Strategy Design and implement secure application architectures aligned with business and security requirements. Strategy Develop and enforce secure coding standards across engineering teams. Strategy Automate security testing in CI/CD pipelines, including SAST, DAST, and dependency scanning. Strategy Perform threat modeling and risk assessments for applications and services. Operations Conduct regular security code reviews and vulnerability assessments. Operations Monitor and respond to application security incidents, working closely with engineering and DevOps teams. Operations Research and recommend new security technologies and best practices to improve application security. Operations Maintain security documentation and ensure compliance with internal policies and industry standards. Collaboration Partner with engineering teams to prioritize security fixes and integrate security best practices into the SDLC. Collaboration Communicate security risks and solutions effectively to both technical and non-technical stakeholders.

Container Security 7500 containers security scanning They are all in the same repository so scanning effort should be similar whether it is 200 or 7500 Need a Snyk technical expert who has performed container scanning in the past The following experience is a must have: Snyk, AWS, AWS Fargate, Artifactory, Jenkins, SCA/SAST They have already done a lot of the work around pipeline integration Threat Modeling Experience threat modeling expert using methodology like STRIDE Thought leader in the space Put a model together to perform Threat Modeling at the organization They already have questionnaires built but need someone to mature the process Start with up to 2 applications

Role Overview We have an exciting opportunity for a Senior Penetration Tester to join our thriving Cyber Security practice. We are seeking a skilled individual, with expertise in penetration testing or vulnerability research, who can contribute to the development of innovative solutions and security outcomes to safeguard both our clients and our own organisation. Responsibilities Support your team to deliver high impact technical projects to customers Lead penetration testing engagements Provide technical advice on all areas of security technology /technologies including: Network security Platform security Authentication systems Application security Security architecture Analyse, triage, report and prioritise findings to internal teams, customers, vendors and security teams. Design, develop and maintain tools and techniques for adversarial simulation, vulnerability research, and exploit development. Contribute to the development of internal and external cybersecurity strategy, policy, standards, and frameworks. About you Possess at least 2 years direct experience in penetration testing or vulnerability research Skilled in relevant programming languages (C/C++, C#, Java, Python) Experienced in scripting with the ability to develop custom scripts, exploits, and tools. Strong knowledge of both web application and infrastructure testing What we look for in our people Strong alignment with FSP values and ethos Commitment to teamwork, quality and mutual success Proactivity with an ability to operate with pace and energy Strong communication and interpersonal skills Dedication to excellence and quality Who are FSP Founded in 2012, FSP Consulting Services (FSP) are a leading enterprise-level digital evolution and cyber security consultancy. We enable peak performance, cultural cohesion and business growth through technology by adopting a comprehensive approach to strategy and creating viable , sustainable, and resilient digital futures for organisations and their teams. At the heart of everything we do is our unwavering commitment to the evolution of organisations and their people. We work in partnership with our clients, helping them to become responsive, engaged and supremely equipped for a successful future, blending high-quality business and technology delivery with a dedication to exceptional client experience. Behind this commitment is a dedicated employee-first strategy, built around our organisation s core values. We are proud to be a multi award-winning workplace, most notably recognised by Best Companies as #1 Best Company To Work For in the UK, Tech and the South East in 2023. We are ISO27001 and ISO9001 Certified by UKAS. We are also a CREST approved penetration testing and SOC company, IASME Cyber Essentials Certification body and Cyber Essentials Plus certified. Find out more about our awards here: https://fsp.co/about-fsp/ Why work for FSP At FSP, we are committed to providing: A collaborative and supportive environment in which you can grow and develop your career The tools and opportunity to do work you can be proud of A chance to work alongside some of the best people in the industry, who always seek to share their knowledge and experience Hybrid working - we empower you to make smart choices about when and where to work to achieve great results Industry leading coaching and mentoring Competitive salary and an excellent benefits package

Your Tasks Incident handling and response for all locations worldwide Member of the global C.E.R.T. team. Monitoring of IT security-relevant systems Defense against IT security-relevant threats (Intrusion Detection und Advanced Attack Defense) Communication in existing service clusters about current IT security topics and measures. Support in the implementation of IT security-relevant measures on IT systems such as mitigation, patching, shutdowns, etc. Technical and organizational consulting as well as support of the departments regarding IT security (cloud services, IT processes, data centers, network, etc.) Preparation of monitoring reports (planning, preparation and implementation) Global on-call service Your Skills Well-founded training in the field of antimalware management and minimum 3 years of experience with such systems Degree in the field of (business) informatics or many years of professional experience with comparable professional qualifications Experience in the field of IT security, Monitoring and defense Independent, analytical and structured way of working as well as hands-on mentality High self-motivation, ability to work in a team and strong communication skills in-depth knowledge of firewalls, antimalware systems, penetration testing and data encryption. Understanding of common network architectures and protocols Knowledge of current attack patterns, methods and tactics Creativity and openness to technical innovations Good knowledge of windows and Linux operating system Good to have Experience with tools like Nessus, Splunk, and XMCyber is also beneficial. ITIL knowledge Scripting knowledge Kindly send your profile to talentacquisition-india@durr.com to apply for this job. D rr IT Services in India is represented by Schenck RoTec - a fully owned subsidiary of the D rr Group.

Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business. Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow - all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible. Your Role We are looking for an enthusiastic candidate with outstanding talent to join the MCAD-QA team. Ideal candidates will have a passion for technology. You will be part of a fast-moving, experienced team using agile development processes to test world-class software product which will bring value to our customers. Key Responsibilities: Collaborate with cross-functional teams to understand customer requirements and ensure software quality. Develop and execute test plans, test cases, and test scripts. Identify, document, and track software defects. Perform various types of testing, including functional, regression, integration, and performance testing. Provide feedback and recommendations to improve software usability and functionality. Take an active role in evolving the product strategy and roadmap. Monitor and report on quality metrics. Perform Root Cause Analysis (RCA) to identify and resolve issues. Qualifications: 5+ years of experience in Creo. Strong understanding of customer requirements and problem-solving skills. Proficiency in various Creo modules. Detail-oriented with excellent analytical skills. Knowledge of testing methodologies. Location: Pune, India Preferred Qualifications: Experience or knowledge with in various modules of Creo. Experience or knowledge of modeling techniques. Any exposure to security testing - vulnerability assessment, and penetration testing in desktop environments will be an added advantage. Basic Qualifications: Bachelor s degree in Mechanical Engineering or equivalent technical experience Demonstrated success in product design and development Minimum 3 years in hands-on Design using Creo. Life at PTC is about more than working with today s most cutting-edge technologies to transform the physical world. It s about showing up as you are and working alongside some of today s most talented industry leaders to transform the world around you. If you share our passion for problem-solving through innovation, you ll likely become just as passionate about the PTC experience as we are. Are you ready to explore your next career move with us? We respect the privacy rights of individuals and are committed to handling Personal Information responsibly and in accordance with all applicable privacy and data protection laws. Review our Privacy Policy here ."

