1538 Penetration Testing Jobs - Page 14

Opportunities for 2-5 years experienced and qualified Cybersecurity Professionals in the areas of IT Governance , Risk Management, Compliance, IT Infrastructure Audits, Applications Security Audits, Third Party Risk Management (TPRM), Vulnerability Management, Offensive Penetration Testing, Threat Exploitation Management, Threat Intelligence, Threat Hunting, Cyber Security Operations Centre with Blue Team/Red Team experience

Apenetration testing (PenTest) and disaster recovery (DR) test job description typically requires candidates to have expertise in both cybersecurity and business continuity. The role involves conducting authorized simulated attacks to identify vulnerabilities in systems and infrastructure, developing and testing DR plans, and providing recommendations for improvement. Penetration Testing (PenTest) Responsibilities : Vulnerability Assessment: Identify weaknesses in computer systems, networks, and applications. Simulated Attacks: Perform ethical hacking exercises to mimic real-world attacks. Reporting and Recommendations: Document findings and provide actionable recommendations for remediation. Staying Updated: Keep abreast of the latest cybersecurity threats and trends. Disaster Recovery (DR) Testing Responsibilities: DR Plan Development: Contribute to the development and maintenance of DR plans. Testing and Validation: Conduct DR tests to validate the effectiveness of the plan and identify gaps. Communication: Communicate with stakeholders regarding DR testing procedures and results. Improvement: Suggest improvements to the DR plan based on testing findings. Key Skills and Requirements : Technical Expertise: Strong understanding of operating systems, networking, and programming languages. Security Knowledge: Familiarity with cybersecurity best practices, threat models, and security tools. Communication Skills: Ability to communicate findings and recommendations to both technical and non-technical audiences. Analytical Skills: Ability to analyze root, identify trends, and develop solutions. Problem-solving Skills: Ability to troubleshoot issues and implement fixes. Additional Information: Certifications: Relevant certifications like CompTIA PenTest+, CEH, or CISSP can be beneficial. Experience : Experience in cybersecurity,penetration testing, and/or disaster recovery is usually required

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityIQ Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture in the cloud environment. Your role will also require you to stay updated on emerging security threats and technologies, enabling you to make informed decisions that enhance the overall security architecture. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Develop and maintain comprehensive documentation of security architecture and controls.- Conduct regular security assessments and audits to ensure compliance with established standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in SailPoint IdentityIQ.- Good To Have Skills: Experience with cloud security frameworks and compliance standards.- Strong understanding of identity and access management principles.- Experience with security risk assessment methodologies.- Familiarity with security incident response processes. Additional Information:- The candidate should have minimum 7.5 years of experience in SailPoint IdentityIQ.- This position is based in Hyderabad.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : ServiceNow Governance, Risk, and Compliance (GRC) Good to have skills : Security Architecture DesignMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with industry standards, all while adapting to the evolving landscape of cloud security. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of cloud security measures to ensure they align with business objectives.- Collaborate with cross-functional teams to integrate security practices into the development lifecycle. Professional & Technical Skills: - Must To Have Skills: Proficiency in ServiceNow Governance, Risk, and Compliance (GRC).- Good To Have Skills: Experience with Security Architecture Design.- Strong understanding of risk management frameworks and compliance standards.- Experience in implementing security controls and monitoring solutions.- Familiarity with cloud service models and their security implications. Additional Information:- The candidate should have minimum 3 years of experience in ServiceNow Governance, Risk, and Compliance (GRC).- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

AWS Cloud, Azure Cloud, AWS Security, Cloud Security Assessment. Cloud Security, AWS Security, Azure Security, CNAPP, Cloud Security Architect Designing in 3D softwares, preparing CAD Drawings and site management.Should be excellent in creative designing and think and develop out of the box designsExperience with commercial, Hospitality and residential projectsAbility to work well with a team and meet deadlinesCoordinate project updates using emails, messengers, voice chats & teleconferences.Excellent interpersonal communication skills

Static/dynamic testing of mobile applications, Vulnerability Assessment, Penetration Testing, Cyber Security Assessment & Consulting. Secure Code Review, Web Application Security Testing, Firewall Rule Audit, Secure Configuration Review, Wireless Penetration Testing.

Manual Penetration Testing using OWASP checklists, Penetration Testing, Vulnerability Assessment, OWASP Top 10, OWASP ZAP, AWS Cloud, Azure Cloud, Cyber Security, Cloud Security Assessment, Cyber Security Assessment & Consulting, Cybersecurity, Data Security Assessment & Consulting. Perform Penetration testing Develop and recommend mitigation strategies to enhance the defense mechanisms of critical infrastructure components Collaborate with IT and security teams to refine security measures and response strategies. Prepare detailed reports on findings from simulations and suggest improvements. Facilitate training sessions for internal teams on security awareness and breach response tactics.

