59 Nexpose Jobs - Page 2

Category: Infrastructure/Cloud Main location: India, Tamil Nadu, Chennai Position ID: J0325-1818 Employment Type: Full Time Position Description: 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Cloud Container & Image Security Implement secure containerization strategies using tools like Docker, Kubernetes, and container orchestration platforms. Ensure container images are secure, up-to-date, and compliant with organizational security policies. Ensure cloud resources are properly configured, monitored, and secured in accordance with organizational security policies. Design and implement secure cloud image management strategies to ensure images are secure, up to date, and compliant with organizational security policies. Network Security Design and implement secure network architecture to protect cloud resources from unauthorized access. Ensure network traffic is properly monitored filtered and secured in accordance with organizational security policies. System Security Design and implement secure system configurations to protect cloud resources from unauthorized access. Ensure systems are properly patched, monitored and secured in accordance with organizational security policies. Threat Analysis and Risk Management Conduct regular threat analysis and risk assessment to identify potential security risks. Develop and implement risk mitigation strategies to ensure the security and integrity of cloud resources. Compliance and Governance Ensure cloud security controls are compliant with relevant regulatory requirements, such as HIPAA, PCI-DSS and GDPR. Develop and maintain cloud security policies, procedures and standards. Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Skills: Compliance Container Technology Network Security Threat Risk Assessment What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Category: Infrastructure/Cloud Main location: India, Tamil Nadu, Chennai Position ID: J0325-1817 Employment Type: Full Time Position Description: 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Technical Access Management / Privilege Access Management Manage and maintain technical/privilege access controls for production and development environments Ensure compliance with organizational technical access control security policies and procedures Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation Review technical access segregation between production and development environments with respective support teams Data Leakage Prevention (DLP) Create, management and maintain DLP policies to detect and prevent data leaks Deploy and maintain DLP infrastructure Collaborate with IT teams to investigate and respond to data leak incidents Identity and Access Management (IAM) Collaborate with IT teams to deploy and maintain data encryption solutions IAM team to ensure seamless integration with technical access management solutions Ensure compliance with organizational IAM policies and procedures Data Encryption Deployment & Monitoring Collaborate with IT teams to deploy and maintain data encryption solutions Ensure compliance with organizational data encryption policies and procedures Unstructured & Structured Data Discovery & Activity Monitoring Collaborate with IT teams to: Deploy and maintain unstructured & structured data discovery and activity monitoring solution Identify and classify sensitive data Monitor and analyse restricted and sensitive database activities Remediate any non-compliant finding reported Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Skills: Identity and Access Mgt (IAM) Vulnerability Management(IAVM) What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development Stay updated on the latest security trends, vulnerabilities, and technology advancements. Provide training and guidance to the team and other departments on security best practices. Strategy and Planning Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) Internal/external network penetration, privilege escalation, and lateral movement Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing Working knowledge of Kali Linux and frameworks like MITRE ATT&CK Basic understanding of AI/ML security: adversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: Offensive: Burp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver Reconnaissance: Nmap, Amass, Shodan, OSINT frameworks/tools Vulnerability Scanners: Nessus, Qualys, Nexpose Programming/Scripting: Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills Excellent written and verbal communication skills Strong analytical and problem-solving capabilities Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): Highly Desirable: OSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE Other Considered: EWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers

Job requisition ID :: 81576 Date: Jul 3, 2025 Location: Kochi Designation: Consultant Entity: Deloitte Touche Tohmatsu India LLP Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST/ Your role as a Consultant We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Senior Executive across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication – Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte Empathetic leadership and inclusivity - creating a safe and thriving environment where everyone's valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive. How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. Your work profile. Work you’ll do as a part of our Cyber team you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You’ll: • Works on projects with clearly defined guidelines as team member with responsibility for project delivery • Works under general supervision with few direct instructions • Performs cyber security assessments which includes vulnerability assessment & penetration testing, network security architecture review, secure configuration / code review, etc. • Understands basic business and information technology management processes. • Demonstrates knowledge of firm's methodologies, frameworks and tools • Participate in practice development initiatives The key skills required are as follows: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Role and Responsibilities: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Educational Qualification: Bachelor’s/master’s degree Certifications: OSCP How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

