3229 Owasp Jobs - Page 29

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevSecOps Good to have skills : NA Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: To play a key role in enabling successful project delivery across multiple projects. This role expects you to specialize in a range of security domains, including penetration testing, dynamic and static application security testing, software composition analysis, security architecture review and container security. Additionally, you provide comprehensive support in vulnerability management, service monitoring, and DevSecOps practices. Roles & Responsibilities: -Should have hands-on experience and knowledge of manual and automated penetration testing on the web, mobile and cloud-based applications. -Should have hands-on experience and knowledge of DAST (Dynamic Application Security Testing) to identify runtime vulnerabilities in staging and production environments. -Should have hands-on experience and knowledge of SAST (Static Application Security Testing) for early-stage source code and binary analysis. -Should have hands-on experience and knowledge of SCA (Software Composition Analysis) to detect open-source risks and license compliance issues. -Should have hands-on experience and knowledge of executing SAR (Security Architecture Review) of complex and cloud-based application and should be able to strategize risk remediation with the stakeholders or Security Architect. -Should have hands-on experience and knowledge of integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI). -Should have hands-on experience and knowledge of enforcing policy-as-code, shift-left security testing, and secure code delivery practices and automate security checks for container images and Kubernetes workloads. -Should be able to scan and harden docker containers using industry-standard tools. -Should be able to monitor vulnerabilities in container registries and orchestrators (e.g., Kubernetes, ECS). -Skilled in communicating security findings to technical and non-technical stakeholders. -Contribute to secure architecture reviews, risk assessments, and compliance initiatives. -Should be able to manage clients and various stakeholders. Should be a good people manager and should have experience of people and project management. Professional & Technical Skills: Tools & Technologies:Pentest Tools: Burp Suite Pro, OWASP ZAP, Nmap, Postman, Kali Linux,DAST/SAST/SCA: Fortify, Checkmarx, Veracode, Coverity, AppScan, Black Duck, Snyk,DevSecOps: GitHub Actions, Jenkins, GitLab, Docker, Kubernetes,VM Tools: Qualys, Tenable, ThreadFix,Monitoring: ServiceNow, Jira, Confluence -Should be able to collaborate with infrastructure and DevOps teams to secure cloud-native deployments. -Should be able to identify, triage, and manage vulnerabilities using centralized platforms (e.g., ThreadFix). -Should track vulnerability lifecycle from detection through remediation and reporting. -Should support real-time service monitoring to maintain system integrity and threat detection coverage. Additional Information: - The candidate should have minimum 7.5 years of experience in DevSecOps. - This position is based at our Gurugram office. - A 15 years full time education is required.

Job Summary We are looking for a skilled and proactive Security Engineer with a strong understanding of cybersecurity principles and hands-on experience in implementing security measures in a financial service or NBFC environment. The ideal candidate will work closely with IT, compliance, and risk teams to ensure robust security across systems, networks, and Responsibilities : Design, implement, and manage security tools, technologies, and controls across the IT infrastructure. Monitor security events and logs, investigate incidents, and respond to threats in real time (SIEM/SOC operations). Ensure compliance with RBI guidelines, ISO 27001, PCI DSS, and other applicable regulatory frameworks. Conduct vulnerability assessments and penetration testing for web, mobile, and infrastructure layers. Develop and enforce security policies, standards, and procedures tailored to NBFC operations. Support data protection initiatives, including DLP, encryption, secure key management, and endpoint protection. Collaborate with product and engineering teams to embed security best practices into SDLC and DevSecOps. Prepare reports and documentation for audits, inspections, and regulatory reviews. Provide regular training and awareness programs for employees on cybersecurity Skills : Hands-on experience with firewalls, IDS/IPS, antivirus, DLP, and SIEM tools (e.g., Splunk, ELK, QRadar). Strong understanding of security protocols, cryptography, authentication, and authorization. Experience in cloud security (AWS/Azure/GCP), endpoint security, and network hardening. Familiarity with RBI regulations, cyber resilience guidelines, and NBFC-specific security controls. Knowledge of application security, OWASP Top 10, and secure coding to Have : Relevant certifications like CEH, CISSP, CISA, OSCP, or CCSP. Prior experience working in an NBFC, fintech, or regulated financial environment. Experience with automation/scripting tools (Python, Bash, PowerShell) for security operations. Exposure to risk management and business continuity planning Qualification : Bachelor's degree in Computer Science, Information Security, or a related field. (ref:hirist.tech)

