3740 Nist Jobs - Page 34

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NA Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: Create asset list and prioritize assets, conduct regular vulnerability assessments based on the Tenable tool, identify security weaknesses in systems and applications, work with peer teams till closure of the Vulns, track patching as per proposed timelines. Roles & Responsibilities: -Create correct asset list -Perform Vuln assessment -Relevant request to be raised thorough SNow. -Highlighting issues with the Scanned report to Product team and resolve it immediately. If issue not getting resolved, then escalate it to right stakeholder. -Analyse scan results and generate comprehensive reports detailing vulnerabilities, potential impacts, and remediation recommendations/Action plan with dates. -Collaborate with IT, Partner, Business and Security teams to prioritize and address identified vulnerabilities based on risk assessments and -business impact. -Monitor and track remediation efforts on weekly / monthly basis to ensure vulnerabilities are resolved within defined timelines. -Maintain and update documentation related to vulnerability management processes, policies, and procedures. -Stay current with industry trends, threats, and vulnerabilities to provide informed recommendations and enhancements to the policies, and procedures. Professional & Technical Skills: -Familiarity with vulnerability scanning tools, particularly Tenable and Snow. -Understanding of security frameworks and standards (e.g., NIST, ISO 27001). -Strong analytical and problem-solving skills with attention to detail. -Relevant certifications (e.g., Vulnerability Management, Certified Ethical Hacker (CEH), or similar) are a plus. -To succeed in this role, you should have the following skills and experience -Experience in vulnerability management or security operations Additional Information: - The candidate should have minimum 7.5 years of experience in Infrastructure Security Vulnerability Management Operations. - This position is based at our Gurugram office. - A 15 years full time education is required.

Role Purpose : As GRC (Governance, Risk, and Compliance) Manager is responsible for overseeing and managing the risk assessment, remediation, and monitoring of information and technology process risks. This role involves ensuring that all risk and compliance activities are performed effectively by various control functions. The GRC Manager also serves as an internal consultant, providing guidance to operating functions and business lines on risk-related matters. Additionally, they are tasked with identifying, assessing, quantifying, reporting, communicating, mitigating, and monitoring process risks to ensure the organization's overall security and compliance posture. Responsibilities: Ensure strong governance on risk and compliance performed by various control functions. Manage risk assessment, remediation, and monitoring of information and technology process risks. Serve as an internal risk consultant to operating functions and business lines. Identify, assess, quantify, report, communicate, mitigate, and monitor process risks. Support the implementation of information security policies. Discuss risk closure, mitigation, and acceptance with stakeholders. Ensure periodic entitlement reviews are completed, and risks are managed to an acceptable level. Collaborate with control functions to track and mitigate identified risks. Work with technology leaders to identify control gaps. Act as a subject matter expert for risk and controls related to operations. Maintain strong working relationships with stakeholders. Review and refine policies and processes based on industry best practices. Track identified risks and ensured their closure within defined timelines. Prepare and maintain risk heat maps and risk registers. Required Skills: Excellent executive-level communication skills. Strong working relationships with team members and the ability to motivate them. Knowledge in areas such as Application Security, Data Security, Identity Access Management, Information, Infrastructure Technology, GDPR, and ISO Audits. Solid understanding of Risk Management Lifecycle and exposure to standards like SOX, COBIT, PCI-DSS, NIST Control, etc. Understanding of Security incident response aspects is desirable. Good analytical, problem-solving, and interpersonal skills. B.E in Computer Science/Information Technology or equivalent qualification with 8-12 years of experience. Industry-recognized certification in information security such as CISSP, CISM, CISA, etc.

Your role We are looking for an experienced and strategic Detection Engineer across India. The ideal candidate will have a strong background in cybersecurity, detection and Splunk Enterprise Security. Develop and maintain cyber threat detection and hunting capabilities for Organization. Actively research, innovate and uplift in the areas of threat detection and hunting. Develop and maintain attack & use case models against Organizations environment and systems for the purposes of detection and monitoring use cases. Build and maintain continuous validation and assurance of the detection and hunting pipeline. Maximise detection visibility, coverage, and return-on-investment to maintain a defensible architecture across the business. Develop threat/attack models to depict and model detection of known attack vectors. Work with Threat Intelligence, Incident Response and Cyber Orchestration teams to prioritise and develop detection and orchestration capability. Work with the Red Team to actively test and validate detection capabilities Your Profile 5+ years of experience in a CSOC, Cyber detection, Threat Hunting and/or SOAR development role. 5+ years developing detections within a SIEM environment. Experience working with security tools such as endpoint detection and response systems, network anomaly detection, etc. Designing and implementing threat/attack modelling to derive abuse cases, detection logic and automation course of actions. Well versed in the development of detection and hunting strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration in the Financial Services sector or similar. Knowledge of the frameworks like NIST Cybersecurity framework, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain or similar methodologies is required What you"ll love about working here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work on cutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges

Responsibilities Design, implement, and optimize secure CI/CD pipelines across hybrid environments (cloud/on-prem). Operationalize DevSecOps frameworks with embedded controls for static/dynamic code analysis, secrets management, and runtime policy enforcement. Implement Infrastructure as Code (IaC) practices using tools like Terraform, Ansible, CloudFormation. Integrate cybersecurity tools and telemetry (e.g., SAST, DAST, SCA, EDR, vulnerability scanners) across the development lifecycle. Govern DevOps platform tools (e.g., Jenkins, GitHub Actions, Azure DevOps, ArgoCD) with secure configurations and traceability. Partner with cybersecurity teams to ensure regulatory alignment (IEC 62443, NIST CSF) via automated controls and compliance-as-code. Enable release velocity and rollback confidence through blue-green deployments, canary testing, and automation QA. Drive performance monitoring and incident response readiness through log aggregation, alerting, and dashboarding (e.g., Prometheus, Grafana, ELK). Coach DevOps engineers, implement sprint KPIs, and lead tool evaluations for emerging automation and security tooling. Preferred Qualifications Education: Bachelor’s degree in Computer Science, Engineering, or a related technical discipline. Master’s degree preferred (in Cybersecurity, Systems Engineering, or DevOps Automation). Certifications (preferred): DevOps: Certified Jenkins Engineer, GitHub Actions, Azure DevOps Expert, or similar. IaC / Automation: HashiCorp Terraform Associate, Red Hat Ansible Automation. Security Tooling: Practitioner-level training in SAST/DAST/SCA/EDR (e.g., Aqua Security, Snyk, SonarQube). Cloud Security: AWS Security Specialty, Azure Security Engineer, or CCSP. Compliance: Awareness training in IEC 62443 or NIST CSF is desirable. Qualifications Key Requirements 8 + years of technology experience with strong focus on DevOps, cybersecurity integrations, and infrastructure automation. Expertise in building and governing CI/CD pipelines and cloud-native deployment workflows. Proven knowledge of tools such as Jenkins, GitHub Actions, ArgoCD, Terraform, Vault, and container security platforms. Hands-on experience with security tools integration (e.g., Checkmarx, SonarQube, Aqua, Snyk, Prisma Cloud). Familiarity with compliance and security frameworks (e.g., NIST, ISO 27001, IEC 62443) in OT/IT environments. Experience working with OT/ICS environments or industrial networks is preferred. Strong scripting and automation skills (Python, Shell, Go, etc.). Ability to work in cross-functional, Agile-driven teams and mentor engineers in secure software delivery practices.

