAP) API penetration testing experience Conducts periodic scans of networks to find and detect vulnerabilities Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing) Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools Expert knowledge of tools used for wireless, web application, and network security testing Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment Nice to have: Mobile application penetration testing experience Nice to have: Cloud penetration testing experience (AWS and Azure) Soft Skills Requirement Ability to work independently under minimal supervision and within a team. Manage project tasks and deadlines within a multi-time zone remote culture. 5-10 years of customer-facing consulting experience Ability to communicate complex vulnerability results and demonstrate proof of concepts for diverse audiences. 5+ years of experience managing a diverse team of technical testers Proven experience improving technical quality of the team Report regularly to management on improvements and team challenges 7-10 years of experience working in a global environment with multiple time zones and adjusting to client needs in other countries Ability to train others and improve technical skills of a team At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology, and management consulting, tax, and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. USI is a member of RSM International, the sixth largest global network of independent accounting, tax, and consulting firms. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Risk Consulting helps clients across various industries by addressing the increasingly complex strategic, operational, compliance, and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Third-party risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence. Qualification and Minimum Entry Requirements Bachelor or Master degree in computer science with a minimum of 10 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Good knowledge of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST , aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing. Technical Requirements Web application penetration testing experience - familiarity with Burp, OWASP Top 10, etc Ability to recognize and validate significant findings past initial scanning/recon Web Services penetration testing (RESTful, CURL and SOAP) API penetration testing experience Conducts periodic scans of networks to find and detect vulnerabilities Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing) Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools Expert knowledge of tools used for wireless, web application, and network security testing Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment Nice to have: Mobile application penetration testing experience Nice to have: Cloud penetration testing experience (AWS and Azure) Soft Skills Requirement Ability to work independently under minimal supervision and within a team. Manage project tasks and deadlines within a multi-time zone remote culture. 5-10 years of customer-facing consulting experience Ability to communicate complex vulnerability results and demonstrate proof of concepts for diverse audiences. 5+ years of experience managing a diverse team of technical testers Proven experience improving technical quality of the team Report regularly to management on improvements and team challenges 7-10 years of experience working in a global environment with multiple time zones and adjusting to client needs in other countries Ability to train others and improve technical skills of a team At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. The RSM USI supports RSM U.S. risk consulting, transaction advisory, technical accounting, financial consulting, technology, and management consulting, tax, and assurance engagement teams by providing access to highly skilled professionals for repeatable business processes over an extended business day. USI is a member of RSM International, the sixth largest global network of independent accounting, tax, and consulting firms. RSM’s vision is to be the first-choice advisor to middle market leaders globally. You will work directly with clients, key decision makers and business owners across various industries and geographies to deliver a top-quality client experience. RSM is a diverse and inclusive place where you will work as part of a team while being valued as an individual, mentored as a future leader, and recognized for your accomplishments. Risk Consulting helps clients across various industries by addressing the increasingly complex strategic, operational, compliance, and governance challenges faced by those responsible for managing or overseeing dynamic businesses. Risk Consulting major offerings includes AML & Regulatory Compliance; ERP Advisory; Automation and Analytics; Enterprise Risk Management; Internal Audit; SOX Advisory; Contract Compliance; Credit Reviews; Information & Technology Audits; Cybersecurity risk management; Third-party risk management; IT due diligence; SOC1 / SOC2; Security and Privacy Risk; Governance Risk and Compliance; PCI; Cyber Transformation; Manage Security Services; Secure Architecture Solutions; Cyber Testing; Digital Forensics and Incident Response; and Cyber Threat Intelligence. Qualification And Minimum Entry Requirements Bachelor or Master degree in computer science with a minimum of 10 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Good knowledge of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing. Technical Requirements Web application penetration testing experience - familiarity with Burp, OWASP Top 10, etc Ability to recognize and validate significant findings past initial scanning/recon Web Services penetration testing (RESTful, CURL and SOAP) API penetration testing experience Conducts periodic scans of networks to find and detect vulnerabilities Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing) Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools Expert knowledge of tools used for wireless, web application, and network security testing Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment Nice to have: Mobile application penetration testing experience Nice to have: Cloud penetration testing experience (AWS and Azure) Soft Skills Requirement Ability to work independently under minimal supervision and within a team. Manage project tasks and deadlines within a multi-time zone remote culture. 5-10 years of customer-facing consulting experience Ability to communicate complex vulnerability results and demonstrate proof of concepts for diverse audiences. 5+ years of experience managing a diverse team of technical testers Proven experience improving technical quality of the team Report regularly to management on improvements and team challenges 7-10 years of experience working in a global environment with multiple time zones and adjusting to client needs in other countries Ability to train others and improve technical skills of a team At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

