668 Qualys Jobs

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Senior Associate Vulnerability Assessment Specialist is a developing subject matter expert, responsible for conducting vulnerability assessments, analyzing findings, and providing expert recommendations to mitigate security risks within the organization's systems and infrastructure. This role requires collaboration with cross-functional teams, and performs vulnerability assessments, analyzes findings, and provides recommendations to mitigate security risks. Key responsibilities: Conducts vulnerability scans using automated tools and manual techniques to identify vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and determine the severity, exploitability, and potential impact of identified vulnerabilities. Assesses the potential risks associated with identified vulnerabilities. Collaborates with system owners, administrators, and IT teams to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Conducts advanced vulnerability assessments, including application security assessments, penetration testing, and code review, to identify complex vulnerabilities and security weaknesses. Utilizes manual testing techniques and industry-standard methodologies. Utilizes and manages vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Configures and fine-tunes scan policies and parameters to enhance assessment accuracy and coverage. Prepares comprehensive vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Participates in security awareness programs and provide training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Foster a culture of security awareness within the organization. Participates in incident response efforts related to vulnerabilities, collaborate with cross-functional teams, and contribute to post-incident analysis. Identifies root causes, provide recommendations for improvement, and drive preventive measures. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, collaboration, and alignment on vulnerability management goals. Builds relationships and influence stakeholders to drive remediation efforts. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Performs any other related task as required. To thrive in this role, you need to have: Understanding of vulnerability assessment methodologies, tools, and industry best practices. Good understanding of networking concepts, operating systems, and common software vulnerabilities. Proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Strong knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Good written and verbal communication skills to prepare comprehensive reports and communicate technical information to diverse stakeholders. Familiarity with security frameworks, standards, and regulatory compliance requirements. Ability to collaborate and work effectively with stakeholders and cross-functional teams. Academic qualifications and certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or GIAC Certified Web Application Penetration Tester (GWAPT) are beneficial. Required experience: Moderate level of relevant experience in information security or related roles, with a focus on conducting vulnerability assessments and driving remediation efforts. Moderate level of demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, penetration testing, or code review Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today.

You’ll be Responsible for? Implement, configure, and maintain infrastructure and monitoring tools across on-prem Data Centers (Servers, Networks, Storage, Firewalls) and hybrid Cloud (Azure/AWS). Work closely with Security, Network, Server, and Cloud teams to strengthen overall IT infrastructure posture and align tool deployments with organizational policies. Deploy and manage enterprise monitoring platforms (SolarWinds, Grafana, NTT data) for proactive visibility and alerting. Assist in implementing server/network baselines, access controls, and integrations with Security platforms. Deploy and maintain vulnerability scanning tools (Qualys, Nessus, Rapid7) and coordinate with teams for patch compliance. Implement and maintain Privileged Access Management (PAM) tools such as CyberArk for critical server and network infrastructure. Configure and manage enterprise Antivirus/Endpoint Protection solutions and integrate with monitoring dashboards. Support firewall and network tool integrations, including rule-set monitoring, configuration backups, and device health checks. Provide logs, metrics, and dashboards during incident response and RCA, working alongside Security teams. Maintain documentation, runbooks, and SOPs for tool configurations, integrations, and operational procedures. Assist in automation and AIOps for tool deployment, alert correlation, and reporting. You’d have? Bachelor’s degree in computer science, Information Technology, or a related field. 6 to 10 years of hands-on experience in IT Infrastructure (Servers, Networks, Storage) with a focus on tool implementation and monitoring. Practical exposure to CyberArk PAM deployments, enterprise Antivirus/Endpoint Protection platforms, and integration with DC and server environments. Hands-on experience with vulnerability scanning platforms (Qualys, Nessus, Rapid7) and remediation workflows. Familiarity with any of the Antivirus tools like Microsoft Defender for Servers, Defender for Cloud, Azure Sentinel, and AWS GuardDuty/Security Hub. Experience with Windows/Linux servers, VMware/Hyper-V virtualization, enterprise network devices, and storage systems. Understanding of network infrastructure tools (NetFlow analyzers, Wireshark, Cisco Prime, SNMP-based monitoring). Exposure to firewall platforms (Palo Alto, Fortinet, Cisco ASA) and ability to collaborate with network teams for tool alignment. Scripting/automation skills in PowerShell, Python, or Ansible for tool deployment and reporting automation. Ability to collaborate effectively with cross-functional teams for securing and monitoring enterprise infrastructure. Preferred Certifications: Tool-Focused: SolarWinds Certified Professional, Qualys/Nessus, CyberArk Defender/Trustee, Microsoft Defender Certifications. Cloud & Hybrid: Azure Security Engineer Associate / Administrator, AWS Security Specialty. Infrastructure: Data Center Certifications (Cisco CCNA/CCNP DC), Server/Storage (MCSE, VMware VCP-DCV, Dell EMC, HPE). Network: CCNA/CCNP (Routing & Switching or Security), Firewall vendor certs (Palo Alto, Fortinet). Foundational: CompTIA Security+, ITIL v4 Foundation. Tools & Technologies (Preferred Knowledge): Monitoring: SolarWinds, PRTG, Zabbix, Nagios, Azure Monitor Security & PAM: CyberArk, Microsoft Defender, Azure Sentinel, AWS GuardDuty Scanning: Qualys, Nessus, Rapid7 Antivirus/EDR: Symantec, CrowdStrike, Trend Micro, Microsoft Defender ATP Network: Cisco Prime, NetFlow analyzers, Wireshark, SNMP tools Automation: PowerShell, Ansible, Python Why join us? Impactful Work : Play a pivotal role in safeguarding Tanla's assets, data, and reputation in the industry. Tremendous Growth Opportunities : Be part of a rapidly growing company in the telecom and CPaaS space, with opportunities for professional development. Innovative Environment: Work alongside a world-class team in a challenging and fun environment, where innovation is celebrated. Tanla is an equal opportunity employer. We champion diversity and are committed to creating an inclusive environment for all employees. www.tanla.com

