About TripleLift We're TripleLift, an advertising platform on a mission to elevate digital advertising through beautiful creative, quality publishers, actionable data and smart targeting. Through over 1 trillion monthly ad transactions, we help publishers and platforms monetize their businesses. Our technology is where the world's leading brands find audiences across online video, connected television, display and native ads. Brand and enterprise customers choose us because of our innovative solutions, premium formats, and supportive experts dedicated to maximizing their performance. As part of the Vista Equity Partners portfolio, we are NMSDC certified, qualify for diverse spending goals and are committed to economic inclusion. Find out how TripleLift raises up the programmatic ecosystem at triplelift.com. The Role TripleLift is seeking a Lead Security Engineer to join our team full time. We are an established company in the advertising technology sector, trying to tackle some of the most challenging problems facing the industry. You will be joining a rapidly growing and complex environment and will work as part of a small team that will be responsible for developing, evangelizing, and executing our security roadmap. You’ll help drive improvements in our security operations capability and support critical projects enhancing our detect-and-respond capabilities. Responsibilities Cloud Infrastructure Management: Oversee and manage cloud infrastructure components, ensuring proper configuration, resource provisioning, and adherence to security best practices for AWS. Collaborate with development teams to define infrastructure requirements and implement scalable and secure cloud architectures. DevOps Integration and Automation: Collaborate with engineering teams to integrate security into CI/CD pipelines, version control systems, and infrastructure as code practices. Develop automation scripts and tools to streamline security controls and ensure consistent deployment of secure cloud resources. Network and Infrastructure Security: Design and implement secure network architectures aligned with a zero-trust model. Implement and manage Web Application Firewalls (WAFs), VPNs, and relevant network access controls. Collaborate with cloud engineers and developers to ensure secure configurations and protocols across services. Support the deployment and management of zero-trust security tooling to enforce least privilege and continuous authentication. Identity and Access Management (IAM): Develop and maintain robust IAM policies, roles, and permissions, implementing least privilege access controls, multi-factor authentication, and identity federation across cloud platforms. Endpoint Security and Privilege Management: Architect, implement, and maintain an endpoint privilege management strategy to enforce least privilege principles across all user workstations and servers. This includes defining and managing user roles, application control policies, and elevation rules to prevent unauthorized software execution and limit the impact of potential security breaches. Collaborate with the IT department to deploy and manage endpoint security controls, ensuring seamless integration with existing systems and minimal disruption to user productivity while significantly enhancing the organization's security posture against malware and insider threats. Security Monitoring and Incident Response: Establish and manage security monitoring tools, SIEM systems, and incident response processes to detect, respond, and mitigate security incidents in cloud environments. Develop and enhance incident response playbooks and implement automated incident response and alerting mechanisms. Compliance and Governance: Implement and maintain compliance controls, ensuring adherence to industry regulations and cloud-specific compliance requirements. Conduct regular audits, prepare reports, and actively manage governance processes. Problem Solving and Risk Analysis: Assess security risks, identify vulnerabilities, and propose effective solutions to mitigate risks within cloud environments. Cloud Security Best Practices: Stay up-to-date with cloud security best practices, emerging trends, and technologies. Communication and Collaboration: Collaborate effectively with cross-functional teams and stakeholders to communicate security requirements, provide guidance on secure cloud practices, and ensure alignment with organizational objectives. Work closely with developers to promote a culture of security awareness and knowledge sharing. Desired Skills And Attributes 8+ years of experience in security engineering or cloud security roles, with proven expertise in securing cloud-native, highly distributed environments. Proven ability to lead technical projects independently with minimal oversight, from design to deployment. Track record of mentoring junior engineers and influencing secure design across multiple teams. Strong communication skills with the ability to translate technical concepts for engineering, product, and compliance stakeholders. Comfortable engaging cross-functionally (engineering, DevOps, legal, compliance) to drive security improvements and cultural change. Strong programming proficiency in Java, Javascript, GoLang and/or Python with a focus on secure coding, automation, and infrastructure tooling. Experience integrating security controls in CI/CD pipelines, including GitHub Actions or similar. Deep hands-on experience with AWS services such as IAM, Security Hub, GuardDuty, VPC, S3, CloudTrail, CloudWatch, Config, and Lambda. Proficient in the use of SIEM systems, IDS/IPS, vulnerability scanning, and penetration testing tools. Strong understanding of cloud networking concepts including VPC peering, security groups, NACLs, private link, and hybrid connectivity (VPN/direct connect). Proven ability to analyze and effectively address security issues and incidents. Understanding of security fundamentals with relation to various cybersecurity and compliance frameworks, particularly NIST CSF, but any of: PCI, SOC2, HITRUST, ISO 27001/2, or similar is a plus Experience supporting internal audits, user access reviews, and policy exception workflows using tools like Jira or GRC platforms. Openness to adapt in response to emerging cloud technologies and security threats. Receptive to feedback and open to constructive criticism for continuous improvement. Holds a Cybersecurity certification, e.g. CISSP, CISA, Security+, or AWS Certified Security Specialty Life at TripleLift At TripleLift, we’re a team of great people who like who they work with and want to make everyone around them better. This means being positive, collaborative, and compassionate. We hustle harder than the competition and are continuously innovating. Learn more about TripleLift and our culture by visiting our LinkedIn Life page. Establishing People, Culture and Community Initiatives At TripleLift, we are committed to building a culture where people feel connected, supported, and empowered to do their best work. We invest in our people and foster a workplace that encourages curiosity, celebrates shared values, and promotes meaningful connections across teams and communities. We want to ensure the best talent of every background, viewpoint, and experience has an opportunity to be hired, belong, and develop at TripleLift. Through our People, Culture, and Community initiatives, we aim to create an environment where everyone can thrive and feel a true sense of belonging. Privacy Policy Please see our Privacy Policies on our TripleLift and 1plusX websites. TripleLift does not accept unsolicited resumes from any type of recruitment search firm. Any resume submitted in the absence of a signed agreement will become the property of TripleLift and no fee shall be due. Show more Show less

This role is located in Noida. Candidates willing to relocate are welcome to apply. Note: If shortlisted, we’ll cont act you via WhatsApp and email. Please monitor both and respond promptly. Location: Noida, India Work Mode: Financials SuppoWork from Office Salary 5–7 years: Up to INR 20,00,000 per annum 8–10 years: Up to INR 25,00,000 per annum Joining Time / Notice Period: Immediate – 30 days About The Client Hiring for a technology-driven organization with a strong focus on cybersecurity, cloud infrastructure, and risk management practices. The company supports global clients in achieving compliance and robust information security postures. Job Overview Seeking a Cyber Risk Management Lead to drive enterprise-level risk governance, compliance assessments, and security control implementation across on-premise and cloud environments. The ideal candidate has 5+ years of experience in cybersecurity risk, infrastructure audits, and cloud (AWS) security. Key Responsibilities Ensure alignment with regulations, guidelines, and industry best practices (e.g., NIST, ISO, OWASP, ITIL) Maintain, develop, and audit security documentation: policies, standards, procedures Monitor control effectiveness for EDR, cloud, email, and server security Conduct internal security risk assessments for ongoing compliance Guide cross-functional teams on their roles in risk management Lead SOC 2 Type 2 assessments and evidence collection Review and respond to cybersecurity-related RFPs Oversee AWS and Office365 security governance and implementation Track and close audit findings; support internal and external audits Create and manage dashboards for tracking IT and IS events Minimum Qualifications Bachelor's degree in IT, Computer Science, or related field 5+ years of relevant experience in cybersecurity and risk management In-depth knowledge of enterprise IT components: O365, firewalls, VPN, IDS/IPS, proxy, AV/EDR, DHCP/DNS, MFA, WAF, DLP Strong experience with AWS Cloud Security (mandatory) and Azure (preferred) Experience with audit frameworks (SOC2, HIPAA, ISO27001) At least one security certification preferred (e.g., CISM, CRISC, CISSP) Strong communication, documentation, and stakeholder management skills Show more Show less

