1625 Owasp Jobs - Page 4

Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, and developer with a security cloud that protects them with end to end, simplified solutions. The Microsoft Security organization accelerates Microsoft’s mission and bold ambitions to ensure that our company and industry is securing digital technology platforms, devices, and clouds in our customers’ heterogeneous environments, as well as ensuring the security of our own internal estate. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. Security represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. The Microsoft Security Response Center (MSRC) is responsible for detecting, protecting, and responding to threats that affect Microsoft’s products and services. We are looking for a motivated Leader to manage a team of highly skilled security researchers who also is adept at vulnerability research to join our team. As part of the MSRC, our team is responsible for analyzing vulnerabilities found in Microsoft’s products and services to determine their root cause, severity, and security impact. This analysis plays a critical role in shaping the security updates that are deployed to customers. The knowledge that we gain from analyzing vulnerabilities also informs the offensive and defensive security research performed by our team. As part of this research, our team works collaboratively with many teams across Microsoft to investigate, develop, and deploy security features that help discover and mitigate the biggest threats to customers. Our team is passionate about a range of topics including vulnerability discovery & automation, safer programming languages, exploit and vulnerability mitigations, software sandboxes, penetration testing & red teaming, exploit development, operating systems security (Windows and Linux), virtualization security, cloud services security, OWASP top 10, and hardware vulnerabilities and mitigations. This particular role is focused on the online services (OLS), e.g. cloud and web bugs. This is a unique opportunity to have a positive impact on improving safety for customers around the world and to work on challenging real-world security problems as part of a supportive and collaborative team. Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond. In alignment with our Microsoft values, we are committed to cultivating an inclusive work environment for all employees to positively impact our culture every day. Responsibilities Lead and manage a team of security researchers to Analyzing vulnerabilities in software and services to determine their root cause, severity, and security impact Identifying variants of vulnerabilities and discovering new vulnerabilities. Lead the team while also collaborating with stakeholders in peer teams and organizations to build tools and invent new approaches to automate the discovery & analysis of vulnerabilities Influence and align org vision by collaborating with customers, partners, product management and engineering teams. Analyzing trends in vulnerabilities being discovered to spot patterns Researching, developing, and deploying mitigations for common patterns of vulnerabilities Performing penetration testing, offensive security research, and red teaming activities Engaging with and contributing knowledge back to the security research community Mentoring and contributing to the growth of individuals within the team and across Microsoft Supporting a healthy and inclusive culture within the team and across Microsoft Own career development of team through active coaching. Lead the team by bringing clarity, creating energy, and driving results. Create a strong culture of engineering excellence, customer passion, collaboration, diversity, and inclusion. Lead the team by bringing clarity, creating energy, and driving results. Create a strong culture of engineering excellence, customer passion, collaboration, diversity, and inclusion. Qualifications 10+ years of experience in vulnerability/exploits research and mitigation Bachelor's Degree in Statistics, Mathematics, Computer Science or related field and experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection Have a hands-on approach to technical leadership in setting the engineering direction for the team with sound design and development best practices. Drive engineering roadmaps, leading teams, mentoring, and helping others grow. Own career development of team through active coaching. Lead the team by bringing clarity, creating energy, and driving results. Create a strong culture of engineering excellence, customer passion, collaboration, diversity, and inclusion. Have a hands-on approach to technical leadership in setting the engineering direction for the team with sound design and development best practices. Drive engineering roadmaps, leading teams, mentoring, and helping others grow. Own career development of team through active coaching. Lead the team by bringing clarity, creating energy, and driving results. Create a strong culture of engineering excellence, customer passion, collaboration, diversity, and inclusion. In-depth experience in working as a security engineer Experience in identifying common vulnerability types (OWASP top 10, CWE top 25) in software and services written in C#, JavaScript/HTML, C++, C, etc Ability to debug and root cause vulnerabilities in software, services, and cloud platforms Excellent written and verbal communication skills Preferred Qualifications: Public track record of vulnerability research and discovery Familiarity with cloud service architectures (Azure etc), design, and implementations Familiarity with operating system internals for Windows and/or Linux Familiarity with exploitation techniques and mitigations Microsoft is an equal opportunity employer. Consistent with applicable law, all qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.

What you’ll do: This security analyst will be part of a team tasked with identifying, tracking and verifying the remediation of vulnerabilities in internal and external applications and systems. This role involves performing deep-dive analysis of vulnerabilities, operating vulnerability scanning tools, and building relationships with other groups within the IT organization. You will work closely with IT infrastructure, product teams, supply chain, and Cyber Security operations to reduce Eaton's attack surface. Stay up to date with the evolving technological and threat landscape and its potential impact on modern and legacy technologies, applications, and business processes. Monitor for vulnerabilities within applications, endpoints, databases, networking, and mobile and cloud services. Conduct continuous discovery, vulnerability assessment and remediation status of enterprise-wide assets. Advise employees responsible for remediation on the best reduction and remediation practices. Review and analyze vulnerability data to identify trends and patterns. Regularly report on the state of vulnerabilities, including their criticality, exploit probability, business impact, and remediation strategies. Serve as a point of contact for new and existing vulnerability-related issues. Collaborate with business teams and cyber security stakeholders to ensure appropriate governance structures are in place and that risks are documented. Provide vulnerability education and guidance to stakeholders, developers, IT and business leaders as needed. Maintain documentation related to vulnerability policies and procedures. Assist maintaining records for Eaton assets, their vulnerability state, remediation recommendations, overall security posture and potential threat to the business. Identify areas of opportunity for improvement and automation within team processes. Perform other duties as assigned, including on-call rotations. Qualifications: Bachelor’s degree in a technical discipline Overall 5-8 years of experience 3+ years of experience in security operations or vulnerability management. Skills: Ability to analyze and understand vulnerabilities and exploits Proficiency with commercial and open source vulnerability management solutions. Understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques. Understanding of operating systems, applications, infrastructure, and cloud computing services. Understanding of OWASP, CVSS, MITRE ATT&CK framework. Capacity to comprehend technical infrastructure, managed services, and third-party dependencies. Preferably some experience with vulnerability management across AWS, Azure, or Google cloud Platform. Experience in Python or Powershell, with an emphasis on scripting, automation, and integrations. Experience in threat hunting or red teaming exercises is a plus. Strong communication skills: Ability to communicate effectively across all levels of the organization. Project management skills: Strong project management, multitasking, and organizational skills

Engineer Trainee – Cyber Security Career Opportunities at ReBIT (Pass Out Year 2025) Life at ReBIT: Serving since 2016, Reserve Bank Information Technology Pvt. Ltd. (ReBIT) is RBI’s subsidiary for Enterprise Technology and Allied Services. Home | Reserve Bank Information Technology Private Limited (ReBIT) Why Work at ReBIT : We are an ambitious, employee-first organisation that believes in empowering our employees to grow alongside the organization's goals and perform to their full potential. The hired professionals will be a part of our 1000+ workforce and will have opportunity to work in active RBI engagements in which ReBIT is currently involved. We’re set to build a world class team of skilled professionals motivated to make a nationwide impact. They will be a part of our centres of excellence focusing on multiple technologies and will gain exposure in various domains such as Forex, central banking, financial markets, risk monitoring, fintech, and so on. Role Objective: We are looking for candidates who have a zeal for technology and innovation. The Selected candidates will be a part of any of the below Business Units. 1. Cyber Security Operations 2. Cyber Security Engineering/ GRC Eligibility Criteria University degree in the field of engineering and technology stream such as BE/ BTech/MTech/MSc/MCA preferably specialisation in Cyber Security, Computer Engineering, IT or EXTC Job Location : Navi Mumbai Pass out: 2025 Batch ONLY 10th & 12th – 65 % & above Work Mode :Work From Office (5 Days) Experience/Knowledge: Fundamental knowledge in Information Technology Infra and Cyber Security Knowledge of Risk analysis , identification ,resolution and management Awareness on Data security/privacy analysis and related practices Knowledge of Computer hardware / software / programming Networking and System/Database Administration knowledge Network Security Control knowledge as Firewall, Proxy, LB ,WAF etc. New Infra security project deployment skills and excellent verbal and written communication skills Basic knowledge, VPN, VAPT,AD,SOC,DLP,Antivirus,Mail Gateway ,NAC etc Basic knowledge of Application & API Security best practices and standards including OWASP top 10, OSSTMM, SANS Top 25, Attacks, Malware etc Basic knowledge about Information Security, network security, Data security, risk assessment and governance requirements. Understanding of secure coding practices and application security Understanding of the IS and Cyber security Audit Framework Excellent analytical skills Excellent English written and verbal communication. Good at public speaking and stakeholder management Responsibilities Cyber Security Operations Monitoring and protecting IT infrastructure, edge devices, networks, and data. Responsible for preventing data breaches and monitoring and reacting to attacks. Supporting day-to-day support Tasks Cyber Security Engineering/GRC Basic documentation for Infra security services. Documentation of SOP, Product review. Perform Security configuration review & Hardening using CIS benchmarks. Define hardening documents for Firewalls, Load balancers, WAF, IPS/IDS, NTA etc Provide security compliance report to management on periodic basis for Infrastructure landscape. Analysis and evaluation of open vulnerability within IT Infrastructure Responsible for deploying, tuning, and maintaining security policies and enhancements on the web application firewall, Load balancer and infra devices. IT & Security governance, risk, and compliance frameworks and practices (e.g., COBIT, NIST-CSF, ISO). IT & Security risk & security controls (e.g., cyber security, network, infrastructure, applications, and projects). Application Security Testing including SCA, SAST and DAST. Internal control implementation, including the evaluation of the design and operating effectiveness of controls. Knowledge of controls testing techniques and data analysis principles, as well as the ability to interpret results. IT & Security audit, risk, and compliance. Proficiency with Cyber security GRC systems and compliance frameworks Certifications MCSE , CCNA, CEH ,CCSP, ITIL or any other Cyber Security Certification (Good to have)

