1542 Penetration Testing Jobs - Page 22

Educational Bachelor of Engineering Service Line Data & Analytics Unit Responsibilities A day in the life of an Infoscion As part of the Infosys delivery team, your primary role would be to interface with the client for quality assurance, issue resolution and ensuring high customer satisfaction. You will understand requirements, create and review designs, validate the architecture and ensure high levels of service offerings to clients in the technology domain. You will participate in project estimation, provide inputs for solution delivery, conduct technical risk planning, perform code reviews and unit test plan reviews. You will lead and guide your teams towards developing optimized high quality code deliverables, continual knowledge management and adherence to the organizational guidelines and processes. You would be a key contributor to building efficient programs/ systems and if you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you!If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional : Technology-Business Intelligence - Visualization-Tableau Preferred Skills: Technology-Business Intelligence - Visualization-Tableau

Educational Bachelor of Engineering,Bachelor Of Technology,Master Of Engineering,Master Of Technology,Bachelor Of Computer Science,Master of Computer Science Service Line Cyber Security Responsibilities A day in the life of an Infoscion As part of the Infosys consulting team, your primary role would be to actively aid the consulting team in different phases of the project including problem definition, effort estimation, diagnosis, solution generation and design and deployment You will explore the alternatives to the recommended solutions based on research that includes literature surveys, information available in public domains, vendor evaluation information, etc. and build POCs You will create requirement specifications from the business needs, define the to-be-processes and detailed functional designs based on requirements. You will support configuring solution requirements on the products; understand if any issues, diagnose the root-cause of such issues, seek clarifications, and then identify and shortlist solution alternatives You will also contribute to unit-level and organizational initiatives with an objective of providing high quality value adding solutions to customers. If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Additional Responsibilities: Ability to work with clients to identify business challenges and contribute to client deliverables by refining, analyzing, and structuring relevant data Awareness of latest technologies and trends Logical thinking and problem solving skills along with an ability to collaborate Ability to assess the current processes, identify improvement areas and suggest the technology solutions One or two industry domain knowledge Technical and Professional : Primary skills:Technology-Finacle-Core-Payments-Real Time Gross Settlement-Master,Technology-Infrastructure Security-Security Incident and Event Management (SIEM),Technology-Infrastructure Security-Virtual Private Network, Firewall,Technology-Network-Firewall_and_Media-Check Point,Technology-Network-Firewall_and_Media-Juniper-Firewall,Technology-Network-Firewall_and_Media-Palo Alto Preferred Skills: Technology-Infrastructure Security-Security Incident and Event Management (SIEM)-IBM Qradar Technology-Infrastructure Security-Virtual Private Network Firewall-Zscaler ZPA Technology-Network-Firewall_and_Media-Check Point-firewall Technology-Network-Firewall_and_Media-Juniper-Firewall-firewall Technology-Network-Firewall_and_Media-Palo Alto Technology-Infrastructure Security-Secure Web Gateway-Zscaler ZIA