Responsibilities Lead the architecture and engineering of modular, multi-tenant cybersecurity platforms for IT/OT convergence. Build and scale cloud-native infrastructures using AWS/Azure/GCP, ensuring 99.9% uptime, horizontal scalability, and security-by-design principles. Implement and govern robust CI/CD, IaC (e.g., Terraform), containerization (e.g., Kubernetes, Docker), and monitoring frameworks (e.g., Prometheus, Grafana, ELK). Ensure platform readiness for integration with cybersecurity tools including SIEM, SOAR, EDR/XDR, IAM, PKI, and asset discovery platforms. Drive DevSecOps maturity across environments, ensuring best practices in secure coding, automated testing, secrets management, and release pipelines. Define platform engineering OKRs, build sprint governance, and lead agile delivery teams across infrastructure, tooling, and backend development. Collaborate with Product, Delivery, OT Engineering, and GRC teams to ensure platform alignment to business goals, service offerings, and compliance needs. Lead vendor evaluations, tool benchmarking, and integration programs with OEM cybersecurity, cloud, and automation partners. 15+ years of experience in technology architecture or platform engineering, with minimum 5 years in leadership roles. Deep expertise in cloud-native architecture, DevSecOps, SRE, and cybersecurity integrations. Experience in microservices, modular platforms, and container orchestration (K8s, Docker). Strong exposure to at least two public clouds (AWS/Azure/GCP). Hands-on experience with infrastructure automation, secrets management, and release pipelines. Familiarity with compliance standards such as IEC 62443, NIST CSF, ISO 27001 is a plus. Prior experience in OT/ICS cybersecurity, IT-OT convergence, or critical infrastructure platforms is desirable. Proven ability to lead cross-functional teams, communicate with CXOs, and manage strategic vendors. Qualifications Education: Bachelor’s or Master’s degree in Computer Science, Information Technology, or related field. Additional specialization in Cybersecurity, Cloud Architecture, or Systems Engineering is a strong plus. Certifications (preferred, not mandatory): Cloud Certifications: AWS Certified Solutions Architect – Professional, Azure Solutions Architect Expert, or GCP Professional Cloud Architect. Security Certifications: CISSP, CISM, or CISA (to demonstrate security leadership). DevOps / Architecture: TOGAF, Kubernetes CKA/CKAD, or HashiCorp Terraform Certification. Compliance: IEC 62443 awareness, or training in NIST/ISO 27001/GRC frameworks.

Responsibilities Delivery Support & Coordination Assist in the day-to-day management of ongoing cybersecurity projects (assessment, implementation, or operations). Maintain project trackers, action logs, SLA dashboards, and delivery documentation. Track task-level progress across internal teams and external partners. Participate in client calls and internal reviews as a support owner. Governance & Reporting Prepare reports, presentations, and dashboards for internal and client stakeholders. Ensure accuracy and timely submission of status updates, metrics, and incident logs. Maintain risk and issue logs and follow up on closure. Process Adherence & Quality Control Ensure compliance with internal delivery frameworks, SOPs, and documentation standards. Support delivery audits, knowledge management, and quality control initiatives. Learn and apply ITIL/NIST/ISO 27001 delivery principles under guidance. Qualifications Must-have 1–3 years of experience in cybersecurity, IT operations, or project coordination. Strong interest in OT/IT security domains and service delivery. Good understanding of cybersecurity concepts (firewalls, IAM, incident response, etc.). Excellent communication, documentation, and task-tracking skills. Strong problem-solving orientation and willingness to work in client-facing settings. Preferred Bachelor’s in Computer Science, IT, Electronics or equivalent. Certifications (preferred): ISO 27001 Foundation, ITIL Foundation, or any entry-level security certification. Exposure to industrial systems, SCADA, or SOC tools is a plus.

Responsibilities Oversee real-time incident handling, escalation management, and response coordination for cyber threats, breaches, and anomalies Act as the primary escalation point during high-severity incidents, ensuring containment and rapid resolution Design and maintain incident response runbooks, playbooks, SLA matrices, and crisis communication protocols Lead and manage triage activities Ensure tight integration between SOC operations, threat intelligence, DFIR, and red/blue teams Drive detection engineering efforts to improve alert quality, correlation logic, and MITRE ATT&CK mapping Implement continuous improvement programs in MTTR, false positive reduction, and analyst productivity Lead post-incident RCA reviews, reporting, and feedback loops to enhance readiness Manage relationships with OEMs, MSSPs, and security product vendors for technology alignment Mentor SOC managers, team leads, and analysts to build a resilient and responsive operations team Ensure compliance with security and privacy standards (e.g., NIST, IEC 62443, ISO 27001, DPDP Act) Deep expertise in SIEM (e.g., Splunk, QRadar, LogRhythm, SentinelOne), SOAR platforms, EDR/XDR tools, threat intelligence platforms Strong knowledge of network security, log analysis, endpoint telemetry, and OT-specific telemetry correlation Familiarity with MITRE ATT&CK, cyber kill chain, and threat hunting techniques Knowledge of OT security architectures including SCADA, PLCs, DCS, and OT network segmentation Scripting and automation exposure (Python, PowerShell, Bash) preferred Familiarity with OT SOC environments, ICS protocol detection (Modbus, DNP3), and industrial anomaly detection tools (e.g., Nozomi, Claroty) Leadership & Personality Traits Strategic thinker with an operations-first mindset and execution rigor Calm, decisive, and clear-headed in crisis and high-pressure scenarios Strong stakeholder engagement and communication skills across technical and executive levels Proven ability to lead multi-location teams with cultural sensitivity and high performance Continuous learner with a growth mindset and passion for cybersecurity excellence Preferred Industry Background Large industrial conglomerates (Power, Ports, Renewables, Mining, Airports) OT and IT OEMs MSSPs, SOC service providers Consulting firms with cyber defence practices (e.g., Big 4) Qualifications Bachelor’s or Master’s in Cybersecurity, Computer Science, or Engineering Preferred certifications: CISSP, CISM, GCIA, GCIH, or SOC-related credentials 12 + years of cybersecurity experience, with at least 6 years in SOC/IR leadership roles Experience managing global SOC operations or OT-specific cyber operations is a strong plus