Application Security — Solution Delivery Lead Deloitte’s Cyber Risk Services help our clients to be secure, vigilant, and resilient in the face of an ever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner. Our services help organizations to address, in a timely manner, pervasive issues, such as identity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Work you will do As a Senior Consultant in the hybrid operate business, you are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following: o Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; o Understand and deep knowledge of application security engineering principles, and helping client’s development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; o Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; o Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; o Perform manual and automated security assessment of the applications; o Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; o Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; o Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and o Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization The team Deloitte’s DevSecOps is a standardized process, to help clients with large development functions, and application dependencies for their day-to-day operations. The process enables the client to address key vulnerabilities and risks associated with their various application environment at different stages of their development lifecycle. At the core of our Application Security Managed Services Team professionals monitors, collects and analyses security related issues on application environment (both at code level and infrastructure level), that may potentially become a threat to an organization. This detection of application threats/vulnerabilities is carried out using a unique blend of our application security testing and monitoring tools and intelligence data collected through our vast experience within the Advice and Implement business. Required: Minimum of 5-7 years’ experience in application security development, security testing, deployment and security management phases; Deep interest in application specific vulnerabilities, code development and infrastructure knowledge; Investigative and analytical problem-solving skills; Experience in collecting, analyzing, and interpreting qualitative and quantitative data from defined application security services related sources (tools, monitoring techniques etc.) Knowledge and experience of OWASP Top 10, SANS Secure Programming, Security Engineering Principles; Hands-on experience in performing code review of dot Net, Java and Swift and objective C code; Hands-on experience in running, installing and managing SAST, DAST , SCA and IAST solutions, such as Checkmarx, Fortify and Contrast in large enterprise Understanding of leading vulnerability scoring standards, such as CVSS, and ability to translate vulnerability severity as security risk; Hands-on experience on at least one CI/CD tool set and building pipelines using Team city, Bamboo, Jenkins, Chef, Puppet, selenium, AWS and AZURE DevOps; Hands on experience on container technology such as Kubernetes, Dockers, AKS, EKS. Knowledge of cloud environments and deployment solutions such as server less computing; Hands on experience in penetration testing of mobile, desktop and web applications; Must have experience in writing custom exploitation scripts and utilities; Possession of excellent oral and written communication skill; Knowledge of one or more scripting languages for automation and complex searches; Must have cloud security specialization in Security; and Certification such as EC-Council CEH (Certified Ethical Hacker), DevSecOps Professional (CDP) , ISC2 Certified Cloud Security Professional (CCSP), Certified API Security Professional (CASP) , CTMP (Certified Threat Modeling Professional) etc. are preferred. Preferred: Bachelor’s in computer science or other technical fields; Experience in cloud service providers such as AWS, GCP, Azure, Oracle are preferred Experience in implementing and managing security measures within Kubernetes environments, designing and enforcing advanced security protocols for API infrastructure, managing and optimizing our containerized applications using Docker, automating and managing our infrastructure as code using Terraform, automating IT processes and configurations using Ansible, and identifying and mitigating potential security threats through comprehensive threat modeling practices. Solid and demonstrable comprehension of Information Security including OWASP/SANS, Security Test Case development (or mis-use case). Understanding of security essentials including; networking concepts, defense strategies, and current security technologies Ability to research and characterize security threats to include identification and classification of application related threat indicators How you will grow At Deloitte, we have invested a great deal to create a rich environment in which our professionals can grow. We want all our people to develop in their own way, playing to their own strengths as they hone their leadership skills. And, as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposure to leaders, sponsors, coaches, and challenging assignments—to help accelerate their careers along the way. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning, and eLearning. Deloitte University (DU): The Leadership Center in India, our state-of-the-art, world-class learning center in the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangible symbol of our commitment to our people’s growth and development. Explore DU: The Leadership Center in India. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best work every day. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy, centered, confident, and aware. We offer well-being programs and are continuously looking for new ways to maintain a culture that is inclusive, invites authenticity, leverages our diversity, and where our people excel and lead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationships with our clients, our people, and our communities. We believe that business has the power to inspire and transform. We focus on education, giving, skill-based volunteerism, and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. #CA-LD Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 301449

JOB DESCRIPTION KPMG in India, a professional services firm, is the Indian member firm affiliated with KPMG International and was established in September 1993. Our professionals leverage the global network of firms, providing detailed knowledge of local laws, regulations, markets, and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, and Vadodara. KPMG in India offers services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused, and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment KPMG Advisory professionals provide advice and assistance to enable companies, intermediaries, and public sector bodies to mitigate risk, improve performance, and create value. KPMG firms provide a wide range of Risk Advisory and Financial Advisory Services that can help clients respond to immediate needs as well as put in place the strategies for the longer term. Projects in IT Advisory focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risks. They are either IS audit, SOX reviews, Internal audit engagements, IT infrastructure review and/or risk advisory including but not limited to IT audit supports in nature. QUALIFICATIONS • IT Audit + SAP experience with knowledge of IT governance practices Prior IT Audit knowledge in areas of ITGC, ITAC (application/automated controls) SOX 404, SOC-1 and SOC-2 Audits Good to have knowledge of other IT regulations, standards and benchmarks used by the IT industry (e.g. NIST, PCI-DSS, ITIL, OWASP, SOX, COBIT, SSAE18/ISAE 3402 etc.) Technical Knowledge of IT Audit Tools with excellent knowledge of IT Audit process and methodology Exposure to Risk Management and Governance Frameworks/ Systems will be an added advantage Exposure to ERP systems will be added advantage Strong project management, communication (written and verbal) and presentation skills Knowledge of security measures and auditing practices within various applications, operating systems, and databases. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance, and professionalism Preferred Certifications – CISA/CISSP//CISM Exposure to automation Data Analytics tools such as QlikView/Qlik sense, ACL, Power BI will be an advantage Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools Equal employment opportunity information: KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you.