Our technology services client is seeking multiple System Administrator to join their team on a contract basis. These positions offer a strong potential for conversion to full-time employment upon completion of the initial contract period. Below are further details about the role: Role: System Administrator Experience: 1.5 - 3 Years Location: Chennai, Kolkata Notice Period: Immediate- 15 Days Mandatory Skills: VMware , Onpremise, Windows, VMare Configuration Job Description: Maintenance, Administration, Configuration, Monitoring and Troubleshooting of Windows 2012 / 2016 / 2019 / 2025 Servers. VMware vSphere Infrastructure - Installation, configuration, troubleshooting of VMware ESXi servers, Virtual appliance, vCenter, ESXI host upgrade and patching. Creating and managing VMware cluster, Enabling HA, and DRS features in a cluster. Configuration of Virtual switches, port groups and network connections Creating and managing standard templates and keeping them update. Deploying VMs from template and allocates resources as per client requirements. Security hardening of VMs and Esxi servers for security compliance. Performing snapshots, cloning, migrations of VMs Vulnerability Management - Assist in providing support and resolution for the Critical/High open vulnerabilities on Windows/ VMware Servers. Providing support to mitigate external Vulnerabilities reported by KPMG team. Coordinate with Server Owners to fix Application related vulnerabilities with the defined SLA. Providing support to raise a risk on insight360 portal for servers which have surpassed the SLA. Data Centre Operations - Installation, Configuration, Monitoring and Troubleshooting of physical servers like DELL PowerEdge, HP ProLiant, Cisco UCS servers. Coordination with OEM/Partners Technical Support Team to resolve problems. Support for Windows Defender, SOC SIEM, BigFix, Qualys, CIS CAT, SolarWinds team for installation, configuration, upgradation and troubleshooting of applications. Coordination with Backup team, Database and Network team to resolve problems. Incident and RITM Management - Work on Incidents, RITM raised for Server OS issue, backup failure, access management, performance alerts etc. Change Management – Work on Change Requests for Commission of new servers, Decommission, Operating system upgradation, IP change Activity, virtual machine CPU/Memory/Disk upgradation and others. Installation of monthly windows security updates for the on-prem windows servers. If you are interested, share the updated resume to rajesh.s@s3staff.com

Join our team as a Security Analyst in India, where you will play a crucial role in assessing, triaging, and proactively responding to security-related threats, incidents, and events. You will be tasked with defending our assets, information, and systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction. By collaborating with internal and external stakeholders, including third-party suppliers, you will ensure that incident response, user access, alert monitoring, root cause analysis, and scenario planning activities are carried out in accordance with standard operating procedures and to a high standard. This role is available at the associate vice president level. In this role, you will work across various domains, stakeholders, and specialists to anticipate and identify security events, incidents, and trends that could impact the bank, our customers, employees, or assets adversely. Your responsibilities will include contributing to security operations, conducting root cause analysis on security incidents, providing training and scenario planning, preparing reports and briefings, and developing response plans, procedures, and playbooks to enhance response capability. Moreover, you will proactively manage risks to achieve key security-related customer and compliance outcomes, participate in security operations such as production support, incident response, and on-call rotations, maintain security response processes, and ensure the delivery of security-related services align with expectations. Act swiftly in responding to customer queries and complaints, establish feedback loops to enhance service and response, and analyze large volumes of data to identify trends and causal factors. We are seeking an individual with a strong passion for cloud security and automation utilizing Agile and DevOps methodologies and promoting a shift-left culture that integrates security analysis into each CI/CD stage. The ideal candidate will have experience with Azure Cloud and security stack, including Defender, Azure Sentinel, and Azure Security Centre, automated security assessments, third-party security tools integration, and compliance standards like PCI-DSS. Additionally, you should possess expertise in security controls, the ability to communicate technical issues to various stakeholders, experience in penetration testing and vulnerability management, and an understanding of Agile methodologies gained through working in an Agile team.,