About Walr Walr is a data creation company that supports insight professionals globally. It specializes in reaching diverse audience segments, leveraging proprietary technology, and offering bespoke services. With a comprehensive suite of tools, backed by a team of seasoned industry professionals, Walr’s services include efficient data collection methods, intuitive data visualization and reporting techniques, and supportive and transparent advice. Walr exists to unify the complex and fragmented research process by introducing more efficient, rapid, and straightforward methods. As a rapidly growing company and acclaimed recipient of the Best Workplace in Tech™ and Best Workplace in Wellbeing™ titles, we're not just offering a job – we're inviting you to shape our journey. Empowerment and growth define us. Join us in reshaping the future of business. Please note that this is a 7-month contractual role. Roles and Responsibilities Technical Leadership Leading the design, implementation, and continuous improvement of scalable test automation frameworks and tools to support end-to-end, integration, performance, and regression testing. Establish and enforce best practices for testing strategies, ensuring high-quality across all engineering projects. Identify and address testing bottlenecks, proactively optimizing test processes and tools to enhance productivity and coverage. Drive the adoption of modern testing methodologies, ensuring industry leading standards in high-quality software delivery. Ensure comprehensive test coverage through the development and execution of well-structured test plans, cases, and scenarios. Stay hands-on with coding and debugging automated test scripts, with a focus on maintaining a high level of technical proficiency. Management & Mentorship Lead, mentor, and inspire a team of test engineers, fostering a collaborative and growth-oriented environment. Support team members in career development, offering guidance and opportunities for personal development. Collaborate with engineering leadership to define team goals, track progress, and ensure alignment with the business. Encourage a culture of continuous improvement and innovation, driving the team to exceed quality standards. Cross-Functional Collaboration Partner with Backend, Frontend and Platform teams to define testing requirements, ensuring early involvement in the software development lifecycle. Work closely with product managers and designers to align on quality expectations and testing requirements for user-focused features. Collaborate with the Platform team to integrate automated tests into CI/CD pipelines for seamless, continuous validation of code changes. Act as a quality advocate in technical discussions, ensuring that testing and quality considerations are prioritized in decision-making. Provide actionable insights to stakeholders through the analysis of test results and quality metrics. Minimum Qualifications 6+ years of experience in software testing, with a strong emphasis on automation and quality engineering. Proficiency in programming languages commonly used for test automation (e.g., Python, Java, JavaScript, etc.). Hands-on experience building and maintaining test automation frameworks for UI, API, and performance testing from scratch. Strong knowledge of modern testing practices, tools, and methodologies (e.g., Selenium, Playwright, Cypress, JUnit, TestNG, etc.). Experience integrating automated tests into CI/CD pipelines using tools like Azure DevOps, GitHub Actions, or similar. Proven ability to debug and troubleshoot complex systems, identifying root causes and proposing effective solutions. Excellent communication and leadership skills, with the ability to influence cross-functional teams and drive initiatives. Preferred Qualifications Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent practical experience. Experience with performance and security testing tools (e.g., JMeter, Gatling, OWASP ZAP). Familiarity with containerization and cloud platforms (e.g., Docker and Azure). Experience with behaviour-driven development (BDD) or test-driven development (TDD) practices. Strong understanding of DevSecOps principles and how they intersect with quality engineering. Prior experience leading or mentoring a team of test engineers in a fast-paced agile environment. Knowledge of test data management and creating tools for dynamic, reusable test data generation. What we offer: At Walr, we know that a one-size-fits-all approach doesn’t work when it comes to supporting a global team. That’s why we design our benefits with local relevance in mind while staying grounded in a shared sense of purpose and culture. Here’s an overview of the benefits most relevant to the regions this role sits in: 30 days of annual leave inclusive of bank holidays – because rest is part of doing great work. Monthly snack, phone, and internet allowances – to help you stay connected, fuelled, and ready for the day Monthly lunch allowance – meals on us, every month Quarterly team meetups and socials – time to connect, unwind, and build relationships Recognition awards – celebrating individuals who go above and beyond Work from anywhere – up to 8 weeks of location flexibility each year Our commitment to diversity, equity & inclusion We’re building a workplace that works for everyone. We know that teams thrive when they bring together different voices, backgrounds, and perspectives — so we’re actively working to make sure everyone feels seen, heard, and valued. Whether it’s how we hire, grow talent, or shape our culture, inclusion is at the heart of what we do. If you’re passionate, curious, and ready to make an impact, you belong here. What we value: At Walr, our values are more than just words - they guide how we work, how we treat each other, and how we show up. We Delight through Dedication: We go the extra mile for our customers. We’re proactive, solutions-focused, and relentless in our pursuit of great service. If something’s not working, we fix it. Fast. We Lead with Trust: We trust each other to make smart decisions — using data, yes, but also judgement, empathy and integrity. We act like true partners, not passengers. We Revel in Innovation: We think differently. Whether it’s new tech, new ways of working or better experiences for clients — we’re not afraid to challenge the status quo. Progress matters more than perfection. We Celebrate as a Team: We share wins, give credit freely, and support each other through the tough stuff. We show up with curiosity, humility, and a belief that we’re better together. We Are Empowered to Act Like Owners: We take responsibility, even when it’s not in our job description. We make bold calls, stay accountable, and keep the bigger picture in mind. How we work: our behaviours Our behaviours bring our values to life. They define what great looks like in action: Ownership & Accountability: We follow through, face challenges head-on, and step up without waiting to be asked. Excellence: We hold a high bar - for ourselves, our work, and our impact. Customer-Centricity: We deeply understand our clients’ needs and go beyond to deliver standout experiences. Proactive Problem Solving: We don’t just fix things - we anticipate, collaborate, and innovate to get ahead of the curve. Urgency: We move fast with intention - balancing speed and never compromising on quality. Positivity: We stay constructive, even under pressure. We uplift the team and create an environment where people want to do their best work.

Experience: 6 to 8 Years Technical Skills Required: Expert in ASP.NET MVC and .NET Core. Advanced knowledge of Web API development (RESTful services). Hands-on experience with Angular 12+ (latest preferred). Strong expertise in SQL Server: complex queries, stored procedures, indexing, and optimization. Proficient in creating and managing jobs/schedulers (e.g., Quartz.NET, Hangfire, Windows Task Scheduler). Experience in AppSec closure: identifying and resolving security vulnerabilities (OWASP Top 10). Good understanding of secure coding practices. Experience with Git/Azure DevOps for source control and CI/CD pipelines. Knowledge of integration with third-party APIs. Roles and Responsibilities: Take ownership of technical modules and deliver end-to-end. Guide and mentor junior team members. Interact with client-side stakeholders for requirement clarification. Perform code reviews, optimize performance, and ensure security compliance. Handle production deployment and support.