Our world is transforming, and PTC is leading the way. Our software brings the physical and digital worlds together, enabling companies to improve operations, create better products, and empower people in all aspects of their business. Our people make all the difference in our success. Today, we are a global team of nearly 7,000 and our main objective is to create opportunities for our team members to explore, learn, and grow - all while seeing their ideas come to life and celebrating the differences that make us who we are and the work we do possible. Your Role We are looking for an enthusiastic candidate with outstanding talent to join the MCAD-QA team. Ideal candidates will have a passion for technology. You will be part of a fast-moving, experienced team using agile development processes to test world-class software product which will bring value to our customers. Key Responsibilities: Collaborate with cross-functional teams to understand customer requirements and ensure software quality. Develop and execute test plans, test cases, and test scripts. Identify, document, and track software defects. Perform various types of testing, including functional, regression, integration, and performance testing. Provide feedback and recommendations to improve software usability and functionality. Take an active role in evolving the product strategy and roadmap. Monitor and report on quality metrics. Perform Root Cause Analysis (RCA) to identify and resolve issues. Qualifications: 5+ years of experience in Creo. Strong understanding of customer requirements and problem-solving skills. Proficiency in various Creo modules. Detail-oriented with excellent analytical skills. Knowledge of testing methodologies. Location: Pune, India Preferred Qualifications: Experience or knowledge with in various modules of Creo. Experience or knowledge of modeling techniques. Any exposure to security testing - vulnerability assessment, and penetration testing in desktop environments will be an added advantage. Basic Qualifications: Bachelor s degree in Mechanical Engineering or equivalent technical experience Demonstrated success in product design and development Minimum 3 years in hands-on Design using Creo. Life at PTC is about more than working with today s most cutting-edge technologies to transform the physical world. It s about showing up as you are and working alongside some of today s most talented industry leaders to transform the world around you. If you share our passion for problem-solving through innovation, you ll likely become just as passionate about the PTC experience as we are. Are you ready to explore your next career move with us? We respect the privacy rights of individuals and are committed to handling Personal Information responsibly and in accordance with all applicable privacy and data protection laws. Review our Privacy Policy here ."

Role & responsibilities Web PT Roles & responsibilities Perform automated testing of running applications and static code (SAST, DAST). •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Experience in one or more of the following a plus: mobile application testing, Web application pen testing, application architecture and business logic analysis. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Role & responsibilities Manual Secure Code •Perform manual security code review against common programming languages (Java, CSharp). •Perform automated testing of running applications and static code (SAST, DAST). •Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications •Experience in one or more of the following a plus: mobile application testing, Web application pen testing, application architecture and business logic analysis. •Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. •Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Preferred candidate profile Perks and benefits

Work Locations: Hyderabad & Bangalore only (local candidates are required as the final round will be in-person) Minimum 4yrs of experience of SOC L2 is required for this position. JD: Work you'll do As a Fusion Level 2 Consultant you will support the Security Operations Center (SOC) as the first line of defense to identify potential information security incidents. Monitor client sources of potential security incidents, health alerts with monitored solutions and requests for information. This includes the monitoring of real-time channels or dashboards, periodic reports, email inboxes, helpdesk or other ticketing system, telephone calls, chat sessions. Follow client and incident-specific procedures to perform triage of potential security incidents to validate and determine needed mitigation. Escalate potential security incidents to client personnel, implements countermeasures in response to others, and recommend operational improvements. Keep accurate incident notes in case management system. Maintain awareness of the clients technology architecture, known weaknesses, the architecture of the security solutions used for monitoring, imminent and pervasive threats as identified by client threat intelligence, and recent security incidents. Provide advanced analysis of the results of the monitoring solutions, asses escalated outputs and alerts from Level 1 Analysts. Perform web hunting for new patterns/activities. Advise on content development and testing. Provide advice and guidance on the response action plans for information risk events and incidents based on incident type and severity. Ensure that all identified events are promptly validated and thoroughly investigated. Provide end-to-end event analysis, incident detection, and manage escalations using documented procedures. Devise and document new procedures and runbooks/playbooks as directed. Assist the Shift Leads and fulfill Shift Lead responsibilities in their absence. Maintain monthly Service Level Agreements (SLAs). Maintain compliance with processes, runbooks, templates and procedures-based experience and best practices. Assist Cyber Hunting team with advanced investigations as needed. Provide malware analysis (executables, scripts, documents) to determine indicators of compromise, and create signatures for future detection of similar samples. Continuously improve the service by identifying and correcting issues or gaps in knowledge (analysis procedures, plays, client network models), false positive tuning, identifying and recommending new or updated tools, content, countermeasures, scripts, plug-ins, etc. Perform peer reviews and consultations with Level 1 analysts regarding potential security incidents. Serve as a subject matter expert in at least one security-related area (e.g. specific malware solution, python programming, etc.) Actively seek self-improvement through continuous learning and pursuing advancement to a SOC Shift Lead. Provide shift status and metric reporting. Support weekly Operations calls. Adhere to internal operational security and other policies. Perform light project work as assigned. Required skills 4-6 years working in a SOC and/or strong security technology operations experience. Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent. Able to work shifts on a rotating basis for 24/7 support of clients. Experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc. Knowledge of Advanced Persistent Threats (APT) tactics , technics and procedures. Understanding of possible attack activities such as network probing / scanning, DDOS, malicious code activity , etc. Understanding of common network infrastructure devices such as routers and switches. Understanding of basic networking protocols such as TCP/IP, DNS, HTTP. Basic knowledge in system security architecture and security solutions. Preferred skills Excellent interpersonal and organizational skills. Excellent oral and written communication skills. Strong analytical and problem-solving skills. Self-motivated to improve knowledge and skills. A strong desire to understand the what as well as the why and the how of security incidents. Qualification Bachelors degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology.

