Job ID: 197283 Required Travel :Minimal Managerial - Yes Location: :India- Pune (Amdocs Site) Who are we Amdocs helps those who build the future to make it amazing. With our market-leading portfolio of software products and services, we unlock our customers innovative potential, empowering them to provide next-generation communication and media experiences for both the individual end user and enterprise customers. Our approximately 30,000 employees around the globe are here to accelerate service providers migration to the cloud, enable them to differentiate in the 5G era, and digitalize and automate their operations. Listed on the NASDAQ Global Select Market, Amdocs had revenue of $4.89 billion in fiscal 2023. In one sentence The Information Security Lead develops, maintains, and publishes required information security standards, procedures, and guidelines per domain of responsibility. Responsible for conceiving and executing forward-looking security systems or processes design, implements programs for user awareness, compliance monitoring, security controls design and implementation. What will your job look like You will maintain the organization's information security effectiveness and efficiency by defining and leading the implementation of security approaches, standards and procedures supporting strategic plans and directions You will lead teams to resolve Information Security challenges. Provide the information security requirements for cross-organization projects and accompany the implementation of the requirements. Utilize deep information security understanding to support internal and external business-related activities, formulate IS solutions based on technical and business requirements. Maintain a detailed knowledge of IS solutions and present them to our customers. You will lead unit level initiatives and ensure competency to meet the needs of the team/ Amdocs /Customers. You will design solutions and formulate response to RFx, create POC/demos, and present IS solutions to customers/corporate stakeholders. Utilize deep technical knowledge of IS products and services to align appropriate solutions based on client need. You will lead and manage Information Security Projects, including (as required) budget and resources, customer relationships, timelines, deliverables, quality and overall management. You will recommend information technology strategies, policies, and procedures by evaluating the organization's outcomes, identifying problems, evaluating trends, and anticipating requirements. You will keep updated with emerging security threats and alerts; conduct research on emerging products, services, protocols, and standards in support of security enhancement and development efforts; collaborate with other cyber threat researchers. You will be accountable for meeting quality objectives, adherence to best practices, quality processes, and methodologies; lead continuous improvement via Root Cause Analysis, Lessons Learned, and Prevention processes; Track quality KPIs and continuously improve quality and measurements. You will promote clarity and alignment with ongoing, effective communication to the project team regarding the unit s goals and status, project matters, companywide changes, special initiative status, etc.; Strive for strong and healthy working relationships within the team. You will provide technical guidance and training to information owners, other security managers, and IT associates. Information Security Manager functions include: You will lead, manage and mentor teams in specific domains such as risk assessment, cyber technologies, corporate security, PMI, SOC, Penetration testing, security operations, etc. You will attract, develop and retain talent to build and maintain strong, effective and competent teams, and ensure the enhancement of their knowledge. Coach and empower the team and foster an environment that encourages teamwork based on motivation and inspiration. Responsible for HR processes such as recruitment, onboarding, definition of clear goals and objectives, ongoing performance management and feedback, career development, and growth of the team and its members. Manage day to day employee relations. 12. Information Security Expert functions include: You will be the technical expert and leader of certain domains such as IT, Application and GRC. All you need is... 1. 6-7 years of experience in the information security management ecosystem 2. Familiarity with industry standards and frameworks, such as NIST, CIS, ISO 27001, and GDPR. 3. Strong understanding of security best practices, including, vulnerability management, system hardening, patch management, and secure coding. 4. Proven experience working with security tools such as CrowdStrike, InsightVM, Tripwire, WIZ etc. 5. Experience with cloud security platforms (AWS, Azure) and native security services 6. Knowledge of network security principles & solutions, including IAM, firewalls, IDS/IPS, and secure network design. 7. Good team player - an advantage 8. Ability to scale up - for cross-domain security tools Why you will love this job: You will have the influence on many of the security teams in Amdocs and therefor the whole company You will bring the innovation into security teams in Amdocs You will have the independence to design the role as you think and like Amdocs is an equal opportunity employer. We welcome applicants from all backgrounds and are committed to fostering a diverse and inclusive workforce