Position 1: Web and Network PT Consultant Proposed designation Consultant Role type Individual contributor Reporting to Work timings 12 PM to 9 PM Roles & responsibilities • Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications • Plan and execute network penetration testing and Red teaming assessments to simulate real-world attack scenarios. • Perform manual network and application penetration tests on internal network, Active Directory environment, web applications. • Perform social engineering assessment to assess the security awareness and physical security controls of the organization. • Ability to independently research for new vulnerabilities in systems and software and modify and customize tools, known exploits, POCs and scripts to meet operational requirement. • Research and stay up-to-date with the latest attack techniques, tools, and emerging threats. • Present technical reports to clients, explaining the outcomes of the testing and providing detailed insights and recommendations. • Collaborate effectively with cross-functional teams, including developers, IT operations, and business stakeholders to integrate security best practices seamlessly into project workflows. • Provide mentorship and guidance to junior security staff and foster a culture of proactive security awareness within the organization. This role is for you if you have the below • We are seeking an experienced and highly skilled Consultant with over 5+ years of working experience in the field of cybersecurity, including network penetration testing, vulnerability assessment, Active directory testing, phishing assessment and web application penetration testing. The ideal candidate will possess a strong working knowledge of Network protocols, performing OSINT to identify publicly available information and testing and exploiting Microsoft services like Windows Servers, Active directory, Certificate Services. Mandatory technical & functional skills JOB DESCRIPTIONS 2 • Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications • 5+ years of professional experience in cybersecurity, with a focus on Network penetration testing and Red teaming. • Strong understanding of Network protocols, web applications, cryptography, various operating systems and security technologies. • Strong understanding of exploitation of Microsoft platform used in enterprise environment such as windows Servers, Active Directory Certificate Service, Azure, etc. • Experience in one or more of the following a plus: Web application penetration testing, mobile application penetration testing application architecture and business logic analysis. • Relevant certifications, such as GWAPT, OSCP, OSEP, CRTP, CRTO, OSWA, are strongly preferred. Other information Interview process: Please expect 2-3 rounds of interview Does the job role involve travelling: No Does the busy season apply to this role: Seasonality of the work is dependent on the projects/ deliverable timelines Working location: Bangalore/Pune/Gurugram

Job Description: We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

Job Title: ISMS (Information Security Management System) Location: Airoli, Navi Mumbai Key Responsibilities: ISMS Implementation & Management: Develop, implement, and maintain the ISMS framework, including policies, procedures, and guidelines based on ISO 27001 and other relevant standards. Conduct regular risk assessments to identify vulnerabilities and recommend appropriate controls to mitigate information security risks. Coordinate with other departments to ensure adherence to ISMS protocols and align information security with business goals. 2. Compliance & Audits: Ensure the organization complies with regulatory requirements related information security, privacy, and data protection. Lead internal and external audits to assess the effectiveness of the ISMS, manage audit processes, and work towards continuous improvement. 3. Documentation & Reporting: Maintain comprehensive documentation for all ISMS processes, policies, controls, and audit activities. Prepare reports for senior management, detailing the effectiveness of the ISMS and recommending improvements. 4. Continuous Improvement: Monitor industry best practices and emerging security trends to enhance the organizations security posture. Recommend improvements to the ISMS based on audit findings, risk assessments, and new business requirements. 5. Desired Traits: Proactive and self-driven. Ability to work independently as well as part of a team. Strong collaboration and interpersonal skills to engage with stakeholders at all levels. Regards, Yugant Mirajkar Human Resources Kiya.ai

Job description Exp .-4-9 Years Location : Bangalore/Hyderabad/Chennai/Pune/Mumbai Must have skills- Penetration testing, DAST Testing, SAST Testing, OWASP top 10 The candidate should be having experience on various industry based security standards and the relevant tests. The candidate should possess comprehensive experience with various industry-recognized security standards (apart from OWASP, NIST, ISO 27001, and PCI-DSS) and demonstrate proficiency in conducting relevant security assessments and compliance-driven testing based on these frameworks.

About the Role : Looking for Cybersecurity Test Engineer who will be working closely with Hardware, Software and Systems engineering teams to deliver the next generation of Automotive SOC's. Ideal candidate is someone who has strong knowledge and hands on experience with Cybersecurity ISO 21434 standards. He/she should be able to Validate Cybersecurity features for Automotive SOC's and its applications. Responsibilities : - Perform penetration testing of SoC Automotive products. - Establish the Security goals and requirements. - Verification strategies in compliance with ISO 21434. - Develop test specifications, test cases, and test plans for security vulnerability testing. - Scan vulnerabilities with regards to CVSS levels and patch fixing from NIST database. - Perform code-level fuzz testing using open source tools. - Support documentation of test results and collaborate with the development team. - Participate in automating test process within CI/CD environments. - Setup and maintain traceability in compliance with Automotive SPICE requirements. - Experience in tools like OpenVAS, Nmap , wireshark, penetration testing for embedded systems. - Experience in Automotive domain is a must. - Practical experience performing TARA, security concepts and other Cybersecurity Artefacts mentioned in IS021434.