Overview: The C#.NET Developer will work closely with both engineering (development) teams and the Information Security group to make sure that client applications are developed with security in mind. Deep awareness of the OWASP Top 10 project and practices for preventing vulnerabilities when developing applications in any tech stack is a key success factor. This person will help to ensure Static Application Security Testing (SAST) occurs during the development lifecycle and that reported vulnerabilities are properly remediated. This person will also help train developers on how to remediate the vulnerabilities and what those vulnerabilities are when needed, Implement OWASP Application Security Verification Standards (ASVS). Additionally, this person role-models for a small team (1-5 others) of persons with similar responsibilities. Excellent communication skills and a good familiarity with DevOps pipelines are key success factors for this role. Primary Responsibilities: • Shift-Left security in Software Development Life Cycle (SDLC) for various applications. •Provide guidelines, tooling, best practices and implement for: o SAST o Dynamic Application Security Testing (DAST) o Software Composition Analysis (SCA) o Runtime Application Self-Protection (RASP) •Provide guidance and coaching to teams regarding security remediation efforts •Provide guidance to teams on how to properly integrate SAST, DAST, SCA scans into their pipelines •Work with teams to ensure dependency scans are also part of their development process and pipelines •Provide ongoing improvements and awareness training on new application threats and remediation techniques •Provide guidance on OpenID Connect (OIDC) and OAuth2 and other identity-related best practices and practical approaches for client implementation •Help engineering teams plan long term remediation solutions when deep changes are required for remediation activities •Collaborate with the Information Security (InfoSec) team on prioritizing both applications and vulnerabilities based on risk •Provide guidance to teams on proper storage and retrieval of application secrets Required Skills and Experience: -5+ years software development experience -Familiarity with SAST, DAST, SCA Scans - C# .net development primary skill set -Python or Java Secondary skill set -Some cloud exposure with hyperscalers (preference is Azure, AWS, or GCP) Nice to have: -Fortify on demand -Invicti Netsparker The pay is $15/hr to $17/hr depending upon experience. Exact compensation may vary based on several factors, including skills, experience, and education. Employees in this role will enjoy a comprehensive benefits package starting on day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan begins after 90 days of employment. Additionally, employees in this role will have access to paid sick leave and other paid time off benefits as required under the applicable law of the worksite location.

Job Purpose Provides hands-on technical and security support across enterprise environments, including performing manual security testing, assisting with vulnerability identification and remediation, and supporting threat response activities. Contributes to cloud security posture monitoring, participates in responsible disclosure and bug bounty processes, and supports ongoing compliance initiatives. Aids in the investigation and response to security incidents, monitors threat intelligence sources, and helps implement security controls across systems, applications, and Office365 environments. Also assists with maintaining documentation and gathering evidence for audits related to SOC 2 Type 2, PCI-DSS, and ISO 27001 frameworks. Supports sales and client teams by contributing to responses for security audits, risk assessments, and customer security questionnaires. Job Responsibilities Essential Functions: Responsibilities This position operates under limited supervision with a high degree of independence in day-to-day security tasks. The Security Engineer supports enterprise security operations, infrastructure protection, and compliance efforts. Key responsibilities include: Perform manual security testing and assist with 2nd and 3rd level investigation and resolution of security-related support tickets. Participate in vulnerability management processes, including scanning, tracking, reporting, and remediation assistance. Monitor and support cloud security posture across environments (e.g., AWS, Azure), contributing to secure configuration and alerting. Support Office365 security administration and monitoring efforts Assist in monitoring threat intelligence feeds and help correlate findings with internal environments to identify potential risks. Respond to and support the triage and resolution of security incidents in coordination with internal teams and vendors to minimize business impact. Contribute to the intake and triage process for responsible disclosure reports and bug bounty submissions. Provide security support for customer audits and sales enablement activities by helping to complete security questionnaires and assessments. Assist with maintaining and collecting evidence for compliance frameworks such as SOC 2 Type 2, PCI-DSS, and ISO 27001. Help train and support internal teams in secure configurations and processes. Work with internal infrastructure, development, and compliance teams to implement and maintain security standards and controls. Research, test, and provide input on new security tools, products, and practices. Maintain accurate records of work performed, including documentation and ticketing of changes and issues. Non-Essential Functions May be required to participate in an on-call rotation outside of normal business hours to support security incident response or high-priority investigations. May assist with ad-hoc security-related tasks or projects outside of core responsibilities Requirements Required Education and Experience: Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or equivalent technical experience Minimum 3+ years of experience in information security, cybersecurity, or in a security engineering role Hands-on experience with manual security testing and vulnerability management practices Working knowledge of private and public cloud environments and cloud security posture management (e.g., AWS, Azure, or GCP) Familiarity with security compliance frameworks (SOC 2 Type 2, PCI-DSS, ISO 27001) Experience with MS Azure security and Office365 security tools (e.g., Microsoft Defender, Purview, Security & Compliance Center) Understanding of incident response processes and tools Exposure to responsible disclosure or bug bounty program workflows Ability to document technical findings and produce support materials for audit and remediation purposes Minimum 2+ years of experience with Penetration Testing tools such as Nmap, Burp Suite, OWASP ZAP, Nikito, SQLmap, Postman, MetaSploit, Mimikatz, Bloodhound, Maltego and others Preferred Education And Experience Bachelor’s degree or equivalent experience. Related certifications Expected Competencies Strong verbal and written communication skills Must be able to prioritize and take initiative Demonstrate excellent service skills Strong English communication skills, both written and verbal Work Schedule Monday through Friday from 12 PM to 9 PM IST. This will provide healthy overlap between India team and US team and supporting both to ensure adequate collaboration. This role will be working in Hybrid Mode and will require at least 2 days’ work from office at Hyderabad or Gurugram Travel This position may require up to 10% travel. Travel may be outside the local area and overnight EEO Statement Cendyn provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Cendyn complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. Cendyn expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Cendyn’s employees to perform their job duties may result in discipline up to and including discharge. Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Who we are. Newfold Digital is a leading web technology company serving millions of customers globally. Our customers know us through our robust portfolio of brands. We have some of the industry's most prominent and storied go-to-market brands, including Bluehost, HostGator, Domain.com, Network Solutions, Register.com and Web.com. We help customers of all sizes build a digital presence that delivers results. With our extensive product offerings and personalized support, we take pride in collaborating with our customers to serve their online presence needs. The strength of our company lives in the intersection of our people, our customers, and our brands. We are looking for a passionate and effective technical leader to help drive Application and Product Security Engineering across our development and operations teams who are responsible for our core customer applications and product platforms, including large-scale web hosting, ecommerce and email services. We believe that we can improve our application and product security by integrating a security mindset early in the development lifecycle as our applications and products are being designed, embracing security best practices and instrumentation at all stages of development and deployment. You will lead a team which will collaborate with other security, operations and software development teams to guide secure architecture, design and implementation, and reduce security risk in the organization through the construction of guardrails and paved paths that empower engineers to make informed security decisions. The threat landscape for our products and services continue to evolve and expand rapidly, and you will be challenged to help solve large-scale, complex problems that have real impact for our customers, our products, and for the larger Internet community. What You'll Do & How You'll Make Your Mark. Review architecture and code and provide security guidance (70%) Provide holistic assessments of security layers across infrastructure, application, people, and process. Collaborate with product managers, designers, and engineers to threat model and architect secure and resilient systems. Review source code against secure coding best practices and contribute security requirements. Create a paved road for engineers to build securely (20%) Drive the software design and implementation of security services, tools, and libraries to provide secure defaults to the rest of the organization. Promote security remediations in the CI/CD pipeline by building tools and services for engineers to consume. Help build the platform that ensures software development at Newfold is safe, easy, and low-risk. Cultivate and promote a security culture (10%) Champion an internal security culture. Help engineers understand how security events impact them. Required Qualifications Who you are & what you'll need to succeed. Ability to clearly communicate security topics and vulnerability classes (e.g. OWASP Top Ten) and provide actionable direction to product teams. A record of partnering with internal engineering teams to tackle security problems across an entire stack with empathy and creativity. Hands-on experience in software engineering projects. We primarily develop in Java, Python, JavaScript, SQL, and Perl. Working knowledge of modern development concepts (virtualized environments, containerization, continuous integration + delivery). Preferred Qualifications 5 to 10+ years of experience in application security or product security roles. Practical understanding and experience with shared and dedicated web hosting at scale. Proven professional experience guiding software teams on secure architecture design. Working knowledge of network architecture and system architecture, including cloud infrastructure. Experience building or reviewing threat models and ability to craft malicious user, attacker, and abuse/misuse cases. Working knowledge of hardware and software supply chain security. This Job Description includes the essential job functions required to perform the job described above, as well as additional duties and responsibilities. This Job Description is not an exhaustive list of all functions that the employee performing this job may be required to perform. The Company reserves the right to revise the Job Description at any time, and to require the employee to perform functions in addition to those listed above.