Hiring for Security Test Engineer at Bangalore location Role: Security Test Engineer Exp: 2 - 7 Years Job location: Bangalore Notice Period: Immediate joiners only - Must Work Mode: Hybrid Interview Mode: 2 rounds ( Virtual & F2F round is Must ) Direct Responsibilities: To perform Penetration testing (Gray Box and/or Black Box), for Web applications, Thick Client, API, and mobile applications. Understand and deep knowledge of application security engineering principles to follow secure development practices which includes secure build processes, secure code review, security testing. Understanding of the security tools in DevOps Processes Knowledge of one or more scripting languages for automation Collaborate with the developers to help them understand the vulnerabilities reported in application. Contributing Responsibilities To understand the applications security requirements and identify & document the scope of the test. Ensure execution of the documented security scenarios for the application under test. Document and report all findings. Escalate issues to the local management and onshore stakeholders in case it affects the testing progress. Ensure processes for the project is followed for the assessments. Help review peer's work and mentor junior members in the team. Technical & Behavioral Competencies: Clear understanding of OWASP Top 10 - application security risks Tools/OS: Burp Suite, OWASP ZAP, Kali Linux Manual Security Testing & Analysis, Security Test Designing Excellent Interpersonal and presentation skills Strong in verbal and written communication Good analytical skills Strong Time Management Must be flexible, independent, self-motivated. Team Player Interested candidates can share your updated profile to premkumar.m@kiya.ai

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will be responsible for defining the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve documenting the implementation of cloud security controls and transitioning to cloud security-managed operations. You will play a crucial role in safeguarding our organization's digital assets and ensuring the security of our cloud infrastructure. Roles & Responsibilities: Expected to be an SME, collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Develop and maintain the cloud security framework and architecture. Ensure that the cloud security controls are implemented effectively. Collaborate with cross-functional teams to define and implement security policies and procedures. Conduct regular security assessments and audits to identify vulnerabilities and recommend remediation measures. Professional & Technical Skills: Must To Have Skills:Proficiency in Security Architecture Design. Strong understanding of cloud security principles and best practices. Experience in designing and implementing security controls for cloud environments. Knowledge of industry standards and regulations related to cloud security. Experience with cloud security tools and technologies. Good To Have Skills:Experience with network security and infrastructure design. Additional Information: The candidate should have a minimum of 7.5 years of experience in Security Architecture Design. This position is based at our Mumbai office. A 15 years full time education is required. Qualifications 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : SailPoint IdentityIQ Good to have skills : NA Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities: Expected to be an SME Collaborate and manage the team to perform Responsible for team decisions Engage with multiple teams and contribute on key decisions Expected to provide solutions to problems that apply across multiple teams Develop and implement security solutions for cloud environments Conduct security assessments and audits to identify vulnerabilities Provide guidance on security best practices for cloud deployments Professional & Technical Skills: Must To Have Skills: Proficiency in SailPoint IdentityIQ Strong understanding of cloud security principles Experience with implementing security controls in cloud environments Knowledge of industry standards and regulations related to cloud security Hands-on experience with security tools and technologies Additional Information: The candidate should have a minimum of 12 years of experience in SailPoint IdentityIQ This position is based at our Bengaluru office A 15 years full time education is required Qualification 15 years full time education