Responsibilities Lead the implementation and operation of IGA platforms (e.g., SailPoint, Saviynt, ForgeRock) across enterprise and industrial environments Define and enforce identity lifecycle policies (JML), SoD controls, certification workflows, and role-based access models Manage a team of engineers and analysts across client engagements for successful IGA delivery Build and execute roadmaps for access governance, recertification campaigns, identity analytics, and compliance reporting Design integrations with HRMS, AD/Azure AD, ITSM, ERP, and OT domain directories and controllers Drive automation of user provisioning, deprovisioning, and policy enforcement across hybrid (IT+OT) landscapes Ensure all implementations align to frameworks like NIST, ISO 27001, and IEC 62443 where applicable Act as a SME for internal and customer audits, IAM maturity assessments, and zero-trust readiness Work closely with the Head of IDAM and collaborate with adjacent teams including PAM, CIAM, Service Delivery, and OT Security Train junior team members and contribute to IGA capability development within the company Preferred Certifications SailPoint Certified Implementation Engineer or equivalent CISSP / CISM / ISO 27001 LA ITIL / PMP / TOGAF (as a bonus) Qualifications 12 + years of experience in Identity & Access Management, with minimum 6 years in IGA platforms Hands-on experience with SailPoint IIQ/Saviynt/ForgeRock IGA tools (implementation, administration, custom connectors) Proven track record in delivering end-to-end IGA projects at scale (10,000+ identities) Strong understanding of access governance, RBAC/ABAC, SoD frameworks, and regulatory compliance Experience integrating IGA with hybrid environments (cloud/on-prem/OT) Working knowledge of identity protocols: SAML, OAuth2, SCIM, OIDC Knowledge of OT protocols (Modbus, DNP3, OPC-UA) or IEC 62443 is a plus Excellent communication, team leadership, and client/stakeholder management skills

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: IDAM Security Consulting. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: IDAM Security Consulting. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: IDAM Security Consulting. Experience: 8-10 Years.

Splunk, a Cisco company, is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Job Description Join us as we pursue our vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey. Role Description Splunk’s Assurance, Advisory, Risk and Compliance (SpAARC) team is looking for a motivated Senior Technology Compliance Analyst who will own delivering technology assurance, advisory, compliance and risk management services to the company. In this position, you will make a difference at Splunk and stand out from others by building consultative partnerships with business owners, internal/external auditors, and engineering teams to drive risk mitigation, process gaps maturity, and control management. Being analytical, upbeat, creative, and one who thrives in a highly skilled and dynamic environment will lead to success. Your focus will be on compliance efforts that meet or exceed various technology security compliance and internal controls that include, but are not limited to, SOC I & II, HIPAA, ISO 27001, 27017, 27018, PCI-DSS, IRAP, TISAX, CSA STAR, and ISMAP as it pertains to software, Cloud, and on premise environments. You must be comfortable working with both technical and non-technical resources and have experience describing compliance requirements in a technical manner. This position is based at Splunk’s Hyderabad office. The position may require the ability to travel (domestic and international) for approximately 10 to 20% of the time. Responsibilities You will own the planning, execution, and reporting of technology and security assessments within Splunk's Operations / Engineering / Technology areas. You will ensure accurate identification, communication, and mitigation of risks, processes, and internal control gaps with potential adverse operational, financial, strategic and compliance risk implications. You will engage with business and control owners, internal & external auditors, as well as Splunk leadership on new and ongoing compliance initiatives. You will facilitate the execution of external audits over Splunk’s products and internal controls. You will be responsible for leading audit walkthroughs, and driving the process of audit evidence collection and review for internal and external audit engagements. Participate in end-to-end walkthroughs by partnering with business teams to understand processes, identify risks, control gaps, and improvement opportunities. You will assist in the design of automation to enable scalability of the compliance programs You will own the follow up of action plans to ensure appropriate and timely mitigation of identified risks. You have hands-on experience in assessing technology and compliance risks and controls in technology processes, cloud applications, cloud infrastructure. Job Requirements 8+years of experience in information technology, security, and internal control auditing in house and/or with a professional services firm. Hands-on experience with reviewing and testing common IT & Engineering technologies including operating systems (OS), databases, network infrastructure, application security, Linux/Windows system security, mobile device security, cloud technologies and applications (IaaS, SaaS, PaaS environments, etc.). Implemented and/or audited controls from at least two common industry and regulatory frameworks and standards (e.g., NIST, SOC I & II, ISO (27001, 27017, 27018), HIPAA, PCI-DSS, ISMAP, TISAX, IRAP, ITIL, etc.). Strong leadership, communication, presentation and interpersonal skills to interact with technical and non-technical colleagues and management. Experience formulating audit testing plans, steps, and procedures. Strong audit documentation skills and attention to detail are a must. You are a team-player with high EQ. You are motivated, enthusiastic, efficient, and able to work independently to multitask and lead multiple workloads to timely completion. Experience with multinational company’s operations and proficiency in a foreign language is a plus. Unquestionable integrity and credibility. Ability to work in a fast-paced and dynamic environment. Education Got it! Bachelor’s degree preferably in Technology, Engineering, Business or equivalent. Professional certifications e.g. CISSP, CEH, CIPP, CISM, PMP, CISA are a plus. Proven skill in Google Suite, ServiceNow, and Atlassian Tools (Jira, Confluence) Proficient with Splunk products desired but not required. We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