Job Title: WebPT P1 - Consultant Location: Bangalore & Pune (Hybrid Role) Contract Duration: 6 Months Roles & Responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Conduct manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: Web applications Internal applications APIs Internal and external networks Mobile applications Experience in one or more of the following is a plus: Mobile application testing Web application pen testing Application architecture Business logic analysis Work on application tools to perform security tests, including: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux Able to explain vulnerabilities such as: IDOR (Insecure Direct Object References) Second Order SQL Injection CSRF (Cross-Site Request Forgery) Provide root cause analysis and remediation guidance for identified vulnerabilities. Mandatory Technical & Functional Skills: Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux (or equivalent) Minimum three (3) years of performing manual penetration testing and code review against: Web applications Mobile apps APIs Minimum three (3) years of experience working with both technical and non-technical audiences in reporting results and leading remediation conversations. Preferred: One year of experience in the development of web applications and/or APIs. Ability to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. Certifications (Preferred but not required): GWAPT (GIAC Web Application Penetration Tester) CREST (Certified Testing Professional) OSCP (Offensive Security Certified Professional) OSWE (Offensive Security Web Expert) OSWA (Offensive Security Web Application) This is a 6-month contract role with hybrid work arrangements in Bangalore and Pune .

Job description Exp .-3-10 Years Location : Bangalore/Hyderabad/Chennai/Pune/Mumbai Must have skills- Penetration testing, DAST Testing, SAST Testing, OWASP top 10 The candidate should be having experience on various industry based security standards and the relevant tests. The candidate should possess comprehensive experience with various industry-recognized security standards (apart from OWASP, NIST, ISO 27001, and PCI-DSS) and demonstrate proficiency in conducting relevant security assessments and compliance-driven testing based on these frameworks.

Job Description: We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

- Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization - The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. - The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: - Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security - Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level - Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness -Tracking and reporting key risk indicators defined for IT processes - Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements - Create Review ISMS policy and process - Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL

Roles and Responsibilities: 1. To perform Web and Mobile Application and API Penetration testing 2. Client interaction 3. Perform retest post confirmation on the fixes 4. Follow up with the relevant stakeholders on the remediation of open vulnerabilities Mandatory skills required for the role: Web, API, and Mobile Penetration Testing Good understanding of OWASP methodology, ASVS, and other checklists Good written and spoken communication skills Ability to do report walkthrough with relevant stakeholders Hands-on experience with Burp suite pro, SQLmap, Kali Linux tools Optional skills for the role: Thick client App PT Secure code review