Senior Security Consultant (Thick Application Penetration Tester) NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. NetSPI secures the most trusted brands on Earth through Penetration Testing as a Service (PTaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS). Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI brings a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. NetSPI is on an exciting growth journey as we disrupt and improve the proactive security market. We are looking for individuals with a collaborative, innovative, and customer-first mindset to join our team. Learn more about our award-winning workplace culture and get to know our A-Team at www.netspi.com/careers. Join the mission as a Senior Security Consultant. We are seeking a skilled expert and detail-oriented Penetration Tester to conduct thorough security assessments, identify vulnerabilities, and provide expert recommendations to strengthen our clients' security posture. As a Penetration Tester supporting Thick Applications, you will be responsible for performing Thick and Web Application Testing, while working closely with clients to deliver clear, actionable reports and contribute to the development of security best practices. Responsibilities : Conduct engagements independently and provide technical oversight on: Thick Application Penetration Testing Includes Web Application Penetration (WaPen) testing. Occasionally includes Mobile (MaPen) and IOT/embedded penetration testing. Review reports for accuracy in technical oversight, perform weekly QA oversight, and provide mentoring support to others Create, deliver, and collaborate on penetration testing reports in diverse client environments, maintaining client-specific processes, reporting standards, and access protocols to help improve their security posture Research and develop innovative techniques, tools, and methodologies for penetration testing services, alongside commitment to improvement and execution on NetSPI specific products and processes Participate in development, implementation, and oversight of testing, delivery, and management strategies for key client accounts Research and develop innovative techniques, tools, and methodologies for penetration testing services. Perform administrative tasks related to day-to-day consulting activities to ensure smooth business and engagement operations. Minimum Qualifications : Bachelors degree or higher, with a focus on IT, Computer Science, Engineering or Math or equivalent experience Minimum of 5+ years of work experience in Thick Application Penetration Testing for applications written in managed (e.g. Java, C#, etc.) and unmanaged (e.g. C, C++, Swift, Rust, etc.) code Includes experience with offensive toolkits used in web application penetration testing. Experience with disassemblers and debuggers Examples include WinDbg, IDA, Ghidra, gdb and lldb. Experience with dynamic instrumentation toolkits Examples include Frida. Familiarity with offensive tools, based on applicable skillset (e.g., Kali Linux, Burp Suite, Metasploit, Nessus) Familiarity with offensive and defensive IT concepts and protocols Extensive understanding of the OWASP Top 10, MITRE ATT&CK framework, and various security frameworks. Working knowledge of Windows, Linux and MacOS operating systems internals Experience mentoring or coaching to growing team members, while sharing knowledge externally through blogs, hosting webinars, or presenting at conferences Ability to work independently and as part of a team Proficient communication skills, both written and verbal This position requires an 8-hour workday, with occasional evenings or weekends necessary to meet project deadlines or critical needs Preferred Qualifications: Ability to provide technical and QA oversight on Thick Application service line. Experience in one or more of the following programming or scripting languages (e.g., Ruby, Python, Perl, C, C++, Java, and C#) Experience performing fuzz testing. The ability to reverse engineer proprietary application layer protocols. Experience with IOT/embedded penetration testing. Offensive Security Certifications (e.g., GXPN, GPEN, OSCP, GWAPT) We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status or any other characteristic protected by law.

Primary Skills: 10+ years in penetration testing, 4+ years in stakeholder management, attack surface management tool (Crowdstrike Falcon, Darktrace, Qualsys etc) Job details: Lead and plan attack surface detection for NAB group Provide direction for NAB in usage of Attack surface scanning Promote the usage of ASM scanning

Roles and Responsibilities Greetings from GRM Technologies!!! Providing support in IT and Cyber Risk Advisory services offered by GRM Technologies to its clients in the following domains- Information regulatory compliance (ISO 27001, PCIDSS, RBI, SEBI, SOC1, SOC2, PCI DSS, HITRUST, GDPR) Information risk management Information security and information assurance Information technology controls for financial and other systems Identifying processes and technologies to maintain and enhance the security architecture Disaster recovery and business continuity management Information privacy Have a fair understanding of Business Continuity Planning and DR Drills Should have conducted Information Life Cycle management reviews in the past Conducting Infrastructure Vulnerability Assessment and Penetration Testing Conducting Web and Mobile Application Security Assessment Conducting Secure Code Review Conducting Architecture Review Should have minimum 2-5 yrs. of experience into Cyber Security, including IT Risk, Cyber Risk & Compliance, IT Audit, Vendor Audit, VAPT, Application Security, Fraud Risk & Security. Knowledge of information security standards, principles and practices required Perform risk assessment, controls and documentation with expected standards (information technology/ business process) Conduct Infrastructure Vulnerability Assessment and Penetration Testing Conduct Web Application Security Assessment Conduct Mobile Application Security Assessment Conduct Source Code Review Perform SOX compliance audits, SOC 1 and SOC 2 audits, as well as testing and reporting Perform control testing pertaining to operating systems, data base (Windows, Unix, Oracle, MSSQL, DB2) Should be able to test basic and automated ERP ITGC controls (SAP, Oracle, etc.) Ability to draft BCP/ DR policy and carry out testing of plan and procedures would be preferable Ability to adapt to new scope areas and technologies Bring in vertical expertise in at least two verticals like BFSI, manufacturing, or more Ability to manage client communication and escalation Ability to make all attempts to guide the peers and self to improve client satisfaction scores Participate in proposal preparation Understanding of risk Appreciation for technological innovation Strong organization skills Curiosity and eagerness to learn Initiative to seek out opportunities and add value Tolerance for ambiguity and shifting priorities; appreciation of change. Should have certification on CCNA / CCNP / ITIL Exposure into ISO 27001 is mandate