This position is posted by Jobgether on behalf of SUTHERLAND GLOBAL COLLECTION SERVICES LLC. We are currently looking for a Lead-Infrastructure in India. This role offers the opportunity to lead and enhance an organization's IT infrastructure, focusing on security, vulnerability management, and system optimization. The Lead-Infrastructure professional will be responsible for assessing risks, implementing remediation strategies, and ensuring compliance with industry standards. You will work across multiple platforms, including Linux and Windows systems, and guide teams in applying security best practices. This position is ideal for someone who thrives in a fast-paced, technology-driven environment, enjoys solving complex IT challenges, and is committed to continuous improvement. You will play a critical role in protecting and enhancing organizational technology, driving operational excellence, and enabling secure business growth. Accountabilities Review and interpret vulnerability assessment reports from tools such as Nessus, Qualys, OpenVAS, Nexpose, or Rapid7 Prioritize vulnerabilities using risk assessment frameworks like CVSS and coordinate remediation efforts Implement security best practices, including system hardening, access control management, and patching Apply cybersecurity frameworks such as NIST, CIS Controls, ISO/IEC 27001, and ITIL to guide security initiatives Manage patch deployment processes for applications, operating systems, and network devices Utilize scripting languages (Python, PowerShell, Bash) to automate repetitive tasks such as patching and vulnerability remediation Provide technical guidance across Linux, Windows, and other IT platforms to mitigate vulnerabilities effectively Mentor and collaborate with team members, ensuring continuous skill development and adherence to security standards Requirements Minimum 2 years of experience in infrastructure management or vulnerability remediation Bachelor's degree or equivalent experience in IT, cybersecurity, or related fields Hands-on experience with deployment tools such as Group Policies, Microsoft Intune, and Microsoft Endpoint Configuration Manager (MECM) Knowledge of compliance and regulatory frameworks relevant to IT security Strong understanding of cybersecurity principles, patch management, and system hardening Proficiency in scripting for task automation and vulnerability management Excellent analytical, problem-solving, and communication skills Flexibility to work across different shifts and locations if required High standards of integrity and commitment to continuous improvement Benefits Fully remote or flexible work arrangements depending on team needs Exposure to advanced cybersecurity tools, frameworks, and best practices Opportunity to work on diverse IT platforms and systems Professional development and mentoring opportunities to grow technical expertise Participation in critical infrastructure and security projects impacting organizational operations Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching. When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly. 🔍 Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience, and achievements. 📊 It compares your profile to the job's core requirements and past success factors to determine your match score. 🎯 Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role. 🧠 When necessary, our human team may perform an additional manual review to ensure no strong profile is missed. The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role. Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are then made by their internal hiring team. Thank you for your interest!

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST , aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills to Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm’s service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST , aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills to Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm’s service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills To Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm’s service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

LogiNext is looking for a Principal Engineer - Security to join our team! As a Principal Engineer - Security, you’ll lead the effort to design, implement, operate, support, and maintain the security infrastructure and supporting tools that are necessary to protect internal and external assets on networks that support our corporate infrastructure and applications. You’ll be the SME and primary technical resource for projects, and you’ll facilitate outstanding documentation of the architecture, configurations, processes, maintenance procedures, and service desk support functions. The well qualified candidate will possess the ability to integrate at a high level the knowledge of several areas including network security, IAM, DevSecOps, continuous monitoring, enterprise desktop security, zero-trust architecture principles, security incident remediation, red/blue team exercises, securing multi-cloud and private cloud environments, and more. As we embrace separation of duties, this role will be a critical check and balance that reviews changes in the environment developed by other cybersecurity teams and thereby ensures changes are appropriate and don’t introduce additional risk/liability. This is an extremely unique opportunity and allows an excellent engineer to build the most efficient processes, workflows, and methodologies for implementing, monitoring, managing, and maintaining the most critical components of the entire organization. The engineer chosen for this position should adapt quickly and manage constant change effectively. Responsibilities: Design, implement, and lead the build-out of security infrastructure and tools Function as the SME for security related infrastructure, architecture, and operations Take functional ownership of all security related architecture and