4004 Nist Jobs - Page 44

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: SailPoint Identity Mgmt and Governance. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: F5 Load Balancers. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Fortinet Firewall. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Azure Cloud Workload Security. Experience: 8-10 Years.

As a Senior Network Security Specialist at Incedo, you will be responsible for managing and maintaining client network security. Your duties will include implementing security protocols, monitoring security logs, conducting vulnerability assessments, collaborating with other teams to manage risk, and providing security recommendations. Roles & Responsibilities: Designing and implementing network security strategies. Identifying and mitigating network security threats and vulnerabilities. Configuring and managing security devices such as firewalls and intrusion detection systems. Conducting security audits and assessments. Collaborating with other IT teams to ensure security policies and procedures are implemented. Providing technical support for security-related issues. Maintaining documentation of security configurations and changes. Technical Skills Skills Requirements: Knowledge of network security practices such as access control, intrusion detection, and incident response. Experience in configuring and managing network security devices such as firewalls, VPNs, and IDS/IPS. Familiarity with network security monitoring tools such as Wireshark, Snort, or Bro. Understanding of security frameworks and regulations such as NIST or PCI-DSS. Must have excellent communication skills and be able to communicate complex technical information to non-technical stakeholders in a clear and concise manner. Must understand the company's long-term vision and align with it. Provide leadership, guidance, and support to team members, ensuring the successful completion of tasks, and promoting a positive work environment that fosters collaboration and productivity, taking responsibility of the whole team. Nice-to-have skills Qualifications Qualifications 4-6 years of work experience in relevant field B.Tech/B.E/M.Tech or MCA degree from a reputed university. Computer science background is preferred

We are seeking a highly motivated Responsible and Secure AI Governance Specialist to join our Cyber team. The ideal candidate will be engaged in the design, implementation, and monitoring of governance frameworks that ensure the ethical, secure, and compliant deployment of AI technologies within our services. This role will collaborate closely with technology, security, compliance, legal, and business units to manage AI risks, uphold data privacy, and align AI systems with evolving regulatory standards Responsibilities Develop, implement, and maintain AI governance policies, standards, and best practices tailored for ITES environments Conduct AI risk assessments focused on model bias, fairness, security vulnerabilities, and compliance with data privacy laws (GDPR, HIPAA, etc.). Collaborate cross-functionally to embed security and ethical considerations into the AI/ML lifecycle, including data acquisition, model development, testing, deployment, and monitoring. Design and oversee continuous AI model monitoring processes to detect anomalies, bias, data drift, and security threats. Support incident response planning for AI-related security breaches or compliance issues. Provide training and awareness sessions on AI governance, ethics, and security best practices for internal teams. Stay current with AI governance frameworks, regulations, and emerging risks; advise leadership on necessary policy updates and strategic initiatives. Work with Technology and cloud teams to ensure AI systems align with organizational cybersecurity and data protection policies Prepare reports and dashboards for leadership to highlight AI governance metrics and compliance status. Research on AI regulations and ensure program alignment Subject Matter Expertise Proficiency in data privacy and cybersecurity best practices related to AI systems Experience with cloud AI platforms (AWS SageMaker, Azure AI, Google AI). Familiarity with AI ethics frameworks (e.g., NIST AI RMF, OECD AI Principles, EU AI Act) Knowledge of programming languages used in AI/ML (Python, R) Knowledge of AI governance platforms (e.g. Credo.ai, IBM's AI Fairness 360, Priva Sapien) and Certifications such as CISSP, CDPSE, or AI Governance-related credentials are a plus Strong understanding of AI/ML technologies and development lifecycleKnowledge of regulatory frameworks impacting AI and data (e.g., GDPR, HIPAA, CCPA) Hands-on experience with AI monitoring tools or platforms that support model auditing and anomaly detection Familiarity with AI fairness, bias mitigation, explainability, and robustness assessment techniques Thought Leadership Provide thought leadership to fellow team members across business and technical project dimensions solving complex business requirements. Demonstrate forward thinking around where the organization is going and how technology can support these efforts. Advocate and define security architecture vision from a strategic perspective, including internal and external platforms, tools and systems. Cross-Functional And Collaboration Drive scope definition, requirements analysis, functional and technical design, product configuration, and production deployment Ensure delivered solutions meet/perform to technical and functional/non-functional requirements. Provide technical expertise and ownership in the diagnosis and resolution of an issue, including the determination and provision of workaround solution or escalation to service owners. Ensure delivered solutions are realized in time frame committed; work in conjunction with project sponsors to size and manage scope and risk. Provide support and technical governance, expertise related to cloud architectures, deployment, and operations. Mentoring Act as the coach and mentor to team members and technical staff on their assigned project tasks. Lead the definition and development of cloud reference architecture and management systems. Conduct project reviews with team members. Requisites Bachelor's degree in computer science, computer engineering, information technology, or relevant field. Overall experience 12+ years with proven experience (3+ years) in AI governance, AI risk management, or AI security, preferably in ITES or technology-driven environments Positive attitude and a strong commitment to delivering quality work. Effective communication skills (written and verbal) to properly articulate complicated cloud architecture, reports to management. Excellent analytical, problem-solving, and communication skills