At CGM, the leading provider of software solutions in the healthcare sector, we are looking for a skilled Ethical Hacker (m/f/d) to join our growing cybersecurity team. We believe in innovation, teamwork, and the power of technology to drive change. With our vision that "No one should suffer or die because at some point medical information was missing", we aim to create a culture that contributes positively to the future of our healthcare system. You are a proactive problem-solver with a passion for cybersecurity and the desire to make a real difference! Join us on this exciting journey! Your contribution: Conduct penetration testing on applications, networks, and systems to identify vulnerabilities and provide actionable recommendations for improvement. Simulate real-world attacks and collaborate with IT and security teams to develop effective remediation strategies. Prepare detailed reports of findings, including risk assessments, and conduct security awareness training for staff to promote a culture of cybersecurity. Stay updated on the latest security threats and participate in incident response activities and forensic analysis in the event of a security breach. Maintain compliance with security policies, legal regulations, and industry best practices to ensure a robust cybersecurity framework.\ What you bring: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, along with proven experience as an ethical hacker (m/f/d) or penetration tester (m/f/d) (HackerOne or Integrity Score preferred) Relevant certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information System Security Professional (CISSP) Proficiency in security testing tools (e.g. Metasploit, Wireshark, Burp Suite, Nmap) and strong knowledge of networking protocols, operating systems, and web applications. Experience with thick client penetration testing, along with programming or scripting skills (e.g. Python, Java, Bash) as an advantage Willingness to train and obtain certification in cloud penetration testing, combined with excellent analytical, problem-solving, and communication skills (German and English) to convey technical information to non-technical audiences What you can expect: Mobile Work: Work flexibly two days a week remotely and three days on-site. Attractive locations: Our offices feature fully equipped workspaces completed by regular events, including summer gatherings and Christmas parties. Health: We value health highly. Our in-house cafeteria offers a selection of delicious and healthy meals every day. Personal Development: Our in-house academy and portfolio of external partners support your professional growth. Diversity is part of CGM! We welcome your application regardless of disability, gender, nationality, ethnic and social origin, religion, age or sexual orientation and identity. Convinced? Apply now with your comprehensive documents (including your certificates, salary expectations, and earliest possible start date).

Bachelor s degree in computer science, Information Security, orrelated field 7+ years of experience in security engineering, cloud security, or compliance Strong knowledge of cloud security concepts, principles, and practices Familiarity with cloud security best practices and frameworks (e.g., CISv8, NIST, ISO, CSA) Experience in creating and maintaining security documentation, such as policies, standards, procedures, and guidelines. Experience with tool sets relevant to modern cloud operations like SIEM, WAF, vulnerability scans, pen tests, CIS benchmarking, etc. Working knowledge of OWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensating controls. Knowledge of Web/API security architecture common authentication and authorization technologies (OIDC, OAuth2, Spring Security, HMAC, WS-Security, WS-Trust). Solid understanding of applied cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography etc.). Ability to translate complex technical concepts into clear and concise language for diverse audiences and Attention to detail with quality assurance. Hands-on experience with security tools, frameworks for cloud platforms (e.g., AWS, Azure, GCP) and technologies (e.g., firewalls, encryption, identity and access management, vulnerability scanning, penetration testing) Experience with security standards and regulations for cloud environments (e.g., ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR) Experience with scripting languages (e.g., Python, Bash, PowerShell) Excellent communication, collaboration, and problem-solving skills Certifications in cloud security or compliance (e.g., AWS Certified Security Specialty, Azure Security Engineer, CCSK, CCSP) are Mandatory. Basic Requirements - Effective verbal and non-verbal communication skills at all levels of the organization - Leadership teamwork and collaboration - Discretion - Problem solving - Critical Thinking - Self-initiated/sufficient - Motivated