Location Gurugram, Jaipur Employment Type Full time Location Type Hybrid Department Engineering For over four decades, PAR Technology Corporation (NYSE: PAR) has been a leader in restaurant technology, empowering brands worldwide to create lasting connections with their guests. Our innovative solutions and commitment to excellence provide comprehensive software and hardware that enable seamless experiences and drive growth for over 100,000 restaurants in more than 110 countries. Embracing our "Better Together" ethos, we offer Unified Customer Experience solutions, combining point-of-sale, digital ordering, loyalty and back-office software solutions as well as industry-leading hardware and drive-thru offerings. To learn more, visit partech.com or connect with us on LinkedIn, X (formerly Twitter), Facebook, and Instagram. Position Description: ParTech, Inc. is seeking a Quality Assurance Automation Engineer to join our ParPay-Payments software development team. The QA Automation Engineer will, under general supervision and adhering to established procedures for quality assurance design and implement test strategies related to POS software. The QA Automation Engineer will coordinate, create, execute and maintain test cases to ensure quality control standards are achieved. The QA Automation Engineer will be involved in system, regression, and performance and scalability testing to meet quality objectives. Position Location: Jaipur / Gurugram Reports To: Engineering Manager What We’re Looking For: Bachelor’s in computer science/Engineering or related field required. Minimum of 5 years of functional testing background, including defining test strategy, test planning, test case design, and execution 4+ years of professional coding experience in C#, JavaScript, Powershell Project experience using an Agile methodology (e.g. Scrum) Expertise in automated testing frameworks and scripting. Experience with Continuous Integration/Continuous Deployment (CI/CD) pipelines. Knowledge of testing strategies around microservices architecture and modern monolith architecture. Experience with API testing and tools (e.g., Postman, REST-assured, Swagger). Proficiency with and/or familiarity with a variety of software testing tools such as: Selenium Test Complete JMeter Ready API Additional technical experience Performance / load testing SQL proficiency Proficiency in version control systems (e.g., Git) Good understanding with AWS, Azure, or any other related Cloud Infrastructure. Good understanding of security testing practices and tools (e.g., OWASP, SAST, DAST). Unleash your potential: What you will be doing and owning: Collaborates closely with Scrum team to monitor and provide constant feedback, to ensure the quality of the final product Designs test strategies and test cases for complex systems and execute various types of testing (e.g. functional, integration, end-to-end) on a variety of platforms (e.g. desktop, web) Create and execute automated test cases and report test results Interview Process: Interview #1: Phone Screen with Talent Acquisition Team Interview #2: Video interview with the Technical Teams (via MS Teams/F2F) Interview #3: Video interview with the Hiring Manager (via MS Teams/F2F) PAR is proud to provide equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. We also provide reasonable accommodations to individuals with disabilities in accordance with applicable laws. If you require reasonable accommodation to complete a job application, pre-employment testing, a job interview or to otherwise participate in the hiring process, or for your role at PAR, please contact accommodations@partech.com. If you’d like more information about your EEO rights as an applicant, please visit the US Department of Labor's website.

GitLab is an open core software company that develops the most comprehensive AI-powered DevSecOps Platform, used by more than 100,000 organizations. Our mission is to enable everyone to contribute to and co-create the software that powers our world. When everyone can contribute, consumers become contributors, significantly accelerating the rate of human progress. This mission is integral to our culture, influencing how we hire, build products, and lead our industry. We make this possible at GitLab by running our operations on our product and staying aligned with our values. Learn more about Life at GitLab. Thanks to products like Duo Enterprise, and Duo Workflow, customers get the benefit of AI at every stage of the SDLC. The same principles built into our products are reflected in how our team works: we embrace AI as a core productivity multiplier. All team members are encouraged and expected to incorporate AI into their daily workflows to drive efficiency, innovation, and impact across our global organisation. The Engineering Manager for Composition Analysis and Dynamic Analysis specializes in leading teams focused on application security scanning technologies. This role oversees multiple security-focused engineering groups and is responsible for balancing priorities across these specialized teams. This role is an extension of the Engineering Manager position. Groups Overview Composition Analysis -The Composition Analysis group is responsible for: Software Composition Analysis Container Scanning Dynamic Analysis - The Dynamic Analysis group is responsible for: API Security Dynamic Analysis Security Testing (DAST) Fuzz Testing What You’ll Do Manage engineers across both the Composition Analysis and Dynamic Analysis groups Drive key initiatives including: Auto-remediation of vulnerable software packages Scanning of unmanaged dependencies in C/C++ Static reachability analysis with function-level granularity Snippet detection for open source dependencies Improve the DAST crawler for efficiency, stability, and consistent web application traversal Balance priorities across multiple security-focused engineering teams Author project plans for epics across both groups, ensuring alignment and avoiding duplication of effort Run agile project management processes for multiple teams Provide guidance on security product architecture Coordinate between Composition Analysis and Dynamic Analysis teams to ensure consistent and complementary approaches to application security What You’ll Bring In-depth understanding of application security concepts, particularly in software composition analysis techniques to evaluate the security risks associated with application dependencies and dynamic analysis security testing (DAST) tools. Understanding of the challenges in developing and maintaining security scanning tools Experience managing multiple technical teams simultaneously Familiarity with containerization technologies and dependency management systems Knowledge of web application security testing techniques and tools Experience with open source security tooling (such as OWASP ZAP, Trivy, or similar) Experience in DevSecOps practices and implementation Experience in vulnerability management and remediation How GitLab Will Support You Benefits to support your health, finances, and well-being All remote, asynchronous work environment Flexible Paid Time Off Team Member Resource Groups Equity Compensation & Employee Stock Purchase Plan Growth and Development Fund Parental leave Home office support Please note that we welcome interest from candidates with varying levels of experience; many successful candidates do not meet every single requirement. Additionally, studies have shown that people from underrepresented groups are less likely to apply to a job unless they meet every single qualification. If you're excited about this role, please apply and allow our recruiters to assess your application. The base salary range for this role’s listed level is currently for residents of listed locations only. Grade level and salary ranges are determined through interviews and a review of education, experience, knowledge, skills, abilities of the applicant, equity with other team members, and alignment with market data. See more information on our benefits and equity. Sales roles are also eligible for incentive pay targeted at up to 100% of the offered base salary. California/Colorado/Hawaii/New Jersey/New York/Washington/DC/Illinois/Minnesota pay range $131,600—$282,000 USD Country Hiring Guidelines: GitLab hires new team members in countries around the world. All of our roles are remote, however some roles may carry specific location-based eligibility requirements. Our Talent Acquisition team can help answer any questions about location after starting the recruiting process. Privacy Policy: Please review our Recruitment Privacy Policy. Your privacy is important to us. GitLab is proud to be an equal opportunity workplace and is an affirmative action employer. GitLab’s policies and practices relating to recruitment, employment, career development and advancement, promotion, and retirement are based solely on merit, regardless of race, color, religion, ancestry, sex (including pregnancy, lactation, sexual orientation, gender identity, or gender expression), national origin, age, citizenship, marital status, mental or physical disability, genetic information (including family medical history), discharge status from the military, protected veteran status (which includes disabled veterans, recently separated veterans, active duty wartime or campaign badge veterans, and Armed Forces service medal veterans), or any other basis protected by law. GitLab will not tolerate discrimination or harassment based on any of these characteristics. See also GitLab’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know during the recruiting process. Show more Show less

HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024. HackerOne Values HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability. Product Security Analyst Location: Pune Position Summary HackerOne is seeking a dynamic individual with a passion for Information Security to join our Technical Services team. As a Security Analyst, you will gain hands-on technical experience and exposure to some of the world’s best hackers while delivering high-impact vulnerabilities to the top bug bounty programs in the industry. This role requires excellent communication skills, intellectual curiosity and drive to acquire the technical skills you’ll need to ensure every valid bug report is reproducible and provides value to HackerOne customers. What You Will Do Evaluate assigned vulnerability reports submitted by hackers to determine the validity, risk and severity to HackerOne customers Collaborate with hackers to address missing information from reports as well as educate the HackerOne community members when reports are invalid Compose a technical summary for each valid report that includes clear and concise details regarding the impact, steps to reproduce and remediation advice Ensure clear and efficient communication between hackers and customers Proactively identify and solve issues, as well as accept and quickly respond to delegated work; as we are distributed, being able to win as a team to solve problems is critical to our success Assess vulnerability findings and determine whether the submission is valid based on program policies, scope and impact. Independently reproduce reported vulnerabilities in a test environment and compose a technical summary for valid findings. Minimum Qualifications Proven experience with vulnerability disclosure and bug bounty (experience managing a bug bounty program is a plus but not required) Hands-on experience doing security testing or ethical hacking on web and mobile applications Strong technical knowledge of OWASP top 10 Comfortable using security testing tools including Burpsuite Excellent written and verbal communication skills Experience using frameworks such as CVSS Self-motivated and able to manage your time and energy output while maintaining a consistent and sustainable operational rhythm This role is based in our Pune office and you must be able to work 4-5 days a week in office. English fluency Compensation ₹2.5M – ₹2.8M Offers Equity # LI-MH1 Job Benefits: Health (medical, vision, dental), life, and disability insurance* Equity stock options Retirement plans Paid public holidays and unlimited PTO Paid maternity and parental leave Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act) Employee Assistance Program Flexible Work Stipend Eligibility may differ by country We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR). Visa/work permit sponsorship is not available. Employment at HackerOne is contingent on a background check. HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws. This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time. For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position. Show more Show less