Location: Gurgaon (Work from Office) Looking for Immediate joiners only Required Technical Skills & Experience: Experience: 7+ years in cybersecurity, with at least 3 years in a SOC leadership role . SIEM & Log Analytics: XSIAM, ArcSight, Splunk, Elastic Stack (ELK), QRadar, Microsoft Sentinel Threat Intelligence: MITRE ATT&CK, Cyber Kill Chain, MISP, STIX/TAXII. Incident Response & Forensics: Volatility, Wireshark, FTK, EnCase, Sleuth Kit, YARA. Endpoint Security & EDR/XDR: CrowdStrike Falcon, Microsoft Defender, Palo Alto XDR, SentinelOne, Carbon Black. Cloud Security: AWS GuardDuty, Azure Security Center, Google Chronicle, CSPM, CNAPP. Compliance & Risk: NIST 800-53, ISO 27001, PCI-DSS, SOC2, GDPR, CIS Benchmarks. Key Responsibilities: SOC Operations & Security Monitoring Lead and manage the 24/7 Security Operations Center (SOC) , ensuring continuous threat detection and response . Working extensively on SIEM (XSIAM. Arcsight, Splunk, QRadar, ELK, Sentinel, etc.) and other security monitoring tools. Oversee 24/7 monitoring of security events and alerts. Ensure effective use of SIEM (Security Information and Event Management) tools. Prioritize, analyze, and manage security incidents. Improve threat intelligence capabilities and integrate with threat intelligence feeds. Continuously optimize detection rules, correlation logic, and security alerts to minimize false positives and improve response times. Incident Response & Management Develop and enforce incident response plans (IRPs) . Ensure timely response to cyber threats, minimizing impact. Coordinate with stakeholders during major incidents. Conduct post-incident analysis and lessons learned exercises. EDR/XDR (Endpoint Detection & Response / Extended Detection & Response) CrowdStrike Falcon – AI-powered threat detection with real-time response. Palo Alto XDR – Extended Detection and Response. Microsoft Defender for Endpoint – Integrated with Azure security solutions. – Behavioral AI-driven endpoint protection. Carbon Black (VMware) – Next-gen EDR with cloud analytics. Sophos Intercept X – Machine-learning-based ransomware prevention. Threat Intelligence Platforms (TIP) Recorded Future – AI-driven threat intelligence analysis. MISP (Malware Information Sharing Platform) – Open-source threat sharing platform. Flashpoint Threat Intel Outseer AFCC ( Previously RSA) IBM X-Force Exchange – Intelligence-sharing with global threat data. Anomali ThreatStream – Automated threat intelligence processing. VirusTotal Enterprise – File and URL malware scanning with shared intelligence. Compliance & Reporting Ensure compliance with security frameworks (ISO 27001, NIST, GDPR, etc.). Maintain accurate security logs and reports for audits. Prepare executive-level reports on security incidents and risk posture.

Let me tell you about the role We are looking for an Information Security Engineering Specialist with great knowledge in security fundamentals and is eager to apply them in complex environments. In this role, you will assist in implementing security controls, executing vulnerability assessments, and supporting automation initiatives. This position will have an emphasis in one or more of the following areas cloud security; infrastructure security; and/or data security. You will have an opportunity to learn and grow under the mentorship of senior engineers, while also contributing to critical security tasks that keep our organization safe. What you will deliver Define security policies that can be used to improve our cloud, infrastructure or data security posture. Integrate our vulnerability assessment tooling into our environments, to provide continuous scans, uncovering vulnerabilities, misconfiguration or potential security gaps. Work with engineering teams to support the remediation and validation of vulnerability mitigations and fixes. Integrate security validations into continuous integration/continuous deliver (CI/CD) pipelines and develop scripts to automate security tasks. Maintain clear, detailed documentation of security procedures and policies, including how to embed and measure security on our cloud, infrastructure or data environments. What you will need to be successful (experience and qualifications) Seasoned security professional with 3+ years delivering security engineering services and/or building security solutions within a complex organization. Practical experience designing, planning, productizing, maintaining and documenting reliable and scalable data, infrastructure, cloud and/or platform solutions in complex environments. Firm foundation of information and cyber security principles and standard processes. Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus. Development experience in one or more object-oriented programming languages (e.g., Python, Scala, Java, C#) and/or cloud environments (including AWS, Azure, Alibaba, etc.) Exposure/experience with full stack development. Experience with security tooling (vulnerability scanners, CNAPP, Endpoint and/or DLP) and automation and scription for security tasks (e.g., CI/CD integration). Familiarity with basic security frameworks such as NIST CSF, NIST 800-53, ISO 27001, etc. Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX) Continuous learning and improvement approach. This position is a hybrid of office/remote working