Job Description: Experience 13 Yrs + Lead, engage and motivate VAPT/DevSecOps team members to deliver business objectives. Implement and enforce Vulnerability Management Tool, processes and procedures across Kmart and Target on premise and Cloud to have better visibility and remediation metrics. Improve Penetration testing skills and services for better visibility and to meet an objective of NIST CSF 4.0. Ensuring that the organizations data and infrastructure are protected by enabling the appropriate security controls, Understanding of AWS and Cloud security controls Participating in the change management process with ownership of Cyber Security Changes. Testing and identifying network and system vulnerabilities with the help of Internal/External partners. Implement security checks (SAST, SCA, secret scanning) in Developers IDE andCICD. Practical working experience with various IDE and CICDs (Eclipse, Visual studio, IntelliJ,Jenkins, Github actions, circleCI, Buildkite etc) Experience with Snyk and Prisma Cloud or relevant tool is a plus. Knowledge on AWS cloud native security tools Daily administrative tasks, reporting, and communication with the relevant departments in the organization, ability to convert complex technical requirements into simpler terms . Knowledge of applications, databases, operating systems, middleware to address security threats against the same. A place you can belong We celebrate the rich diversity of the communities in which we operate and are committed to creating inclusive and safe environments where all our team members can contribute and succeed. We believe that all team members should feel valued, respected, and safe irrespective of your gender, ethnicity, indigeneity, religious beliefs, education, age, disability, family responsibilities, sexual orientation and gender identity and we encourage applications from all candidates.

Take on a crucial role where youll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the worlds largest and most influential companies. As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity Tech controls team , you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions. Job responsibilities Executes creative security solutions, design, development, and technical troubleshooting with the ability to think beyond routine or conventional approaches to build solutions and break down technical problems Develops secure and high-quality production code and reviews and debugs code written by others Minimizes security vulnerabilities by following industry insights and governmental regulations to continuously evolve security protocols, including creating processes to determine the effectiveness of current controls Works with stakeholders and business leaders to understand security needs and recommend business modifications during periods of vulnerability Conducts discovery, vulnerability, penetration testing, and threat scenarios on multiple organizational assets to identify and assess if vulnerabilities are present, and executes threat modeling for multiple applications including external applications interacting with the internal JPMorgan Chase network Adds to team culture of diversity, equity, inclusion, and respect Required qualifications, capabilities, and skills Formal training or certification on security engineering concepts and 5+ years applied experience Skilled in planning, designing, and implementing enterprise level security solutions Advanced in one or more programming languages Proficient in all aspects of the Software Development Life Cycle Advanced understanding of agile methodologies such as CI/CD, Application Resiliency, and Security Experience with threat modeling, discovery, vulnerability, and penetration testing In-depth knowledge of the financial services industry and their IT systems Preferred qualifications, capabilities, and skills Experience effectively communicating with senior business leaders