Cond Nast is a global media company producing the highest quality content with a footprint of more than 1 billion consumers in 32 territories through print, digital, video and social platforms. The company s portfolio includes many of the world s most respected and influential media properties including Vogue, Vanity Fair, Glamour, Self, GQ, The New Yorker, Cond Nast Traveler/Traveller, Allure, AD, Bon App tit and Wired, among others. Job Description Location: Bengaluru, KA Cond Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The companys award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each month. The company is headquartered in London and New York, and operates in 32 markets worldwide, including China, France, Germany, India, Italy, Japan, Mexico & Latin America, Russia, Spain, Taiwan, the U.K. and the U.S, with local licensed partners across the globe. The Cyber Security Team provides the security services that underpin Conde Nast s security posture and enhance the organisations security profile. The Cyber Security Team is responsible for; Information Security and Cyber Risk management, Security Operations and the global SOC, Security Architecture and Application Security as well as Security Engineering. This role sits within the Cyber Security team reporting into the Security Architecture and Engineering Manager and provides the team with application security expertise that will allow the team to fully engage with the Development and Engineering teams and work with them to embed security into their development lifecycle. The successful candidate will own and manage Cyber Security relationships with key stakeholders within the Platform, Development and Engineering teams. Conde Nast employs a large development team that develops around 250 products or services across the business which are predominantly consumed by our customers across the globe. As such we have a massive focus on ensuring all products we build and develop are done so securely. We are seeking someone who is an SME in the areas of Application Security and DevSecOps and has worked in a lead role within a global organisation for a number of years. The ideal candidate will come from a development background and will have demonstrable expertise in Application Security, DevSecOps, S-SDLC and relevant CI/CD methodologies. The applicant will act as the lead on all Application Security initiatives as well as initiatives which support securing the overall development lifecycle. The post holder will use their experience and knowledge to identify security gaps in our current application development lifecycle and processes and propose remedies to improve security throughout the lifecycle. In addition you will support our efforts to implement a shift security left approach with recommendations that will enable us to operate in a truly dedicated DevSecOps manner. The applicant should have an understanding of Application Threat modelling methodologies and will have experience of performing Threat modelling having previously used various tools in performing these. The applicant should look to actively promote adoption and use of such methodologies and ensure security requirements are understood and embedded into the development lifecycle. Duties: Work collaboratively with Product, Engineering and Global Architecture teams to identify vulnerabilities in applications, at the design stage. Engage regularly with development teams to discuss any security concerns relating to products or applications. Act as an SME on application vulnerabilities and support with detailing remediation steps to developers. Provide advice where required to assist with remediation. Perform manual testing to ascertain whether vulnerabilities are true positives and validate automated test scan results if required. Administer, manage and maintain our SCA, SAST, IaC, Container and DAST security solutions, ensuring tooling is fit for purpose and providing value, as well as new features are being utilised. Support with onboarding development teams onto security tooling and integrating tools into their CI/CD pipeline, ensuring their applications are regularly being scanned for vulnerabilities. Drive security improvements and enhancements within the products and applications Conde Nast develops. Identify gaps in our application security controls and make recommendations for improvements to tooling or processes to resolve the gaps and improve security. Support with Code Reviews/Analysis. Knowledge of Java, Java Script and NodeJs is essential. Support with arranging third party penetration testing against key applications or services. Support with any application security related questions developers have when making design decisions that may impact the security posture of applications. Provide business stakeholders and the GRC team with reporting on application vulnerabilities and KRI s across our application portfolio. Develop and maintain all documentation for our Application Security Tooling, including processes and procedures for onboarding and offboarding teams and utilising tools in general. Regularly update and maintain our Application Security standards, best practices and guidelines within Confluence to ensure developers have a central location to reference. Act as the Security Champion Program Co-ordinator, chairing meetings, bringing together Security Champions across development teams and ensuring Security requirements are published, passed onto teams and implemented as required. Required Skills: To be successful, the candidate will need to have and demonstrate the following knowledge, skills and experience, along with a proactive focused attitude; Minimum 5 years experience in Application Security and Engineering. Minimum 5 years experience in Secure Development Lifecycle Thorough knowledge of CI/CD and DevSecOps principles. Awareness of application security flaws and web application best practices (e.g. OWASP Top 10, CWE SANS Top 25) Understanding of STRIDE, or other Threat modelling or applicable methodologies Experience of working in a geographically dispersed organisation with varied stakeholders. Experience of implementing security within a DevOps environment i.e. adopting a shift-left approach within Application Security. Knowledge of cloud and containers essential (Kubernetes, AWS, Docker, AWS EKS) Experience of having worked with GitHub and GitHub actions is essential. Experience of using Static and Dynamic Code Analysis tools (Snyk and Rapid 7 AppSec are beneficial) Awareness and experience of the NIST framework and PCI-DSS Standard. Experience of container vulnerability scanning or securing containers. Experience of programming / development technologies, (this will be tested at interview) Experience of AWS WAF implementation and AWS services in general. Good communication, presentation and written language skills. Knowledge of development methodologies e.g. Agile Educational Qualifications: BS Computer Science or similar qualification Application Security certifications (CEH, CASE, CSSLP or similar) What happens next? If you are interested in this opportunity, please apply below, and we will review your application as soon as possible. You can update your resume or upload a cover letter at any time by accessing your candidate profile.