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats. Do Design and develop enterprise cyber security strategy and architecture Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses Identify risks associated with business processes, operations, information security programs and technology projects Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge Identify security design gaps in existing and proposed architectures and recommend changes or enhancements Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. Provide support during technical deployment, configuration, integration and administration of security technologies Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity Provide solution of RFPs received from clients and ensure overall design assurance Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture Depending on the clients need with particular standards and technology stacks create complete RFPs Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps Evaluate and recommend solutions to integrate with overall technology ecosystem Tracks industry and application trends and relates these to planning current and future IT needs Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers Provide training to employees on issues such as spam and unwanted or malicious emails Stakeholder Interaction Stakeholder Type Stakeholder Identification Purpose of Interaction Internal Program Manager/Director Regular reporting & updates Infrastructure (CIS team) For infrastructure support External Customer To coordinate for all security breaches & resolutions Display Lists the competencies required to perform this role effectively: Functional Competencies/ Skill Leveraging Technology - Knowledge of current and upcoming security technologies (e.g. Firewalls, IPS, DDoS, SIEM, WAF, Endpoint etc.) and understanding of compliance regulatory requirement like PCI DSS, HIPAA, etc.- Expert Systems Thinking - Understanding of the Wipro system (interrelatedness, interdependencies and boundaries) and perform problem solving in a complex environment - Expert Leveraging Technology - In-depth knowledge of and mastery over ecosystem technology that commands expert authority respect - Master Technical Knowledge - Certified Information Systems Security Professional (CISSP), Cloud Architect Certification from AWS and Azure, ToGAF or SABSA certification- Master Competency Levels Foundation Knowledgeable about the competency requirements. Demonstrates (in parts) frequently with minimal support and guidance. Competent Consistently demonstrates the full range of the competency without guidance. Extends the competency to difficult and unknown situations as well. Expert Applies the competency in all situations and is serves as a guide to others as well. Master Coaches others and builds organizational capability in the competency area. Serves as a key resource for that competency and is recognized within the entire organization. Behavioral Competencies Effective Communication Managing Complexity Client centricity Technology Acumen Innovation Problem Solving approach Collaborative Working Execution Excellence