Job Purpose This position is open with Bajaj finserv ltd. Duties and Responsibilities Ethical Hacking and Red Teaming Activity Discover and Mitigate Cyber Risks and exploitable vulnerabilities in the internet facing apps/assets Conduct Regular Vulnerability Assessment and Pen Testing of the applications Experience with latest web technologies, Android and iOS applications security Conduct regular Secure Code and Architecture Review Familiarity with malicious code identification and common hacker attack techniques Latest technology security- API, Microservices, RPA, IOT etc. Ensure Application Security Standard Assess Third Party Partner vulnerabilities and security risk Remediations, Closures Tracking, Reporting and Management of all Cyber Risks Engage with technology Teams and partners and business units in order to resolve identified vulnerabilities within acceptable timelines Design and deliver actionable Information Security dashboards and scorecards Work with partners in carrying out comprehensive VAPT assessment Advanced understanding with working experience collecting and tracking threat intelligence Experience working with tracking, communicating and prioritizing vulnerabilities and cyber threats to an enterprise wide organization Required Qualifications and Experience Engineering Graduate with 4-5 years of Information/Cyber Security Experience Relevant Security Certifications like CEH, ECSA etc. preferred Prior experience of Security Testing, OWASP Top 10 and application security Prior experience of Payment Testing, Mobile Applications and API Security testing Sound in latest application technologies and network attacks execution Good Written and Verbal Communication with Presentation Skills Good Team Player and sound in stakeholder management Threat Modelling, Cloud Security and WAF basics clarity DevOps/DevSecOps and Source Code security review experience is added boon Well versed with related tools and techniques of all the above

Attack & Penetration Testing As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity Were looking for Security Consultant / Senior Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Lead engagements from kickoff with clients through scoping engagements, penetration testing and reporting while adhering to the agreed scope and deadlines. Perform penetration testing which includes Network, web application, Mobile app (both Android & iOS), APIs Cloud Security, Thick Client application, wireless, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Perform technical quality reviews and conduct technical conversations directly with clients. Keep uptodate with the latest techniques and concepts. Confident with OWASP Top 10 and SANS Top 25 vulnerabilities and ability to effectively communicate methodologies and techniques with development teams Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, and Nessus for effective vulnerability assessment and penetration testing. Understanding and experience with Active Directory attacks. Stay up-to-date with the latest security threats, vulnerabilities, and best practices in vulnerability management. Knowledge of AI in Pentest, TCP/IP, OSI Layer, IPv4 & IPv6, Network Protocols and Wireless Communication skills preferred. Working knowledge with any scripting languages (e.g. Python, Perl, PHP, Ruby) to develop automated solutions that mitigate risks throughout the organization. Support SDLC and agile environments with application security testing and source code reviews. Serve as a mentor and guide to junior pen testers, sharing your knowledge, skills, and best practices to nurture their growth and development. Provide technical expertise and guidance to clients on remediation strategies and security best practices. Skills and attributes for success In-depth understanding of OWASP Top 10 vulnerabilities and their mitigation strategies. Good understanding of enterprise security controls in Active Directory / Windows environments Good to have knowledge in AI in pen test Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory and 802.1x penetration testing Strong understanding of security principles, policies, and industry best practices Proven ability to lead client engagements, build strong client relationships, and deliver exceptional results. Excellent communication and presentation skills, both written and verbal. Demonstrated thought leadership in the cybersecurity field through publications, speaking engagements, or contributions to industry forums. Exceptional problem-solving skills, strategic thinking, and the ability to influence and lead. To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Work experience in penetration testing which may include at least three of the following: Network, web application Mobile app (Android & iOS), Thick client, APIs, wireless, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, OSEP, OSWE, CREST, CRTE, eCPTX, or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 1-12 years of work experience in Strategy and Operations projects Team management skills are preferred. Conduct technical discussions and perform technical Quality reviews. Familiarity with OWASP methodologies and application security vulnerabilities. Exceptional ability to educate and guide application developers in security best practices. Excellent communication, presentation, and interpersonal skills. Strong Word, Excel and PowerPoint skills. Ideally, youll also have Project management skills Certifications: OSCP, OSCE, CRTP, CRTO, CISSP, GPEN, GWAPT. I have received your application for Attack & Penetration Testing role Are you still looking for a job change with EY? If yes, please fill the details below :- Name- Number- Email ID- Highest Qualification- College/University- Pass out year- Current organisation- Designation- Total years of experience- Relevant years into Penetration Testing/Pen Testing (Mandate)- Additional added advantage :- Experience in mobile application penetration testing- Experience in web api/ API security testing- Experience in security testing or penetration testing- Experience in network security testing/infra security testing- Experience in web application security testing- Current location- Preferred location- Current CTC- Expected CTC- Notice period- Kindly explain about your profile here- Please go through the JD and let me know if it is relevant-

The Cybersecurity Operations Manager will act as the primary point of contact and liaison for coordinating all cybersecurity-related operations within India. This role bridges the gap between local business partners, country-level stakeholders, and the broader security teams within the organization. The individual will ensure the effective implementation, monitoring, and enhancement of security measures, aligning local practices with the organizations overarching cybersecurity strategy. Is responsible for managing and optimizing the technology portfolio of enterprise data protection infrastructure, ensuring the reliability and efficiency of associated systems/services, and managing operations team. This role involves strategic planning, people management, project management, and collaboration with various departments to support business objectives. Is accountable for the performance and results of a team within own job family. Adapts business unit, department, site or sub-function plans and priorities to address resource and operational challenges. Decisions are guided by policies, procedures and business unit, department or sub-function plan; receives guidance from manager. Provides technical guidance to employees, colleagues, and/or customers Key Responsibilities: Stakeholder Coordination - Serve as the primary liaison between local business units, country leadership, and global security teams. - Facilitate communication and alignment of cybersecurity initiatives across various stakeholders. - Represent the organization in local and regional cybersecurity forums, meetings, and engagements. Operational Oversight - Manage and maintain the technology portfolio of enterprise data protection services. - Ensure regular maintenance and timely upgrades of systems & services to prevent downtime and enhance performance. - Lead and mentor the IT operations team, providing guidance and support to ensure high performance. - Plan and execute IT projects, ensuring they are completed on time and within budget. - Implement and monitor security measures to protect data and ensure compliance - Monitor system performance and troubleshoot issues to maintain optimal operation. - Manage relationships with IT vendors and service providers to ensure quality and cost-effective services. - Develop and manage the IT operations budget, ensuring efficient allocation of resources. - Total experience 10 to 15 Years. Reporting and Metrics - Provide regular reports & metrics on service operations The Enterprise Data Protection Operations Manager is responsible for managing and optimizing the technology portfolio of enterprise data protection infrastructure, ensuring the reliability and efficiency of associated systems/services, and managing operations team. This role involves strategic planning, people management, project management, and collaboration with various departments to support business objectives. Education: Bachelor's Degree

Role & responsibilities 1. Security Testing Conduct Static Application Security Testing (SAST) and Software Composition Analysis (SCA) Perform Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST) for deeper analysis of vulnerabilities during runtime Execute Mobile Application Security Testing and API Security Testing to safeguard against OWASP Security risks Ensure applications are resilient to real-world attack vectors 2. Vulnerability Management and Threat Mitigation Identify, prioritize, and remediate vulnerabilities through Vulnerability Assessments and Penetration Testing (VAPT) Identify and mitigate vulnerabilities aligned with the latest OWASP Top 10 risks, including Injection, Broken Access Control, and Insecure Design Assess and remediate vulnerabilities in accordance with OWASP Application Security Verification Standard (ASVS) Use Threat Modeling to predict, identify, and mitigate potential security threats early in the development lifecycle Provide detailed report analysis and assess the actual business and technical impact of security vulnerabilities Generate and analyze SAST reports, delivering actionable insights to technical and business stakeholders Implement and maintain robust vulnerability management processes 3. Cloud Security Secure cloud environments hosted on AWS and Azure, adhering to CIS Benchmarks and NIST Cybersecurity Framework standards Ensure data privacy and protection compliance with GDPR and HIPAA in cloud implementations Implement security controls and frameworks for cloud applications and infrastructure 4. Compliance and Regulations Ensure application and infrastructure compliance with standards such as PCI DSS, HIPAA, and GDPR Conduct regular assessments to align with SANS Top 25 Software Errors, NIST SP 800-53, and CIS Controls Support the creation of secure applications that meet industry compliance and regulatory requirements 5. DevSecOps Integration Embed security practices within the Secure Software Development Lifecycle (SDLC) by automating security checks and remediation Collaborate with DevOps teams to integrate security tools and testing into the CI/CD pipelines using Jenkins and Azure DevOps Automate security testing and monitoring to support agile development cycles 6. Security Architecture and Best Practices Design secure application architectures to address OWASP Top 10 risks and API-specific threats Advocate and enforce secure coding practices throughout the development teams Integrate OWASP ASVS principles and Threat Modeling to enhance application security Design and implement security architecture for web, mobile, and API applications 7. Leadership and Training Lead security assessments and mentor junior team members on secure application practices Conduct workshops and training sessions on OWASP Top 10, PCI DSS, Secure SDLC, and other key frameworks Act as a subject matter expert (SME ) in application security, fostering a culture of security awareness across the organization Required Skills and Qualifications 1. Technical Proficiency Legacy technologies: Java, .NET Modern technologies: React, Node.js, Python, PHP, Ruby/Rails, Angular, etc CMS experience with Magento-Adobe and Avocode 2. Cloud Skills Expertise with AWS and Azure cloud platforms 3. Security and Compliance Knowledge Strong understanding of OWASP Top 10, OWASP ASVS, PCI DSS, HIPAA, GDPR, CIS Benchmarks, and NIST Cybersecurity Frameworks Familiarity with SANS Top 25 Software Errors and their remediation strategies Knowledge of static compliance standards and security frameworks 4. Security Testing Expertise Proficiency in SAST, SCA, DAST, IAST, and penetration testing techniques Experience in Threat Modeling to proactively identify and mitigate risks Strong knowledge of VAPT, mobile, and API security testing 5. DevSecOps and SDLC Integration Expertise in implementing Secure Software Development Lifecycle (SDLC) practices Proficiency in integrating security tools with CI/CD pipelines using Jenkins and Azure DevOps 6. Soft Skills Excellent communication skills to bridge the gap between technical and business teams Strong leadership and collaboration skills Ability to articulate technical issues to both technical and non-technical audiences Preferred Certifications Certified Information Systems Security Professional (CISSP) Certified Ethical Hacker (CEH) GIAC Web Application Penetration Tester (GWAPT) AWS Certified Security -- Specialty Microsoft Certified: Azure Security Engineer Associate

Role: Infosec Lead Location: Noida, India www.SEW.ai Who We Are SEW, with its innovative and industry-leading cloud platforms, delivers the best Digital Customer Experiences (CX) and Workforce Experiences (WX), powered by AI, ML, and IoT Analytics to the global energy, water, and gas providers. At SEW, the vision is to Engage, Empower, and Educate billions of people to save energy and water. We partner with businesses to deliver platforms that are easy-to-use, integrate seamlessly, and help build a strong technology foundation that allows them to become future- ready. Searching for your dream job? We are a true global company that values building meaningful relationships and maintaining a passionate work environment while fostering innovation and creativity. At SEW, we firmly believe that each individual contributes to our success and in return, we provide opportunities from them to learn new skills and build a rewarding professional career. A Couple of Pointers We are the fastest growing company with over 420+ clients and 1550+ employees. Our clientele is based out in the USA, Europe, Canada, Australia, Asia Pacific, Middle East Our platforms engage millions of global users, and we keep adding millions every month. We have been awarded 150+ accolades to date. Our clients are continually awarded by industry analysts for implementing our award-winning product. We have been featured by Forbes, Wall Street Journal, LA Times for our continuous innovation and excellence in the industry. Who we are looking A successful Application Penetration Tester working at SEW should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, operating system functionality, application manipulation, vulnerability discovery, and analysis, as well as exploit development. This job requires strong critical thinking skills and an analytical mindset; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could involve penetration testing of both software and network to breach the security of a target system or reverse-engineering an application and encryption method to gain access to sensitive data. If you have experience performing penetration tests against web applications, mobile applications and can present your findings while demonstrating strong analytical skills, then youre the type of Penetration Tester were looking for. Requirements Perform penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and exploit vulnerabilities Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, etc. Detect, identify, and exploit vulnerabilities across various operating systems, applications, and hardware Develop comprehensive and accurate reports and presentations for both technical and executive audiences Effectively communicate findings and strategy to stakeholders Qualifications 5-8 years experience in: Web Application Assessments, Mobile Application Assessments Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, Kali Linux etc. Possess understanding of various penetration testing and hacking methodologies such as OWASP, PTES, NIST SP800-115 Source Code Review & Reverse Engineering Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification preferred Demonstrated experience in one or more computer programming and scripting languages such as Python, Bash, PHP, Java, C#, .NET, Swift, Kotlin, JavaScript, Perl, Ruby Reverse engineering malware, data obfuscators, or ciphers Experience with methodologies pertaining to both static and dynamic analysis for different application types and platforms Strong knowledge of tools used for application testing and testing of different platforms, including those used in both static and dynamic analysis Thorough understanding of network protocols, data on the wire, application design and architecture, and different classes of application security flaws Computer science degree preferred.

Job Title: Vulnerability Assessment and Penetration Testing (VAPT) Specialist Job Type: Full-time Location : Chennai only Key Responsibilities: Vulnerability Assessment: Perform vulnerability scans and assessments using industry-standard tools and frameworks. Analyze scan results to identify potential security risks, including configuration flaws, software vulnerabilities, and other potential weaknesses. Prioritize vulnerabilities based on risk analysis and collaborate with other teams to remediate issues. Penetration Testing: Conduct penetration tests (ethical hacking) on web applications, networks, and infrastructure to simulate real-world attacks and identify potential vulnerabilities. Perform manual and automated testing techniques to assess the effectiveness of existing security measures. Provide detailed technical analysis and reports on findings, including proof of concept for vulnerabilities and suggested mitigation strategies. Collaborate with the development and IT teams to assist in identifying weaknesses and remediating them. Security Assessments: Assist in conducting risk assessments and threat modeling to identify high-priority areas that require penetration testing. Evaluate security controls and recommend improvements to enhance overall system security. Keep track of the latest security vulnerabilities, exploit techniques, and penetration testing methodologies. Reporting & Documentation: Document findings and deliver comprehensive vulnerability assessment and penetration testing reports to both technical and non-technical stakeholders. Provide remediation guidance and work with relevant teams to develop strategies for patching vulnerabilities and improving security measures. Maintain an up-to-date record of identified vulnerabilities and mitigation efforts. Required Skills & Qualifications: Bachelors degree in information security, Computer Science, or related field (or equivalent work experience). Proven experience in vulnerability assessments, penetration testing, or ethical hacking. Strong knowledge of penetration testing tools (e.g., Metasploit, Burp Suite, Nmap, Nessus, Wireshark, etc.). Understanding of common web application vulnerabilities (e.g., SQL injection, cross-site scripting, etc.) and how to exploit and mitigate them. Experience with network security protocols and services (e.g., TCP/IP, DNS, HTTP, VPN, firewall configurations). Proficiency in scripting and automation using languages such as Python, Bash, or PowerShell to assist in penetration testing. Strong understanding of security frameworks (e.g., OWASP, NIST, ISO 27001). Familiarity with compliance requirements such as GDPR, PCI-DSS, and HIPAA. Preferred Qualifications: Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), or GIAC Penetration Tester (GPEN). Hands-on experience with web application, mobile application, API and network-based penetration testing. Familiarity with cloud platforms (e.g., AWS, Azure) and their security features. Experience with source code review or application security assessments. Please share the resumes to "priyanga.govindharaj@aspiresys.com"

Why Choose Bottomline? Are you ready to transform the way businesses pay and get paid? Bottomline is a global leader in business payments and cash management, with over 35 years of experience and moving more than $16 trillion in payments annually. Were looking for passionate individuals to join our team and help drive impactful results for our customers. If youre dedicated to delighting customers and promoting growth and innovation - we want you on our team! Job Summary As an Application Security Analyst, you will play a key role in maintaining our exceptionally high application security standards, established to protect Bottomline s products and services. This role reports to the Head of Product Security and is responsible for supporting Product teams in our on-going work to identify, assess and mitigate security risks associated with application development and deployment. Essential Functions and Responsibilities: Perform secure code assessments (SAST, DAST, SCA) on applications to identify vulnerabilities and weaknesses. Partner with Penetration Testing team to design and execute effective threat modeling on key products and services. Collaborate with Development teams to identify and quantify application security risks, and develop mitigation plans to promote secure coding practices and compliance with key security controls. Security Governance - work closely with Development teams, Security Architecture and GRC teams to ensure products are built and maintained in accordance with the required security patterns Information Security Polices and Standards - Partner with the information security GRC team to influence continuous enhancements to information security polices and standards. Required Experience & Qualifications 3+ years of experience in Application Security Bachelor s degree in Computer Science, Information Security, or a related field. Proven experience in application security, penetration testing and application vulnerability assessments. Strong understanding of secure coding practices, software development lifecycle (SDLC) and application security frameworks. Knowledge of security tools and technologies such as OWASP, SAST, DAST and SCA Excellent problem-solving skills and attention to detail Strong communication and collaboration skills to work effectively with cross-functional teams. Preferred Experience & Qualifications Cyber certifications (e.g., CISM, CISSP, CEH, GSEC, CASP+, CEH) or equivalent Note: This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the position. We welcome talent at all career stages and are dedicated to understanding and supporting additional needs. Were proud to be an equal opportunity employer, committed to creating an inclusive and open environment for everyone.

Location: Pan-India (Any Infosys Office location ) Job Type: Full-time Experience: 3+ years Job Description: We are seeking an experienced Cloud Security Engineer to join our team. The successful candidate will have a strong background in cloud security, with expertise in designing, implementing, and managing secure cloud architectures. Responsibilities: - Design and implement secure cloud architectures for AWS, Azure, and Google Cloud - Develop and enforce cloud security policies, procedures, and standards - Conduct cloud security risk assessments and penetration testing - Implement cloud security controls, such as firewalls, intrusion detection systems, and encryption - Monitor and analyze cloud security logs and incident response - Collaborate with cross-functional teams to ensure cloud security is integrated into all aspects of the organization - Stay up-to-date with cloud security trends, threats, and technologies Requirements: - 3+ years of experience in cloud security engineering - Strong knowledge of cloud security architectures, including AWS, Azure, and Google Cloud - Experience with cloud security controls, such as firewalls, intrusion detection systems, and encryption - Strong understanding of cloud security risk management and compliance frameworks (e.g. HIPAA, PCI-DSS, GDPR) - Experience with cloud security monitoring and incident response tools (e.g. CloudWatch, CloudTrail) - Strong problem-solving skills and attention to detail - Excellent communication and collaboration skills - Bachelors degree in Computer Science, Engineering, or a related field Nice to Have: - Certifications in cloud security, such as AWS Certified Security - Specialty or Microsoft Certified: Azure Security Engineer Associate - Experience with cloud security automation tools (e.g. Ansible, Terraform) - Knowledge of containerization using Docker - Experience with DevOps tools (e.g. Jenkins, GitLab CI/CD)

Minimum 6 years of exprience Penetration testing, API testing Primary Skills - Manual penetration testing is mandatory Manual source code/source code review is mandatory Role & responsibilities Expert-level experience and knowledge in the following areas: Authentication and security protocols. Application session management. Applied cryptography. Common communication protocols. Mobile frameworks. Single sign-on technologies. Development frameworks (Angular, React, etc.). Exploit automation platforms. Knowledge of a Structured Query Language. Developer experience or coding background (nice-to-have).

Role Overview We are seeking an experienced Dynamics CRM Developer to join our team of Dynamics 365 specialists. This role will be a great fit for those who demonstrate technical proficiency, problem-solving skills, and who enjoy collaborating with cross-functional teams to design and deliver high-quality solutions. Responsibilities Designing, architecting, and implementing scalable Dynamics CRM solutions tailored to client requirements. Configuring and customising Dynamics CRM forms, views, dashboards, and entities to meet the client needs. Maintaining, testing and troubleshooting to resolve issues within the Dynamics CRM environment. Performing thorough testing of customisations, configurations, and integrations to ensure high-quality deliverables. Creating, packaging and deploying solutions to environments (e.g dev, test and prod) with minimal disruption to business operations. About you Skilled in customisation, configuration, and development, with hands-on experience in Power Platform (e.g., Power Apps, Power Automate, Power BI, Power Virtual Agents). Proficient in creating custom plugins, scripts, and workflows using C#, JavaScript, and other relevant technologies. Experienced in integrating Dynamics CRM with external systems and third-party applications (e.g., REST, SOAP, Azure Services). Experienced in developing and customizing Power Pages for external-facing solutions. Adept at designing, architecting, and implementing scalable Dynamics CRM solutions tailored to business requirements. Strong ability to engage with stakeholders, translate business needs, analyze complex requirements, design effective technical solutions, and excel in troubleshooting and debugging. Familiar with ALM best practices, including source control (e.g., Git, Azure DevOps), automated deployments, release pipelines, and environment management. Capable of working both independently and collaboratively within an Agile/Scrum team. Knowledge and experience of the following would be advantageous: M365, particularly SharePoint Online Business Central Proficient in Liquid templating language AI and automation capabilities within Dynamics 365 and Power Platform Previous experience in a consultancy or client-facing role What we look for in our people Strong alignment with FSP values and ethos Commitment to teamwork, quality and mutual success Proactivity with an ability to operate with pace and energy Strong communication and interpersonal skills Dedication to excellence and quality Who are FSP Founded in 2012, FSP Consulting Services (FSP) are a leading enterprise-level digital evolution and cyber security consultancy. We enable peak performance, cultural cohesion and business growth through technology by adopting a comprehensive approach to strategy and creating viable, sustainable, and resilient digital futures for organisations and their teams. At the heart of everything we do is our unwavering commitment to the evolution of organisations and their people. We work in partnership with our clients, helping them to become responsive, engaged and supremely equipped for a successful future, blending high-quality business and technology delivery with a dedication to exceptional client experience. Behind this commitment is a dedicated employee-first strategy, built around our organisation s core values. We are proud to be a multi award-winning workplace, most notably recognised by Best Companies as #1 Best Company To Work For in the UK, Tech and the South East in 2023. We are ISO27001 and ISO9001 Certified by UKAS. We are also a CREST approved penetration testing and SOC company, IASME Cyber Essentials Certification body and Cyber Essentials Plus certified. Find out more about our awards here: https://fsp.co/about-fsp/ Why work for FSP At FSP, we are committed to providing: A collaborative and supportive environment in which you can grow and develop your career The tools and opportunity to do work you can be proud of A chance to work alongside some of the best people in the industry, who always seek to share their knowledge and experience Hybrid working - we empower you to make smart choices about when and where to work to achieve great results Industry leading coaching and mentoring Competitive salary and an excellent benefits package Equal and Fair Opportunity FSP is an equal opportunity employer and we welcome applications from all suitable candidates. We consider all applicants for employment regardless of age, disability, sexual orientation, gender identity, family or parental status, race, colour, nationality, ethnic or national origin, religion or belief. Research suggests that applicants from underrepresented groups are less likely to apply for roles if they do not precisely meet requirements, or if they felt there were clear barriers as to who should apply. If you are excited about a potential role with us but are concerned that you may not be a perfect fit, please do apply, as you may be the ideal candidate for this role or for a different vacancy within FSP. We endeavour to always provide fair opportunity for applicants to showcase themselves in the best way possible during any interviews or meetings. If you require any adjustments for a call or in-person meeting, please let us know.

Major Objectives of the Job: Execute Security Testing Assessments Vulnerability Assessment and Penetration Testing ( systems, networks, web-based and mobile) Forensics Redteaming Secure Code Review (SAST, DAST) Secure Config Review (Cloud, On-Premise) Ensure high standards in security testing methodologies and adherence to client requirements. Produce accurate, detailed, and actionable security assessment reports, including vulnerability findings and remediation recommendations for customers Ensure the timeliness of report delivery and manage the review process for technical findings and report quality. Keep up-to-date with the latest security trends, tools, and technologies, and proactively enhance personal expertise. Qualification: Exp VA/PT 3+ years Network/Programming Exp 1+ years kills: Scripting Programming skills Java, php, python, Javascript or .Net technologies Database concepts and query execution Good understanding of network protocols

We are looking for a vuln mgmt. expert. Look at the JD and help us with excellent candidates for interview. Job Description: Manage the regular scanning of Marvell s infrastructure and applications to detect vulnerabilities. Collaborate with IT, Engineering, and Product teams to prioritize vulnerability remediation efforts based on risk and business impact. Prepare and present detailed reports on vulnerability findings, remediation progress, and program effectiveness to senior management and relevant stakeholders. Stay abreast of the latest security threats, trends, and technologies to continuously enhance Marvell s security posture. Collaborate with cross-functional teams to ensure the timely and effective identification and remediation of security vulnerabilities in software, firmware, and hardware products. Conduct regular vulnerability assessments and penetration testing to identify weaknesses and potential threats to Marvells systems and networks. Work closely with external partners and vendors to ensure that security measures are effectively integrated into Marvell s products and services. What Were Looking For Bachelors degree in Computer Science, Information Security, or related field. Masters degree preferred. 8+ years of experience in cybersecurity, with a focus on vulnerability management and penetration testing. In-depth knowledge of common security vulnerabilities, attack vectors, and mitigation techniques. Experience with vulnerability scanning tools such as, Qualys, CrowdStrike Tenable, Rapid7 or similar. Well verse with Qualys Query Language (QQL) Strong understanding of network protocols, operating systems, and software development processes. Industry certifications such as CISSP, CEH, or OSCP are highly desirable. Excellent communication and interpersonal skills, with the ability to effectively collaborate with technical and non-technical stakeholders. Strong analytical and problem-solving abilities, with a keen attention to detail.

Rockwell Automation is a global technology leader focused on helping the world s manufacturers be more productive, sustainable, and agile. With more than 28,000 employees who make the world better every day, we know we have something special. Behind our customers - amazing companies that help feed the world, provide life-saving medicine on a global scale, and focus on clean water and green mobility - our people are energized problem solvers that take pride in how the work we do changes the world for the better. We welcome all makers, forward thinkers, and problem solvers who are looking for a place to do their best work. And if that s you we would love to have you join us! Job Description Role - Platform security engineer Reports to Manager Position Summary: We are seeking a experienced Staff Security Software Engineer to lead and strengthen our software security practices across the development lifecycle. You will design, implement, and maintain security measures to protect our software systems from threats. You will collaborate with software engineers, product teams, and security experts to embed security into the development process and ensure that our applications meet the highest standards of safety and compliance. Responsibilities: Lead the design and development of security features and tools that protect our software products from security vulnerabilities and cyber threats. Develop proof-of-concept, conduct threat modelling, security design and code reviews, and vulnerability assessments to identify and mitigate potential risks to meet the security requirements of the product. Establish a timeline and estimate the resources needed to execute a design. Consider tradeoffs between requirements, speed, cost and vulnerability in the choice of a design approach. Provide progress reports, as needed. Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC). Develop and maintain automated security testing frameworks and tools to continuously monitor and enhance the security of our software. Implement secure coding practices and ensure adherence to security guidelines and standards. Lead incident response activities related to software vulnerabilities, security breaches, and other security incidents. Provide mentorship and technical leadership to engineering teams on security-related topics. Stay informed of emerging security threats, vulnerabilities, and the latest security technologies. Perform security audits, risk assessments, and relevant testing to ensure compliance with regulatory and security requirements. Create and maintain documentation for security practices, tools, and configurations. Think outside the box and be willing to research and explore new avenues to by utilizing the latest technologies and standards. Communicate and convey design concepts, both verbally and in writing. Understanding of Complex control system concepts. Qualifications: Bachelors degree in computer science, Computer Engineering, Cybersecurity, or equivalent 10+ Years of experience in a software product development with a focus on product security Strong knowledge of security principles, encryption algorithms, authentication methods, and secure coding practices. Proficiency in C/C++ or Kotlin/Java and knowledge of secure coding techniques Hands-on experience with security frameworks and tools such as OWASP, SAST, DAST, or similar Understanding of network security, authentication protocols (OAuth, SAML, etc.), and key management Strong problem-solving skills and attention to detail in identifying and addressing security risks 3 years of experience as technical lead in a medium-sized team Other Qualifications: Experience with vulnerability scanning tools, penetration testing, and threat modelling Strong knowledge of RTOS (QNX) and interaction between RTOS and user applications, such as linking and loading Familiarity with security in cloud environments (AWS, Azure, Google Cloud) and modern technologies (microservices, containers, Kubernetes) Direct experience with the Industrial Automation industry will be an advantage Direct experience collaborating with local and global technical development teams Excellent interpersonal, verbal and written communication skills Benefits: The ability to collaborate with, learn from colleagues in a complex, global organisation. We provide a working environment with a creative company, paired with a great compensation package, great benefits, and a supportive atmosphere where you can sharpen with new challenges and development opportunities. Hybrid work-from-home and at a determined Rockwell Automation facility. Corporate Social Responsibility opportunities, Support from our 24/7 employee assistance program. Primary work location: Pune, India. We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.At Rockwell Automation we are dedicated to building a diverse, inclusive and authentic workplace, so if youre excited about this role but your experience doesnt align perfectly with every qualification in the job description, we encourage you to apply anyway. You may be just the right person for this or other roles. #LI-Hybrid #LI-NB1 Rockwell Automation s hybrid policy aligns that employees are expected to work at a Rockwell location at least Mondays, Tuesdays, and Thursdays unless they have a business obligation out of the office.

Job Description in brief including Roles Responsibilities : 1. To perform Vulnerability Assessment and Penetration Testing of Network and Infrastructure 2. Client interaction 3. perform rescan post confirmation on the fixes 4. Followup with the relevant stakeholders on the remediation of open vulnerabilities Mandatory Skills required for the role: VAPT of Network and Infrastructure Good understanding of Networking, Operating system, and security concepts Good written and spoken communication skills Ability to do report walkthrough with relevant stakeholders Hands-on experience with Nessus, Qualysguard, nmap and Kali Linux tools Optional Skills for the role: Firewall rule review Segmentation Testing

Roles and Responsibilities: 1. To perform Web and Mobile Application and API Penetration testing 2. To perform Secure code review 3. Client interaction 4. perform retest post confirmation on the fixes 45 Followup with the relevant stakeholders on the remediation of open vulnerabilities Mandatory Skills required for the role: Web, API and Mobile Penetration Testing Good understanding of OWASP methodology, ASVS and other checklists Good written and spoken communication skills Ability to do report walkthrough with relevant stakeholders Hands-on experience with Burp suite pro, SQLmap, Kali Linux tools Optional Skills for the role: Thick client App PT