So, what’s t he r ole all about? As a member of the Cloud Security team, a successful Cloud Security Analyst will need to be self-sufficient to collaborate effectively with multiple teams, such as Application Support, Infrastructure Operations, DevOps, Product R&D, Security teams, customers and 3 rd party auditors. This role will hold the responsibility of understanding the Cloud security policies, procedures, practices and technologies and documenting them appropriately as well as demonstrating to auditors and customers the excellent Cloud Security at NICE. A successful candidate in this role will be able to work in production cloud environments to collect and curate evidence and explain it to anyone who asks for it. Experience with Governance, Risk and Compliance (GRC) is a big plus! How will you make an impact? You will directly impact the success of the NICE cloud business by ensuring all customer and auditory security requirements are met and demonstrated. A diverse, merit-driven work environment which rewards a growth mindset and encourages innovation and continued professional development; The opportunity to work in a global, highly skilled, passionate workforce to deliver world-class service and products to market. Competitive pay and excellent benefits. Generous PTO policies. A highly focused security & compliance team which is collaborative, supportive, experienced, and driven to help everyone from the individual to enterprise to our customers realize the success for which they aim. Have you got what it takes? 1-2 years of experience with Information Security & Compliance or GRC University-level degree in InfoSec, Computer Science or other related field. knowledge with major compliance frameworks such as PCI, ISO 27001/17, SOC 2, HITRUST, GDPR. A burning curiosity to learn as much as you can about the NICE cloud environment and the services and products we offer our customers as well as the existing security infrastructure we have in place today; Excellent communications skills along to work collaboratively with security team members and operations and development teams or independently to achieve tactical and strategic security goals; Strong organization and prioritization skills; Education, training or experience with security and compliance fundamentals; Experience working with work tracking tools such as JIRA, Service Now or others. What’s in it for you? Join an ever-growing, market disrupting, global company where the teams – comprised of the best of the best – work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr! Enjoy NICE-FLEX! At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere. Requisition ID: 7117 Reporting into: Technical Manager Role Type: Individual Contributor

Greetings from Peoplefy Infosolutions !!! We are hiring for one of our reputed MNC client based in Pune . We are looking for candidates with 3 + years of experience in below skills - Primary skills : Ethical Hacking Penetration Testing Software development Cyber forensics or threat hunting Application security Secure coding Burp suite, OWASP, OWASP ZAP Interested candidates for above position kindly share your CVs on asha.ch@peoplefy.com with below details - Experience : CTC : Expected CTC : Notice Period : Location :

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Skills: Vulnerability Assessment,Penetration Testing,Manual Penetration Testing using OWASP checklists,Static/dynamic testing of mobile applications,OWASP Top 10 Roles and Responsibility: Roles and responsibility: Perform Web Application Security Assessment, API Security Assessment, Mobile Application Security Assessment & Thick Client Security Assessment. Report Preparation etc. Thanks and Regards, Ankita Ghosh

Key Responsibilities • Coordinate and ensure that PenTests are conducted on schedule. • Work with Technical Security Consultants to get an approved pen test scope in place. • Collaborate with third-party penetration testers to facilitate the testing process. • Drive post-test remediation efforts to address identified vulnerabilities. • Develop and produce monthly Key Performance Indicator (KPI) and Key Risk Indicator (KRI) decks. • Work with the Risk team to log unresolved vulnerabilities as risks. • Communicate effectively with business stakeholders to manage expectations and provide updates. • Maintain comprehensive documentation of PenTest activities and outcomes. • Identify and mitigate potential risks associated with the PenTest process. • Stay updated with the latest trends and best practices in the security industry. • Provide support and expertise to improve the overall PenTest process and outcomes. Qualifications and Experience • 7-10 years of experience in the security industry. • Strong understanding of the end-to-end PenTest process. • Experience in business stakeholder management. • Familiarity with coordinating with third-party vendors and managing external relationships. • Proficiency in developing KPI and KRI reports. • Excellent communication and interpersonal skills. • Strong organizational and time-management abilities. • Detail-oriented with a focus on continuous improvement. • Ability to work independently and as part of a team. • Certifications such as CISSP, CEH, or equivalent are a plus.