design following standards set forth by the enterprise cybersecurity teams Ensure the quality and accuracy of implementations, upgrades, configuration changes, and break/fix activities Assist the Enterprise Cybersecurity teams with hardening initiatives which include monitoring for baseline configuration compliance across all pertinent systems and tools Identify and make recommendations citing strong evidence for material changes in policies, standards, established architecture, and best practices where necessary to further enhance security posture Work closely with application development teams to ensure a successful implementation of DevSecOps complete with automated testing using tools and processes you will create Requirements: Bachelor’s degree in Computer Science, Engineering, Cyber Security, or a directly related field. Education requirements may be replaced with previous related work experience and cyber security certifications (CISSP, CISM, CEH, Azure Security Engineer, etc.) 4 to 14 years working in the Cyber Security At least one professional level technical certification such as CCNP – Security, GIAC certifications, or another industry-recognized security-related certification Experience in SOC II, ISO and VAPT required 3+ years acting as the SME, architect, or principal engineer on large-scale security infrastructure projects Design and implementation experience with tools such as BigFix, InTune, Imperva, Snort, Nessus/Nexpose, and others that are similar Experience designing and implementing Enterprise wide -authentication and identity solutions Experience with Azure AD/Active Directory Single Sign-On (SSO), Multi-Factor Authentication (MFA), Application Registration, Identity Federation, Automation Experience with automation using PowerShell, Python, Bash, etc… Excellent troubleshooting and root cause diagnosis skills Strong writing and communication skills Strong leadership experience and team management skills. Experience creating and maintain accurate and detailed guidelines and procedures Experience with Agile Scrum Methodology and Azure DevOps

Job Applicant Privacy Notice CyberArk, Security Cloud Consultant Publication Date: Jul 16, 2025 Ref. No: 534401 Location: Chennai, IN Role of Wealth Management Operational Security Engineer, being understood this role includes delegations from APAC WM CISO. The incumbent will be responsible for managing and implementing technical access controls, privilege access management, data leakage prevention and other related technologies to ensure the confidentiality, integrity, and availability of our organization’s data and systems. Responsibilities Direct Responsibilities: ü Technical Access Management / Privilege Access Management o Manage and maintain technical/privilege access controls for production and development environments o Ensure compliance with organizational technical access control security policies and procedures o Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance o Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation o Review technical access segregation between production and development environments with respective support teams ü Data Leakage Prevention (DLP) o Create, management and maintain DLP policies to detect and prevent data leaks o Deploy and maintain DLP infrastructure o Collaborate with IT teams to investigate and respond to data leak incidents ü Identity and Access Management (IAM) o Collaborate with IT teams to deploy and maintain data encryption solutions o IAM team to ensure seamless integration with technical access management solutions o Ensure compliance with organizational IAM policies and procedures ü Data Encryption Deployment & Monitoring o Collaborate with IT teams to deploy and maintain data encryption solutions o Ensure compliance with organizational data encryption policies and procedures ü Unstructured & Structured Data Discovery & Activity Monitoring o Collaborate with IT teams to: § Deploy and maintain unstructured & structured data discovery and activity monitoring solution § Identify and classify sensitive data § Monitor and analyse restricted and sensitive database activities § Remediate any non-compliant finding reported ü Infrastructure Vulnerability Management o Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. o Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers o Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. o Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. o Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. o Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. ü Application Security o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. o Identify and implement the latest security standards for internet facing and internal assets o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). o Perform Security risk assessments and reviews to be presented to respective committees o Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider ü Cybersecurity o Ensure the protection of WM business data with an adequate security level of WM assets based on review processes o Ensure the coordination with other IT security or other actors in the region or globally o Assist for a Risk Treatment for any APAC WM issue, based on the processes o Identify the IT security risks in advance, record and follow-up them o Define and contribute to processes from cybersecurity perspective o Periodic reporting of security status to IT Security Domain Head o Ensure the regular reporting for management follow-up o Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. o Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. ü Production Security o Ensure the effectiveness and success of vulnerability management process o Ensure the compliance level of the production environment and integrate to reporting ü IT Security Compliance (delegation on WM APAC scope) o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) o Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements o Ensure the compliance with the Third-party Technology risks and the Cloud security o Identify the process gaps and provide solutions ü Coordination with IT Security actors o Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) o Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. o Coordination with the global security teams concerning integration of WM assets within production sites o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like youThen it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development - Stay updated on