JD:- Application Security Lead Education Criteria (Must): B.Sc (IT/CS) / B.Tech in any Engineering background, BCA, MCA & M.Sc. Information Technology, or related field. CEH, CISSP, CISA, CISM, CRISC (If any security related certification) 11-15 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. Lead and manage the AppSec team consisting of L1 and L2 resources. Serve as the primary point of contact between the Client and the team for all project-related activities. Monitor daily operations, ensure resource optimization, and address any issues that arise during the engagement. Application & Security Review - Oversee the review of application security including web, mobile, API, and other banking applications. Perform comprehensive reviews of Network Architecture, Source Code, VAPT reports, and configuration audits. Review deliverables from L1 and L2 resources, ensuring completeness and quality. Compliance and Risk Management Reporting Stakeholder Management Skill-Vulnerability Assessment, Manual Penetration Testing using OWASP checklists, Penetration Testing, OWASP Top 10, OWASP ZAP, Ethical Hacking, Static/dynamic testing of mobile applications, Vulnerability Mitigation.

As a UI Developer, your main responsibility will be to design, develop, and maintain robust and high-performance user interfaces for complex web applications using the Angular framework (versions ranging from AngularJS to Angular 18). You will need to apply object-oriented design principles and software design patterns to create modular, reusable, and maintainable UI components. Collaborating effectively with product managers, UX/UI designers, backend engineers, and other stakeholders will be crucial to translating business requirements and design mockups into technical specifications for seamless user experiences. Ensuring the performance, responsiveness, and security of front-end applications will be key, as you optimize them for various devices and browsers. You will also be integrating with backend services, leveraging your working knowledge of general database principles and experience with databases like MySQL, SQL Server, or Oracle. Additionally, working with Windows and Linux server operating systems, and deploying applications using Docker containers will be part of your responsibilities. Incorporating cloud-based architectures and patterns, such as AWS and Azure, for scalable and resilient deployments will be essential. You will also be involved in implementing and contributing to automation toolsets like Git flows, CI/CD pipelines, unit-testing, UI testing, static vulnerability scanning, and penetration testing. Managing time effectively, prioritizing work/deliverables in a dynamic environment, and engaging in cross-team collaboration to align deliverables and priorities will be crucial for success in this role. Continuous learning and adaptation to new technologies are encouraged, contributing to a culture of innovation and best practices. Your qualifications should include a Bachelor's or Master's degree (or PhD) in Computer Science, Computer Applications, or a related field, along with at least 6 years of progressive experience in software development, particularly in UI development. Proficiency in object-oriented design, design patterns, the Angular framework, and the JavaScript programming language are required. Experience with database principles, Windows and Linux server operating systems, Docker containers, cloud-based architectures, and automation toolsets is also necessary. Strong problem-solving skills, excellent written and oral communication skills, self-motivation, and the ability to work independently as well as part of a collaborative team are qualities that will contribute to your success in this role. Additionally, experience in cross-team collaboration and coordination will be beneficial. Any ISO, FDA, or other regulated industry training and experience would be an advantage. This position offers an exciting opportunity to work on cutting-edge technologies and be part of a dynamic team focused on delivering innovative solutions in a fast-paced environment.,

As a Vulnerability Analyst I at our company, you will be part of the Vulnerability Management team, which consists of skilled professionals dedicated to conducting security testing of Mastercard applications and networks. Your role involves hands-on application security testing, collaborating with a diverse team, and ensuring all security tests are conducted within the established framework. Your responsibilities will include conducting security tests on web and mobile applications, using appropriate test cases and tools, providing guidance to development teams on identified vulnerabilities, and implementing improvements in the security testing domain. You will also coordinate with application development teams, work with a global team, and ensure a seamless testing and reporting experience. To excel in this role, you should have a proven track record in application security testing, possess strong communication and collaboration skills, and demonstrate problem-solving abilities. It is essential to be familiar with the full scope of Secure Software Development Life Cycle (S-SDLC) and hold certifications such as OSCP or SANS GMOB, ESCA, or equivalent. Experience in Cloud-based application testing or Bug Bounty programs will be advantageous. As part of our corporate security responsibility, you are expected to adhere to Mastercard's security policies, maintain the confidentiality and integrity of accessed information, report any security violations, and participate in mandatory security trainings. Join us in our mission to create a sustainable world that unlocks endless possibilities across the globe.,