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Senior Associate Security Consultant is responsible for developing expertise in their area of specialization. This role is responsible for translating clients’ cybersecurity requirements and customizing and implementing security solutions into specific systems, applications and product designs. This role identifies and develops the security solutions for clients using company products, outsourced technology solutions and technical tools. This role consults with clients regarding secure product configuration, deployment, and security patches to minimize security vulnerabilities. In addition, this role provides comprehensive scanning, penetration testing, vulnerability assessments, monitoring services and source code analysis and delivers detailed results to clients, as well as guides and supports clients in the development and implementation of product security controls. Key responsibilities: Assists in conducting security assessments, vulnerability scans, and penetration tests to identify weaknesses in client systems. Analyzes security data, logs, and reports to detect and investigate security incidents or anomalies. Prepares and maintains documentation, including security assessment reports, findings, and recommendations. Collaborates with senior consultants to provide advice and support to clients on security best practices and risk mitigation strategies. Learns and uses various security tools and technologies for assessments and monitoring. Stays updated on the latest cybersecurity threats, vulnerabilities, and industry best practices. Assists in evaluating client systems for compliance with industry standards (e.g., ISO 27001, NIST) and regulatory requirements. Communicates effectively with clients to understand their security needs and concerns. Participates in training programs and certifications to develop expertise in cybersecurity. To thrive in this role, you need to have: Strong interest in cybersecurity and a desire to learn and grow in the field. Knowledge of basic cybersecurity concepts, principles, and best practices. Familiarity with common security tools and technologies is a plus. Excellent analytical and problem-solving skills. Effective communication skills, both written and verbal. Ability to work collaboratively in a team environment. Eagerness to stay up to date with the evolving cybersecurity landscape. Academic qualifications and certifications: Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field. Industry relevant certifications such as CISSP, CISM, CEH, GSEC or CompTIA Security+ essential. Required experience: Moderate level of demonstrable experience in the Information Technology Security Industry or relevant experience in similar role within a related environment. Moderate level of experience with security architecture design principles. Moderate level of experience with industry compliance and standards such as ISO 27000, PCI:DSS, NIST, HIPAA or others. Moderate level of experience with security tools and techniques to cover SANS Top 25, OWASP or others. Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Software development support for Windows App Store and automated installation tooling. Responsibilities include creation and maintenance of automation policies for application deployments. Required education Bachelor's Degree Required technical and professional expertise 5+ years of experience in software development. 3+ years of working experience with JAVA/Python/JavaScript/C++ Knowledge with SQL Database implementations Knowledge of SAST/DAST/IAST vulnerability scanning tools such as Mend, SonarQube, Contrast, etc. Preferred technical and professional experience Experience in cloud technologies. Good Communication skills.

Product-Security Technology Centre is responsible for ensuring that IBM products are secure by conducting timely Security reviews, penetration testing and following SPbD practices. As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design. Key responsibilities Plan the penetration test Select, design and create appropriate tools for testing Perform the penetration test on computer systems, networks, web-based and mobile applications Document your methodologies, findings Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs. Review your findings and feedback to development teams Analyse the outcomes and make recommendations for security improvements Carry out application, network, systems and infrastructure penetration tests Review physical security and perform social engineering tests where appropriate Evaluate and select from a range of penetration testing tools Keep up to date with latest testing and ethical hacking methods Deploy the testing methodology and collect data Report on findings to a range of stakeholders Make suggestions for security improvements Enhance existing methodology material Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Experience – More than 5years in Cybersecurity Web Application Testing Basic understanding of HTTP Protocol HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc. Basic understanding of HTML/JavaScript Good Understanding of security vulnerabilities, OWASP Top 10 vulnerabilities Automated Testing Must have knowledge of at least one of IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools.) Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan. Assessment of scanner results and intelligently identifying false positives from the scan results. Knowledge of Burp features mainly, Spider, Intruder, Scanner, Repeater and Extender. Manual Testing. Should be able to understand the above mentioned OWASP Top 10 categories to perform manual testing. Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing. Understanding of the workflow of the application and identifying the entry points to detect possible vulnerabilities. Preferred Professional and Technical Expertise : Webservice Testing SOAP/REST APIs testing. Configuring cURL commands and POSTMAN tool to capture the request in automated scanner. Network Testing Basic understanding of networking protocols such as TCP, UDP, DNS, DHCP etc. Basic understanding of network devices like router, switches, firewall/IDS/IPS etc.. Network scanning tools such as Nessus, Nmap, Metasploit etc. Exploitation and Post Exploitation of network vulnerabilities. Threat Model and Source code security scanning Perform/Participate in threat model creation/design or review Perform source code security scanning using (SAST) tools like Sonarqube, AppScan, Mend and other popular open-source tools. Preferred technical and professional experience Security Certifications Any of the security certifications such as CEH, ECSA, EWPT, EWPTX, OSCP, GPEN, GWAPT etc