Grow Fearlessly Who are we? Eliminate Fraud. Establish Trust. IDfy is an Integrated Identity Platform offering products and solutions for KYC, KYB, Background Verifications, Risk Mitigation, Digital Onboarding and Digital Privacy. We establish trust while delivering a frictionless experience for you, your employees, customers and partners. Only IDfy combines enterprise-grade technology with business understanding and has the widest breadth of offerings in the industry. With more than 12+ years of experience and 2 million verifications per day, we are pioneers in this industry. Our clients include HDFC Bank, Indusind Bank, Zomato, Amazon, PhonePe, Paytm, HUL and many others. We have successfully raised $27M from Elev8 Venture Partners, KB Investment, and Tenacity Ventures! We are the perfect match if you... Have 15+ years - Experience with cloud-based security management/IDS/IPS/SIEM tools, security vulnerability assessments, encryption, etc Significant knowledge of security best practices for client-server product architectures, focusing predominantly on cloud-based server development Familiarity with Information Security frameworks/standards (i.e. CIS, NIST, SOC2, PCI, GDPR, CCPA, etc) CISM, CISSP, or other Security Certifications. Cloud security certifications on AWS, GCP or Azure Being a life-long learner; always looking to stay up to date with the latest attack vectors, vulnerabilities, remediation and protection paradigms, etc. Being self-motivated, proactive, driven individual Having strong interpersonal, oral, and written communication skills Ability to work and collaborate in a fast-paced multiple development centres across India Here’s what your day would look like... Primarily leading the IDfy Security, Compliance, and Privacy Practice and Function, ensuring the protection of data, infrastructure, and applications by continuously enhancing and monitoring the robust security framework that has been established, driving compliance with global regulations, and fostering a culture of security-first product development Defining and owning clear guardrails, alerts, and Security as Code (SaC) deployments to provide 24/7 protection from malicious traffic, vulnerabilities, and other attack vectors Reviewing and analyzing vulnerability data to identify security risks to the organization's network, infrastructure, and applications and determine any reported vulnerabilities that are false positives Building and maintaining monitoring, auditing, and reporting frameworks that produce artifacts that support security and compliance needs Developing processes that produce artifacts that support security and compliance requirements Working with other infrastructure, DevOps, and application engineers to understand product and business needs Participating in enterprise compliance audits as a security SME Mentoring team members and co-workers on security best practices What’s it like working at IDfy? We build products that detect and prevent fraud. At IDfy, you will apply your skills to stay one step ahead of fraudsters. You will be mind-mapping fraudsters’ modus operandi, predicting the evolution of fraud techniques, and designing solutions to prevent new & emerging fraud. At IDfy, you will work on the entire end-to-end solution rather than a small cog of a giant wheel. Thanks to our problem-centric approach, one in which we find the right technology to solve a problem rather than the other way around, you will always be working on the latest technologies. We work hard and party hard. There are weekly sessions on emerging technologies. Work weeks are usually capped off with board games, poker, karaoke, and other fun activities.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. JD 3 – Risk Consulting - Protect Tech - Staff (IT audit – General skills) Skills And Attributes For Success You will leverage your proven track record of IT Audit experience and strong personal skills, to effectively deliver quality results in the assessment, design, and support implementation of controls, security and IT risk solutions. To qualify for the role, you must have A bachelor’s or master’s degree and approximately 2-3 years of related work experience At least 1-2 years of experience in IT Risk and Compliance Design IT Risk Controls framework such as IT SOX framework Implementation and Testing of internal controls such as IT general controls, IT application controls, business controls, interface controls etc Identify control gaps, weaknesses and areas of improvements. Conducting IT internal control reviews, and review of SOC1 or SOC2 reports Knowledge of IT risk, information security or cyber security frameworks such as COSO, COBIT, ISO, NIST etc IT Compliance and regulatory assessments – IT Risk and Controls assessment with exposure of any of the technologies such as SAP, Oracle, Workday, MS Dynamics or emerging technologies such as Cloud, RPA, AI/ML IT Infrastructure and Architecture risk assessments including data quality and data migration reviews, data privacy reviews, OS DB reviews etc Strong exposure working in client facing roles, collaborate with cross functional teams including internal audits, IT security and business stakeholders to assess control effectiveness and facilitate remediation activities. Excellent communication, documentation and report writing skills. Good to have relevant industry certifications such as CISA, CISM, CISSP, CRISC, CCSK, ISO 27001, and others (as relevant) EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NA Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: Create asset list and prioritize assets, conduct regular vulnerability assessments based on the Tenable tool, identify security weaknesses in systems and applications, work with peer teams till closure of the Vulns, track patching as per proposed timelines. Roles & Responsibilities: -Create correct asset list -Perform Vuln assessment -Relevant request to be raised thorough SNow. -Highlighting issues with the Scanned report to Product team and resolve it immediately. If issue not getting resolved, then escalate it to right stakeholder. -Analyse scan results and generate comprehensive reports detailing vulnerabilities, potential impacts, and remediation recommendations/Action plan with dates. -Collaborate with IT, Partner, Business and Security teams to prioritize and address identified vulnerabilities based on risk assessments and -business impact. -Monitor and track remediation efforts on weekly / monthly basis to ensure vulnerabilities are resolved within defined timelines. -Maintain and update documentation related to vulnerability management processes, policies, and procedures. -Stay current with industry trends, threats, and vulnerabilities to provide informed recommendations and enhancements to the policies, and procedures. Professional & Technical Skills: -Familiarity with vulnerability scanning tools, particularly Tenable and Snow. -Understanding of security frameworks and standards (e.g., NIST, ISO 27001). -Strong analytical and problem-solving skills with attention to detail. -Relevant certifications (e.g., Vulnerability Management, Certified Ethical Hacker (CEH), or similar) are a plus. -To succeed in this role, you should have the following skills and experience -Experience in vulnerability management or security operations Additional Information: - The candidate should have minimum 7.5 years of experience in Infrastructure Security Vulnerability Management Operations. - This position is based at our Gurugram office. - A 15 years full time education is required.