About the team: The Security Team is the focal point for all security activities across Swiss Re. We drive cybersecurity engineering and operations, governance, risk and compliance. We define and advance the companys security strategy. We own and develop applications and tools for vulnerability management, penetration testing, and Red Teaming. Were looking for a highly experienced software engineer who is passionate to shape with us the future of the security issues management for Swiss Re customers by designing and implementing back-end and front-end elements for our solution. Were looking for a person with a proactive mindset wholl enjoy the opportunity to shape something new. In your role, you will Design and implement features and components for our applications in the vulnerability management landscape. Ensure technical design is in line with architecture and meets security and quality requirements. Improve Swiss Res cybersecurity posture by developing, implementing and integrating vulnerability management and CSA (continuous security assurance) solutions. Work with QA engineers to ensure our solutions and integrations meet required high reliability and availability expectations. Contribute to technical documentation and operations of solution. Work with market leading security technologies and development environments. Have a chance to learn more about information and offensive security, and vulnerability management. Be someone who believes in continuous innovation, is curious and relentless in finding a better way every day. Your qualifications Nobody is perfect and meets 100% of our requirements. If you, however, meet some of the criteria below and are curious about the world of vulnerability management inside a well-established cybersecurity infrastructure, well be more than happy to meet you! What we need from you Total of 5+ years of experience with 3+ years of relevant work experience including complex projects in large organizations. Passion, drive, and a belief in the value of developing high-quality, secure-by-design applications. Experience with complex development projects on .NET Some experience in Python programming language. Proven experience in implementing RESTful services, following best practices and related protocols . Skilled in front-end development using JavaScript, with a focus on Angular framework . Familiarity with Entity Framework and database management systems such as MSSQL . Strong understanding of programming best practices and hands-on experience working with the Azure DevOps platform . Experience in data modelling and familiarization with database optimization concepts. Knowledge about authentication and authorization mechanisms. Experience in meeting non-functional requirements such as reliability, availability, performance. Good communication skills in spoken and written English Collaborative and team oriented. Nice-to-have A good understanding of multi-tier and microservice based architecture. Knowledge on containerization, cloud platforms like Azure and associated technologies/capabilities. Experience with the design, development, and deployment of Azure-based applications. Experience with agile development practices and DevOps. Experience in working on transaction intensive applications. Who is Swiss Re? As the worlds leading and most diversified global reinsurer, we offer as our core business financial services products that enable risk taking essential to enterprise and progress. Our company was founded in Zurich, Switzerland in 1863, and operates in more than 25 countries and provides its expertise and services to clients throughout the world. We combine financial strengths with experience, knowledge, and creative thought to explore new opportunities in the interests of our clients, staff, and shareholders. We are an equal opportunity employer, and we value diversity at our company. Our aim is to live visible and invisible diversity diversity of age, race, ethnicity, nationality, gender, gender identity, sexual orientation, religious beliefs, physical abilities, personalities, and experiences at all levels and in all functions and regions. We also collaborate in a flexible working environment, providing you with a compelling degree of autonomy to decide how, when, and where to carry out your tasks. We provide feedback to all candidates via email. If you have not heard back from us, please check your spam folder. About Swiss Re Swiss Re is one of the world s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. We anticipate and manage a wide variety of risks, from natural catastrophes and climate change to cybercrime. We cover both Property & Casualty and Life & Health. Combining experience with creative thinking and cutting-edge expertise, we create new opportunities and solutions for our clients. This is possible thanks to the collaboration of more than 14,000 employees across the world. If you are an experienced professional returning to the workforce after a career break, we encourage you to apply for open positions that match your skills and experience. Keywords: Reference Code: 134558