Your Role and Responsibilities ConductVulnerability Assessment & Penetration Testing (VAPT) for web applications, APIs, and networks. Analyze and identify security vulnerabilities, ensuring alignment withOWASP Top 10 andsecure coding best practices. Provide security requirement analysis for applications. Offerrisk mitigation planning, vulnerability remediation recommendations, compliance guidance, and metrics reporting. Plan and coordinateNetwork & Application Security testing. Utilize security testing tools such asBurp Suite, Kali-Linux, AppScan, Nessus. Generate and share reports with customers usingMS Office tools. Collaborate with teams to enhance security implementations and provide best practice recommendations. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3-4 years of demonstrating experience in planning and executing VA & penetration tests exercises against web applications, APIs, Network. Minimum 3+ years of experience in Network and Application Security Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities Experience in security requirements analysis for application Experience in security requirement implementation recommendations & guidance Prior experience in Network & Application Security Test planning & coordination Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting Preferred technical and professional experience Industry certifications such asCEH/OSCP or equivalent preferred. Familiarity withsecurity standards (OWASP, SANS, ISO).

As SIEM Analyst, you will be responsible for handling the daily monitoring of Information security events on the SIEM tools. Come join our team of IBM experts, who are leaders with vision, distinguished engineers and IT architects who have worked with thousands of clients to transform enterprise IT, migrate to cloud, apply automation and ensure business continuity. We help client run their IT better, accelerate innovation and deliver unmatched performance with the power automation. If you thrive in a dynamic, reciprocal workplace, IBM provides an environment to explore new opportunities every single day. And if you relish the freedom to bring creative, thoughtful solutions to the table, there's no limit to what you can accomplish here. * Responsible for security researcher to provide insight and understanding of new and existing information security threats * Responsible to participate in recommending improvements to SOC security process, procedures, policies, security incident management and vulnerability management processes * You will be involved in evaluating, recommending, implementing, and solving problems related to security solutions and evaluating IT security of the new IT Infrastructure systems * Keep yourself up-to-date with emerging security threats including applicable regulatory security requirements * Work in a 24x7 Security Operation Centre (SOC) environment Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise * Minimum 2+ years’ experience in SIEM. * Proven expertise in handling the daily monitoring of Information Security events on the QRadar / ArcSight / Splunk console platform * Proficient in monitoring security events from various SOC channels (SIEM, Tickets, Email and Phone), based on the security event severity to handle the service support teams, tier2 information security specialists * Expertise in threat modelling and Use case development and ability to review policies of security monitoring tools based on security concepts and logical approach. Preferred technical and professional experience * Preferred OEM Certified SOAR specialist + CEH * Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work * Intuitive individual with an ability to manage change and proven time management * Proven interpersonal skills while contributing to team effort by accomplishing related results as needed * Up-to-date technical knowledge by attending educational workshops, reviewing publications

Please fill the details later On Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Please fill the details later On Preferred technical and professional experience Please fill the details later On

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4 plus years of experience Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModellingAbility to conduct threat modelling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools. Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Accenture MxDR Ops Security Threat Analysis Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to implement security measures, conducting assessments to identify vulnerabilities, and ensuring that all systems are fortified against potential cyber threats. You will also engage in continuous learning to stay updated on the latest security trends and technologies, contributing to a safer digital environment for the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify vulnerabilities.- Develop and implement security policies and procedures to safeguard information and assets. Professional & Technical Skills: - Must To Have Skills: Proficiency in Accenture MxDR Ops Security Threat Analysis.- Strong understanding of security frameworks and compliance standards.- Experience with incident response and threat hunting methodologies.- Familiarity with security information and event management tools.- Knowledge of network security protocols and best practices. Additional Information:- The candidate should have minimum 3 years of experience in Accenture MxDR Ops Security Threat Analysis.- This position is based at our Chennai office.- A 15 years full time education is required. Qualification 15 years full time education

About Velsera Medicine moves too slow. At Velsera, we are changing that. Velsera was formed in 2023 through the shared vision of Seven Bridges and Pierian, with a mission to accelerate the discovery, development, and delivery of life-changing insights. Velsera provides software and professional services for: AI-powered multimodal data harmonization and analytics for drug discovery and development IVD development, validation, and regulatory approval Clinical NGS interpretation, reporting, and adoption With our headquarters in Boston, MA, we are growing and expanding our teams located in different countries! What will you do? Development: Write clean, efficient, and well-documented Python code to meet project requirements API Development: Develop RESTful APIs and integrate third-party APIs when necessary Testing: Write unit tests and integration tests to ensure code quality and functionality Collaboration: Work closely with cross-functional teams to implement new features and improve existing ones Code Review: Participate in peer code reviews and provide constructive feedback to team members Maintenance: Troubleshoot, debug, and maintain existing codebase to improve performance and scalability. Work proactively to identify the tech debt items and come with solution to address the same Documentation: Maintain detailed and accurate documentation for code, processes, and design Continuous Improvement: Stay up-to-date with the latest Python libraries, frameworks, and industry best practices Requirements What do you bring to the table? Experience: 6+ years of experience in Python development. Technical Skills: Proficiency in Python 3.x and familiarity with popular Python libraries (e.g., NumPy, pandas, Flask, boto3) Experience in developing lambda functions Strong understanding of RESTful web services and APIs Familiarity with relational databases (e.g., PostgreSQL) and NoSQL databases (e.g., MongoDB) Knowledge of version control systems (e.g., Git) Experience with Docker and containerization Experience with AWS services such as ECR , Batch jobs, step functions, cloud watch etc Experience with Jenkins is a plus Problem-Solving Skills: Strong analytical and debugging skills, with the ability to troubleshoot complex issues Soft Skills: Strong written and verbal communication skills Ability to work independently as well as collaboratively in a team environment Detail-oriented with the ability to manage multiple tasks and priorities Preferred Skills: Experience working in the healthcare or life sciences domain Strong understanding of application security and OWASP best practices Hands-on experience with serverless architectures (e.g., AWS Lambda) Proven experience in mentoring junior developers and conducting code reviews Benefits Flexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work-life balance Health & Well-being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness support Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and grow Recognition & Rewards - Get recognized for your contributions through structured reward programs and campaigns Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoyable & Many More..