Entity: Technology Job Family Group: IT&S Group Job Description: You will work with A hardworking and multi-functional team of IAM architects, security engineers, platform owners, and business collaborators across HR, IT operations, and compliance. This team flourishes with collaboration, a security-first approach, and a strong dedication to automation and scalability. You’ll engage with a diverse set of federated teams, helping them integrate and mature their access governance capabilities. We value innovation, continuous improvement, and product thinking—empowering you to lead with impact, drive adoption through streamlined experiences, and shape the future of identity governance. You’ll be part of a supportive environment that encourages knowledge sharing, agile practices, and staying ahead of emerging IAM trends. Let Me Tell You About The Role Senior Enterprise Technology Engineer – Identity Governance Onboarding, you will play a critical role in helping federated teams govern their access by onboarding them onto our IGA platform. Your mission is to make the onboarding process streamlined, scalable, and automated, ensuring teams can adopt governance capabilities with minimal effort. This role will be part of team that drives the integration of systems into IGA, ensuring visibility, policy enforcement, and access governance maturity. You will lead the development of self-service, BAU, and project-based onboarding strategies, allowing teams to evolve from basic governance (visibility, access reviews) to advanced governance (recertification, segregation of duties, and attestation). What You Will Deliver Supporting IGA Onboarding & Adoption – Assist in connecting applications and systems to the IGA platform through self-service, automation, or project-based onboarding, helping teams adopt governance capabilities efficiently. Implementing Access Governance Controls – Contribute to enabling access to entitlements, supporting policy enforcement, and assisting in the implementation of governance features such as recertification, attestation, and segregation of duties (SOD). Contributing to IGA Platform Enhancements – Participate in designing and improving features that streamline onboarding processes and make it easier for teams to integrate with the IGA platform. Data Integration & Source Mapping – Work with senior engineers to identify and configure appropriate data sources and connectors that support identity lifecycle and governance requirements. Supporting Compliance & Audit Activities – Help ensure that onboarding and governance activities meet compliance standards such as SOX and GDPR, and assist with access reviews and certification processes. multi-functional Collaboration – Collaborate with IAM platform teams, HR, IT operations, and business units to understand integration needs and support onboarding efforts. Ongoing Optimization & Feedback Loops – Monitor onboarding progress, gather feedback from collaborators, and contribute to continuous improvement of onboarding flows and governance capabilities. What you will need to be successful (experience and qualifications) Technical Skills We Need From You Bachelor’s degree in technology, Engineering, or a related field. Demonstrable experience in enterprise technology, security, and operations in large-scale global environments. Strong collaborator management skills, with the ability to engage and influence senior business leaders. Experience implementing CI/CD pipelines, DevOps methodologies, and Infrastructure-as-Code (Terraform, Ansible, etc.). Deep knowledge of ITIL, Agile, and enterprise IT governance frameworks. A passion for emerging technology trends, security standard methodologies, and innovation. Essential Skills Identity & Access Management (IAM) Foundation Hands-on experience with Identity Governance & Administration (IGA) tools such as SailPoint, Saviynt, ForgeRock, or Microsoft Entra ID Governance. Working knowledge of identity lifecycle processes, role-based access control (RBAC), and attribute-based access control (ABAC). Familiarity with access request workflows, entitlement reviews, and segregation of duties (SOD) concepts. Technical & Automation Skills Exposure to integrating applications with IGA platforms and assisting with connector development and onboarding automation. Basic understanding of REST APIs, JSON, SCIM, and directory services for identity synchronization. Experience writing scripts (e.g., Python, PowerShell) and working with Infrastructure as Code tools (e.g., Terraform, Ansible) to support IAM automation efforts. Governance, Compliance & Risk Awareness Awareness of regulatory compliance frameworks such as SOX, GDPR, ISO 27001, and NIST 800-53, and how they relate to identity governance. Experience participating in access reviews, recertification efforts, and audit-related tasks. Collaboration & Execution Ability to work effectively with IAM platform teams, security teams, and business partners to support onboarding and governance activities. Strong communication and solving skills, with a focus on translating technical requirements into actionable work. Skills That Set You Apart All engineers in our team are expected to adopt the following values and practices: Security-First Attitude – Embed security in day-to-day IAM work, recognizing the importance of identity in modern enterprise security. Automation-Driven Culture – Support efforts to automate IAM processes and contribute to CI/CD-enabled environments. Collaborative Approach – Partner with multi-functional teams to understand business needs and deliver effective IAM solutions. Agile Thinking – Participate in Agile ceremonies, contribute to sprint planning, and deliver incremental improvements to IAM capabilities. Continuous Learning – Stay curious and proactive in learning about new IAM technologies, compliance requirements, and security standard processes. About Bp Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner! We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Travel Requirement Up to 10% travel should be expected with this role Relocation Assistance: This role is eligible for relocation within country Remote Type: This position is a hybrid of office/remote working Skills: Legal Disclaimer: We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us. If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Responsibilities: Hunt, develop, and close new business opportunities CNAPP selling experience will be useful Delivery high-level and detailed sales presentations Respond to functional and technical elements of RFIs/RFPs Provide functional and technical support to prospects and customers Responsible for attending conferences, seminars virtually, in-region and nationally Ability to manage a realistic sales funnel, follow up on inbound leads quickly, and cold call into large Fortune 500 / S&P 500 size organizations Qualifications: Ideal candidate must be self-motivated with strong knowledge in security and compliance space: CNAPP, Container Security, Vulnerability Management, Policy Compliance, Web Application Scanning, Threat Hunting / EDR, File Integrity Monitoring, and other enterprise security solutions. Strong track record of hunting, consulting, and closing new business Experience with Qualys is a plus, but not required Familiarity with compliance benchmarks such as CIS level 1 & 2, PCI, HIPAA, HITRUST, NERC, CIP, NIST, etc. Must possess strong presentation skills and be able to communicate professionally in response to emails, RFPs and when submitting reports 10+ years relevant experience Excellent written and oral communication skills Able to travel throughout sales territory Able to comfortably present to prospects and clients using video conferencing solutions in a work-from-home environment

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Zscaler Architecture Good to have skills : NA Minimum 3 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: We are seeking an experienced and driven Cloud Security Engineer with a strong focus on Zscaler security technologies, email security, and cloud security best practices. The ideal candidate will have a solid background in enterprise security solutions, cloud architectures, and SaaS-based security platforms. Roles & Responsibilities: - Configure, manage, and troubleshoot Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) platforms. - Design and implement security policies in Zscaler cloud firewall and proxy modules. - Monitor and enhance email security platforms (e.g., valimail, abnormal security , Microsoft Defender for Office 365). - Ensure protection against phishing, spoofing, and malware through DKIM, SPF, and DMARC implementation and tuning. - Perform cloud security posture management (CSPM) and support secure cloud migration. - Work closely with network and application teams to enforce zero trust architecture using Zscaler. - Analyze security logs, alerts, and incidents to drive continuous improvement. - Respond to security incidents and conduct RCA (Root Cause Analysis). - Support compliance and audit activities across cloud and email platforms. - Maintain documentation and assist in developing security playbooks and SOPs. Professional & Technical Skills: - Strong working knowledge of Zscaler ZIA / ZPA, including policy creation, traffic forwarding, and troubleshooting - Expertise in email security technologies (O365 ATP, DMARC, SPF, DKIM, etc.) - Good understanding of cloud platforms (Azure, AWS, GCP) and associated security models - Familiarity with SIEM, DLP, CASB, and Secure Web Gateway (SWG) - Ability to interpret logs and perform packet capture analysis (e.g., Wireshark) - Knowledge of industry standards such as NIST, ISO 27001, CIS Benchmarks - Scripting knowledge (PowerShell, Python) is a plus Additional Information: - 3+ years of hands-on experience in cloud security, email security, and network security - Preferred certifications:-Zscaler Certified Professional (ZCP/ZIA/ZPA) and Microsoft Certified: Security, Compliance, and Identity Fundamentals - This position is based at our Pune office. - A 15 years full time education is required., 15 years full time education

Responsibilities Execute technical deployment, configuration, and maintenance of IAM toolsets: SailPoint, Saviynt, CyberArk, ForgeRock, Okta, Azure AD, etc. Lead daily operations including user lifecycle automation, connector management, rule tuning, patching, and upgrade planning Manage integration of IAM platforms with IT and OT systems (ERP, SCADA gateways, cloud directories, HRMS, SIEMs) Maintain compliance with global frameworks (ISO 27001, NIST, IEC 62443) and internal security policies Ensure proper functioning of access reviews, policy violations, SoD checks, and automated certifications Develop scripts, APIs, and tool extensions to enable seamless operations and self-service functions Act as SME for all IAM tools during internal and external audits, client discussions, and incident response Monitor tool health, implement KPIs and dashboards, and proactively identify areas of improvement Work closely with Delivery, PAM, and Engineering teams for smooth handovers and incident resolution Qualifications Required Skills & Qualifications 7 + years of experience in IAM domain, with minimum 5 years in hands-on tool/platform management Strong implementation and operational knowledge of one or more IAM platforms: SailPoint IIQ, Saviynt, CyberArk, ForgeRock, Okta, Azure AD Proven track record managing IAM connectors, schema mapping, rule-based provisioning, and API integrations Solid grasp of authentication protocols (LDAP, SAML, OAuth, OIDC), scripting (PowerShell, Python), and cloud IAM (Azure, AWS) Experience supporting OT IAM implementations or integration with SCADA/ICS components is a strong plus Working knowledge of identity governance workflows, SoD policies, privileged access controls, and identity analytics Strong documentation, troubleshooting, and RCA/reporting abilities Preferred Certifications Tool-specific certifications (e.g., SailPoint Implementation Engineer, CyberArk Defender, Saviynt CPAM) ITIL v4 Foundation, ISO 27001 Implementer or similar Basic CISSP/CISA-level understanding desirable

Job Description WHAT YOU’LL DO We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong background in penetration testing to join our cybersecurity team. The successful candidate will be responsible for identifying potential security risks and vulnerabilities in our organization's systems, applications, and networks, performing penetration testing, and facilitating and managing third-party penetration testing engagements. Who You’ll Work With Attack Surface Reduction team helps and contribute to improve the security posture of H&M by operating within an Agile model. We play a crucial role in proactively identifying and help in mitigating potential security risks and vulnerabilities across H&M's systems, applications, and networks, with the aim of preventing unauthorized access, data breaches, and other security incidents. Key Responsibilities: Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on H&M's systems, networks, and applications. Utilize industry-standard tools and methodologies to identify potential vulnerabilities and weaknesses in our attack surface. Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in a timely manner. Experience in designing, implementing, and managing vulnerability management processes and workflows. Facilitate and manage penetration testing engagements with third-party vendors. Collaborate with other members of the cybersecurity team to develop and implement strategies to reduce our attack surface. Develop and maintain security policies and procedures for our organization's systems, applications, and networks. Monitor our organization's systems, applications, and networks for unauthorized access, suspicious activity, and other security threats. Stay up to date with the latest trends and developments in the field of cybersecurity, specifically related to attack surface reduction techniques. Who You Are We are looking for people with… Bachelor's degree in computer science, information security, or a related field. 3-5 years of experience in vulnerability scanning, vulnerability management, and penetration testing. Solid knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Strong knowledge of security assessment tools, vulnerability scanning, and penetration testing. Proficient in using industry-standard vulnerability assessment and penetration testing tools (e.g., Kali Distro, Qualys, Burp Suite, etc.). Familiarity with industry frameworks and standards, such as NIST, OWASP, and CIS. Effective communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders. Excellent analytical, problem-solving, and communication skills. Relevant certifications, such as SANS, OSCP, OSEP, CompTIA Security+ or CREST are a plus. WHY YOU’LL LOVE WORKING HERE At H&M, we are proud to be a vibrant and welcoming company. We offer our employees attractive benefits with extensive development opportunities around the globe. We offer all our employees at H&M attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP. You can read more about our H&M Incentive Program here. In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment types and countries. JOIN US Our uniqueness comes from a combination of many things – our inclusive and collaborative culture, our strong values, and opportunities for growth. But most of all, it’s our people who make us who we are. Take the next step in your career together with us. The journey starts here. We are committed to a recruitment process that is fair, equitable, and based on competency. We therefore kindly ask you to not attach a cover letter in your application. Additional Information This is a full-time position, starting in August 2025 . Apply by sending in your CV in English as soon as possible, but no later than the 30th of June 2025 . Due to data policies, we only accept applications through the SmartRecruiters or career page

About Us Yubi stands for ubiquitous. But Yubi will also stand for transparency, collaboration, and the power of possibility. From being a disruptor in India’s debt market to marching towards global corporate markets from one product to one holistic product suite with seven products Yubi is the place to unleash potential. Freedom, not fear. Avenues, not roadblocks. Opportunity, not obstacles. Yubi, formerly known as CredAvenue, is re-defining global debt markets by freeing the flow of finance between borrowers, lenders, and investors. We are the world's possibility platform for the discovery, investment, fulfilment, and collection of any debt solution. At Yubi, opportunities are plenty and we equip you with tools to seize it. In March 2022, we became India's fastest fintech and most impactful startup to join the unicorn club with a Series B fundraising round of $137 million. In 2020, we began our journey with a vision of transforming and deepening the global institutional debt market through technology. Our two-sided debt marketplace helps institutional and HNI investors find the widest network of corporate borrowers and debt products on one side and helps corporates to discover investors and access debt capital efficiently on the other side. Switching between platforms is easy, which means investors can lend, invest and trade bonds - all in one place. All of our platforms shake up the traditional debt ecosystem and offer new ways of digital finance. Job Description Act as the liaison between business units and corporate security teams to align objectives with robust security strategies. Serve as the primary point of contact for clients for all security-related questions, concerns, and communications. Develop and implement security policies, standards, and procedures tailored to business needs. Lead risk assessments, identifying vulnerabilities that may impact business operations. Facilitate regular communication between IT, security, and business leaders to ensure alignment. Guide business units in understanding and mitigating cybersecurity risks. Oversee compliance with applicable data protection regulations and internal security requirements. Foster a culture of security awareness through training and effective communication. Drive incident response planning and coordinate swift actions during security breaches. Monitor emerging threats and continuously refine security practices to pre-empt risks. Report risk assessments, metrics, and progress updates to executive leadership for strategic decision-making. Collaborate with procurement and business teams to assess the security and privacy risks associated with third-party vendors used by the business units, ensuring compliance with TPRM policies. Facilitate external Infosec audits by coordinating with auditors, providing necessary documentation and access, and ensuring timely responses to audit findings. Maintain a strong understanding of the organization's security compliance obligations and work with business units to ensure adherence. Drive initiatives to address compliance gaps and implement necessary controls. Requirements Requirement Bachelor’s degree in Computer Science, Information Security, or a related field; a Master’s degree is often preferred. Experience in “ISO 27001” is a must for the role. 2+ years of experience in cybersecurity, risk management, or IT security roles with increasing responsibilities. Recognized certifications such as CISSP, CISM, or equivalent demonstrate proficiency in security best practices. Proven track record in leading cross-functional teams and managing security programs in a complex business environment. Deep understanding of compliance requirements, regulatory frameworks, and the ability to align security strategies with business objectives. Excellent communication, interpersonal, and stakeholder management skills, with the ability to influence without authority Strong analytical and problem-solving skills, with the ability to translate technical security concepts into business language. Ability to work independently and collaboratively within a fast-paced, dynamic environment. Strong understanding of information security principles, frameworks (e.g., ISO 27001, SOC2, NIST CSF), and relevant compliance regulations.

What You'll Do Avalara is looking for a security risk specialist to join our team reporting to the Senior Manager, Governance Risk & Compliance. We are looking for the ability to conduct risk analysis at a systemic level, working with engineers and architects as they develop Avalaras next-generation services. You understand technical controls and be able to analyze application / product security within Avalara, including internal processes and reporting, and risks identified through code and design reviews of both internal and customer-facing software products and solutions. You will report to Senior Manager. What Your Responsibilities Will Be You will perform comprehensive risk assessments aligned with Avalaras risk management framework and develop applicable remediation plans. You will analyze and identify risks across technical environments, with a focus on application design, software architecture, and security tooling configurations. Guide the identification, management, and mitigation of risks within security infrastructure and technical control implementations. Collaborate with teams, including system owners, developers, and architects, to integrate risk management practices into the development lifecycle. Ensure risk and compliance controls are accomplished across teams and within defined Service level agreements. Coordinate the documentation and migration of control information into Avalaras GRC platform. What You'll Need to be Successful Bachelors degree in Information Technology, Computer Science, or equivalent experience. 3+ years of experience in IT Audit, IT Security, or IT Risk Management. Experience conducting systemic risk analysis in, including reviewing application design and architecture. Familiarity with standards and frameworks such as ISO 27001, SOC 1, SOC 2, SOX, NIST. Experience with application security principles, including the ability to assess risk through code and design review processes.

Career Details We are seeking a highly skilled and experienced Security Consultant to join our team. The ideal candidate should have experience in ISO consulting and implementation, with a strong understanding of information security standards and best practices. The successful candidate will be responsible for working with clients to identify security risks and develop strategies to mitigate those risks, as well as providing guidance and support for ISO compliance. Key Responsibilities: ISO27001 Consulting: Conduct gap analysis and readiness assessments for ISO27001. Develop and implement Information Security Management Systems (ISMS) based on ISO27001 standards. Perform internal audits and support clients during external audits. Provide ongoing support and guidance to ensure continuous compliance with ISO27001. GDPR/Data Privacy: Assist in conducting data privacy impact assessments (DPIAs). Develop data protection policies and procedures. Support the implementation of data privacy frameworks. Risk Management:Client Engagement: Identify, assess, and mitigate risks related to information security and data privacy. Develop risk management strategies and frameworks. Conduct risk assessments and provide recommendations for risk treatment. Work closely with clients from India & Middle East to understand their specific needs and requirements. Prepare detailed reports and presentations for clients. Qualifications: Bachelor’s degree in Computer Science, Information Security, or related field At least 7-8 years of experience in information security Experience in ISO consulting and implementation Familiarity with security frameworks such as NIST, CIS, and ISO 27001 Strong analytical and problem-solving skills Excellent communication and interpersonal skills Ability to work independently and as part of a team Relevant certifications such as CISA or ISO Lead Implementer/Auditor are preferred Experience: 8-10 years Location: Govt Cyberpark, Kozhikode, Kerala If you are a motivated and experienced Security Consultant with ISO consulting and implementation experience, we encourage you to apply for this exciting opportunity. We offer competitive compensation, comprehensive benefits, and a dynamic work environment. Job Types: Full-time, Permanent Benefits: Health insurance Paid sick time Work Location: In person