This role is located in Noida. Candidates willing to relocate are welcome to apply. Note: If shortlisted, we’ll cont act you via WhatsApp and email. Please monitor both and respond promptly. Location: Noida, India Work Mode: Financials SuppoWork from Office Salary 5–7 years: Up to INR 20,00,000 per annum 8–10 years: Up to INR 25,00,000 per annum Joining Time / Notice Period: Immediate – 30 days About The Client Hiring for a technology-driven organization with a strong focus on cybersecurity, cloud infrastructure, and risk management practices. The company supports global clients in achieving compliance and robust information security postures. Job Overview Seeking a Cyber Risk Management Lead to drive enterprise-level risk governance, compliance assessments, and security control implementation across on-premise and cloud environments. The ideal candidate has 5+ years of experience in cybersecurity risk, infrastructure audits, and cloud (AWS) security. Key Responsibilities Ensure alignment with regulations, guidelines, and industry best practices (e.g., NIST, ISO, OWASP, ITIL) Maintain, develop, and audit security documentation: policies, standards, procedures Monitor control effectiveness for EDR, cloud, email, and server security Conduct internal security risk assessments for ongoing compliance Guide cross-functional teams on their roles in risk management Lead SOC 2 Type 2 assessments and evidence collection Review and respond to cybersecurity-related RFPs Oversee AWS and Office365 security governance and implementation Track and close audit findings; support internal and external audits Create and manage dashboards for tracking IT and IS events Minimum Qualifications Bachelor's degree in IT, Computer Science, or related field 5+ years of relevant experience in cybersecurity and risk management In-depth knowledge of enterprise IT components: O365, firewalls, VPN, IDS/IPS, proxy, AV/EDR, DHCP/DNS, MFA, WAF, DLP Strong experience with AWS Cloud Security (mandatory) and Azure (preferred) Experience with audit frameworks (SOC2, HIPAA, ISO27001) At least one security certification preferred (e.g., CISM, CRISC, CISSP) Strong communication, documentation, and stakeholder management skills Show more Show less

This role is located in Noida. Candidates willing to relocate are welcome to apply. Note: If shortlisted, we’ll cont act you via WhatsApp and email. Please monitor both and respond promptly. Location: Noida, India Work Mode: Financials SuppoWork from Office Salary 5–7 years: Up to INR 20,00,000 per annum 8–10 years: Up to INR 25,00,000 per annum Joining Time / Notice Period: Immediate – 30 days About The Client Hiring for a technology-driven organization with a strong focus on cybersecurity, cloud infrastructure, and risk management practices. The company supports global clients in achieving compliance and robust information security postures. Job Overview Seeking a Cyber Risk Management Lead to drive enterprise-level risk governance, compliance assessments, and security control implementation across on-premise and cloud environments. The ideal candidate has 5+ years of experience in cybersecurity risk, infrastructure audits, and cloud (AWS) security. Key Responsibilities Ensure alignment with regulations, guidelines, and industry best practices (e.g., NIST, ISO, OWASP, ITIL) Maintain, develop, and audit security documentation: policies, standards, procedures Monitor control effectiveness for EDR, cloud, email, and server security Conduct internal security risk assessments for ongoing compliance Guide cross-functional teams on their roles in risk management Lead SOC 2 Type 2 assessments and evidence collection Review and respond to cybersecurity-related RFPs Oversee AWS and Office365 security governance and implementation Track and close audit findings; support internal and external audits Create and manage dashboards for tracking IT and IS events Minimum Qualifications Bachelor's degree in IT, Computer Science, or related field 5+ years of relevant experience in cybersecurity and risk management In-depth knowledge of enterprise IT components: O365, firewalls, VPN, IDS/IPS, proxy, AV/EDR, DHCP/DNS, MFA, WAF, DLP Strong experience with AWS Cloud Security (mandatory) and Azure (preferred) Experience with audit frameworks (SOC2, HIPAA, ISO27001) At least one security certification preferred (e.g., CISM, CRISC, CISSP) Strong communication, documentation, and stakeholder management skills Show more Show less

This role is located in Noida. Candidates willing to relocate are welcome to apply. Note: If shortlisted, we’ll cont act you via WhatsApp and email. Please monitor both and respond promptly. Location: Noida, India Work Mode: Financials SuppoWork from Office Salary 5–7 years: Up to INR 20,00,000 per annum 8–10 years: Up to INR 25,00,000 per annum Joining Time / Notice Period: Immediate – 30 days About The Client Hiring for a technology-driven organization with a strong focus on cybersecurity, cloud infrastructure, and risk management practices. The company supports global clients in achieving compliance and robust information security postures. Job Overview Seeking a Cyber Risk Management Lead to drive enterprise-level risk governance, compliance assessments, and security control implementation across on-premise and cloud environments. The ideal candidate has 5+ years of experience in cybersecurity risk, infrastructure audits, and cloud (AWS) security. Key Responsibilities Ensure alignment with regulations, guidelines, and industry best practices (e.g., NIST, ISO, OWASP, ITIL) Maintain, develop, and audit security documentation: policies, standards, procedures Monitor control effectiveness for EDR, cloud, email, and server security Conduct internal security risk assessments for ongoing compliance Guide cross-functional teams on their roles in risk management Lead SOC 2 Type 2 assessments and evidence collection Review and respond to cybersecurity-related RFPs Oversee AWS and Office365 security governance and implementation Track and close audit findings; support internal and external audits Create and manage dashboards for tracking IT and IS events Minimum Qualifications Bachelor's degree in IT, Computer Science, or related field 5+ years of relevant experience in cybersecurity and risk management In-depth knowledge of enterprise IT components: O365, firewalls, VPN, IDS/IPS, proxy, AV/EDR, DHCP/DNS, MFA, WAF, DLP Strong experience with AWS Cloud Security (mandatory) and Azure (preferred) Experience with audit frameworks (SOC2, HIPAA, ISO27001) At least one security certification preferred (e.g., CISM, CRISC, CISSP) Strong communication, documentation, and stakeholder management skills Show more Show less

This role is located in Noida. Candidates willing to relocate are welcome to apply. Note: If shortlisted, we’ll cont act you via WhatsApp and email. Please monitor both and respond promptly. Location: Noida, India Work Mode: Financials SuppoWork from Office Salary 5–7 years: Up to INR 20,00,000 per annum 8–10 years: Up to INR 25,00,000 per annum Joining Time / Notice Period: Immediate – 30 days About The Client Hiring for a technology-driven organization with a strong focus on cybersecurity, cloud infrastructure, and risk management practices. The company supports global clients in achieving compliance and robust information security postures. Job Overview Seeking a Cyber Risk Management Lead to drive enterprise-level risk governance, compliance assessments, and security control implementation across on-premise and cloud environments. The ideal candidate has 5+ years of experience in cybersecurity risk, infrastructure audits, and cloud (AWS) security. Key Responsibilities Ensure alignment with regulations, guidelines, and industry best practices (e.g., NIST, ISO, OWASP, ITIL) Maintain, develop, and audit security documentation: policies, standards, procedures Monitor control effectiveness for EDR, cloud, email, and server security Conduct internal security risk assessments for ongoing compliance Guide cross-functional teams on their roles in risk management Lead SOC 2 Type 2 assessments and evidence collection Review and respond to cybersecurity-related RFPs Oversee AWS and Office365 security governance and implementation Track and close audit findings; support internal and external audits Create and manage dashboards for tracking IT and IS events Minimum Qualifications Bachelor's degree in IT, Computer Science, or related field 5+ years of relevant experience in cybersecurity and risk management In-depth knowledge of enterprise IT components: O365, firewalls, VPN, IDS/IPS, proxy, AV/EDR, DHCP/DNS, MFA, WAF, DLP Strong experience with AWS Cloud Security (mandatory) and Azure (preferred) Experience with audit frameworks (SOC2, HIPAA, ISO27001) At least one security certification preferred (e.g., CISM, CRISC, CISSP) Strong communication, documentation, and stakeholder management skills Show more Show less

This role is located in Noida. Candidates willing to relocate are welcome to apply. Note: If shortlisted, we’ll cont act you via WhatsApp and email. Please monitor both and respond promptly. Location: Noida, India Work Mode: Financials SuppoWork from Office Salary 5–7 years: Up to INR 20,00,000 per annum 8–10 years: Up to INR 25,00,000 per annum Joining Time / Notice Period: Immediate – 30 days About The Client Hiring for a technology-driven organization with a strong focus on cybersecurity, cloud infrastructure, and risk management practices. The company supports global clients in achieving compliance and robust information security postures. Job Overview Seeking a Cyber Risk Management Lead to drive enterprise-level risk governance, compliance assessments, and security control implementation across on-premise and cloud environments. The ideal candidate has 5+ years of experience in cybersecurity risk, infrastructure audits, and cloud (AWS) security. Key Responsibilities Ensure alignment with regulations, guidelines, and industry best practices (e.g., NIST, ISO, OWASP, ITIL) Maintain, develop, and audit security documentation: policies, standards, procedures Monitor control effectiveness for EDR, cloud, email, and server security Conduct internal security risk assessments for ongoing compliance Guide cross-functional teams on their roles in risk management Lead SOC 2 Type 2 assessments and evidence collection Review and respond to cybersecurity-related RFPs Oversee AWS and Office365 security governance and implementation Track and close audit findings; support internal and external audits Create and manage dashboards for tracking IT and IS events Minimum Qualifications Bachelor's degree in IT, Computer Science, or related field 5+ years of relevant experience in cybersecurity and risk management In-depth knowledge of enterprise IT components: O365, firewalls, VPN, IDS/IPS, proxy, AV/EDR, DHCP/DNS, MFA, WAF, DLP Strong experience with AWS Cloud Security (mandatory) and Azure (preferred) Experience with audit frameworks (SOC2, HIPAA, ISO27001) At least one security certification preferred (e.g., CISM, CRISC, CISSP) Strong communication, documentation, and stakeholder management skills Show more Show less