Senior Security Analyst (L2): A technical security engineer is responsible for ensuring the security of an organizations information technology systems, networks, and data. Their primary focus is on implementing, managing, and maintaining security measures to protect against cyber threats and vulnerabilities. Responsibility: Security Architecture Design : Designing and implementing secure network architectures, systems, and applications. This involves selecting appropriate security technologies, protocols, and best practices to ensure data confidentiality, integrity, and availability. Firewall and Intrusion Detection/Prevention Systems (IDS/IPS): Configuring and managing firewalls and intrusion detection/prevention systems to monitor and block unauthorized access attempts and malicious activities. Security Software Deployment and Configuration : Installing, configuring, and maintaining security software such as antivirus, anti-malware, and endpoint protection tools to safeguard systems from malware and other threats. Security Patch Managemen t: Regularly applying security patches and updates to software, operating systems, and applications to address known vulnerabilities and weaknesses. Security Incident Response : Developing and implementing incident response plans to effectively address and mitigate security breaches and cyber incidents. This involves identifying the root cause of incidents and taking appropriate actions to prevent future occurrences. Security Audits and Compliance : Conducting security audits and assessments to ensure compliance with industry regulations and standards (such as GDPR, HIPAA, PCI DSS), as well as internal security policies. Network Security : Implementing network security controls such as network segmentation, access controls, and encryption to protect sensitive data and prevent unauthorized access. Authentication and Authorization : Configuring and managing authentication mechanisms (like multi-factor authentication) and authorization controls to ensure that only authorized personnel can access systems and data. Security Monitoring and Incident Detection : Setting up monitoring tools to detect and respond to unusual or suspicious activities on the network. This includes log analysis and SIEM (Security Information and Event Management) solutions. Security Training and Awareness: Providing training and education to employees about security best practices, social engineering awareness, and safe online behavior. Security Documentation : Creating and maintaining documentation related to security configurations, processes, and incident response plans. Penetration Testing : Conducting or coordinating penetration tests and vulnerability assessments to identify potential weaknesses in systems and networks. Collaboration : Working closely with other IT teams, developers, and management to integrate security practices into all stages of system development and deployment. Research and Keeping Up to Date : Staying current with the latest security threats, vulnerabilities, and industry trends to continually enhance security strategies. Working Experience on below listed Solutions: Worked on Solutions Brand Protection Anti APT Solution Web Inspect Network Access Control Solution Vulnerability Management Digital Rights Management IT Security GRC Host Intrusion Prevention System Solution API Management Endpoint Encryption Firewall Analyzer Solution MDM Decoy (Honey Pot Solution) DDoS Data Leakage Prevention Solution Vsphere Standard Educational Qualifications Certifications: Minimum educational qualification: Graduation in engineering or equivalent and Minimum 4 years of experience in the field of network and security OR Graduate and Minimum 5 years of experience in the field of network and security Should be proficient in network technology and Microsoft OS Should be proficient with proposed solutions Should be proficient with Firewalls, Windows Active directory, Enterprise Anti-Virus Solution, Patch Management Solutions, and proposed solutions.

Position in this function within the Enterprise Security and Resilience Office (ESRO) we are the first-line defense against securing the largest healthcare company in the world against security threats. We are focused on transformation by strengthening our cyber defenses, ransomware resiliency, mitigating vulnerabilities, and better securing all aspects of our company, globally. We are vigilant and passionate about protecting the sensitive data of our members and providers and are committed to leveraging every tool, partnership and process needed to enhance our security posture. It is our duty to protect the information of those we serve and help fulfill our mission of making the health care system work better for everyone. Primary Responsibilities: This position serves as an all-hazards incident commander, with a focus on responsibility for the overall leadership of large and complex cyber incidents. This position is expected to lead events to resolution as quickly and completely as possible, managing the resources, plans, and communications involved in that resolution. Effective management is key to limiting the disruption caused by an incident and restoring normal business operations as quickly as possible. This position will work closely with senior leaders from response teams across the enterprise to assure effective coordination and resolution of incident response. This position will help develop and maintain Global Crisis Management cyber response plans and processes to assure efficient and coordinated response to events and maintain a continuous improvement process to keep the program aligned with company goals and strategies, and to align with industry standards and best practices. As an all-hazards leader, this role will lead other major non-technology incidents as needed. Position will lead and participate in exercises to test plans and processes as outline in the multi-year training and exercise plan. Incident Preparation: sets up communication channels, invites the appropriate people into those channels during an incident, and trains team members on best practices for not only incident management, but also communication during an incident Decision Making: quickly assesses an incident and makes decisions about what to do, which team members are needed, and what actions come next at every stage of the resolution process Delegation: delegates tasks to appropriate teams and know when to expand the team by pulling in additional developers, communication experts, etc. Oversight: oversees the response and resolution process from start to finish, asks the right questions, gets regular status reports from each team member, and prioritizes next steps Team Alignment: oversees communication and makes sure everyone is on the same page; keeps conversations focused and brief to minimize time to resolution Escalation and Resource Management: escalates issues to more senior or specialized resources and/or brings in additional resources to speed up resolution After-Action: creates documents where teams can share their thoughts, plans after-action meetings, and makes recommendations on how to prevent or reduce the impact of future incidents As a leader on the Global Crisis Management team, incumbent will be part of the all-hazards response team with response duties outside of cyber events. 24x7 on-call support Required Qualifications: 5+ years of technical, hands-on experience in one or more cyber security domains - security operations, forensics, incident response, IAM, pen testing, red teaming, hunt, cyber intelligence, etc. 5+ years of responsibility for planning, development, and maintenance of cyber and/or all-hazard response plans 3+ years of experience leading significant cyber-security and/or all-hazards incidents. 3+ years of experience developing and facilitating exercises, and conducting after-action reviews 3+ years of experience interfacing with senior executives Proven solid communication: ability to communicate ideas clearly and concisely Problem-solving: Proven to identify and solve complex problems in high-pressure situations; ability to think critically and creatively to come up with practical solutions Decision-making: Proven to weigh the pros and cons of different options and quickly make confident decisions; ability to make decisions with limited information Listening and synthesis: Proven to efficiently seek out and understand different perspectives; use that information to make better decisions Leadership: Proven to take command in high-stress situations; inspire and motivate the team, while also providing clear guidance and direction; prioritize tasks based on their urgency Preferred Qualifications: Demonstrated high-level knowledge of incident management best practices and systems Demonstrated understanding of risk management, mitigation, and incident response Demonstrated experience communicating with senior management and executives.