3847 Nist Jobs - Page 38

Location: Gurgaon (Work from Office) Looking for Immediate joiners only Required Technical Skills & Experience: Experience: 7+ years in cybersecurity, with at least 3 years in a SOC leadership role . SIEM & Log Analytics: XSIAM, ArcSight, Splunk, Elastic Stack (ELK), QRadar, Microsoft Sentinel Threat Intelligence: MITRE ATT&CK, Cyber Kill Chain, MISP, STIX/TAXII. Incident Response & Forensics: Volatility, Wireshark, FTK, EnCase, Sleuth Kit, YARA. Endpoint Security & EDR/XDR: CrowdStrike Falcon, Microsoft Defender, Palo Alto XDR, SentinelOne, Carbon Black. Cloud Security: AWS GuardDuty, Azure Security Center, Google Chronicle, CSPM, CNAPP. Compliance & Risk: NIST 800-53, ISO 27001, PCI-DSS, SOC2, GDPR, CIS Benchmarks. Key Responsibilities: SOC Operations & Security Monitoring Lead and manage the 24/7 Security Operations Center (SOC) , ensuring continuous threat detection and response . Working extensively on SIEM (XSIAM. Arcsight, Splunk, QRadar, ELK, Sentinel, etc.) and other security monitoring tools. Oversee 24/7 monitoring of security events and alerts. Ensure effective use of SIEM (Security Information and Event Management) tools. Prioritize, analyze, and manage security incidents. Improve threat intelligence capabilities and integrate with threat intelligence feeds. Continuously optimize detection rules, correlation logic, and security alerts to minimize false positives and improve response times. Incident Response & Management Develop and enforce incident response plans (IRPs) . Ensure timely response to cyber threats, minimizing impact. Coordinate with stakeholders during major incidents. Conduct post-incident analysis and lessons learned exercises. EDR/XDR (Endpoint Detection & Response / Extended Detection & Response) CrowdStrike Falcon – AI-powered threat detection with real-time response. Palo Alto XDR – Extended Detection and Response. Microsoft Defender for Endpoint – Integrated with Azure security solutions. – Behavioral AI-driven endpoint protection. Carbon Black (VMware) – Next-gen EDR with cloud analytics. Sophos Intercept X – Machine-learning-based ransomware prevention. Threat Intelligence Platforms (TIP) Recorded Future – AI-driven threat intelligence analysis. MISP (Malware Information Sharing Platform) – Open-source threat sharing platform. Flashpoint Threat Intel Outseer AFCC ( Previously RSA) IBM X-Force Exchange – Intelligence-sharing with global threat data. Anomali ThreatStream – Automated threat intelligence processing. VirusTotal Enterprise – File and URL malware scanning with shared intelligence. Compliance & Reporting Ensure compliance with security frameworks (ISO 27001, NIST, GDPR, etc.). Maintain accurate security logs and reports for audits. Prepare executive-level reports on security incidents and risk posture.

Let me tell you about the role We are looking for an Information Security Engineering Specialist with great knowledge in security fundamentals and is eager to apply them in complex environments. In this role, you will assist in implementing security controls, executing vulnerability assessments, and supporting automation initiatives. This position will have an emphasis in one or more of the following areas cloud security; infrastructure security; and/or data security. You will have an opportunity to learn and grow under the mentorship of senior engineers, while also contributing to critical security tasks that keep our organization safe. What you will deliver Define security policies that can be used to improve our cloud, infrastructure or data security posture. Integrate our vulnerability assessment tooling into our environments, to provide continuous scans, uncovering vulnerabilities, misconfiguration or potential security gaps. Work with engineering teams to support the remediation and validation of vulnerability mitigations and fixes. Integrate security validations into continuous integration/continuous deliver (CI/CD) pipelines and develop scripts to automate security tasks. Maintain clear, detailed documentation of security procedures and policies, including how to embed and measure security on our cloud, infrastructure or data environments. What you will need to be successful (experience and qualifications) Seasoned security professional with 3+ years delivering security engineering services and/or building security solutions within a complex organization. Practical experience designing, planning, productizing, maintaining and documenting reliable and scalable data, infrastructure, cloud and/or platform solutions in complex environments. Firm foundation of information and cyber security principles and standard processes. Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus. Development experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or cloud environments (including AWS, Azure, Alibaba, etc.) Exposure/experience with full stack development. Experience with security tooling (vulnerability scanners, CNAPP, Endpoint and/or DLP) and automation and scription for security tasks (e.g., CI/CD integration). Familiarity with basic security frameworks such as NIST CSF, NIST 800-53, ISO 27001, etc. Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX) Continuous learning and improvement approach. This position is a hybrid of office/remote working