This role is located in Noida. Candidates willing to relocate are welcome to apply. Note: If shortlisted, we’ll cont act you via WhatsApp and email. Please monitor both and respond promptly. Location: Noida, India Work Mode: Financials SuppoWork from Office Salary 5–7 years: Up to INR 20,00,000 per annum 8–10 years: Up to INR 25,00,000 per annum Joining Time / Notice Period: Immediate – 30 days About The Client Hiring for a technology-driven organization with a strong focus on cybersecurity, cloud infrastructure, and risk management practices. The company supports global clients in achieving compliance and robust information security postures. Job Overview Seeking a Cyber Risk Management Lead to drive enterprise-level risk governance, compliance assessments, and security control implementation across on-premise and cloud environments. The ideal candidate has 5+ years of experience in cybersecurity risk, infrastructure audits, and cloud (AWS) security. Key Responsibilities Ensure alignment with regulations, guidelines, and industry best practices (e.g., NIST, ISO, OWASP, ITIL) Maintain, develop, and audit security documentation: policies, standards, procedures Monitor control effectiveness for EDR, cloud, email, and server security Conduct internal security risk assessments for ongoing compliance Guide cross-functional teams on their roles in risk management Lead SOC 2 Type 2 assessments and evidence collection Review and respond to cybersecurity-related RFPs Oversee AWS and Office365 security governance and implementation Track and close audit findings; support internal and external audits Create and manage dashboards for tracking IT and IS events Minimum Qualifications Bachelor's degree in IT, Computer Science, or related field 5+ years of relevant experience in cybersecurity and risk management In-depth knowledge of enterprise IT components: O365, firewalls, VPN, IDS/IPS, proxy, AV/EDR, DHCP/DNS, MFA, WAF, DLP Strong experience with AWS Cloud Security (mandatory) and Azure (preferred) Experience with audit frameworks (SOC2, HIPAA, ISO27001) At least one security certification preferred (e.g., CISM, CRISC, CISSP) Strong communication, documentation, and stakeholder management skills Show more Show less

About BNP Paribas India Solutions Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions. About BNP Paribas Group BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Commitment to Diversity and Inclusion At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. About Business Line/Function For 150 years, BNP Paribas Wealth Management has been committed to protecting clients’ wealth, developing it, and eventually passing it on to their loved ones. We deliver tailor-made experience, with outstanding attention to detail and expertise from precise local knowledge to the global know-how that we access from the Group. Our goal is to create a new wealth management experience fit for a world where digital interactions have come to enhance human ones. Wealth Management Investment Solution Hub (WMIS Hub) provides a global IT solution for BNP Paribas Wealth Management where we develop, maintain and evolve IT applications which fits to the specific needs of BNP Paribas Wealth Management business users. Job Title Cybersecurity Manager Date Department: Wealth Management Location: Chennai Business Line / Function ITRCS Reports To (Direct) Grade (if applicable) (Functional) Number Of Direct Reports 16 Directorship / Registration NA Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the team’s goal. Main Scope Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives. Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development/Production/CSIRT/Production Security teams. The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator. Responsibilities Direct Responsibilities WM IT Risk and Security Manager Manage the WM IT Risk and Security local team in India by managing the recruitment, performances review as well as training and career-path development. Coordinate with APAC WM security actors, including India-based resources. Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process. Periodic reporting of security status to WM CISO APAC and WM Global CISO Contribute to the IT Risk and Cybersecurity Governance including procedural framework, Cybersecurity awareness and communication. Ensure the regular reporting for management follow-up IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets. Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes. Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and Cloud security. Identify the process gaps and provide solutions. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets. Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees. Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider. Production Security Oversight (delegation on WM APAC scope) Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance. Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress. Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders. Contribute to the management of Cybersecurity incidents. CyberSecurity Program (delegation on WM APAC scope) Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program. Contributing Responsibilities Coordination with IT Security actors Reporting line to the WM GAIM Global CISO: alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard…) Coordination and control of security activities performed by APAC CIB Business Information Security and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope. Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production. Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group. Technical & Behavioral Competencies Cybersecurity / Technical Value-added Competencies ü Cybersecurity Governance: framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM – ELK products) ü DevSecOps: CI/CD toolchain knowledge of various tools Source code management: sonarQuabe, bibucket, github/gitlab Security application scanning (e.g. Sonatype/NexusIQ, Fortify, AppSpider, Qualys, DTR scan…) Automation/orchestration: Ansible tower, Jenkins ü Application Security: Threat modeling, Security architecture key concepts, exposure to various development framework and applicative landscape (Java/Web, Mobile applications, containerization/docker, kubernetes, API management, Cloud security) ü Vulnerability Management Nexpose, Nessus ü Ethical Hacking Knowledge Kali Linux knowledge (metasploit, nmap) Specific Qualifications (if Required) Qualifications and Experience ü 10 years' experience in information security evaluation and design of technical architectures ü Functional as well as technical knowledge of the applications used within BNP Paribas ü Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies ü Team management experience is a must ü Preferred Master level in Computer science and Information Security Skills Referential Behavioural Skills: (Please select up to 4 skills) Communication skills - oral & written Ability to collaborate / Teamwork Decision Making Ability to deliver / Results driven Transversal Skills: (Please select up to 5 skills) Ability to set up relevant performance indicators Ability to develop and adapt a process Ability to manage a project Ability To Develop Others & Improve Their Skills Ability to manage / facilitate a meeting, seminar, committee, training… Education Level Master Degree or equivalent Experience Level At least 10 years Other/Specific Qualifications (if Required) Other Value-added Competencies ü Advanced IT security certifications may be advantageous (such as CISM, CCSP, CSK, CEH, CISSP…). ü Operational Risk and Permanent Control ü Data Analytics solutions (Tableau, PowerBI) and strong expertise in Dashboard/reporting Show more Show less

Design and maintain the application, data and cybersecurity architecture to support security, scalability resilience, and risk management requirements of AIR Global’s data, applications, IT systems, on-premises and in cloud infrastructure. Review and support the security design for new IT projects, ensuring alignment with organizational security policies and standards. Collaborate with project teams to identify security requirements and integrate security controls into the project lifecycle. Design and implement secure architecture for Azure environments, leveraging Azure security services and best practices. Ensure compliance with Azure security standards and manage security configurations for Azure resources. Develop and enforce security measures for APIs, including authentication, authorization, and threat protection. Implement API security best practices and manage API gateways to ensure secure data exchange. On-Premises Network Security: Design secure network architectures for on-premises environments, including segmentation, firewalls, and intrusion detection systems. Architect and oversee the implementation of security measures for eCommerce platforms, particularly Magento, ensuring compliance with industry standards and best practices. Architect DevsecOPS, CI/CD pipeline. Design and support microservice architectures to enhance system scalability, flexibility, Security and maintainability. Collaborate with cross-functional teams IT and security team to understand technical, IT security and business requirements and translate them into well-architect solutions. Support risk assessments and develop mitigation strategies to ensure the security and integrity of data and IT systems. Stay updated with the latest trends and technologies in data management, security architecture, and eCommerce platforms. Provide technical leadership and guidance to development teams, ensuring best practices in coding, design, and architecture. Prepare detailed documentation of architectural designs, security protocols, and implementation plans. Participate in the evaluation and selection of new technologies and tools to enhance the organization's capabilities. Experience & Qualification: Minimum of 5-7 years of experience in solution architecture, with a focus on data management and cybersecurity. Demonstrated experience in architecture and design solutions using Azure Data Lake and other data analysis tools. Hands-on experience with security architecture for eCommerce platforms, particularly Magento. Experience in developing and implementing microservice architectures. Familiarity with cloud security, application, database and api architecture best practices. Computer Science or Relevant Degree Any of the three-certification listed below: Microsoft Certified: Cybersecurity Architect Expert Microsoft Certified: Azure Security Engineer Associate Trend Micro Certifications Microsoft Certified: Identity and Access Certified Data Management Professional (CDMP) AWS Certified Solutions Architect: Validates ex Skills and Competencies: Understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and compliance requirements (e.g., GDPR, HIPAA). Knowledge of designing secure networks, applications, and cloud Architecture, including understanding firewalls, VPNs, and micro service architecture. Understanding of IAM principles, including user provisioning, authentication, and authorization techniques. Familiarity with security tools, such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and endpoint protection. Strong design knowledge and experience working with Trend Micro Vision One, XDR platform, email security, EDR, email security, PAM, IPS, WAF and DLP technologies. Strong design and supporft on experience working with Azure/AWS security controls such as Defender, Purview, IAM, Entra ID etc.. The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing Strong understanding of the changing threat landscape and how this may affect our systems The ability to challenge concerns and report through appropriate channels Self-drive, motivation and the ability to work independently to deliver expected outcomes Strong analytical and report writing skills API Security Understanding of API Protocols: Knowledge of REST, SOAP, and GraphQL. Authentication and Authorization: Familiarity with OAuth, JWT, and API keys. Threat Protection: Implementing rate limiting, IP whitelisting, and DDoS protection. Data Encryption: Ensuring data is encrypted in transit and at rest. API Gateway Management: Experience with tools like Azure API Management, Kong, or Apigee. Azure Architecture Azure Services: Proficiency with Azure services such as Azure Virtual Machines, Azure Kubernetes Service (AKS), Azure Functions, and Azure Storage. Networking: Understanding of Azure Virtual Networks, Subnets, and Network Security Groups. Security Best Practices: Implementing Azure Security Center recommendations and Azure Policy. Infrastructure as Code (IaC): Experience with ARM templates, Bicep, or Terraform for deploying Azure resources. Monitoring and Logging: Using Azure Monitor, Log Analytics, and Application Insights for tracking and diagnosing issues. Identity and Access Management (IAM) Azure Active Directory (AAD): Deep knowledge of AAD, including user and group management, conditional access policies, and identity protection. Role-Based Access Control (RBAC): Implementing and managing RBAC in Azure to control access to resources. Single Sign-On (SSO): Configuring SSO for applications using AAD. Multi-Factor Authentication (MFA): Enforcing MFA for enhanced security. Show more Show less