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Oracle Advanced Access Controls Good to have skills : Oracle Governance Risk and Compliance (GRC), Oracle Security Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary: As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities: - Expected to be an SME. - Collaborate and manage the team to perform. - Responsible for team decisions. - Engage with multiple teams and contribute on key decisions. - Expected to provide solutions to problems that apply across multiple teams. - Facilitate training sessions to enhance team knowledge on security protocols. - Monitor and evaluate the effectiveness of implemented security measures. Professional & Technical Skills: - Must To Have Skills: Proficiency in Oracle Advanced Access Controls. - Good To Have Skills: Experience with Oracle Security, Oracle Governance Risk and Compliance (GRC). - Strong understanding of cloud security principles and practices. - Experience in risk assessment and management methodologies. - Familiarity with compliance frameworks such as ISO 27001 and NIST. Additional Information: - The candidate should have minimum 12 years of experience in Oracle Advanced Access Controls. - This position is based at our Pune office. - A 15 years full time education is required. 15 years full time education

Job Title: Cybersecurity Consultant – VAPT Specialist Location: Riyadh Experience Level: Mid to Senior Employment Type: Full-time Job Summary We are seeking a highly skilled and passionate Cybersecurity Consultant with deep expertise in Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, and API platforms . The ideal candidate will have a strong background in identifying and remediating high-risk vulnerabilities, collaborating with cross-functional teams, and implementing robust security strategies tailored to diverse industries. This role requires a proactive approach to threat mitigation, excellent technical capabilities, and a commitment to continuous learning. Roles & Responsibilities Conduct in-depth Vulnerability Assessment and Penetration Testing (VAPT) for web, mobile, and API platforms, addressing OWASP Top 10, identifying business logic flaws, and uncovering complex attack vectors. Collaborate with IT and development teams to remediate vulnerabilities effectively and within defined SLAs. Design and implement yearly cybersecurity plans aligned with regulatory standards including SAMA CSF, SAMA ITGF, NCA CSCC, NCA ECC , and PCI-DSS . Perform advanced threat hunting, source code reviews , and SIEM audits to detect integration flaws and hidden threats. Carry out network and server configuration reviews in line with NIST, CIS benchmarks , or customized Minimum Baseline Security Standards (MBSS) . Utilize advanced security tools such as: Core Impact, Tenable SC, Nessus, Nmap, Metasploit, Acunetix, AppScan, Splunk, QRadar, Volatility, Hydra, Burp Suite, SonarQube, SQLMap, Fortify , etc. Conduct risk assessments, compromise assessments , and provide tailored recommendations to strengthen the organization’s security posture. Demonstrate strong communication and interpersonal skills , ensuring seamless collaboration across departments and with clients. Stay ahead of evolving threats by researching the latest technologies and attack vectors , and apply this knowledge to secure client environments. Required Qualifications Bachelor of Science Deep understanding of security frameworks, methodologies, and risk-based prioritization. Certifications (Preferred) Certified Information Security Manager (CISM) Certified Red Team Professional (CRTP) eLearn Certified Threat Hunting Professional (eCTHP) eLearn Web Penetration Tester (eWPT) Certified Ethical Hacker (Practical) (CEH) NSE1 – Network Security Associate Key Skills VAPT (Web, Mobile, API) Threat Hunting & Compromise Assessment Source Code & Network Configuration Review Regulatory Compliance (PCI-DSS, NCA, SAMA) Security Tool Proficiency (BurpSuite, Nessus, Metasploit, etc.) Risk Analysis & Communication Skills Report Writing & Executive Summarization

Job Description: About Us At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. We’re devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Global Business Services Global Business Services delivers Technology and Operations capabilities to Lines of Business and Staff Support Functions of Bank of America through a centrally managed, globally integrated delivery model and globally resilient operations. Global Business Services is recognized for flawless execution, sound risk management, operational resiliency, operational excellence and innovation. In India, we are present in five locations and operate as BA Continuum India Private Limited (BACI), a non-banking subsidiary of Bank of America Corporation and the operating company for India operations of Global Business Services. Process Overview* Global Information Security (GIS) functions by analyzing, researching, improving, defining, implementing, and executing information security processes defined, in large part, by past high profile audit issues. Key responsibilities include Data Quality management of closed manually identified P2 vulnerabilities, developing an understanding of the LOBs that report vulnerabilities via manual flat file to GIS, following standard practices and procedures in analyzing situations or data, and supporting team members in performing specialized GIS functions, primarily Data Quality assurance. Job expectations include partnering with teams inside, and outside, of GIS, inclusive of GIS, CTI, EET, APS&E, GT Risk, and others. Job Description* This job is responsible for supporting Global Information Security (GIS) functions by analyzing, researching, improving, defining, implementing, and executing information security controls and standards. Key responsibilities include developing an understanding of the business, validating remediation of manually reported. CVE vulnerabilities, engaging with Qualys vendor support, following standard practices and procedures in analyzing situations or data, creating and updating semi-technical Quality Control vulnerability related documentation, and supporting team members in performing specialized GIS functions. Job expectations include partnering with team to provide blended security and business insights to ensure appropriate management of information security risks. Responsibilities* Vulnerability Management NVD / NIST / Discovery / CMDB Remedy / other SOR tool usage Visio Flowcharting Product Version Interpretation Understands CVE Vulnerability Data Leads Meetings / Coordinates across Stakeholders Controls Management Data Governance Risk Management Requirements* Education* : B.E. / B Tech / M.E. / M Tech / MCA / M.Sc., Certifications (If Any) : ISO 27001 LA, Ethical Hacking Experience Range* : 6-8 Years Foundational Skills: Experience in Vulnerability Management/Assessment Experience in Product Version Interpretation Strong understanding of CVE/CSS/CWE Understanding of Stakeholder Engagements Understanding of Compliance and Governance Experience in Information Security Management Experience in Governance, Risk & Compliance Excellent written/verbal communication skills Desired Skills: Knowledge in Vulnerability Assessment Vulnerability Remediation Strong Technical knowledge Work Timings* : 1:30 PM - 10:30 PM Job Location* : Chennai, Hyderabad