the latest security trends, vulnerabilities, and technology advancements. - Provide training and guidance to the team and other departments on security best practices. Strategy and Planning - Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. - Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: - Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) - Internal/external network penetration, privilege escalation, and lateral movement - Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) - Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels - Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing - Working knowledge of Kali Linux and frameworks like MITRE ATT&CK - Basic understanding of AI/ML securityadversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: - OffensiveBurp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver - ReconnaissanceNmap, Amass, Shodan, OSINT frameworks/tools - Vulnerability ScannersNessus, Qualys, Nexpose Programming/Scripting: - Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills - Excellent written and verbal communication skills - Strong analytical and problem-solving capabilities - Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): - Highly DesirableOSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE - Other ConsideredEWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at

Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives. Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production / CSIRT / Production Security teams. The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator. WM IT Risk and Security Manager o Manage the WM IT Risk and Security local team in India by managing the recruitment, performances review as well as training and career-path development. o Coordinate with APAC WM security actors, including India-based resources. o Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture o Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process. o Periodic reporting of security status to WM CISO APAC and WM Global CISO o Contribute to the IT Risk and Cybersecurity Governance including procedural framework, Cybersecurity awareness and communication. o Ensure the regular reporting for management follow-up IT Security Compliance (delegation on WM APAC scope) o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets. o Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes. o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements o Ensure the compliance with the Third-party Technology risks and Cloud security. o Identify the process gaps and provide solutions. Application Security o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. o Identify and implement the latest security standards for internet facing and internal assets. o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing SAST, Dynamic Acceptance Security Testing DAST and Software Composition Analysis SCA). Perform Security risk assessments and reviews to be presented to respective committees. Ensure the adequate security level for all WM GAIM applications, whatever the IT project managers location and hosting provider. Production Security Oversight (delegation on WM APAC scope) o Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance. o Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress. o Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders. Contribute to the management of Cybersecurity incidents. CyberSecurity Program (delegation on WM APAC scope) o Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program. Contributing Responsibilities Coordination with IT Security actors o Reporting line to the WM GAIM Global CISO : alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard) o Coordination and control of security activities performed by APAC CIB Business Information Security and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope. o Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production. o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group. Technical & Behavioral Competencies Cybersecurity / Technical Value-added Competencies Cybersecurity Governance : framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM ELK products) DevSecOps : CI/CD toolchain knowledge of various tools o Source code management: sonarQuabe, bibucket, github/gitlab o Security application scanning (e.g. Sonatype/NexusIQ, Fortify, AppSpider, Qualys, DTR scan) o Automation/orchestration: Ansible tower, Jenkins Application Security: Threat modeling, Security architecture key concepts, exposure to various development framework and applicative landscape (Java/Web, Mobile applications, containerization/docker, kubernetes, API management, Cloud security) Vulnerability Management o Nexpose, Nessus Ethical Hacking Knowledge o Kali Linux knowledge (metasploit, nmap) Specific Qualifications (if required) Qualifications and Experience 10 years' experience in information security evaluation and design of technical architectures Functional as well as technical knowledge of the applications used within BNP Paribas Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies Team management experience is a must Preferred Master level in Computer science and Information Security Skills Referential Behavioural Skills : Communication skills - oral & written Ability to collaborate / Teamwork Decision Making Ability to deliver / Results driven Transversal Skills: Ability to set up relevant performance indicators Ability to develop and adapt a process Ability to manage a project Ability to develop others & improve their skills Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Master Degree or equivalent