Blackbaud is hiring a Customer Journey Architect, Senior to join our Customer Success team. In your role as a Customer Journey Architect you will be responsible for designing and implementing strategies to ensure customer satisfaction and loyalty. Blackbaud is committed to ensuring customers have a positive experience with the our products or services, and that they are successful in using them to achieve their outcomes. The Customer Journey Architect is a highly strategic position designed to provide unparalleled value to our customers by aligning our platform with their unique business objectives and driving long-term success. What youll do Consultative RelationshipsBuild strong, consultative relationships with key customers and internal stakeholders serving as a trusted advisorDevSecOps ExpertiseLeverage deep understanding of DevSecOps best practices, industry trends, and our software capabilities to help customers navigate complex challenges and achieve desired outcomes.(not mandatory)Customer Journey DesignMap and optimize the customer journey, focusing on key touchpoints like onboarding, adoption, and expansion.Problem SolvingIdentify and resolve technical issues, ensuring a smooth customer experience.CommunicationEffectively communicate technical information to both technical and non-technical audiences.Cross-functional CollaborationAct as liaisons between the customer and the Blackbaud ecosystem, streamlining collaboration with Product Management, Engineering, Sales, Professional Services, and others.Data AnalysisTrack customer success metrics and use data to identify areas for improvement.Knowledge MaintenanceRemain knowledgeable and up-to-date on Blackbaud releases.Training and EnablementProvide training and resources to help customers effectively use the product.Customer AdvocacyWork to cultivate customer advocacy and loyalty. Key Skills Technical ProficiencyStrong understanding of relevant technologies and platforms, including DevSecOps best practices.Communication and Interpersonal Skills: Ability to effectively communicate with both technical and non-technical audiences, build relationships, and influence stakeholders.Problem-Solving Skills: Ability to identify, analyze, and resolve complex technical issues.Project Management Skills: Ability to manage multiple projects, set expectations, and ensure timely delivery of deliverables.Analytical Skills: Ability to analyze data, identify trends, and use insights to improve customer experience.Customer FocusStrong understanding of customer needs and the ability to tailor solutions to meet those needs.AdaptabilityAbility to learn quickly, adapt to changing circumstances, and thrive in a fast-paced startup environment.Passion for Customer SuccessDriven by the desire to help customers achieve their goals and build lasting relationships.Qualifications3-5 years experience in Customer Success, Program Management or a related roleStrong experience in engaging with and delivering value to customers and internal stakeholdersDemonstrated ability to design, implement and scale executive focused programs with measurable resultsExceptional written and verbal communication skillsExperience defining success metrics and analyzing program performanceAbility to work cross functionally to align teamsA passion for understanding customer needs and driving business outcomes Stay up to date on everything Blackbaud, follow us on Linkedin, X, Instagram, Facebook and YouTube Blackbaud is proud to be an equal opportunity employer and is committed to maintaining an inclusive work environment. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.

Greenlight is the leading family fintech company on a mission to help parents raise financially smart kids. We proudly serve more than 6 million parents and kids with our award-winning banking app for families. With Greenlight, parents can automate allowance, manage chores, set flexible spend controls, and invest for their family s future. Kids and teens learn to earn, save, spend wisely, and invest. At Greenlight, we believe every child should have the opportunity to become financially healthy and happy. It s no small task, and that s why we leap out of bed every morning to come to work. Because creating a better, brighter future for the next generation depends on it. We are looking to hire a Staff Product and Application Security Engineer to lead us in designing and building security into software application services, in an exciting and agile cloud-native, mobile-first, Kubernetes-based microservices environment. Your work will ensure that Greenlight s products remain safe against advanced threats, honor the privacy rights of our users, and satisfy several fintech compliance regimes. Cyber threats have proven to be highly capable of compromising best practice security, therefore, we will rely on you to blaze a cutting edge trail so we can stay ahead of the curve. What you will be doing: Implement and maintain DevSecOps tools, including Static Application Security Testing (SAST), Software Composition Analysis (SCA), and secret scanning. Execute and refine security testing protocols, including penetration testing, Dynamic Application Security Testing (DAST), API security testing, web testing, and mobile testing. Automate high-fidelity end-to-end (E2E) testing for all API changes before production deployment. Integrate with existing engineering processes. Lead Product Security Incident Response Teams (PSIRT) playbook, mature detection and response rules, and actively neutralize against product security threats (such as Account Takeover, API abuse, etc). Lead and execute threat modeling exercises across varying scope of the organization. Identify security gaps and control recommendations, including client and server-side controls. Design, review, and manage security controls, including user registration, authentication/authorization, password management, account takeover protection, and application layer threat detection. Enhance security tool accuracy and oversee vendor/open-source proof-of-concepts (PoVs). Evangelize and promote standardized application logging practices across the organization. Evaluate and provide strategic guidance on mitigating security risks efficiently. Contribute to various aspects of the Information Security Program, including data privacy, penetration testing, audit evidence production, security awareness training, and enterprise risk management. Guide engineers at all levels in designing and integrating security aspects into Greenlight s products, services, and software development lifecycle (SDLC). Evangelize security culture through security champion program and technical developer-focused security training. What you should bring: 10+ years of experience in application and product security with a strong software engineering foundation Expert understanding of mobile, web, cloud, container, and cryptographic technologies and security practices. Offensive security minded with in-depth knowledge of current and emerging cyber threats, testing procedures, and their mitigations. The ability to quickly and deeply learn new technology stacks and modern CI/CD pipelines, including Docker, Kubernetes, AWS, Kotlin, Node.js , Android, iOS, Swift, and gRPC. Strong independent critical thinking with the capability to form and defend opinions through knowledge sharing. Skillful in assessing and managing security risks with a pragmatic solution-first approach. Commitment to continuous improvement, ongoing education and knowledge sharing with peers. A humble, collaborative, and supportive approach to teamwork Relevant certifications (e.g OSCP, OSWE, GWAPT, GMOB, CISSP) are a plus. Greenlight is an equal opportunity employer and will not discriminate against any employee or applicant based on age, race, color, national origin, gender, gender identity or expression, sexual orientation, religion, physical or mental disability, medical condition (including pregnancy, childbirth, or a medical condition related to pregnancy or childbirth), genetic information, marital status, veteran status, or any other characteristic protected by federal, state or local law.