Job Description As a Cybersecurity Engineer, you will be responsible for designing, implementing, and maintaining security measures to protect the organization's computer systems, networks, and data from cyber threats. This role will involve a combination of technologies, processes, and practices designed to safeguard data, applications, and networks from threats like malware, phishing, and data breaches. Current Employees apply HERE Current Contingent Workers apply HERE Secondary Language(s) Job Description Senior Manager, Cybersecurity Engineering Cloud and App Security The Opportunity Based in Hyderabad, join a global healthcare biopharma company and be part of a 130- year legacy of success backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare. Be part of an organisation driven by digital technology and data-backed approaches that support a diversified portfolio of prescription medicines, vaccines, and animal health products. Drive innovation and execution excellence. Be a part of a team with passion for using data, analytics, and insights to drive decision-making, and which creates custom software, allowing us to tackle some of the world's greatest health threats. Our Technology Centers focus on creating a space where teams can come together to deliver business solutions that save and improve lives. An integral part of our company’s IT operating model, Tech Centers are globally distributed locations where each IT division has employees to enable our digital transformation journey and drive business outcomes. These locations, in addition to the other sites, are essential to supporting our business and strategy. A focused group of leaders in each Tech Center helps to ensure we can manage and improve each location, from investing in growth, success, and well-being of our people, to making sure colleagues from each IT division feel a sense of belonging to managing critical emergencies. And together, we must leverage the strength of our team to collaborate globally to optimize connections and share best practices across the Tech Centers. Role Overview As a Cybersecurity Engineer, you will be responsible for designing, implementing, and maintaining security measures to protect the organization's computer systems, networks, and data from cyber threats. This role will involve a combination of technologies, processes, and practices designed to safeguard data, applications, and networks from threats like malware, phishing, and data breaches. You will be tasked with identifying vulnerabilities, supporting the response to incidents, and ensuring that security protocols and controls are adhered to. Your role is vital in safeguarding critical assets and ensuring compliance with legal and regulatory standards. What Will You Do In This Role Lead the development of enhanced cloud and application security control integrations and architectural best practices. Lead the development and implementation of product security policies and standards to ensure that application, cloud services and infrastructure meet organizational security requirements. Lead the maintenance and monitoring security tools and dashboards, ensuring that applications deployed in our environments adhere to organizational security standards and compliance requirements. Lead adoption of our security tools within other teams ensuring the inputs and outputs are fully integrated enabling a complete security function. Design, implement, test, document, and support integration of security tools and technologies in pipelines, Also, assist the product teams in related activities. Work closely with cross-functional Infrastructure teams on Automation and Orchestration. Create and document detailed designs for simple software applications or components. Apply agreed modelling techniques, standards, patterns, and tools. Work within a matrix organizational structure, reporting to both the functional manager and the project manager. What Should You Have Bachelors’ degree in Information Technology, Computer Science or any Technology stream. Working experience in cloud environments AWS must have and good to have Azure, or GCP. Understanding of OWASP Top 10 security risks and mitigation strategies, relevant NIST standards, and Zero Trust principles. Familiarity with programming/scripting languages like Python, Bash, Terraform, Ansible, JSON, PowerShell, or JavaScript for automating tasks. Familiarity with software development/delivery lifecycle and related technologies 7+ years of hands-on experience working with network protocols, firewalls, intrusion detection systems, encryption technologies, and endpoint security solutions. Proficiency in security tools in the areas of cloud, application, endpoint, network or identity, vulnerability scanners, and malware analysis platforms. Knowledge of authentication methods, identity management, and security access protocols (e.g., SSO, MFA, LDAP). Ideally AWS certified. Good interpersonal and communication skills (verbal and written). Relevant certifications (e.g., CISSP, CISM, CEH, CompTIA Security+) are often required or highly desirable. Proven record of delivering high-quality results. Product and customer-centric approach. Innovative thinking, experimental mindset. Our technology teams operate as business partners, proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver services and solutions that help everyone be more productive and enable innovation. Who We Are We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world. What We Look For Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today. #HYDIT2025 Search Firm Representatives Please Read Carefully Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. Employee Status Regular Relocation VISA Sponsorship Travel Requirements Flexible Work Arrangements Hybrid Shift Valid Driving License Hazardous Material(s) Required Skills Design Applications, Information Security, Security Operations, SLA Management, Software Development, Software Development Life Cycle (SDLC), System Designs, Technical Advice, Vulnerability Scanning Preferred Skills Job Posting End Date 07/2/2025 A job posting is effective until 11 59 59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. Requisition ID R335950 Show more Show less