You are a detail-oriented and proactive Vulnerability Management Subject Matter Expert (SME) with over 5 years of experience in Vulnerability Management. Your primary responsibility is to identify, analyze, and mitigate security vulnerabilities to enhance the security posture of the organization. Your key responsibilities include performing vulnerability assessments using tools such as Microsoft Defender and Qualys to identify and analyze potential security risks. You will monitor alerts and incidents from security tools, ensuring prompt identification and remediation of vulnerabilities. Managing the entire vulnerability management lifecycle, including detection, prioritization, remediation, and reporting, is also a crucial part of your role. Collaborating with network and system administrators to deploy patches and security fixes, conducting network security assessments, and assisting in identifying, testing, and applying fixes for vulnerabilities within the organization are essential tasks. You will communicate security findings and risk assessments to technical teams and non-technical stakeholders, ensuring compliance with organizational security policies and industry standards. Your role involves generating comprehensive reports for management, highlighting critical vulnerabilities and mitigation actions, and utilizing Power BI for effective vulnerability reporting and data visualization. It is imperative to stay updated with industry trends, security vulnerabilities, and patch management practices to continuously improve security measures. Must-Have Skills: - Strong experience in Vulnerability Management (5+ years) - Solid knowledge of vulnerability management processes and tools - Hands-on experience with vulnerability assessments and risk analysis - Basic understanding of network fundamentals (TCP/IP, DNS, VPNs, etc.) - Ability to manage the full vulnerability management lifecycle - Strong communication skills to convey technical findings to diverse stakeholders Good-to-Have Skills: - Familiarity with Qualys or other vulnerability management tools - Experience with Power BI for data reporting and visualization - Experience with patch management and security remediation practices,

As a Security Testing professional with 3-10 years of experience in SAST, DAST, API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, you will be an integral part of the Infosys delivery team. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities, aiming to meet and exceed client expectations in the technology domain. Your role will involve gathering requirements and specifications to deeply understand client needs, subsequently translating them into system requirements. You will also play a crucial part in estimating work requirements accurately to provide project estimations to Technology Leads and Project Managers. Your contribution will be significant in the development of efficient programs and systems. If you believe you possess the necessary skills and expertise to assist our clients in navigating their digital transformation journey, then this opportunity is tailored for you! This job opening is available at multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Associate Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary : We are seeking a highly skilled and experienced Cybersecurity/Risk Consulting Senior Associate to join our Risk Consulting team. As a Cybersecurity Senior Associate, you will be responsible for leading and managing a team of consultants to deliver high-quality cybersecurity and risk management services to our clients. Responsibilities: Key Responsibilities: Good interpersonal skills (written and oral communication) and ability to articulate complex issues Ability to communicate technical information clearly and concisely, commensurate with the audience Conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates. Good communicator (written and verbal) and listener. Must be a team player and motivated self-starter with ability to work independently with limited supervision. Must be assertive, methodical and detail oriented Technical Experience: Experience in Web and Mobile Application Security Testing, Vulnerability Assessment and Penetration testing Analyze scan reports and suggest remediation / mitigation plan for security vulnerabilities Should be aware of tools like Qualys, HP Fortify, IBM Appscan, Burpsuite, Kali Linux suite of tools Expertise in mobile apps reverse engineering and in-depth knowledge of Android and iOS ecosystems. Knowledge of industry standard tools for mobile pentest. Thorough understanding of OWASP Top 10 vulnerabilities and their mitigations. Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Conduct penetration test and launch exploits using Nessus, Metaspoilt, kali linux penetration testing distribution tools sets Conduct Vulnerability Assessments of Network Devices using various open source and commercial tools Map out a network, discover ports and services running on the different exposed network and security devices Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption. In-depth understanding on Common Vulnerability Exposure (CVE)/ CERT advisory database. Broad background of networks, operating systems (Window, Unix, Linux), firewalls and security engineering concepts. Knowledge of scripting languages (Perl, Python, Shell etc) will be added advantage Knowledge of Open-Source Security Testing Methodology Manual (OSSTMM) Mandatory skill sets: CEH, ECSA, LPT (any one) Preferred skill sets: OSCP, OSWE Years of experience required: 1-10 Years Education qualification: B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills Vulnerability Assessments Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Azure Data Factory, Communication, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture, Security Compliance Management, Security Control, Security Incident Management, Security Monitoring {+ 3 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