Position Description Direct Responsibilities Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Position Description 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Technical Access Management / Privilege Access Management Manage and maintain technical/privilege access controls for production and development environments Ensure compliance with organizational technical access control security policies and procedures Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation Review technical access segregation between production and development environments with respective support teams Data Leakage Prevention (DLP) Create, management and maintain DLP policies to detect and prevent data leaks Deploy and maintain DLP infrastructure Collaborate with IT teams to investigate and respond to data leak incidents Identity and Access Management (IAM) Collaborate with IT teams to deploy and maintain data encryption solutions IAM team to ensure seamless integration with technical access management solutions Ensure compliance with organizational IAM policies and procedures Data Encryption Deployment & Monitoring Collaborate with IT teams to deploy and maintain data encryption solutions Ensure compliance with organizational data encryption policies and procedures Unstructured & Structured Data Discovery & Activity Monitoring Collaborate with IT teams to: Deploy and maintain unstructured & structured data discovery and activity monitoring solution Identify and classify sensitive data Monitor and analyse restricted and sensitive database activities Remediate any non-compliant finding reported Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Position Description 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Cloud Container & Image Security Implement secure containerization strategies using tools like Docker, Kubernetes, and container orchestration platforms. Ensure container images are secure, up-to-date, and compliant with organizational security policies. Ensure cloud resources are properly configured, monitored, and secured in accordance with organizational security policies. Design and implement secure cloud image management strategies to ensure images are secure, up to date, and compliant with organizational security policies. Network Security Design and implement secure network architecture to protect cloud resources from unauthorized access. Ensure network traffic is properly monitored filtered and secured in accordance with organizational security policies. System Security Design and implement secure system configurations to protect cloud resources from unauthorized access. Ensure systems are properly patched, monitored and secured in accordance with organizational security policies. Threat Analysis and Risk Management Conduct regular threat analysis and risk assessment to identify potential security risks. Develop and implement risk mitigation strategies to ensure the security and integrity of cloud resources. Compliance and Governance Ensure cloud security controls are compliant with relevant regulatory requirements, such as HIPAA, PCI-DSS and GDPR. Develop and maintain cloud security policies, procedures and standards. Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Position Description Company Profile: At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve. At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients - and for our members. Come grow with us. Learn more at www.cgi.com. This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans. We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted. No unsolicited agency referrals please. Job Title: IT Security Professional Position: Systems Engineer/ Senior Systems Engineer Experience:2 - 6 Years Category: Software Development/ Engineering Main location: Mumbai Position ID: J0525-1868 Employment Type: Full Time Job Description : Direct Responsibilities Work on the remediation titles to be actionable – good understanding of vulnerabilities Provide data cleaning rules where needed – need understanding of Databases and Scripting Coordinate with Global counterparts Automatize reporting in GCSD – experience in scripting. Work closely with regional production security teams to transition scanning & reporting activities Document SOP for operational teams (tools maintenance and IVM activities) Contributing Responsibilities Contribute to the Permanent Control framework for implementation of policies and procedures in day-to-day business activities, such as Control Plan Contribute to Internal Audit response activities. Comply with regulatory requirements and internal guidelines. Contribute to improvement of tools used by Production Security to follow-up on the Security Incidents Must Have: OWASP methodologies application is a mandatory. 2 – 4-year experience in IT Security minimum University degree, preferably in Computer Science with spec. in IT Security Experience working in an international and complex financial environment, dealing with both business constraints and IT users across countries. Good knowledge of Security scanning tools like Qualys, Nexpose, Appspider is highly appreciated along with good understanding of Kubernetes. Experience in a multi-cultural environment is appreciated. CEH or Any Security certifications are appreciated. Good To Have: Experience in Development languages and scripting is appreciated. Note: This job description is a general outline of the responsibilities and qualifications typically associated with the Virtualization Specialist role. Actual duties and qualifications may vary based on the specific needs of the organization. CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs. Your future duties and responsibilities Required Skills & Qualifications: Business skills: Architecture (Mastered) Knowledge of Data (Mastered) Computer tests (Expert) IT infrastructure (Expert) Transversal skills: Analytical capacity (Expert) Ability to lead a meeting, a seminar, a committee, a training session, etc. (Mastered) Ability to understand, explain and lead change (Mastered) Ability to define relevant performance indicators (Mastered) Ability to work with Agile methods (Mastered) Behavioral skills: Ability to share/transmit knowledge (Expert) Be results oriented (Expert) Creativity & Innovation / Ability to solve problems (Expert) Ability to collaborate / teamwork (Expert) Develop and maintain system documentation, including configuration guides, and standard operating procedures. Direct and be responsible for the implementation effort. Provide technical guidance and mentorship to team members. Assess demand for their service or technology area and develop plans to meet future capacity needs and makes recommendations to the manager. Aware of all critical changes to infrastructure and applications that could impact service delivery to their business customers. Able to work autonomously and as part of a team using strong analytical skills. Be service oriented, customer focused, positive, committed and have an enthusiastic “can do” attitude. Demonstrate a systematic and logical approach to problem-solving. Able to follow the bank’s standards, processes, and procedures. Escalating incidents internally or to 3rd party partners when required. Required Qualifications To Be Successful In This Role Bachelor’s degree in Computer Science, Engineering, or related field preferred. Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