Job Description: o ~5-10 years of experience. o Skill Set -> Deep knowledge of security vulnerabilities and attacks, Perform high quality web application pen tests while meeting project deadlines. Validate security tool output, find vulnerabilities the tools cant, and create proof of concepts of various vulnerabilities to demonstrate them to stakeholders. Research new tools and techniques to constantly improve the pen test process. Generate high quality reports and be able to present them to technical and non-technical stakeholders. Working with application developers to help them understand various vulnerabilities, the impact of the vulnerabilities, and high-level recommendations on how to fix the vulnerability. Fundamental understanding of security knowledge around native applications, web applications, distributed and database systems. (Understanding of Web Services is a plus) o Working shift -> Afternoon Shift 2:00 PM to 10:30 PM. Web Application Penetration Testing - Red Team At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We re committed to fostering an inclusive environment where everyone can thrive. Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here .

Conduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting

About the Role: Grade Level (for internal use): 10 The Team Security Testing Team in the Quality Engineering space plays a crucial role in safeguarding business operations by identifying vulnerabilities and ensuring robust protection against cyber threats. Through meticulous testing practices, we enhance the security posture of applications, thereby reducing the risk of data breaches and financial loss. By integrating security measures early in the development lifecycle, the team helps streamline processes, minimize disruptions, and ultimately contribute to greater business efficiency and resilience. S&P Global Ratings is the worlds leading provider of independent credit ratings. Our ratings are essential to driving growth, providing transparency, and helping educate market participants so they can make decisions with confidence. We have more than one million credit ratings outstanding on government, corporate, financial sector and structured finance entities and securities. We offer an independent view of the market built on a unique combination of broad perspective and local insight. We provide our opinions and research about relative credit risk; market participants gain independent information to help support the growth of transparent, liquid debt markets worldwide. What is in it for you Serve as a highly technical security expert to bring security transformation to both new and legacy applications in quality engineering space. Using a wide range of cutting-edge technology to innovate while testing. An ever-challenging environment to hone your existing skills in Security Testing, Automation, Python Programming, Bash scripting etc. Being a part of an organization which values Culture of Urgency and Shift Left approaches. Gain the opportunity to apply your strategic thinking alongside technical skills to safeguard our systems defending against emerging cyber threats. A plenty of skill building, knowledge sharing, and innovation opportunities. Building a fulfilling career with a global financial technology company. Responsibilities This role will involve designing and executing security tests, identify vulnerabilities, and drive remediation strategies while collaborating with cross-functional teams in an Agile environment. Understand the applications security requirements and identify & document the scope of the test. Develop and maintain security testing automation using tools like Burp Suite, ZAP, or similar tools. Integrate security testing into CI/CD pipelines. Automate processes and workflows using Python to minimize manual work. Collaborate with development, QE, and DevOps teams to investigate security incidents, perform root cause analysis, and validate security fixes. Oversee results and logs to analyze, prioritize, and initiate remediation for findings identified by security tools during SAST, DAST, SCA, artifact scanning, container scanning, etc... Prepare detailed reports summarizing test results, logs, findings, and recommendations for strengthening overall security of an application. Create and track security metrics, KPIs, and KRIs to measure operational effectiveness. Prepare comprehensive reports for senior management on security performance and strategic initiatives. Work independently, providing recommendations, and leading the accomplishments of the tasks from inception to completion. Demonstrate outstanding flexibility and leadership with proper communication of security testing result interpretation and explanation to audience. Participate in Daily Stand-up Calls, works closely with the Agile Manager to know the deliverables and commitments of each release. Actively taking part in resolving critical security issues and coming up with solutions to mitigate the same. Basic Qualifications Bachelor's or masters degree in Electronics and Communication, Computer Science, Cybersecurity, or related fields. 