Key Responsibilities: Lead the design and implementation of ServiceNow SecOps modules: Security Incident Response (SIR) Vulnerability Response (VR) Threat Intelligence (TI) Security Case Management Integrate ServiceNow SecOps with external security tools like Splunk, Qualys, Tenable, CrowdStrike, Palo Alto, etc. Develop custom applications, workflows, and automation using Flow Designer, Business Rules, Script Includes, and REST/SOAP APIs. Collaborate with InfoSec teams to translate business needs into technical requirements. Conduct requirements gathering, gap analysis, and solution architecture sessions. Drive automation of security processes using Security Orchestration, Automation, and Response (SOAR) capabilities. Develop and maintain dashboards and reporting for Security KPIs and SLAs. Ensure platform stability, performance optimization, and adherence to governance policies. Provide technical leadership, mentoring, and best practices guidance to junior team members. Support UAT, go-live, and post-production stabilization. Required Skills & Qualifications: Minimum 6 years of ServiceNow experience, with at least 4 years in ServiceNow SecOps. Strong hands-on experience in implementing and supporting Security Incident Response and Vulnerability Response. Experience integrating ServiceNow with external security tools and threat feeds. Solid understanding of security frameworks, incident handling, and vulnerability lifecycle. Proficiency in JavaScript, Glide API, REST/SOAP web services, and JSON/XML. Familiarity with CMDB, GRC/IRM, and ITOM modules is a plus. Knowledge of MITRE ATT&CK, NIST, or other cybersecurity frameworks. Strong analytical, troubleshooting, and problem-solving skills. Excellent communication and stakeholder management skills. Preferred Certifications: ServiceNow Certified Implementation Specialist – Security Incident Response ServiceNow Certified Implementation Specialist – Vulnerability Response ServiceNow Certified System Administrator Security certifications such as CISSP, CEH, or CompTIA Security+ are a plus. Educational Qualification: Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. Nice to Have: Experience with IRM/GRC, Threat Intelligence Platforms (TIPs), and SOAR use case design. Knowledge of DevSecOps and Agile/ITIL processes. Exposure to other ITSM/ITOM modules.

Our technology services client is seeking multiple System Administrator to join their team on a contract basis. These positions offer a strong potential for conversion to full-time employment upon completion of the initial contract period. Below are further details about the role: Role: System Administrator Experience: 1.5 - 3 Years Location: Chennai, Kolkata Notice Period: Immediate- 15 Days Mandatory Skills: VMware , Onpremise, Windows, VMare Configuration Job Description: Maintenance, Administration, Configuration, Monitoring and Troubleshooting of Windows 2012 / 2016 / 2019 / 2025 Servers. VMware vSphere Infrastructure - Installation, configuration, troubleshooting of VMware ESXi servers, Virtual appliance, vCenter, ESXI host upgrade and patching. Creating and managing VMware cluster, Enabling HA, and DRS features in a cluster. Configuration of Virtual switches, port groups and network connections Creating and managing standard templates and keeping them update. Deploying VMs from template and allocates resources as per client requirements. Security hardening of VMs and Esxi servers for security compliance. Performing snapshots, cloning, migrations of VMs Vulnerability Management - Assist in providing support and resolution for the Critical/High open vulnerabilities on Windows/ VMware Servers. Providing support to mitigate external Vulnerabilities reported by KPMG team. Coordinate with Server Owners to fix Application related vulnerabilities with the defined SLA. Providing support to raise a risk on insight360 portal for servers which have surpassed the SLA. Data Centre Operations - Installation, Configuration, Monitoring and Troubleshooting of physical servers like DELL PowerEdge, HP ProLiant, Cisco UCS servers. Coordination with OEM/Partners Technical Support Team to resolve problems. Support for Windows Defender, SOC SIEM, BigFix, Qualys, CIS CAT, SolarWinds team for installation, configuration, upgradation and troubleshooting of applications. Coordination with Backup team, Database and Network team to resolve problems. Incident and RITM Management - Work on Incidents, RITM raised for Server OS issue, backup failure, access management, performance alerts etc. Change Management – Work on Change Requests for Commission of new servers, Decommission, Operating system upgradation, IP change Activity, virtual machine CPU/Memory/Disk upgradation and others. Installation of monthly windows security updates for the on-prem windows servers. If you are interested, share the updated resume to akhila.d@s3staff.com