Job Description Current Employees apply HERE Current Contingent Workers apply HERE Secondary Language(s) Job Description Manager, Cybersecurity Engineering Cloud and App Security The Opportunity Based in Hyderabad, join a global healthcare biopharma company and be part of a 130- year legacy of success backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare. Be part of an organisation driven by digital technology and data-backed approaches that support a diversified portfolio of prescription medicines, vaccines, and animal health products. Drive innovation and execution excellence. Be a part of a team with passion for using data, analytics, and insights to drive decision-making, and which creates custom software, allowing us to tackle some of the world's greatest health threats. Our Technology Centers focus on creating a space where teams can come together to deliver business solutions that save and improve lives. An integral part of our company’s IT operating model, Tech Centers are globally distributed locations where each IT division has employees to enable our digital transformation journey and drive business outcomes. These locations, in addition to the other sites, are essential to supporting our business and strategy. A focused group of leaders in each Tech Center helps to ensure we can manage and improve each location, from investing in growth, success, and well-being of our people, to making sure colleagues from each IT division feel a sense of belonging to managing critical emergencies. And together, we must leverage the strength of our team to collaborate globally to optimize connections and share best practices across the Tech Centers. Role Overview As a Cybersecurity Engineer, you will be responsible for designing, implementing, and maintaining security measures to protect the organization's computer systems, networks, and data from cyber threats. This role will involve a combination of technologies, processes, and practices designed to safeguard data, applications, and networks from threats like malware, phishing, and data breaches. You will be tasked with identifying vulnerabilities, supporting the response to incidents, and ensuring that security protocols and controls are adhered to. Your role is vital in safeguarding critical assets and ensuring compliance with legal and regulatory standards. What Will You Do In This Role Contribute to the development of enhanced cloud and application security control integrations and architectural best practices. Contribute to the development and implementation of product security policies and standards to ensure that application, cloud services and infrastructure meet organizational security requirements. Help maintain and monitor security tools and dashboards, ensuring that applications deployed in our environments adhere to organizational security standards and compliance requirements. Identify and prioritize adoption of our security tools within other teams ensuring the inputs and outputs are fully integrated enabling a complete security function. Follow standard approaches and established design patterns to create new designs for systems or system components. Identify and resolve minor design issues. Assist in implementing and maintaining specific security controls as required by organisational policy and local risk assessments and contribute to identifying risks that arise from potential technical solution architectures. Monitor and log the actual service provided, compared to that required by service level agreements. Undertake low-complexity routine vulnerability assessments using automated and semi-automated tools and contribute to evaluating and documenting the scope of results. Design, implement, test, document, and support integration of security tools and technologies in pipelines, Also, assist the product teams in related activities. Assist in maintaining security infrastructure and performing system updates. Investigate minor security breaches in accordance with established procedures. Assist users in defining their access rights and privileges and perform non-standard operational security tasks. Resolve security events and operational security issues. Work closely with cross-functional Infrastructure teams on Automation and Orchestration. Create and document detailed designs for simple software applications or components. Apply agreed modelling techniques, standards, patterns, and tools. Work within a matrix organizational structure, reporting to both the functional manager and the project manager. What Should You Have Bachelors’ degree in Information Technology, Computer Science or any Technology stream. Working experience in cloud environments AWS must have and good to have Azure, or GCP. Understanding of OWASP Top 10 security risks and mitigation strategies, relevant NIST standards, and Zero Trust principles. Familiarity with programming/scripting languages like Python, Bash, Terraform, Ansible, JSON, PowerShell, or JavaScript for automating tasks. Familiarity with software development/delivery lifecycle and related technologies 3+ years of hands-on experience working with network protocols, firewalls, intrusion detection systems, encryption technologies, and endpoint security solutions. Proficiency in security tools in the areas of cloud, application, endpoint, network or identity, vulnerability scanners, and malware analysis platforms.. Knowledge of authentication methods, identity management, and security access protocols (e.g., SSO, MFA, LDAP). Ideally AWS certified. Good interpersonal and communication skills (verbal and written). Relevant certifications (e.g., CISSP, CISM, CEH, CompTIA Security+) are often required or highly desirable. Proven record of delivering high-quality results. Product and customer-centric approach. Innovative thinking, experimental mindset. Our technology teams operate as business partners, proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver services and solutions that help everyone be more productive and enable innovation. Who We Are We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world. What We Look For Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today. #HYDIT2025 Search Firm Representatives Please Read Carefully Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. Employee Status Regular Relocation VISA Sponsorship Travel Requirements Flexible Work Arrangements Hybrid Shift Valid Driving License Hazardous Material(s) Required Skills Design Applications, Information Security, Security Operations, SLA Management, Software Development, Software Development Life Cycle (SDLC), System Designs, Technical Advice, Vulnerability Scanning Preferred Skills Job Posting End Date 07/2/2025 A job posting is effective until 11 59 59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. Requisition ID R335935 Show more Show less

Job Description Manager, Cybersecurity Engineering. The Opportunity Based in Hyderabad, join a global healthcare biopharma company and be part of a 130- year legacy of success backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare. Be part of an organisation driven by digital technology and data-backed approaches that support a diversified portfolio of prescription medicines, vaccines, and animal health products. Drive innovation and execution excellence. Be a part of a team with passion for using data, analytics, and insights to drive decision-making, and which creates custom software, allowing us to tackle some of the world's greatest health threats. Our Technology Centers focus on creating a space where teams can come together to deliver business solutions that save and improve lives. An integral part of our company’s IT operating model, Tech Centers are globally distributed locations where each IT division has employees to enable our digital transformation journey and drive business outcomes. These locations, in addition to the other sites, are essential to supporting our business and strategy. A focused group of leaders in each Tech Center helps to ensure we can manage and improve each location, from investing in growth, success, and well-being of our people, to making sure colleagues from each IT division feel a sense of belonging to managing critical emergencies. And together, we must leverage the strength of our team to collaborate globally to optimize connections and share best practices across the Tech Centers. Role Overview We are looking for a self-motivated result focused Cybersecurity Engineer to become a part of our expanding team. This position will be a hybrid position located in Hyderabad, India. This role will focus on engineering, deployment, and support of endpoint security solutions. The successful candidate will work closely with global stakeholders to safeguard our company’s assets worldwide. The ideal applicant should possess at least 5 years of experience in cybersecurity, with a background in an engineering role within a global environment. What Will You Do In This Role Implement endpoint security solutions across Cloud, Enterprise, and Manufacturing IT / OT environments. Operate and maintain endpoint security controls, including installation, configuration, tuning, and ongoing maintenance. Research and assess new endpoint security technologies. Conduct user acceptance testing. Provide level 3 engineering support What Should You Have Basic understanding of the NIST & MiTRE Cybersecurity framework including Zero Trust. Strong analytical and problem-solving skills. Familiarity with developing endpoint security controls and security policies Experience with Windows Desktop/Server, MacOS and Linux operating systems. Solid collaboration skills, able to collaborate with colleagues in both domestic and international locations. Previous experience developing SDLC documentation and change control processes. Minimum 5 years’ experience working with Trellix/Mcafee suite including TIE server and Solid Core. Minimum 5 years’ experience working with Microsoft Defender (deployment and support) Minimum 3 years’ experience working with CrowdStrike. Experience 3- 7 yrs. Our technology teams operate as business partners, proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver services and solutions that help everyone be more productive and enable innovation. Who We Are We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world. What We Look For Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today. #HYDIT2025 Current Employees apply HERE Current Contingent Workers apply HERE Search Firm Representatives Please Read Carefully Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. Employee Status Regular Relocation VISA Sponsorship Travel Requirements Flexible Work Arrangements Hybrid Shift Valid Driving License Hazardous Material(s) Job Posting End Date 05/21/2025 A job posting is effective until 11 59 59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. Requisition ID R342310 Show more Show less

Information Security Analyst Job Description Position Summary: The position will support the organizational initiatives and activities on Cyber Security/Information Security. This involves the development, im plementation, and support of various security programs, processes, best practices and controls across the organization. It also requires to continuously monitor, review and report of the compliance & security posture of the organization. Responsibilities  Conduct Risk assessments, information security internal audits  Provide consultation on remediating controls and follow up  Perform reviews and conduct internal security audits on Cyber Security/Information security and ensure the organizational security controls are appropriate and effective  Ensure compliance to client security requirements  Provide support for obtaining and maintaining Security Certification and Assurance programs like ISO 27001, PCI DSS, HITRUST, TISAX, SOC 2, etc.  Participate in various organizational initiatives and activities to maintain the Information Security Management System (ISMS) based on ISO 27001  Develop and maintain Information Security policies, procedures, standards and guidelines  Coordinate response to information security incidents  Provide awareness and training in relevant areas  Collaborate with IT, Finance, HR and other departments for various security related activities  Conduct security research and keep abreast of latest security trends and issues Desired Skills/Experience  4+ years of experience in Information Security  Knowledge of Information security standards & best practices (e.g., ISO 27001, NIST, etc.), and regulations related to information security and privacy  Strong analytical and problem solving skills  Excellent communication and interpersonal skills  Knowledge of security tools, techniques and methodologies  Professional/Technical Certifications (Security +, ISO 27001 LA, CISA, CISSP, CCSE, CCSP, etc.) desirable Show more Show less