6 to 9 years of IT experience with relevant professional experience of Minimum 4 years in the field of Cyber Security Testing. Should have strong hands-on experience in security testing, penetration testing, and vulnerability assessment. Strong experience in web, API, and cloud security testing. Clear understanding of security vulnerabilities, exploits, and mitigation techniques Strong grasp of the OWASP Top 10 vulnerabilities and effective mitigation strategies. Hands-on experience with security testing tools such as Burp Suite, OWASP ZAP, Wireshark, Nessus, OpenSSL and Crypto validation tools. Proficiency in SAST/DAST tools and security frameworks like OWASP Top 10, CIS Benchmarks, and CVSS. Hands-on experience with Selenium, Pytest, and RestAssured API Testing using Python. Strong hands-on experience with scripting and programming languages including Python, PowerShell, Bash for security tasks. Familiarity with RESTful APIs, webhooks, and integration of third-party security tools and services via automation. Knowledge of DevSecOps practices and integrating security in CI/CD pipelines. Self-motivated and driven to stay updated with the latest security trends, technologies, and best practices, maintain high level of accuracy in security assessments. Ability to analyze and communicate complex cybersecurity and technical challenges to technical and non-technical users, leaders, and stakeholders. Experience collaborating with cross functional global and remote teams with diverse backgrounds. Should be able to work under a competitive time frame and deliver. Should be a very fast learner and have the excellent problem-solving ability. Should have excellent written and verbal communication skills. Nice to have Skills: Security Certifications like CISSP, CEH, CISM, OSCP or CompTIA Security+ shall be having the preference. Hands-On experience in building AI-powered security tools, chatbots, and agent-driven automation pipelines. Knowledge on Agentic AI frameworks, LLMs, and orchestration libraries like LangChain, crewAI or RAG-based architectures. Grade10 LocationHyderabad Shift time11am to 8pm / 12pm to 9pm IST Hybrid Modeltwice a week work from office About S&P Global Ratings At S&P Global Ratings, our analyst-driven credit ratings, research, and sustainable finance opinions provide critical insights that are essential to translating complexity into clarity so market participants can uncover opportunities and make decisions with conviction. By bringing transparency to the market through high-quality independent opinions on creditworthiness, we enable growth across a wide variety of organizations, including businesses, governments, and institutions. S&P Global Ratings is a division of S&P Global (NYSESPGI). S&P Global is the worlds foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets. With every one of our offerings, we help many of the worlds leading organizations navigate the economic landscape so they can plan for tomorrow, today.For more information, visit www.spglobal.com/ratings Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world.Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Health & WellnessHealth care coverage designed for the mind and body. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. S&P Global has a Securities Disclosure and Trading Policy (the Policy) that seeks to mitigate conflicts of interest by monitoring and placing restrictions on personal securities holding and trading. The Policy is designed to promote compliance with global regulations. In some Divisions, pursuant to the Policys requirements, candidates at S&P Global may be asked to disclose securities holdings. Some roles may include a trading prohibition and remediation of positions when there is an effective or potential conflict of interest. Employment at S&P Global is contingent upon compliance with the Policy. ---- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----

vulnerability assessments using Nessus , Tenable , Qualys ,Develop and maintain vulnerability management processes and procedures ,Coordinate vulnerability remediation activities, penetration testing, scripting languages KALI ,Linux Parrot