Role Purpose : As GRC (Governance, Risk, and Compliance) Manager is responsible for overseeing and managing the risk assessment, remediation, and monitoring of information and technology process risks. This role involves ensuring that all risk and compliance activities are performed effectively by various control functions. The GRC Manager also serves as an internal consultant, providing guidance to operating functions and business lines on risk-related matters. Additionally, they are tasked with identifying, assessing, quantifying, reporting, communicating, mitigating, and monitoring process risks to ensure the organization's overall security and compliance posture. Responsibilities: Ensure strong governance on risk and compliance performed by various control functions. Manage risk assessment, remediation, and monitoring of information and technology process risks. Serve as an internal risk consultant to operating functions and business lines. Identify, assess, quantify, report, communicate, mitigate, and monitor process risks. Support the implementation of information security policies. Discuss risk closure, mitigation, and acceptance with stakeholders. Ensure periodic entitlement reviews are completed, and risks are managed to an acceptable level. Collaborate with control functions to track and mitigate identified risks. Work with technology leaders to identify control gaps. Act as a subject matter expert for risk and controls related to operations. Maintain strong working relationships with stakeholders. Review and refine policies and processes based on industry best practices. Track identified risks and ensured their closure within defined timelines. Prepare and maintain risk heat maps and risk registers. Required Skills: Excellent executive-level communication skills. Strong working relationships with team members and the ability to motivate them. Knowledge in areas such as Application Security, Data Security, Identity Access Management, Information, Infrastructure Technology, GDPR, and ISO Audits. Solid understanding of Risk Management Lifecycle and exposure to standards like SOX, COBIT, PCI-DSS, NIST Control, etc. Understanding of Security incident response aspects is desirable. Good analytical, problem-solving, and interpersonal skills. B.E in Computer Science/Information Technology or equivalent qualification with 8-12 years of experience. Industry-recognized certification in information security such as CISSP, CISM, CISA, etc.

Your role We are looking for an experienced and strategic Detection Engineer across India. The ideal candidate will have a strong background in cybersecurity, detection and Splunk Enterprise Security. Develop and maintain cyber threat detection and hunting capabilities for Organization. Actively research, innovate and uplift in the areas of threat detection and hunting. Develop and maintain attack & use case models against Organizations environment and systems for the purposes of detection and monitoring use cases. Build and maintain continuous validation and assurance of the detection and hunting pipeline. Maximise detection visibility, coverage, and return-on-investment to maintain a defensible architecture across the business. Develop threat/attack models to depict and model detection of known attack vectors. Work with Threat Intelligence, Incident Response and Cyber Orchestration teams to prioritise and develop detection and orchestration capability. Work with the Red Team to actively test and validate detection capabilities Your Profile 5+ years of experience in a CSOC, Cyber detection, Threat Hunting and/or SOAR development role. 5+ years developing detections within a SIEM environment. Experience working with security tools such as endpoint detection and response systems, network anomaly detection, etc. Designing and implementing threat/attack modelling to derive abuse cases, detection logic and automation course of actions. Well versed in the development of detection and hunting strategies for a broad range of cyber threats, including malware, DDOS, hacking, phishing, lateral movement and data exfiltration in the Financial Services sector or similar. Knowledge of the frameworks like NIST Cybersecurity framework, MITRE ATT&CK, Lockheed Martin Cyber Kill Chain or similar methodologies is required What you"ll love about working here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work on cutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges

Responsibilities Design, implement, and optimize secure CI/CD pipelines across hybrid environments (cloud/on-prem). Operationalize DevSecOps frameworks with embedded controls for static/dynamic code analysis, secrets management, and runtime policy enforcement. Implement Infrastructure as Code (IaC) practices using tools like Terraform, Ansible, CloudFormation. Integrate cybersecurity tools and telemetry (e.g., SAST, DAST, SCA, EDR, vulnerability scanners) across the development lifecycle. Govern DevOps platform tools (e.g., Jenkins, GitHub Actions, Azure DevOps, ArgoCD) with secure configurations and traceability. Partner with cybersecurity teams to ensure regulatory alignment (IEC 62443, NIST CSF) via automated controls and compliance-as-code. Enable release velocity and rollback confidence through blue-green deployments, canary testing, and automation QA. Drive performance monitoring and incident response readiness through log aggregation, alerting, and dashboarding (e.g., Prometheus, Grafana, ELK). Coach DevOps engineers, implement sprint KPIs, and lead tool evaluations for emerging automation and security tooling. Preferred Qualifications Education: Bachelor’s degree in Computer Science, Engineering, or a related technical discipline. Master’s degree preferred (in Cybersecurity, Systems Engineering, or DevOps Automation). Certifications (preferred): DevOps: Certified Jenkins Engineer, GitHub Actions, Azure DevOps Expert, or similar. IaC / Automation: HashiCorp Terraform Associate, Red Hat Ansible Automation. Security Tooling: Practitioner-level training in SAST/DAST/SCA/EDR (e.g., Aqua Security, Snyk, SonarQube). Cloud Security: AWS Security Specialty, Azure Security Engineer, or CCSP. Compliance: Awareness training in IEC 62443 or NIST CSF is desirable. Qualifications Key Requirements 8 + years of technology experience with strong focus on DevOps, cybersecurity integrations, and infrastructure automation. Expertise in building and governing CI/CD pipelines and cloud-native deployment workflows. Proven knowledge of tools such as Jenkins, GitHub Actions, ArgoCD, Terraform, Vault, and container security platforms. Hands-on experience with security tools integration (e.g., Checkmarx, SonarQube, Aqua, Snyk, Prisma Cloud). Familiarity with compliance and security frameworks (e.g., NIST, ISO 27001, IEC 62443) in OT/IT environments. Experience working with OT/ICS environments or industrial networks is preferred. Strong scripting and automation skills (Python, Shell, Go, etc.). Ability to work in cross-functional, Agile-driven teams and mentor engineers in secure software delivery practices.

Responsibilities Lead the architecture and engineering of modular, multi-tenant cybersecurity platforms for IT/OT convergence. Build and scale cloud-native infrastructures using AWS/Azure/GCP, ensuring 99.9% uptime, horizontal scalability, and security-by-design principles. Implement and govern robust CI/CD, IaC (e.g., Terraform), containerization (e.g., Kubernetes, Docker), and monitoring frameworks (e.g., Prometheus, Grafana, ELK). Ensure platform readiness for integration with cybersecurity tools including SIEM, SOAR, EDR/XDR, IAM, PKI, and asset discovery platforms. Drive DevSecOps maturity across environments, ensuring best practices in secure coding, automated testing, secrets management, and release pipelines. Define platform engineering OKRs, build sprint governance, and lead agile delivery teams across infrastructure, tooling, and backend development. Collaborate with Product, Delivery, OT Engineering, and GRC teams to ensure platform alignment to business goals, service offerings, and compliance needs. Lead vendor evaluations, tool benchmarking, and integration programs with OEM cybersecurity, cloud, and automation partners. 15+ years of experience in technology architecture or platform engineering, with minimum 5 years in leadership roles. Deep expertise in cloud-native architecture, DevSecOps, SRE, and cybersecurity integrations. Experience in microservices, modular platforms, and container orchestration (K8s, Docker). Strong exposure to at least two public clouds (AWS/Azure/GCP). Hands-on experience with infrastructure automation, secrets management, and release pipelines. Familiarity with compliance standards such as IEC 62443, NIST CSF, ISO 27001 is a plus. Prior experience in OT/ICS cybersecurity, IT-OT convergence, or critical infrastructure platforms is desirable. Proven ability to lead cross-functional teams, communicate with CXOs, and manage strategic vendors. Qualifications Education: Bachelor’s or Master’s degree in Computer Science, Information Technology, or related field. Additional specialization in Cybersecurity, Cloud Architecture, or Systems Engineering is a strong plus. Certifications (preferred, not mandatory): Cloud Certifications: AWS Certified Solutions Architect – Professional, Azure Solutions Architect Expert, or GCP Professional Cloud Architect. Security Certifications: CISSP, CISM, or CISA (to demonstrate security leadership). DevOps / Architecture: TOGAF, Kubernetes CKA/CKAD, or HashiCorp Terraform Certification. Compliance: IEC 62443 awareness, or training in NIST/ISO 27001/GRC frameworks.

