3740 Nist Jobs - Page 18

About The Company Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications Experience Required: 6+ years in Cybersecurity, with 4+years Reports To: Security Operations Lead / SOC Manager Location: Jaipur Job Type: Full-time, Customer locations Job Summary We are seeking a skilled Infrastructure Operations Engineer to manage and maintain core IT infrastructure components including physical servers, operating systems, backup solutions, storage systems, databases, networking, and health monitoring tools. The ideal candidate will ensure availability, reliability, and security of the enterprise infrastructure. Key Responsibilities Physical Servers & OS: Install, configure, and maintain physical servers in data center environments. Manage operating systems (Windows/Linux), including patching, hardening, and performance tuning. Perform OS upgrades, configuration backups, and lifecycle management. Backup & Storage Administer backup tools (e.g., Veeam, Commvault, NetBackup) and ensure backup/restore success rates. Manage SAN/NAS storage solutions and perform capacity planning, replication, and snapshot management. Database Support database platforms (e.g., SQL Server, Oracle, MySQL) for patching, backup, and uptime monitoring. Work with DBA team to support infrastructure needs related to databases. Networking Perform basic configuration and troubleshooting of switches, routers, firewalls, and load balancers. Collaborate with network teams to ensure optimal connectivity and performance across environments. Health Monitoring Implement and maintain infrastructure monitoring tools (e.g., Nagios, SolarWinds, Zabbix, PRTG). Proactively monitor system health and respond to alerts to prevent outages or performance degradation. Required Skills AndQualifications Experience with server hardware (Dell, HPE, Cisco UCS). Strong knowledge of Windows/Linux system administration. Familiarity with enterprise backup and storage solutions. Basic knowledge of networking fundamentals (TCP/IP, VLANs, routing). Hands-on experience with monitoring tools and log analysis. Good scripting knowledge (PowerShell, Bash) for automation. Familiarity with endpoint/server hardening, system configuration management, and patching. Experience using configuration and compliance management tools (e.g., Ansible, Chef, SCCM, GPO). Ability to document policies, procedures, and control deviations. Preferred Qualifications ITIL Foundation or Practitioner certification. Experience in audit/compliance functions, particularly in regulated industries (BFSI, healthcare, government). Familiarity with ISO 27001, NIST 800-53, or other security frameworks. Education Requirements BE, B.Tech in IT/CS/ECE, BCA, BSc CS and MCA Certification Certifications: MCSE, RHCE, CCNA, VCP, or equivalent.

About The Company Tata Communications Redefines Connectivity with Innovation and IntelligenceDriving the next level of intelligence powered by Cloud, Mobility, Internet of Things, Collaboration, Security, Media services and Network services, we at Tata Communications are envisaging a New World of Communications Experience Required: 6+ years in Cybersecurity, with 4+ years Reports To: Security Operations Lead / SOC Manager Location: Jaipur Job Type: Full-time, Customer locations Job Summary We are seeking a skilled Infrastructure Operations Engineer to manage and maintain core IT infrastructure components including physical servers, operating systems, backup solutions, storage systems, databases, networking, and health monitoring tools. The ideal candidate will ensure availability, reliability, and security of the enterprise infrastructure. Key Responsibilities Physical Servers & OS: Install, configure, and maintain physical servers in data center environments. Manage operating systems (Windows/Linux), including patching, hardening, and performance tuning. Perform OS upgrades, configuration backups, and lifecycle management. Backup & Storage Administer backup tools (e.g., Veeam, Commvault, NetBackup) and ensure backup/restore success rates. Manage SAN/NAS storage solutions and perform capacity planning, replication, and snapshot management. Database Support database platforms (e.g., SQL Server, Oracle, MySQL) for patching, backup, and uptime monitoring. Work with DBA team to support infrastructure needs related to databases. Networking Perform basic configuration and troubleshooting of switches, routers, firewalls, and load balancers. Collaborate with network teams to ensure optimal connectivity and performance across environments. Health Monitoring Implement and maintain infrastructure monitoring tools (e.g., Nagios, SolarWinds, Zabbix, PRTG). Proactively monitor system health and respond to alerts to prevent outages or performance degradation. Required Skills And Qualifications Experience with server hardware (Dell, HPE, Cisco UCS). Strong knowledge of Windows/Linux system administration. Familiarity with enterprise backup and storage solutions. Basic knowledge of networking fundamentals (TCP/IP, VLANs, routing). Hands-on experience with monitoring tools and log analysis. Good scripting knowledge (PowerShell, Bash) for automation. Familiarity with endpoint/server hardening, system configuration management, and patching. Experience using configuration and compliance management tools (e.g., Ansible, Chef, SCCM, GPO). Ability to document policies, procedures, and control deviations. Preferred Qualifications ITIL Foundation or Practitioner certification. Experience in audit/compliance functions, particularly in regulated industries (BFSI, healthcare, government). Familiarity with ISO 27001, NIST 800-53, or other security frameworks. Education Requirements BE, B.Tech in IT/CS/ECE, BCA, BSc CS and MCA Certification Certifications: MCSE, RHCE, CCNA, VCP, or equivalent.