Mandatory Skills: -Programming skills in Dot Net, Java, Go (Any Skill is fine) with Penetration & Security testing is a must. Essential Duties and Responsibilities Provides support to cross-functional teams, with a high attention to detail Researches, analyzes, and documents findings May coach, review, and/or delegate work to other team members Conducts security assessments, threat modeling, and vulnerability reporting and develops security architecture patterns for implementing new solutions and products Performs application security reviews for our products and services to identify and/or validate vulnerabilities and attack chains. Communicates findings, attack paths, and recommendations to technical and executive stakeholders through written reports and verbal presentations Develops and maintains methodologies for penetration testing Assists with decision-making, prioritization, and support throughout the secure software development life cycle (s-SDLC) on a variety of security domains Participates in requirements gathering, secure coding and configuration, software testing, and third-party component management and defect management Serves as point of contact on secure development and security best practices Consults cross-functionally to embed security gates into their existing SDLC, leveraging automation when possible Drives the development of standards, practices, and processes to establish, manage, and report adherence to application security requirements and best practices Attends regular stand-ups and planning meetings to build positive relationships with key stakeholders Serves as the security authority on assigned products, ensuring the security controls are functioning, security requirements are provided before coding begins, and that vulnerabilities are fixed within their SLAs Ensures s-SDLC controls are embedded in assigned product and serves as control owner for a subset of these controls Engages in application and domain-specific threat modeling, as well as attack surface analysis and reduction. Educational/Vocational/Previous Experience Recommendations: Ability to manage projects and processes independently with limited supervision Recognized subject matter expert of applicable work area Ability to situationally adapt and understand new technology/processes as per business requirement Ability to identify application vulnerabilities and advise on appropriate remediation Solid understanding of common languages such as .NET, Python, JavaScript, Go, etc. Strong foundation in core information security principles and concepts (encryption, authentication, etc.) Effective communication skills, with the ability to explain sophisticated security topics in simple terms to technical and non-technical stakeholder Work locations: Pune, Mumbai, Bangalore Hybrid and also complete Remote option available. Work Type: Hybrid and Remote

As a Senior Associate Information Security Analyst at NTT DATA, you will play a crucial role in designing and implementing security systems to safeguard the organization's computer networks from cyber-attacks and ensuring compliance with industry standards. Your responsibilities will include monitoring security alerts, investigating potential threats, installing security software, and documenting any security issues or breaches found. You will be actively involved in implementing and monitoring security controls such as firewalls, intrusion detection systems, and access controls. Conducting regular vulnerability assessments, analyzing scan results, and assisting in prioritizing and remediating identified vulnerabilities will be part of your daily tasks. Additionally, you will support the incident response team in investigating security incidents, documenting findings, and participating in remediation efforts. Your role will also involve installing security measures, operating software to protect systems and information infrastructure, documenting security breaches, and assessing the damage they cause. You will collaborate with the security team to perform tests, uncover network vulnerabilities, and maintain a high-security standard by fixing detected vulnerabilities. Furthermore, you will contribute to security awareness initiatives by creating training materials, conducting workshops, and educating employees about best security practices. Staying abreast of information technology trends and security standards, researching security enhancements, and making recommendations to management will also be part of your responsibilities. Key Requirements: - Bachelor's degree or equivalent in information security, cybersecurity, computer science, or related field. - Security certifications such as CompTIA Security+, CISSP, or CISM are advantageous. - Moderate level of demonstrated experience in information security or cybersecurity. - Proficiency in network penetration testing, security assessment, and vulnerability scanning tools. - Familiarity with security frameworks, standards, and regulations. Attributes: - Strong communication skills to convey technical information effectively. - Analytical thinking and problem-solving skills to prevent network hacking. - Ability to identify, evaluate, and mitigate potential risks. - Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts. - Proficiency with MAC and OS. - Basic understanding of network and system architecture, security controls, and protocols. NTT DATA is a trusted global innovator in business and technology services, committed to helping clients innovate, optimize, and transform for long-term success. As a Senior Associate Information Security Analyst, you will be part of a diverse and inclusive workplace that fosters growth, belonging, and collaboration. Join us in making a difference and pushing the boundaries of what is possible in the world of information security.,

Penetration Tester Role: The Penetration Tester, will provide broad and in depth knowledge to conduct offensive cyber operations across the organization globally. In this role, you will conduct offensive security operations to emulate adversary tactics and procedures to test preventative, detective and response controls across the global technology landscape. You will use your expertise to help influence technology decisions and work as part of a team to create consistent approaches to the offensive security processes and techniques. Penetration Testing Duties and Responsibilities: Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired, wireless networks, and mobile applications/devices, Cloud(Azure, AWS, Google Etc) apps and softwares. Set up environment and maintain required tools needed for the team. Lead and manage Penetration Testing team and Supporting vendors to get qualitative deliveries to our customer. Develop and maintain security testing plans Able to automate penetration and other security testing on networks, systems and applications. Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk. Produce actionable, threat-based, reports on security testing results Act as a source of direction, training, and guidance for less experienced staff Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation Communicate security issues to a wide variety of internal and external customers to include technical teams, executives, risk groups, vendors and regulators Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests. Foster and maintain relationships with key stakeholders and business partners Certificates: Must Have Offensive Security Certified Professional (OSCP) Good to have CREST Registered Penetration Tester (CRT) Certified Ethical Hacker (CEH) Certification GIAC Certified Penetration Tester (GPEN) Penetration Testing Expert Requirements and Qualification: Previous working experience as a Penetration Testing Expert for 5 - 7 year BE in Computer Information Systems, Management Information Systems, or similar relevant field In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell) Must know about standard Industry security Practices (OWASP, SANS, etc), Knowledgeable about industry Security guidelines and compliance such as ISO27001, SOC2, HIPPA etc. Hands on experience with testing frameworks such as the PTES and OWASP. Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud Critical thinker and problem solver Excellent organizational and time management skills Must Have Offensive Security Certified Professional (OSCP)