We are looking for a (senior) Fullstack/Java Software Developer to join the team. You will analyze, design, document and implement features for the EARTech Team. You will also create technical documentation for the software modules and/or system and support the team by bringing added value in every aspect of the development cycle. This position offers a unique opportunity to transform the transport and logistics industry by spearheading a push for automation and mechatronic systems; allowing you to apply your cutting-edge knowledge and passion of technology to develop robust engineering solutions. As a (Senior) Fullstack/Java Developer, you will be part of a community of engineering practitioners across the company, where we develop the foundations of our future business towards terminal automation. Below is a list of responsibilities and required experience. Items marked with [SR] only apply for senior profiles, [SR/JR] applies to junior and senior profiles. Non-marked items are optional Project roles and responsibilities Capture and analyze the business and technical requirements [SR/JR] Implement the business requirements into a sound technical solution [SR/JR] Maintain and evolve the software architecture [SR] Produce secure and clean code that is stable, operational, consistent, well-performing, and maintainable for a mission critical system [SR/JR] Ensure code quality: define and participate to technical architecture and code review processes [SR] Prepare software developments & deployments: estimation, integration, surface and automated testing,code reviews... [SR/JR] Testing and bug fixing [SR/JR] Collaborate with the customer and teams in other locations on a daily basis[SR/JR] Work closely with senior engineers, PMs, BAs and business users (clients) in order to find best possible technical solution for the project [SR/JR] Taking full responsibility of the delegated tasks. [SR/JR] Contribute to the technical implementation of quotations[SR/JR] Thisrole reportsto the Development team lead [SR/JR] Documentation Perform modifications to source code, documentation and test suite [SR/JR] Analyze modifications required to source code, documentation and test suite, and define test scope, to implement problem fixes and changes [SR/JR] Perform and document tests in line with testscope defined before [SR/JR] Execute tasks in accordance with governing quality, safety and security management procedures [SR/JR] You have a proven experience as Java developer [SR/JR] You hold a Bachelor or Master Degree [SR/JR] You have a good understanding of GIT and continuous integration tools and you have experience with MSSQL or Oracle or DB2 LUW [SR/JR] Strong knowledge with back-end technology (API, Java, IMDG (Hazelcast), message oriented middleware (ActiveMQ)) [SR] Strong knowledge of Typescript, Angular and Node.js, Python, Jenkins, Docker is appreciated. [SR] Understanding of API design (REST, RPC) is also an added value such as interest in LEX, YACC, and/or AWK. [SR] Familiar with Agile / Scrum [SR/JR] Strong knowledge of React, Typescript, Node.js, Azure, Docker, Kubernetes is appreciated. Knowledge in Gradle and/or Linux are a plus. Knowledge in Software quality checker tools (e.g. SonarQube, OWASP dependency-check) is a plus as well. Your profile Analytical mind, well organized and result driven Self-motivated, innovation minded and proactive Very meticulous and precise, focused on quality and detail oriented Comfortable in an agile context Working knowledge of distributed application development Great communication skills, sharing and exchange information within the team Organizational and presentation skills Interpersonal and teamwork skills Goals and deliverables . Expected skills Computer science Skill level Azure DevOps Expert Rest/SOAP Expert Java Expert Spring boot Expert active MQ Expert Angular/React JS Expert Agile context and principles Expert SQL Expert Location Project location B-9, ITPL Main Rd, Brigade Metropolis, Garudachar Palya, Mahadevapura, Bengaluru, Karnataka 560048, India Possible travel Bengaluru, Karnataka, India 1 wfh Execution modality Occasional remote Job Type: Full-time Pay: ₹2,500,000.00 - ₹3,600,000.00 per year Benefits: Health insurance Provident Fund Location Type: In-person Schedule: Monday to Friday Work Location: In person Speak with the employer +91 7695888255 Expected Start Date: 01/07/2025

Role: Linux Administrator Experience: 6+ Years Location: Chennai Mandatory: Linux, Unix, GCP, AWS JD: Experience: o 8+ years of experience in cloud security, with a focus on enterprise product software in the cloud. o At least 3+ years of hands-on experience with major cloud platforms (AWS, Microsoft Azure, or Google Cloud Platform). o Proven experience with securing enterprise software applications and cloud infrastructures. o Strong background in securing complex, large-scale software environments with a focus on infrastructure security, data security, and application security. o Hands-on experience with the OWASP Top 10 and integrating security measures into cloud applications. o Experience with Hybrid Cloud environments and securing workloads that span on-premises and public cloud platforms. Technical Skills: o In-depth experience with cloud service models (IaaS, PaaS, SaaS) and cloud security tools (e.g., AWS Security Hub, Azure Security Center, GCP Security Command Center). o Expertise in securing enterprise applications, including web services, APIs, and microservices deployed in the cloud. o Strong experience with network security, encryption techniques, IAM policies, security automation, and vulnerability management in cloud environments. o Familiarity with container security (Docker, Kubernetes) and serverless computing security. o Hands-on experience with Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or similar tools. o Knowledge of regulatory compliance requirements such as SOC 2, GDPR, HIPAA, and how they apply to enterprise software hosted in the cloud. Show more Show less

Position: DevOps Engineer Experience: 8+ years Location: Hyderabad/Ahmedabad Job Overview Dynamic, motivated individuals deliver exceptional solutions for the production resiliency of the systems. The role incorporates aspects of software engineering and operations, DevOps skills to come up with efficient ways of managing and operating applications. The role will require a high level of responsibility and accountability to deliver technical solutions. Summary: As a DevOps Engineer, you will support infrastructure provisioning, automation, and continuous deployment pipelines to streamline and scale our development lifecycle. You’ll work closely with engineering teams to maintain a stable, high-performance CI/CD ecosystem and cloud infrastructure on GCP. Experience Required: 4-6 years of hands-on DevOps experience with cloud and containerized deployments. Mandatory: • OS: Linux • Cloud: GCP (VPC, Compute Engine, GKE, GCS, IAM) • CI/CD: Jenkins, GitHub Actions, Bitbucket Pipelines • Containers: Docker, Kubernetes • IaC: Terraform, Helm • Monitoring: Prometheus, Grafana • Version Control: Git • Trivy, Vault, Owasp Nice to Have: • ELK Stack, Trivy, JFrog, Vault • Basic scripting in Python or Bash • Jira, Confluence Scope: • Implement and support CI/CD pipelines • Maintain development, staging, and production environments • Optimize resource utilization and infrastructure costs Roles and Responsibilities: • Assist in developing and maintaining CI/CD pipelines across various environments (dev, staging, prod) using Jenkins, GitHub Actions, or Bitbucket Pipelines. • Collaborate with software developers to ensure proper configuration of build jobs, automated testing, and deployment scripts. • Write and maintain scripts for infrastructure provisioning and automation using Terraform and Helm. • Manage and troubleshoot containerized applications using Docker and Kubernetes on GCP. • Monitor system health and performance using Prometheus and Grafana; raise alerts and participate in issue triage. • Maintain secrets and configurations using Vault and KMS solutions under supervision. • Participate in post-deployment verifications and rollout validation. • Document configuration changes, CI/CD processes, and environment details in Confluence. • Maintain Jira tickets related to DevOps issues and track resolutions effectively. • Provide support in incident handling under guidance from senior team members. Show more Show less

🛡️ Cyber Security Analyst Intern 📍 Location: Remote (100% Virtual) 📅 Duration: 3 Months 💸 Stipend for Top Interns: ₹15,000 🎁 Perks: Certificate | Letter of Recommendation | Full-Time Offer (Performance-Based) About INLIGHN TECH INLIGHN TECH is a rapidly growing edtech startup focused on practical, real-world learning. Our Cyber Security Analyst Internship is built to provide aspiring professionals with the tools, knowledge, and experience needed to understand, detect, and respond to cyber threats. 🚀 Internship Overview As a Cyber Security Analyst Intern , you will gain hands-on experience in monitoring systems, identifying vulnerabilities, analyzing threats, and implementing basic security measures. You will work on real-time use cases and contribute to strengthening the organization’s cyber defense posture. 🔧 Key Responsibilities Monitor and analyze system logs and network traffic for suspicious activities Conduct vulnerability assessments and assist in penetration testing Use tools like Wireshark, Nmap, Nessus, Burp Suite, or Splunk Assist in implementing security policies, firewalls, and access controls Respond to simulated incident scenarios and create incident reports Stay updated with the latest cyber threats, malware trends, and attack vectors Document findings, recommendations, and best practices ✅ Qualifications Pursuing or recently completed a degree in Cybersecurity, Computer Science, IT , or related fields Familiarity with network protocols , Linux/Windows systems , and security tools Understanding of concepts like firewalls, encryption, OWASP Top 10, and vulnerability scanning Strong analytical thinking and problem-solving abilities Basic knowledge of scripting or automation tools (e.g., Bash, Python) is a plus Eagerness to learn, research, and grow in the cybersecurity domain 🎓 What You’ll Gain Real-world exposure to cyber threat analysis and defensive strategies Hands-on practice with popular security tools and platforms Internship Certificate upon successful completion Letter of Recommendation for outstanding performance Opportunity for a Full-Time Offer based on performance Experience to help prepare for certifications like CEH, CompTIA Security+, or OSCP Show more Show less