Description We are seeking a skilled and proactive OT/ICS Engineer to lead the setup, commissioning, and ongoing operations of the Cyber-Physical Systems (CPS) lab focused on SCADA, PLC, and Industrial Control Systems (ICS). The engineer will be responsible for system integration, operational readiness, security configurations, and maintenance of OT environments used for research, training, and simulation. Responsibilitie s Lab Setup & Commissioning Design and implement architecture for the ICS/SCADA/PLC lab setup in coordination with research and academic stakeholders. Deploy and configure industrial control hardware (PLCs, RTUs, HMIs, Sensors, Actuators, etc. Integrate SCADA software platforms (such as Siemens WinCC, Schneider EcoStruxure, GE iFIX, etc. Ensure compatibility and seamless communication via industrial protocols (Modbus, DNP3, OPC UA, etc.). Operational Management Ensure 24/7 operational readiness of the lab environment. Monitor system health and troubleshoot issues related to hardware, networks, and SCADA applications. Perform routine system backups, firmware updates, and patch management. Manage OT network segmentation, firewall policies, and VLAN configuration for secure operation. Security & Compliance Implement industrial cybersecurity best practices (NIST 800-82, IEC 62443). Conduct regular security audits and VAPT with the cyber team. Configure and maintain intrusion detection (IDS) systems for OT networks. Documentation & Suport Maintain comprehensive technical documentation: lab layouts, wiring schematics, IP assignments, access control lists, and change logs. Support students, researchers, and external teams in accessing lab infrastructure for projects and simulations. Coordinate with vendors for hardware/software maintenance, AMC, and upgrades. Eligibility B.Tech/B.E. or M.Tech in Electrical, Electronics, Instrumentation, Industrial Automation, or related field. 3+ years of hands-on experience with ICS/SCADA systems, preferably in a lab or industrial setting. Proficient in working with PLCs (Siemens, Allen Bradley, Schneider, etc.). Good understanding of industrial protocols: Modbus, Profibus, EtherNet/IP, OPCUA. Experience with OT networking and cybersecurity basics. Desired Eligibility Exposure to cybersecurity frameworks for OT (e.g., MITRE ATT&CK for ICS). Experience in setting up CPS testbeds or simulation platforms. Certifications like GICSP, ISA/IEC 62443, or CCNA Industrial would be an added advantage. Personal Attributes Strong problem-solving and troubleshooting skills. Good documentation and communication skills. Ability to work independently and with interdisciplinary teams. Keen interest in emerging technologies in the ICS and CPS domains. Travel As and when required, across the country for project execution and monitoring, as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software, along with a resume and the Latest passport-size photograph.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! We are looking for a Security Analyst to join our Cyber Fusion Center team, focusing on vulnerability management, policy compliance, and security posture management. In this role, you will support the day-to-day execution of security assessments using industry-leading tools including Qualys TruRISK Platform to detect, report, and coordinate remediation of vulnerabilities across Qualys environments. You will also contribute to improving compliance posture through policy enforcement, container and web application security testing, and audit readiness. This role is ideal for professionals passionate about security operations, compliance, and automation—driven to make an impact in a fast-paced, technology-focused environment. Key Responsibilities Vulnerability Management Program Deploy, configure, and maintain Qualys VMDR for continuous vulnerability scanning across on-premises and cloud-based assets. Manage asset groups, tag configurations, scan schedules, and coverage to ensure full visibility of security posture. Analyze scan results, identify high-risk vulnerabilities, and track remediation efforts across IT and engineering teams. Work with application owners and infrastructure teams to prioritize and resolve security issues within SLA. Generate detailed reports and executive summaries to communicate findings and track trends over time. Support integration of vulnerability data into dashboards or ticketing systems for automation and workflow management. Policy Compliance Configure and maintain the Qualys Policy Compliance (PC) module to assess systems against CIS, NIST, and internal benchmarks. Regularly review compliance scan results and coordinate with system administrators to resolve violations. Assist in developing and maintaining custom compliance policies based on organizational and regulatory requirements. Container Security Integrate container scanning tools (e.g., Qualys Container Security) into CI/CD pipelines to identify vulnerabilities in images before deployment. Monitor running containers for misconfigurations, outdated components, or privilege escalation risks. Partner with DevOps and engineering teams to embed container security best practices into the build and release lifecycle. Web Application Scanning Set up and manage Qualys WAS (Web Application Scanning) for internal and external web assets. Identify common vulnerabilities such as SQL injection, XSS, and misconfigurations in custom and third-party applications. Collaborate with application developers to review and resolve reported security issues efficiently. File Integrity Monitoring (FIM) Configure and maintain File Integrity Monitoring solutions to detect unauthorized changes in critical system and application files. Monitor alerts and ensure baselines are accurate, relevant, and maintained in line with system updates. Assist in defining rulesets and thresholds for actionable alerting. Audit & Compliance Support Contribute to internal and external audits by providing accurate reports, remediation evidence, and tool configurations. Ensure vulnerability and compliance-related controls are aligned with regulatory requirements such as ISO 27001, SOC 2, PCI-DSS, and FedRAMP. Maintain clear documentation for security tool configurations, scan schedules, and compliance mappings. Security Operations & Automation Identify opportunities for automation within the vulnerability management lifecycle using scripting or orchestration platforms. Maintain dashboards, reports, and alerting mechanisms to provide continuous visibility into security posture. Collaborate with tool vendors, especially Qualys, to resolve issues, evaluate new features, and apply platform updates. Qualifications & Experience Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field. 2–4 years of hands-on experience in vulnerability management and security operations. Strong knowledge of Qualys VMDR, PC, WAS, Container Security, and FIM. Solid understanding of security control frameworks (e.g., CIS, NIST, ISO 27001) and compliance requirements. Familiarity with cloud environments (AWS, Azure, GCP) and hybrid infrastructure security. Proficiency in reading scan results, interpreting risk levels, and advising on remediation strategies. Excellent problem-solving skills and attention to detail. Strong written and verbal communication for documentation and stakeholder coordination. Preferred certifications: Security+, CEH, Qualys Certified Specialist, ISO 27001 Internal Auditor, or similar. Good to Have Experience with automation (e.g., Python, PowerShell, APIs). Exposure to security ticketing systems (e.g., ServiceNow, Jira). Knowledge of CI/CD security integration and DevSecOps practices.

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About The Role We are seeking an experienced Security/Senior Security Consultant with strong expertise in Cisco technologies, network design, and implementation. The role involves configuring and troubleshooting routing protocols (BGP, OSPF, IS-IS, VRF, VXLAN), switching (L2/L3, VLANs, SVIs), wireless systems, and managing Cisco ISE for access control. Experience with Cisco SD-Access and DNAC is a plus. The candidate will conduct security assessments, implement security policies, and ensure compliance with industry standards. A B.E./B.Tech or related degree, along with certifications like CCNP, CISSP, or PCNSE, is preferred Key Responsibilities Understand Network design and Implementation & Troubleshooting - Strong understanding & Troubleshooting skills of Routing - BGP, IS-IS, OSPF, VRF, VXLAN, Static routing & Switching – LAN, SVIs, VLANs, L2/L3 Switch, Wireless WLC/APs. Strong understanding of TCP/IP models Design, implement, and manage Cisco ISE for network access control and identity-based security policies. Cisco SD-Access & Catalyst Center (DNAC)– Support DNAC automation, SD-Access fabric deployment, and troubleshooting, including greenfield/brownfield deployments, fabric builds, and endpoint onboarding. Conduct security assessments and provide recommendations to improve network security posture. Collaborate with IT teams to design security architectures that align with business needs and regulatory requirements. Document security policies, procedures, and configurations for compliance and operational efficiency. Basic Qualifications Education: B.E./B.Tech or master’s degree in computer science, or a related field. Proven experience in network security consulting, design, and implementation. Deep knowledge & hands-on expertise on Cisco Routing & Switching (CCNP preferred). Strong understanding & hands-on expertise on Cisco Catalyst Switches & Routers, Wireless Controllers (WLCs), Access Points (APs). Hands-on expertise with Cisco ISE (preferred), Cisco SD-Access & Catalyst Center (DNAC) (optional). Understanding of zero-trust architecture, micro-segmentation, and endpoint security. Excellent troubleshooting, analytical, and problem-solving skills. Strong communication and client-facing skills. Certifications such as CCNP Enterprise and or Security, CISSP, PCNSE, or equivalent are preferred. FTD, Palo Alto Firewall, Tetration, and StealthWatch, familiarity with industry standards and frameworks such as ISO 27001, NIST, CIS Controls, and GDPR, will be added advantage. (Not Mandatory) Preferred Qualifications Excellent communication and leadership skills. Strong analytical and problem-solving abilities. Ability to manage and mentor teams effectively. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.

We’re Hiring: Lead – SOC (Security Operations Center) Engineer 📍 Location: [Onsite/Hybrid/Remote – specify] 🕒 Experience: 6+ Years in Cybersecurity/SOC Operations 📜 Certifications Required: Valid CEH, CISSP, CISM, CompTIA Security+, or equivalent 📅 Joining: Immediate / Up to 30 Days Are you a seasoned cybersecurity professional ready to lead SOC operations, manage incident response, and strengthen enterprise security posture? We’re looking for a Lead SOC Engineer to take charge of real-time threat monitoring, incident handling, and mentoring junior analysts. Key Responsibilities Lead end-to-end SOC operations and ensure 24x7 monitoring coverage Manage security incidents: triage, analysis, containment, eradication, and recovery Perform threat hunting, log analysis, and forensic investigations Define and implement SOC playbooks, escalation procedures, and use cases Collaborate with SIEM engineers to tune and optimize correlation rules Stay up to date with latest threats, TTPs, and share insights with the team Mentor L1/L2 SOC analysts and ensure adherence to SLAs and KPIs Required Skills 6+ years in SOC operations , incident response , or threat detection Hands-on experience with SIEM tools (e.g., Splunk, QRadar, ArcSight), EDR, and SOAR Strong understanding of MITRE ATT&CK , malware analysis, and cyber kill chain Proficient in log analysis, threat intelligence integration , and reporting Valid cybersecurity certifications: CISSP, CEH, CISM, Security+, or equivalent Familiar with NIST, ISO 27001, and incident response frameworks Nice to Have Experience with cloud security monitoring (AWS/Azure/GCP) Familiarity with automation in incident response using SOAR platforms Knowledge of scripting (Python, PowerShell) for custom threat detection

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Illumio Micro Segmentation. Experience: 8-10 Years.

AML RightSource is a leading provider of anti-money laundering (AML) and financial crimes compliance solutions. Our team of experts provides our clients with the highest quality of service, while ensuring compliance with regulatory requirements. We are currently seeking a Senior SOC Analyst to join our team. Responsibilities: • Monitor and analyze security events from multiple sources, including security information and event management (SIEM) systems, network and host-based intrusion detection/prevention systems, and other security technologies. • Conduct investigations into security incidents, analyze evidence, and report findings to management. • Provide technical guidance and support to junior SOC analysts. • Develop and maintain standard operating procedures for the SOC. • Participate in security assessments and penetration testing activities. • Conduct threat hunting activities to identify and respond to advanced persistent threats (APTs). • Participate in incident response activities and coordinate with other teams to contain and remediate security incidents. • Maintain awareness of new and emerging security threats, vulnerabilities, and mitigation techniques. • Collaborate with other teams, including the IT team, to ensure the security of the organization's infrastructure and systems. • Provide regular reports to management on the SOC's performance and effectiveness. Requirements : • Bachelor's degree in computer science, Information Systems, or related field. • Minimum of 2.5 years of experience in a SOC or security operations role. • Strong knowledge of security technologies, including SIEM systems, intrusion detection/prevention systems, and other security tools. • Familiarity with security standards and frameworks, such as NIST, ISO, and SOC 2. • Experience with security incident response, including investigation, containment, and remediation. • Excellent analytical and problem-solving skills. • Ability to work well in a team environment. • Strong verbal and written communication skills. • Relevant security certifications, such as CISSP, CISM, or GSEC, are highly desirable.

About Atos Atos is a global leader in digital transformation with c. 78,000 employees and annual revenue of c. € 10 billion. European number one in cybersecurity, cloud and high-performance computing, the Group provides tailored end-to-end solutions for all industries in 68 countries. A pioneer in decarbonization services and products, Atos is committed to a secure and decarbonized digital for its clients. Atos is a SE (Societas Europaea) and listed on Euronext Paris. The purpose of Atos is to help design the future of the information space. Its expertise and services support the development of knowledge, education and research in a multicultural approach and contribute to the development of scientific and technological excellence. Across the world, the Group enables its customers and employees, and members of societies at large to live, work and develop sustainably, in a safe and secure information space. Develop and manage the organization’s cybersecurity program strategy, roadmaps, and portfolios.Lead cross-functional initiatives to implement security policies, controls, and tools.Align programs with regulatory, compliance, and industry-standard frameworks (e.g., NIST, ISO 27001, CIS).Manage program lifecycle including planning, execution, monitoring, and reporting.Collaborate with key stakeholders (IT, risk, legal, operations) to ensure program alignment.Provide executive-level reporting and status updates, including risk and performance metrics.Manage security budgets, timelines, resources, and third-party vendors.Facilitate internal and external audits, assessments, and compliance initiatives.Drive security awareness, training, and change management programs.Identify and mitigate risks associated with cybersecurity initiatives.

Business Function Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels. Job Purpose The Head of IT Infrastructure is a strategic leadership role responsible for overseeing the design, implementation, and management of the bank’s IT infrastructure, including data centres, cloud services, network systems, branch IT infrastructure, and Information Security Risk Management. The role ensures high availability, scalability, security, and efficiency of IT systems across 500+ branches in India while aligning with global IT standards and regulatory requirements. Key Responsibilities IT Infrastructure Strategy & Leadership Define and execute the IT infrastructure roadmap in alignment with business objectives and digital transformation initiatives Lead a large team of IT professionals across infrastructure, security, and operations Ensure cost-effective, scalable, and high-performance IT infrastructure solutions Data Center & Cloud Management Oversee the design, implementation, and management of on-premise data centers, hybrid cloud, and multi-cloud strategies Ensure 24/7 availability, disaster recovery, and business continuity planning Optimize data center operations for efficiency, security, and compliance (RBI, SEBI, ISO 27001, etc.) To oversee multiple projects and manage Pivot Cloud, comprising over 1200 servers and a team of 100 members, including contractors and direct employees Branch IT Infrastructure Manage the deployment, maintenance, and support of IT infrastructure across 500+ branches Ensure seamless connectivity, network security, and digital banking capabilities at branch locations Drive automation and standardization of branch IT systems for operational efficiency Information Security & Risk Management Strengthen cybersecurity posture by implementing robust security frameworks (NIST, CIS, RBI guidelines) Oversee vulnerability assessments, penetration testing, and security audits Ensure compliance with regulatory requirements (RBI, DPDPA, IT Act, etc.) and mitigate IT risks Network & Enterprise Systems Manage enterprise-wide network architecture (SD-WAN, MPLS, VPN, Zero Trust) and IT operations Lead infrastructure modernization initiatives (software-defined infrastructure, automation, AIOps) Partner with vendors, regulators, and internal stakeholders for seamless IT service delivery Budget & Vendor Management Develop and manage the IT infrastructure budget, ensuring cost optimization Evaluate and manage third-party vendors, cloud providers, and outsourcing partners Requirements Education: Bachelor’s or master’s degree in computer science, IT, or related field. Certifications like CISM, CISSP, ITIL, TOGAF, or cloud certifications (AWS/Azure/GCP) are preferred. Experience: 20+ years in IT infrastructure leadership, with at least 8-10 years in banking/financial services. Technical Expertise Strong knowledge of data center operations, cloud technologies, and network security Experience in managing large-scale IT infrastructure for distributed branch networks In-depth understanding of RBI cybersecurity guidelines and financial sector compliance Leadership Skills: Proven ability to lead large teams, influence stakeholders, and drive digital transformation Key Competencies Strategic thinking & innovation Risk management & regulatory compliance Vendor & stakeholder management Strong decision-making & problem-solving skills Excellent communication & leadership Primary Location India-Maharashtra-Mumbai Job Technology Schedule Regular Job Type Full-time Job Posting Jul 25, 2025, 8:00:00 AM