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Security Log Monitoring. Experience: 3-5 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Forgerock Access Manager. Experience: 3-5 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Azure Cloud Workload Security. Experience: 3-5 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Microsoft Entra ID. Experience: 5-8 Years.

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title And Summary Software Engineer-2-2 Who is Mastercard? Mastercard is a global technology company in the payments industry. We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments, and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. Overview The Transfer Solutions team was created to establish Mastercard as the frontrunner in the fast-evolving real-time payments space, and to position Mastercard to be able to incubate the development of new payment flows. The team is responsible for designing, building, and operating the technology that powers Mastercard’s next generation payment applications – Domestic, Cross Border and Bill Payments. The Role What’s it all about and what we expect you to do day to day? Technology leader who is hands-on & and can lead a team of engineers. Expected to spend 70% of time coding/on code related activities, and 30% coaching engineers on the team. This person is recognized as a team’s authority and technical expert who drives innovation and organizational growth through their contributions. They get their adrenaline rush by coding away in IDEs. They spend majority of their time in writing non-feature code. They are hands all the time and collaborate by writing interfaces, tests (unit or acceptance) and architecture fitness functions, outside of meeting rooms. Tools like JDepend, ArchUnit, ADRs and NetArchTest make them feel at home. Domain driven design in their game. They code to enforce the contextual mappings and aggregates for each bounded context. They drive implementation of consumer driven contracts to allow for evolution and learning of the domain model with hyper speed while meeting our promises to other teams internally and customers alike. They are polyglot engineering gurus. they bring cutting edge engineering practices to life in multiple evolving frameworks – Feature flags, fitness functions and whatever is required to reduce the cost and increase the lifecycle value of next feature delivered by engineering teams. They love declarative paradigm and functional programming. No one can stop them from paying off technical debt and refactoring the code for better SDLC, performance and availability. Work on complex enterprise-wide initiatives spanning multiple services/programs and drives resolution Work with business/product owners to architect and deliver on new services to introduce new products and bundles Participate and contribute to team’s agile process and decisions. Understand and contribute to Prioritization. Drive prioritization decisions and trade-offs in working with product partners Drive the architectural design, including dependent services, service interactions, and policies Contribute and lead Guild initiatives by engaging and mentoring Engineers at all levels to improve the craftsmanship of Software Engineering Simplify and improve the cost/benefit of a function/service/architecture strategy Apply judgment and experience to balance trade-offs between competing interests Venture beyond comfort zone to take on assignments across different areas of Software Engineering Take on organization-wide and public speaking engagements and publishes white papers and blogs on relevant and emerging technical topics Consult across teams and across organization lines to identify synergies and reuse opportunities Participate and contribute to Principal review architecture meetings and drive resolutions to enterprise-wide challenges and regulatory needs Write recommendations for job promotions based on an unbiased view of one's accomplishments Conduct technical interviews for hiring engineering staff and raising the performance bar All About You And What You Need To Bring Expert in building highly resilient & scalable distributed systems. Has deep exposure to various database, messaging & caching technologies. Progressively grown career with proven design and development experiences in multiple languages (e.g., Java, .NET, JavaScript, SQL), secure coding standards (e.g., OWASP, CWE, SEI CERT), and vulnerability management. Has an expert understanding and experience of DevOps best practices to guide developers and abstract application development from underlying hosting platforms and infrastructure. Infrastructure as code and cloud first software development knowledge experience preferred. Experienced in the skills required to implement advanced test set ups in production environment (e.g., A/B testing, canary releases, blue-green deployment, feature flags) Experience in Continuous Integration (CI) and Delivery (CD) concepts, and capabilities to support automation, pipelines, virtualization, and containerization Understands internals of operating systems (Windows, Linux, Mainframe) to write interoperable and performant code. Has skills to develop and evangelize on reference architecture and run principles to help teams adopt Engineering Principles from the start (poison pill, active/active/active, auto-scaling, self-healing, others) Understands use cases for advanced design patterns (e.g., service-to-worker, MVC, API gateway, intercepting filter, dependency injection, lazy loading, all from gang of four) to implement efficient code Understands and implements Application Programming Interface (API) standards and cataloging to drive API/service adoption and commercialization Has skills to engage engineers across Technology organization to promote standard software patterns and reuse of common libraries and services Has experience in leading and coaching teams to perform software planning and estimation for large scale complex programs Has skills to drive trade-off discussions to set right development capacity based on value drivers (e.g., regulatory, security, new business, market parity, technical debt) Has experience in design and execution of automation across multiple business areas and provides guidance on best methods and tools. Performance engineering experience to ensure applications are built to scale, run, and perform for varying demands Has skills to perform architecture and cost analysis for internal, hybrid, and public cloud environments Has skills to succinctly articulate architecture patterns of complex systems, with business and technical implications, to executive and customer stakeholders Has skills to define and drive advanced chaos and other operational testing practices to test points of failures, monitors, and system behaviors under adverse conditions (e.g., resource spikes, network congestion, component or infrastructure failure) Experienced in agile and modern SDLC practices (Scrum/Kanban/Continuous Delivery/DevOps/Quality engineering) and the delivery situations they are used for. Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines. R-246198