TCS has been a great pioneer in feeding the fire of Young Techies like you. We are a global leader in the technology arena and there's nothing that can stop us from growing together. TCS Hiring for Web Application Firewall Role**: WAF Admin/ Engineer Desired Experience Range: 4+ years Joining Location: PAN India We are currently planning to do a Walk-In Interview on 21st June 2025 at TCS Chennai Drive Date: 21st June 2025 (Saturday) Venue : TCS Siruseri ATL Building- 1/G1, SIPCOT IT Park Navalur, Siruseri, Tamil Nadu 603103 Job Description Responsible for the design, planning, implementation, and operation of setups and management. Onboarding/Offboarding web applications Troubleshooting of operation issues reported by application teams. Firmware upgradation (stable versions) Closing of audit points/vulnerabilities by coordinating with internal and external teams Configuring virtual servers, nodes, pools and certificates Creation of security policies for web applications Fine-tuning of existing security policies in order to strengthen application security. Whitelisting attributes like URL parameters, file types based on the applications requirement. Event logs monitoring Configuration backups Hardening Policies OWASP top 10 compliance ACL configuration for Websites, Applications Event & Log monitoring Maintain Config backup. Knowledge on DNS technology for A record and CName Generating Daily & Weekly & Monthly reports on Application hosted on WAF. ITIL & ITSM Knowledge IPS/IDS signature creation/modification as per requirement of Application Show more Show less

TCS has been a great pioneer in feeding the fire of Young Techies like you. We are a global leader in the technology arena and there's nothing that can stop us from growing together. TCS Hiring for Web Application Firewall Role**: WAF Admin/ Engineer Desired Experience Range: 4+ years Joining Location: PAN India We are currently planning to do a Walk-In Interview on 21st June 2025 at TCS Hyderabad Drive Date: 21st June 2025 (Saturday) Venue : TCS Synergy Park Phase1 ,Premises No 2-56/1/36, Gachibowli, Opposite IIIT Hyderabad Campus, Seri Lingampally, RR District, Hyderabad, Telangana 500019 Job Description Responsible for the design, planning, implementation, and operation of setups and management. Onboarding/Offboarding web applications Troubleshooting of operation issues reported by application teams. Firmware upgradation (stable versions) Closing of audit points/vulnerabilities by coordinating with internal and external teams Configuring virtual servers, nodes, pools and certificates Creation of security policies for web applications Fine-tuning of existing security policies in order to strengthen application security. Whitelisting attributes like URL parameters, file types based on the applications requirement. Event logs monitoring Configuration backups Hardening Policies OWASP top 10 compliance ACL configuration for Websites, Applications Event & Log monitoring Maintain Config backup. Knowledge on DNS technology for A record and CName Generating Daily & Weekly & Monthly reports on Application hosted on WAF. ITIL & ITSM Knowledge IPS/IDS signature creation/modification as per requirement of Application Show more Show less

Bangalore,Karnataka,India Job ID 767284 Join our Team About this opportunity: We are seeking a highly motivated and detail-oriented Experienced Cloud Engineer to join our dynamic software DevOps team. You should be a curious professional, eager to grow, and an excellent team player! As a Cloud Engineer, you will work closely with our r-Apps DevOps team to gain exposure to cloud native infrastructure, automation, and optimization tasks. You will support the implementation and maintenance of CI-CDD, Deployments, helm, Security aspects of cloud native applications/environments, assist with troubleshooting and contribute to the SaaS/AaaS based Microservice solutions development team. What you will do: AWS Cloud: Experience with AWS Cloud pipelines and AWS CloudFormation (IaC). Kubernetes & Helm: Kubernetes administration & Cloud native application packaging/management using Helm charts. CI-CDD: Design and implement CI-CDD using Jenkins & spinnaker Automation & Scripting: Develop and maintain scripts to automate routine tasks using technologies such as Ansible, Python, and Shell scripting. Monitoring & Optimization: Monitor microservice resources for performance, availability. Assist in optimizing environments to enhance performance. Troubleshooting: Troubleshoot and resolve issues within AaaS applications, focusing on resource failures, performance degradation, and connectivity disruptions. Documentation: Assist in documenting DevOps infrastructure setups, processes, and workflows, and help maintain knowledge base articles. Learning & Development: Continuously expand your knowledge of cloud technologies and cloud architecture, stay updated on the latest trends in cloud computing. You will bring: Bachelor/ master’s degree in computer science, Software Engineering, or related field Experience of cloud platforms like AWS. Proficiency in containerization and orchestration using Docker and Kubernetes. Proficient in using Helm for managing Kubernetes applications, including creating and deploying Helm charts. Experience in CICD tools like Jenkins, Spinnaker, Gitlab. Experience with monitoring tools such as Prometheus, Grafana. Implement and manage security tools for CI/CD pipelines, cloud environments, and containerized applications. Experience of scripting and automation (e.g., Python, Bash, Ansible). Strong problem-solving skills and the ability to troubleshoot cloud native infrastructure. Good communication skills and the ability to work effectively in a team environment. Eagerness to learn new technologies and contribute to cloud native applications. Understanding of the software development lifecycle (SDLC) and agile methodologies Preferred qualifications: Certifications / Hands-on experience with AWS. Exposure to AI services for DevOps. Predictive analysis on Monitoring of AaaS applications. Design and enforce security best practices across the entire DevOps lifecycle. Familiarity with industry security standards and frameworks (e.g., CIS, NIST, OWASP). Why join Ericsson? At Ericsson, you´ll have an outstanding opportunity. The chance to use your skills and imagination to push the boundaries of what´s possible. To build solutions never seen before to some of the world’s toughest problems. You´ll be challenged, but you won’t be alone. You´ll be joining a team of diverse innovators, all driven to go beyond the status quo to craft what comes next. What happens once you apply?

Bangalore, India or Chennai, India The Opportunity Anthology delivers education and technology solutions so that students can reach their full potential and learning institutions thrive. Our mission is to empower educators and institutions with meaningful innovation that’s simple and intelligent, inspiring student success and institutional growth. The Power of Together is built on having a diverse and inclusive workforce. We are committed to making diversity, inclusion, and belonging a foundational part of our hiring practices and who we are as a company. For more information about Anthology and our career opportunities, please visit www.anthology.com. Anthology's Security Program is dedicated to the engineering and operation of cutting-edge technologies that monitor and strengthen the confidentiality, integrity, and availability of all our information systems and products. We are building a high-performing team that fosters frictionless collaboration with partners across the organization, driven by transparency, trust, and teamwork. Our goal is to elevate Anthology’s security posture through strong partnerships and proactive engagement. As the Director of Application Security, you will report directly to the Chief Information Security Officer (CISO) and will be responsible for leading, coaching, and mentoring a dynamic team of security professionals. You will oversee the processes and technologies that empower our global development teams to meet Anthology's stringent security standards, ensuring alignment with our clients' objectives. Your leadership will be pivotal in driving a culture of collaboration and security across the organization. You will build and nurture relationships with key leaders and stakeholders within our product and technology teams, advising them on security control requirements, posture, and best practices. You will take ownership of driving a shift-left mindset, ensuring that security is embedded early in the development lifecycle. The ideal candidate will be a proven leader with a track record in program management, a strong understanding of application security, and a deep expertise in integrating security practices and tools into product development processes. Your ability to inspire, guide, and elevate your team, while ensuring seamless collaboration with cross-functional teams, will be critical to the success of our security strategy. The Candidate Required skills/qualifications: Strong leadership skills, including experience with project/program management, performance management, initiating and driving high-value process change and continuous improvement, and developing/mentoring teams Minimum of 7 years of prior relevant experience, with at least 2 years’ experience as a manager or director Experience operating security testing automation and continuous improvement processes with automated testing tools as integrated components of the SDLC to improve software quality across multiple information systems Working knowledge of common application security vulnerabilities, including those cataloged in the OWASP Top 10, SANS CWE Top 25, and implementing processes to prevent, detect, mitigate and remediate vulnerabilities as an ongoingprogram Ability to communicate security posture, risk, and mitigation strategies to technical and non-technical audiences, and act as an evangelist of security objectives to influence decision making at senior management levels in support of business risk management processes and complianceobjectives Experience in software engineering and/or product architecture roles, with a working knowledge of application securityarchitectures Experience managing improvement projects and communicating project riskseffectively Demonstrated ability to communicate and collaborate effectively with stakeholders at multiple levels across the organization Fluency in written and spoken English Minimum of bachelors’ degree in Computer Science or a related field Preferred Skills/qualifications Experience integrating and scaling security testing automation and continuous improvement cycles into the software development process, creating a collaborative and efficient culture across development, security and operations teams Experience managing a security program in a global organization Experience managing technology vendor relationships as an extension of the team and execution of planned projects on schedule and onbudget Familiarity with compliance standards and control catalogs such as ISO 27000 series, NIST 800-53, PCI DSS This job description is not designed to contain a comprehensive listing of activities, duties, or responsibilities that are required. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities at any time. Anthology is an equal employment opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation, gender identity/expression, protected military/veteran status, or any other legally protected factor. Show more Show less