Job description Penetration Tester Position Overview: At Experian, we recognize the need for vigilant cybersecurity to safeguard our systems and data. As such, we are seeking a Penetration Tester to fortify our defenses and ensure our digital assets remain secure. Role Definition: The Penetration Tester is an essential part of our cybersecurity team, responsible for identifying vulnerabilities within our digital infrastructure. By simulating cyber-attacks and assessing our systems, this role plays a fundamental part in highlighting potential security threats and strengthening our defenses. Scope of Work: Infrastructure Assessment: The Penetration Tester will analyze a variety of systems within Experian, spanning from external-facing applications to internal networks or cloud environments, ensuring all potential vectors of attack are considered. Regular Deliverables: Meeting targets is crucial. Delivering a minimum workload per month is a clear metric of productivity, yet its vital this doesnt come at the expense of the assessments depth or quality. Strategic Testing: Under the guidance of senior team members, the Penetration Tester will work to determine which systems to test, based on current risk assessments and business needs. Standards Adherence: While conducting tests, its essential to follow industry best practices and our in-house SOPs, ensuring consistent and rigorous assessments. Skill Development: Continual learning is encouraged. While proficiency in basic scripting and understanding of various environments is required, there will be opportunities to expand on these skills and learn new techniques. Clear Communication: The ability to relay findings, both to the cybersecurity team and potentially to broader stakeholders, is essential. Clear, concise reporting ensures swift action can be taken on any vulnerabilities found. Team Collaboration: Being a valuable team player is vital. While the Penetration Tester will work on individual projects, collaboration, sharing insights, and integrating feedback are all crucial aspects of the role. Value Proposition: The Penetration Tester, while being an individual contributor, is a foundational pillar in Experians overarching cybersecurity strategy. This role ensures our systems are resilient against potential threats and provides peace of mind that our digital operations can continue unhindered by external threats. Roles and Responsibilities: Deliver above the minimum required workload per month without compromising on the quality of assessment. Deliver penetration tests on both business-critical applications and infrastructure to support the organizations information security risk management program. Ensure tests are prioritized based on business and compliance requirements, such as compliance due date, requested date and feedback from the application team. Guarantee engagements are fully compliant of our standard operating procedures and service level agreement timelines. Proficient at scripting and automating exploits in language of choice Make consistent efforts to upskill and learn new testing standards. Understand and clearly communicate potential vulnerabilities and their associated risk level, remediation steps and/or mitigating controls with business stakeholders. Research and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding and encryption. Participate in regular Teach-the-team sessions to share the knowledge with team members. Complete assigned training and certification per agreed timeline Attend and contribute during engagements scoping calls. About Experian Experience and Skills Qualifications 2+ years experience in a Penetration Testing position Experience in planning and executing penetration tests/red team exercises against web applications, containers, APIs, network devices, databases, operating systems, and various cloud technologies. Infrastructure penetration testing while most of the time focused on assessing cloud environments, both public and private ones. Preferred certifications are listed as follows OSWA, OSCP, CPSA, CWAT, Pen Test+, CPENT, GPEN, AWS Security Specialty or similar certifications. Additional Information Our uniqueness is that we celebrate yours. Experians culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering... the list goes on. Experians people first approach is award-winning; Worlds Best Workplaces 2024 (Fortune Top 25), Great Place To Work in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site to understand why. Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experians DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. Experian Careers - Creating a better tomorrow together Find out what its like to work for Experian by clicking here

> Role Purpose The purpose of this role is to analyse, identify, rectify recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT

> Role Purpose The purpose of this role is to analyse, identify, rectify recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT

> Role Purpose The purpose of this role is to analyse, identify, rectify recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Privilege Password Management CyberArk. Experience: 5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA??s (90-95%), response time and resolution time TAT Mandatory Skills: Archer. Experience: 5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Azure B2X Security. Experience: 3-5 Years.

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it , our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage an d passion to drive life-changing impact to ZS. Our most valuable asset is our people . At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about. Information Security Project Specialist ZS’s India Capability & Expertise Center (CEC) houses more than 60% of ZS people across three offices in New Delhi, Pune and Bengaluru. Our teams work with colleagues across North America, Europe and East Asia to create and deliver real world solutions to the clients who drive our business. The CEC maintains standards of analytical, operational and technological excellence across our capability groups. Together, our collective knowledge enables each ZS team to deliver superior results to our clients. What You’ll Do Executes the end-to-end management of security projectsincluding resource management, communications, training requirements, change management and budget (if applicable). Estimate the resources and participants needed to achieve project goals. Reviews and recommends changes, reductions or additions to the overall project Acts as the liaison between InfoSec and end-users when applicable Maintains the efficiency of the project management process such as planning, scheduling, and budget and risk assessment. Identifies and mitigates potential risks Work with cross-functional teams and staff of all levels, including assisting in the development, training and assignment of work/projects to team members reporting to others; Works well within a structured environment in which team members can work together as an efficient team. What You’ll Bring Bachelor’s Degree required. 7 - 10 years of relevant work experience, including Information Security, project management (5+ years), and team management. PMP-PMI certification desired, or completion within a year of assuming the position. Agile certification desired, or completion within a year of assuming the position. Security+ or equivalent certification desired, or completion within a year of assuming the position. (CISM- Certified Information Security Manager, CompTIA Security+, Etc ) Project plan development experience, including charter, scope, project management approach, management plans, statement of work, cost estimates, schedule. Excellent communication (written and oral) and interpersonal skills; ability to interface and influence all levels within the organization, including facilitation, consulting, negotiation, and presentation. Excellent project management and coordination skills working with multiple stakeholders across several technology platforms and business areas Strong technical skills and experience. The ideal candidate has lead projects relating to Information Security deliveries or migrations (Vulnerability Management, Identity and access management, Cloud Strategy & Governance, Data Security, Enterprise Risk Management, Asset Management, Security awareness & training) Project plan and budget management. Knowledge of project management best practices, Experience identifying and mediating risk. Perks & Benefits: ZS offers a comprehensive total rewards package including health and well-being, financial planning, annual leave, personal growth and professional development. Our robust skills development programs, multiple career progression options and internal mobility paths and collaborative culture empowers you to thrive as an individual and global team member. We are committed to giving our employees a flexible and connected way of working. A flexible and connected ZS allows us to combine work from home and on-site presence at clients/ZS offices for the majority of our week. The magic of ZS culture and innovation thrives in both planned and spontaneous face-to-face connections. Travel: Travel is a requirement at ZS for client facing ZSers; business needs of your project and client are the priority. While some projects may be local, all client-facing ZSers should be prepared to travel as needed. Travel provides opportunities to strengthen client relationships, gain diverse experiences, and enhance professional growth by working in different environments and cultures. Considering applying At ZS, we're building a diverse and inclusive company where people bring their passions to inspire life-changing impact and deliver better outcomes for all. We are most interested in finding the best candidate for the job and recognize the value that candidates with all backgrounds, including non-traditional ones, bring. If you are interested in joining us, we encourage you to apply even if you don't meet 100% of the requirements listed above. ZS is an equal opportunity employer and is committed to providing equal employment and advancement opportunities without regard to any class protected by applicable law. To Complete Your Application: Candidates must possess or be able to obtain work authorization for their intended country of employment.An on-line application, including a full set of transcripts (official or unofficial), is required to be considered. NO AGENCY CALLS, PLEASE. Find Out More At www.zs.com

Daily assessment of vulnerabilities identified by infrastructure scan Evaluate rate and perform risk assessments on assets Prioritizing vulnerabilities discovered along with remediation timeline s Work with associated teams to explain vulnerabilities and remediation steps as required Maintain knowledge of the threat landscape Create reports and provide analysis on vulnerabilities for technical teams and leadership Skill Required Knowledge of application network and operating system security Experience with vulnerability and patch assessment Linux and windows experience Good understanding of Windows and Linux patching Knowledge of vulnerability scoring systems CVSS CMSS Experience on vulnerability scanning tools Excellent writing and presentation skills are required in order to communicate findings and status Primary Skills VMDR Policy Compliance Qualys Tenable Nessus Rapid7 Secondary Skills Excellent writing and presentation skills are required in order to communicate findings and statusCleary communicate priorities and escalation points procedures to other team members Detail oriented organized methodical follow up skills with an analytical thought process Experience performing dynamic scans static scans and penetration testing Development experienceProject management experience Innovative and efficiency focused Track trends and configure systems as required to reduce false positives from true events

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver / No. / Performance Parameter / Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA??s (90-95%), response time and resolution time TAT Mandatory Skills: Saviynt. Experience: 5-8 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver / No. / Performance Parameter / Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Privilege Password Management CyberArk. Experience: 3-5 Years.