About the Opportunity Job Type: PermanentApplication Deadline: 31 August 2025 Title Cyber Security Operational Incident Manager - Technical Consultant Department Cyber Defence Operations - GCIS Location Kingswood, Surrey, Gurgaon, Bangalore Reports To Senior Manager - CDO Level 5 > About your team Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity, and Innovation. Fidelity is a value-driven, customer-obsessed organization and in Technology we are fortunate to play a direct role in helping our clients with one of the most important aspects of their lives their financial well-being. Within the Technology function is our Global Cyber & Information Security (GCIS) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting-edge solutions to protect clients digital assets and infrastructure against evolving cyber threats. The Cyber Security Operational Incident Manager will be responding to and managing widespread security events and should have an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About your role The successful candidate will be experienced in operational security incident management, including vulnerability management, understanding the value of rigorous planning, tested procedures and playbooks and quick response to critical security incidents. This is a critical role expected to develop and maintain our operational security incident management capability and help mature our global response processes. The successful candidate will be comfortable working at a technical level, proactively suggesting improvements to the incident playbooks whilst also being able to co-ordinate our front-line CIRT team during major events. The successful candidate will be able to demonstrate understanding of incident response tools and techniques, experience in responding to and managing widespread security events and an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About you Key Responsibilities Own and be accountable for security incidents; taking the lead in driving global remediation activities Ensure simple, repeatable, manual tasks are automated within the Incident Response process Ensure a best-practice program is in place to manage and maintain our security response procedures Proactively develop and deliver new incident response capabilities, tooling and processes. Develop an incident management strategy, focussing on regular reviews and exercises. Create and deliver table-top and simulated exercises focussing on areas of risk identified by our Threat Intelligence team. Ensure the operational security process is consistently maintained across our global regions, taking into account different regulatory requirements and rules. Acting as the point of contact for our global business incident management team for all security related incidents. Run Post Incident Reviews and track and manage outcomes to delivery. Experience and Skills Required Experience and strong understanding of frontline security operations Experience running a vulnerability remediation programme or overseeing vulnerability teams would be advantageous Experience running complex security incidents at a global scale Experience creating or continually improving an incident management program Strong reporting ability, with an understanding on how to tailor reports to show improvements and learnings In depth understanding of modern attack techniques and flows Clear and demonstratable understanding of NIST and MITRE Att&ck Methodologies Experience in cloud environments (Ideally Azure) Strong communication skills with evidence of being in a position responsible for taking feedback from technical teams and turning this into improvements. Banking or Finance industry related experience desirable Security Incident Management Qualifications preferred Security Incident related qualifications (e.g SANS 504) At least 3 years of experience working in an Incident Response position. Experienced responding to global complex security events Experienced using NIST or MITRE frameworks to deploy defensive plans and/or actions Experience explaining the risk of security threats and creating mitigations. Experience of general IT infrastructure technologies and principles. Experience of using vulnerability management tooling e.g Nexpose, Qualys etc. Understanding of the underlying protocols including: HTTP, HTTPS, SMTP, SQL. Understanding of Networking Architecture (OSI Model). Analytical skills Challenge the current processes Passion for the cybersecurity field Time management Able to organize others Nice to Have Certifications - Security+, Network+, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP For starters, well offer you a comprehensive benefits package. Well value your wellbeing and support your development. And well be as flexible as we can about where and when you work finding a balance that works for all of us. Its all part of our commitment to making you feel motivated by the work you do and happy to be part of our team.

Job Title: ISMS (Information Security Management System) Location: Airoli, Navi Mumbai Key Responsibilities: ISMS Implementation & Management: Develop, implement, and maintain the ISMS framework, including policies, procedures, and guidelines based on ISO 27001 and other relevant standards. Conduct regular risk assessments to identify vulnerabilities and recommend appropriate controls to mitigate information security risks. Coordinate with other departments to ensure adherence to ISMS protocols and align information security with business goals. 2. Compliance & Audits: Ensure the organization complies with regulatory requirements related information security, privacy, and data protection. Lead internal and external audits to assess the effectiveness of the ISMS, manage audit processes, and work towards continuous improvement. 3. Documentation & Reporting: Maintain comprehensive documentation for all ISMS processes, policies, controls, and audit activities. Prepare reports for senior management, detailing the effectiveness of the ISMS and recommending improvements. 4. Continuous Improvement: Monitor industry best practices and emerging security trends to enhance the organizations security posture. Recommend improvements to the ISMS based on audit findings, risk assessments, and new business requirements. 5. Desired Traits: Proactive and self-driven. Ability to work independently as well as part of a team. Strong collaboration and interpersonal skills to engage with stakeholders at all levels. Regards, Yugant Mirajkar Human Resources Kiya.ai