Job Reference # 321188BR Job Type Full Time Your role Do you know how to make sure things run smoothly? Are you highly motivated and like to work in an ever changing environment? Are you interested in looking after and driving forward the systems that help protect UBS's applications from increasing cyber security threats? The Application Security product manager will be responsible for managing the development and on-going operational effectiveness of controls within the Application Security service. You will be working with various stakeholders to ensure that the tools and processes are fit for purpose and meeting expectations of the bank's application security framework. Your team You’ll be working in the Cyber Hygiene – Application Security team alongside other Service and Product Managers who cover other testing domains. This job will require you to work closely with senior Service Line managers, Risk Managers, IT Development and support teams as you ensure end to end operation of the Application Security product portfolio. Your expertise at least 10 years' experience in Technology, with 7 years+ in IT/Information Security experience with development of use-cases for SIEM platforms extensive experience and technical understanding of application security controls and remediation strategies experience with Secure Development and Testing processes and detection tools and products, e.g. Fortify, Nexus IQ, etc knowledge of secure coding concepts, OWASP and current and emerging threats experience working in heavily regulated environments, preferably in the finance sector excellent analytical, problem-solving and technical skills strong written and verbal communication skills About Us UBS is the world’s largest and the only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors. We have a presence in all major financial centers in more than 50 countries. How We Hire We may request you to complete one or more assessments during the application process. Learn more Join us At UBS, we know that it's our people, with their diverse skills, experiences and backgrounds, who drive our ongoing success. We’re dedicated to our craft and passionate about putting our people first, with new challenges, a supportive team, opportunities to grow and flexible working options when possible. Our inclusive culture brings out the best in our employees, wherever they are on their career journey. We also recognize that great work is never done alone. That’s why collaboration is at the heart of everything we do. Because together, we’re more than ourselves. We’re committed to disability inclusion and if you need reasonable accommodation/adjustments throughout our recruitment process, you can always contact us. Disclaimer / Policy Statements UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce. Show more Show less

Job Title: Associate Director / Director – VAPT Location: Mumbai Experience: 10+ years Work Mode: Onsite (Mumbai) Certification: OSCP preferred; other relevant certifications (e.g., OSCE, CISSP, CISM, GPEN) are an added advantage Role Overview: We are seeking an experienced cybersecurity leader to join our team as an Associate Director / Director – VAPT in Mumbai . The role demands a seasoned professional with deep expertise in Vulnerability Assessment and Penetration Testing across web, mobile, network, infrastructure, cloud, and source code environments. The ideal candidate will bring strong technical capabilities along with proven leadership in managing high-performing teams and driving large-scale security engagements for enterprise clients. Key Responsibilities: Leadership & Strategic Oversight: Lead the VAPT practice for the region, ensuring alignment with organizational goals and client expectations. Define and evolve methodologies, standards, and best practices for VAPT engagements. Collaborate with senior leadership and clients (CIOs, CISOs, Risk Heads) on cybersecurity strategy, roadmap, and execution. Lead business development , proposal creation, RFP responses, and pre-sales activities. Delivery & Engagement Management: Oversee multiple VAPT projects spanning web, mobile, infrastructure, cloud, IoT, and source code . Ensure high-quality delivery of technical assessments, risk reporting, and mitigation recommendations . Monitor project performance, client satisfaction, and profitability. Act as a technical escalation point for complex and critical vulnerabilities. Team Development & Mentorship: Build, mentor, and retain a team of high-caliber security professionals. Conduct knowledge-sharing sessions, lead training initiatives, and promote internal capability building. Encourage a culture of continuous learning, innovation, and ethical hacking . Desired Skills & Experience: 12+ years of overall cybersecurity experience with a strong focus on VAPT and Red Team assessments . Proven expertise in conducting and managing manual and advanced penetration testing of applications, networks, and cloud environments. Familiarity with tools like Burp Suite, Metasploit, Nmap, Nessus, Qualys, AppScan, Fortify, Wireshark , etc. Solid understanding of security frameworks and standards : OWASP, NIST, MITRE ATT&CK, ISO 27001, PCI-DSS, RBI guidelines. Strong knowledge of secure coding practices and experience in reviewing source code in multiple languages. Exposure to cloud platforms (AWS, Azure, GCP) and DevSecOps is preferred. Excellent communication, stakeholder management, and team leadership skills. OSCP certification is preferred ; additional credentials such as OSCE, CISSP, CISM, GPEN are a plus. Show more Show less

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role At Kyndryl, our Security Consultants are game-changers, constantly pushing the boundaries of what's possible and transforming the way our customers do business. We're looking for a talented individual who thrives in a dynamic environment and is ready to take on the challenge of protecting organizations from threats both known and unknown – being the defender of tomorrow’s digital world. As a Security Consultant, you'll be the guardian of confidentiality, integrity, and availability, ensuring organizations are shielded from the ever-evolving threat landscape. Your expertise will be sought after as you assess, analyze, and implement effective security measures in customer environments, leaving no stone unturned when it comes to safeguarding their most sensitive data. Collaboration will be your forte, as you work closely with clients to understand their unique security requirements and assess their current security posture. Armed with this knowledge, you'll provide expert guidance and recommendations on the best security practices, risk management strategies, and robust security policies that will fortify their defenses. You won't stop at providing advice; you'll roll up your sleeves and get hands-on. Designing and implementing security controls, policies, and procedures will be your playground. You'll work alongside cross-functional teams to deploy state-of-the-art technologies, including firewalls, intrusion detection/prevention systems, access controls, and encryption technologies, ensuring a comprehensive security framework. The thrill of uncovering vulnerabilities and risks is what motivates you. Armed with your extensive knowledge, you'll conduct thorough security assessments, leaving no stone unturned in identifying potential security breaches. Your findings will serve as the foundation for meticulous security audits and reviews, ensuring adherence to policies and procedures. Your reports and findings will be the catalyst for management decisions and actions. In the fast-paced world of cybersecurity, staying ahead of the game is crucial. That's why you'll continuously immerse yourself in the latest security threats, technologies, and best practices. Your recommendations will drive enhancements to the organization's security posture, ensuring it remains at the cutting edge of defense. Your influence won't be limited to systems alone. You'll lend your expertise to the design and review of IT infrastructure, systems, and applications, ensuring they are secure by design from inception. Not only will you make an impact within our organization, but you'll also collaborate with customers and vendors on security assessments, audits, and due diligence activities. Your knowledge and experience will be instrumental in shaping secure collaborations and partnerships. Our consultants are restless for innovation. They are at the edge of technology, changing the way our customers implement business solutions – so, if you’re a problem-solver, an innovative thinker, and a self-starter with a passion high impact assignments which align technology to business outcomes, then we want to hear from you! Apply today to join our team that has a host of exciting projects and customers waiting for you to work with them to solve complex transformation puzzles through technology. Your Future at Kyndryl As a Security Consultant at Kyndryl you will join the Kyndryl Consultant Profession, working with other Kyndryl Consultants, Architects, Project Managers, and cross-functional Technical Subject Matter Experts – presenting unlimited opportunities with unmatched support through our investment in your learning, training, and career growth Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Skills and Experience Any Professional level active certification from OEM (F5, Citrix, ) . Hands on experience Citrix Netscalar and F5 Devices Experience on F5 Products (LB and WAF) Good Knowledge and Hands on Static and Dynamic Routing protocol : ( BGP, EIGRP, OSPF)and fail over concepts. Knowledge and hands on on LTM/GTM, GSLB, HA, Cloud XC concepts Experience on ASM will be preferred. Knowledge of SSL offloading and understanding of OWASP waf. Work from client location in Airoli, Navi Mumbai. 24*7 shift operations Implementing change request w.r.t LB and WAF technology 11.configure and troubleshoot Load balancer and WAF devices 12.Troubleshooting severity issues 13. Attending client meeting of change discussions. 14.Support in providing RCA. 15.Understanding vulnerability assessment and security hardening process. 16.Minimum 6-8years of experience 17.Attend and able to participate in architecture discussion 18.Implement and troubleshoot network and security protocols 19.Understanding of ITIL concepts. 20.Experience in ticket handling through service now. 21.The Operations Engineer will offer Level 2 and Level 3 Support that includes operation and change management. 22.Understanding and daily use of Microsoft Office 365 Suite and other productivity tools (e.g., Excel, Word, PowerPoint, SharePoint) to accomplish audit and compliance related tasks 23. Must have attained a technical Graduate Degree Like B.E Preferred Skills and Experience Strong verbal and written communications skills are a must Ability to work effectively across internal and external organizations Strong technology background is required Aptitude to acquire new technology and concepts quickly Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