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Senior Associate Security Consultant is responsible for developing expertise in their area of specialization. This role is responsible for translating clients’ cybersecurity requirements and customizing and implementing security solutions into specific systems, applications and product designs. This role identifies and develops the security solutions for clients using company products, outsourced technology solutions and technical tools. This role consults with clients regarding secure product configuration, deployment, and security patches to minimize security vulnerabilities. In addition, this role provides comprehensive scanning, penetration testing, vulnerability assessments, monitoring services and source code analysis and delivers detailed results to clients, as well as guides and supports clients in the development and implementation of product security controls. Key responsibilities: Assists in conducting security assessments, vulnerability scans, and penetration tests to identify weaknesses in client systems. Analyzes security data, logs, and reports to detect and investigate security incidents or anomalies. Prepares and maintains documentation, including security assessment reports, findings, and recommendations. Collaborates with senior consultants to provide advice and support to clients on security best practices and risk mitigation strategies. Learns and uses various security tools and technologies for assessments and monitoring. Stays updated on the latest cybersecurity threats, vulnerabilities, and industry best practices. Assists in evaluating client systems for compliance with industry standards (e.g., ISO 27001, NIST) and regulatory requirements. Communicates effectively with clients to understand their security needs and concerns. Participates in training programs and certifications to develop expertise in cybersecurity. To thrive in this role, you need to have: Strong interest in cybersecurity and a desire to learn and grow in the field. Knowledge of basic cybersecurity concepts, principles, and best practices. Familiarity with common security tools and technologies is a plus. Excellent analytical and problem-solving skills. Effective communication skills, both written and verbal. Ability to work collaboratively in a team environment. Eagerness to stay up to date with the evolving cybersecurity landscape. Academic qualifications and certifications: Bachelor's degree or equivalent in Information Technology or Computer Science or Engineering or related field. Industry relevant certifications such as CISSP, CISM, CEH, GSEC or CompTIA Security+ essential. Required experience: Moderate level of demonstrable experience in the Information Technology Security Industry or relevant experience in similar role within a related environment. Moderate level of experience with security architecture design principles. Moderate level of experience with industry compliance and standards such as ISO 27000, PCI:DSS, NIST, HIPAA or others. Moderate level of experience with security tools and techniques to cover SANS Top 25, OWASP or others. Workplace type : Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

Job Title SR SPECIALIST – INFORMATION SECURITY Responsibility & Key Result Areas: Represent CISO organization and in particular the Application Security Office, in Bangalore, relaying important security objectives, requirements, and information to R&D in BLR Should be from core application software development or DevSecOps background and should have extensive development, designing & DevSecOps skill. Should be leading the one or more development / implementation initiatives for Application Security Office. As DevSecOps & Secure SDL Senior Specialist, Lead build, implementation and deployment of the Secure Development Lifecycle activities in CI/CD pipeline, Assist in security assessments of new architecture and technology. Will have hands on experience in Secure SDLC including DevSecOps, Threat Modelling, Web Application Scan, Static & Binary Scan, Vulnerability assessment and triaging and Security Testing. Should provide expertise and consultancy on SCM like GitHub, BitBucket, Jenkins etc and security tools like Burpsuite, Qualys WebApp Scan, Blackduck, Prisma scanner, Fortify SSC, sonarcube, Checkmarx and other static/dynamic analysis tools Should have exposure or ability to learn application security concepts not limited to CIA triad, OWASP Top 10 Vulnerabilities, OAuth, SAML, JWT, Cryptography and other advanced security concepts Perform or assist in performing security assessments for new architectures and technologies, providing expert guidance on potential security risks. Analyse, support and validate Security requirements with the purpose of continuously improving our services. Support and help in conducting regularly MOCK PCI-DSS & GDPR compliance audits and provide consultancy as required in order to maintain certifications, compliance certificates and adherence to standards and compliancy requirements. Ensure Compliance loopback channel to the organization with excellent coordination and communication between stakeholders within the organization. Play the role of Security Product Owner/Scrum Master/Facilitator for App Security Agile Scrum / Kanban Team. Interface with the rest of the organization with the purpose to collect areas of improvement and transform/enrich them in a way meaningful to the expected providers. Understand the environment in sufficient details to solicit, suggest, validate and prioritize innovative ideas and/or requirements that will improve the Security services provided by the organization. Ensure project deliverables are delivered to the quality and schedule committed as per project management plan. Ensure accurate and effective communication and reporting of key security indicators (KSI) to all relevant stakeholders. Help animating R&D community of Security Whitehats and build internal security expertise. Assist in creating a security culture and provide input to HR Training for security trainings. Provide formalised but pragmatic security standards, guidelines and recommendations, in collaboration with other security offices Raise alerts and find solutions, communicate and report to internal and external stakeholders Competencies: The right candidate will have total 9 to 12 years of experience in software development design & development/coding and engineering practices along with extensive experience in DevSecOps and product secure development lifecycle (Secure SDL) and methodologies implementation & governance. Good knowledge of infrastructure as code, end-to-end fully-automated CI/CD pipelines, from code commits to production and security of repositories (like GitHub, BitBucket etc), pipelines, build/release tools (like Jenkins, GitHub actions etc) and methodologies in CI/CD pipelines. Proficiency in scripting, including Python, Groovy, Helm, shell scripts, Perl etc to support the automation and continuous improvement of processes Hands on experience in DevSecOps, Secure SDLC including Threat Modeling, Vulnerability assessment. Security Testing, Security Scans and Security compliance like PCI-DSS/GDPR/ISO. Exposure on Webservices( SOAP/ REST) security assessment will be a definite plus Experience in full DevSecOps CI/CD pipeline, Agile methodology, container security, APIs, and microservices. Knowledge of OWASP Top10, SANS Top25, CWE and CVE / Mitre, along with hands-on practical experience in development & testing for vulnerabilities and implementing remediation. Should have good exposure in Burpsuite, Qualys WebApp Scan, Blackduck, Prisma scanner, Fortify SSC and other static/dynamic analysis tool Good understanding on all security areas like CIA Triad, Authentication, Authorization, Session Management, Cryptography, Data Validation, Error Handling, Confidentiality /Integrity / Availability / Authentication / Authorization / Auditing / Logging etc... Should have good experience in other areas of Secure SDLC Investigate (potential) attacks, assess exploitability and risk exposure, and propose mitigation Security certifications such as CEH, CDP, CDE, CSSLP, CISSP, CCSP etc are a plus. Soft Skills: Multi-cultural approach, and ability to interface with all levels of the organization Strong analytical, conceptual and problem solving skills Accountability and reliability, personal involvement Pro-activity, initiative, and autonomy Independent work ethic Diversity & Inclusion Amadeus aspires to be a leader in Diversity, Equity and Inclusion in the tech industry, enabling every employee to reach their full potential by fostering a culture of belonging and fair treatment, attracting the best talent from all backgrounds, and as a role model for an inclusive employee experience. Amadeus is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to gender, race, ethnicity, sexual orientation, age, beliefs, disability or any other characteristics protected by law.