Responsibilities Delivery Support & Coordination Assist in the day-to-day management of ongoing cybersecurity projects (assessment, implementation, or operations). Maintain project trackers, action logs, SLA dashboards, and delivery documentation. Track task-level progress across internal teams and external partners. Participate in client calls and internal reviews as a support owner. Governance & Reporting Prepare reports, presentations, and dashboards for internal and client stakeholders. Ensure accuracy and timely submission of status updates, metrics, and incident logs. Maintain risk and issue logs and follow up on closure. Process Adherence & Quality Control Ensure compliance with internal delivery frameworks, SOPs, and documentation standards. Support delivery audits, knowledge management, and quality control initiatives. Learn and apply ITIL/NIST/ISO 27001 delivery principles under guidance. Qualifications Must-have 1–3 years of experience in cybersecurity, IT operations, or project coordination. Strong interest in OT/IT security domains and service delivery. Good understanding of cybersecurity concepts (firewalls, IAM, incident response, etc.). Excellent communication, documentation, and task-tracking skills. Strong problem-solving orientation and willingness to work in client-facing settings. Preferred Bachelor’s in Computer Science, IT, Electronics or equivalent. Certifications (preferred): ISO 27001 Foundation, ITIL Foundation, or any entry-level security certification. Exposure to industrial systems, SCADA, or SOC tools is a plus.

Responsibilities Oversee real-time incident handling, escalation management, and response coordination for cyber threats, breaches, and anomalies Act as the primary escalation point during high-severity incidents, ensuring containment and rapid resolution Design and maintain incident response runbooks, playbooks, SLA matrices, and crisis communication protocols Lead and manage triage activities Ensure tight integration between SOC operations, threat intelligence, DFIR, and red/blue teams Drive detection engineering efforts to improve alert quality, correlation logic, and MITRE ATT&CK mapping Implement continuous improvement programs in MTTR, false positive reduction, and analyst productivity Lead post-incident RCA reviews, reporting, and feedback loops to enhance readiness Manage relationships with OEMs, MSSPs, and security product vendors for technology alignment Mentor SOC managers, team leads, and analysts to build a resilient and responsive operations team Ensure compliance with security and privacy standards (e.g., NIST, IEC 62443, ISO 27001, DPDP Act) Deep expertise in SIEM (e.g., Splunk, QRadar, LogRhythm, SentinelOne), SOAR platforms, EDR/XDR tools, threat intelligence platforms Strong knowledge of network security, log analysis, endpoint telemetry, and OT-specific telemetry correlation Familiarity with MITRE ATT&CK, cyber kill chain, and threat hunting techniques Knowledge of OT security architectures including SCADA, PLCs, DCS, and OT network segmentation Scripting and automation exposure (Python, PowerShell, Bash) preferred Familiarity with OT SOC environments, ICS protocol detection (Modbus, DNP3), and industrial anomaly detection tools (e.g., Nozomi, Claroty) Leadership & Personality Traits Strategic thinker with an operations-first mindset and execution rigor Calm, decisive, and clear-headed in crisis and high-pressure scenarios Strong stakeholder engagement and communication skills across technical and executive levels Proven ability to lead multi-location teams with cultural sensitivity and high performance Continuous learner with a growth mindset and passion for cybersecurity excellence Preferred Industry Background Large industrial conglomerates (Power, Ports, Renewables, Mining, Airports) OT and IT OEMs MSSPs, SOC service providers Consulting firms with cyber defence practices (e.g., Big 4) Qualifications Bachelor’s or Master’s in Cybersecurity, Computer Science, or Engineering Preferred certifications: CISSP, CISM, GCIA, GCIH, or SOC-related credentials 12 + years of cybersecurity experience, with at least 6 years in SOC/IR leadership roles Experience managing global SOC operations or OT-specific cyber operations is a strong plus

Responsibilities Lead the implementation and operation of IGA platforms (e.g., SailPoint, Saviynt, ForgeRock) across enterprise and industrial environments Define and enforce identity lifecycle policies (JML), SoD controls, certification workflows, and role-based access models Manage a team of engineers and analysts across client engagements for successful IGA delivery Build and execute roadmaps for access governance, recertification campaigns, identity analytics, and compliance reporting Design integrations with HRMS, AD/Azure AD, ITSM, ERP, and OT domain directories and controllers Drive automation of user provisioning, deprovisioning, and policy enforcement across hybrid (IT+OT) landscapes Ensure all implementations align to frameworks like NIST, ISO 27001, and IEC 62443 where applicable Act as a SME for internal and customer audits, IAM maturity assessments, and zero-trust readiness Work closely with the Head of IDAM and collaborate with adjacent teams including PAM, CIAM, Service Delivery, and OT Security Train junior team members and contribute to IGA capability development within the company Preferred Certifications SailPoint Certified Implementation Engineer or equivalent CISSP / CISM / ISO 27001 LA ITIL / PMP / TOGAF (as a bonus) Qualifications 12 + years of experience in Identity & Access Management, with minimum 6 years in IGA platforms Hands-on experience with SailPoint IIQ/Saviynt/ForgeRock IGA tools (implementation, administration, custom connectors) Proven track record in delivering end-to-end IGA projects at scale (10,000+ identities) Strong understanding of access governance, RBAC/ABAC, SoD frameworks, and regulatory compliance Experience integrating IGA with hybrid environments (cloud/on-prem/OT) Working knowledge of identity protocols: SAML, OAuth2, SCIM, OIDC Knowledge of OT protocols (Modbus, DNP3, OPC-UA) or IEC 62443 is a plus Excellent communication, team leadership, and client/stakeholder management skills