Role Summary: Are you passionate about building tools that empower developers and enhance cybersecurity for life-saving technologiesWe are looking for a highly driven and skilled C# Tools Developer to join our Cybersecurity and Product Security team. You will take ownership of designing and developing robust tools and automation solutions that improve developer productivity, third-party software management, and cybersecurity workflows in our MRI scanner software development ecosystem. This role is critical to enabling secure and compliant medical imaging systems worldwide and requires deep technical expertise, strong ownership mindset, and a desire to drive solutions independently. Key Responsibilities: Design, develop, and maintain high-quality C#/.NET tools and automation scripts to: Streamline cybersecurity workflows (e.g., SBOM parsing, vulnerability integration, compliance reporting). Automate third-party software management (license validation, component tracking, reporting). Take full ownership of tool architecture, design decisions, and implementation, ensuring scalability, maintainability, and security. Integrate tools seamlessly with DevOps pipelines, internal platforms, and developer workflows to maximize productivity impact. Drive innovation in developer productivity tooling by understanding pain points and delivering intuitive solutions. Collaborate closely with cybersecurity architects, product security engineers, and DevOps teams to gather requirements and implement impactful tooling solutions. Ensure secure coding practices and defensive programming in all tools developed. Stay abreast of evolving SBOM standards (SPDX, CycloneDX), licensing requirements, and cybersecurity trends to keep tooling state-of-the-art. Document designs, APIs, usage guidelines, and maintenance procedures comprehensively. Required Skills & Experience: Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field. 3-7 years of strong, hands-on development experience with C#/.NET Framework or .NET Core. Proven track record in tools development, automation scripting, and building internal developer productivity solutions. Deep understanding of file parsing, data transformation, APIs, and tool integration with DevOps pipelines. Strong knowledge of secure coding practices and fundamentals of cybersecurity workflows (e.g., vulnerability management, SBOM, license compliance). Demonstrated ability to drive projects independently, from ideation to deployment, with high ownership. Desirable Skills: Experience with Python or PowerShell scripting for complementary automation. Familiarity with SBOM tools, license compliance solutions (e.g., FOSSology, Black Duck). Exposure to Azure DevOps, GitHub Actions for CI/CD pipeline integration. Understanding of medical device software standards (IEC 62304) and regulatory compliance workflows. Who You Are: Self-driven problem solver with a passion for automation and productivity tooling Comfortable working independently and taking complete ownership of your deliverables Motivated by creating real-world impact through secure, efficient software systems Thrive in collaborative global teams and communicate effectively with diverse stakeholders Why Join Us Build tools that secure life-saving MRI technologies used worldwide Work at the intersection of cybersecurity, developer productivity, and cutting-edge medical imaging Enjoy an environment that values innovation, ownership, and excellence Drive solutions end-to-end and see direct impact on team productivity and patient safety

Policy & Framework Management: Define, review, and update cybersecurity policies, procedures, and standards to align with business and regulatory requirements.Regularly review and update Security Configuration Documents (SCDs).Drive the adoption and alignment of the NIST Cybersecurity Framework.Implement and manage the Unified Compliance Framework to streamline regulatory mapping.Security Controls & Automation: Conduct configuration reviews across critical systems and platforms.Lead initiatives to automate policy management and control validation.Evaluate and recommend risk management solutions and security technologies.Risk & Change Management: Perform third-party/vendor risk assessments, including onboarding, periodic review, and offboarding processes.Collaborate with IT and operations teams for firewall rule lifecycle management.Participate in and govern the Change Management process to ensure security reviews and approvals.Compliance & Audit: Ensure continuous compliance with RBI, IRDAI, UIDAI, ISO 27001, IT Act 2000, and other applicable regulatory and industry standards.Prepare, maintain, and manage documentation for internal and external audits.Track, report, and drive mitigation for audit findings and exceptions.Implement and maintain continuous compliance monitoring tools and practices.Reporting & Governance: Develop and report on cybersecurity posture to senior leadership and key stakeholders.Maintain and deliver Service Level Agreements (SLA) reports and performance metrics.Design and manage Key Risk Indicators (KRI) dashboards to support informed decision-making.Conduct periodic exception reviews and manage approval workflows. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field.6+ years of experience in cybersecurity governance, risk, and compliance (GRC).Strong understanding of NIST, ISO 27001, UCF, and regulatory standards (RBI, IRDAI, UIDAI, IT Act).Proven experience in policy lifecycle management, audit coordination, and risk assessment.Familiarity with firewall rule governance, change management, and automated compliance tools.Excellent communication, analytical, and stakeholder management skills. Preferred technical and professional experience CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CGEIT