Job Title Product Security Engineer Job Description Product Security Engineer Primary Roles and Responsibilities: Participate in the development of life saving devices and applications with focus on product security. Drive the definition, plan, and implementation of the overall security strategy, standards, processes, and procedures, which meet or exceed customer expectations and applicable processes & standards in collaboration with the Product Security Office. Perform security assessments in accordance with the Risk Management Framework (RMF) as defined by National Institute of Standards and Technology (NIST). Actively participate in applying cyber security best practices to product development projects including cloud, application, and embedded software systems. Conduct or oversee technical aspects of security risk assessments and compliance audits, the evaluation and testing of firmware and software for possible impacts upon system security, and the investigation and resolution of security incidents. Conduct risk analyses for vulnerabilities, create threat models, perform penetration testing. Integrate security best practices and controls throughout the Software Development Life Cycle (SDLC). Function as technical lead during a security incident, determining the cause of the incident(s), performing incident response activities and forensics analysis of security incidents. Participate in architecture, design, and code reviews to provide security related feedback and guidance. Create engineering documentations to comply with product development policies, practices, and procedures. Working closely with regulatory bodies to support enquiries, own security related documentation and deliverables ensuring compliance with key standards/guidance documents. Liaison with the Product Security & Services Office (PSSO) and review applicability of impact to released or in development products regarding Product Security Advisory notices issued by the PSSO Key Knowledge, skills and abilities required: BS/MS/PhD degree in Cyber Security, Systems Security, Computer Science, Computer Engineering, or equivalent 10+ years of job experience in a Cyber Security related position 5+ years of job experience in the design and development of secure software applications Experience with security hardening and analysis across cloud (e.g. AWS), Windows, embedded, and Linux environments/applications Familiar with secure coding standards Familiar with vulnerability testing, fuzz-testing and related scanning tools Penetration testing and tools experience Familiarity with OWASP methodology and tools for web application security testing. Strong communication and analytical skills, able to effectively communicate with people at all levels Forensics analysis Certifications such as: Certified Information System Security Professional (CISSP) Certified Information Security Manager (CISM) Cloud Certified Security Professional (CCSP) Excellent written and verbal communication skills Good learning aptitude Key Knowledge, skills, and abilities desired: Preferred experience in the medical, health industry, or similar regulated industries using Risk Management Framework (Finance, Military, etc.) Preferred experience driving product development through RMF (Risk Management Framework) Preferred familiarity with Department of Defense Information Assurance Architecture Working knowledge of C, C++, C# Working knowledge of real time systems How we work together We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company’s facilities. Field roles are most effectively done outside of the company’s main facilities, generally at the customers’ or suppliers’ locations. Indicate if this role is an office/field/onsite role. About Philips We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others. Learn more about our business . Discover our rich and exciting history . Learn more about our purpose . If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here . #Connectedcare

Job Title Product Security Engineer Job Description Product Security Engineer Primary Roles and Responsibilities: Participate in the development of life saving devices and applications with focus on product security. Drive the definition, plan, and implementation of the overall security strategy, standards, processes, and procedures, which meet or exceed customer expectations and applicable processes & standards in collaboration with the Product Security Office. Perform security assessments in accordance with the Risk Management Framework (RMF) as defined by National Institute of Standards and Technology (NIST). Actively participate in applying cyber security best practices to product development projects including cloud, application, and embedded software systems. Conduct or oversee technical aspects of security risk assessments and compliance audits, the evaluation and testing of firmware and software for possible impacts upon system security, and the investigation and resolution of security incidents. Conduct risk analyses for vulnerabilities, create threat models, perform penetration testing. Integrate security best practices and controls throughout the Software Development Life Cycle (SDLC). Function as technical lead during a security incident, determining the cause of the incident(s), performing incident response activities and forensics analysis of security incidents. Participate in architecture, design, and code reviews to provide security related feedback and guidance. Create engineering documentations to comply with product development policies, practices, and procedures. Working closely with regulatory bodies to support enquiries, own security related documentation and deliverables ensuring compliance with key standards/guidance documents. Liaison with the Product Security & Services Office (PSSO) and review applicability of impact to released or in development products regarding Product Security Advisory notices issued by the PSSO Key Knowledge, skills and abilities required: BS/MS/PhD degree in Cyber Security, Systems Security, Computer Science, Computer Engineering, or equivalent 6+ years of job experience in a Cyber Security related position 3+ years of job experience in the design and development of secure software applications Experience with security hardening and analysis across cloud (e.g. AWS), Windows, embedded, and Linux environments/applications Familiar with secure coding standards Familiar with vulnerability testing, fuzz-testing and related scanning tools Penetration testing and tools experience Familiarity with OWASP methodology and tools for web application security testing. Strong communication and analytical skills, able to effectively communicate with people at all levels Forensics analysis Certifications such as: Certified Information System Security Professional (CISSP) Certified Information Security Manager (CISM) Cloud Certified Security Professional (CCSP) Excellent written and verbal communication skills Good learning aptitude Key Knowledge, skills, and abilities desired: Preferred experience in the medical, health industry, or similar regulated industries using Risk Management Framework (Finance, Military, etc.) Preferred experience driving product development through RMF (Risk Management Framework) Preferred familiarity with Department of Defense Information Assurance Architecture Working knowledge of C, C++, C# Working knowledge of real time systems How we work together We believe that we are better together than apart. For our office-based teams, this means working in-person at least 3 days per week. Onsite roles require full-time presence in the company’s facilities. Field roles are most effectively done outside of the company’s main facilities, generally at the customers’ or suppliers’ locations. Indicate if this role is an office/field/onsite role. About Philips We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others. Learn more about our business . Discover our rich and exciting history . Learn more about our purpose . If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our culture of impact with care here . #Connectedcare