Design and implement security controls for products throughout the SDLC. Perform threat modeling, security reviews, and vulnerability assessments. Collaborate with development teams to integrate security best practices. Respond to, investigate, and remediate security incidents related to products. Develop and maintain security automation tools and scripts. Conduct secure code reviews and penetration testing. Research and evaluate emerging security technologies and threats. Create and deliver developer training on secure coding practices. Document security guidelines, standards, and compliance requirements. Communicate risks and mitigation strategies to technical and non-technical stakeholders. Requirements Bachelors degree in Computer Science, Information Security, or a related field. Strong experience in application security, threat modeling, and vulnerability assessment. Proficiency in secure coding practices and common security tools (e.g., SAST, DAST). Familiarity with SDLC, DevSecOps, and cloud security principles. Excellent communication skills and ability to collaborate across teams.

Responsibilities : Perform Security reviews, Vulnerability Assessments & Penetration Testing for Web, Android, iOS, and API endpoints Perform Threat Modelling & anticipate potential attack vectors and improve security architecture on complex or cross-functional components Identify and remediate OWASP Top 10 and mobile-specific vulnerabilities Conduct secure code reviews and red team assessments Integrate SAST, DAST, SCA, and secret scanning tools into CI/CD pipelines Automate security checks using tools like SonarQube, Snyk, Trivy, etc. Maintain and manage vulnerability scanning infrastructure Perform security assessments of AWS, Azure, and GCP environments, with an emphasis on container security, particularly for Docker and Kubernetes. Implement guardrails for IAM, network segmentation, encryption, and cloud monitoring Contribute to infrastructure hardening for containers, Kubernetes, and virtual machines Triage bug bounty reports and coordinate remediation with engineering teams Act as the primary responder for external security disclosures Maintain documentation and metrics related to bug bounty and penetration testing activities Collaborate with developers and architects to ensure secure design decisions Lead security design reviews for new features and products Provide actionable risk assessments and mitigation plans to stakeholders Required Skills & Experience: 5 - 8 years of solid hands-on experience in the VAPT domain Solid understanding of Web, Android, and iOS application security Experience with DevSecOps tools and integrating security into CI/CD Strong knowledge of cloud platforms (AWS/GCP/Azure) and their security models Familiarity with bug bounty programs and responsible disclosure practices Familiarity with tools like Burp Suite, MobSF, OWASP ZAP, Terraform, Checkov..etc Good knowledge of API security Scripting experience (Python, Bash, or similar) for automation tasks Preferred Qualifications: OSCP, CEH, AWS Security Specialty, or similar certifications Experience working in a regulated environment (e.g., FinTech, InsurTech)

Take on a crucial role where youll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the worlds largest and most influential companies. As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Tech Controls team , you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. Job responsibilities Executes creative security solutions, design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems Develops secure and high-quality production code and reviews and debugs code written by others Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls Works with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability Conducts discovery, vulnerability, penetration testing, and threat scenarios on multiple organizational assets to identify and assess if vulnerabilities are present, and executes threat modeling for multiple applications including external applications interacting with the internal JPMorgan Chase network Adds to team culture of diversity, equity, inclusion, and respect Required qualifications, capabilities, and skills Formal training or certification on security engineering concepts and 5+ years applied experience Experience developing security engineering solutions, along with design and implementation of cloud security solutions on AWS for best technical practices Advanced in one or more programming languages Python or Java Proficient in all aspects of the Software Development Life Cycle Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security Experience with threat modeling, discovery, vulnerability, and penetration testing In-depth knowledge of the financial services industry and their IT systems Preferred qualifications, capabilities, and skills Effective communication skills. Certified AWS solution Architect Familiar with AWS Security & CISSP/CCSP

Job Description in brief including Roles & Responsibilities : Perform periodically system and application VAPT (Vulnerability Assessment and l Penetration Testing) using automated and manual approach. Perform asset and network discovery activities, helping ensure full coverage of the vulnerability discovery. Prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and asset. Identify and test vulnerabilities in the areas of the information system and networks security. Conduct and compile findings on new vulnerabilities, new tools for departmental use. Create project deliverables /reports and assist the immediate supervisor during submissions and client discussions. Performing assessment related to Red Teaming, Network Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Secure Code review, AD Security Assessments, Vulnerability Management, Social Engineering Assessments,Wireless Penetration Testing. Mandatory Skills required for the role: Hands on experience with Vulnerability Assessment and Penetration testing of thick & thin client-based applications, Operating systems, edge devices and firewalls. Research, recommend, evaluate and implement information security solutions that identify and and/ or protect against potential threats, and respond to security violations, misuse of resources or noncompliance situations using defined escalation processes. Strong Experience of using open-source tools and commercials tools such as but not limited to Burp Suite, Metasploit, Nessus, Acunetix, Checkmarx, and Nexpose with operating systems Windows and Linux. Expertise and experience of conducting VAPT (Vulnerability Assessment and Penetration Testing) as per standards such as OWASP Top 10, SANS Top 25 and WASC, NIST. Perform research on new vulnerabilities, attack vectors, exploits, tools and industry trends services. Provide offsite and on-site consulting services to our customers. Collaborating with other members of the engagement team to plan the engagement and develop work program timelines, risk assessments and other douments/templates. Well familiar with basics of TCP/IP and Networking principles. Extensive Working knowledge of Operating systems: Windows NT/2K3/XP and Linux or any Unix OS Knowledge about Computer Networks, System Security, Firewalls and l Vulnerabilities. Optional Skills for the role: Firewall rule review Segmentation Testing

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Senior Consultant Specialist In this role, you will: Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs. This covers manual penetration testing, source code and configuration review. Clearly and professionally document root cause and risk analysis of all findings Adhere to the security testing process and raise any gaps or opportunities for improvement with manager. Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks. Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required. Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports. Advise on vulnerability remediation, control implementation and secure development practices Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities. Assist in planning, test execution and vulnerability mitigation Ensure that company security policies are implemented, enforced, and enhanced when appropriate Participate in team discussions to formulate new or enhance existing processes and standards Assist in security incident response activities Adhere strictly to compliance and operational risk controls in accordance with company and regulatory standards, policies and practices; report control weaknesses, compliance breaches and operational loss events Run evaluations of new security testing technologies and provide recommendations. Monitor security industry information sources and keep abreast of events, research, and developments. Identify opportunities to improve our processes, quality of the work and efficiencies. Mentor junior team members Other responsibilities as assigned Requirements To be successful in this role, you should meet the following requirements: Minimum 12+ years of experience in IT Maintain a wide breadth of penetration testing and/or leadership management skills to a significant degree of depth. Understand the business context/significance of technical penetration testing findings. Consistently output superior quality of deliverables. Poses an entrepreneurial attitude to excel in loosely defined scenarios. Ability to work independently or lead any size team of penetration testers. Superior time management skills and self-discipline. Be subject matter expert in at least 2 of penetration testing domains (i. e. infrastructure/apps/mobile). Demonstrated ability to solve complex technical problems. At least 5 years of prior demonstrable hands-on experience in penetration testing. Solid understanding of the platform security models for iOS and Android platforms. Excellent understanding of platform-specific security risks, common vulnerabilities for mobile applications, common risks in financial applications. Practical knowledge of penetration testing of widely understood infrastructure, web and mobile technologies, using manual and automated testing methods. Excellent TCP/IP knowledge and understanding of security implications/issues. Strong web application testing experience. Proven programming/scripting skills. Ability to explain security functionality from first principles. Ability to adapt and apply information to new scenarios and technologies. Strong understanding of applied use of cryptography in application development.

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC, and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. We are currently seeking an experienced professional to join our team in the role of Lead consultant specialist In this role you will: Hunting for malicious or anomalous activity across the enterprise, using existing tools. Acting in co-ordination with GCO staff to lead the development and implementation of an advanced analysis and search capability focused on identifying potentially sophisticated APT and insider threat activities within the organization. Researching new and existing threat actors and associated tactics, techniques and procedures (TTPs); developing a detailed understanding of their potential impact to the organization, providing recommended solutions for improving our defensive and detective capability. Collaboration with the wider Cybersecurity functions, e. g. , Red Team, to develop hypotheses for new attack techniques and evasion methods. Coordinating threat hunting activities, leveraging intelligence from multiple internal and external sources. Reviewing incident and penetration testing reports and corresponding logs, to identify gaps in our detection capability and provide recommendations to improve them. Providing expert analytic investigative support on large scale and complex security incidents. Contributing to the continued evolution of hunting, monitoring, detection, analysis and response capabilities and processes Training, developing, mentoring, and inspiring colleagues across the function in area(s) of specialism, strengthening Cybersecurity Operations capabilities. Represent HSBC Global Cybersecurity Operations at internal awareness and external cybersecurity forums. Collaborate with the wider Cybersecurity (and IT) teams to ensure that the core, underlying technological capabilities that underpin an effective and efficient operational response to current and anticipated threats and trends remain fit for purpose. Identify processes that can be automated and orchestrated to ensure maximum efficiency of Global Cybersecurity Operations resources. Requirements To be successful in this role, you should meet the following requirements: Excellent investigative skills, insatiable curiosity, and an innate drive to win. Instinctive and creative, with an ability to think like the enemy. Strong problem-solving and trouble-shooting skills Deep knowledge of hacker culture Developed external peer network for sharing intelligence. Self-motivated and possessing of a high sense of urgency and personal integrity. Excellent understanding of HSBC cyber security principles, global financial services business models, regional compliance regulations and laws. Excellent understanding and knowledge of common industry cyber security frameworks, standards, and methodologies, including OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, CIS and NIST standards. Proven experience in identifying and responding to advanced attacker methodologies both within the corporate environment as well as external attack infrastructures, ideally with offensive experience and / or deception environment development (tripwire systems, honeypots, honey-token/accounts, etc. ) using open source, vendor purchased and bespoke/in-house developed solutions. Experience in computer forensics, vulnerability analysis, cyber security analysis, penetration testing and/or network engineering. Highest level of technical expertise in information security, including deep familiarity with relevant penetration and intrusion techniques and attack vectors Expert level knowledge of scripting, programming and/or development of bespoke tooling or solutions to solve unique problems. Expert Knowledge and technical experience of 3rd Party Cloud Computing platforms such as AWS, Azure and Google

The role supports full end to end software development cycle, from initial client engagement, through assessments and road-mapping, to longer term engagement in an advisory capacity. As an Application Security Consultants, the person should leverage the technical expertise of the security competencies, varied product and delivery capabilities Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Manage SaaS application configuration settings, integrations Build compliance requirements and SaaS Application security baselines. Perform continuous monitoring of applications identifying security vulnerabilities and address through remediation efforts Preferred technical and professional experience Validate and maintain incident response plans and processes to address potential threats Determine risks and remediation options with implemented SaaS applications Evaluate new applications to ensure implementation can meet security baselines

Job Track Description Requires formal education and relevant expertise in a professional, sales, or technical area. Performs technical-based activities. Contributes to and manages projects. Uses deductive reasoning to solve problems and make recommendations. Interfaces with and influences key stakeholders. Leverages previous knowledge and expertise to achieve results. Ability to complete work self-guided. College or university degree required. General Profile Requires knowledge and experience in field. Uses best practices and knowledge of business to improve products or services. Solves complex problems and takes a new perspective on existing procedures. Self-starter, requiring minimal guidance. Acts as a resource for colleagues with less experience. Functional Knowledge Requires conceptual expertise of theories, practices, and procedures. Business Expertise Has knowledge of best practices and team integration. Aware of the competition and what differentiates them. Impact Impacts a range of customer, operational, project or service activities. Works within broad guidelines and policies. Leadership Acts as a resource for colleagues with less experience. May guide small projects with manageable risks and resource requirements. Problem Solving Solves complex problems. Takes a new perspective on existing solutions. Exercises judgment based on the review of multiple information sources. reviewing many sources of information. Skills Clearly articulates difficult or sensitive information. Works to build consensus within a team. Responsibility Statements Supports the development of strategies for new client offerings. Ensures the effective use and application of resources. Assesses customer requirements and assists with the development of solutions. Reviews service and operating procedures to ensure compliance with industry standards and regulations. Works closely with the solutions team and sales, practice, and delivery leaders to develop the solution strategy and approach. Developing proficiency in market trends, best practices, and innovation. Performs other duties as assigned. Complies with all policies and standards. Conduent is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, creed, religion, ancestry, national origin, age, gender identity, gender expression, sex/gender, marital status, sexual orientation, physical or mental disability, medical condition, use of a guide dog or service animal, military/veteran status, citizenship status, basis of genetic information, or any other group protected by law. People with disabilities who need a reasonable accommodation to apply for or compete for employment with Conduent may request such accommodation(s) by submitting their request through this form that must be downloaded:click here to access or download the form. Complete the form and then email it as an attachment toFTADAAA@conduent.com.You may alsoclick here to access Conduent's ADAAA Accommodation Policy. At Conduent we value the health and safety of our associates, their families and our community. For US applicants while we DO NOT require vaccination for most of our jobs, we DO require that you provide us with your vaccination status, where legally permissible. Providing this information is a requirement of your employment at Conduent.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Governance Risk Compliance (GRC) Good to have skills : Security Architecture DesignMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure compliance with established standards, all while adapting to the evolving landscape of cloud technologies and security threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge on security best practices.- Monitor and evaluate the effectiveness of implemented security measures. Professional & Technical Skills: - Must To Have Skills: Proficiency in Governance Risk Compliance (GRC).- Good To Have Skills: Experience with Security Architecture Design.- Strong understanding of risk assessment methodologies and frameworks.- Experience in developing and implementing security policies and procedures.- Familiarity with compliance standards such as ISO 27001, NIST, and GDPR. Additional Information:- The candidate should have minimum 5 years of experience in Governance Risk Compliance (GRC).- This position is based in Pune.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Delivery Governance Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Your day will involve ensuring the security of critical assets and systems. Roles & Responsibilities:- Expected to be an SME, collaborate, and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Develop and implement security policies and procedures.- Conduct security assessments and audits.- Monitor security incidents and respond to breaches promptly.- Stay updated on the latest security trends and technologies. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Delivery Governance.- Strong understanding of security frameworks and compliance standards.- Experience in conducting risk assessments and vulnerability scans.- Knowledge of security tools and technologies.- Good To Have Skills: Experience with Security Incident Response.- Hands-on experience in implementing security controls and measures. Additional Information:- The candidate should have a minimum of 12 years of experience in Security Delivery Governance.- This position is based at our Gurugram office.- A 15 years full-time education is required. Qualification 15 years full time education

Requirement of Web Application Security, Mobile Application Security and Api Having deep Knowledge Application Security

Job Requirements Should have at least 5 years of professional experience in application security or a related field. Proven expertise in web and mobile security architecture, frameworks, and testing methodologies (e.g., OWASP Top 10). Extensive hands-on experience with implementing and scaling DevSecOps practices across CI/CD pipelines. Proficient in at least one programming and one scripting language, with the ability to review and guide secure coding practices. Experience working with bug bounty programs or vulnerability disclosure platforms is a strong plus. Ability to lead security reviews, influence engineering teams, and mentor junior security professionals is highly valued.

Role & responsibilities - Perform Application Security Testing - Perform Network Penetration Testing - Perform Vulnerability Assessment of Servers - Verify Scan results through manual testing - Co-ordinate with the clients for Project related queries - Undertake meeting with the client teams for discussing security issues and recommendations - Create detailed security reports - Keep track of project progress & send regular updates - Research on security tools - Create Security Knowledge base for the team - Participate in quality initiatives. Location: Pune-On Site Required Knowledge Areas: Web Application Security OWASP Top 10 Mobile Application Security – Mobile OWASP Top 10 NMAP/Port Scanning Vulnerability Scanning & Verification Web Traffic Interception (For Web/Mobile apps) SSL Security Tools Experience: Working knowledge of following tools is needed: Web Proxy Editors Network Sniffers Nessus Scanner Reverse Engineering Tools Mobile Application security tools – Either Android/IOS Any one Web Application Security Scanner. Certification Requirement: The candidate must possess any one of the following certifications: CEH/ ECSA/ OSCP Other Skills: The candidate should be good in: Documentation Communication Skills. Interested candidate can share their resume on hr@synradar.com or can connect on 8655620119 Immediate joiners are preferred

Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a clients needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a proven, high energy, results oriented GRC professional, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established GRC Professional, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security and compliance posture For attending the walk-in, please fill the form https://forms.gle/wLS8HtPyFZQKA4jf8 (Copy and paste in a browser) 1. SOC L3 Experience: 6+ years Skills: SIEM, IDS/IPS, EDR tools, log/packet analysis, TCP/IP, Linux/Windows, threat intelligence Tools: Splunk, QRadar, Crowdstrike, NetWitness Certifications (preferred): CISSP, CEH, CISM, GCIH 2. Offensive Security Specialist / Penetration Tester-L3 Experience: 6+ Skills: Web/API/Mobile Pentesting, Threat Modeling, Code Review, DAST, Cloud & Microservices security Tools: Burp Suite, Metasploit, Cobalt Strike, Nmap Languages: Python, Go, Java, JavaScript, C++ Certifications (preferred): OSCP, OSCE, OSWE, GPEN, CEH 3. GRC Security Consultant-L3 Experience: 8+ years Skills: Risk assessments, audits, ISO/NIST/PCI/GDPR frameworks, GRC tools, TPRM, vendor/client management Certifications: ISO 27001 LA/LI, CISSP, CISA, CIPP, CCSP, CCSK Note: Immediate to 30 days' notice preferred.

Position Overview: We are seeking a proactive IT GRC professional to strengthen our governance, risk, and compliance framework. This role involves ensuring regulatory compliance, conducting IT risk assessments, managing audits, and driving policy implementation across technology functions. Ideal candidates will have a strong understanding of SEBI, RBI, and other regulatory guidelines relevant to the broking industry, along with hands-on experience in IT controls, cyber risk, and compliance reporting. Role & responsibilities: Implement, and maintain IT GRC frameworks, policies, procedures, and controls. Tracking compliance / regulatory requirements and ensure on timely reporting and closure. Maintain and Update Technology activity tracker. Drafting of documentations likes policy, procedure and SOPs, reports. Co-ordinating with various teams for receipt of timely data/ information to various regulatory authorities. Managing IT/ Technology audit like System Audit, IT General Controls audit, and other technology compliances etc. Facilitates audits, coordinate with various internal and external stakeholders for audit related data. Liaising with auditors for any follow-up actions etc. Managing ISO 27001:2022, ISO 22301: 2019 internal and external audits, along with preparedness and review of relevant documentation. Knowledge of Application Security, Vulnerability Assessment and Penetration Testing. Co-ordinate with various technology teams for closure of observations. Evaluating the best industry practice followed and identify the various process improvements and implementations. Preferred candidate profile: 1) 6 to 10 years of experiences in Information Technology infrastructure, IT audits. 2) Experience in managing information technology management, GRC, System, ISO 27001:2022, ISO 22301: 2019, ITGC audit. 3) Candidate should have Good knowledge of SEBI, RBI, CERT- IN, and other regulatory guidelines and framework. 4) Good interpersonal, communication, documentation, presentation skills and problem solving skills.

Design and implementing, managing, and monitoring security measures to protect our SaaS applications and the data of our customers. You will work closely with cross-functional teams to ensure our cloud security practices meet industry standards and comply with relevant regulations. As a SAAS Security Specialist, the individual will be a member of the Global Information Security team ensuring that Invesco s landscape is secure. You Will Be Responsible For: Develop and implement security strategies, policies, and procedures for SaaS applications. Security Posture Management: Implement and manage security posture management solutions using Adaptive Shield to continuously assess and improve the security of our SaaS applications. SaaS Application Onboarding: Lead the onboarding process for new SaaS applications, ensuring they meet security standards using MDCA and CrowdStrike Adaptive Shield. User Access Management: Implement and manage user access controls within SaaS applications using MDCA and Adaptive Shield. Data Encryption: Ensure data encryption standards are met across all SaaS applications. Vulnerability Management: Conduct regular vulnerability assessments and penetration testing using MDCA and Adaptive Shield to identify and mitigate security risks. Secure Development Practices: Collaborate with development teams to integrate security best practices into the software development lifecycle, ensuring secure-by-default solutions. Risk Assessment: Conduct regular security assessments and threat modeling to identify and mitigate potential risks in SaaS applications Monitor and respond to security incidents, vulnerabilities, and threats in the cloud environment. Defining technical security requirements related to cloud workloads that require integration with IAM, Security Groups, Data and Information Protection, CI/CD pipelines, Kubernetes, Security Information Event Monitoring (SIEM) systems integration, and others Researching and designing current and future cloud security solutions to improve compliance with NIST Framework and Cloud Security Alliance guidance by working to identify common patterns for template provisioning Developing and deploying infrastructure as a code scripts to implement and optimize security controls and mechanisms of a cloud infrastructure Supporting cloud projects, tactical initiatives and provide hands on implementation of various security technologies & processes with focus on cloud security. Support key business and tech projects related to Cloud Transformation. Providing appropriate support activities such as patches, upgrades, break fix and improvements Providing appropriate cloud security engineering and support activities such as patches, upgrades, enhancements Providing metrics and periodic updates on various projects assigned Investigating, documenting, and reporting on information security issues and emerging trends related to cloud environments globally Optimize existing automation solutions for performance and reliability. Staying updated with the latest technologies and tools in automation and continuously improving skills. Other Attend scheduled meetings with Team Lead/Department/Town Hall representation Become familiar with company methodologies Actively participate with Team Lead in creating personal development plan Provide the Team Lead with ideas to enhance or improve team processes and procedures and ensure agreed procedures are followed Attend scheduled training sessions Administrative activities - time sheets/compliance requests Work Experience / Knowledge: 5 - 8 years experience in an information security role, supporting SAAS Applications security programs and security engineering/architecture in complex enterprise environments Minimum of 7 years of experience in SaaS security, with hands-on experience using MDCA and Adaptive Shield. hands-on experience designing, configuring, and implementing enterprise-wide Cloud security solutions across AWS, Azure, Oracle and other major cloud providers, including microservices security Experience with cloud deployment orchestration, automation, and security configuration management Proficiency in one or more scripting languages such as Python and Powershell, including JSON Experience with blueprints, patterns, and guidelines that standardize and accelerate organizational cloud adoption and align to industry compliance frameworks such as SOX, PCI-DSS, HIPPA, NIST, ISO, GDPR, SOC1/2, etc. Knowledge of various security methodologies and processes, and technical security solutions, such as Prisma Cloud, Wiz, Container security, McAfee CASB, SIEM (Qradar/Splunk), IAM, Virtual Palo Alto, and other workload protection and security solutions Inter-personal skills / Other attributes required: Strong problem-solving capabilities with an analytical, methodical approach Excellent verbal and written communication skills, including impressive email communication abilities. Can articulate complex technical issues in a manner understandable to non-technical individuals. Adaptable to working in a global, multicultural environment. Exhibits a structured, disciplined approach to work with keen attention to detail. Displays disciplined time management skills. Capable of multitasking and handling multiple initiatives concurrently. Self-motivated and proficient in working with minimal supervision. Responds positively under pressure to meet tight deadlines. Can work effectively both independently and as a collaborative team player. Thrives on challenging work and exhibits a strong desire to learn and advance. Formal Education: BTech in Computer Science or Bachelors degree in Computer Science Our benefit policy includes but not limited to: Competitive Compensation Flexible, Hybrid Work 30 days Annual Leave + Public Holidays Life Insurance Retirement Planning Group Personal Accident Insurance Medical Insurance for Employee and Family Annual Health Check-up 26 weeks Maternity Leave Paternal Leave Adoption Leave Near site Childcare Facility Employee Assistance Program Study Support Employee Stock Purchase Plan ESG Commitments and Goals Business Resource Groups Career Development Programs Mentoring Programs Invesco Cares Dress for your Day

Job Description: Prudent Technologies and Consulting is hiring for a fast-growing Cybersecurity team that supports a customer base including the world s largest organizations. We have an immediate opening for a Senior Application Security Consultant. The role requires an experienced offensive consultant who understands application security testing methodologies, frameworks, tools and reporting. As a Senior Consultant you will perform and lead technical teams to conduct thorough security assessments as well as perform field related research. Candidates should be familiar with a variety of technologies including web, mobile, API, AI/LM, cloud, desktop, single sign-on and OAuth. Responsibilities: Consult with technical and non-technical client stakeholders Collaborate with Sales teams to assist in scoping efforts Lead projects and mentor less experienced consultants Perform advanced comprehensive penetration tests, adhering to industry-standard best practices Conduct penetration testing across diverse environments, including desktop applications, mobile applications, web applications, cloud environments, on-prem environments, APIs and AI/LM Document and report vulnerabilities, show proof-of-concepts where applicable, and provide detailed explanations to highlight severity, business impact, and tailored remediation steps Manages priorities and tasks to achieve utilization targets Participate in research and development efforts to improve the Cybersecurity practice Qualifications: Required Qualifications: 5+ years of direct experience performing manual penetration testing assessments on desktop applications, mobile applications, web applications, cloud environments, API and AI/LM Proficient at using penetration testing tools such as Burp Suite, DAST scanners, Metasploit and Nessus to identify and exploit vulnerabilities Able to write deliverable reports, including executive summaries and presentations, and status reports for clients Understanding of industry-standard security frameworks (e.g., OWASP and MITRE ATT&CK) Excellent project management, leadership, time management, and client consulting skills Preferred Qualifications: Bachelor s degree in computer science, information security, or related field Relevant certifications (e.g., OSCP and/or OSWE) Experience with scripting languages such as Python and Bash Experience with application development, systems engineering, or similar Published CVE/CWE contributions, participation in CTF events and independent research projects Education: Direct work experience performing application penetration testing assessments; ability to begin testing immediately with guidance on Prudent s specific approach and methodology

Responsibility: Oversee product cyber security in high-complexity development projects from acquisition to start of production (SOP) according to ISO/SAE 21434 or UNECE R-155. Planning & Development: Develop security activities and evaluate development efforts. Evaluation & Approval: Approve security concepts and strategies throughout development phases. QCT Targets: Achieve Quality, Cost, and Time targets related to cyber security work products. Tasks / Areas of Responsibility Planning & Guidance: Independently plan necessary cyber security activities and provide guidance to colleagues. Risk Analysis: Analyze product scope for cyber security risks, considering known weaknesses and vulnerabilities. Coordination: Define a holistic product cyber security concept. Coordinate with customers, suppliers, and subcontractors. Report to customers and obtain information from subcontractors. Support: Assist the development team in selecting security-compliant technologies and cryptographic procedures. Verification Methods: Define verification methods like fuzzing, vulnerability scanning, and penetration testing. Assessments & Training: Prepare cyber security assessments and implement training measures. Communication: Facilitate communication within the global HELLA cyber security network to improve processes. YOUR QUALIFICATIONS Bachelors OR masters degree in engineering ISO-21434 certification OR working experience CISSP certification is preferred Location - Hinjewadi Phase - 1.

As one of the world s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world. If youre looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day! Job Description Your Team Our Information Security department is to protect Invesco s information and Information assets from all internal and external, deliberate, or accidental threats. The information security team will protect data from unauthorized access while maintaining the confidentiality, integrity, and availability of information. In addition, designing and maintaining the Security Policies and Standards while adhering to legislative and regulatory requirements, providing information security training for all employees, and ensuring the business continuity of Invesco. Your Role: Design and implementing, managing, and monitoring security measures to protect our SaaS applications and the data of our customers. You will work closely with cross-functional teams to ensure our cloud security practices meet industry standards and comply with relevant regulations. As a SAAS Security Specialist, the individual will be a member of the Global Information Security team ensuring that Invesco s landscape is secure. You Will Be Responsible For: Develop and implement security strategies, policies, and procedures for SaaS applications. Security Posture Management: Implement and manage security posture management solutions using Adaptive Shield to continuously assess and improve the security of our SaaS applications. SaaS Application Onboarding: Lead the onboarding process for new SaaS applications, ensuring they meet security standards using MDCA and CrowdStrike Adaptive Shield. User Access Management: Implement and manage user access controls within SaaS applications using MDCA and Adaptive Shield. Data Encryption: Ensure data encryption standards are met across all SaaS applications. Vulnerability Management: Conduct regular vulnerability assessments and penetration testing using MDCA and Adaptive Shield to identify and mitigate security risks. Secure Development Practices: Collaborate with development teams to integrate security best practices into the software development lifecycle, ensuring secure-by-default solutions. Risk Assessment: Conduct regular security assessments and threat modeling to identify and mitigate potential risks in SaaS applications Monitor and respond to security incidents, vulnerabilities, and threats in the cloud environment. Defining technical security requirements related to cloud workloads that require integration with IAM, Security Groups, Data and Information Protection, CI/CD pipelines, Kubernetes, Security Information Event Monitoring (SIEM) systems integration, and others Researching and designing current and future cloud security solutions to improve compliance with NIST Framework and Cloud Security Alliance guidance by working to identify common patterns for template provisioning Developing and deploying infrastructure as a code scripts to implement and optimize security controls and mechanisms of a cloud infrastructure Supporting cloud projects, tactical initiatives and provide hands on implementation of various security technologies & processes with focus on cloud security. Support key business and tech projects related to Cloud Transformation. Providing appropriate support activities such as patches, upgrades, break fix and improvements Providing appropriate cloud security engineering and support activities such as patches, upgrades, enhancements Providing metrics and periodic updates on various projects assigned Investigating, documenting, and reporting on information security issues and emerging trends related to cloud environments globally Optimize existing automation solutions for performance and reliability. Staying updated with the latest technologies and tools in automation and continuously improving skills. Other Attend scheduled meetings with Team Lead/Department/Town Hall representation Become familiar with company methodologies Actively participate with Team Lead in creating personal development plan Provide the Team Lead with ideas to enhance or improve team processes and procedures and ensure agreed procedures are followed Attend scheduled training sessions Administrative activities - time sheets/compliance requests The Experience You Bring: Work Experience / Knowledge: 5 - 8 years experience in an information security role, supporting SAAS Applications security programs and security engineering/architecture in complex enterprise environments Minimum of 7 years of experience in SaaS security, with hands-on experience using MDCA and Adaptive Shield. hands-on experience designing, configuring, and implementing enterprise-wide Cloud security solutions across AWS, Azure, Oracle and other major cloud providers, including microservices security Experience with cloud deployment orchestration, automation, and security configuration management Proficiency in one or more scripting languages such as Python and Powershell, including JSON Experience with blueprints, patterns, and guidelines that standardize and accelerate organizational cloud adoption and align to industry compliance frameworks such as SOX, PCI-DSS, HIPPA, NIST, ISO, GDPR, SOC1/2, etc. Knowledge of various security methodologies and processes, and technical security solutions, such as Prisma Cloud, Wiz, Container security, McAfee CASB, SIEM (Qradar/Splunk), IAM, Virtual Palo Alto, and other workload protection and security solutions Inter-personal skills / Other attributes required: Strong problem-solving capabilities with an analytical, methodical approach Excellent verbal and written communication skills, including impressive email communication abilities. Can articulate complex technical issues in a manner understandable to non-technical individuals. Adaptable to working in a global, multicultural environment. Exhibits a structured, disciplined approach to work with keen attention to detail. Displays disciplined time management skills. Capable of multitasking and handling multiple initiatives concurrently. Self-motivated and proficient in working with minimal supervision. Responds positively under pressure to meet tight deadlines. Can work effectively both independently and as a collaborative team player. Thrives on challenging work and exhibits a strong desire to learn and advance. Formal Education: BTech in Computer Science or Bachelors degree in Computer Science Full Time / Part Time Full time Worker Type Employee Job Exempt (Yes / No) Yes Workplace Model At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office. Why Invesco In Invesco, we act with integrity and do meaningful work to create impact for our stakeholders. We believe our culture is stronger when we all feel we belong, and we respect each other s identities, lives, health, and well-being. We come together to create better solutions for our clients, our business and each other by building on different voices and perspectives. We nurture and encourage each other to ensure our meaningful growth, both personally and professionally. We believe in diverse, inclusive, and supportive workplace where everyone feels equally valued, and this starts at the top with our senior leaders having diversity and inclusion goals. Our global focus on diversity and inclusion has grown exponentially and we encourage connection and community through our many employee-led Business Resource Groups (BRGs). What s in it for you? As an organization we support personal needs, diverse backgrounds and provide internal networks, as well as opportunities to get involved in the community and in the world. Our benefit policy includes but not limited to: Competitive Compensation Flexible, Hybrid Work 30 days Annual Leave + Public Holidays Life Insurance Retirement Planning Group Personal Accident Insurance Medical Insurance for Employee and Family Annual Health Check-up 26 weeks Maternity Leave Paternal Leave Adoption Leave Near site Childcare Facility Employee Assistance Program Study Support Employee Stock Purchase Plan ESG Commitments and Goals Business Resource Groups Career Development Programs Mentoring Programs Invesco Cares Dress for your Day In Invesco, we offer development opportunities that help you thrive as a lifelong learner in a constantly evolving business environment and ensure your constant growth. Our AI enabled learning platform delivers curated content based on your role and interest. We ensure our manager and leaders also have many opportunities to advance their skills and competencies that becomes pivotal in their continuous pursuit of performance excellence. To know more about us About Invesco: https: / / www.invesco.com / corporate / en / home.html About our Culture: https: / / www.invesco.com / corporate / en / about-us / our-culture.html About our D&I policy: https: / / www.invesco.com / corporate / en / our-commitments / diversity-and-inclusion.html About our CR program: https: / / www.invesco.com / corporate / en / our-commitments / corporate-responsibility.html Apply for the role @ Invesco Careers : https: / / careers.invesco.com / india /

Job Description Work with External Auditors as required, including facilitating interactions and documentation requests. Assist with compliance framework assessments including, but not limited to NYDFS, PCI DSS, SOC, SOX, GLBA, CIS, MTL and HIPAA. Coordinate external penetration test(s). Coordinate remediation of observations noted from Audit(s) or Gap Analyses. Conduct Internal Audits each quarter. Conduct New Product Audits. Review and edit policies as necessary, but no less than annually. Develop technical security training programs for application users, site security personnel, IT and HR staff globally. Coordinates audit activities with customers workload and schedule. Maintains the Internal Audit manual and leads updates to audit templates. Conducting investigations on irregularities and errors seen during the Audit. Conduct Table Top exercises including, but not limited to Business Continuity/Disaster Recovery and Incident Response. Update Risk Assessment(s) no less than annually. Complete internal vulnerability scans. Complete new hire training, including but not limited to KnowBe4 and BAI. Work with vendors, banks, partners as required to meet their compliance needs, including but not limited to, Questionnaires, RFPs, and Report Requests. Provide consultation and advisement to the business and project leads around compliance initiatives. Performance of other duties and responsibilities as assigned Comply with and enforce company policies and procedures Provide regular and predictable attendance considering any rights to leaves provided by law or company policy Perform all essential job functions without posing a direct threat of harm to yourself or others Effective written and verbal communication with subordinates, peers and supervisor Preferred candidate profile Demonstrate an ability to work under pressure to meet deliverables accurately and on time Excellent communication, interpersonal, organizational, time management and leadership skills Collaborate effectively with other teams within the Security and Compliance department, IT and the Organization Must be able to resolve problems on a daily basis, handle conflict and make effective decisions under pressure. Determination, Dependability, Integrity, Professionalism

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. As a Senior Information Security Engineering Consultant, your responsibilities include administration, maintenance, architecture, and engineering related to on-premise and cloud security solutions. This includes, direct support, technical ownership, and leading others with regards to the platforms. Additional responsibilities as needed, but may include security posture review and analysis, security vulnerability scanning, monitoring and alerting development and tooling, and security incident response. Primary Responsibilities Work on-call and non-standard hours when necessary Support team leads and Subject Matter Expert (SME) for approaches, procedures, and implementation of Cybersecurity systems, specifically perimeter firewalls Be able to troubleshoot in highly complex, technical situations within an enterprise organization Be able to identify and mitigate risks Capable of formulating and implementing procedures and systems Be able to document and communicate on an expert level Have or be in process of obtaining advanced certifications pertinent to area of expertise Collaborate in the development of training content for issues related to IT Cybersecurity Develops and oversees the development of innovative approaches and solutions to complex problems and issues Supports the monitoring and responses to security incidents, offering expertise to ensure prompt and effective resolution Collaborates with director, managers, project managers, architects and other technical personnel to ensure mitigation of risks to the company Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Graduate degree or equivalent experience 6+ years of experience in IT Security for large enterprise environments 5+ years of experience with next gen/firewall (ex. Palo Alto) 5+ years of experience with WAN/LAN routing, switching, proxy and firewall environments Work experience as a system security engineer or information security engineer Proven solid planning and problem-solving skills Proven ability to troubleshoot in highly complex, technical situations within a matrixed organization Preferred Qualification CompTIA Security +, or related certification, PCNSE, CCNA, Network +

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. This Senior Information Security Engineer is a member of the UHC A&I Tech Infra, Cloud and Data Services team that supports US Health Group and Student Resources,. This engineer will work with 4000+ agents as level 2 support for security incidents and investigation. Their primary function will be to monitor and respond to all vulnerabilities in Tanium, Tenable, and Security Platform. In addition the engineer will have primary responsibility of all updates throughout the infrastructure for the UHC lines of business that ingests over 200,000 MB of logs for Windows and RHEL Servers. This engineer will also work in Service Now to monitor queues and work incidents to resolution. This engineer will be working in both on-premise and azure cloud monitoring security and compliance. This engineer will work throughout the organization to quickly remediate any daily findings of new vulnerabilities that arise and create daily reports to show updated findings and tasks for remediation. Primary Responsibilities Core Tasks: Tanium, Security Platform, TVM remediate all vulnerabilities, patching Maintain cadence of monthly patching schedule for updates to all environments Operate and maintain security systems to protect data and systems and ensure auditability and compliance Respond, analyze, and resolve outages, incidents and/or threats Fulfill service requests Deploy new, update existing, replace or decommission solutions Work in Microsoft Endpoint Configuration Manager (MECM) for patching and Vulnerability remediation Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualification Full time graduate Core Tasks: Tanium, Security Platform, TVM remediate all vulnerabilities, patching Maintain cadence of monthly patching schedule for updates to all environments Operate and maintain security systems to protect data and systems and ensure auditability and compliance Respond, analyze, and resolve outages, incidents and/or threats Fulfill service requests Deploy new, update existing, replace or decommission solutions Work in Microsoft Endpoint Configuration Manager (MECM) for patching and Vulnerability remediation Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission. #Nic #Nic

Performing critical operations on our Development and Production environments to meet Security and Compliance requirements. Maintaining Security and Compliance by monitoring, scanning, configuring, and patching a vast variety of cloud devices including various Windows and Linux OS systems, VMs, VMware ESXi, K8s nodes/clusters, cloud storage, and networking devices. Maintaining tooling and automation for managing security and compliance process for our internal and client environments. Deploying new architecture, devices, and automation for Security needs. Managing access and change controls for our development and production environments. Maintaining logging, performing analysis, and compiling evidence for Securityand Compliance reviews of our environments. The role is very important in our ability to deliver valuable automated and integrated solutions as a premier offering in IBM Cloud. With this, we have an extremely high demand for meeting the most stringent Security and Compliance standards. In our fast-paced and expanding organization, we foster an environment of continuous innovation and working in agile teams, to deliver the latest technology and provide excellent support to our clients. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise 8+ years of Overall experience as Security/Compliance Engineer. 3+ years of experience with system automation, scripting, and development 1+ years of experience with Linux system administration or development 1+ years of experience with Windows system administration or development 1+ years of experience with secure engineering practices and standards 1+ years of experience with software engineering and testing 1+ years of experience with Python Strong communication skills in English Preferred technical and professional experience 1+ years of experience with IBM SOS process and tooling, e.g. Nessus, QRadar, Uptycs, CrowdStrike, etc. 1+ years of experience with Windows Active Directory administration or development 1+ years of experience with Microsoft Windows Update or Group Policy Objects (GPO) 1+ years of experience with Access Control with IBM AccessHub 1+ years of experience with ServiceNow, e.g. for Change Management 1+ years of experience with GitHub issue and code management 1+ years of experience with IBM Cloud Risk Management process 1+ years of experience with IBM PSIRT process 1+ years of experience with data privacy and handling 1+ years of experience with ethical hacking and Pentesting 1+ years of experience with Jenkins build and platforms 1+ years of experience with networking, and network security components, firewalls, gateways 1+ years of experience with security standards, authentication, authorization, and encryption protocols 1+ years of experience with VMware administration 1+ years of experience with VMware API integration development 1+ years of experience with IBM Cloud API integration development Experience with Compliance needs across Industry verticals - ISO 27001, SOC2, PCI, HIPAA, etc.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience. Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

About the Role: Grade Level (for internal use): 10 Key Responsibilities: Participate in planning, execution, and reporting phases of technical cyber based audits in line with industry standards and best practices. Ensure the timely and effective execution of all planned cyber and tech risk audits. Majorly drive the execution of audits fieldwork to ensure thorough and effective assessments of IT and cybersecurity controls by utilizing appropriate audit methodologies and tools (e.g., risk-based auditing, data analytics). Follow up on Management Action Plans (MAPs) / audit findings to ensure timely and effective remediation of identified issues. Assist the leadership in Risk Assessment activities and collaborate with stakeholders to help identify and prioritize key IT and cyber risks. Use of Data Analytics to analyse artifacts and derive the audit findings. Stay updated on emerging IT risks and controls, including cloud computing, cybersecurity threats, and data privacy regulations. Help document audit findings, audit reports, and participate in stakeholder meetings. Required Technical Skills: Proficiency in Networking, DLP, Endpoint and Cloud technologies (AWS, Azure, Google Cloud). Knowledge of cybersecurity principles and practices as well as sound understanding of Artificial Intelligence and its applications. Proficiency in Vulnerability Assessment and Penetration Testing (VAPT) and Red-teaming exercises. Extensive experience with IT Infrastructure technologies as well as sound understanding of Disaster Recovery and Resiliency. Proficiency in using audit tools and techniques (e.g., data analytics, risk assessment software). Soft Skills: Excellent interpersonal and communication skills. Strong report writing and documentation abilities. Ability to multi-task and work collaboratively with cross-functional teams. Strong project management and organizational skills. Qualifications: Bachelor's or Master's degree in Computer Science, Engineering, Information Technology, or a related field. Relevant certifications such as CISA, CISSP, or equivalent are preferred. Minimum of 6 years of experience in a similar role. Experience in technology audits, added advantage with a background in Big4 audit firms. Proven track record of leading technology audit projects and teams. What we offer: High visibility to leadership and the opportunity to make a significant impact. A collaborative and innovative environment. The chance to work on state-of-the-art technologies and solutions. A role that combines strategic thinking with hands-on execution. Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwideso we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Our benefits include: Health & WellnessHealth care coverage designed for the mind and body. Flexible DowntimeGenerous time off helps keep you energized for your time on. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group)