About BNP Paribas India Solutions Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions. About BNP Paribas Group BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Commitment to Diversity and Inclusion At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind, and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, color, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. About Business Line/Function ITG is a group function established recently in ISPL since 2019 with presence in Mumbai, Chennai. We collaborate with various business lines of the group to provide IT Services. Job Title Developer Date 07/05/2025 Department ITG - IT Transversal & Functions::iCHROM Location: Thane Business Line / Function iCHROM:Compliance IT Reports To (Direct) ISPL – ITG CPL IT - Manager Grade (if applicable) Number Of Direct Reports NA Directorship / Registration NA Position Purpose In the context of development of applications for the Compliance domain of BNPP, the developer will be part of a team of developers, align with the local team lead, take ownership, and deliver quality for all the user stories worked upon. We are looking for a highly skilled backend developer with strong experience in Java 8+, Spring Boot and Microservices. Candidate should be comfortable designing and developing scalable backend solutions with NoSQL databases like MongoDB. Responsibilities Direct Responsibilities Design and develop backend services using Java 8+, Spring boot & JUnit. Build and maintain robust RESTful APIs. Integrate with MongoDB and ensure performance and security. Ensure coding standards are followed Ensure collaboration, good rapport & teamwork with ISPL and Paris team members Contributing Responsibilities Take ownership and commit towards quality deliverables within estimated timelines, avoiding global schedule shift Participate in code reviews and documentation process. Contribute to continuous improvement in development practices processes and code quality. Participation in projects meetings: fine-tuning, daily, retrospective. Collaboration with the team members: the ability to collect, analyze, synthesize and present information in a clear, concise and precise way Technical & Behavioral Competencies Expert in Java 8+ and Spring Boot RESTful API and Microservices architecture. Hands-on experience with MongoDB Apache Kafka for messaging Junit and Spring boot testing frameworks and code quality tools like Sonar API Gateways like APIGEE and authentication strategies Clean coding practices. Maven and swagger tools. Good to have Familiar with payment systems or related compliance driven systems Knowledge of Docker and Kubernetes and CI/CD pipelines using GitLab Angular2+, Typescript Including knowledge on PrimeNG and/or Material UI Experience in Integrated AI tool and knowledge on efficient prompting Knowledge of Web security principles (OWASP, Auth double factor, encryption, etc.) Knowledge of hexagonal architecture, event-oriented architecture and DDD Specific Qualifications (if Required) Experience in Linux, DevOps, IntelliJ, Gitlab (Pipeline CI/CD), Cloud Object Storage, Kafka Skills Referential Behavioural Skills: (Please select up to 4 skills) Ability to collaborate / Teamwork Attention to detail / rigor Communication skills - oral & written Ability to deliver / Results driven Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to develop and adapt a process Choose an item. Choose an item. Choose an item. Education Level Bachelor Degree or equivalent Experience Level At least 3 years Show more Show less

Job Title: Consultant / Senior Consultant – VAPT Location: Gurgaon Experience: 2+ years Work Mode: Onsite (Gurgaon) Certification: OSCP – Mandatory Notice Period: Immediate joiners preferred Role Overview: We are looking for highly motivated and technically skilled Consultants / Senior Consultants with a passion for offensive security to join our Vulnerability Assessment and Penetration Testing (VAPT) team in Gurgaon . The ideal candidate will possess strong hands-on experience in application and infrastructure security testing, with the ability to identify and exploit vulnerabilities using both manual and automated techniques. Key Responsibilities: Perform manual and automated penetration testing of web applications, mobile apps, infrastructure, network, and cloud environments . Identify vulnerabilities, simulate real-world attacks, and provide actionable remediation steps. Conduct source code reviews to identify security flaws in programming logic. Create and deliver detailed technical reports and executive summaries . Stay up to date with the latest vulnerabilities, attack vectors, and security trends. Adhere to industry standards and frameworks such as OWASP, NIST, ISO 27001, PCI-DSS, and RBI cybersecurity guidelines . Collaborate with internal stakeholders and clients to explain findings and support remediation. Required Skills & Qualifications: Minimum 2 years of relevant experience in VAPT / offensive security . Strong command of manual testing techniques beyond tool-based assessments. Hands-on experience with tools like Burp Suite, Nmap, Metasploit, Nessus, Wireshark, AppScan, Fortify , etc. Experience in web, mobile, infrastructure, and source code assessments . Solid understanding of network protocols, operating systems (Linux/Windows), firewalls, proxies, and security controls . Mandatory: Valid OSCP certification . Proficiency in one or more scripting languages (e.g., Python, Bash) is an advantage. Excellent analytical, documentation, and communication skills. Show more Show less

Introduction A career in IBM Software means you’ll be part of a team that transforms our customer’s challenges into solutions. Seeking new possibilities and always staying curious, we are a team dedicated to creating the world’s leading AI-powered, cloud-native software solutions for our customers. Our renowned legacy creates endless global opportunities for our IBMers, so the door is always open for those who want to grow their career. IBM’s product and technology landscape includes Research, Software, and Infrastructure. Entering this domain positions you at the heart of IBM, where growth and innovation thrives. Your Role And Responsibilities Lead the design, development, and deployment of scalable, secure backend systems using Java, J2EE, and GoLang. Architect and implement robust RESTful APIs and microservices aligned with enterprise cloud-native standards. Collaborate closely with DevOps, QA, and frontend teams to deliver end-to-end product functionality. Set coding standards, influence architectural direction, and drive adoption of best practices across backend systems. Own performance tuning, monitoring, and high availability for backend services using tools like Prometheus, ELK, and Grafana. Implement security, compliance, and privacy by design principles in backend systems. Lead incident response and resolution of complex production issues across multi-cloud environments (e.g., AWS, Azure, OCP). Mentor and guide junior developers and contribute to team-wide knowledge sharing and skill development. Actively participate in Agile ceremonies and contribute to continuous delivery and process improvement. Preferred Education Bachelor's Degree Required Technical And Professional Expertise 11+ years of backend software development experience focused on scalable, secure, cloud-native enterprise systems. Deep expertise in Java, J2EE, and GoLang for building distributed backend systems. Advanced experience in architecting and implementing RESTful APIs, service meshes, and inter-service communication. Expert in Postgres or equivalent RDBMS — data modeling, indexing, and performance optimization at scale. Proven track record with microservices architecture, including Docker, Kubernetes, and service deployment patterns. Expert-level familiarity with backend-focused CI/CD tooling (Jenkins, GitLab CI/CD, ArgoCD) and IaC tools (Terraform, CloudFormation). Strong knowledge of monitoring/logging tools such as Prometheus, Grafana, ELK, and Splunk, focusing on backend telemetry and observability. Experience deploying applications on cloud platforms: AWS (EKS, ECS, Lambda, CloudFormation), Azure, or GCP. Familiarity with DevSecOps, secure coding practices, and compliance-aware architecture for regulated environments. Proficient in integration, load, and unit testing using JMeter, RestAssured, JUnit, etc. Leadership in backend architecture, performance tuning, platform modernization, and mentoring of technical teams. Effective cross-functional collaboration skills in multi-team, multi-region environments. Preferred Technical And Professional Experience Deep understanding of backend architecture patterns including microservices, event-driven architecture, and domain-driven design. Experience implementing security and privacy by design principles in cloud-native backend systems. Hands-on expertise with cryptographic protocols and standards such as TLS, FIPS, and experience integrating with Java security frameworks (e.g., JCE, Spring Security). Strong grasp of secure coding practices, with experience identifying and mitigating OWASP Top 10 vulnerabilities. Exposure to designing and developing shared platform services or backend frameworks reused across products or tenants (e.g., in multi-tenant SaaS environments). Familiarity with API security patterns, including OAuth2, JWT, API gateways (e.g., Kong, Apigee). Prior experience working on compliance-oriented systems (e.g., SOC2, HIPAA, FedRAMP) or architecting for high-assurance environments. Proficiency with Shell scripting, Python, or Node.js for infrastructure automation or backend utilities. Show more Show less