Primary skills:Application Security,Application Security->Application Risk Profiling,Application Security->Burpsuite,Application Security->Devsecops,Application Security->Ethical Hacking(CEH),Application Security->Nessus,Application Security->SSL(Secure Sockets Layer),Application Security->Threat Modeling,Application Security->Vulnerability Assessment/Penetration Testing,Application Security->Vulnerability Management,Application Security->Web Security,Application Security->Webservices Security,Application Security->Wireshark,Security testing->Vulnerability testing,Technology->Application Security->Vulnerability Management->Qualys,Technology->Application Security->Vulnerability Management->Rapid 7 Nexpose,Vulnerability Management A day in the life of an Infoscion As part of the Infosys consulting team, your primary role would be to get to the heart of customer issues, diagnose problem areas, design innovative solutions and facilitate deployment resulting in client delight. You will develop a proposal by owning parts of the proposal document and by giving inputs in solution design based on areas of expertise. You will plan the activities of configuration, configure the product as per the design, conduct conference room pilots and will assist in resolving any queries related to requirements and solution design You will conduct solution/product demonstrations, POC/Proof of Technology workshops and prepare effort estimates which suit the customer budgetary requirements and are in line with organization’s financial guidelines Actively lead small projects and contribute to unit-level and organizational initiatives with an objective of providing high quality value adding solutions to customers. If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Ability to develop value-creating strategies and models that enable clients to innovate, drive growth and increase their business profitability Good knowledge on software configuration management systems Awareness of latest technologies and Industry trends Logical thinking and problem solving skills along with an ability to collaborate Understanding of the financial processes for various types of projects and the various pricing models available Ability to assess the current processes, identify improvement areas and suggest the technology solutions One or two industry domain knowledge Client Interfacing skills Project and Team management

Job Title: ISMS (Information Security Management System) Location: Airoli, Navi Mumbai Key Responsibilities: ISMS Implementation & Management: Develop, implement, and maintain the ISMS framework, including policies, procedures, and guidelines based on ISO 27001 and other relevant standards. Conduct regular risk assessments to identify vulnerabilities and recommend appropriate controls to mitigate information security risks. Coordinate with other departments to ensure adherence to ISMS protocols and align information security with business goals. Compliance & Audits: Ensure the organization complies with regulatory requirements related to information security, privacy, and data protection. Lead internal and external audits to assess the effectiveness of the ISMS, manage audit processes, and work towards continuous improvement. Documentation & Reporting: Maintain comprehensive documentation for all ISMS processes, policies, controls, and audit activities. Prepare reports for senior management, detailing the effectiveness of the ISMS and recommending improvements. Continuous Improvement: Monitor industry best practices and emerging security trends to enhance the organizations security posture. Recommend improvements to the ISMS based on audit findings, risk assessments, and new business requirements. Desired Traits: Proactive and self-driven. Ability to work independently as well as part of a team. Strong collaboration and interpersonal skills to engage with stakeholders at all levels.

Preferred candidate profile OWASP methodologies application is a mandatory. 2 4-year experience in IT Security minimum Experience working in an international and complex financial environment, dealing with both business constraints and IT users across countries. Good knowledge of Security scanning tools like Qualys, Nexpose, Appspider is highly appreciated along with good understanding of Kubernetes. CEH or Any Security certifications are appreciated. Experience in Development languages and scripting is appreciated.

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. Bachelor or Master degree in computer science with a minimum of 8 years in cyber security domain Technical background in networking/system administration, security testing or related fields In-depth knowledge of TCP/IP Two or more years of Perl, Python, Bash, or C experience Operating System Configuration and Security experience (Windows, HP-UX, Linux, Solaris, AIX, etc.) Configuration and Security experience with firewalls, switches, routers, VPNs Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115 Familiar with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box) Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows Familiar with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations Commercial Application Security tools experience (Nessus, Nexpose, Qualys, Appdetective, Appscan, etc.) Open source and free tools experience (Kali Linux suite, Metasploit, nmap, airsnort, Wireshark, Burp Suite, Paros, etc.) One or more of the following testing certifications: Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc) In addition, one or more of the following governance certifications is preferred: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®) Strong leadership and communication skills, technical knowledge, and the ability to write at a "publication" quality level in order to communicate findings and recommendations to the client's senior management Must possess a high degree of integrity and confidentiality, as well as the ability to adhere to both company policies and best practices The standard work hours for this role are from 3:30 PM to 11:00 PM IST, aligned to support client requirements and deliverables and engagements. Candidates should be comfortable with this fixed shift timing Position & Key Responsibilities Develop an understanding of the RSM US Risk Consulting service offerings, methodologies, and tools Perform analysis and testing to verify the strengths and weaknesses of client IT environments utilizing commercial and open source security testing tools Perform Internet penetration testing (blackbox/ greybox / whitebox testing) and network architecture reviews (manual/ automated) Perform other security testing tasks such as wireless penetration testing, social engineering campaigns (email, web, phone, physical, etc.), mobile application testing, embedded device testing, and similar activities meant to identify critical weaknesses within client environments Assist with the development of remediation recommendations for identified findings Identify and clearly articulate (written and verbal) findings to senior management and clients Help identify improvement opportunities for assigned clients Supervise and provide engagement management for other staff working on assigned engagements Works closely with the client and RSM team to make sure we meet or exceed client expectations on each engagement and maintain high customer satisfaction. Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements Ensure that documentation is compliant with the quality standards of the firm Work collaboratively as a part of the team and communicate effectively with RSM consulting professionals, and senior management in the U.S. on a daily basis Key Skills To Accelerate Career Maintains a high degree of quality and client relationship on multiple clients at the same time Positively engages, motivates and influences team members Identifies client needs/requirements and initiates discussion to expand services through a solid understanding of the firm’s service capabilities and offerings Subscribes to and actively read industry publications and share relevant information with clients as considered applicable At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

Hi All, Greetings of the day! Currently we are having opening for the position of Cybersecurity, Risk Management for one of our leading Investment Banking client in Mumbai location. Experience - 2 to 5 Years Location - Goregaon (Hybrid) Responsibilities - Work on the remediation titles to be actionable good understanding of vulnerabilities - Provide data cleaning rules where needed need understanding of Databases and Scripting - Coordinate with Global counterparts - Automatize reporting in GCSD experience in scripting. - Work closely with regional production security teams to transition scanning & reporting activities - Document SOP for operational teams (tools maintenance and IVM activities) Technical & Behavioral Competencies OWASP methodologies application is a mandatory. 2 - 4 year experience in IT Security minimum University degree, preferably in Computer Science with spec. in IT Security Exceptional communication and advocacy skills, both verbal and written, with the ability to express complex technical issues in an easily understood manner. Curious and highly implicated in IT Security Team player Experience working in an international and complex financial environment, dealing with both business constraints and IT users across countries. Good knowledge of Security scanning tools like Qualys, Nexpose, Appspider is highly appreciated along with good understanding of Kubernetes. Experience in a multi-cultural environment is appreciated. CEH or Any Security certifications are appreciated. Experience in Development languages and scripting is appreciate Interested candidates can share their updated resume at dipti.ghavri@kiya.ai

Job requisition ID :: 81577 Date: Jun 21, 2025 Location: Chennai Designation: Consultant Entity: Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Job Description We are seeking a skilled and experienced Cybersecurity Specialist to join our dynamic team. The ideal candidate will have 3-7 years of experience in cybersecurity roles and a strong technical background in information security. If you're passionate about protecting data, identifying vulnerabilities, and implementing robust security Responsibilities : Develop, implement, and maintain cybersecurity policies, firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security solutions, and data encryption. Conduct regular security assessments, risk analyses, and vulnerability assessments to identify potential weaknesses and mitigate risks. Experience in Web/Mobile/Network Penetration Testing and/or Vulnerability Assessment. Experience with web application vulnerability scanner (BurpSuite, AppScan, Acunetix, Web Inspect, etc). Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25. Deep knowledge of HTTP protocol and the ability to construct/manipulate HTTP requests. Ability to suggest/recommend remediation to fix vulnerability. Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. Knowledge on Tools : Nmap, Kali Linux, Metasploit, Maltego, Burp Suite, Nessus, nexpose, Wireshark, sqlmap etc. Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security 3-7 years of experience in cyber security or a related field. Bachelor's degree in Computer Science, Information Security, Cyber Operations, or a related field (or equivalent experience). Strong understanding of networking concepts, security principles, and cyber threats. Proven experience with vulnerability scanning and penetration testing tools. Knowledge of regulatory requirements and compliance frameworks (eg, PCI DSS, NIST, CIS Controls). Experience in Information security controls, and doing IT audits, ISO certifications is preferred. (ref:hirist.tech)

Job Summary We are looking for an Application Security Analyst with 2-3 years of experience in IT and security to strengthen our security team. The ideal candidate will focus on securing web and mobile applications (Android/iOS) by conducting penetration testing, vulnerability assessments, API security reviews, and ensuring compliance with security best Responsibilities Security & Penetration Testing : Conduct security assessments for web, mobile (Android/iOS), and APIs. Identify, exploit, and remediate OWASP Top 10 vulnerabilities. Perform manual and automated security testing to uncover security risks. Conduct secure code reviews to detect application security Security (Android & iOS) : Perform static and dynamic analysis of Android/iOS applications. Identify security risks such as insecure data storage, API vulnerabilities, and jailbreak/root detection bypass. Utilize tools like MobSF, Frida, Burp Suite, Objection, Drozer, Jadx, and apktool. Validate applications against OWASP Mobile Top 10 security Security & Secure Development : Perform API penetration testing using Burp Suite, Postman, OWASP ZAP. Identify critical vulnerabilities such as Broken Authentication, Excessive Data Exposure, and IDOR. Collaborate with developers to implement secure coding practices and remediation Management & Compliance : Conduct vulnerability assessments using tools like Nessus, Acunetix, Nexpose, Rapid7, and Qualys. Ensure compliance with ISO 27001, SOC2, GDPR, and other regulatory frameworks. Work closely with development teams to remediate security Skills & Qualifications : Bachelors degree in Computer Science, Information Security, or a related IT field. 2-3 years of experience in IT, with at least 1-2 years focused on Application Security & Penetration Testing. Strong understanding of OWASP Top 10 (Web & Mobile) vulnerabilities. Hands-on experience with security tools such as Burp Suite, MobSF, Frida, Objection, Drozer, Jadx, apktool. Proficiency in secure code review (Java, Swift, Kotlin, JavaScript). Expertise in API Security Testing and secure development best practices. Strong analytical, problem-solving, and communication Qualifications : Security certifications such as OSCP, CEH, eJPT, OSWE, GMOB (preferred). Experience with bug bounty programs or responsible disclosure & Benefits : Competitive salary based on experience. Career growth opportunities in Application Security & Ethical Hacking. Health & wellness benefits. Access to continuous learning, certifications, and security training programs. (ref:hirist.tech) Show more Show less

Job requisition ID :: 79285 Date: Jun 12, 2025 Location: Kochi Designation: Assistant Manager Entity: Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Job requisition ID :: 83600 Date: Jun 12, 2025 Location: Delhi Designation: Consultant Entity: Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Overview Make your mark at Comcast - a Fortune 30 global media and technology company. Become part of our award-winning, international engineering team that turns big ideas into cutting-edge products, platforms, and solutions that our customers love. We create space to innovate, and we recognize, reward, and invest in your ideas, while ensuring you can proudly bring your authentic self to the workplace. You’ll do the best work of your career right here. Success Profile What makes a successful Security Engineer 2 at Comcast? Check out these top traits and explore role-specific skills in the job description below. Results-driven Adaptable Inventive Entrepreneurial Team Player Problem-Solver Benefits We’re proud to offer comprehensive benefits to help support you physically, financially and emotionally through the big milestones and in your everyday life. Paid Time off We know how important it can be to spend time away from work to relax, recover from illness, or take time to care for others needs. Physical Wellbeing We offer a range of benefits and support programs to ensure that you and your loved ones get the care you need. Financial Wellbeing These benefits give you personalized support designed entirely around your unique needs today and for the future. Emotional Wellbeing No matter how you’re feeling or what you’re dealing with, there are benefits to help when you need it, in the way that works for you. Life Events + Family Support Benefits that support you no matter where you are in life’s journey. Security Engineer 2 Location Chennai, India Req ID R412615 Job Type Full Time Category Cybersecurity Date posted 06/13/2025 Comcast brings together the best in media and technology. We drive innovation to create the world's best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines. We are at the forefront of change and move at an amazing pace, thanks to our remarkable people, who bring cutting-edge products and services to life for millions of customers every day. If you share in our passion for teamwork, our vision to revolutionize industries and our goal to lead the future in media and technology, we want you to fast-forward your career at Comcast. Job Summary "Responsible for monitoring, identifying, investigating and analyzing all response activities related to cybersecurity incidents within an organization. Identifies security flaws and vulnerabilities; responds to cybersecurity incidents, conducts threat analysis as directed and addresses detected incidents. Conducts network or software vulnerability assessments and penetration testing utilizing reverse engineering techniques. Perform vulnerability analysis and exploitation of applications, operating systems or networks. Identifies intrusion or incident path and method. Isolates, blocks or removes threat access. Evaluates system security configurations. Evaluates findings and performs root cause analysis. Performs analysis of complex software systems to determine both functionality and intent of software systems. Resolves highly complex malware and intrusion issues. Contributes to the design, development and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations. Works with moderate guidance in own area of knowledge. Employees at all levels are expect to: - Understand our Operating Principles; make them the guidelines for how you do your job - Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services - Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences - Win as a team - make big things happen by working together and being open to new ideas - Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers - Drive results and growth - Respect and promote inclusion and diversity - Do what's right for each other, our customers, investors and our communities" Job Description Core Responsibilities Strong customer focus with the ability to advise and work closely with application teams and vendors on mitigation. Exposure to commercial and open-source tools such as Burpsuite, Metasploit, WebInspect, Nessus, Qualys, Nexpose, nmap, Kali Linux, etc. Experience cataloguing and risk-scoring vulnerabilities discovered through assessments. Good understanding and experience with: Web application security assessment, including hands-on techniques. Hands-on experience in identifying, mitigating, and remediating vulnerabilities based on OWASP Top10 (API, Web) Basic Scripting knowledge with the capability to automate analysis of technical engineering tasks. CVSS scoring and its use in risk rating What success looks like Prompt, effective curation of security vulnerabilities. Responsiveness to internal customer requests. Validation of remediated tickets within published service level agreements (SLAs). What You Can Expect A cool and casual work environment with opportunities to showcase your skills. A culture of innovation and continuous learning. Training, support, and mentoring to expand and evolve your expertise. Opportunities to impact the security of Comcast products in millions of homes and businesses What We Require: Bachelor's Degree in Computer Science, Information Systems, or other related field or equivalent work experience. Disclaimer: This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications. Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law. Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits to eligible employees. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality – to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details. Education Bachelor's Degree While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience. Relevant Work Experience 2-5 Years

Working Days : 5 Days & 9 hrs Location : Ahmedabad - onsite Job Description Role : Software Architect - Embedded You are an Energetic, Passionate, and Innate Software Technology Leader having excellent knowledge of designing and developing Linux based embedded products and having an experience of 8+ years with at least 4-5 years of experience of technical leadership. You possess very good knowledge of Software Architecture and Design, Design Patterns, OOPS concepts, Data Structures and Algorithms, Messages Queues, Multi-threading applications, Networking concepts and software security. You are competent to design, develop and deliver Software applications and embedded products. Technical Skills Required Hands-on experience in C/ C++, Embedded C (Very strong exposure in C Programming concepts). Linux, Command of Linux OS. IPC Inter-Process Communication exposure (Multithreading and Socket Programming). Working experience or Knowledge with Microprocessors like Arm 7/9, Cortex A8/A15, Qualcomm, Intel, IMX,NXP etc will be a huge plus. You have sound knowledge and hands-on experience in one or more Technologies/Platform like Socket Programming, Multi-Threading, ONVIF/RTSP, Video codecs H264/H265, Video Parsing of H264/H265, Image processing, Embedded Web Server, BLE, WIFI, RS485. UART, Push Notification (FCM), VoIP (SIP & RTP). You possess good knowledge and working experience in one or more Tech Stacks/Frameworks like Ffmpeg, Gstreamer, QT/QML, LIVE555, OpenCV(Image Processing), Networking Fundamentals, Basic Linux commands. You are proficient in at least two or more languages from among C, JAVA, Python, C++, HTML/CSS, JQuery/Javascript. You take complete ownership of timely product delivery with impeccable software quality. You have experience in building, leading, and managing multi-engineer project teams. You have the ability to navigate the teams through fast changing market needs. You possess strong people leadership skills in growing/nurturing/mentoring the young engineers. You are a motivated problem solver who can accurately document and communicate issues, can present the problem and solution in a short and crisp manner without taking into circles. You have a good understanding of JIRA, Confluence, SVN, Fisheye, Crucible, Sonar/Parasoft/LDRA and Nessus/Nexpose. (ref:hirist.tech) Show more Show less

Job Description We are seeking a skilled and experienced Cybersecurity Specialist to join our dynamic team. The ideal candidate will have 3-7 years of experience in cybersecurity roles and a strong technical background in information security. If you're passionate about protecting data, identifying vulnerabilities, and implementing robust security measures. Key Responsibilities Develop, implement, and maintain cybersecurity policies, firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security solutions, and data encryption. Conduct regular security assessments, risk analyses, and vulnerability assessments to identify potential weaknesses and mitigate risks. Experience in Web/Mobile/Network Penetration Testing and/or Vulnerability Assessment. Experience with web application vulnerability scanner (BurpSuite, AppScan, Acunetix, Web Inspect, etc). Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25. Deep knowledge of HTTP protocol and the ability to construct/manipulate HTTP requests. Ability to suggest/recommend remediation to fix vulnerability. Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. Knowledge on Tools: Nmap, Kali Linux, Metasploit, Maltego, Burp Suite, Nessus, nexpose, Wireshark, sqlmap etc. Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security : 3-7 years of experience in cyber security or a related field. Bachelor's degree in Computer Science, Information Security, Cyber Operations, or a related field (or equivalent experience). Strong understanding of networking concepts, security principles, and cyber threats. Proven experience with vulnerability scanning and penetration testing tools. Knowledge of regulatory requirements and compliance frameworks (e.g., PCI DSS, NIST, CIS Controls). Experience in Information security controls, and doing IT audits, ISO certifications is preferred. (ref:hirist.tech) Show more Show less

Job Title: Sr. SecOps Engineer Experience: 4 - 9 Years Location: Remote Contract Duration: Long Term Work Time: 1 PM - 10 PM or 2 PM - 11 PM IST Job Summary We seek innovative professionals who adapt to change and thrive in fast-paced environments. You will join an engineering team that builds scalable systems, secures infrastructure, and applies advanced technologies to protect and transform financial services. If you are passionate about cybersecurity, infrastructure design, and proactive defense, we encourage you to apply. Responsibilities Gain deep understanding of the company’s tech stack to assess vulnerabilities and propose security solutions Monitor IT control environments to identify key risks, control gaps, and report findings Support third-party vulnerability testing processes and document results Collaborate with internal stakeholders to address systemic security concerns Perform monitoring using security tools and oversee remediation efforts Identify and analyze threats and vulnerabilities, ensuring timely resolution Implement and maintain consistent, cost-effective security controls and procedures Track and document security-related incidents for efficient resolution Support audits and risk assessments with documentation and evidence Assist management in corrective action planning based on audit findings Lead or participate in implementation of new security initiatives Stay updated on technology and security trends to recommend improvements Help develop company-wide IT and information security best practices Primary Skills 4–6 years of experience in design, testing, development, migration, and integration within mid to large organizations Experience in conducting vulnerability scans across various environments Hands-on with vulnerability scanning, incident response, endpoint detection, monitoring, and logging Strong understanding of current security threats, tools, and network technologies Practical knowledge of AWS core services such as VPC, EC2, S3, RDS, ELB, ALB, WAF, Lambda Proficiency in programming languages such as Python, Java, or Go Experience with both Windows and Linux operating systems Proficient in using scanning tools like Qualys, Rapid7 Nexpose, or Tenable Nessus Familiarity with EDR tools such as Tanium, Crowdstrike, Cisco AMP, or McAfee Skilled in monitoring tools like Splunk, Loggly, or Kibana Experience with automation and configuration tools like Jenkins, Puppet, Chef, CloudFormation, Terraform, or Ansible Knowledge of version control and CI/CD tools: Git, Nexus, Gradle, Groovy, YML Understanding of AWS security capabilities: WAF, GuardDuty, Security Groups, IAM Familiar with baseline configuration standards (CIS Benchmarks or DISA STIGs) Strong communication and presentation skills Security certifications such as CISSP, GSEC, CEH are a plus Show more Show less

Category: Infrastructure/Cloud Main location: India, Maharashtra, Mumbai Position ID: J0525-0774 Employment Type: Full Time Position Description: Company Profile: At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve. At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients - and for our members. Come grow with us. Learn more at www.cgi.com. This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans. We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted. No unsolicited agency referrals please. Job Title: Database Analyst + SDP Admin Position: Systems Engineer/ Senior Systems Engineer Experience:3 - 6 Years Category: Software Development/ Engineering Main location: Mumbai Position ID: J0525-0774 Employment Type: Full Time Job Description : Must Have: Minimum 2+ years of experience in Oracle database & of 1+ years as IBM SDP Admin using the application (Thick/Web Client, Manager).. Good knowledge in SQL/PLSQL, DB Tools (export/import/sqlloader). Good knowledge on shell scripting (ksh/bash). Knowledge on Business Intelligence 4.x platform will be an added advantage. Knowledge of Atlas2 & usage IV2 Marketplace will be an added advantage Up to date technical stack covering all assets used by Core Banking the environments (with different technologies) to develop, test & deliver the Atlas2 product to different sites. The frameworks used for Java & Angular developments The CI/CD Pipelines Direct Responsibilities Tools and Frameworks(T&F) team is a unit working under the Core Banking Build Department. The Build team is responsible for the development of Atlas2 CIB applications that are deployed across sites. The responsibility of T&F is to provide the build team with o Up to date technical stack covering all assets used by Core Banking o the environments (with different technologies) to develop, test & deliver the Atlas2 product to different sites. o The frameworks used for Java & Angular developments o The CI/CD Pipelines o Internal Tools So, T&F is a transversal team in charge of servers, environments, defining their technical stacks, fully responsible for CI-CD platform across technologies from Java to Cobol to IBM SDP, provides technical support & studies on different technologies to the needs of build team. T&F also owns many applications as GDI, PCK-B/M /Viewer, Env-viewer, Polaris, BCTT. The current role will be part of Unix Pole under T&F team focusing on DB tasks but also as SDP Admin In the scope of all Database related actions& SDP application for Atlas2: Maintaining databases, writing complex SQL queries for data retrieval & manipulation. Installation & Administration of IBM SDP application (Thick/Web Client, Manager). Ability to develop Cobol programs. Technical Support, Troubleshooting & resolving database/SDP-related issues. Ability to create/maintain tools via scripts or via automation to facilitate the different inputs that are necessary for development of atlas application. Should be able to handle different type of requests from build team and provide solution. Contributing Responsibilities Should learn, work across technologies (Linux, SDP, Unikix, Autosys, Jenkins, Ansible, Oracle) & across number of atlas tools (PCK, listGDI, mporacle, …) with the different resources in T&F team & should ensure to act as a backup of other resources within ISPL team. Must Have: OWASP methodologies application is a mandatory. 2 – 4-year experience in IT Security minimum University degree, preferably in Computer Science with spec. in IT Security Experience working in an international and complex financial environment, dealing with both business constraints and IT users across countries. Good knowledge of Security scanning tools like Qualys, Nexpose, Appspider is highly appreciated along with good understanding of Kubernetes. Experience in a multi-cultural environment is appreciated. CEH or Any Security certifications are appreciated. Good To Have: Experience in Development languages and scripting is appreciated. Note: This job description is a general outline of the responsibilities and qualifications typically associated with the Virtualization Specialist role. Actual duties and qualifications may vary based on the specific needs of the organization. CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs. Your future duties and responsibilities Required Skills & Qualifications: Minimum 2+ years of experience in Oracle database & of 1+ years as IBM SDP Admin. Good knowledge in SQL/PLSQL, DB Tools (export/import/sqlloader). Good knowledge on shell scripting (ksh/bash). Knowledge on Business Intelligence 4.x platform will be an added advantage. Knowledge of Atlas2 & usage IV2 Marketplace will be an added advantage Required qualifications to be successful in this role Bachelor’s degree in Computer Science, Engineering, or related field preferred. Skills: ITIL Oracle MS SQL Server Shell Script What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Required Candidate profile: B.Tech / B.E./ BCA/ BSc in Computer Science or Information Technology. Candidates must have hands-on experience (Preference will be given to professional experience) of vulnerability assessment and penetration testing. Certification: OSCP or similar certifications (Preferred) Candidates must have minimum 4+ years of experience of vulnerability assessment, penetration testing, and Bug bounty. Preferred Skills: Excellent understanding of web application security and secure coding. Proficient in Application Security concepts, familiar with OWASP Top 10. Understanding of vulnerability assessment/penetration testing. Ability to write technical reports and detailed documentation. Experience in conducting VAPT and secure source code review. Experience with application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Acunetix, TOSpider, Burp Suite Pro, Nessus, Nexpose) Experience in Bug Bounty. In-depth knowledge and experience with OWASP and SANS standards. Web App Security (Burp Suite, Manual & Automated Testing, Comfortable in Black Box/White Box testing with the capability of finding business logic vulnerabilities, OWASP testing guide). Knowledge on Patch Fixing methodologies. Investigate security breaches and other cybersecurity incidents Location - Ahmedabad, Gujarat Show more Show less

About BNP Paribas India Solutions Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions. About BNP Paribas Group BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Commitment to Diversity and Inclusion At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. About Business Line/Function For 150 years, BNP Paribas Wealth Management has been committed to protecting clients’ wealth, developing it, and eventually passing it on to their loved ones. We deliver tailor-made experience, with outstanding attention to detail and expertise from precise local knowledge to the global know-how that we access from the Group. Our goal is to create a new wealth management experience fit for a world where digital interactions have come to enhance human ones. Wealth Management Investment Solution Hub (WMIS Hub) provides a global IT solution for BNP Paribas Wealth Management where we develop, maintain and evolve IT applications which fits to the specific needs of BNP Paribas Wealth Management business users. Job Title Cybersecurity Manager Date Department: Wealth Management Location: Chennai Business Line / Function ITRCS Reports To (Direct) Grade (if applicable) (Functional) Number Of Direct Reports 16 Directorship / Registration NA Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the team’s goal. Main Scope Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives. Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development/Production/CSIRT/Production Security teams. The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator. Responsibilities Direct Responsibilities WM IT Risk and Security Manager Manage the WM IT Risk and Security local team in India by managing the recruitment, performances review as well as training and career-path development. Coordinate with APAC WM security actors, including India-based resources. Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process. Periodic reporting of security status to WM CISO APAC and WM Global CISO Contribute to the IT Risk and Cybersecurity Governance including procedural framework, Cybersecurity awareness and communication. Ensure the regular reporting for management follow-up IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets. Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes. Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and Cloud security. Identify the process gaps and provide solutions. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets. Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees. Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider. Production Security Oversight (delegation on WM APAC scope) Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance. Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress. Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders. Contribute to the management of Cybersecurity incidents. CyberSecurity Program (delegation on WM APAC scope) Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program. Contributing Responsibilities Coordination with IT Security actors Reporting line to the WM GAIM Global CISO: alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard…) Coordination and control of security activities performed by APAC CIB Business Information Security and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope. Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production. Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group. Technical & Behavioral Competencies Cybersecurity / Technical Value-added Competencies ü Cybersecurity Governance: framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM – ELK products) ü DevSecOps: CI/CD toolchain knowledge of various tools Source code management: sonarQuabe, bibucket, github/gitlab Security application scanning (e.g. Sonatype/NexusIQ, Fortify, AppSpider, Qualys, DTR scan…) Automation/orchestration: Ansible tower, Jenkins ü Application Security: Threat modeling, Security architecture key concepts, exposure to various development framework and applicative landscape (Java/Web, Mobile applications, containerization/docker, kubernetes, API management, Cloud security) ü Vulnerability Management Nexpose, Nessus ü Ethical Hacking Knowledge Kali Linux knowledge (metasploit, nmap) Specific Qualifications (if Required) Qualifications and Experience ü 10 years' experience in information security evaluation and design of technical architectures ü Functional as well as technical knowledge of the applications used within BNP Paribas ü Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies ü Team management experience is a must ü Preferred Master level in Computer science and Information Security Skills Referential Behavioural Skills: (Please select up to 4 skills) Communication skills - oral & written Ability to collaborate / Teamwork Decision Making Ability to deliver / Results driven Transversal Skills: (Please select up to 5 skills) Ability to set up relevant performance indicators Ability to develop and adapt a process Ability to manage a project Ability To Develop Others & Improve Their Skills Ability to manage / facilitate a meeting, seminar, committee, training… Education Level Master Degree or equivalent Experience Level At least 10 years Other/Specific Qualifications (if Required) Other Value-added Competencies ü Advanced IT security certifications may be advantageous (such as CISM, CCSP, CSK, CEH, CISSP…). ü Operational Risk and Permanent Control ü Data Analytics solutions (Tableau, PowerBI) and strong expertise in Dashboard/reporting Show more Show less

Conduct Web Application and API Security Testing using both Manual and Automated Penetration Testing Methodologies Conduct Vulnerability Assessments of Network Devices, DB and servers using various open source and commercial tools Map out a network, discover ports and services running on the different exposed network and security devices Conduct penetration test and launch exploits using Nessus, Metaspoilt, Core Impact, Backtrack penetration testing distribution tools sets Prepare a detailed VAPT findings manually Strong experience with performing VAPT as per OWASP Top 10, SANS Top 25, and NIST, and SANS Security Guidelines. Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Maltego, Burp, Nessus, nexpose, wireshark, sqlmap, MobSF, burpsuite etc. Conduct android and IOS mobile application VAPT Ability to suggest remediation to vulnerabilities observed in Application and configuration. Minimum 2-3 years of work experience in the information security domain only Job Types: Full-time, Permanent Pay: ₹20,000.00 - ₹65,000.00 per month Benefits: Internet reimbursement Supplemental Pay: Performance bonus Application Question(s): Did you worked in the domains like API Testing, IOS, Android Testing, Web Application Testing, Network Penetration Testing, Mobile Application Testing? Experience: minimum: 1 year (Required) Language: English (Required) Location: Gurugram, Haryana (Required) Work Location: In person

About BNP Paribas India Solutions Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions. About BNP Paribas Group BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Commitment to Diversity and Inclusion At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. About Business Line/Function ITG is a group function established recently (2019) in ISPL with presence in Mumbai, Chennai. We collaborate with various business lines of the group to provide IT Services. IT GROUP is a Group function that extended its capabilities in 2019 in ISPL with presence Mumbai, Chennai & Bangalore, with 1400+ employees. We collaborate with various business lines of the Group such as IT Group Infrastructure & Production, IT Transversal & Functions, IT Cash Services, IT Commercial, Personal Banking & Services, IT Investment & Protection Services, and Cybersecurity & Digital Fraud within IT GROUP. The Cybersecurity & Digital Fraud department’s objective is to protect the Bank and its clients, from Cybersecurity and Cyber Fraud risks. This department is in charge of the permanent monitoring of the evolution of Cyber Risks in the Group’s Information Systems to guarantee the security of the Bank and ensures the deployment of measures to protect customers while raising employees’ awareness of fraud risks particularly. Its mission aims at structuring, strengthening, and harmonizing IT risks management and Cybersecurity for BNP Paribas Group and Defining the vision and strategy for IT risk management and Cybersecurity, and ensuring the implementation of this strategy within the Group’s operating entities, Monitoring the security of the Group's information systems, Steering the IT Continuity and Resilience strategy and methodological framework. The evolving Cyberthreats landscape increases the risk of the financial sector, which leads BNP Paribas to strengthen its Cybersecurity maturity, IT risk management and Operation Resilience. Whilst being mainly based in France, the Cybersecurity & Digital Fraud Department is developing globally since 2021, especially in India (Mumbai, Chennai & Bangalore) and Portugal (Lisbon & Porto). Job Title Business Analyst Senior– GRC System – Risk, Compliance & Governance Date 7th May 2025 Department ITG Location: Bengaluru Business Line / Function CDF GRC IT Reports To (Direct) Grade (if applicable) (Functional) Number Of Direct Reports None Directorship / Registration NA Position Purpose Business Analyst for implementing GRC IT solutions in ServiceNow. Must have experience in implementing GRC solutions. Responsibilities Direct Responsibilities Lead the business requirements gathering process Collect and analyze requirements Animate workshops and meeting, write meeting minutes, follow up actions Prepare related documentation (functional design specifications, RACI, standard operating procedures, business workflow, user manuals etc.) Write User Stories, explain User Stories to developers Create training materials and conduct training sessions Follow up the development lifecycle steps requirements formalization, development testing, UAT coordination with stakeholders, transition to production organization, write release notes Assist users in user acceptance test (test scenarios, non-regression tests) Create and maintain the project planning, identify risks and handle it Ensure the post-implementation monitoring Provide regular project updates (meeting minutes, follow-up on action plan) Ensure proper escalation whenever required Contributing Responsibilities Manage assigned projects Ensure quality of service delivered by products Contribute to investigate user issues reported Technical & Behavioral Competencies Experience in Vulnerability Management processes and tools (Qualys, Rapid7, Tenable, Fortify, Sonarcube, Tanium, Nessus, Nexpose) Knowledge in any of the topics like IT Risk, SOX, Compliance, Control Plans, Action Plans, IT Continuity, Audit, ERM, ORM, Third Party Management Strong process analysis, mapping and design Practical experience of delivering change in IT environments Experience in project management and business analysis Excellent knowledge of the IT Project life cycle Proven track record of successful change management delivery within global banking industry or large organizations is a plus Knowledge and experience on GRC solutions (ServiceNow, Archer, GRC Enablon, eFront, Nasdaq Bwise) Knowledge on Agile methodologies Specific Qualifications (if Required) kills Referential Behavioural Skills: (Please select up to 4 skills) Decision Making Creativity & Innovation / Problem solving Communication skills - oral & written Ability to synthetize / simplify Transversal Skills: (Please select up to 5 skills) Ability to understand, explain and support change Ability to develop and adapt a process Ability to anticipate business / strategic evolution Analytical Ability Ability to develop and leverage networks Education Level Bachelor Degree or equivalent Experience Level At least 7 years Other/Specific Qualifications (if Required) Industry Standard BA Qualification AGILE methodologies GRC, IRM (Integrated Risk Management) Show more Show less