Job Description Associate Specialist, Cybersecurity Operations The Opportunity Based in Hyderabad, join a global healthcare biopharma company and be part of a 130- year legacy of success backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare. Be part of an organisation driven by digital technology and data-backed approaches that support a diversified portfolio of prescription medicines, vaccines, and animal health products. Drive innovation and execution excellence. Be a part of a team with passion for using data, analytics, and insights to drive decision-making, and which creates custom software, allowing us to tackle some of the world's greatest health threats. Our Technology Centers focus on creating a space where teams can come together to deliver business solutions that save and improve lives. An integral part of our company’s IT operating model, Tech Centers are globally distributed locations where each IT division has employees to enable our digital transformation journey and drive business outcomes. These locations, in addition to the other sites, are essential to supporting our business and strategy. A focused group of leaders in each Tech Center helps to ensure we can manage and improve each location, from investing in growth, success, and well-being of our people, to making sure colleagues from each IT division feel a sense of belonging to managing critical emergencies. And together, we must leverage the strength of our team to collaborate globally to optimize connections and share best practices across the Tech Centers. Role Overview As a Cybersecurity Engineer, you will be responsible for designing, implementing, and maintaining security measures to protect the organization's computer systems, networks, and data from cyber threats. This role will involve a combination of technologies, processes, and practices designed to safeguard data, applications, and networks from threats like malware, phishing, and data breaches. You will be tasked with identifying vulnerabilities, supporting the response to incidents, and ensuring that security protocols and controls are adhered to. Your role is vital in safeguarding critical assets and ensuring compliance with legal and regulatory standards. What Will You Do In This Role Collaborate with product teams to enforce application security best practices, conduct reviews, perform scans and assist in threat modeling to identify and mitigate security risks throughout the development lifecycle. Contribute with penetration testing efforts to evaluate the security posture of applications and containers, providing detailed reports on findings and working with development teams to remediate identified issues. Collaborate to the oversight of security-related bugs and vulnerabilities using tracking systems. Help prioritize security issues based on risk and impact and ensuring that reported issues are triaged and addressed in a timely manner. Contribute to the creation and delivery of training materials for the workforce to raise awareness and increase adoption of application security best practices, cloud security best practices, including secure usage of cloud applications and availability of compensating controls. Help maintain and monitor security tools and dashboards, ensuring that applications deployed in our environments adhere to organizational security standards and compliance requirements. Follow standard approaches and established design patterns to create new designs for systems or system components. Identify and resolve minor design issues. Monitor and log the actual service provided, compared to that required by service level agreements. Assist in maintaining security infrastructure and performing system updates. Investigate minor security breaches in accordance with established procedures. Assist users in defining their access rights and privileges and perform non-standard operational security tasks. Resolve security events and operational security issues. Work closely with cross-functional Infrastructure teams on Automation and Orchestration. Create and document detailed designs for simple software applications or components. Apply agreed modelling techniques, standards, patterns, and tools. Work within a matrix organizational structure, reporting to both the functional manager and the project manager. What Should You Have Bachelors’ degree in Information Technology, Computer Science or any Technology stream. 3+ years of hands-on experience working with proficiency in security tools in the areas of cloud, application, endpoint, network or identity, vulnerability scanners, and malware analysis platforms. Understanding of OWASP Top 10 security risks and mitigation strategies, relevant NIST standards, and Zero Trust principles. Good to have experience in cloud environments AWS, Azure, or GCP. Familiarity with software development/delivery lifecycle and related technologies Familiarity with programming/scripting languages like Python, Bash, Terraform, Ansible, JSON, PowerShell, or JavaScript for automating tasks. Knowledge of authentication methods, identity management, and security access protocols (e.g., SSO, MFA, LDAP). Ideally AWS certified. Good interpersonal and communication skills (verbal and written). Relevant certifications (e.g., CISSP, CISM, CEH, CompTIA Security+) are often required or highly desirable. Proven record of delivering high-quality results. Product and customer-centric approach. Innovative thinking, experimental mindset. Our technology teams operate as business partners, proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver services and solutions that help everyone be more productive and enable innovation. Who We Are We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world. What We Look For Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today. #HYDIT2025 Current Employees apply HERE Current Contingent Workers apply HERE Search Firm Representatives Please Read Carefully Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. Employee Status Regular Relocation VISA Sponsorship Travel Requirements Flexible Work Arrangements Hybrid Shift Valid Driving License Hazardous Material(s) Job Posting End Date 04/28/2025 A job posting is effective until 11 59 59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. Requisition ID R341160 Show more Show less

The Role: Due Diligence, Sr. Analyst Experience: 1-4yrs Work Mode: Hybrid The Team: We are looking for highly motivated professionals who will strengthen our specialisms, and champion our uniqueness to create a company that is collaborative, respectful, and inclusive to all. You will have 1-4 years’ experience of Due Diligence to meet the needs of our expanding portfolio of Financial Services clients. This is an excellent opportunity to be part of a team based out of Gurugram and to work with colleagues across multiple regions globally. Responsibilities: Assist in the creation and maintenance of a centralized library of responses within applicable internal tool/s Collaborate with and collect data from SMEs across various departments to complete responses, when necessary Ensure that responses are accurate, timely, and comply with company standards Taking ownership to deliver high-quality responses by performing quality checks on draft and final documents Gather information on policies, products/services, and maintain an up-to-date and well- organized repository for team and stakeholder use. Facilitate calls with customers and appropriate SMEs as needed to resolve outstanding customer information requirements. Escalate issues to manager and other stakeholders promptly as needed Provide metrics reporting, tracking of metrics for the measurement of volume and type of requests, information gaps, and the effectiveness of team processes Continuously identify improvements to the process to increase efficiency Manage and prioritize multiple responsibilities and deadlines; maintain comprehensive records of responses and disclosures and associated metrics Respond to ad-hoc customer inquiries Assist with other Third Party Risk Management activities as needed What We’re Looking For: Overall 1- 4 years of relevant experience in vendor/customer due diligence Understanding of global financial markets and products Strong customer/relationship management skills Ability to drive/manage work in a matrixed environment Excellent verbal and written communications skills Highly organized and strong attention to detail Continuous Improvement mindset Knowledge of Third-Party Risk Management concepts. Knowledge of Customer DDQs, and associated control areas Self-starter able to work with minimal guidance and supervision Process development and process improvement skills Strong project/program management skills High proficiency in the MS Office Suite (Outlook, Word, Excel, PowerPoint, Project). Experience with ServiceNow, SharePoint, Visio, Jira a plus Experience with due TPRM related support tools (e.g., Loopio, Panorays, Tugboat, TruSight, KY3P, Ariba) Comfortable working with stakeholders at all levels Ability to prioritize multiple requests from a variety of sources and prioritize those tasks to meet applicable deadlines Technology aptitude Working knowledge of industry information security and privacy standards including, NIST assessments, ISO audits/certifications, and SOC audits a plus The Location: Gurugram, India Show more Show less

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Senior Associate Information Security Analyst is a developing subject matter expert, responsible for designing and implementing security systems to protect the organization's computer networks from cyber-attacks, and to help set and maintain security standards. This role is required to monitor the organization's computer networks for security issues, install security software, and document any security issues or breaches found. The Senior Associate Information Security Analyst is responsible for assisting in the planning, implementation, and management of information security measures to safeguard the organization's digital assets and systems and contributes to maintaining a secure and compliant environment. What You'll Be Doing Key Responsibilities: Monitors security alerts and events from various sources, investigates potential threats, and escalates incidents as necessary. Assists in the implementation and monitoring of security controls, including firewalls, intrusion detection systems, and access controls. Performs regular vulnerability assessments, analyses scan results, and assists in prioritizing and remediating identified vulnerabilities. Supports the incident response team in investigating security incidents, documenting findings, and participating in remediation efforts. Assists in ensuring compliance with industry standards (for example, GDPR, ISO 27001) by conducting assessments and implementing necessary controls. Installs security measures and operates software to protect systems and information infrastructure, including firewalls and data encryption programs. Documents security breaches and assess the damage they cause. Works with the security team to perform tests and uncover network vulnerabilities. Fixes detected vulnerabilities to maintain a high-security standard. Develops organizational best practices for IT security. Performs penetration testing and upgrades systems to unable security software. Installs and upgrades antivirus software and tests and evaluates new technology. Assists with the installation of security software and understands information security management. Researches security enhancements and makes recommendations to management. Stays abreast of information technology trends and security standards. Contributes to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices. Maintains accurate records of security incidents, assessments, and actions taken for reporting and audit purposes. Assists in the management and maintenance of security tools, including antivirus software, encryption tools, and security information and event management (SIEM) systems. Participates in risk assessments to identify potential security threats, vulnerabilities, and associated risks to the organization. Collaborates with cross-functional teams, IT, and other teams to ensure security measures are integrated into the organization's processes and projects. Performs any other related task as required. Knowledge and Attributes: Good communication skills to effectively convey technical information to non-technical stakeholders. Good analytical thinking and problem-solving skills to prevent hacking on a network. Ability to identify and evaluate potential risks and to develop solutions. Ability to identify and mitigate network vulnerabilities and explain how to avoid them. Understands firewalls, proxies, SIEM, antivirus, and IDPS concepts. Understands patch management with the ability to deploy patches in a timely manner whilst understanding business impact. Developing proficiency with MAC and OS. Familiarity with security frameworks, standards, and regulations (for example, NIST, CIS, GDPR). Basic understanding of network and system architecture, protocols, and security controls. Ability to analyze security incidents and assess potential risks. Ability to work both independently and collaboratively in a fast-paced environment. Academic Qualifications and Certifications: Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related. Security certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) are advantageous. Required Experience: Moderate level of demonstrated experience in information security or cybersecurity, or related roles. Moderate level of demonstrated experience working in a global IT organization. Moderate level of demonstrated experience with computer network penetration testing and techniques. Moderate level of demonstrated experience with security assessment and vulnerability scanning tools. Workplace type: On-site Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today. Show more Show less