Cybersecurity Officer Location: Bangalore, IN, 562122 Position Type: Professional Role Overview : A Cybersecurity Officer in the automotive industry is responsible for ensuring the security of vehicle systems and networks from cyber threats. This involves identifying vulnerabilities, developing security measures, implementing security policies, and responding to security incidents. They also play a crucial role in staying up-to-date with the latest cybersecurity trends and advancements and providing training to other personnel. Responsibilities Identifying and evaluating potential cyber risks to automotive systems and networks. Analyzing automotive protocols (CAN, Ethernet) for vulnerabilities and developing countermeasures. Creating and implementing security policies and procedures for automotive organizations. Monitoring network traffic, responding to security incidents, and conducting root cause analysis. Ensuring compliance with relevant cybersecurity standards and regulations like ISO/SAE 21434 and UNECE R155/R156. Evaluate new cybersecurity regulations and setting up/ improving process instructions, templates and guidelines. Working with other teams, such as development, safety, and quality, to ensure security best practices are followed. Providing training and guidance to automotive personnel on cybersecurity topics. Promote a culture of cybersecurity awareness by organizing workshops and awareness campaigns. Keeping up-to-date with the latest cybersecurity trends, threats, and technologies. Monitor development work and activities that impact compliance regulations affecting both new type approval and extensions. Assess the overall cybersecurity practices of vendors and suppliers involved in vehicle components and systems. Technical Skills: Hands on experience with automotive protocols (CAN, LIN, Ethernet, etc,) Knowledge on CS controls like IPSec, SecOC, Secure boot, Secure debug etc Familiarity with TARA methodologies and risk mitigation strategies. Knowledge of known vulnerability databases e.g., NVD, CVSS, CVE, CWE Experience with CS Verification and validation (penetration testing and Fuzz testing) Applying methodologies like TARA, STRIDE, and FTA for risk assessment ISO 21434 (CCSP), CHE, CISSP or equivalent certification Qualification Bachelor/ Masters degree (or equivalent) in Cybersecurity, Computer Science, Information Technology/Security, Electrical Engineering. 4-10 years of experience in automotive cybersecurity coordinator or related roles We value your data privacy and therefore do not accept applications via mail. Who we are and what we believe in Our focus on Inclusion, Diversity, and Equity allows each of us the opportunity to bring our full authentic self to work and thrive by providing a safe and supportive environment, free of harassment and discrimination. We are committed to removing the barriers to entry, which is why we ask that even if you feel you may not meet every qualification on the job description, please apply and let us decide. Applying to this job offers you the opportunity to join Volvo Group . Every day, across the globe, our trucks, buses, engines, construction equipment, financial services, and solutions make modern life possible. We are almost 100,000 people empowered to shape the future landscape of efficient, safe and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents with sharp minds and passion across the group s leading brands and entities. At Group People & Culture , a part of Volvo Group, we create the foundation and frameworks for people growth and organizational development, to drive the people agenda that enables the realization of the Volvo Group aspirations through people strategy and commitment. You will be part of a global and diverse team of highly skilled professionals who work with passion, trust each other and embrace change to stay ahead. Job Category: Technology Engineering Organization: Group Trucks Technology Travel Required: Occasional Travel Requisition ID: 21340 View All Jobs Do we share the same aspirations? Every day, Volvo Group products and services ensure that people have food on the table, children arrive safely at school and roads and buildings can be constructed. Looking ahead, we are committed to driving the transition to sustainable and safe transport, mobility and infrastructure solutions toward a net-zero society. Joining Volvo Group, you will work with some of the world s most iconic brands and be part of a global and leading industrial company that is harnessing automated driving, electromobility and connectivity. Our people are passionate about what they do, they aim for high performance and thrive on teamwork and learning. Everyday life at Volvo is defined by a climate of support, care and mutual respect. If you aspire to grow and make an impact, join us on our journey to create a better and more resilient society for the coming generations.

