3740 Nist Jobs - Page 33

All roles at JumpCloud are Remote unless otherwise specified in the Job Description. About JumpCloud JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud®, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform. JumpCloud® is IT Simplified. About the Role: We are seeking a Staff Product Manager with deep expertise in AI, Data Science, and Cybersecurity to lead the development of a transformative Security Data Fabric and Exposure Management Platform (ISPM, ITDR etc). In a world of siloed security tools and scattered data, your mission is to turn data chaos into clarity—helping organizations see, understand, and act on their cyber risk with precision and speed. The JumpCloud access and authentication team is changing the way IT admins and users authenticate to their JumpCloud managed IT resources for a frictionless experience to get work done. The days of the traditional corporate security perimeter are over. Remote work – and the domainless enterprise – are here to stay. As such, we believe securing all endpoints is at the crux of establishing trust, granting resource access, and otherwise managing a modern workforce. Our Cloud Directory Platform supports diverse IT endpoints from devices, SSO applications, infrastructure servers, RADIUS, and LDAP is making it easy for IT admins to manage the authentication required from MFA to zero trust using conditional access based on Identity Trust, Network Trust, Geolocation Trust, and Device Trust based on X509 certificates. If you want to build on this success and drive the future of authentication at JumpCloud come join us. You’ll be at the forefront of designing a next-generation data platform that: Creates a Security Data Fabric to unify signals from across the attack surface Uses AI to resolve entities and uncover hidden relationships Drives real-time Exposure Management to reduce risk faster than adversaries can act You will be responsible for: Define and drive the product strategy for the Security Data Fabric and Exposure Management platform (ISPM, ITDR etc) , aligned with customer needs and business goals Engage with CISOs, security analysts, and risk leaders to deeply understand pain points in exposure management and cyber risk visibility. Translate strategic objectives into clear, actionable product requirements that leverage AI/ML and data science to unify and contextualize security signals Collaborate closely with engineering, data science, UX, sales, and security research to deliver scalable and performant solutions Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics Champion a data-centric mindset—shaping features like entity resolution, risk scoring, and automated remediation workflows powered by advanced analytics You Have: 10+ years of experience in product management, with at least 5 years in cybersecurity or enterprise AI/data products Deep understanding of AI/ML, data science, entity resolution, and knowledge graphs in practical applications Experience building or integrating security analytics, threat detection, vulnerability management, or SIEM/XDR solutions Ability to untangle the interconnectedness of the complex authentication mess and simplify the same to drive the cross-functional team in the same direction Proven ability to define and deliver complex B2B platforms, especially in data-heavy, high-stakes environments Excellent communication and storytelling skills to align cross-functional teams and influence stakeholders Nice to have: Experience with graph databases, ontologies, or large-scale entity disambiguation Familiarity with security standards (MITRE ATT&CK, CVSS, etc.) and frameworks (NIST CSF, ISO 27001 etc) Prior experience launching products in cloud-native or hybrid enterprise environments Degree in Computer Science, Information Systems or Engineering. MBA is a plus Where you’ll be working/Location: JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description. This role is remote in the country of India. You must be located in and authorized to work in India to be considered for this role. Language: JumpCloud® has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud®, you will be required to speak and write in English fluently. Any additional language requirements will be included in the details of the job description. Why JumpCloud? If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud® is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about. One of JumpCloud®'s three core values is to “Build Connections.” To us that means creating " human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed." - Rajat Bhargava, CEO Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud®. Please note JumpCloud® is not accepting third party resumes at this time. JumpCloud® is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. Scam Notice: Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment. All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at recruiting@jumpcloud.com with the subject line "Scam Notice" #BI-Remote

Role & responsibilities : Conduct thorough and detailed cyber risk assessments for our clients, analyzing their digital infrastructure, systems, and security controls. Collaborate with cross-functional teams to gather essential information and data required for comprehensive risk assessments. Evaluate and interpret assessment results to identify potential vulnerabilities and risks, and provide actionable recommendations for risk mitigation. Stay up-to-date with the latest cyber threats, attack vectors, and industry best practices to enhance the effectiveness of risk assessments. Prepare and deliver clear and concise reports summarizing the findings of risk assessments to clients and internal stakeholders. Provide expert advice and consultancy to clients, guiding them in implementing robust cybersecurity risk management strategies. Mentor and support junior team members to foster their professional growth and skills in cyber risk assessments. Preferred candidate profile : Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or related fields. A minimum of 5+ years of hands-on experience in conducting cyber risk assessments and related security assessments. Industry certifications such as CISSP, CCSP, CISA, CISM, CRISC, ISO/IEC:27001/22301/20000 LI/LA or equivalent are highly valued. Profound knowledge of cybersecurity frameworks, industry standards, and best practices. Proficiency in using various security assessment and techniques. Strong analytical and problem-solving skills, with the ability to think critically and strategically. Excellent communication and presentation skills, capable of effectively communicating technical concepts to both technical and non-technical audiences. Demonstrated experience in project management and handling multiple assessments simultaneously. A proactive and self-motivated approach to work, with a commitment to continuous learning and professional development. Network Security, infrastructure assessment and network architecture design review.•Conceptual knowledge of OT Security/ISA 62443 standard is preferable.

Job Purpose/Summary: Network Compliance and Control Engineer to ensure that our network infrastructure adheres to internal policies, regulatory requirements, and industry best practices. Key Responsibilities: Policy Enforcement: Ensure that all network configurations and changes comply with corporate security and operational policies. Maintain baseline standards for network device configurations (e.g., routers, switches, firewalls). Configuration Audits: Conduct regular audits of network device configurations to detect deviations. Use compliance tools or scripts to identify non-compliant settings and generate audit reports. Regulatory & Standards Alignment: Map network operations to relevant regulatory frameworks (e.g., ISO 27001, NIST, GDPR, SOX). Participate in internal and external audits by preparing evidence and remediation plans. Risk Identification & Mitigation: Access Control Validation: Key Performance Indicators: Configuration Compliance Rate Policy Violation Closure Rate Audit Finding Closure Time Access Control Review Frequency Unauthorized Configuration Change Incidents Compliance Audit Pass Rate Maintain controls of Firewalls, switches, routers & access-points. Functional Skills/Competencies: Good Hands on experience on CISCO (Routing,switching) & Firewall Technology, CCNP certified, basic knowledge on Switching and Firewalls

Job Description Role : Cloud Security Location : Bangalore Who are we looking for? The Senior Cloud Security Engineer considered a security and technical expert in cloud security technology, architects, designs, systems implementation, and integration with deep, specialized knowledge of Amazon Web Services and Google Cloud security. The Engineer will be responsible for designing and delivering security solutions in Cloud infrastructure based on Cloud security standards, governance, and control practices. Conducts technical research when necessary to contribute to setting cloud security direction and strategy. Assists others on own team, or other teams where applicable, on cloud security projects or security-relevant tasks on technical projects. Position Summary  Designs, develops and implements new cloud security technologies to support business and technology solutions  Acts as a subject matter expert (SME) for Native AWS/Azure/Google cloud security tools, applications, and processes  Create, maintain and deliver to project schedules and budgets  Design and Implement changes to existing security tools, applications and processes based on changes in scope or needs.  Create process documents for operations, maintenance and integrating output from these tools into daily security operations. Qualifications Required  Create blueprint for data security for data in transit and at rest  Demonstrate deep understanding on topics like Data Exfiltration, Data Loss Prevention and Data Redaction  Design and implement the best practices as code for virtual network security, user defined routing and network security groups  Integrate OAuth into applications, APIs, Microservices  Ability to work with AWS DevOps Pipelines and Releases to deliver security-as-code in the CI/CD environment  Experience with Azure, O365, Azure AD and Google Cloud security  Maintaining our Cloud Native Application Protection Platform (CNAPP) and its security tools such as CSPM, CWP, etc.  Participate in the design and review of new cloud projects to ensure security requirements are met from the outset.  Develop cloud security architecture standards, guidelines, and procedures.  Lead and provide expert guidance on cloud security best practices to IT and development teams.  Assist in designing, planning, and implementing cloud security tools, controls, policies and processes.  Stay updated on the latest cloud security trends, threats, and technologies, and provide guidance to the organization. Skills  Bachelor's degree in Computer Science, Information Security, or a related field.  Relevant certifications (e.g., Azure Security Engineer, Certified Cloud Security Professional - CCSP.  Demonstrated experience in cloud security with proficiency in cloud platforms (e.g., AWS, Azure, GCP).  Experience with CNAPP tools such as Defender for Cloud an asset  Strong knowledge of cloud security best practices, compliance requirements, and security frameworks.  Familiarity with Infrastructure as code tools like Terraform etc.  Familiarity with security compliance frameworks (e.g., CIS, NIST) and their application in cloud environments.  Self-motivated and capable of working independently, managing multiple tasks, and meeting deadlines. Qualification  Bachelors Degree with a minimum experience of 10+ Years Certification  AWS Certification - Associate Cloud Engineer/Professional Cloud Architect  ITIL Certified  Network and Security certification