This role is for one of the Weekday's clients Min Experience: 9 years Location: Mumbai JobType: full-time We are seeking an experienced and highly motivated GRC (Governance, Risk & Compliance) Lead to join our IT Security team. The ideal candidate will have a deep understanding of industry-standard frameworks such as ISO 27001 , NIST , and IT GRC practices, along with hands-on experience as a GRC Consultant . This role will be pivotal in driving our organization's risk and compliance posture and ensuring alignment with regulatory and corporate requirements. Requirements Key Responsibilities Governance, Risk, and Compliance Leadership: Lead and manage the IT GRC function, ensuring proper governance structures, policies, and controls are in place to support enterprise security and compliance objectives. Framework Implementation: Implement and maintain compliance frameworks including ISO 27001 and NIST Cybersecurity Framework. Ensure all policies, processes, and controls are aligned with these standards. Risk Management: Identify, evaluate, and mitigate risks across IT systems, infrastructure, and business operations. Oversee the creation and execution of risk treatment plans and risk registers. Security Policy & Process Development: Develop, update, and enforce IT security policies, standards, and procedures. Conduct periodic audits to ensure compliance. IT GRC Tools & Technology: Utilize GRC platforms and tools to automate and streamline compliance monitoring, reporting, and risk management processes. Internal & External Audit Support: Act as the primary point of contact for audits. Coordinate and facilitate IT audits and assessments, including evidence gathering and gap remediation planning. Awareness & Training: Conduct training and awareness programs for teams on GRC best practices, policies, and regulatory requirements. Stakeholder Engagement: Collaborate with cross-functional teams including Legal, Risk, IT, and Business to ensure comprehensive GRC integration across the organization. Required Skills And Qualifications 9-17 years of experience in Governance, Risk, and Compliance, with a strong focus on IT Security. Expertise in implementing and maintaining ISO 27001 and NIST Cybersecurity Framework. Proven experience in an IT GRC or GRC Consultant role, preferably in a mid to large-sized enterprise or consulting environment. Deep understanding of IT security principles, risk assessment methodologies, and control frameworks. Strong analytical and problem-solving skills with a proactive and risk-based approach. Experience with GRC platforms such as RSA Archer, ServiceNow GRC, or similar tools is a plus. Excellent communication, documentation, and presentation skills. Relevant certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor will be considered a strong advantage. Show more Show less

Job description Work Location:- Bangalore / Hyderabad / Pune / Gurgaon Experience:- 4 - 10 yrs Leavel- AM/Manager JD Job Requirements Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management Contribute to IT Audit knowledge base and internal practice development initiatives Supervise and provide performance management for IT audit staff working on assigned engagements Write and present clear and concise reports and presentations containing meaningful observations and recommendations to clients, and document procedures performed and conclusions reached related to projects Support proposal and business development activities by assisting in the identification of new target clients, building business relationships with key executives, and developing/presenting proposals Provide oversight and leadership to team members regarding deliverables, project plans, and performance management while contributing to industry and regulatory publications, writing professional and thought leadership articles, and speaking at related conferences and seminars Mandatory technical & functional skills Bachelor's degree in an appropriate field from an accredited college/university; Master's degree from an accredited college/university is preferred Prior knowledge leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs Experience with IT Risk Management and three lines of defense frameworks CISA, PMP, CISSP or CRISC certification is preferred Show more Show less

Role: SOC Manager - L3 Location: Mumbai (Kurla) – Client Site Notice Period: Immediate to 45 days Job Type: Hybrid Shift Timings: General shift (5 days/week, 2 working Saturdays) Experience: 10 - 15 years Valid-Active CISM/CISSP certification About the Company : A leading global IT services provider, specializing in consulting, application development, systems integration, and managed services for enterprises and governments worldwide. Must-Have Skills 10+ years in SOC 2-3 years as L3 level Team Lead Valid-Active CISM/CISSP certification Expertise in EDR, Incident Response, Threat Hunting Proficiency in Splunk for security monitoring Good-to-Have Skills CEH, OSCP, GIAC certifications Cloud Security expertise in AWS, Azure, or GCP Scripting with Python, PowerShell Familiarity with MITRE ATT&CK Knowledge of ISO 27001, NIST, GDPR, RBI guidelines Digital Forensics & Malware Analysis Strong stakeholder management skills Academic Qualifications Valid-Active CISM/CISSP certification Key Performance Indicators Timely incident resolution Regular metrics and report presentation SIEM efficiency and compliance Integration of SIEM with other solutions Stakeholder collaboration effectiveness Skills: aws,azure,digital forensics,incident response,cloud security expertise in aws, azure, or gcp,ceh,powershell,cloud security,python, powershell,cissp,malware analysis,gdpr,edr, incident response, threat hunting,python,cloud security (aws, azure, gcp),nist,cism,gcp,security monitoring (splunk),iso 27001,rbi guidelines,stakeholder management,threat hunting,edr,giac,splunk,oscp,scripting (python, powershell),mitre att&ck,soc,cism/cissp certification,soc management Show more Show less

Role: Cyber Risk Management Lead Experience: 5 to 10 Years Office location-Sector-125, Noida Required Qualification: Bachelor of Engineering - Bachelor of Technology (B.E./B.Tech.) Additional Information There are 2-3 rounds in the interview process. This is 5 days’ work from office role (No Hybrid/ Remote options available) Final round will be F2F (Mandatory) About role: We are seeking a Cyber Risk Management Lead to identify and remediate or mitigate risks . Candidate should have effective task management skills and the ability to communicate effectively. The individual must be able to rapidly respond to security incidents and should have at least 5 years of relevant experience in Cyber security Risk management. Candidates Should have deeper understanding with some hands-on experience on enterprise IT infra components such as O365 suite, advanced firewalls, IPS/IDS/HIPS, routers/switches, VPN, proxy, AV/EDR, DNS, DHCP, multi factor authentication, virtualization, Email systems/security, Web Proxy, WAF, DLP etc. along with cloud environments like AWS (Must) , Azure etc. Job Description Understanding applicable regulations, guidelines, and industry best practices to manage risk and ensure compliance Developing, maintaining, or auditing security documentation such as policies, standards, and procedures Monitoring security internal control effectiveness for EDR, Email Security, Server security, Cloud security etc Conducting internal security assessments to ensure continued compliance Explaining roles in managing risk to cross team functions and getting buy-in to improve the organizational risk posture Managing SOC 2 Type 2 assessment and provide adequate support for collecting relevant evidence for all relevant controls Should be able to review RFPs (request for proposal) and provide responses for Cyber security related items Manage Risk Governance Implement/govern AWS Cloud and Office 365 Security Manage and support internal and external audits Follow up till closure on audit findings if any Manage dashboards and reports to keep track of priority events for IT and IS Create MOM for Board Meetings Vendor Evaluation for cyber security controls Firewall rules review for On-premises and AWS firewall Security Awareness: Create materials PPT/e-mailers and provide training as needed Incident management and Business continuity CISO dashboard and success reports Meet with business team to understand their business requirements from cyber security perspective Has basic knowledge of audit requirements (SOC2, HIPPA, ISO27001, etc.) Understanding of respective industry best practices (e.g., NIST, ISO, OWASP, ITIL) At least one security certification is strongly preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP) Prior experience of management of technology infrastructure is preferred Skills: internal security assessments,communication skills,compliance,security awareness training,cloud security,cyber risk management,security auditing,security awareness,security documentation,switches,cloud environments,dhcp,o365 suite,azure,it infrastructure management,ips/ids/hips,soc 2 type 2 assessment,enterprise it infrastructure,vendor evaluation,firewall management,o365,advanced firewalls,nist, iso, owasp, itil best practices,vpn,cybersecurity risk management,security document auditing,risk management,compliance management,multi-factor authentication,incident response,risk assessment,security assessments,routers/switches,security incident response,cyber risk management lead,ciso dashboard management,soc assesment,incident management,aws,effective communication,dns,aws security,risk governance,business continuity,task management,cyber security,audit management,firewall rules review,waf,dlp,regulatory compliance (soc2, hipaa, iso27001),email systems/security,auditing,cyber security risk management,it infrastructure security,office 365 security,web proxy,aws cloud security,proxy,email security,virtualization,communication,routers,av/edr Show more Show less