Enterprise Security Engineer (P3) About the Role: Aviatrix, the leader in multi-cloud network security, is seeking a highly motivated and skilled Enterprise Security Engineer (P3) to join our Security team. This mid-to-senior-level role is critical for enhancing the security posture of our enterprise systems and ensuring a robust defense against evolving threats. As a key team member, you will drive security initiatives, collaborate with our Detection and Response team, and address complex challenges in a fast-paced, innovative environment. This position requires a self-starter with a strong foundation in enterprise and cloud security, coupled with a track record of learning and adapting to emerging security trends. Responsibilities: Cloud & Infrastructure Security: Architect, deploy, and maintain security measures across our multi-cloud environments (AWS, Azure, GCP), including infrastructure hardening, configuration reviews, and continuous monitoring. Application & AI Security Review: Conduct security assessments of business-critical applications and AI/ML deployments perform threat modeling, secure code reviews, dependency scanning, and penetration tests to identify and remediate vulnerabilities. Platform & Tool Management: Design, configure, and manage core security platforms (SSO, IAM, MDM, SIEM, EDR/NDR, email security) to enforce policies consistently across both applications and infrastructure. Network Defense & Threat Detection: Evaluate, integrate, and optimize network security technologies (firewalls, IDS/IPS, VPNs) to strengthen protections against ransomware, DDoS, insider threats, and data leakage. Incident Response & SOC Partnership: Collaborate with the SOC to triage, investigate, and remediate incidents affecting applications or infrastructure, driving rapid response and post-incident learning. Requirements: Demonstrated experience conducting in-depth cloud infrastructure security reviews assessing configurations, network architectures, and control implementations to identify and remediate risks. Hands-on experience architecting and securing cloud application deployed in AWS, with familliarty of other CSPs such as Azure and OCI, knowledge of each platform s native security services and best practices. Demonstrated application and AI security background: threat modeling, secure code reviews, dependency scanning, and penetration testing of business-critical applications. Solid understanding of network defense and threat detection technologies firewalls, IDS/IPS, VPNs and proven track record mitigating ransomware, DDoS, insider threats, and data loss. Familiarity with infrastructure-as-code (Terraform, CloudFormation) and CI/CD pipelines to drive automated, secure deployments. Experience partnering with SOC teams on incident response, investigation workflows, and post-incident lessons learned. Excellent communicator and mentor, capable of sharing best practices, coaching junior engineers, and driving cross-functional security awareness. Relevant certifications are highly desirable, such as CISSP, CISM, CCSP, AWS Certified Security - Specialty, Azure Security Engineer Associate, or equivalent. BENEFITS US : We cover 100% of employee premiums and 88% of dependent(s) premiums for medical, dental and vision coverage, 401(k) match, short and long-term disability, life/AD&D insurance, $1,000/year education reimbursement, and a flexible vacation policy. Outside the US: We offer a comprehensive benefits package which, (subject to regional variations) could include pension, private medical for you and dependents, generous holiday allowance, life assurance, long-term disability, annual wellbeing stipend Your total compensation package will be based on job-related knowledge, education, certifications and location, per our aligned ranges. About Aviatrix Aviatrix is the cloud network security company trusted by more than 500 of the world s leading enterprises. As cloud infrastructures become more complex and costly, the Aviatrix Cloud Network Security platform gives companies back the power, control, security, and simplicity they need to modernize their cloud strategies. Aviatrix is the only secure networking solution built specifically for the cloud, that ensures companies are ready for AI and what s next. Combined with the Aviatrix Certified Engineer (ACE) Program , the industry s leading secure multicloud networking certification, Aviatrix unifies cloud, networking, and security teams and unlocks greater potential across any cloud. WE WANT TO INCLUDE YOU We embrace the fact that not everyone s journey took the same route or started at the same place. If your experience doesn t quite meet the requirements but the opportunity excites you and you believe you could be great, don t let that hold you back from applying. Tell us what you CAN bring and what makes you special. Aviatrix is a community where everyones career can grow and we want to help you achieve your goals and be your best YOU, however that looks. If youre seeking an opportunity where you can be excited to start work every morning with enthusiastic people, make a real difference and be part of something amazing then let s talk. We want to get to know you and how we could grow together. Aviatrix, Inc. is an equal opportunity employer and does not make hiring decisions based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. CPRA - California Applicant Privacy Notice