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats. Do Design and develop enterprise cyber security strategy and architecture Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses Identify risks associated with business processes, operations, information security programs and technology projects Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge Identify security design gaps in existing and proposed architectures and recommend changes or enhancements Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. Provide support during technical deployment, configuration, integration and administration of security technologies Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity Provide solution of RFPs received from clients and ensure overall design assurance Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture Depending on the clients need with particular standards and technology stacks create complete RFPs Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps Evaluate and recommend solutions to integrate with overall technology ecosystem Tracks industry and application trends and relates these to planning current and future IT needs Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers Provide training to employees on issues such as spam and unwanted or malicious emails Stakeholder Interaction Stakeholder Type Stakeholder Identification Purpose of Interaction Internal Program Manager/Director Regular reporting & updates Infrastructure (CIS team) For infrastructure support External Customer To coordinate for all security breaches & resolutions Display Lists the competencies required to perform this role effectively: Functional Competencies/ Skill Leveraging Technology - Knowledge of current and upcoming security technologies (e.g. Firewalls, IPS, DDoS, SIEM, WAF, Endpoint etc.) and understanding of compliance regulatory requirement like PCI DSS, HIPAA, etc.- Expert Systems Thinking - Understanding of the Wipro system (interrelatedness, interdependencies and boundaries) and perform problem solving in a complex environment - Expert Leveraging Technology - In-depth knowledge of and mastery over ecosystem technology that commands expert authority respect - Master Technical Knowledge - Certified Information Systems Security Professional (CISSP), Cloud Architect Certification from AWS and Azure, ToGAF or SABSA certification- Master Competency Levels Foundation Knowledgeable about the competency requirements. Demonstrates (in parts) frequently with minimal support and guidance. Competent Consistently demonstrates the full range of the competency without guidance. Extends the competency to difficult and unknown situations as well. Expert Applies the competency in all situations and is serves as a guide to others as well. Master Coaches others and builds organizational capability in the competency area. Serves as a key resource for that competency and is recognized within the entire organization. Behavioral Competencies Effective Communication Managing Complexity Client centricity Technology Acumen Innovation Problem Solving approach Collaborative Working Execution Excellence

Grow Fearlessly Who are we? Eliminate Fraud. Establish Trust. IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Mitigation, Digital Onboarding and Digital Privacy. We establish trust while delivering a frictionless experience for you, your employees, customers and partners. Only IDfy combines enterprise-grade technology with business understanding and has the widest breadth of offerings in the industry. With more than 12+ years of experience and 2 million verifications per day, we are pioneers in this industry. Our clients include HDFC Bank, Indusind Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. We have successfully raised $27M from Elev8 Venture Partners, KB Investment, and Tenacity Ventures! We are the perfect match if you... Have 15+ years - Experience with cloud-based security management/IDS/IPS/SIEM tools, security vulnerability assessments, encryption, etc Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based server development Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, SOC2, PCI, GDPR, CCPA, etc) CISM, CISSP, or other Security Certifications. Cloud security certifications on AWS, GCP or Azure Being a life-long learner; always looking to stay up to date with the latest attack vectors, vulnerabilities, remediation and protection paradigms, etc. Being self-motivated, proactive, driven individual Having strong interpersonal, oral, and written communication skills Ability to work and collaborate in a fast-paced multiple development centres across India Here’s what your day would look like... Primarily leading the IDfy Security, Compliance, and Privacy Practice and Function, ensuring the protection of data, infrastructure, and applications by continuously enhancing and monitoring the robust security framework that has been established, driving compliance with global regulations, and fostering a culture of security-first product development Defining and owning clear guardrails, alerts, and Security as Code (SaC) deployments to provide 24/7 protection from malicious traffic, vulnerabilities, and other attack vectors Reviewing and analyzing vulnerability data to identify security risks to the organization's network, infrastructure, and applications and determine any reported vulnerabilities that are false positives Building and maintaining monitoring, auditing, and reporting frameworks that produce artifacts that support security and compliance needs Developing processes that produce artifacts that support security and compliance requirements Working with other infrastructure, DevOps, and application engineers to understand product and business needs Participating in enterprise compliance audits as a security SME Mentoring team members and co-workers on security best practices What’s it like working at IDfy? We build products that detect and prevent fraud. At IDfy, you will apply your skills to stay one step ahead of fraudsters. You will be mind-mapping fraudsters’ modus operandi, predicting the evolution of fraud techniques, and designing solutions to prevent new & emerging fraud. At IDfy, you will work on the entire end-to-end solution rather than a small cog of a giant wheel. Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies. We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD 3 – Risk Consulting - Protect Tech - Staff (IT audit – General skills) Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 2-3 years of related work experience At least 1-2 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX framework Implementation and Testing of internal controls such as IT general controls, IT application controls, business controls, interface controls etc Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NA Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: Create asset list and prioritize assets, conduct regular vulnerability assessments based on the Tenable tool, identify security weaknesses in systems and applications, work with peer teams till closure of the Vulns, track patching as per proposed timelines. Roles & Responsibilities: -Create correct asset list -Perform Vuln assessment -Relevant request to be raised thorough SNow. -Highlighting issues with the Scanned report to Product team and resolve it immediately. If issue not getting resolved, then escalate it to right stakeholder. -Analyse scan results and generate comprehensive reports detailing vulnerabilities, potential impacts, and remediation recommendations/Action plan with dates. -Collaborate with IT, Partner, Business and Security teams to prioritize and address identified vulnerabilities based on risk assessments and -business impact. -Monitor and track remediation efforts on weekly / monthly basis to ensure vulnerabilities are resolved within defined timelines. -Maintain and update documentation related to vulnerability management processes, policies, and procedures. -Stay current with industry trends, threats, and vulnerabilities to provide informed recommendations and enhancements to the policies, and procedures. Professional & Technical Skills: -Familiarity with vulnerability scanning tools, particularly Tenable and Snow. -Understanding of security frameworks and standards (e.g., NIST, ISO 27001). -Strong analytical and problem-solving skills with attention to detail. -Relevant certifications (e.g., Vulnerability Management, Certified Ethical Hacker (CEH), or similar) are a plus. -To succeed in this role, you should have the following skills and experience -Experience in vulnerability management or security operations Additional Information: - The candidate should have minimum 7.5 years of experience in Infrastructure Security Vulnerability Management Operations. - This position is based at our Gurugram office. - A 15 years full time education is required.