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: IDAM Security Consulting. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: IDAM Security Consulting. Experience: 8-10 Years.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: IDAM Security Consulting. Experience: 8-10 Years.

Splunk, a Cisco company, is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. Job Description Join us as we pursue our vision to make machine data accessible, usable and valuable to everyone. We are a company filled with people who are passionate about our product and seek to deliver the best experience for our customers. At Splunk, we’re committed to our work, customers, having fun and most importantly to each other’s success. Learn more about Splunk careers and how you can become a part of our journey. Role Description Splunk’s Assurance, Advisory, Risk and Compliance (SpAARC) team is looking for a motivated Senior Technology Compliance Analyst who will own delivering technology assurance, advisory, compliance and risk management services to the company. In this position, you will make a difference at Splunk and stand out from others by building consultative partnerships with business owners, internal/external auditors, and engineering teams to drive risk mitigation, process gaps maturity, and control management. Being analytical, upbeat, creative, and one who thrives in a highly skilled and dynamic environment will lead to success. Your focus will be on compliance efforts that meet or exceed various technology security compliance and internal controls that include, but are not limited to, SOC I & II, HIPAA, ISO 27001, 27017, 27018, PCI-DSS, IRAP, TISAX, CSA STAR, and ISMAP as it pertains to software, Cloud, and on premise environments. You must be comfortable working with both technical and non-technical resources and have experience describing compliance requirements in a technical manner. This position is based at Splunk’s Hyderabad office. The position may require the ability to travel (domestic and international) for approximately 10 to 20% of the time. Responsibilities You will own the planning, execution, and reporting of technology and security assessments within Splunk's Operations / Engineering / Technology areas. You will ensure accurate identification, communication, and mitigation of risks, processes, and internal control gaps with potential adverse operational, financial, strategic and compliance risk implications. You will engage with business and control owners, internal & external auditors, as well as Splunk leadership on new and ongoing compliance initiatives. You will facilitate the execution of external audits over Splunk’s products and internal controls. You will be responsible for leading audit walkthroughs, and driving the process of audit evidence collection and review for internal and external audit engagements. Participate in end-to-end walkthroughs by partnering with business teams to understand processes, identify risks, control gaps, and improvement opportunities. You will assist in the design of automation to enable scalability of the compliance programs You will own the follow up of action plans to ensure appropriate and timely mitigation of identified risks. You have hands-on experience in assessing technology and compliance risks and controls in technology processes, cloud applications, cloud infrastructure. Job Requirements 8+years of experience in information technology, security, and internal control auditing in house and/or with a professional services firm. Hands-on experience with reviewing and testing common IT & Engineering technologies including operating systems (OS), databases, network infrastructure, application security, Linux/Windows system security, mobile device security, cloud technologies and applications (IaaS, SaaS, PaaS environments, etc.). Implemented and/or audited controls from at least two common industry and regulatory frameworks and standards (e.g., NIST, SOC I & II, ISO (27001, 27017, 27018), HIPAA, PCI-DSS, ISMAP, TISAX, IRAP, ITIL, etc.). Strong leadership, communication, presentation and interpersonal skills to interact with technical and non-technical colleagues and management. Experience formulating audit testing plans, steps, and procedures. Strong audit documentation skills and attention to detail are a must. You are a team-player with high EQ. You are motivated, enthusiastic, efficient, and able to work independently to multitask and lead multiple workloads to timely completion. Experience with multinational company’s operations and proficiency in a foreign language is a plus. Unquestionable integrity and credibility. Ability to work in a fast-paced and dynamic environment. Education Got it! Bachelor’s degree preferably in Technology, Engineering, Business or equivalent. Professional certifications e.g. CISSP, CEH, CIPP, CISM, PMP, CISA are a plus. Proven skill in Google Suite, ServiceNow, and Atlassian Tools (Jira, Confluence) Proficient with Splunk products desired but not required. We value diversity at our company. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or any other applicable legally protected characteristics in the location in which the candidate is applying.