Role: Cyber Risk Management Lead Experience: 5 to 10 Years Office location-Sector-125, Noida Required Qualification: Bachelor of Engineering - Bachelor of Technology (B.E./B.Tech.) Additional Information There are 2-3 rounds in the interview process. This is 5 days’ work from office role (No Hybrid/ Remote options available) Final round will be F2F (Mandatory) About role: We are seeking a Cyber Risk Management Lead to identify and remediate or mitigate risks . Candidate should have effective task management skills and the ability to communicate effectively. The individual must be able to rapidly respond to security incidents and should have at least 5 years of relevant experience in Cyber security Risk management. Candidates Should have deeper understanding with some hands-on experience on enterprise IT infra components such as O365 suite, advanced firewalls, IPS/IDS/HIPS, routers/switches, VPN, proxy, AV/EDR, DNS, DHCP, multi factor authentication, virtualization, Email systems/security, Web Proxy, WAF, DLP etc. along with cloud environments like AWS (Must) , Azure etc. Job Description Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance Developing, maintaining, or auditing security documentation such as policies, standards, and procedures Monitoring security internal control effectiveness for EDR, Email Security, Server security, Cloud security etc Conducting internal security assessments to ensure continued compliance Explaining roles in managing risk to cross team functions and getting buy-in to improve the organizational risk posture Managing SOC 2 Type 2 assessment and provide adequate support for collecting relevant evidence for all relevant controls Should be able to review RFPs (request for proposal) and provide responses for Cyber security related items Manage Risk Governance Implement/govern AWS Cloud and Office 365 Security Manage and support internal and external audits Follow up till closure on audit findings if any Manage dashboards and reports to keep track of priority events for IT and IS Create MOM for Board Meetings Vendor Evaluation for cyber security controls Firewall rules review for On-premises and AWS firewall Security Awareness: Create materials PPT/e-mailers and provide training as needed Incident management and Business continuity CISO dashboard and success reports Meet with business team to understand their business requirements from cyber security perspective Has basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.) Understanding of respective industry best practices (e.g., NIST, ISO, OWASP, ITIL) At least one security certification is strongly preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP) Prior experience of management of technology infrastructure is preferred Skills: security awareness training,enterprise it infrastructure,it infrastructure security,dns,cloud security,aws,email security,cyber risk management,compliance,security documentation,routers/switches,cybersecurity risk management,incident management,dhcp,security assessments,risk assessment,advanced firewalls,multi-factor authentication,incident response,vpn,cloud security (aws, azure),azure,web proxy,risk governance,cyber security,soc assesment,effective communication,audit management,av/edr,waf,vendor evaluation,communication skills,task management,o365,proxy,compliance management,risk management,virtualization,firewall management,dlp,o365 suite,cyber risk management lead,ips/ids/hips

About Client: Our Client is a global IT services company headquartered in Southborough, Massachusetts, USA. Founded in 1996, with a revenue of $1.8B, with 35,000+ associates worldwide, specializes in digital engineering, and IT services company helping clients modernize their technology infrastructure, adopt cloud and AI solutions, and accelerate innovation. It partners with major firms in banking, healthcare, telecom, and media. Our Client is known for combining deep industry expertise with agile development practices, enabling scalable and cost-effective digital transformation. The company operates in over 50 locations across more than 25 countries, has delivery centers in Asia, Europe, and North America and is backed by Baring Private Equity Asia. Job Title: SOC Analyst with OT(Operational Technology) Key Skills: SOC, OT, ICS Job Locations: PAN INDIA Experience: 3 – 5 Years Budget: Max 7LPA Education Qualification : Any Graduation Work Mode: Hybrid Employment Type: Contract Notice Period: Immediate - 15 Days Interview Mode: 2 Rounds of Technical Interview Job Description: ________________________________________ Technical Skills & Knowledge: • Strong understanding of OT/ICS protocols (Modbus, DNP3, OPC, etc.) and industrial network topologies. • Hands-on experience with OT cybersecurity tools and platforms (e.g., Nozomi Networks, Claroty, Dragos). • Familiar with ISA/IEC 62443, NIST SP 800-82, NIST CSF, and ISO 27001 compliance requirements for OT. • Proficiency in using SIEM systems (e.g., Microsoft Sentinel, Splunk, QRadar) for log correlation and event triage. • Understanding of firewalls, WAFs, proxies, and network segmentation principles in OT. • Working knowledge of tools such as THOR Scanner, VMRay, or Recorded Future is a plus. • Experience in vulnerability management and patch advisory for OT assets with limited patch cycles. ________________________________________ Nice to Have: • Exposure to Red Team/Blue Team exercises focused on OT/ICS. • Familiarity with GRC platforms and risk assessment tools tailored to OT. Interested Candidates please share your CV t o vamsi.v@people-prime.com

Job Description Job Title: Cyber Security Expert Location: Noida Department: IT Operations Job Summary: Security Expert will manage the planning, implementation, and continuous enhancement of Avaada's cybersecurity program, including the establishment of a Security Operations Centre (SOC), modernization of tools and controls, policy upgrades, and alignment with global standards like ISO 27001:2022 and NIST. The role encompasses end-to-end responsibility across cybersecurity operations, strategictooling, governance, cloud, OT/ICS, and compliance. Key Responsibilities: Security Operations Centre (SOC) Setup & Management Design, plan, and manage the Security Operation Centre (SOC) aligned with business needs. Define log sources, event flows, SIEM integration points, and threat intelligence feeds. Develop operational playbooks, escalation workflows, shift schedules, and knowledge base documents. Implement SOC KPIs (MTTD, MTTR, False Positive Rates, etc.) and periodic SOC effectiveness reviews. Coordinate with IT, network, and cloud teams for 24/7 monitoring enablement. Perform ongoing tuning of correlation rules, alerts, and response procedures. Support audits by ensuring SOC processes are documented and control evidence is maintained. Cybersecurity Operations Management Manage threat detection, incident response, vulnerability remediation, and endpoint protection. Oversee daily security alerts, logs, and forensic investigations using existing platforms. Track zero-day threats, malware trends, and APT behavior impacting the renewable energy sector. Coordinate triage of cyber incidents and manage incident response teams during escalations. Manage KPIs for threat detection, incident closure, and endpoint compliance across locations. Security Strategy, Roadmap & Modernization Prepare and maintain Avaada’s Cybersecurity Roadmap with quarterly, half yearly and annual goals. Identify security gaps, outdated tools, or manual processes for modernization or automation. Benchmark current posture against global security trends, risks, and industry best practices. Coordinate with leadership for board-level reporting and long-term security investment planning. Ensure alignment of the roadmap with IT initiatives, OT expansion, and cloud-first transformation. Infrastructure, Cloud & Identity Security Ensure infrastructure and cloud services follow secure-by-design principles. Implement and monitor identity and access controls across cloud infrastructure and internal tools. Review firewall policies, VPN configurations, and segmentation zones for security gaps. Collaborate with cloud architects to align workloads with CIS Benchmarks and cloudnative controls. Enforce identity lifecycle management and privileged access workflows. OT/ICS & Plant Cybersecurity Manage cyber risk assessments for OT environments, SCADA systems, and substations. Oversee segmentation between IT and OT networks (e.g., firewalls, DMZ, whitelisting). Coordinate security hardening and asset inventory for field-level equipment. Implement monitoring tools for critical energy infrastructure events and access. Ensure physical security controls integrate with cybersecurity systems where feasible. Plan cybersecurity drills and simulations for plant-level scenarios. Awareness & Cyber Hygiene Conduct ongoing cybersecurity training, phishing simulations, and e-learning modules. Regularly update content based on real-world threats and incidents. Track and report user participation, risk scores, and improvement areas. Promote a security-first culture across employees, vendors, and partner ecosystems. Run executive awareness sessions to foster top-down risk ownership. Qualifications & Skills: Bachelor's/Master’s degree in IT, Computer Science, or a related field. 10+ years of experience in Cyber Security with At least 5 years in a cybersecurity leadership or specialist role, managing teams, SOC operations, or enterprise-wide security programs. Certifications : Either 2 or more of the following o CISSP o CISM o CEH o CCSP Strong understanding of o Enterprise security architecture and secure network design o Security tools (SIEM, XDR, SOAR, UEBA, PAM) o Cloud Security Experience with Cloud security OT/ICS/SCADA cybersecurity (preferred in energy/renewable sector) is a plus Proven experience in o Managing cybersecurity frameworks (ISO/IEC 27001, NIST CSF, CIS) o Threat detection and response (SOC, SIEM, SOAR) o Endpoint, cloud, and application security controls Excellent problem-solving, communication, and leadership skills. Job Snapshot Updated Date 19-07-2025 Job ID AvaadaJob1015 Department Information Technology Location Noida 62, Noida, Uttar Pradesh, India Experience 7 - 15 Years Employee Type Permanent

As an experienced Head of Risk & Compliance, you will play a crucial role in leading and enhancing governance, risk management, and compliance strategies within our organization. Your responsibilities will involve developing and implementing robust frameworks that adhere to industry standards and regulations. Your expertise will help streamline processes and ensure alignment with best practices. You will be tasked with developing and refining IT governance frameworks that align with ISO standards and regulatory requirements. Your role will also involve overseeing the implementation and maintenance of compliance programs such as ISO 27001, SOC 2, PCI DSS, GDPR, and HIPAA. Additionally, you will lead enterprise-wide risk assessments to identify and mitigate risks across various aspects of the organization. Your leadership will extend to managing internal audits, third-party assessments, and risk management activities. You will define and monitor the organization's risk tolerance, integrating it into strategic decision-making processes. Furthermore, you will lead the Business Continuity and Disaster Recovery governance in alignment with ISO 22301 standards. Creating a culture of accountability, compliance, and risk awareness will be a key aspect of your role. You will serve as the primary point of contact for regulators, auditors, clients, and internal teams, ensuring effective communication and collaboration. To excel in this position, you should possess 10-15 years of leadership experience in risk, compliance, and audit. Additionally, you should have at least 5 years of experience in senior GRC roles, managing cross-functional programs. Relevant certifications such as CISA, CRISC, CISM, and expertise in ISO, NIST, data protection laws, and cloud security compliance are essential. Strong leadership, collaboration, and stakeholder management skills are also required. Your performance will be measured based on key performance indicators (KPIs) such as zero major findings in audits, timely closure of identified risks, improvement in organizational risk maturity, high employee training completion rates, and positive client feedback on compliance practices. If you possess the necessary expertise and vision to lead our risk and compliance strategy at an executive level, we encourage you to apply for this challenging opportunity. Join us at Infogain, a Silicon Valley-based company with a global presence, and be part of a dynamic team that values innovation and excellence. Kindly share your resume with us at Priya1.sharma@Infogain.com to take the next step in your career. #RiskManagement #Compliance #Governance #Leadership #ISO #CyberSecurity,

Key Responsibilities RFP and Proposal Management : Lead responses for cybersecurity and compliance-related RFPs. Develop solutions for customer requirements aligned with security best practices. Collaborate with internal teams to deliver compelling and Client Engagement : Develop security-related presentations for client meetings. Conduct workshops and demonstrations for security offerings. Provide technical expertise during customer discussions and Leadership : Develop and implement a comprehensive cybersecurity strategy. Establish and maintain a cybersecurity governance framework. Align cybersecurity programs with business objectives and regulatory Management : Identify, assess, and prioritize security risks across the organization. Define risk mitigation strategies and implement controls. Conduct periodic cybersecurity audits and penetration and Compliance : Establish cybersecurity policies, standards, and best practices. Ensure compliance with relevant regulations (e.g., GDPR, CCPA, ISO 27001, NIST). Oversee cybersecurity training programs to promote a culture of security Response and Management Develop and manage incident response plans and procedures. Lead the investigation and resolution of cybersecurity breaches. Ensure timely reporting of incidents to stakeholders and regulatory and Infrastructure Security : Implement advanced security solutions, including firewalls, intrusion detection systems, endpoint protection, and encryption. Oversee network security, application security, and cloud security. Evaluate and deploy emerging cybersecurity and Team Management : Lead and mentor the cybersecurity team, fostering professional development. Collaborate with IT, compliance, legal, and business units to address security concerns. Represent cybersecurity in board meetings, audits, and cross-functional Skills and Competencies Expertise : Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001, CIS). Proficiency in network security, cloud security, application security, and data protection. Experience with security technologies such as SIEM, firewalls, and endpoint Skills : Ability to manage and inspire a diverse cybersecurity team. Strategic thinking with the ability to align security initiatives with business and Problem-Solving Skills : Strong analytical skills to identify and mitigate risks effectively (ref:hirist.tech)

We are looking for an experienced and highly motivated Senior Information Security Consultant I to join our cybersecurity team. The ideal candidate will bring deep expertise in Phishing Threat Mitigation, Email Security, Microsoft Defender, and Security Operations (SOC & SIEM). Responsibilities You will play a key role in protecting our organization against evolving email-based threats and ensuring robust incident response Responsibilities : Lead and manage the organization's email security infrastructure, including configuration, monitoring, and optimization of tools like Microsoft Defender and other email security platforms. Design, implement, and manage phishing threat detection and mitigation strategies. Investigate and respond to phishing incidents, coordinate with relevant stakeholders for containment and remediation. Monitor and analyze email threat intelligence feeds and proactively adjust policies and controls. Integrate email security with SIEM platforms for centralized monitoring and incident detection. Provide subject matter expertise in SOC operations, guiding junior analysts on phishing-related escalations. Ensure adherence to email authentication protocols (e.g., SPF, DKIM, DMARC). Maintain detailed documentation of configurations, response procedures, and incident handling processes. Collaborate with internal teams to improve cybersecurity awareness and training, especially around email threats. Contribute to security audits, risk assessments, and regulatory compliance efforts. Key Skills & Technologies Deep knowledge of phishing techniques, email threat vectors, and Expertise in Microsoft Defender for Office 365, and similar tools (e.g., Proofpoint, Mimecast, Barracuda). Hands-on experience with SIEM platforms such as Splunk, QRadar, or Microsoft Sentinel. Familiarity with email security protocols : SPF, DKIM, DMARC. Experience working in or with a Security Operations Center (SOC). Strong scripting and automation skills (PowerShell preferred) for security tool integration and response. Sound knowledge of security frameworks (NIST, ISO 27001, etc.) and incident management : Bachelor's degree in Cybersecurity, Computer Science, or a related field. Relevant certifications are a plus (e.g., CISSP, CEH, Microsoft SC-200, GIAC certifications) (ref:hirist.tech)

Join our Team About this opportunity: Ericsson is seeking an experienced IAM Engineer with a strong background in Identity Management (IDM) and Public Key Infrastructure (PKI) to join our team in Noida or Bangalore. The ideal candidate will bring 8 to 15 years of hands-on experience in designing, implementing, and managing enterprise IAM solutions, ensuring secure and seamless identity lifecycle management and robust cryptographic security. Key Responsibilities: Design, implement, and support enterprise Identity and Access Management (IAM) solutions, focusing on IDM and PKI components. Manage identity lifecycle processes including provisioning, de-provisioning, authentication, authorization, and access governance. Deploy and maintain PKI infrastructure, including certificate lifecycle management, CA operations, and secure key management. Integrate IDM and PKI systems with various applications, cloud platforms, and network services. Collaborate with security teams to enforce access controls, policies, and compliance requirements. Troubleshoot and resolve IAM and PKI related incidents and performance issues. Develop automation scripts and tools to optimize IAM and PKI processes. Participate in security audits and assessments related to IAM and PKI. Document architecture, configurations, and operational procedures. Stay updated with emerging IAM and PKI technologies, trends, and best practices. Required Skills and Qualifications: Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or related field. 8 to 15 years of experience in Identity and Access Management engineering roles. Strong hands-on experience with IDM platforms such as SailPoint, Oracle Identity Manager, IBM Security Identity Manager, or similar. Expertise in PKI technologies including CA management, certificate issuance, revocation, and integration with applications. Experience with directory services (LDAP, Active Directory) and federation technologies (SAML, OAuth, OpenID Connect). Proficiency in scripting languages (Python, Shell, PowerShell) for automation. Knowledge of security standards and compliance frameworks (ISO 27001, NIST, GDPR). Strong troubleshooting, problem-solving, and communication skills. Ability to work collaboratively in cross-functional and global teams. Preferred Qualifications: Certifications such as CISSP, CISA, CISM, or relevant IAM/PKI certifications. Experience in telecom or large-scale enterprise environments. Familiarity with cloud IAM solutions (Azure AD, AWS IAM) and hybrid identity architectures. Exposure to DevOps practices and CI/CD pipelines related to IAM deployments.