Role Purpose : As GRC (Governance, Risk, and Compliance) Manager is responsible for overseeing and managing the risk assessment, remediation, and monitoring of information and technology process risks. This role involves ensuring that all risk and compliance activities are performed effectively by various control functions. The GRC Manager also serves as an internal consultant, providing guidance to operating functions and business lines on risk-related matters. Additionally, they are tasked with identifying, assessing, quantifying, reporting, communicating, mitigating, and monitoring process risks to ensure the organization's overall security and compliance posture. Responsibilities: Ensure strong governance on risk and compliance performed by various control functions. Manage risk assessment, remediation, and monitoring of information and technology process risks. Serve as an internal risk consultant to operating functions and business lines. Identify, assess, quantify, report, communicate, mitigate, and monitor process risks. Support the implementation of information security policies. Discuss risk closure, mitigation, and acceptance with stakeholders. Ensure periodic entitlement reviews are completed, and risks are managed to an acceptable level. Collaborate with control functions to track and mitigate identified risks. Work with technology leaders to identify control gaps. Act as a subject matter expert for risk and controls related to operations. Maintain strong working relationships with stakeholders. Review and refine policies and processes based on industry best practices. Track identified risks and ensured their closure within defined timelines. Prepare and maintain risk heat maps and risk registers. Required Skills: Excellent executive-level communication skills. Strong working relationships with team members and the ability to motivate them. Knowledge in areas such as Application Security, Data Security, Identity Access Management, Information, Infrastructure Technology, GDPR, and ISO Audits. Solid understanding of Risk Management Lifecycle and exposure to standards like SOX, COBIT, PCI-DSS, NIST Control, etc. Understanding of Security incident response aspects is desirable. Good analytical, problem-solving, and interpersonal skills. B.E in Computer Science/Information Technology or equivalent qualification with 8-12 years of experience. Industry-recognized certification in information security such as CISSP, CISM, CISA, etc.

Your role We are looking for an experienced and strategic Detection Engineer across India. The ideal candidate will have a strong background in cybersecurity, detection and Splunk Enterprise Security. Develop and maintain cyber threat detection and hunting capabilities for Organization. Actively research, innovate and uplift in the areas of threat detection and hunting. Develop and maintain attack & use case models against Organizations environment and systems for the purposes of detection and monitoring use cases. Build and maintain continuous validation and assurance of the detection and hunting pipeline. Maximise detection visibility, coverage, and return-on-investment to maintain a defensible architecture across the business. Develop threat/attack models to depict and model detection of known attack vectors. Work with Threat Intelligence, Incident Response and Cyber Orchestration teams to prioritise and develop detection and orchestration capability. Work with the Red Team to actively test and validate detection capabilities Your Profile 5+ years of experience in a CSOC, Cyber detection, Threat Hunting and/or SOAR development role. 5+ years developing detections within a SIEM environment. Experience working with security tools such as endpoint detection and response systems, network anomaly detection, etc. Designing and implementing threat/attack modelling to derive abuse cases, detection logic and automation course of actions. Well versed in the development of detection and hunting strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration in the Financial Services sector or similar. Knowledge of the frameworks like NIST Cybersecurity framework, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain or similar methodologies is required What you"ll love about working here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work on cutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges

Responsibilities Design, implement, and optimize secure CI/CD pipelines across hybrid environments (cloud/on-prem). Operationalize DevSecOps frameworks with embedded controls for static/dynamic code analysis, secrets management, and runtime policy enforcement. Implement Infrastructure as Code (IaC) practices using tools like Terraform, Ansible, CloudFormation. Integrate cybersecurity tools and telemetry (e.g., SAST, DAST, SCA, EDR, vulnerability scanners) across the development lifecycle. Govern DevOps platform tools (e.g., Jenkins, GitHub Actions, Azure DevOps, ArgoCD) with secure configurations and traceability. Partner with cybersecurity teams to ensure regulatory alignment (IEC 62443, NIST CSF) via automated controls and compliance-as-code. Enable release velocity and rollback confidence through blue-green deployments, canary testing, and automation QA. Drive performance monitoring and incident response readiness through log aggregation, alerting, and dashboarding (e.g., Prometheus, Grafana, ELK). Coach DevOps engineers, implement sprint KPIs, and lead tool evaluations for emerging automation and security tooling. Preferred Qualifications Education: Bachelor’s degree in Computer Science, Engineering, or a related technical discipline. Master’s degree preferred (in Cybersecurity, Systems Engineering, or DevOps Automation). Certifications (preferred): DevOps: Certified Jenkins Engineer, GitHub Actions, Azure DevOps Expert, or similar. IaC / Automation: HashiCorp Terraform Associate, Red Hat Ansible Automation. Security Tooling: Practitioner-level training in SAST/DAST/SCA/EDR (e.g., Aqua Security, Snyk, SonarQube). Cloud Security: AWS Security Specialty, Azure Security Engineer, or CCSP. Compliance: Awareness training in IEC 62443 or NIST CSF is desirable. Qualifications Key Requirements 8 + years of technology experience with strong focus on DevOps, cybersecurity integrations, and infrastructure automation. Expertise in building and governing CI/CD pipelines and cloud-native deployment workflows. Proven knowledge of tools such as Jenkins, GitHub Actions, ArgoCD, Terraform, Vault, and container security platforms. Hands-on experience with security tools integration (e.g., Checkmarx, SonarQube, Aqua, Snyk, Prisma Cloud). Familiarity with compliance and security frameworks (e.g., NIST, ISO 27001, IEC 62443) in OT/IT environments. Experience working with OT/ICS environments or industrial networks is preferred. Strong scripting and automation skills (Python, Shell, Go, etc.). Ability to work in cross-functional, Agile-driven teams and mentor engineers in secure software delivery practices.