About the Role: We’re looking for a sharp and driven Cybersecurity Specialist with hands-on expertise in Network Vulnerability Assessment and Penetration Testing (VAPT). You’ll be responsible for performing regular assessments on internal infrastructure as well as leading and executing client-facing engagements. The ideal candidate thrives in a fast-paced environment, understands modern threat landscapes, and can translate technical findings into clear, actionable reports. Key Responsibilities: Perform network VAPT on internal systems (on-prem/cloud) and client environments using both manual and automated tools. Identify, exploit, and document vulnerabilities across network layers, firewalls, routers, switches, VPNs, and wireless networks. Develop threat models, simulate attack vectors, and validate the effectiveness of existing controls. Deliver clear, risk-ranked reports with actionable mitigation plans. Assist clients with remediation and security hardening recommendations. Stay up to date with the latest vulnerabilities, exploits, and industry best practices (CVE, OWASP, MITRE ATT&CK, etc.). Participate in red-teaming activities and tabletop exercises as needed. Contribute to internal security policy improvement and compliance initiatives (ISO 27001, HIPAA, etc.). Required Skills: 3–6 years in cybersecurity with direct VAPT experience (especially in networks). Strong understanding of network protocols, infrastructure, and common attack vectors. Proficiency with tools like Nmap, Nessus, Burp Suite, Metasploit, Wireshark, Nikto, OpenVAS, etc. Solid command over Linux, Windows, and cloud environments (AWS/Azure/GCP). Ability to craft detailed technical documentation and executive summaries. Excellent communication skills for both technical and non-technical audiences. Certifications preferred: OSCP, CEH, CompTIA Pentest+, or equivalent. Bonus Points Experience with web app and API security testing. Exposure to SIEM tools, threat hunting, or EDR platforms. Familiarity with scripting (Python, Bash, PowerShell) for automation and custom tool development. Prior consulting or client-facing experience. Qualifications: Education: Bachelor's Degree in IT Specialization Experience: Previous cybersecurity experience of 3 years or more. Why Join Us: Opportunity to work with a dynamic team of professionals and achieve growth and expertise in your chosen field. Competitive salary, bonuses, and comprehensive benefits package. Ready to take your design and development game to the next level? Join us! Note: Interested candidates must be able to share their portfolio of existing work along with their updated resume and references of previous employment. Show more Show less

Our Purpose Mastercard powers economies and empowers people in 200+ countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential. Title And Summary Software Engineer II (Java Full Stack Developer) Overview About Ethoca Ethoca, a Mastercard company, is a global collaboration-based technology services provider that connects card issuers and merchants to combat fraud, enhance customer experience, and prevent disputes. To support our continued growth and success, we are seeking a talented Full Stack Developer to join the Ethoca team. In this role you will be part of a highly agile team building exciting and innovative products delivered at scale to global markets. Role As a Full Stack Developer, you will collaborate with a cross-functional development team to build new capabilities or enhance Ethoca’s product suite. The ideal candidate should be able to span both front-end and back-end development. Given the diverse set of tools and services used across the business, the candidate will be exposed to various technologies and should possess a willingness to learn and adapt. You are passionate about design and technology and committed to doing things properly to avoid tech debt. Develop and maintain a microservices architecture primarily using the Java stack in Microsoft Azure. Assume responsibility for the technical design and implementation of new features. Collaborate across both backend and frontend, overseeing the complete development process of features from inception to deployment. Develop and integrate back-office systems from PowerBI, Snowflake to Salesforce Collaborate closely with Senior Engineers, Product Managers, and customers to help develop solutions. Assist in aligning technical designs and deliveries with business needs, infrastructure capabilities, and security & compliance requirements. Engage in code reviews. Knowledgeable in secure coding standards (OWASP, CWE, SEI CERT) and vulnerability management. All About You Bachelor's degree in Information Systems, Information Technology, Computer Science, Engineering or equivalent work experience. Hands-on experience with Java JDK 8 or higher. Familiarity with Spring and Springboot frameworks. Solid understanding of microservices architecture, domain driven d Familiarity with a UI framework such as Angular, React, or Next.js. Hands-on experience with databases: Relational and NoSQL Proficiency in Junit or similar automated unit testing frameworks. Understanding of CI/CD principles and tools like Jenkins, Gradle, Maven. Experience with Source Control Management and collaborating in a multi-developer environment. Strong written and verbal communication skills Familiarity with or interest in mobile application development would also be beneficial. Exhibits initiative, curiosity, and demonstrates a readiness to embrace challenging opportunities. Focused on design patterns, code quality and coding best practices. Corporate Security Responsibility All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must: Abide by Mastercard’s security policies and practices; Ensure the confidentiality and integrity of the information being accessed; Report any suspected information security violation or breach, and Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines. R-247142 Show more Show less

Job Description Who We Are Sureifys mission is to modernize the life insurance and annuity industry by helping carriers acquire, service, and engage their customers through any distribution channel. Sureifys products empower life insurance carriers, agents, employees, and customers to have the digital experiences that employees and consumers have come to expect in the rapidly advancing tech climate. Your Role as a Valued Team Member We are seeking a detail-oriented and proactive Vulnerability Remediation Engineer to join our growing Infosec team. The person will be responsible for reducing the risk exposure of security vulnerabilities from the scope of Sureify overall. This role entails monitoring ongoing security vulnerabilities, analyzing risk posture, collaborating with stakeholders/finding owners for managing resolutions, and acting as an SME to assess discovered vulnerabilities. You will also provide pragmatic solutions and be flexible in supporting emergency vulnerability remediations. The ideal candidate will possess a strong understanding of security protocols, vulnerability management, system administration, and software development lifecycle, as well as excellent communication skills to collaborate with cross-functional teams. This role does require some overlap of hours with a team based in San Jose, California. Your Key Responsibilities Review and assess security vulnerabilities, patches, and findings from internal audits, security scans, and penetration tests. Prioritize vulnerabilities based on risk and impact, and ensure timely patching or remediation. Enforce patch compliance by tracking deployments, addressing exceptions, and ensuring adherence to vulnerability remediation Service Level Agreements (SLAs). Collaborate with security and IT teams to develop and implement security patches for critical vulnerabilities. Work closely with developers and DevOps teams to understand the root cause of security vulnerabilities and propose appropriate fixes. Assist development teams in the integration of security features and secure coding practices throughout the software development lifecycle (SDLC). Develop and maintain scripts for automated patch deployment across various systems and applications. Automate vulnerability patching workflows using scripting languages such as Python, PowerShell, Bash, etc. Collaborate with the development team to create and test patches, ensuring that they do not disrupt the functionality of applications or systems. Maintain detailed records of patches, and remediation actions. Prepare and present reports on patch management progress, risks, and status to senior management. Flexibly support emergency response for 0-day vulnerability remediation. Automating processes of security from time to time when needed. Identify potential improvement areas for vulnerability remediation and share lessons learned. Continuously monitor for emerging vulnerabilities and maintain an up-to-date patching schedule. Role Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent work experience). Server administration experience (Windows/RHEL) with a solid understanding of industry best practices for Patch Management and Vulnerability Remediation. Experience in vulnerability management, security patching, or related security roles. Experience supporting vulnerability emergency response or security incidents, including coordinating with relevant stakeholders, implementing corrective/preventive actions, and guiding security patching of software or components. Strong knowledge of security vulnerabilities in software and infrastructure components (servers, clients, network devices, perimeter security technologies, protocols/services, middleware, databases, configurations, etc.). In-depth understanding of security processes related to vulnerability management, security patching, security configurations, and technical security validations. Strong understanding of common network protocols (TCP/IP, DNS, HTTP, HTTPS, SMTP, etc.) and how vulnerabilities in these protocols can affect system security. Strong experience in at least one scripting language such as Python, PowerShell, Bash, etc. Familiarity with cloud platforms (AWS) and their security models. Knowledge of Cloud & Vulnerability Security tools such as Qualys, SentinelOne, or Crowdstrike Good understanding of industry-standard regulations and risk management frameworks (e.g., ISO, SOC, HIPAA, GDPR, CCPA). Familiarity with security frameworks such as SANS Top 25, OWASP Top 10, and/or MITRE ATT&CK. Knowledge of secure coding practices and development environments. Familiarity with container security (Docker, Kubernetes) and securing microservices is a plus. Security certifications such as Security+, SSCP, CEH, or other equivalent recognized certifications are a plus. Excellent communication and interpersonal skills, with the ability to articulate complex technical vulnerabilities and remediation actions to both technical and non-technical stakeholders. Show more Show less