Job Description TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers’ compensation insurance. TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you’re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients’ business success with extraordinary HR. Don't meet every single requirement? Studies have shown that many potential applicants discourage themselves from applying to jobs unless they meet every single requirement. TriNet always strives to hire the most qualified candidate for a particular role, ensuring we deliver outstanding results for our small and medium-size customers. So if you're excited about this role but your past experience doesn't align perfectly with every single qualification in the job description, nobody’s perfect – and we encourage you to apply. You may just be the right candidate for this or other roles. The Manager, Security-Compliance will be responsible for assuring information security and managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes. On a day-to-day, there will be responsibility to manage activities of a team, including research, analysis and documentation, evidence gathering and documenting compliance requirements. Essential Duties/Responsibilities Establishes, implements, and maintains information assurance programs, requirements, and standards based on the analysis of user, policy, regulatory, and resource demands Conducts compliance assessments of planned and implemented information systems Aligns NIST CSF framework requirements with business company processes to assist company stakeholders with determining appropriate controls, test steps, evidence collection, and documentation of risks associated with gaps to defined controls Authors and/or updates standards or documentation to align with company and regulatory guidelines Assists in facilitating audit requests by interfacing between control owners and auditors Assists with responding to customer security questionnaires Advises security administrators on normal and exception-based processing of security authorization requests Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes Works within the information security governance process to define control recommendations that are both efficient and effective Identifies, reports, and resolves security violations Education Job Requirements and Qualifications Bachelor’s degree in Business, Computer Science, Finance, or other related business discipline preferred or equivalent work experience Training Requirements (licenses, Programs, Or Certificates) Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or equivalent are highly desirable Experience 10+ years of experience in technology / IT audit or regulatory compliance role 3+ years of management experience Other Knowledge, Skills And Abilities Knowledge of information security management frameworks (e.g., NIST CSF, NIST 800-53, HIPAA, COBIT, etc.) Ability to understand and articulate security risks, as well as propose solutions and/or mitigate controls Familiar with Microsoft suite of security tools such as Purview, Sentinel, Defender and Entra Excellent written and verbal communication skills, interpersonal and collaborative skills An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one An ability to effectively influence others to modify their opinions, plans, or behaviors, with an emphasis on collaborating across multiple teams and ensuring program needs are satisfied through interpersonal and trusted communication Minimal travel required. Work Environment Work in a clean, pleasant, and comfortable office work setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions. This position is 100% in office. Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity. TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact India.Careers@trinet.com to request such an accommodation.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SailPoint Identity Mgmt and Governance. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: F5 Load Balancers. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Fortinet Firewall. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Azure Cloud Workload Security. Experience: 8-10 Years.

As a Senior Network Security Specialist at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Provide leadership, guidance, and support to team members, ensuring the successful completion of tasks, and promoting a positive work environment that fosters collaboration and productivity, taking responsibility of the whole team. Nice-to-have skills Qualifications Qualifications 4-6 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

We are seeking a highly motivated Responsible and Secure AI Governance Specialist to join our Cyber team. The ideal candidate will be engaged in the design, implementation, and monitoring of governance frameworks that ensure the ethical, secure, and compliant deployment of AI technologies within our services. This role will collaborate closely with technology, security, compliance, legal, and business units to manage AI risks, uphold data privacy, and align AI systems with evolving regulatory standards Responsibilities Develop, implement, and maintain AI governance policies, standards, and best practices tailored for ITES environments Conduct AI risk assessments focused on model bias, fairness, security vulnerabilities, and compliance with data privacy laws (GDPR, HIPAA, etc.). Collaborate cross-functionally to embed security and ethical considerations into the AI/ML lifecycle, including data acquisition, model development, testing, deployment, and monitoring. Design and oversee continuous AI model monitoring processes to detect anomalies, bias, data drift, and security threats. Support incident response planning for AI-related security breaches or compliance issues. Provide training and awareness sessions on AI governance, ethics, and security best practices for internal teams. Stay current with AI governance frameworks, regulations, and emerging risks; advise leadership on necessary policy updates and strategic initiatives. Work with Technology and cloud teams to ensure AI systems align with organizational cybersecurity and data protection policies Prepare reports and dashboards for leadership to highlight AI governance metrics and compliance status. Research on AI regulations and ensure program alignment Subject Matter Expertise Proficiency in data privacy and cybersecurity best practices related to AI systems Experience with cloud AI platforms (AWS SageMaker, Azure AI, Google AI). Familiarity with AI ethics frameworks (e.g., NIST AI RMF, OECD AI Principles, EU AI Act) Knowledge of programming languages used in AI/ML (Python, R) Knowledge of AI governance platforms (e.g. Credo.ai, IBM's AI Fairness 360, Priva Sapien) and Certifications such as CISSP, CDPSE, or AI Governance-related credentials are a plus Strong understanding of AI/ML technologies and development lifecycleKnowledge of regulatory frameworks impacting AI and data (e.g., GDPR, HIPAA, CCPA) Hands-on experience with AI monitoring tools or platforms that support model auditing and anomaly detection Familiarity with AI fairness, bias mitigation, explainability, and robustness assessment techniques Thought Leadership Provide thought leadership to fellow team members across business and technical project dimensions solving complex business requirements. Demonstrate forward thinking around where the organization is going and how technology can support these efforts. Advocate and define security architecture vision from a strategic perspective, including internal and external platforms, tools and systems. Cross-Functional And Collaboration Drive scope definition, requirements analysis, functional and technical design, product configuration, and production deployment Ensure delivered solutions meet/perform to technical and functional/non-functional requirements. Provide technical expertise and ownership in the diagnosis and resolution of an issue, including the determination and provision of workaround solution or escalation to service owners. Ensure delivered solutions are realized in time frame committed; work in conjunction with project sponsors to size and manage scope and risk. Provide support and technical governance, expertise related to cloud architectures, deployment, and operations. Mentoring Act as the coach and mentor to team members and technical staff on their assigned project tasks. Lead the definition and development of cloud reference architecture and management systems. Conduct project reviews with team members. Requisites Bachelor's degree in computer science, computer engineering, information technology, or relevant field. Overall experience 12+ years with proven experience (3+ years) in AI governance, AI risk management, or AI security, preferably in ITES or technology-driven environments Positive attitude and a strong commitment to delivering quality work. Effective communication skills (written and verbal) to properly articulate complicated cloud architecture, reports to management. Excellent analytical, problem-solving, and communication skills

Location: Gurgaon (Work from Office) Looking for Immediate joiners only Required Technical Skills & Experience: Experience: 7+ years in cybersecurity, with at least 3 years in a SOC leadership role . SIEM & Log Analytics: XSIAM, ArcSight, Splunk, Elastic Stack (ELK), QRadar, Microsoft Sentinel Threat Intelligence: MITRE ATT&CK, Cyber Kill Chain, MISP, STIX/TAXII. Incident Response & Forensics: Volatility, Wireshark, FTK, EnCase, Sleuth Kit, YARA. Endpoint Security & EDR/XDR: CrowdStrike Falcon, Microsoft Defender, Palo Alto XDR, SentinelOne, Carbon Black. Cloud Security: AWS GuardDuty, Azure Security Center, Google Chronicle, CSPM, CNAPP. Compliance & Risk: NIST 800-53, ISO 27001, PCI-DSS, SOC2, GDPR, CIS Benchmarks. Key Responsibilities: SOC Operations & Security Monitoring Lead and manage the 24/7 Security Operations Center (SOC) , ensuring continuous threat detection and response . Working extensively on SIEM (XSIAM. Arcsight, Splunk, QRadar, ELK, Sentinel, etc.) and other security monitoring tools. Oversee 24/7 monitoring of security events and alerts. Ensure effective use of SIEM (Security Information and Event Management) tools. Prioritize, analyze, and manage security incidents. Improve threat intelligence capabilities and integrate with threat intelligence feeds. Continuously optimize detection rules, correlation logic, and security alerts to minimize false positives and improve response times. Incident Response & Management Develop and enforce incident response plans (IRPs) . Ensure timely response to cyber threats, minimizing impact. Coordinate with stakeholders during major incidents. Conduct post-incident analysis and lessons learned exercises. EDR/XDR (Endpoint Detection & Response / Extended Detection & Response) CrowdStrike Falcon – AI-powered threat detection with real-time response. Palo Alto XDR – Extended Detection and Response. Microsoft Defender for Endpoint – Integrated with Azure security solutions. – Behavioral AI-driven endpoint protection. Carbon Black (VMware) – Next-gen EDR with cloud analytics. Sophos Intercept X – Machine-learning-based ransomware prevention. Threat Intelligence Platforms (TIP) Recorded Future – AI-driven threat intelligence analysis. MISP (Malware Information Sharing Platform) – Open-source threat sharing platform. Flashpoint Threat Intel Outseer AFCC ( Previously RSA) IBM X-Force Exchange – Intelligence-sharing with global threat data. Anomali ThreatStream – Automated threat intelligence processing. VirusTotal Enterprise – File and URL malware scanning with shared intelligence. Compliance & Reporting Ensure compliance with security frameworks (ISO 27001, NIST, GDPR, etc.). Maintain accurate security logs and reports for audits. Prepare executive-level reports on security incidents and risk posture.

Let me tell you about the role We are looking for an Information Security Engineering Specialist with great knowledge in security fundamentals and is eager to apply them in complex environments. In this role, you will assist in implementing security controls, executing vulnerability assessments, and supporting automation initiatives. This position will have an emphasis in one or more of the following areas cloud security; infrastructure security; and/or data security. You will have an opportunity to learn and grow under the mentorship of senior engineers, while also contributing to critical security tasks that keep our organization safe. What you will deliver Define security policies that can be used to improve our cloud, infrastructure or data security posture. Integrate our vulnerability assessment tooling into our environments, to provide continuous scans, uncovering vulnerabilities, misconfiguration or potential security gaps. Work with engineering teams to support the remediation and validation of vulnerability mitigations and fixes. Integrate security validations into continuous integration/continuous deliver (CI/CD) pipelines and develop scripts to automate security tasks. Maintain clear, detailed documentation of security procedures and policies, including how to embed and measure security on our cloud, infrastructure or data environments. What you will need to be successful (experience and qualifications) Seasoned security professional with 3+ years delivering security engineering services and/or building security solutions within a complex organization. Practical experience designing, planning, productizing, maintaining and documenting reliable and scalable data, infrastructure, cloud and/or platform solutions in complex environments. Firm foundation of information and cyber security principles and standard processes. Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus. Development experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or cloud environments (including AWS, Azure, Alibaba, etc.) Exposure/experience with full stack development. Experience with security tooling (vulnerability scanners, CNAPP, Endpoint and/or DLP) and automation and scription for security tasks (e.g., CI/CD integration). Familiarity with basic security frameworks such as NIST CSF, NIST 800-53, ISO 27001, etc. Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX) Continuous learning and improvement approach. This position is a hybrid of office/remote working