Responsibilities Lead the architecture and engineering of modular, multi-tenant cybersecurity platforms for IT/OT convergence. Build and scale cloud-native infrastructures using AWS/Azure/GCP, ensuring 99.9% uptime, horizontal scalability, and security-by-design principles. Implement and govern robust CI/CD, IaC (e.g., Terraform), containerization (e.g., Kubernetes, Docker), and monitoring frameworks (e.g., Prometheus, Grafana, ELK). Ensure platform readiness for integration with cybersecurity tools including SIEM, SOAR, EDR/XDR, IAM, PKI, and asset discovery platforms. Drive DevSecOps maturity across environments, ensuring best practices in secure coding, automated testing, secrets management, and release pipelines. Define platform engineering OKRs, build sprint governance, and lead agile delivery teams across infrastructure, tooling, and backend development. Collaborate with Product, Delivery, OT Engineering, and GRC teams to ensure platform alignment to business goals, service offerings, and compliance needs. Lead vendor evaluations, tool benchmarking, and integration programs with OEM cybersecurity, cloud, and automation partners. 15+ years of experience in technology architecture or platform engineering, with minimum 5 years in leadership roles. Deep expertise in cloud-native architecture, DevSecOps, SRE, and cybersecurity integrations. Experience in microservices, modular platforms, and container orchestration (K8s, Docker). Strong exposure to at least two public clouds (AWS/Azure/GCP). Hands-on experience with infrastructure automation, secrets management, and release pipelines. Familiarity with compliance standards such as IEC 62443, NIST CSF, ISO 27001 is a plus. Prior experience in OT/ICS cybersecurity, IT-OT convergence, or critical infrastructure platforms is desirable. Proven ability to lead cross-functional teams, communicate with CXOs, and manage strategic vendors. Qualifications Education: Bachelor’s or Master’s degree in Computer Science, Information Technology, or related field. Additional specialization in Cybersecurity, Cloud Architecture, or Systems Engineering is a strong plus. Certifications (preferred, not mandatory): Cloud Certifications: AWS Certified Solutions Architect – Professional, Azure Solutions Architect Expert, or GCP Professional Cloud Architect. Security Certifications: CISSP, CISM, or CISA (to demonstrate security leadership). DevOps / Architecture: TOGAF, Kubernetes CKA/CKAD, or HashiCorp Terraform Certification. Compliance: IEC 62443 awareness, or training in NIST/ISO 27001/GRC frameworks.

Responsibilities Delivery Support & Coordination Assist in the day-to-day management of ongoing cybersecurity projects (assessment, implementation, or operations). Maintain project trackers, action logs, SLA dashboards, and delivery documentation. Track task-level progress across internal teams and external partners. Participate in client calls and internal reviews as a support owner. Governance & Reporting Prepare reports, presentations, and dashboards for internal and client stakeholders. Ensure accuracy and timely submission of status updates, metrics, and incident logs. Maintain risk and issue logs and follow up on closure. Process Adherence & Quality Control Ensure compliance with internal delivery frameworks, SOPs, and documentation standards. Support delivery audits, knowledge management, and quality control initiatives. Learn and apply ITIL/NIST/ISO 27001 delivery principles under guidance. Qualifications Must-have 1–3 years of experience in cybersecurity, IT operations, or project coordination. Strong interest in OT/IT security domains and service delivery. Good understanding of cybersecurity concepts (firewalls, IAM, incident response, etc.). Excellent communication, documentation, and task-tracking skills. Strong problem-solving orientation and willingness to work in client-facing settings. Preferred Bachelor’s in Computer Science, IT, Electronics or equivalent. Certifications (preferred): ISO 27001 Foundation, ITIL Foundation, or any entry-level security certification. Exposure to industrial systems, SCADA, or SOC tools is a plus.

Responsibilities Oversee real-time incident handling, escalation management, and response coordination for cyber threats, breaches, and anomalies Act as the primary escalation point during high-severity incidents, ensuring containment and rapid resolution Design and maintain incident response runbooks, playbooks, SLA matrices, and crisis communication protocols Lead and manage triage activities Ensure tight integration between SOC operations, threat intelligence, DFIR, and red/blue teams Drive detection engineering efforts to improve alert quality, correlation logic, and MITRE ATT&CK mapping Implement continuous improvement programs in MTTR, false positive reduction, and analyst productivity Lead post-incident RCA reviews, reporting, and feedback loops to enhance readiness Manage relationships with OEMs, MSSPs, and security product vendors for technology alignment Mentor SOC managers, team leads, and analysts to build a resilient and responsive operations team Ensure compliance with security and privacy standards (e.g., NIST, IEC 62443, ISO 27001, DPDP Act) Deep expertise in SIEM (e.g., Splunk, QRadar, LogRhythm, SentinelOne), SOAR platforms, EDR/XDR tools, threat intelligence platforms Strong knowledge of network security, log analysis, endpoint telemetry, and OT-specific telemetry correlation Familiarity with MITRE ATT&CK, cyber kill chain, and threat hunting techniques Knowledge of OT security architectures including SCADA, PLCs, DCS, and OT network segmentation Scripting and automation exposure (Python, PowerShell, Bash) preferred Familiarity with OT SOC environments, ICS protocol detection (Modbus, DNP3), and industrial anomaly detection tools (e.g., Nozomi, Claroty) Leadership & Personality Traits Strategic thinker with an operations-first mindset and execution rigor Calm, decisive, and clear-headed in crisis and high-pressure scenarios Strong stakeholder engagement and communication skills across technical and executive levels Proven ability to lead multi-location teams with cultural sensitivity and high performance Continuous learner with a growth mindset and passion for cybersecurity excellence Preferred Industry Background Large industrial conglomerates (Power, Ports, Renewables, Mining, Airports) OT and IT OEMs MSSPs, SOC service providers Consulting firms with cyber defence practices (e.g., Big 4) Qualifications Bachelor’s or Master’s in Cybersecurity, Computer Science, or Engineering Preferred certifications: CISSP, CISM, GCIA, GCIH, or SOC-related credentials 12 + years of cybersecurity experience, with at least 6 years in SOC/IR leadership roles Experience managing global SOC operations or OT-specific cyber operations is a strong plus

Responsibilities Lead the implementation and operation of IGA platforms (e.g., SailPoint, Saviynt, ForgeRock) across enterprise and industrial environments Define and enforce identity lifecycle policies (JML), SoD controls, certification workflows, and role-based access models Manage a team of engineers and analysts across client engagements for successful IGA delivery Build and execute roadmaps for access governance, recertification campaigns, identity analytics, and compliance reporting Design integrations with HRMS, AD/Azure AD, ITSM, ERP, and OT domain directories and controllers Drive automation of user provisioning, deprovisioning, and policy enforcement across hybrid (IT+OT) landscapes Ensure all implementations align to frameworks like NIST, ISO 27001, and IEC 62443 where applicable Act as a SME for internal and customer audits, IAM maturity assessments, and zero-trust readiness Work closely with the Head of IDAM and collaborate with adjacent teams including PAM, CIAM, Service Delivery, and OT Security Train junior team members and contribute to IGA capability development within the company Preferred Certifications SailPoint Certified Implementation Engineer or equivalent CISSP / CISM / ISO 27001 LA ITIL / PMP / TOGAF (as a bonus) Qualifications 12 + years of experience in Identity & Access Management, with minimum 6 years in IGA platforms Hands-on experience with SailPoint IIQ/Saviynt/ForgeRock IGA tools (implementation, administration, custom connectors) Proven track record in delivering end-to-end IGA projects at scale (10,000+ identities) Strong understanding of access governance, RBAC/ABAC, SoD frameworks, and regulatory compliance Experience integrating IGA with hybrid environments (cloud/on-prem/OT) Working knowledge of identity protocols: SAML, OAuth2, SCIM, OIDC Knowledge of OT protocols (Modbus, DNP3, OPC-UA) or IEC 62443 is a plus Excellent communication, team leadership, and client/stakeholder management skills

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: IDAM Security Consulting. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: IDAM Security Consulting. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: IDAM Security Consulting. Experience: 8-10 Years.

Splunk, a Cisco company, is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Job Description Join us as we pursue our vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey. Role Description Splunk’s Assurance, Advisory, Risk and Compliance (SpAARC) team is looking for a motivated Senior Technology Compliance Analyst who will own delivering technology assurance, advisory, compliance and risk management services to the company. In this position, you will make a difference at Splunk and stand out from others by building consultative partnerships with business owners, internal/external auditors, and engineering teams to drive risk mitigation, process gaps maturity, and control management. Being analytical, upbeat, creative, and one who thrives in a highly skilled and dynamic environment will lead to success. Your focus will be on compliance efforts that meet or exceed various technology security compliance and internal controls that include, but are not limited to, SOC I & II, HIPAA, ISO 27001, 27017, 27018, PCI-DSS, IRAP, TISAX, CSA STAR, and ISMAP as it pertains to software, Cloud, and on premise environments. You must be comfortable working with both technical and non-technical resources and have experience describing compliance requirements in a technical manner. This position is based at Splunk’s Hyderabad office. The position may require the ability to travel (domestic and international) for approximately 10 to 20% of the time. Responsibilities You will own the planning, execution, and reporting of technology and security assessments within Splunk's Operations / Engineering / Technology areas. You will ensure accurate identification, communication, and mitigation of risks, processes, and internal control gaps with potential adverse operational, financial, strategic and compliance risk implications. You will engage with business and control owners, internal & external auditors, as well as Splunk leadership on new and ongoing compliance initiatives. You will facilitate the execution of external audits over Splunk’s products and internal controls. You will be responsible for leading audit walkthroughs, and driving the process of audit evidence collection and review for internal and external audit engagements. Participate in end-to-end walkthroughs by partnering with business teams to understand processes, identify risks, control gaps, and improvement opportunities. You will assist in the design of automation to enable scalability of the compliance programs You will own the follow up of action plans to ensure appropriate and timely mitigation of identified risks. You have hands-on experience in assessing technology and compliance risks and controls in technology processes, cloud applications, cloud infrastructure. Job Requirements 8+years of experience in information technology, security, and internal control auditing in house and/or with a professional services firm. Hands-on experience with reviewing and testing common IT & Engineering technologies including operating systems (OS), databases, network infrastructure, application security, Linux/Windows system security, mobile device security, cloud technologies and applications (IaaS, SaaS, PaaS environments, etc.). Implemented and/or audited controls from at least two common industry and regulatory frameworks and standards (e.g., NIST, SOC I & II, ISO (27001, 27017, 27018), HIPAA, PCI-DSS, ISMAP, TISAX, IRAP, ITIL, etc.). Strong leadership, communication, presentation and interpersonal skills to interact with technical and non-technical colleagues and management. Experience formulating audit testing plans, steps, and procedures. Strong audit documentation skills and attention to detail are a must. You are a team-player with high EQ. You are motivated, enthusiastic, efficient, and able to work independently to multitask and lead multiple workloads to timely completion. Experience with multinational company’s operations and proficiency in a foreign language is a plus. Unquestionable integrity and credibility. Ability to work in a fast-paced and dynamic environment. Education Got it! Bachelor’s degree preferably in Technology, Engineering, Business or equivalent. Professional certifications e.g. CISSP, CEH, CIPP, CISM, PMP, CISA are a plus. Proven skill in Google Suite, ServiceNow, and Atlassian Tools (Jira, Confluence) Proficient with Splunk products desired but not required. We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.

Entity: Technology Job Family Group: IT&S Group Job Description: You will work with A hardworking and multi-functional team of IAM architects, security engineers, platform owners, and business collaborators across HR, IT operations, and compliance. This team flourishes with collaboration, a security-first approach, and a strong dedication to automation and scalability. You’ll engage with a diverse set of federated teams, helping them integrate and mature their access governance capabilities. We value innovation, continuous improvement, and product thinking—empowering you to lead with impact, drive adoption through streamlined experiences, and shape the future of identity governance. You’ll be part of a supportive environment that encourages knowledge sharing, agile practices, and staying ahead of emerging IAM trends. Let Me Tell You About The Role Senior Enterprise Technology Engineer – Identity Governance Onboarding, you will play a critical role in helping federated teams govern their access by onboarding them onto our IGA platform. Your mission is to make the onboarding process streamlined, scalable, and automated, ensuring teams can adopt governance capabilities with minimal effort. This role will be part of team that drives the integration of systems into IGA, ensuring visibility, policy enforcement, and access governance maturity. You will lead the development of self-service, BAU, and project-based onboarding strategies, allowing teams to evolve from basic governance (visibility, access reviews) to advanced governance (recertification, segregation of duties, and attestation). What You Will Deliver Supporting IGA Onboarding & Adoption – Assist in connecting applications and systems to the IGA platform through self-service, automation, or project-based onboarding, helping teams adopt governance capabilities efficiently. Implementing Access Governance Controls – Contribute to enabling access to entitlements, supporting policy enforcement, and assisting in the implementation of governance features such as recertification, attestation, and segregation of duties (SOD). Contributing to IGA Platform Enhancements – Participate in designing and improving features that streamline onboarding processes and make it easier for teams to integrate with the IGA platform. Data Integration & Source Mapping – Work with senior engineers to identify and configure appropriate data sources and connectors that support identity lifecycle and governance requirements. Supporting Compliance & Audit Activities – Help ensure that onboarding and governance activities meet compliance standards such as SOX and GDPR, and assist with access reviews and certification processes. multi-functional Collaboration – Collaborate with IAM platform teams, HR, IT operations, and business units to understand integration needs and support onboarding efforts. Ongoing Optimization & Feedback Loops – Monitor onboarding progress, gather feedback from collaborators, and contribute to continuous improvement of onboarding flows and governance capabilities. What you will need to be successful (experience and qualifications) Technical Skills We Need From You Bachelor’s degree in technology, Engineering, or a related field. Demonstrable experience in enterprise technology, security, and operations in large-scale global environments. Strong collaborator management skills, with the ability to engage and influence senior business leaders. Experience implementing CI/CD pipelines, DevOps methodologies, and Infrastructure-as-Code (Terraform, Ansible, etc.). Deep knowledge of ITIL, Agile, and enterprise IT governance frameworks. A passion for emerging technology trends, security standard methodologies, and innovation. Essential Skills Identity & Access Management (IAM) Foundation Hands-on experience with Identity Governance & Administration (IGA) tools such as SailPoint, Saviynt, ForgeRock, or Microsoft Entra ID Governance. Working knowledge of identity lifecycle processes, role-based access control (RBAC), and attribute-based access control (ABAC). Familiarity with access request workflows, entitlement reviews, and segregation of duties (SOD) concepts. Technical & Automation Skills Exposure to integrating applications with IGA platforms and assisting with connector development and onboarding automation. Basic understanding of REST APIs, JSON, SCIM, and directory services for identity synchronization. Experience writing scripts (e.g., Python, PowerShell) and working with Infrastructure as Code tools (e.g., Terraform, Ansible) to support IAM automation efforts. Governance, Compliance & Risk Awareness Awareness of regulatory compliance frameworks such as SOX, GDPR, ISO 27001, and NIST 800-53, and how they relate to identity governance. Experience participating in access reviews, recertification efforts, and audit-related tasks. Collaboration & Execution Ability to work effectively with IAM platform teams, security teams, and business partners to support onboarding and governance activities. Strong communication and solving skills, with a focus on translating technical requirements into actionable work. Skills That Set You Apart All engineers in our team are expected to adopt the following values and practices: Security-First Attitude – Embed security in day-to-day IAM work, recognizing the importance of identity in modern enterprise security. Automation-Driven Culture – Support efforts to automate IAM processes and contribute to CI/CD-enabled environments. Collaborative Approach – Partner with multi-functional teams to understand business needs and deliver effective IAM solutions. Agile Thinking – Participate in Agile ceremonies, contribute to sprint planning, and deliver incremental improvements to IAM capabilities. Continuous Learning – Stay curious and proactive in learning about new IAM technologies, compliance requirements, and security standard processes. About Bp Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner! We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Travel Requirement Up to 10% travel should be expected with this role Relocation Assistance: This role is eligible for relocation within country Remote Type: This position is a hybrid of office/remote working Skills: Legal Disclaimer: We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us. If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Responsibilities: Hunt, develop, and close new business opportunities CNAPP selling experience will be useful Delivery high-level and detailed sales presentations Respond to functional and technical elements of RFIs/RFPs Provide functional and technical support to prospects and customers Responsible for attending conferences, seminars virtually, in-region and nationally Ability to manage a realistic sales funnel, follow up on inbound leads quickly, and cold call into large Fortune 500 / S&P 500 size organizations Qualifications: Ideal candidate must be self-motivated with strong knowledge in security and compliance space: CNAPP, Container Security, Vulnerability Management, Policy Compliance, Web Application Scanning, Threat Hunting / EDR, File Integrity Monitoring, and other enterprise security solutions. Strong track record of hunting, consulting, and closing new business Experience with Qualys is a plus, but not required Familiarity with compliance benchmarks such as CIS level 1 & 2, PCI, HIPAA, HITRUST, NERC, CIP, NIST, etc. Must possess strong presentation skills and be able to communicate professionally in response to emails, RFPs and when submitting reports 10+ years relevant experience Excellent written and oral communication skills Able to travel throughout sales territory Able to comfortably present to prospects and clients using video conferencing solutions in a work-from-home environment

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Zscaler Architecture Good to have skills : NA Minimum 3 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: We are seeking an experienced and driven Cloud Security Engineer with a strong focus on Zscaler security technologies, email security, and cloud security best practices. The ideal candidate will have a solid background in enterprise security solutions, cloud architectures, and SaaS-based security platforms. Roles & Responsibilities: - Configure, manage, and troubleshoot Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) platforms. - Design and implement security policies in Zscaler cloud firewall and proxy modules. - Monitor and enhance email security platforms (e.g., valimail, abnormal security , Microsoft Defender for Office 365). - Ensure protection against phishing, spoofing, and malware through DKIM, SPF, and DMARC implementation and tuning. - Perform cloud security posture management (CSPM) and support secure cloud migration. - Work closely with network and application teams to enforce zero trust architecture using Zscaler. - Analyze security logs, alerts, and incidents to drive continuous improvement. - Respond to security incidents and conduct RCA (Root Cause Analysis). - Support compliance and audit activities across cloud and email platforms. - Maintain documentation and assist in developing security playbooks and SOPs. Professional & Technical Skills: - Strong working knowledge of Zscaler ZIA / ZPA, including policy creation, traffic forwarding, and troubleshooting - Expertise in email security technologies (O365 ATP, DMARC, SPF, DKIM, etc.) - Good understanding of cloud platforms (Azure, AWS, GCP) and associated security models - Familiarity with SIEM, DLP, CASB, and Secure Web Gateway (SWG) - Ability to interpret logs and perform packet capture analysis (e.g., Wireshark) - Knowledge of industry standards such as NIST, ISO 27001, CIS Benchmarks - Scripting knowledge (PowerShell, Python) is a plus Additional Information: - 3+ years of hands-on experience in cloud security, email security, and network security - Preferred certifications:-Zscaler Certified Professional (ZCP/ZIA/ZPA) and Microsoft Certified: Security, Compliance, and Identity Fundamentals - This position is based at our Pune office. - A 15 years full time education is required., 15 years full time education

Responsibilities Execute technical deployment, configuration, and maintenance of IAM toolsets: SailPoint, Saviynt, CyberArk, ForgeRock, Okta, Azure AD, etc. Lead daily operations including user lifecycle automation, connector management, rule tuning, patching, and upgrade planning Manage integration of IAM platforms with IT and OT systems (ERP, SCADA gateways, cloud directories, HRMS, SIEMs) Maintain compliance with global frameworks (ISO 27001, NIST, IEC 62443) and internal security policies Ensure proper functioning of access reviews, policy violations, SoD checks, and automated certifications Develop scripts, APIs, and tool extensions to enable seamless operations and self-service functions Act as SME for all IAM tools during internal and external audits, client discussions, and incident response Monitor tool health, implement KPIs and dashboards, and proactively identify areas of improvement Work closely with Delivery, PAM, and Engineering teams for smooth handovers and incident resolution Qualifications Required Skills & Qualifications 7 + years of experience in IAM domain, with minimum 5 years in hands-on tool/platform management Strong implementation and operational knowledge of one or more IAM platforms: SailPoint IIQ, Saviynt, CyberArk, ForgeRock, Okta, Azure AD Proven track record managing IAM connectors, schema mapping, rule-based provisioning, and API integrations Solid grasp of authentication protocols (LDAP, SAML, OAuth, OIDC), scripting (PowerShell, Python), and cloud IAM (Azure, AWS) Experience supporting OT IAM implementations or integration with SCADA/ICS components is a strong plus Working knowledge of identity governance workflows, SoD policies, privileged access controls, and identity analytics Strong documentation, troubleshooting, and RCA/reporting abilities Preferred Certifications Tool-specific certifications (e.g., SailPoint Implementation Engineer, CyberArk Defender, Saviynt CPAM) ITIL v4 Foundation, ISO 27001 Implementer or similar Basic CISSP/CISA-level understanding desirable

Job Description WHAT YOU’LL DO We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong background in penetration testing to join our cybersecurity team. The successful candidate will be responsible for identifying potential security risks and vulnerabilities in our organization's systems, applications, and networks, performing penetration testing, and facilitating and managing third-party penetration testing engagements. Who You’ll Work With Attack Surface Reduction team helps and contribute to improve the security posture of H&M by operating within an Agile model. We play a crucial role in proactively identifying and help in mitigating potential security risks and vulnerabilities across H&M's systems, applications, and networks, with the aim of preventing unauthorized access, data breaches, and other security incidents. Key Responsibilities: Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on H&M's systems, networks, and applications. Utilize industry-standard tools and methodologies to identify potential vulnerabilities and weaknesses in our attack surface. Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in a timely manner. Experience in designing, implementing, and managing vulnerability management processes and workflows. Facilitate and manage penetration testing engagements with third-party vendors. Collaborate with other members of the cybersecurity team to develop and implement strategies to reduce our attack surface. Develop and maintain security policies and procedures for our organization's systems, applications, and networks. Monitor our organization's systems, applications, and networks for unauthorized access, suspicious activity, and other security threats. Stay up to date with the latest trends and developments in the field of cybersecurity, specifically related to attack surface reduction techniques. Who You Are We are looking for people with… Bachelor's degree in computer science, information security, or a related field. 3-5 years of experience in vulnerability scanning, vulnerability management, and penetration testing. Solid knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Strong knowledge of security assessment tools, vulnerability scanning, and penetration testing. Proficient in using industry-standard vulnerability assessment and penetration testing tools (e.g., Kali Distro, Qualys, Burp Suite, etc.). Familiarity with industry frameworks and standards, such as NIST, OWASP, and CIS. Effective communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders. Excellent analytical, problem-solving, and communication skills. Relevant certifications, such as SANS, OSCP, OSEP, CompTIA Security+ or CREST are a plus. WHY YOU’LL LOVE WORKING HERE At H&M, we are proud to be a vibrant and welcoming company. We offer our employees attractive benefits with extensive development opportunities around the globe. We offer all our employees at H&M attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP. You can read more about our H&M Incentive Program here. In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment types and countries. JOIN US Our uniqueness comes from a combination of many things – our inclusive and collaborative culture, our strong values, and opportunities for growth. But most of all, it’s our people who make us who we are. Take the next step in your career together with us. The journey starts here. We are committed to a recruitment process that is fair, equitable, and based on competency. We therefore kindly ask you to not attach a cover letter in your application. Additional Information This is a full-time position, starting in August 2025 . Apply by sending in your CV in English as soon as possible, but no later than the 30th of June 2025 . Due to data policies, we only accept applications through the SmartRecruiters or career page

About Us Yubi stands for ubiquitous. But Yubi will also stand for transparency, collaboration, and the power of possibility. From being a disruptor in India’s debt market to marching towards global corporate markets from one product to one holistic product suite with seven products Yubi is the place to unleash potential. Freedom, not fear. Avenues, not roadblocks. Opportunity, not obstacles. Yubi, formerly known as CredAvenue, is re-defining global debt markets by freeing the flow of finance between borrowers, lenders, and investors. We are the world's possibility platform for the discovery, investment, fulfilment, and collection of any debt solution. At Yubi, opportunities are plenty and we equip you with tools to seize it. In March 2022, we became India's fastest fintech and most impactful startup to join the unicorn club with a Series B fundraising round of $137 million. In 2020, we began our journey with a vision of transforming and deepening the global institutional debt market through technology. Our two-sided debt marketplace helps institutional and HNI investors find the widest network of corporate borrowers and debt products on one side and helps corporates to discover investors and access debt capital efficiently on the other side. Switching between platforms is easy, which means investors can lend, invest and trade bonds - all in one place. All of our platforms shake up the traditional debt ecosystem and offer new ways of digital finance. Job Description Act as the liaison between business units and corporate security teams to align objectives with robust security strategies. Serve as the primary point of contact for clients for all security-related questions, concerns, and communications. Develop and implement security policies, standards, and procedures tailored to business needs. Lead risk assessments, identifying vulnerabilities that may impact business operations. Facilitate regular communication between IT, security, and business leaders to ensure alignment. Guide business units in understanding and mitigating cybersecurity risks. Oversee compliance with applicable data protection regulations and internal security requirements. Foster a culture of security awareness through training and effective communication. Drive incident response planning and coordinate swift actions during security breaches. Monitor emerging threats and continuously refine security practices to pre-empt risks. Report risk assessments, metrics, and progress updates to executive leadership for strategic decision-making. Collaborate with procurement and business teams to assess the security and privacy risks associated with third-party vendors used by the business units, ensuring compliance with TPRM policies. Facilitate external Infosec audits by coordinating with auditors, providing necessary documentation and access, and ensuring timely responses to audit findings. Maintain a strong understanding of the organization's security compliance obligations and work with business units to ensure adherence. Drive initiatives to address compliance gaps and implement necessary controls. Requirements Requirement Bachelor’s degree in Computer Science, Information Security, or a related field; a Master’s degree is often preferred. Experience in “ISO 27001” is a must for the role. 2+ years of experience in cybersecurity, risk management, or IT security roles with increasing responsibilities. Recognized certifications such as CISSP, CISM, or equivalent demonstrate proficiency in security best practices. Proven track record in leading cross-functional teams and managing security programs in a complex business environment. Deep understanding of compliance requirements, regulatory frameworks, and the ability to align security strategies with business objectives. Excellent communication, interpersonal, and stakeholder management skills, with the ability to influence without authority Strong analytical and problem-solving skills, with the ability to translate technical security concepts into business language. Ability to work independently and collaboratively within a fast-paced, dynamic environment. Strong understanding of information security principles, frameworks (e.g., ISO 27001, SOC2, NIST CSF), and relevant compliance regulations.