Work Flexibility: Hybrid Job Description What you will do: Provide technical leadership and guidance to a team of Web, Embedded and IoT Security engineers. Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices. Leverage DevSecOps to embed security testing (SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation) into all phases of SDLC. Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services. Develop and maintain comprehensive test plans, methodologies, and tools for security testing. Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies. Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions. Lead the SBOM Management program, ensuring accurate identification and documentation of software components and dependencies. Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management. What you need: Required Qualifications: Bachelors or Master s in Computer Science Engineering 4 to 7 years of experience Experience with threat modeling, risk assessment, and security architecture reviews for Embedded Systems and IoT solutions. Proficiency in C, CPP & Python programming language Familiarity with relevant standards and frameworks such as OWASP, NIST Cybersecurity Framework, and ISO 27001. Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context. Preferred Qualifications: Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit and DevSecOps principles. Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python. Understanding of Cloud based environments like Azure and AWS. At least one professional certification like ECSA Practical / CPENT / LPT / OSCP / OSWE / OSCE or similar involving practical exams. Travel Percentage: 10%

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Fortinet Firewall. Experience5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Security Log Monitoring. Experience5-8 Years.

Role Purpose The purpose of the role is to support process delivery by ensuring daily performance of the Production Specialists, resolve technical escalations and develop technical capability within the Production Specialists. Do Oversee and support process by reviewing daily transactions on performance parameters Review performance dashboard and the scores for the team Support the team in improving performance parameters by providing technical support and process guidance Record, track, and document all queries received, problem-solving steps taken and total successful and unsuccessful resolutions Ensure standard processes and procedures are followed to resolve all client queries Resolve client queries as per the SLAs defined in the contract Develop understanding of process/ product for the team members to facilitate better client interaction and troubleshooting Document and analyze call logs to spot most occurring trends to prevent future problems Identify red flags and escalate serious client issues to Team leader in cases of untimely resolution Ensure all product information and disclosures are given to clients before and after the call/email requests Avoids legal challenges by monitoring compliance with service agreements Handle technical escalations through effective diagnosis and troubleshooting of client queries Manage and resolve technical roadblocks/ escalations as per SLA and quality requirements If unable to resolve the issues, timely escalate the issues to TA & SES Provide product support and resolution to clients by performing a question diagnosis while guiding users through step-by-step solutions Troubleshoot all client queries in a user-friendly, courteous and professional manner Offer alternative solutions to clients (where appropriate) with the objective of retaining customers and clients business Organize ideas and effectively communicate oral messages appropriate to listeners and situations Follow up and make scheduled call backs to customers to record feedback and ensure compliance to contract SLAs Build people capability to ensure operational excellence and maintain superior customer service levels of the existing account/client Mentor and guide Production Specialists on improving technical knowledge Collate trainings to be conducted as triage to bridge the skill gaps identified through interviews with the Production Specialist Develop and conduct trainings (Triages) within products for production specialist as per target Inform client about the triages being conducted Undertake product trainings to stay current with product features, changes and updates Enroll in product specific and any other trainings per client requirements/recommendations Identify and document most common problems and recommend appropriate resolutions to the team Update job knowledge by participating in self learning opportunities and maintaining personal networks Deliver NoPerformance ParameterMeasure1ProcessNo. of cases resolved per day, compliance to process and quality standards, meeting process level SLAs, Pulse score, Customer feedback, NSAT/ ESAT2Team ManagementProductivity, efficiency, absenteeism3Capability developmentTriages completed, Technical Test performance Mandatory Skills: Agile DevSecOps Consulting. Experience5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Vulnerability Assessment Penetrationtest. Experience3-5 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Data Security Consulting. Experience5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: F5 Load Balancers. Experience3-5 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT