1542 Penetration Testing Jobs - Page 21

Role: L3-Information Security Job Description: Primary Responsibility would be to manage the organizational practices for the following: Vulnerability Assessment Infrastructure(Cloud/Traditional DC) Penetration Testing Configuration Review Red Teaming Should be able to lead the team for delivery of Vulnerability Management operations. Conduct penetration testing as per the calendar activities and on demand request for Infrastructure Vulnerability Assessment. Conduct Vulnerability Assessment and Penetration Testing on Cloud Environment (AWS, GCP, Azure). Conduct configuration review as per the calendar activities and on demand request for server, database, network components. Identify and propose work around for critical vulnerabilities. Explain vulnerabilities to System owners and provide recommendations for mitigation Monitor progress of vulnerability mitigations and maintain track of remediation Provide advisory support to internal IT team for closure of identified vulnerability during the security testing Coordinate fixing of identified and accepted vulnerabilities with Airtel Payments Bank and Security Vendors. Stay abreast of newer trends in tools and technologies used for application security Develop POCs to demonstrate security issues Qualification: B.Tech, B.E, MCA or equivalent from a Recognized university At least 8 years of experience in similar role Certifications Preferred: OSCP, EC-council LPT. Hands on experience with popular security tools – Nessus, Metasploit, KALI Linux. Working knowledge of CIS Security benchmarks Has practical experience in auditing various OS , DB , Network and Security technologies

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- Expected to be an SME- Collaborate and manage the team to perform- Responsible for team decisions- Engage with multiple teams and contribute on key decisions- Provide solutions to problems for their immediate team and across multiple teams- Lead security architecture design discussions- Develop security architecture solutions- Conduct security assessments and provide recommendations Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Architecture Design- Strong understanding of cloud security principles- Experience with security tools and technologies- Knowledge of security compliance standards- Hands-on experience in implementing security controls Additional Information:- The candidate should have a minimum of 7.5 years of experience in Security Architecture Design- This position is based at our Noida office- A 15 years full time education is required Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityIQ Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in cloud security.- Conduct regular assessments of cloud security measures to identify areas for improvement. Professional & Technical Skills: - Must To Have Skills: Proficiency in SailPoint IdentityIQ.- Strong understanding of cloud security principles and frameworks.- Experience with identity and access management solutions.- Knowledge of regulatory compliance requirements related to cloud security.- Ability to analyze and mitigate security risks in cloud environments. Additional Information:- The candidate should have minimum 12 years of experience in SailPoint IdentityIQ.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Narnarayan Shastri Institute of Technology IFSCS is looking for Forensic Science Professional to join our dynamic team and embark on a rewarding career journey Provide specialized expertise and advice in a particular field or industry. Analyze complex problems and develop effective solutions. Collaborate with stakeholders to implement best practices and strategies. Conduct research and stay updated on industry trends and advancements. Mentor and support team members in their professional development. Develop and present reports, recommendations, and technical documentation. Ensure compliance with relevant regulations and standards.

About Certify : At CertifyOS, were building the infrastructure that powers the next generation of provider data products, making healthcare more efficient, accessible, and innovative. Our platform is the ultimate source of truth for provider data, offering unparalleled ease and trust while making data easily accessible and actionable for the entire healthcare ecosystem. What sets us apartOur cutting-edge, API-first, UI-agnostic, end-to-end provider network management platform automates licensing, enrollment, credentialing, and network monitoring like never before. With direct integrations into hundreds of primary sources, we have an unbeatable advantage in enhancing visibility into the entire provider network management process. Plus, our team brings over 25+ years of combined experience building provider data systems at Oscar Health, and were backed by top-tier VC firms who share our bold vision of creating a one-of-a-kind healthcare cloud that eliminates friction surrounding provider data. But its not just about the technology; its about the people behind it. At Certify, we foster a meritocratic environment where every voice is heard, valued, and celebrated. Were founded on the principles of trust, transparency, and accountability, and were not afraid to challenge the status quo at every turn. Were looking for purpose-driven individuals like you to join us on this exhilarating ride as we redefine healthcare data infrastructure. About the Role Certify s Shared Services team builds a cross-cutting framework that every product pod depends on - if a service is shared by more than one product, it lives here. As our Senior Technical Product Manager for Shared Services, you ll own the end-to-end strategy, roadmap and delivery of the infrastructure layers that power our entire provider data management ecosystem. You ll work closely with engineering leads, SREs, data engineers, and other product pods to ensure our API frameworks, data-access layer, rules engines, security/SSO, and other shared utilities are robust, scalable, and delightfully easy to adopt. What You Will Do Define and drive the Shared Services roadmap in alignment with other pods and overall product goals Prioritize and scope initiatives across our Shared Services Pod- API frameworks, data-access layer, rules engine, security/SSO, database management, reporting infrastructure, and other shared utilities. Take ownership of databases for top-level schema design, ensure data quality, and guardrails. Oversee the reporting data store in BigQuery Lead efforts to configure and extend the rules engine, enabling validation checks, transformations and monitoring processes Own OAuth2/SAML integrations for every tenant. Resolve core platform security vulnerabilities identified by Snyk, penetration testing Maintain the data model of the reporting data store, ensure synchronization from primary to reporting data store. Partner closely with engineering, SRE, and downstream product teams to deliver high-quality, well-documented services Establish key metrics (e.g. adoption rates, time-to-first-endpoint, uptime) and iterate based on real usage data Communicate progress, risks, and trade-offs clearly to stakeholders and leadership Lead and mentor a small cross-functional team, setting quarterly OKRs and ensuring smooth execution Must-Haves 7+ years in product management, with 3+ years owning backend or platform-level products Demonstrated experience defining and delivering API-first frameworks, middleware or core services Strong technical fluency in microservices, authentication (OAuth/SAML) and observability best practices Familiarity/expertise with SQL for reporting and analytics Excellent stakeholder management and communication skills across technical and non-technical audiences Proven ability to translate complex infrastructure needs into clear roadmaps and deliverables Nice-to-have Prior experience in healthcare technology, provider data management, or related regulations Familiarity with Google Cloud Spanner/Firestore migrations or comparable database modernization efforts Hands-on background in building analyst-friendly rule-authoring UIs or workflow tools Startup or high-growth-company experience, comfortable with rapid change and ambiguity This role reports to the Head of Platform and will be instrumental in scaling Certify s infrastructure into a true enterprise-grade substrate for every product pod. If you thrive on solving complex, cross-cutting challenges and love enabling other teams to move fast and safely, we d love to hear from you. At Certify, were committed to creating an inclusive workplace where everyone feels valued and supported. As an equal opportunity employer, we celebrate diversity and warmly invite applicants from all backgrounds to join our vibrant community.

About Certify : At CertifyOS, were building the infrastructure that powers the next generation of provider data products, making healthcare more efficient, accessible, and innovative. Our platform is the ultimate source of truth for provider data, offering unparalleled ease and trust while making data easily accessible and actionable for the entire healthcare ecosystem. What sets us apartOur cutting-edge, API-first, UI-agnostic, end-to-end provider network management platform automates licensing, enrollment, credentialing, and network monitoring like never before. With direct integrations into hundreds of primary sources, we have an unbeatable advantage in enhancing visibility into the entire provider network management process. Plus, our team brings over 25+ years of combined experience building provider data systems at Oscar Health, and were backed by top-tier VC firms who share our bold vision of creating a one-of-a-kind healthcare cloud that eliminates friction surrounding provider data. But its not just about the technology; its about the people behind it. At Certify, we foster a meritocratic environment where every voice is heard, valued, and celebrated. Were founded on the principles of trust, transparency, and accountability, and were not afraid to challenge the status quo at every turn. Were looking for purpose-driven individuals like you to join us on this exhilarating ride as we redefine healthcare data infrastructure. About the Role Certify s Shared Services team builds a cross-cutting framework that every product pod depends on - if a service is shared by more than one product, it lives here. As our Senior Technical Product Manager for Shared Services, you ll own the end-to-end strategy, roadmap and delivery of the infrastructure layers that power our entire provider data management ecosystem. You ll work closely with engineering leads, SREs, data engineers, and other product pods to ensure our API frameworks, data-access layer, rules engines, security/SSO, and other shared utilities are robust, scalable, and delightfully easy to adopt. What You Will Do Define and drive the Shared Services roadmap in alignment with other pods and overall product goals Prioritize and scope initiatives across our Shared Services Pod- API frameworks, data-access layer, rules engine, security/SSO, database management, reporting infrastructure, and other shared utilities. Take ownership of databases for top-level schema design, ensure data quality, and guardrails. Oversee the reporting data store in BigQuery Lead efforts to configure and extend the rules engine, enabling validation checks, transformations and monitoring processes Own OAuth2/SAML integrations for every tenant. Resolve core platform security vulnerabilities identified by Snyk, penetration testing Maintain the data model of the reporting data store, ensure synchronization from primary to reporting data store. Partner closely with engineering, SRE, and downstream product teams to deliver high-quality, well-documented services Establish key metrics (e.g. adoption rates, time-to-first-endpoint, uptime) and iterate based on real usage data Communicate progress, risks, and trade-offs clearly to stakeholders and leadership Lead and mentor a small cross-functional team, setting quarterly OKRs and ensuring smooth execution Must-Haves 7+ years in product management, with 3+ years owning backend or platform-level products Demonstrated experience defining and delivering API-first frameworks, middleware or core services Strong technical fluency in microservices, authentication (OAuth/SAML) and observability best practices Familiarity/expertise with SQL for reporting and analytics Excellent stakeholder management and communication skills across technical and non-technical audiences Proven ability to translate complex infrastructure needs into clear roadmaps and deliverables Nice-to-have Prior experience in healthcare technology, provider data management, or related regulations Familiarity with Google Cloud Spanner/Firestore migrations or comparable database modernization efforts Hands-on background in building analyst-friendly rule-authoring UIs or workflow tools Startup or high-growth-company experience, comfortable with rapid change and ambiguity This role reports to the Head of Platform and will be instrumental in scaling Certify s infrastructure into a true enterprise-grade substrate for every product pod. If you thrive on solving complex, cross-cutting challenges and love enabling other teams to move fast and safely, we d love to hear from you. At Certify, were committed to creating an inclusive workplace where everyone feels valued and supported. As an equal opportunity employer, we celebrate diversity and warmly invite applicants from all backgrounds to join our vibrant community.

At Cepheid, we are passionate about improving health care through fast, accurate diagnostic testing. Our mission drives us, every moment of every day, as we develop scalable, groundbreaking solutions to solve the world s most complex health challenges. Our associates are involved in every stage of molecular diagnostics, from ideation to development and delivery of testing advancements that improve patient outcomes across a range of settings. As a member of our team, you can make an immediate, measurable impact on a global scale, within an environment that fosters career growth and development. Cepheid is proud to work alongside a community of six fellow Danaher Diagnostics companies. Together, we re working at the pace of change on diagnostic tools that address the world s biggest health challenges, driven by knowing that behind every test there is a patient waiting. Learn about the Danaher Business System which makes everything possible. Cepheid is looking for a Lead Product Security Engineer responsible for the end-to-end security of Cepheid product(s) and working closely with software engineering and product security council in achieving product and security objectives. We are looking for passionate security professional with experience of working with software/application development, in a regulated industry supporting the implementation of secure development practices, threat modeling, architecture, design, vulnerability assessment and security verification/validation. This position is for Cepheid team located at Danaher India Development Center (IDC), Bangalore IDC is a research and development center with the vision of accelerating product roadmaps across various Danaher business segments. Started in 2014, the center now hosts 500+ associates, for multiple Danaher operating companies. The IDC workforce comprises of various product engineering teams, working on development of software and hardware components of cutting-edge products for, Immunoassay, Chemistry, Hematology, Molecular diagnostics, and Oncology, IDC has evolved as center of excellence for Cloud and data analytics, with significant contributions to the key informatics solutions. The teams consist of highly skilled software & hardware engineers and development managers. The teams are supported by local Product managers, Quality & Regulatory and Intellectual property specialists. The inhouse teams works in close coordination with other global R&D centers at US, France, Germany, Japan, Australia, Denmark and Sweden. Located at the center of Bangalore IT HUB, IDC is housed at state of art facility, measuring 120 K Sqft. In this role, you will have the opportunity to: Serve as a technical leader and mentor other product security engineers Develop/contribute success criteria for security product/solution testing Lead/contribute to vulnerability/incident assessment as per our defined process Address vulnerabilities and maintain product security posture The essential requirements of the job include: Engineering degree in Computer Science or equivalent 8+ Years of Relevant Experience Execute and Manage penetration testing, SAST, vulnerabilities assessment, threat modeling, security risk assessment across Cepheids products. Build cybersecurity controls, assess existing security controls, review security architecture and build security requirements and roadmaps for Cepheid systems. Knowledgeable in key aspects of the hardware; software, protocols, cloud and related infrastructure technology stack. Build product security capabilities, tools, and help automate where possible driving improvements to Cepheid product security processes and practices It would be a plus if you also possess previous experience in: Specialization in Cybersecurity preferred Industry experience in a regulatory environment. Working knowledge in Cybersecurity with software/application or product development. At Danaher, you can build a career in a way no other company can duplicate. Our brands allow us to offer dynamic careers across multiple industries. Were innovative, fast-paced, results-oriented, and we win. We need skilled people to keep winning. Here youll learn how DBS is used to shape strategy, focus execution, align our people, and bring value for customers and shareholders. Come join our winning team. Danaher is committed to competitive compensation that typically has key components including base salary, variable annual incentive compensation based on personal and company performance, and long-term incentive. Equal Opportunity Employer Danaher Corporation and all Danaher Companies are equal opportunity employers that evaluate qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity, or other characteristics protected by law. Join our winning team today. Together, we ll accelerate the real-life impact of tomorrow s science and technology. We partner with customers across the globe to help them solve their most complex challenges, architecting solutions that bring the power of science to life. For more information, visit www.danaher.com . At Danaher, we value diversity and the existence of similarities and differences, both visible and not, found in our workforce, workplace and throughout the markets we serve. Our associates, customers and shareholders contribute unique and different perspectives as a result of these diverse attributes.

At Cepheid, we are passionate about improving health care through fast, accurate diagnostic testing. Our mission drives us, every moment of every day, as we develop scalable, groundbreaking solutions to solve the world s most complex health challenges. Our associates are involved in every stage of molecular diagnostics, from ideation to development and delivery of testing advancements that improve patient outcomes across a range of settings. As a member of our team, you can make an immediate, measurable impact on a global scale, within an environment that fosters career growth and development. Cepheid is proud to work alongside a community of six fellow Danaher Diagnostics companies. Together, we re working at the pace of change on diagnostic tools that address the world s biggest health challenges, driven by knowing that behind every test there is a patient waiting. Learn about the Danaher Business System which makes everything possible. Cepheid is looking for a Lead Product Security Engineer responsible for the end-to-end security of Cepheid product(s) and working closely with software engineering and product security council in achieving product and security objectives. We are looking for passionate security professional with experience of working with software/application development, in a regulated industry supporting the implementation of secure development practices, threat modeling, architecture, design, vulnerability assessment and security verification/validation. This position is for Cepheid team located at Danaher India Development Center (IDC), Bangalore IDC is a research and development center with the vision of accelerating product roadmaps across various Danaher business segments. Started in 2014, the center now hosts 500+ associates, for multiple Danaher operating companies. The IDC workforce comprises of various product engineering teams, working on development of software and hardware components of cutting-edge products for, Immunoassay, Chemistry, Hematology, Molecular diagnostics, and Oncology, IDC has evolved as center of excellence for Cloud and data analytics, with significant contributions to the key informatics solutions. The teams consist of highly skilled software & hardware engineers and development managers. The teams are supported by local Product managers, Quality & Regulatory and Intellectual property specialists. The inhouse teams works in close coordination with other global R&D centers at US, France, Germany, Japan, Australia, Denmark and Sweden. Located at the center of Bangalore IT HUB, IDC is housed at state of art facility, measuring 120 K Sqft. In this role, you will have the opportunity to: Serve as a technical leader and mentor other product security engineers Develop/contribute success criteria for security product/solution testing Lead/contribute to vulnerability/incident assessment as per our defined process Address vulnerabilities and maintain product security posture The essential requirements of the job include: Engineering degree in Computer Science or equivalent 8+ Years of Relevant Experience Execute and Manage penetration testing, SAST, vulnerabilities assessment, threat modeling, security risk assessment across Cepheids products. Build cybersecurity controls, assess existing security controls, review security architecture and build security requirements and roadmaps for Cepheid systems. Knowledgeable in key aspects of the hardware; software, protocols, cloud and related infrastructure technology stack. Build product security capabilities, tools, and help automate where possible driving improvements to Cepheid product security processes and practices It would be a plus if you also possess previous experience in: Specialization in Cybersecurity preferred Industry experience in a regulatory environment. Working knowledge in Cybersecurity with software/application or product development. At Danaher, you can build a career in a way no other company can duplicate. Our brands allow us to offer dynamic careers across multiple industries. Were innovative, fast-paced, results-oriented, and we win. We need skilled people to keep winning. Here youll learn how DBS is used to shape strategy, focus execution, align our people, and bring value for customers and shareholders. Come join our winning team. Danaher is committed to competitive compensation that typically has key components including base salary, variable annual incentive compensation based on personal and company performance, and long-term incentive. Equal Opportunity Employer Danaher Corporation and all Danaher Companies are equal opportunity employers that evaluate qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity, or other characteristics protected by law. Join our winning team today. Together, we ll accelerate the real-life impact of tomorrow s science and technology. We partner with customers across the globe to help them solve their most complex challenges, architecting solutions that bring the power of science to life. For more information, visit www.danaher.com . At Danaher, we value diversity and the existence of similarities and differences, both visible and not, found in our workforce, workplace and throughout the markets we serve. Our associates, customers and shareholders contribute unique and different perspectives as a result of these diverse attributes.

Associate Consultant 2-4 Years Roles and Responsibilities: 1. To perform Web and API Penetration testing 2. Perform Cloud security assessment (AWS and Azure must) based on CIS benchmark 3. Client interaction 4. Perform retest post confirmation on the fixes 5 Follow-up with the relevant stakeholders on the remediation of open vulnerabilities Mandatory Skills required for the role: Web, API Penetration Testing Good understanding of OWASP methodology, ASVS and other checklists Knowledge on cloud security and CIS benchmark Good written and spoken communication skills Ability to do report walkthrough with relevant stakeholders Hands-on experience with Burp suite pro, SQLmap, Kali Linux tools Hands on experience with Prowler, Pmapper, Scoutsuite, Cloudsploit Optional Skills for the role: Thick client/ Mobile App PT Secure code review

1)The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with the operation and construction of tools to assist in these tasks. 2)Well-versed with OWASP Top 10, SANS, NIST and WASC Threat Classifications 3)Expertise in Vulnerability Assessment and Penetration Testing of Web Applications, Networks and Cloud (AWS/Azure) 4)Expertise in Penetration testing of Mobile applications 5)Well versed in Source Code Reviews 6)Familiar with popular tools like Burp suite, Paros, OWASP ZAP, Wireshark Nessus, NTO Spider, Metasploit, Exploit DB, Kali etc. 7)Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them 8)Must be CEH certified 9)Excellent communication skills written and verbal

The vision for Books org is to make every book ever published, in any language, available for every customer in less than 60 seconds. The Books shopping Experience team plays a key role in making this vision happen by providing shopping experiences that helps customers discover their next book to read. Customers shop for Kindle books from a variety of surfaces including desktops/laptops, Kindle E-ink devices, Fire Tablets and mobile browser on their phones and tablets. We provide shopping experiences for customers no matter where they are and what device they have. We are looking for a strong Software Development Engineer in Test to help us deliver high quality products with great efficiency. Furthermore, we need you to be self-driven, and solve problems for the long-term with innovative technical solutions. You will need to be able to work closely with other team members, as well as offer technical leadership to the team on automation. You should have an in-depth knowledge of automation framework design, development, solid understanding of computer science principles, and excellent customer focus. As an SDET, your responsibilities will include: Creating and designing automation frameworks that work across multiple devices and platforms. Collaborate with AI and machine learning teams to enhance and expand AI automation capabilities. Develop innovative AI solutions to improve the accuracy and effectiveness of our shopping platform. Evaluate and enhance the existing quality test infrastructure to ensure comprehensive testing and validation Develop new testing frameworks and tools to improve test coverage and efficiency. Creating tests for new features and services for the Books Shopping Experience Building automated tests using existing tools and frameworks to expose defects in product code Working directly with Software Developers, Product Managers, and Technical Program Managers to ensure proper development and quality of our applications and platforms Ability to understand products requirements and develop the right strategy for automation focus for the best coverage and reliability for the time invested Ensure code reviews tend to be rapid and uneventful. Provide useful code reviews for changes submitted by others. Dive deep into our testing methodologies to transform manual quality processes to highly automated quality solutions. A day in the life As a Software Development Engineer in Test on this team, you will be leading test automation and infrastructure development, as well as new test design and architectural choices (including genAI) which have a significant impact on our product, our business and most importantly, our customers. You will be working directly with Developers, QA Engineers, TPMs, and Product Managers to ensure the quality of our application. If you are creative, customer focused, have a passion for QA and test automation and enjoy working in a fun environment, this team is right for you. 2+ years of non-internship professional software development testing experience 1+ years of test automation frameworks and tools building experience Experience programming with at least one modern language such as Java, C++, or C# including object-oriented design Experience in penetration testing and exploitability-focused vulnerability assessment Experience in platform-level security mitigations and hardening for Linux and Windows Experience with AI and machine learning technologies is highly desirable Experience with cloud platforms Knowledge of data analytics and visualization tools Ability to handle multiple projects simultaneously and meet deadlines

Job Description: As an Internal Auditor , you will be responsible for implementing and monitoring best security practices across the organization. You will review company policies related to security and access controls, and coordinate closely with internal teamsespecially the Cloud and Cybersecurity teams—across our three affiliate companies. You will also act as a key point of contact for external auditors handling certifications such as ISAE 3402 , ISO 27001 , and ISO 27701 . Key Responsibilities Collaborate with cross-functional teams to implement best security practices. Respond to client and prospect security questionnaires. Assist external auditors and customers' auditors with evidence and information requests. Organize internal penetration tests and coordinate client-requested penetration testing. Act as a liaison for external auditors (ISAE 3402, ISO 27001, ISO 27701), coordinating the delivery of required documents and evidence with internal teams. Conduct internal audits for ISAE audit and ISO certifications. Create and update policies, procedures, and process flow documents periodically. Stay current with emerging technologies, security trends, and best practices to provide informed recommendations. Qualifications & Skills Bachelor's or Master’s degree in Computer Science, Software Engineering, or a related field. 3–4 years of professional experience as an auditor with a reputed firm (e.g., KPMG, Deloitte, EY, Accenture). Strong knowledge of auditing and security practices. Expertise in AWS Cloud, Active Directory (AD), penetration testing, vulnerability management, and firewalls. Strong understanding of SOC and NOC operations. ISO 27001 Lead Auditor Certification (mandatory). Experience in preparing documentation such as policies, procedures, and process flows. Hands-on experience in conducting internal audits for ISAE audit and ISO certifications. Excellent problem-solving skills and attention to detail. Strong verbal and written communication skills. Ability to work independently as well as collaboratively within a team. Commitment to continuous learning and staying updated on industry standards.

The role at KPMG in India involves providing professional services as a member of the affiliated Indian entities with KPMG International Limited. Since its establishment in August 1993, KPMG has been dedicated to leveraging a global network of firms and maintaining a deep understanding of local laws, regulations, markets, and competition. With offices across various cities in India, including Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada, the professionals at KPMG cater to national and international clients across different sectors. The responsibilities associated with this position include conducting cyber security assessments, Red Teaming, designing security architecture, performing infrastructure and application security assessments, carrying out vulnerability assessment and penetration testing, reviewing security of traditional IT and non-IT network environments such as Telecom and OT networks, addressing ICS Security, IOT Security, and API Security Testing. As an equal opportunity employer, KPMG in India is committed to providing a diverse and inclusive work environment.,

> Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT

Join our security team to identify vulnerabilities in systems and applications before malicious hackers do. Key Responsibilities: Conduct penetration testing Identify and report security vulnerabilities Simulate cyberattacks to test defenses Work with security teams to resolve issues Stay updated on emerging threats

Position Summary Job Description Information Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Maintains hardware, software and network firewalls and encryption protocols. Administers cybersecurity policies to control physical and virtual access to systems. Performs network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. Conducts penetration testing and vulnerability assessments of applications, operating systems and/or networks. Responds to cybersecurity breaches, identifies intrusions and isolates, blocks and removes unauthorized access. Researches and evaluates cybersecurity threats and performs root cause analysis. Assists in the creation and implementation of security solutions. Provides information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Supervisory Responsibilities This position has no supervisory responsibilities. Job Level Description Works on defined tasks that sometimes require the application of independent judgment. Developing individual contributor. Qualifications Education Bachelors degree in related field. Years of Related Experience Years of experience 2 to 5 years Physical Requirements The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit, stand, walk, bend, use hands, operate a computer, and have specific vision abilities to include close and distance vision, and ability to adjust focus working with computer and business equipment. Work Conditions Scientific Games, LLC and its affiliates (collectively, SG ) are engaged in highly regulated gaming and lottery businesses. As a result, certain SG employees may, among other things, be required to obtain a gaming or other license(s), undergo background investigations or security checks, or meet certain standards dictated by law, regulation or contracts. In order to ensure SG complies with its regulatory and contractual commitments, as a condition to hiring and continuing to employ its employees, SG requires all of its employees to meet those requirements that are necessary to fulfill their individual roles. As a prerequisite to employment with SG (to the extent permitted by law), you shall be asked to consent to SG conducting a due diligence/background investigation on you. This job description should not be interpreted as all-inclusive; it is intended to identify major responsibilities and requirements of the job. The employee in this position may be requested to perform other job-related tasks and responsibilities than those stated above.

At Securonix, we re on a mission to secure the world by staying ahead of cyber threats, reinforcing all layers of our platform with AI capabilities. Our Securonix Unified Defense SIEM provides organizations with the first and only AI-Reinforced solution built with a cybersecurity mesh architecture on a highly scalable data cloud. Enhanced by Securonix EON s AI capabilities, our innovative cloud-native solution delivers a seamless CyberOps experience, empowering organizations to scale their security operations and keep up with evolving threats. Recognized as a five-time leader in the Gartner Magic Quadrant for SIEM and highly rated on Gartner Peer Insights , our award-winning Unified Defense SIEM provides organizations with 365 days of hot data for rapid search and investigation, threat content-as-a-service, proactive defense through continuous peer and partner collaboration, and a fully integrated Threat Detection, Investigation, and Response (TDIR) experience all within a single platform. Built on a cloud-native architecture, the platform leverages the Snowflake Data Cloud for unparalleled scalability and performance. Securonix is proud to be a cybersecurity unicorn and featured in CRNs 2024 Security 100 list. Backed by Vista Equity Partners , one of the largest private equity firms with over $100 billion in assets under management, we have a unique advantage in driving innovation and growth. With a global footprint, we serve more than 1,000 customers worldwide , including 10% of the Fortune 100. Our network of 150+ partners and Managed Security Service Providers (MSSPs) enables us to deliver unmatched security solutions on a global scale. At Securonix, we are driven by our core values and place our people at the heart of everything we do: Winning as One Team: We work together with universal respect to achieve aligned outcomes Customer Driven Innovation: We innovate to stay ahead of the market and create value for our customers Agility in Action: We embrace change and are unified in our purpose and objectives amidst change Join us as we redefine cybersecurity, innovate fearlessly, and grow together as one team. Job Title: DevOps Engineer - CI/CD, Automation and DevSecOps Specialist Job Summary: We are seeking a highly motivated and experienced DevOps Engineer to join our team and champion a DevSecOps culture. This role will be focused on designing, building, and maintaining our CI/CD pipelines, with a specific focus on secure Java application builds, branching strategies, and automated deployments. The ideal candidate will be proficient in scripting (Python, Bash, and Groovy), have a strong understanding of Jenkins pipeline development, including the use of shared libraries, infrastructure as code, modern DevOps practices, and a security-first mindset. Additionally, a solid understanding of QA automation testing tools is beneficial, and proficiency with Selenium is considered an added advantage. You will play a critical role in enabling our development and QA teams to deliver high-quality, secure software rapidly and reliably. Key Responsibilities: Secure CI/CD Pipeline Development: Design, implement, and maintain robust, automated, and secure CI/CD pipelines using Jenkins and other relevant tools. This includes integrating security scanning and testing tools into the pipeline. Secure Java Build Expertise: Optimize and troubleshoot Java application builds, ensuring security best practices (including dependency management, vulnerability scanning), artifact repository management (Nexus, Artifactory) and build performance. Secure Branching Strategy Management: Implement and maintain effective and secure branching strategies (e.g., Gitflow, Trunk-Based Development), ensuring secure collaboration between development teams and preventing unauthorized code merges. Infrastructure as Code (IaC) with Security: Leverage IaC tools (e.g., Terraform, CloudFormation, Ansible) to automate secure infrastructure provisioning, configuration, and management for our CI/CD environment. This includes implementing security policies and access controls in code. Secure Jenkins Pipeline Development with Groovy: Develop complex, efficient, maintainable, and secure Jenkins pipelines using Groovy scripting, that integrate testing, security code quality checks, and automated deployments. This includes the use of shared libraries for reusable pipeline logic. Shared Library Development: Develop and maintain reusable Jenkins shared libraries using Groovy to encapsulate common CI/CD logic, promoting consistency and maintainability across pipelines. Scripting and Automation for Security: Utilize scripting (Python, Bash, and Groovy) to automate repetitive tasks, enhance CI/CD workflows, integrate security tools, and create custom tools to improve development and security productivity. Monitoring and Logging with Security Focus: Implement secure monitoring and logging solutions to proactively identify and address potential security vulnerabilities, performance issues, and malicious behavior in the CI/CD pipelines. Security Collaboration: Collaborate closely with security teams, development teams, QA, and other stakeholders to understand their needs, deliver secure solutions, and participate in security reviews. Continuous Security Improvement: Continuously identify areas for improvement within our CI/CD processes and infrastructure from a security perspective, and implement security best practices to improve efficiency and reliability. Documentation with Security Focus: Create and maintain clear, comprehensive, and security focused documentation for all CI/CD processes, infrastructure, and security controls. Vulnerability and Security Assessment: Perform regular vulnerability assessments of the CI/CD infrastructure and application codebase to identify and fix potential weaknesses. Threat Modeling: Conduct threat modeling exercises to identify potential security risks in the CI/CD process. Troubleshooting with Security Awareness: Troubleshoot issues with the CI/CD pipeline, build processes, deployments, and other areas related to the build system, always with security as a key concern. Integrate QA automation tools and frameworks within the CI/CD pipeline, enabling automated testing of new builds. Stay up to date with Security: Stay abreast of industry trends and emerging DevOps and security technologies and practices. Required Qualifications: Bachelors degree in Computer Science, Engineering, or a related field, or equivalent practical experience. 5+ years of experience as a DevOps Engineer, specializing in CI/CD and automation. Proven experience with implementing DevSecOps best practices in CI/CD pipelines. Strong proficiency in Java build processes, dependency management with Maven/Gradle, artifact repositories (Nexus, Artifactory) and experience with secure coding practices. Solid understanding of branching strategies, with the ability to implement security controls in branching. Extensive experience developing and maintaining complex Jenkins pipelines with built-in security checks, including declarative and scripted pipelines using Groovy. Proven experience developing and using Jenkins shared libraries using Groovy. Proven experience with infrastructure as code (Terraform, CloudFormation, Ansible) with a security focus. Excellent scripting skills in Python, Bash, and Groovy, with the ability to automate security tasks and integrate security tools into the workflows. Experience in implementing security scanning tools (e.g., SAST, DAST, SCA). Experience with monitoring and logging tools (e.g., Prometheus, Grafana, ELK) with a security perspective. Strong understanding of containerization technologies (Docker) and container orchestration (Kubernetes), including secure configurations. Experience with cloud platforms (AWS, Azure, GCP), including their security features. Excellent problem-solving, analytical, and troubleshooting skills, with a focus on security. Strong communication and collaboration skills. Experience working with security teams. Solid understanding of QA automation testing tools and frameworks. Preferred Qualifications: Experience with microservices architectures. Experience with security tools such as vulnerability scanners and penetration testing tools. Experience with secret management tools such as HashiCorp Vault. Experience with various testing frameworks and their integration into CI/CD pipelines with a focus on security. Familiarity with other programming languages (e.g., Go). Experience with GitOps and declarative configurations with security focus. Relevant certifications (e.g., AWS Certified DevOps Engineer, Certified Kubernetes Security Specialist (CKS)). Proficiency with Selenium or other automated testing tools. Key Skills: CI/CD: Jenkins, GitLab CI, CircleCI Java Build Tools: Maven, Gradle Branching Strategies: Gitflow, Trunk-Based Development Security Tools: SAST, DAST, SCA Infrastructure as Code: Terraform, CloudFormation, Ansible Scripting: Python, Bash, Groovy Containerization: Docker Container Orchestration: Kubernetes Cloud Platforms: AWS, Azure, GCP Monitoring & Logging: Prometheus, Grafana, ELK Artifact Repositories: Nexus, Artifactory Secret Management: Hashicorp Vault, AWS Secrets manager Jenkins Shared Library Development with Groovy QA automation tools and frameworks. Benefits: As a full-time employee with Securonix, you will be eligible for the following employee benefits: Health Insurance with a total sum insured is INR 5,00,000 Coverage: Self, Spouse, 2 kids, Dependent parents, or parents-in-law Personal Accident with total sum insured is INR 10,00,000 Term Life Insurance with a sum assured for employees is 5 times fixed base pay is covered.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Integrated Security Risk Management Good to have skills : Security Architecture DesignMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- Expected to be an SME- Collaborate and manage the team to perform- Responsible for team decisions- Engage with multiple teams and contribute on key decisions- Provide solutions to problems for their immediate team and across multiple teams- Develop and implement security architecture solutions- Conduct security assessments and provide recommendations- Stay updated on the latest security trends and technologies Professional & Technical Skills: - Must To Have Skills: Proficiency in Integrated Security Risk Management- Good To Have Skills: Experience with Security Architecture Design- Strong understanding of security risk management principles- Knowledge of cloud security best practices- Experience in implementing security controls in cloud environments Additional Information:- The candidate should have a minimum of 5 years of experience in Integrated Security Risk Management- This position is based at our Bengaluru office- A 15 years full time education is required Qualification 15 years full time education

Not Applicable Specialism Microsoft Management Level Senior Associate & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. Those in penetration testing at PwC will focus on penetration testing (or pen testing) which is a security exercise where a cybersecurity consultant attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a systems defences which attackers could take advantage of. & Summary Strong knowledge of web application security testing, API security testing Strong knowledge of Industry standard application security tools Burp Suite, Nmap, Zap proxy Strong knowledge of Industry standard DAST tool (example NetSparker) Strong knowledge in both static and dynamic assessments for desktop and mobile applications Strong knowledge in manual and automated testing process, focusing on OWASP methodology Strong Knowledge of vulnerability identification and remediation methodology. Knowledge of vulnerability assessments of network and security devices Strong knowledge of open source and commercial tools, proficient in Kali Linux based tools s Roles & Responsibilities Strong knowledge of web application security testing, API security testing Strong knowledge of Industry standard application security tools Burp Suite, Nmap, Zap proxy Strong knowledge of Industry standard DAST tool (example NetSparker) Strong knowledge in both static and dynamic assessments for desktop and mobile applications Strong knowledge in manual and automated testing process, focusing on OWASP methodology Strong Knowledge of vulnerability identification and remediation methodology. Knowledge of vulnerability assessments of network and security devices Strong knowledge of open source and commercial tools, proficient in Kali Linux based tools Mandatory skill sets VAPT, web application security testing, API security testing Preferred skill sets mobile security testing, DAST, penetration testing Years of experience required 3+ Yrs Education qualification BTech/BE/MTech from reputed institution/university as per the hiring norms Education Degrees/Field of Study required Bachelor of Technology, Master Degree Degrees/Field of Study preferred Required Skills Penetration Testing Accepting Feedback, Accepting Feedback, Active Listening, Analytical Thinking, Bash (Programming Language), Common Vulnerability Scoring System (CVSS), Communication, Creativity, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption, Ethical Hacking, Firewall (Network Security), Inclusion, Information Security, Information Security Management System (ISMS), Information Security Risk Assessments, Intellectual Curiosity, Intrusion Detection System (IDS), IT Infrastructure, Kali Linux, Learning Agility, Microsoft Active Directory {+ 25 more} Travel Requirements Government Clearance Required?

Transport is at the core of modern society. Imagine using your expertise to shape sustainable transport and infrastructure solutions for the future? If you seek to make a difference on a global scale, working with next-gen technologies and the sharpest collaborative teams, then we could be a perfect match. Role Overview : A Cybersecurity Officer in the automotive industry is responsible for ensuring the security of vehicle systems and networks from cyber threats. This involves identifying vulnerabilities, developing security measures, implementing security policies, and responding to security incidents. They also play a crucial role in staying up-to-date with the latest cybersecurity trends and advancements and providing training to other personnel. Responsibilities Identifying and evaluating potential cyber risks to automotive systems and networks. Analyzing automotive protocols (CAN, Ethernet) for vulnerabilities and developing countermeasures. Creating and implementing security policies and procedures for automotive organizations. Monitoring network traffic, responding to security incidents, and conducting root cause analysis. Ensuring compliance with relevant cybersecurity standards and regulations like ISO/SAE 21434 and UNECE R155/R156. Evaluate new cybersecurity regulations and setting up/ improving process instructions, templates and guidelines. Working with other teams, such as development, safety, and quality, to ensure security best practices are followed. Providing training and guidance to automotive personnel on cybersecurity topics. Promote a culture of cybersecurity awareness by organizing workshops and awareness campaigns. Keeping up-to-date with the latest cybersecurity trends, threats, and technologies. Monitor development work and activities that impact compliance regulations affecting both new type approval and extensions. Assess the overall cybersecurity practices of vendors and suppliers involved in vehicle components and systems. Technical Skills: Hands on experience with automotive protocols (CAN, LIN, Ethernet, etc,) Knowledge on CS controls like IPSec, SecOC, Secure boot, Secure debug etc Familiarity with TARA methodologies and risk mitigation strategies. Knowledge of known vulnerability databases e.g., NVD, CVSS, CVE, CWE Experience with CS Verification and validation (penetration testing and Fuzz testing) Applying methodologies like TARA, STRIDE, and FTA for risk assessment ISO 21434 (CCSP), CHE, CISSP or equivalent certification Qualification Bachelor/ Masters degree (or equivalent) in Cybersecurity, Computer Science, Information Technology/Security, Electrical Engineering. 4-10 years of experience in automotive cybersecurity coordinator or related roles Who we are and what we believe in Our focus on Inclusion, Diversity, and Equity allows each of us the opportunity to bring our full authentic self to work and thrive by providing a safe and supportive environment, free of harassment and discrimination. We are committed to removing the barriers to entry, which is why we ask that even if you feel you may not meet every qualification on the job description, please apply and let us decide. Applying to this job offers you the opportunity to join Volvo Group . Every day, across the globe, our trucks, buses, engines, construction equipment, financial services, and solutions make modern life possible. We are almost 100,000 people empowered to shape the future landscape of efficient, safe and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents with sharp minds and passion across the group s leading brands and entities. At Group People & Culture , a part of Volvo Group, we create the foundation and frameworks for people growth and organizational development, to drive the people agenda that enables the realization of the Volvo Group aspirations through people strategy and commitment. You will be part of a global and diverse team of highly skilled professionals who work with passion, trust each other and embrace change to stay ahead.

: Job Title- Information Security Specialist Corporate Title- Assistant Vice President Location- Pune, India Role Description Information Security Production Services (IS PS) supports all divisions with information security relevant areas, like Application user recertification and other identity & access management areas. IS PS is seeking an Information Security Analyst for Application Onboarding. Job Summary We are seeking a highly motivated and skilled information Security Specialist Assistant Vice President to join our CSO Unified Onboarding Team. The Successful candidate will play a key role in ensuring the timely and compliant onboarding of applications into the banks centralized Identity and Access Management Platforms Specifically Recertification, Request and Approval, and Segregation of Duties control systems. This position requires a strong background in information security practices, stakeholder management, and project execution. The selected candidate will be expected to operate with minimal supervision, take ownership of critical onboarding workstreams and act as a delegate for the manager when needed, including representing the team in leadership meetings, managing escalations and mentoring junior team members. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Drive the end-to-end onboarding of applications to central IAM platforms, ensuring alignment with enterprise security policies and compliance mandates. Act as the primary liaison between the Unified Onboarding Team and Business/application stakeholders to gather requirements, communicate timelines and resolve onboarding-related issues. Serve as the primary point of contact for stakeholders, including business application owners, control owners and technical teams. Provide subject matter expertise in recertification, access request workflows and segregation of duties controls. Support stakeholders through the onboarding lifecycle by offering guidance, answering queries and coordinating with control owners and technical teams. Ensure that all onboarding activities are tracked, documented and completed within defined timelines. Ensure documentation, tracking and reporting of onboarding progress, risks and delays. Escalate risks and delays appropriately, ensuring visibility to leadership and mitigation strategies are in place. Collaborate with internal information security, risk, audit, and compliance teams to ensure regulatory obligations are being met. Identify and implement process improvements to streamline onboarding and enhance user experience. Maintain awareness of regulatory updates, internal policy changes and IAM best practices to ensure continual alignment. Take ownership of escalated onboarding cases and drive them to resolution through effective collaboration and decision-making Support resource planning, work allocation and overall team coordination in alignment with program priorities. Proactively identify process gaps and lead continuous improvement initiatives within the team. Monitor team workload and onboarding metrics and prepare periodic status reports and executive summaries as required. Your skills and experience Bachelors degree in information technology, Cybersecurity, Computer Science or a related field. Should have 10+ years of total work experience or at least 8+ years of relevant experience in similar role. Strong working knowledge of recertification processes, access request and approval mechanisms and segregation of duties control. Excellent interpersonal skills with a track record of strong stakeholder management. Exceptional communication skills, able to present technical concepts clearly and confidently to non-technical stakeholders. Proven experience with task prioritization, independent decision making and escalation management. Ability to manage multi-tasks assignments and efficiently prioritize workload with limited supervision and resilient under pressure. Ability to build a network in the business and among business managers, project managers and subject matter experts Flexible, pro-active and innovative How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm We strive for a culture in which we are empowered to excel together every day. This includes acting responsibly, thinking commercially, taking initiative and working collaboratively. Together we share and celebrate the successes of our people. Together we are Deutsche Bank Group. We welcome applications from all people and promote a positive, fair and inclusive work environment.

: Job TitleApplication Security Specialist Corporate TitleAssistant Vice President LocationPune/Bangalore India Role Description DWS is evolving and expanding its internal information security team. In the CSO Information Security Assurance division, your role will involve assessing the implementation of controls to ensure adherence to Information Security Policies and Procedures. This verification process utilizes the most advanced compliance data sources (i.e., compliance evaluation based on operational data, self-assessment, and independent reviews) to determine whether the necessary information security controls have been established in DWSs applications, infrastructure, and IT processes, including EUDA/EUMA. In this context, it evaluates associated risks and identifies vulnerabilities related to unimplemented controls. The service also offers guidance on training and the application of security controls. What well offer you 100% reimbursement under childcare assistance benefit (gender neutral) Sponsorship for Industry relevant certifications and education Accident and Term life Insurance Your key responsibilities Your main responsibility will be to adhere to the Information Security roadmap for the applications (ensuring information security compliance) based on IS principles (confidentiality, integrity, and availability), and to verify their alignment with DWS/DB policies. Assist application team with the applications that are scheduled for migration/re-migration projects ensuring that its IS Criticality ratings are updated according to the DWS/DB IS criticality methodology. Take part in CSO assurance meetings associated with secure architecture design, new product approvals or other risk review discussions to prevent any delays or escalations arising from non-compliance. Assist the DWS CSO in executing the hybrid model as outlined for decisions related to the Aurora Operating Model, ensuring proper alignment with DB CSO ORR controls. Perform security assurance tasks on DWS CSO solutions, business applications, and IT infrastructure located within the Proteus environment. Conduct a security assessment when retiring business applications or IT applications in the Proteus environment. Aid in resolving regulatory findings and guarantee that there are no outstanding audit issues. Act as a liaison among key role holders such as ITAOs and TISOs to create a secure environment by assessing the Information Security needs. Provide support for the governance of EUDA within a DWS Unit. Contribute to the creation, testing, and management of IS Security Compliance campaigns in accordance with business needs (including documentation and training). Oversee Assurance processes and evidence evaluations throughout DWSs application portfolio to aid in reducing risks linked to non-compliant controls for all DWS entities. Assist in ensuring consistency with all other Control Functions for Operational Readiness. Security compliance reporting is a crucial aspect of the security assurance team. Therefore, you are required to work on the promptness of reporting, the precision of the content, and the comprehensiveness of risk and controls. Ensure automation in reporting and delivering value. Your skills and experience Clear understanding of information security risk and compliance framework. Experience in application security assessment activities. Minimum 8-14 years experience in Information security management area. Understanding on how application security policies, standards, requirements and controlsare defined. Strong Microsoft office (excel macro), automation and analytics experience. Experience in working with information security governance solutions. Experience in CISO Application Security Governance process design Proven experience with Information Security Standards implementation (e.g. ISO27001, ) Proven experience in implementing Risk management standards Any globally recognized information security certification (highly preferred) Graduation and above (preferably IT, Computer science) Understanding of current industry and agency standards, best practices, and/or frameworks i.e.MITRE ATT&CK, NIST, DORA, ENISA, ISO27001, SOC2, SoX, PCI, etc. Dedicated to undertaking any assigned tasks or projects related to CSO. Ability to explain, document and present Information Security risks in a clear, concise and understandable manner, ability to present a big picture and connect the dots Detailed oriented, collaborative and team oriented, ability to manage conflicts with Senior stakeholders Must work independently and can collaborate comfortably in a matrix organization with international teams. Excellent verbal and written communication skills, including the ability to effectively participate in and sometimes lead discussions and meetings with internal and/or executive management and other groups involved in Physical Security/technology control assessments. Structured and reliable work style How well support you About us and our teams Please visit our company website for further information: https://www.db.com/company/company.htm

Reporting Structure Reports to Senior Manager VAPT Education University degree in the field of computer science or IT. Experience/ Qualifications 5+ years of Information Security background is essential. 3+ years of Penetration testing, Red teaming and or vulnerability assessment experience Experience in evaluating the control environment through Ethical Hacking, Penetration Testing, Red Team assessments. Evaluation of security technologies to detect vulnerabilities Hands on experience in black-box, grey-box penetration testing on platforms like .Net, Java etc. Hands on experience on mobile testing of android and IOS A high-level appreciation of Security Architecture and Infrastructure Should be familiar with the best practices of OWASP, SANS Institute, ISACA, GAO, FISCAM, NSA, NIST, Internet Engineering Task Force (IETF) Develop a framework to test compliance of applications / systems. Experience in project management Industry Information technology Responsibilities Conduct internal / third-party Ethical Hacking / Vulnerability Assessment / Penetration Testing, Red Team assessment on business-critical assets and processes. Liaison with external ethical hacking / penetration testing for RBI projects Coordinate with security intelligence framework to obtain latest threats & vulnerabilities Prepare security effectiveness reports for management Testing the applications / systems for compliance to RBI / ReBIT Information Security practices Ensure new applications are inducted into Data centre after conducting pen testing / vulnerability assessment Prioritizing security vulnerabilities identified in ethical hacking, penetration testing and application / system testing based on business impact and update Security operations team for mitigating them Follow up on closure of these gaps and escalate when necessary Deciding the most relevant and applicable metrics for measuring security effectiveness and deciding on the requisite algorithms for their quantification Certifications (any two) CISSP CEH / OSCP / OSCE / GPEN Role & responsibilities Preferred candidate profile

Vulnerability Identification & Assessment: Manage and oversee vulnerability scanning tools (Qualys, Tenable, Rapid7, etc.). Analyze vulnerability data from multiple sources and assess the impact on business operations. Perform risk assessments and categorize vulnerabilities based on severity and exploitability. Remediation & Risk Mitigation:Collaborate with IT and development teams to ensure timely remediation of identified vulnerabilities. Prioritize vulnerabilities based on risk to the business and potential exploitability. Track remediation efforts and ensure proper closure of security gaps. Process & Policy Development:Define and maintain vulnerability management policies, standards, and procedures. Establish workflows for vulnerability detection, reporting, remediation, and validation. Ensure compliance with security frameworks such as NIST, CIS, ISO 27001, and regulatory standards like GDPR, HIPAA, and PCI-DSS. Security Monitoring & Threat Intelligence Integration:Work with threat intelligence teams to understand emerging threats and vulnerabilities. Ensure vulnerability management aligns with incident response and threat-hunting processes. Continuously enhance detection mechanisms to improve vulnerability discovery and response. Compliance & Audit Readiness:Ensure that vulnerability management practices align with regulatory and compliance requirements. Maintain records of assessments, remediation efforts, and compliance reports for audits. Support internal and external audits related to vulnerability management. Reporting & Metrics: Develop and present vulnerability status reports to security leadership and executive teams. Track key performance indicators (KPIs) related to vulnerability remediation SLAs and risk reduction Provide insights on security posture improvements based on trend analysis. Security Awareness & Collaboration:Conduct training sessions to educate teams on vulnerability risks and remediation best practices. Work closely with DevSecOps, SOC, and infrastructure teams to integrate security best practices into the development lifecycle Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Vulnerability Management Preferred technical and professional experience Qualys

Roles & Responsibilities: 1.Handling alerts and incident on XDR platform 2.Alert & incident triage and analysis 3.Proactively investigating suspicious activities 4.Log all findings, actions taken, and escalations clearly in the XDR and ITSM platform 5.Execute predefined actions such as isolating blocking IPs or disabling user accounts, based on set protocols. 6.Adhere to established policies, procedures, and security practices. 7.Follow-up with tech team for incident closure 8.Participating in daily standup and review meeting 9.L1 Analyst has responsibility to closely track the incidents and support for closure. 10.Escalate more complex incidents to L2 analysts for deeper analysis. 11.Work & support on multiple cybersecurity tool (DLP, GRC, Cloudsec tool, DAM) 12.Handle XDR alerts and followup with customer team for agent updates Key Responsibilities: Security Monitoring & Incident Response Governance Define and maintain security monitoring, threat detection, and incident response policies and procedures.Establish and mature a threat intelligence program, incorporating tactical and strategic threat feeds.Align SOC operations with evolving business risk priorities and regulatory frameworks.Platform & Toolset Management Evaluate, implement, and enhance SIEM platforms, ensuring optimal log ingestion, correlation, and rule effectiveness.Assess and manage deployment of EDR, XDR, SOAR, and Threat Intelligence solutions.Maintain and update incident response playbooks and automation workflows.Ensure consistent platform hygiene and technology stack effectiveness across SOC tooling.SOC Operations & Threat Detection Oversee 24x7 monitoring of security events and alerts across enterprise assets.Lead and coordinate proactive threat hunting across networks, endpoints, and cloud.Manage and support forensic investigations to identify root cause and recovery paths.Govern use case development, log source onboarding, and alert/event triage processes.Regulatory Compliance & Incident Management Ensure timely and accurate incident reporting in compliance with RBI, CERT-In, and other authorities.Retain logs in accordance with regulatory data retention mandates.Enforce and monitor security baselines for endpoints, in line with internal and regulatory standards.Advanced Threat Management & Reporting Plan, conduct, and report on Red Teaming and Purple Teaming exercises to test detection and response capabilities.Participate in and contribute to the Risk Operations Committee (ROC) meetings and initiatives.Review and track SOC effectiveness through KPIs, metrics, and regular reporting dashboards. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Required Qualifications: Bachelor’s or Master’s degree in Cybersecurity, Computer Science, or related field.2 years of experience in SOC management, incident response, or cyber threat detection roles.Hands-on expertise with SIEM (e.g., Splunk, QRadar, Sentinel), EDR/XDR tools, and SOAR platforms.Proven experience in playbook development, forensics, and threat hunting methodologies.Strong understanding of RBI/CERT-In incident reporting guidelines and log retention requirements.Familiarity with MITRE ATT&CK, threat modeling, and adversary emulation techniques. Preferred technical and professional experience Preferred Certifications: GCIA, GCIH, GCFA, CISSP, OSCP, CEH, CHFI, or similar certifications