We are hiring a FortiSIEM Administrator to manage and maintain our SIEM infrastructure and security tools. The ideal candidate will have deep experience in SIEM architecture (FortiSIEM) , EDR , DLP , and a sound understanding of cybersecurity frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . The role requires someone who can ensure complete visibility and protection of IT assets while supporting incident response and compliance. Tasks Deploy, configure, and maintain the FortiSIEM platform for real-time monitoring and alerting. Integrate log sources across firewalls, servers, endpoints, and cloud environments. Develop and manage SIEM rules, parsers, dashboards, and alerts. Operate and optimize EDR , DLP , and other advanced security tools. Conduct incident triage, investigation, and provide root cause analysis. Align monitoring and response activities with MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 frameworks. Collaborate with SOC, infrastructure, and application teams for end-to-end threat visibility. Maintain updated documentation and support internal and external security audits. Ensure regular health checks, version upgrades, and platform tuning for performance Requirements Required Skills & Qualifications: 3–6 years of experience in cybersecurity with a focus on SIEM administration (preferably FortiSIEM) . Hands-on expertise in deploying and managing EDR , DLP , and other endpoint security tools. Good understanding of SIEM architecture , log ingestion, and threat correlation. Knowledge of networking fundamentals, TCP/IP, firewalls, VPNs, and IDS/IPS. Familiarity with security frameworks like MITRE ATT&CK, NIST, CIS Controls , and ISO 27001 . Scripting knowledge (PowerShell, Python, Bash) is an advantage. Fortinet certification (e.g., NSE 5/7) is a plus. Nice to Have: Experience with cloud platforms (AWS, Azure) and cloud security monitoring. Exposure to other SIEM tools (Splunk, QRadar, etc.) is beneficial. Experience in compliance-driven environments (PCI-DSS, SOC 2, etc.).

We are hiring Senior Security Consultant -VAPT Specialist for our client located in Kozhikode. Position Summary As a Senior VAPT Specialist, you will be responsible for conducting comprehensive security assessments, managing client relationships, and delivering high-quality penetration testing services. You will also conduct client-side vulnerability checks for your diverse clients. These will include assessing their security postures and offering actionable recommendations to fortify their cybersecurity defenses. As a senior VAPT specialist, you will engage in tasks that include: Client Management & Communication Be the trusted security expert and advisor for your assigned clients in undertaking security assessments. Lead engaging briefings, provide status updates, and prepare effective presentations. Convert complex technical findings into insights that drive decision-making for our clients. Build relationships that not only last, but also ensure client satisfaction, trust, and value for your service-oriented projects. Document findings that guide you to derive solutions. Threat Modeling & Risk Assessment Develop comprehensive threat models for client applications and infrastructure Conduct risk assessments and prioritize security findings based on business impact Design attack scenarios and security test cases based on threat intelligence Collaborate with development teams to integrate security into SDLC processes Red Team Operations Plan and execute red team exercises to simulate real-world attack scenarios Develop custom tools and exploits for specific client environments Conduct social engineering assessments and physical security testing when required Provide post-exercise debriefings and improvement recommendations Documentation & Reporting Contribute to internal knowledge base and best practices documentation Create detailed technical reports documenting vulnerabilities, exploitation methods, and remediation steps Develop executive summaries tailored for C-level audiences Maintain accurate project documentation and testing methodologies Required Qualifications Experience & Background 3-5 years of hands-on experience in vulnerability assessment and penetration testing Proven track record of successful client engagements and project delivery Experience with enterprise-level security assessments across various industries Demonstrated ability to work independently and manage multiple projects simultaneously Technical Expertise Deep understanding of security frameworks and standards: Penetration Testing Execution Standard (PTES) OWASP Top 10 and OWASP Testing Guide SANS Top 25 Most Dangerous Software Errors NIST Cybersecurity Framework CIS Critical Security Controls MITRE ATT & CK Framework Development & Programming Experience Software Development Background: Hands-on experience in application development and an understanding of secure coding practices are highly recommended. Programming and Scripting Languages: If you’re proficient in Python and Bash, that would be an added advantage. Additional experience in PowerShell is highly appreciated. Basic knowledge in at least one compiled language (C/C++, Go, Java, or C#) Custom Tool Development: You can efficiently develop custom security tools, exploits, and automation scripts Security Tools Expertise: You’re the person who can confidently leverage security tools with expert-level proficiency, such as Burp Suite Professional, OWASP ZAP, Nmap, Nessus, OpenVAS, Metasploit, Cobalt Strike, Wireshark, tcpdump, Static analysis tools (SonarQube, Checkmarx, and Veracode), and Custom exploit development tools. Social Engineering & Phishing Expertise Social Engineering Assessments: Design social engineering tests to trigger human response to various threat scenarios. Phishing Simulations: Run phishing simulations ethically. Physical Security Testing: Perform on-site assessments through tailgating, badge cloning, and facility penetration. Awareness Training: Provide security awareness training based on assessment findings OSINT (Open Source Intelligence): Gather and analyze publicly available information for reconnaissance and social engineering preparation. Communication & Language Skills Excellent communication skills (both written and spoken) Effectively communicate complex technical concepts to non-technical stakeholders Strong presentation and public-speaking abilities Can professionally draft technical documentation and reports Professional Attributes Strong analytical and problem-solving abilities Attention to detail with a methodical approach to testing Ability to think like an attacker and anticipate security threats Commitment to ethical hacking principles and professional conduct Continuous learning mindset to stay current with emerging threats and technologies Research-Oriented Mindset: Can deep research in all efficacy to understand emerging vulnerabilities, attack vectors, and security trends. Innovation and Tool Development: Proactive approach to developing custom security tools, scripts, and methodologies for enhancing testing capabilities Creative thinking for developing novel attack scenarios and bypassing security controls Preferred Qualifications Certifications: OSCP (Added Advantage), GPEN, CRTO, and CRT Additional Experience (If any applicable) Experience with DevSecOps practices and CI/CD pipeline security Background in software development or system administration Knowledge of compliance frameworks (PCI DSS, HIPAA, GDPR, SOC2, ISO 27001) Experience with threat intelligence platforms and indicators of compromise Familiarity with containerization security (Docker, Kubernetes) Previous consulting or client-facing experience Location: Govt. Cyberpark, Calicut Experience: 3 – 5 Years Be it undertaking vulnerability assessment or performing in-depth penetration testing, your role as a senior VAPT consultant highly counts when it comes to safeguarding our clients’ critical assets by detecting threats and closing security gaps – proactively and efficiently. Where confidence, knowledge, and aptitude combine to effectively undertake high-profile security tests like ethical hacking, it is these qualities that we expect from you for the concerned role. Contact us if you believe you aptly fit in this role.