Position - Cyber Security / Cloud infrastructure specialist Location: Gurgaon, India Employment Type: Full-time Experience- 3 to 5 years Salary - upto 15 LPA Role Overview: We are seeking a highly capable professional to ensure end-to-end cybersecurity compliance and system efficiency across our IT and OT environments, including digital applications and cloud infrastructure. Key Responsibilities: • Ensure full compliance with enterprise cybersecurity baseline standards and policies across IT and OT systems. •Implement and maintain cybersecurity controls for both digital (IT) and operational (OT) technologies. •Design and enforce security architecture, focusing on data protection, network segmentation, and access control. •Safeguard OT systems (e.g., SCADA, PLCs, ICS) from external and internal threats. •Manage and optimize cloud infrastructure (Azure), ensuring high availability, performance, and resilience. •Ensure system uptime, perform regular backups, and drive operational efficiency. •Conduct regular risk assessments, vulnerability management, and incident response activities. •Collaborate across IT and engineering teams to ensure secure IT/OT integration. Qualifications: •Proven experience in cybersecurity for IT and OT systems, with knowledge of protocols such as Modbus, OPC, DNP3, etc. •Hands-on expertise with cloud platforms (Azure) and cloud-native security tools. •Experience with ICS/SCADA environments and zero-trust architectures. •Familiarity with cybersecurity standards such as NIST, ISA/IEC 62443, or ISO 27001. •Certifications such as CISSP, GICSP, AWS Security, or equivalent are a plus. Why Join Us? •Work on cutting-edge security projects across IT and OT domains. •Be a key player in shaping resilient infrastructure. •Collaborate with forward-thinking teams in a dynamic environment Interested can mail your cv - monica@rypro.co.in Show more Show less

Who You Are You are a highly experienced and visionary securityprofessional with deep expertise in application security, architecture, and secure software development. You’re not only a strategist and a technical authority, but also someone who remains hands-onwhen it matters. You thrive on solving large-scale security problems, designing resilient security architectures, and enabling engineering teams to ship secure products without friction. You lead with influence, partner with engineering and product leaders, and drive scalable security solutions across an enterprise. You also play a pivotal role in client's Application Security Research &Engineering (ASRE) program—guiding the development of internal tooling, automation, and innovative approaches to secure software at scale. What You’ll Do Design and own secureapplication architectures across client's productlandscape, including SaaS platforms, mobile apps, APIs, and cloud-native services. Define and evolve application security strategy , driving initiatives that align with client's product roadmapand risk posture. Lead architecture reviews,threat modeling sessions, and risk assessments for high- impact products and features, including those involving AI/ML pipelines . Engineer and advocate scalablesecurity solutions , from reusable libraries and security design patterns to tooling integrations within the SDLC. Build and maintainrelationships with engineering leaders, product managers,and infrastructure teams to champion security-by-design principles. Partner with ASRE to defineand drive automation projects, internal tool development, and scalable controls for vulnerability discovery and remediation. Serve as the securitytechnical authority during escalations, post-incident reviews, customer audits, and design sprints. Provide technical leadership to the broaderAppSec team, mentoringSenior and Lead engineers and participating in hiring and capability building. Evaluate and introduce new technologies, standards, or frameworks to improve application security and developer experience. What You Bring 10+ years of experience in information security,with a strong focus on application security, architecture design , and secure development practices. Deep understanding of secure softwaredevelopment lifecycles (SDLC),secure design principles, and modern threat landscapes (including AI/MLrisks, supply chain,cloud- native, and microservices). Proven ability to architectsecure solutions across multi-tenant SaaS platforms, microservices, and API-driven ecosystems. Expertise in performing and leading threat modeling , code reviews , and architecture risk assessments . Strong coding and scripting skills (e.g., Python,Java, JavaScript, TypeScript, etc. ); ability to prototype tools or support ASRE initiatives directly. Hands-on experience with security tools and platforms (e.g., SAST, DAST, IAST, SCA, container scanning, IaC analysis). Familiarity with cloud security and native controls(AWS/GCP/Azure), DevSecOps pipelines, and IaC tools like Terraform. Excellent communication skillswith a proven ability to influence both technical and executive stakeholders. Strong grasp of regulatory frameworks and standards such as ISO 27001, SOC 2, PCI, OWASP, NIST 800-53/218, and AI RMF. Bonus If You Have Experience building securityframeworks or referencearchitectures adopted across multiple product teams. Research contributions to ASRE-style initiatives, open-source tooling, or internal platform development. Knowledge of emergingAI security threats(adversarial ML, model poisoning, privacy leakage, etc.). Certifications such as AWS CertifiedSolutions Architect—Associate/Professional, CSSLP, OSWE, GCPN, CISSP, SABSA, or SANS/GIAC Architect-level certification. Why You’llLove This Role You’ll define and influence the security architecture of platforms used by thousandsof customers worldwide. You’ll work on high-impact initiatives with the authority to shape how security is done— not just today, but for the long term. You’ll help grow and mentor a world-class AppSec team while staying close to the technology you love. You’ll drive an engineering-led securityculture alongside leadership that supports security investment, research, and innovation. Show more Show less

Over the last 20 years, Ares’ success has been driven by our people and our culture. Today, our team is guided by our core values – Collaborative, Responsible, Entrepreneurial, Self-Aware, Trustworthy – and our purpose to be a catalyst for shared prosperity and a better future. Through our recruitment, career development and employee-focused programming, we are committed to fostering a welcoming and inclusive work environment where high-performance talent of diverse backgrounds, experiences, and perspectives can build careers within this exciting and growing industry. Job Description Primary functions and essential responsibilities Lead the Architecture, design, implementation, and management of the company's network infrastructure, including data centers and disaster recovery environments. Optimize stability, availability, reliability, and performance of networking infrastructure. Develop and execute strategic plans for network architecture, ensuring alignment with business objectives. Collaborate with internal teams and external partners to achieve successful project delivery and mitigate risks. Provide expert-level troubleshooting and support for escalated network incidents. Define key metrics and reporting mechanisms to communicate network performance and project progress to executive management. Mentor and train staff on best practices and emerging technologies in network engineering. Develop and maintain comprehensive documentation for network configurations, procedures, and policies. Ensure compliance with various regulatory requirements and industry standards Expertise in building well architected frameworks utilizing industry standards such as NIST 800-53 Expertise in design and architecture of self-healing networks Extensive experience around product and technology assessment/testing and Proof of concept evaluations with clearly defined success criteria and outcomes Excellent documentation skills around developing reference architectures, building HLD/LLD of current and future network design’s Excellent vendor management skills with proven track record of RFE management and driving feature enhancements that support changing scalability, performance and security landscape as the firm expands Expertise in packet level analysis to identify areas for improvement and future upgrades with a focus on attention to detail Required Experience: 10+ years of hands-on experience in Network Engineering & Architecture role leading large scale transformational projects Preferred Experience in Private equity/Financial industry Building and leading a team of highly skilled Network architects/Engineers Qualifications Education: Education: Bachelor’s degree in engineering, Electronics, Telecommunications, Computer Science, or a related field. Master's degree preferred. Certifications: CCIE or equivalent experience. Microsoft Azure Solutions Architect Expert or equivalent experience Skills Technical Skills (Must Have): Routing: Expert proficiency in BGP and OSPF. Switching: Expert proficiency with Cisco ACI, Nexus, and Cisco IOS platforms. Firewalls: Proficient in Palo Alto firewall technologies. SD-WAN: Proficient in Prisma SD-WAN. Wireless: Experience with Meraki Wireless solutions. Data Center Architecture: Proven experience in designing and managing data center architecture. Disaster Recovery: Experience in setting up and managing disaster recovery environments at the network level. Azure Networking: Extensive experience in Azure networking deployment and operation. Compliance: Knowledge of various compliance requirements. Cisco ISE: Knowledge of user authentication, authorization, and identity management products and technologies Tooling: Expertise in Network monitoring solutions and self-healing networks General Requirements Demonstrated excellence in both written and verbal communication. Strong organizational and time management skills. Proven ability to work independently as well as collaboratively within a team environment. Capacity to manage multiple projects and priorities effectively. High attention to detail and strong documentation skills. Willingness to travel, with a 10-15% travel requirement. Familiarity with ITIL processes. Experience working with global teams. Reporting Relationships Senior Manager, Network Engineering There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active. Show more Show less

Role Summary You will be responsible for identifying and mitigating web application vulnerabilities, collaborating with development teams, and integrating security best practices across front-end and back-end stacks. Key Responsibilities Bachelor’s in Computer Science, Engineering, or related field. Perform security assessments: static/dynamic analysis , code reviews , vulnerability scans . Secure apps built with JavaScript , .NET (C#) , and Java . Enforce OWASP Top 10 protections and secure coding standards. Automate security tasks using Python . Ensure secure deployments in Docker / Kubernetes environments. Integrate security into CI/CD pipelines . Act as the security point-of-contact within product teams. Required Skills Strong knowledge of Web App Security , OWASP , and secure SDLC. Hands-on with JavaScript , C#/.NET , and Java codebases. Familiar with Burp Suite , Nessus , or AppScan . Experience with Python scripting , Docker , and Kubernetes . Basic understanding of DevOps and CI/CD tools . Preferred Security certifications (e.g., CISSP , OSWE , GWAPT ). Knowledge of security frameworks: NIST , ISO 27001 . Show more Show less