As our first dedicated AI/ML hire , you’ll architect and ship the core learning systems that make our platform selfoptimizing. What you’ll build & own Horizon Highimpact work 03 months • Stand up modelserving infra (Vertex AI or GKE) for policy nets. • Productionize CUPED variancereduction pipeline in BigQuery ML. • Pair with founder to feed reward signals into the agentic runtime. 39 months • Ship realtime ReinforcementLearning Budget Optimizer (Thompson Sampling → PPO). • Automate syntheticcontrol jobs on Vertex AI for geolocked campaigns. • Build a feature store merging offline postal scans & streaming web events. 918 months • Finetune LLMs with LoRA/QLoRA for dynamic copy & template generation and craft robust prompt libraries (system / user prompts, chainofthought, compression). • Launch experimentdesign module (fractionalfactorial). • Mentor incoming ML/Data hires; set MLOps standards. You might be a fit if you have  5 + yrs production ML / dataplatform engineering (Python or Go/Kotlin).  Deployed RL or bandit systems (ad budget, recommender, or game AI) at scale.  Fluency with BigQuery / Snowflake SQL & ML plus streaming (Kafka / Pub/Sub).  Handson LLM finetuning using LoRA/QLoRA and proven promptengineering skills (system / assist hierarchies, fewshot, prompt compression).  Comfort running GPU & CPU model serving on GCP (Vertex AI, GKE, or baremetal K8s).  Solid causalinference experience (CUPED, diffindiff, synthetic control, uplift).  CI/CD, IaC (Terraform or Pulumi) & observability chops (Prometheus, Grafana).  Bias toward shipping working software over polishing research papers. Bonus points for:  Postal/geo datasets, adtech, or martech domain exposure.  Packaging RL models as secure microservices.  VPCSC, NIST, or SOC2 controls in a regulated data environment.

Job Description Say yes to a better tomorrow! SHL, People Science. People Answers. Ever wondered what it takes to defend a company’s digital infrastructure against evolving cyber threats? We’re seeking a Network Security Engineer to protect SHL’s networks and cloud environments by designing and implementing cutting-edge security solutions. If you excel at decoding intricate security difficulties, monitoring for threats, and driving proactive defences while collaborating across teams, this role offers a unique chance to make a tangible impact. Can you blend deep technical expertise, strategic insight, and a vigilant mindset to keep our systems secure and resilient? If so, we’d love to hear your vision! A great benefits package is offered in a culture where career development, with ongoing manager guidance, collaboration, flexibility, diversity and inclusivity are all intrinsic to our culture. There is a huge investment in SHL currently so there ’ s no better time to become a part of something transformational. What You’ll Be Doing Design and guide network security tools—firewalls, IDS/IPS, VPNs, SASE. Implement AWS security services (WAF, Shield, GuardDuty, IAM, Security Hub). Monitor network activity and attend to security incidents. Troubleshoot application, network, and authentication issues. Conduct risk assessments, firewall reviews, and assist audits. Collaborate across teams to strengthen security posture. Essential What We’re Looking For TCP/IP, routing, switching, SD-WAN, DNS, and load balancing. Familiarity with cloud security and AWS security services. Incident response, scripting (Python, PowerShell), and monitoring tools (SolarWinds, PRTG). Familiarity with NIST, ISO 27001, and CIS frameworks. Excellent troubleshooting, communication, and collaboration experience. Desirables Incident management and ticketing systems like ServiceNow or Jira. Experience with cloud network infrastructure (AWS, Azure, Google Cloud) Prior experience aiding 24x7 operations in a global NOC environment. Get In Touch Find out how this unique opportunity can help you achieve your career goals by applying to our knowledgeable Talent Acquisition team. Choose a new path with SHL. Apply now and secure your future with SHL. #NetworkSecurity #SHLCareers About Us We unlock the possibilities of businesses through the power of people, science and technology. We started this industry of people insight more than 40 years ago and continue to lead the market with powerhouse product launches, ground-breaking science and business transformation. When you inspire and transform people’s lives, you will experience the greatest business outcomes possible. SHL’s products insights, experiences, and services can help achieve growth at scale. What SHL Can Offer You SHL is an equal opportunity employer. We support and encourage applications from a diverse range of candidates. We can, and do make adjustments to make sure our recruitment process is as inclusive as possible.

As an experienced Application Security Manager, you will play a crucial role in leading our security initiatives to ensure the integrity, confidentiality, and availability of our systems and data. Your responsibilities will involve integrating security tools, standards, and processes into the product life cycle (PLC), training developers and QA personnel on security knowledge, supporting application security tool deployments, and managing periodic penetration testing exercises. You will be tasked with creating, integrating, and managing threat modeling processes/practices, following SSDLC and application framework, as well as managing secure configuration/hardening guidelines and compliance. Additionally, you will need to create and manage application security KPIs, KRIs compliance reports, and dashboards. Your role will also require hands-on experience with tools and processes related to SAST, DAST, API Security, and Threat Modelling. Furthermore, you will oversee Infosec functions by coordinating with various stakeholders such as the App Team, Vendors, Auditors, and Regulators. It is essential to have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST, as well as experience with cloud environments (AWS) and WAF (Imperva, Akamai). Knowledge of Network and Data Security is considered a plus. In terms of qualifications and experience, we are looking for candidates with 8-10 years of hands-on experience in application security. A strong understanding of application security best practices, frameworks, and security technologies is required. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes is essential. Familiarity with regulatory requirements and compliance standards, such as RBI and SEBI, is beneficial. Excellent communication, interpersonal, analytical, and problem-solving skills are important for this role. A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required, while a Master's degree or relevant certifications are preferred.,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 3 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security challenges. Roles & Responsibilities: - Expected to perform independently and become an SME. - Required active participation/contribution in team discussions. - Contribute in providing solutions to work related problems. - Conduct regular assessments of cloud security measures to identify areas for improvement. - Collaborate with cross-functional teams to ensure alignment of security practices with business objectives. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM). - Strong understanding of cloud security principles and best practices. - Experience with security incident response and management. - Familiarity with compliance frameworks such as ISO 27001, NIST, or GDPR. - Knowledge of network security protocols and technologies. Additional Information: - The candidate should have minimum 3 years of experience in Security Information and Event Management (SIEM). - This position is based at our Chennai office. - A 15 years full time education is required., 15 years full time education

Bengaluru, Karnataka Job ID JR2025453770 Category Cybersecurity Role Type Hybrid Post Date Jul. 25, 2025 Job Description At Boeing, we innovate and collaborate to make the world a better place. We’re committed to fostering an environment for every teammate that’s welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us. Overview As a leading global aerospace company, Boeing develops, manufactures, and services commercial airplanes, defense products, and space systems for customers in more than 150 countries. As a top U.S. exporter, the company leverages the talents of a global supplier base to advance economic opportunity, sustainability, and community impact. Boeing’s team is committed to innovating for the future, leading with sustainability, and cultivating a culture based on the company’s core values of safety, quality, and integrity. Technology for today and tomorrow The Boeing India Engineering & Technology Center (BIETC) is a 5500+ engineering workforce that contributes to global aerospace growth. Our engineers deliver cutting-edge R&D, innovation, and high-quality engineering work in global markets, leveraging new-age technologies such as AI/ML, IIoT, Cloud, Model-Based Engineering, and Additive Manufacturing, shaping the future of aerospace. People-driven culture At Boeing, we believe creativity and innovation thrive when every employee is trusted, empowered, and has the flexibility to choose, grow, learn, and explore. We offer variable arrangements depending upon business and customer needs, and professional pursuits that offer greater flexibility in the way our people work. We also believe that collaboration, frequent team engagements, and face-to-face meetings bring together different perspectives and thoughts – enabling every voice to be heard and every perspective to be respected. No matter where or how our teammates work, we are committed to positively shaping people’s careers and being thoughtful about employee wellbeing. With us, you can create and contribute to what matters most in your career, community, country, and world. Join us in powering the progress of global aerospace. Jeppesen is seeking an Lead Governance, Risk, and Compliance (GRC) Specialist . This position will be based in Bangalore, India . The GRC Specialist role is a multifaceted role performing a host of compliance duties in support of the Jeppesen aviation software business. Additionally, this role will work in support of compliance in a variety of national and international frameworks ensuring that Jeppesen meets and exceeds minimum risk and compliance with security controls supporting these frameworks. This role will supplement GRC Compliance Specialists, GRC Risk Management Specialists and ISMS owners. This role will focus on defining, quantitating, and developing materials such as Plan of Action & Milestone(s) (POA&M) to mitigate and resolve risks across Jeppesen. This role must see broader impacts of risks and be capable of relating risks to key stakeholders. This role will work with risks on different levels, from a technical product and vulnerability perspective to a more holistic organizational view. The role will also support compliance efforts by assisting in analyzing security practices and controls for the various frameworks, analyze Jeppesen’s current state, analyze the deficiencies between current Jeppesen state and implementation of controls, determine corrective measures to address deficiencies, plan appropriate steps to implement corrections, track the implementation of corrective actions, and provide internal self-audits of both processes and operational implementation of the controls. This role works across the organization and is expected to communicate effectively with leadership, operations, and development in ensuring that Jeppesen establishes and maintains a world-class compliance team. Domestic and international travel may be required to support audit and compliance efforts at Jeppesen locations in the US and worldwide. This is not estimated to be more than 15% of the employee’s time. Position Responsibilities Communicate with groups from C-Level Executives to operations and development Willingness to speak truth on security compliance regardless of audience; the role must be willing to express deficiencies when deficiencies exist Understand compliance frameworks and how they interrelate in terms of controls Decompose security controls into actionable requirements Define, write, and formally document policies, standards, procedures, guidelines, and baselines Test policies, standards, procedures, guidelines, and baselines for compliance to security frameworks Determine non-compliance and/or deficiencies between control expectations and current implementation including ability to provide guidance to fully meet intention of the security control Analyze schedule and budgets to determine if tasks are achievable Understands risk management including business risk management, operational risk management, and development risk management Problem solver; a desire to see problems as challenges to be resolved Continue to learn and improve skills through both JEPPESEN provided training and self-training Basic Qualifications (Required Skills/Experience): Ability to quickly change from one task to another Ability to work in a team and independently as needed by task A minimum of 3 years of experience working in compliance and/or auditor role in a highly regulated environment Experience working cross-functional teams providing guidance and improvements Experience in vulnerability management, patch management, or similar Experience in at least one of the following security frameworks: NIST, ISO 27001, CMMC 2.0, COBIT, Cyber Essentials, etc. Preferred Qualifications: Bachelor’s degree or similar level of experience in a technical field Security or compliance certification such as CISSP, CISA, CISM, CCP, CCA, ISO 27001 Auditor, etc. Ability to effectively discuss security frameworks in detail in how compliance works to shape a business and/or business unit Ability to take non-specific technical controls and data and relate them to technical implementations Experience working in Change Control Boards (CCBs) or other oversight groups Experience auditing businesses, business units, or teams for compliance to a security framework Experience in regulations such as GDPR, HIPAA, FISMA, etc. Experience in technical roles such as security operations, boundary defense, vulnerability management Typical Education & Experience: Bachelor’s degree or higher in Computer Science, Information Technology, or a related field, with 11+ years of relevant work experience. Master's degree with 10+ years' experience. Relocation: This position offers relocation based on candidate eligibility. Applications for this position will be accepted until Aug. 08, 2025 Export Control Requirements: This is not an Export Control position. Education Bachelor's Degree or Equivalent Required Relocation Relocation assistance is not a negotiable benefit for this position. Visa Sponsorship Employer will not sponsor applicants for employment visa status. Shift Not a Shift Worker (India) Equal Opportunity Employer: We are an equal opportunity employer. We do not accept unlawful discrimination in our recruitment or employment practices on any grounds including but not limited to; race, color, ethnicity, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military and veteran status, or other characteristics covered by applicable law. We have teams in more than 65 countries, and each person plays a role in helping us become one of the world’s most innovative, diverse and inclusive companies. We are proud members of the Valuable 500 and welcome applications from candidates with disabilities. Applicants are encouraged to share with our recruitment team any accommodations required during the recruitment process. Accommodations may include but are not limited to: conducting interviews in accessible locations that accommodate mobility needs, encouraging candidates to bring and use any existing assistive technology such as screen readers and offering flexible interview formats such as virtual or phone interviews. Your Benefits No matter where you are in life, our benefits help prepare you for the present and the future. Competitive base pay and incentive programs. Industry-leading tuition assistance program pays your institution directly. Resources and opportunities to grow your career. Up to $10,000 match when you support your favorite nonprofit organizations.