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats. Do Design and develop enterprise cyber security strategy and architecture Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses Identify risks associated with business processes, operations, information security programs and technology projects Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge Identify security design gaps in existing and proposed architectures and recommend changes or enhancements Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. Provide support during technical deployment, configuration, integration and administration of security technologies Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity Provide solution of RFPs received from clients and ensure overall design assurance Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture Depending on the clients need with particular standards and technology stacks create complete RFPs Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps Evaluate and recommend solutions to integrate with overall technology ecosystem Tracks industry and application trends and relates these to planning current and future IT needs Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers Provide training to employees on issues such as spam and unwanted or malicious emails Stakeholder Interaction Stakeholder Type Stakeholder Identification Purpose of Interaction Internal Program Manager/Director Regular reporting & updates Infrastructure (CIS team) For infrastructure support External Customer To coordinate for all security breaches & resolutions Display Lists the competencies required to perform this role effectively: Functional Competencies/ Skill Leveraging Technology - Knowledge of current and upcoming security technologies (e.g. Firewalls, IPS, DDoS, SIEM, WAF, Endpoint etc.) and understanding of compliance regulatory requirement like PCI DSS, HIPAA, etc.- Expert Systems Thinking - Understanding of the Wipro system (interrelatedness, interdependencies and boundaries) and perform problem solving in a complex environment - Expert Leveraging Technology - In-depth knowledge of and mastery over ecosystem technology that commands expert authority respect - Master Technical Knowledge - Certified Information Systems Security Professional (CISSP), Cloud Architect Certification from AWS and Azure, ToGAF or SABSA certification- Master Competency Levels Foundation Knowledgeable about the competency requirements. Demonstrates (in parts) frequently with minimal support and guidance. Competent Consistently demonstrates the full range of the competency without guidance. Extends the competency to difficult and unknown situations as well. Expert Applies the competency in all situations and is serves as a guide to others as well. Master Coaches others and builds organizational capability in the competency area. Serves as a key resource for that competency and is recognized within the entire organization. Behavioral Competencies Effective Communication Managing Complexity Client centricity Technology Acumen Innovation Problem Solving approach Collaborative Working Execution Excellence

Grow Fearlessly Who are we? Eliminate Fraud. Establish Trust. IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Mitigation, Digital Onboarding and Digital Privacy. We establish trust while delivering a frictionless experience for you, your employees, customers and partners. Only IDfy combines enterprise-grade technology with business understanding and has the widest breadth of offerings in the industry. With more than 12+ years of experience and 2 million verifications per day, we are pioneers in this industry. Our clients include HDFC Bank, Indusind Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. We have successfully raised $27M from Elev8 Venture Partners, KB Investment, and Tenacity Ventures! We are the perfect match if you... Have 15+ years - Experience with cloud-based security management/IDS/IPS/SIEM tools, security vulnerability assessments, encryption, etc Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based server development Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, SOC2, PCI, GDPR, CCPA, etc) CISM, CISSP, or other Security Certifications. Cloud security certifications on AWS, GCP or Azure Being a life-long learner; always looking to stay up to date with the latest attack vectors, vulnerabilities, remediation and protection paradigms, etc. Being self-motivated, proactive, driven individual Having strong interpersonal, oral, and written communication skills Ability to work and collaborate in a fast-paced multiple development centres across India Here’s what your day would look like... Primarily leading the IDfy Security, Compliance, and Privacy Practice and Function, ensuring the protection of data, infrastructure, and applications by continuously enhancing and monitoring the robust security framework that has been established, driving compliance with global regulations, and fostering a culture of security-first product development Defining and owning clear guardrails, alerts, and Security as Code (SaC) deployments to provide 24/7 protection from malicious traffic, vulnerabilities, and other attack vectors Reviewing and analyzing vulnerability data to identify security risks to the organization's network, infrastructure, and applications and determine any reported vulnerabilities that are false positives Building and maintaining monitoring, auditing, and reporting frameworks that produce artifacts that support security and compliance needs Developing processes that produce artifacts that support security and compliance requirements Working with other infrastructure, DevOps, and application engineers to understand product and business needs Participating in enterprise compliance audits as a security SME Mentoring team members and co-workers on security best practices What’s it like working at IDfy? We build products that detect and prevent fraud. At IDfy, you will apply your skills to stay one step ahead of fraudsters. You will be mind-mapping fraudsters’ modus operandi, predicting the evolution of fraud techniques, and designing solutions to prevent new & emerging fraud. At IDfy, you will work on the entire end-to-end solution rather than a small cog of a giant wheel. Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies. We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD 3 – Risk Consulting - Protect Tech - Staff (IT audit – General skills) Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 2-3 years of related work experience At least 1-2 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX framework Implementation and Testing of internal controls such as IT general controls, IT application controls, business controls, interface controls etc Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.