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L2 Analyst has responsibility to closely track the incidents and support for closure. 10.Working with logsource and usecase management in integrating log sources and developing & testing usecase 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Developing SOP / instruction manual for L1 team 13.Guiding L1 team for triage/analysis and assist in clousure of cybersecurity alert and incidents 14.Handle XDR alerts and followup with customer team for agent updates 15.Escalate more complex incidents to L3 SME for deeper analysis. Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.3-7 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications"

Software development support for Windows App Store and automated installation tooling. Responsibilities include creation and maintenance of automation policies for application deployments. Required education Bachelor's Degree Required technical and professional expertise 5+ years of experience in software development. 3+ years of working experience with JAVA/Python/JavaScript/C++ Knowledge with SQL Database implementations Knowledge of SAST/DAST/IAST vulnerability scanning tools such as Mend, SonarQube, Contrast, etc. Preferred technical and professional experience Experience in cloud technologies. Good Communication skills.

Your Role and Responsibilities ConductVulnerability Assessment & Penetration Testing (VAPT) for web applications, APIs, and networks. Analyze and identify security vulnerabilities, ensuring alignment withOWASP Top 10 andsecure coding best practices. Provide security requirement analysis for applications. Offerrisk mitigation planning, vulnerability remediation recommendations, compliance guidance, and metrics reporting. Plan and coordinateNetwork & Application Security testing. Utilize security testing tools such asBurp Suite, Kali-Linux, AppScan, Nessus. Generate and share reports with customers usingMS Office tools. Collaborate with teams to enhance security implementations and provide best practice recommendations. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3-4 years of demonstrating experience in planning and executing VA & penetration tests exercises against web applications, APIs, Network. Minimum 3+ years of experience in Network and Application Security Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities Experience in security requirements analysis for application Experience in security requirement implementation recommendations & guidance Prior experience in Network & Application Security Test planning & coordination Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting Preferred technical and professional experience Industry certifications such asCEH/OSCP or equivalent preferred. Familiarity withsecurity standards (OWASP, SANS, ISO).

As SIEM Analyst, you will be responsible for handling the daily monitoring of Information security events on the SIEM tools. Come join our team of IBM experts, who are leaders with vision, distinguished engineers and IT architects who have worked with thousands of clients to transform enterprise IT, migrate to cloud, apply automation and ensure business continuity. We help client run their IT better, accelerate innovation and deliver unmatched performance with the power automation. If you thrive in a dynamic, reciprocal workplace, IBM provides an environment to explore new opportunities every single day. And if you relish the freedom to bring creative, thoughtful solutions to the table, there's no limit to what you can accomplish here. * Responsible for security researcher to provide insight and understanding of new and existing information security threats * Responsible to participate in recommending improvements to SOC security process, procedures, policies, security incident management and vulnerability management processes * You will be involved in evaluating, recommending, implementing, and solving problems related to security solutions and evaluating IT security of the new IT Infrastructure systems * Keep yourself up-to-date with emerging security threats including applicable regulatory security requirements * Work in a 24x7 Security Operation Centre (SOC) environment Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise * Minimum 2+ years’ experience in SIEM. * Proven expertise in handling the daily monitoring of Information Security events on the QRadar / ArcSight / Splunk console platform * Proficient in monitoring security events from various SOC channels (SIEM, Tickets, Email and Phone), based on the security event severity to handle the service support teams, tier2 information security specialists * Expertise in threat modelling and Use case development and ability to review policies of security monitoring tools based on security concepts and logical approach. Preferred technical and professional experience * Preferred OEM Certified SOAR specialist + CEH * Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work * Intuitive individual with an ability to manage change and proven time management * Proven interpersonal skills while contributing to team effort by accomplishing related results as needed * Up-to-date technical knowledge by attending educational workshops, reviewing publications