About Allica Bank Allica is the UK’s fastest growing company - and the fastest-growing financial technology (Fintech) firm ever. Our purpose is to help established SMEs, one of the last major underserved opportunities in Fintech. Established SMEs are the backbone of local communities - representing over a third of our economy - yet have been largely neglected both by traditional high street banks and modern fintech providers. Department Description The Allica Security team play a key role in protecting the bank and are responsible for all aspects of security surrounding Applications, Infrastructure and Security Operational Policy. Our mission is to provide the best-in-class security to protect the bank. We live and breathe the Allica values and deliver services intelligently using automation, intelligence, and innovation. Role Description We are looking for an experienced Identity and Access Management SME to join our security team to help reduce security risks by improving IAM infrastructure and controls. The person we are looking for would work closely with the engineering teams and will require a mix of technical knowledge and collaborative skills. As part of the Information Security team, you will be supporting Allica’s fast growth momentum with the design, implementation and maintenance of the tools which help to support out internal employees, as well as Allica’s customers. You will work with stakeholders across the business to support Information Security objectives, as well as those related to the wider bank. Principal Accountabilities Operate and maintain the identity platform – Ensure continuous, secure operation of PingFederate, PingAccess, PingDirectory and PingOne MFA across two Azure regions, achieving a minimum 99.95 percent service availability. Architect and deliver integrations – Define, document and govern reusable patterns for OIDC/OAuth 2.0, SAML 2.0, SCIM, FIDO2/WebAuthn and mTLS to support customer-facing applications, APIs and third-party SaaS. Automate infrastructure and configuration – Implement infrastructure-as-code (Terraform) and Git-based CI/CD pipelines; enforce zero-touch certificate and secret management via Azure Key Vault. Execute hardening and lifecycle management – Plan, test and deploy product upgrades, schema modifications and security patches, maintaining the estate at N-1 or later for all Ping components. Design, perform regular chaos and fail-over exercises, and maintain disaster-recovery artefacts that meet stated RTO/RPO targets. Provide observability and incident response – Develop telemetry dashboards configure actionable alerts and lead incident triage with Security Operations and Incident response team. Produce documentation and knowledge transfer – Maintain comprehensive runbooks, architecture artefacts and compliance evidence, mentor platform and development teams in secure integration practices. Attributes Specialised Ping expertise – Minimum five years’ production experience administering and upgrading PingFederate, PingAccess and PingDirectory in multi-region environments. Microsoft Entra proficiency – Demonstrable capability with Conditional Access, Identity Governance, External ID and Graph-based automation. Protocol depth – Advanced knowledge of OAuth 2.0/OIDC, SAML 2.0, SCIM, LDAP, mTLS and FIDO2/WebAuthn, including packet-level troubleshooting. Infrastructure-as-code discipline – Proven use of Terraform or Bicep, with CI/CD pipelines in Azure DevOps or GitHub Actions, and scripting fluency in PowerShell, Bash or Python. Security and regulatory acumen – Working understanding of PSD2/Open Banking, PCI-DSS, ISO 27001, PRA/FCA operational-resilience expectations and NIST 800-207 zero-trust principles. Having expertise in SailPoint would be a valuable addition, particularly given its relevance to current and upcoming IAM-related initiatives. Reliability engineering mindset – Experience defining SLOs, managing error budgets, conducting chaos engineering and producing rigorous root-cause analyses. Analytical and sceptical approach – Ability to challenge architectural assumptions, facilitate threat-modelling workshops and substantiate recommendations with empirical data. Exceptional communication skills – Adept at translating complex identity concepts for technical and executive audiences and influencing stakeholders across the organisation. Commitment to continuous improvement – Evidenced engagement with the Ping and broader IAM community, proactive adoption of emerging features and tools that materially enhance security or efficiency. Working at Allica Bank At Allica Bank we want to ensure our employees have the right tools and environment in which to succeed in their role and in support of our customers. Our employees are at the heart of everything we do, so our benefits are designed with you in mind: Full onboarding support and continued development opportunities Options for flexible working Regular social activities Pension contributions Discretionary bonus scheme Private health cover Life assurance Family friendly policies including enhanced Maternity & Paternity leave Don’t tick every box? Don’t worry if you don’t have all the skills or requirements listed on the job description. If you think you’ll be a good fit, we’d still love to hear from you! Flexible working We know the ‘9-to-5’ isn’t right for everyone. That’s why Allica Bank is fully committed to flexible and hybrid working. Please let us know what is best for you and, if we can, we will do our best to accommodate. Diversity We’re a diverse bunch here at Allica, with all kinds of experiences, backgrounds and lifestyles. Our openness and differences make us stronger, and we want everybody to feel comfortable bringing as much of themselves to work with them as they like.

As a Team Leader based in Bengaluru, you will play a crucial role in establishing and leading a dedicated team within our Center of Excellence (CoE) focused on testing IT general controls and IT automated application controls. Your primary responsibility will involve managing a team dedicated to testing internal controls to ensure controls assurance for our Financial Services entities in the UK and Ireland. You will be the subject matter expert advising the Risk team on controls design, deficiencies evaluation, and process improvements based on best practices and regulatory expectations. Your dynamic personality and ability to adapt to a fast-paced environment are essential for success in this role. Key responsibilities of the role include: - Managing and guiding a team of testers to facilitate their professional development - Taking ownership of team results and providing leadership to achieve targets and deadlines - Supporting the end-to-end testing cycle by designing and executing testing activities of IT general controls and IT automated application controls - Analyzing and interpreting information to assess testing areas and documenting findings clearly - Identifying gaps in design and execution, communicating issues, and making recommendations to the IC&A team and control owners - Developing and maintaining comprehensive documentation, including process walkthroughs and control testing documentation - Collaborating with IC&A to strengthen internal controls, mitigate risks, and support the business in achieving objectives - Building partnerships with various departments and constantly seeking improvements in processes and controls - Participating in recruitment and onboarding processes for new team members The ideal candidate for this role will possess: - 5-8 years of experience in IT compliance, internal controls, internal/external audit, with experience leading teams in an international setting - Strong background in regulatory compliance audits (including SOx) and internal control testing - Experience in designing and testing IT general controls and IT automated application controls - Knowledge of interface controls, Continuous Control Monitoring (CCM), and risk management frameworks like SOx, COSO, NIST, COBIT - Strong stakeholder management and project management skills - Ability to multitask, manage priorities effectively, and make decisions independently - Professional certification such as CISA/CRISC and a relevant Bachelor's degree - Experience in auditing SAP or other ERPs, IT controls in a cloud-native environment, and reviewing source code in languages like Python, Java, C++, SQL - Experience in technology-based product development, DevOps processes, and cloud audit would be advantageous If selected for this position, your personal data may be subject to pre-employment screening checks as permitted by applicable law, including employment history, education, and other necessary information to assess your qualifications and suitability for the role.,

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Risk Consulting - Protect Tech – Senior (IT audit – General skills) Key Responsibilities Your key responsibilities will include: Consistently deliver quality client services. Drive high-quality work products within expected timeframes and on budget. Monitor progress manage risk and ensure key stakeholders are kept informed about progress and expected outcomes. Foster relationships with client personnel to analyse, evaluate, and enhance information systems to develop and improve security at procedural and technology levels. Use knowledge of the current IT environment and industry trends to identify engagement and client service issues and communicate this information to the engagement team and client management through written correspondence and verbal presentations. Stay abreast of current business and industry trends relevant to the client's business. Demonstrate deep technical capabilities and professional knowledge. Demonstrate ability to quickly assimilate to new knowledge. Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 3-6 years of related work experience At least 2-4 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX Implementation and Testing of internal controls such as IT general controls, IT application controls, IPE related controls, interface controls etc. Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc. IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc. Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Job Description About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS) Strong understanding of security risks in networks and application platforms Strong understanding of network security, infrastructure security and application security Strong understanding of OSI, TCP/IP model and network basics Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms Broad knowledge of security technologies for applications, databases, networks, servers, and desktops Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones. Scripting and programming experience is beneficial Ability to perform manual penetration testing Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments to assist in enterprise security efforts. Apply this security research into assessments. Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests. Work with stakeholders to remediate system vulnerabilities. Train team members and colleagues on the latest cybersecurity tactics, techniques, and procedures (TTPs) to grow the skill of the firm Understanding of various security technologies including end point security, perimeter security, advanced threat protection, malware defense and security management Expertise in the phases of penetration testing. Familiarity with Kali Linux distribution and the associated penetration testing tools suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag exercises considered a plus. Good Understanding of OWASP top 10 and mitigation techniques Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues Database testing: MySQL, Oracle, NoSQL Understanding of cyber security management, cyber analytics, security intelligence platforms and threat intelligence frameworks Writing business proposals and response to client RFP/ RFIs Identifying business opportunities and lead delivery and program management for large cyber security programs Delivery team and client relationship management Experience on both commercial, open source tools and frameworks but not limited: Burpsuite, Metasploit, Core-Impact, Kali-Linux, AppScan, WebInspect, SSLScan, Soap UI Pro, SonarQube, Qualys, Nikto, Nessus, nmap, sqlmap, OWASP ZAP Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Qualifications B.Tech, B.E.

As an Attack Surface Reduction Analyst at H&M, you will play a crucial role in identifying potential security risks and vulnerabilities within the organization's systems, applications, and networks. Your responsibilities will include conducting comprehensive vulnerability assessments and penetration tests, utilizing industry-standard tools to identify weaknesses in our attack surface, and collaborating with cross-functional teams to prioritize and remediate vulnerabilities in a timely manner. Additionally, you will be involved in managing third-party penetration testing engagements, developing security policies and procedures, and staying up to date with the latest cybersecurity trends. To excel in this role, you should possess a Bachelor's degree in computer science, information security, or a related field, along with 3-5 years of experience in vulnerability scanning, vulnerability management, and penetration testing. Strong knowledge of common vulnerabilities, security best practices, and industry frameworks such as NIST, OWASP, and CIS is essential. Proficiency in using industry-standard vulnerability assessment and penetration testing tools, effective communication skills, and relevant certifications like SANS, OSCP, or CompTIA Security+ are also advantageous. At H&M, we value our employees and offer attractive benefits, extensive development opportunities, and a vibrant work culture. If you are looking to grow your career in a supportive and inclusive environment, we encourage you to join our team. Please apply by submitting your CV in English through SmartRecruiters or our career page before the 30th of June 2025. We look forward to welcoming you on board in August 2025.,

Overview We’re looking for a skilled and experienced VAPT Engineer (Level 2/3) with 8+ years of hands-on experience in vulnerability assessment and penetration testing across enterprise environments. In this role, you’ll lead advanced security testing efforts, simulate real-world attack scenarios, and guide remediation strategies to strengthen the organization’s security posture. Total Experience 8+ years of hands-on experience Job Skills Bachelor’s or Master’s in Computer Science, Cybersecurity, or a related field Strong understanding of network protocols, OS internals (Linux/Windows), and cloud platforms (AWS, Azure, or GCP) Hands-on scripting skills in Python, Bash, or PowerShell Experience with DevSecOps practices, CI/CD integration, and container security (Docker/Kubernetes) Solid grasp of secure coding principles, reverse engineering, and exploit development Relevant certifications such as OSCP, CEH, GPEN, LPT, or CISSP are highly preferred Responsibilities Lead penetration testing across web, mobile, cloud, and infrastructure (Black-box, Grey-box, White-box) Perform manual and automated vulnerability assessments using tools like Burp Suite, Nessus, Metasploit, Nmap, and custom scripts Conduct threat modeling and risk assessments for business-critical systems Document findings with clear, actionable remediation plans and deliver comprehensive technical reports Collaborate with DevOps, IT, and Security teams to prioritize and resolve vulnerabilities Mentor junior VAPT engineers and review their assessment reports for quality and accuracy Stay current with emerging threats, zero-day vulnerabilities, and modern attack techniques Ensure testing practices align with industry standards including OWASP, NIST, ISO 27001 Participate in security audits, incident response activities, and red team engagements Apply Now

THIS JOB IS FOR HYDERABAD LOCATION. Overview Information Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Maintains hardware, software and network firewalls and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Job Code Tip: May be internal or external, client-focused, working in conjunction with Professional Services and outsourcing functions. May include company-wide, web-enabled solutions. Individuals whose primary focus is on developing, testing, debugging and deploying code or processing routines that support security protocols for an established system or systems should be matched to the appropriate Programmer or Programmer/Analyst family in the Information Technology/MIS functional area. Responsibilities Should have process knowledge and technical knowledge on any of the SIEM tools ( like Qradar, LogRhythm, AlienVault, Splunketc). L2/L3 level is added advantage. Should have process knowledge and technical knowledge in AV tools like Symantec, McAfee, Trend Microetc. L2/L3 level is added advantage. Should have knowledge in managing Vulnerability tools and various remediation efforts. Review security logs generated by applications, devices and other systems, taking action or escalating to appropriate teams as needed. Enforce incident response service level agreement. Work with the global IT Security team to analyze, test and recommend tools to strengthen the security posture of the company Create and maintain operational reports allowing IT management team to understand the current and historical landscape of the IT security risks Vulnerability management assessment and remediation Participate in daily and ad-hoc meetings related to cyber security, controls and compliance, processes and documentation related tasks Research the latest information technology (IT) security trends Help plan and carry out an organizations way of handling security Develop security standards and best practices for the organization Recommend security enhancements to management or senior IT staff Document security breaches and assess the damage they cause. Performs other duties as assigned. Uphold the companys core values of Integrity, Innovation, Accountability, and Teamwork. Demonstrate behavior consistent with the companys Code of Ethics and Conduct. It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem. Duties may be modified or assigned at any time to meet the needs of the business. Qualifications B. Tech, B.E or M.C.A 2-5 years Experience working in a Security Operations Center 2 years minimum in the computer industry Knowledge working with complex Windows environments Knowledgeable in various security frameworks such as NIST 800-53 / NIST 800-171 / ISO27001 Knowledge in design and administration of security tools Good written and verbal communication skills

THIS JOB IS FOR HYDERABAD LOCATION. Overview Information Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Maintains hardware, software and network firewalls and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Job Code Tip: May be internal or external, client-focused, working in conjunction with Professional Services and outsourcing functions. May include company-wide, web-enabled solutions. Individuals whose primary focus is on developing, testing, debugging and deploying code or processing routines that support security protocols for an established system or systems should be matched to the appropriate Programmer or Programmer/Analyst family in the Information Technology/MIS functional area. Responsibilities Should have process knowledge and technical knowledge on any of the SIEM tools ( like Qradar, LogRhythm, AlienVault, Splunketc). L2/L3 level is added advantage. Should have process knowledge and technical knowledge in AV tools like Symantec, McAfee, Trend Microetc. L2/L3 level is added advantage. Should have knowledge in managing Vulnerability tools and various remediation efforts. Review security logs generated by applications, devices and other systems, taking action or escalating to appropriate teams as needed. Enforce incident response service level agreement. Work with the global IT Security team to analyze, test and recommend tools to strengthen the security posture of the company Create and maintain operational reports allowing IT management team to understand the current and historical landscape of the IT security risks Vulnerability management assessment and remediation Participate in daily and ad-hoc meetings related to cyber security, controls and compliance, processes and documentation related tasks Research the latest information technology (IT) security trends Help plan and carry out an organizations way of handling security Develop security standards and best practices for the organization Recommend security enhancements to management or senior IT staff Document security breaches and assess the damage they cause. Performs other duties as assigned. Uphold the companys core values of Integrity, Innovation, Accountability, and Teamwork. Demonstrate behavior consistent with the companys Code of Ethics and Conduct. It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem. Duties may be modified or assigned at any time to meet the needs of the business. Qualifications B. Tech, B.E or M.C.A 2-5 years Experience working in a Security Operations Center 2 years minimum in the computer industry Knowledge working with complex Windows environments Knowledgeable in various security frameworks such as NIST 800-53 / NIST 800-171 / ISO27001 Knowledge in design and administration of security tools Good written and verbal communication skills

THIS JOB IS FOR HYDERABAD LOCATION. Overview Information Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Maintains hardware, software and network firewalls and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Job Code Tip: May be internal or external, client-focused, working in conjunction with Professional Services and outsourcing functions. May include company-wide, web-enabled solutions. Individuals whose primary focus is on developing, testing, debugging and deploying code or processing routines that support security protocols for an established system or systems should be matched to the appropriate Programmer or Programmer/Analyst family in the Information Technology/MIS functional area. Responsibilities Should have process knowledge and technical knowledge on any of the SIEM tools ( like Qradar, LogRhythm, AlienVault, Splunketc). L2/L3 level is added advantage. Should have process knowledge and technical knowledge in AV tools like Symantec, McAfee, Trend Microetc. L2/L3 level is added advantage. Should have knowledge in managing Vulnerability tools and various remediation efforts. Review security logs generated by applications, devices and other systems, taking action or escalating to appropriate teams as needed. Enforce incident response service level agreement. Work with the global IT Security team to analyze, test and recommend tools to strengthen the security posture of the company Create and maintain operational reports allowing IT management team to understand the current and historical landscape of the IT security risks Vulnerability management assessment and remediation Participate in daily and ad-hoc meetings related to cyber security, controls and compliance, processes and documentation related tasks Research the latest information technology (IT) security trends Help plan and carry out an organizations way of handling security Develop security standards and best practices for the organization Recommend security enhancements to management or senior IT staff Document security breaches and assess the damage they cause. Performs other duties as assigned. Uphold the companys core values of Integrity, Innovation, Accountability, and Teamwork. Demonstrate behavior consistent with the companys Code of Ethics and Conduct. It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem. Duties may be modified or assigned at any time to meet the needs of the business. Qualifications B. Tech, B.E or M.C.A 2-5 years Experience working in a Security Operations Center 2 years minimum in the computer industry Knowledge working with complex Windows environments Knowledgeable in various security frameworks such as NIST 800-53 / NIST 800-171 / ISO27001 Knowledge in design and administration of security tools Good written and verbal communication skills

THIS JOB IS FOR HYDERABAD LOCATION. Overview Information Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Researches attempted or successful efforts to compromise systems security and designs countermeasures. Maintains hardware, software and network firewalls and encryption protocols. Administers security policies to control physical and virtual access to systems. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Job Code Tip: May be internal or external, client-focused, working in conjunction with Professional Services and outsourcing functions. May include company-wide, web-enabled solutions. Individuals whose primary focus is on developing, testing, debugging and deploying code or processing routines that support security protocols for an established system or systems should be matched to the appropriate Programmer or Programmer/Analyst family in the Information Technology/MIS functional area. Responsibilities Should have process knowledge and technical knowledge on any of the SIEM tools ( like Qradar, LogRhythm, AlienVault, Splunketc). L2/L3 level is added advantage. Should have process knowledge and technical knowledge in AV tools like Symantec, McAfee, Trend Microetc. L2/L3 level is added advantage. Should have knowledge in managing Vulnerability tools and various remediation efforts. Review security logs generated by applications, devices and other systems, taking action or escalating to appropriate teams as needed. Enforce incident response service level agreement. Work with the global IT Security team to analyze, test and recommend tools to strengthen the security posture of the company Create and maintain operational reports allowing IT management team to understand the current and historical landscape of the IT security risks Vulnerability management assessment and remediation Participate in daily and ad-hoc meetings related to cyber security, controls and compliance, processes and documentation related tasks Research the latest information technology (IT) security trends Help plan and carry out an organizations way of handling security Develop security standards and best practices for the organization Recommend security enhancements to management or senior IT staff Document security breaches and assess the damage they cause. Performs other duties as assigned. Uphold the companys core values of Integrity, Innovation, Accountability, and Teamwork. Demonstrate behavior consistent with the companys Code of Ethics and Conduct. It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem. Duties may be modified or assigned at any time to meet the needs of the business. Qualifications B. Tech, B.E or M.C.A 2-5 years Experience working in a Security Operations Center 2 years minimum in the computer industry Knowledge working with complex Windows environments Knowledgeable in various security frameworks such as NIST 800-53 / NIST 800-171 / ISO27001 Knowledge in design and administration of security tools Good written and verbal communication skills