At Capgemini Invent, you will play a crucial role in driving transformation by blending strategic, creative, and scientific capabilities to deliver cutting-edge solutions for our clients. Your expertise in Vulnerability Management tools such as Rapid7, Qualys, and Tenable will be instrumental in implementing and managing security vulnerabilities both on-premises and in the cloud. You will also be responsible for setting up vulnerability scanning profiles and demonstrating a strong understanding of the vulnerability management lifecycle. In addition, your role will entail in-depth knowledge across various core domains including Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management. It is essential for you to possess knowledge of system security vulnerabilities, remediation techniques, and tactics, as well as the ability to effectively communicate testing findings to managers and network administrators. Your proficiency in simplifying complex technology concepts for non-technical audiences will be highly valued. Your profile should showcase a good understanding of the risk score acceptance process for vulnerabilities, the ability to generate customized reports, and support in mitigating vulnerabilities. Automation knowledge in existing processes, familiarity with Zero Day Vulnerabilities, and understanding of TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques are also important aspects of this role. Moreover, your comprehension of operating systems, applications, infrastructure, cloud computing services, OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle will be beneficial. Strong oral, verbal, and written communication skills are essential for effective collaboration and sharing of insights. Working at Capgemini offers a supportive environment with flexible work arrangements that prioritize work-life balance. You will have access to career growth programs and diverse professional opportunities tailored to your development. Additionally, you can enhance your skills with valuable certifications in cutting-edge technologies like Generative AI. Capgemini is a global leader in business and technology transformation, empowering organizations to navigate the digital and sustainable world with tangible impact. With a diverse team of over 340,000 members in more than 50 countries, Capgemini leverages its 55-year heritage to unlock the value of technology for clients worldwide. From strategy and design to engineering, the company delivers end-to-end services and solutions driven by market-leading capabilities in AI, cloud, and data, complemented by deep industry expertise and a robust partner ecosystem. In 2023, Capgemini reported global revenues of 22.5 billion, reflecting its commitment to addressing the comprehensive business needs of its clients.,

At Capgemini Invent, we believe difference drives change. As inventive transformation consultants, we blend our strategic, creative and scientific capabilities, collaborating closely with clients to deliver cutting-edge solutions. Join us to drive transformation tailored to our client's challenges of today and tomorrow. Informed and validated by science and data. Superpowered by creativity and design. All underpinned by technology created with purpose. Your role involves expertise in Vulnerability Management tools such as Rapid7, Qualys, and Tenable. You should have hands-on experience in implementing and managing security vulnerabilities both on-premises and in the cloud. Additionally, setting up vulnerability scanning profiles and a strong knowledge and understanding of the vulnerability management lifecycle are essential. It is crucial to have in-depth knowledge across all core domains including Vulnerability Management, External Attack Surface Management, Container Scanning, Cloud Security Compliance scanning, and Security Configuration Management. Understanding system security vulnerabilities, remediation techniques, and tactics is required. You should be able to comprehend vulnerability testing methodology and effectively communicate testing findings to managers and network administrators. Furthermore, the ability to communicate complex technology to non-tech audiences in a simple and precise manner is essential. Your Profile should include a good understanding of the risk score acceptance process of vulnerabilities, ability to create customized reports, support in the mitigation of vulnerabilities, and knowledge of automation in the existing process. Understanding of Zero Day Vulnerabilities and their process, TTPs, MITRE ATT&CK framework, CVSS, OSINT, and deception techniques are also important. You should have knowledge of operating systems, applications, infrastructure, and cloud computing services, along with an understanding of OWASP, CVSS, MITRE ATT&CK framework, and the software development lifecycle. Good oral, verbal, and written communication skills are necessary for this role. What you will love about working here is the recognition of the significance of flexible work arrangements to provide support. Whether it's remote work or flexible work hours, you will have an environment that allows for a healthy work-life balance. Career growth is at the heart of our mission, with an array of career growth programs and diverse professions crafted to support you in exploring a world of opportunities. Equip yourself with valuable certifications in the latest technologies such as Generative AI. Capgemini is a global business and technology transformation partner, helping organizations accelerate their dual transition to a digital and sustainable world while creating tangible impact for enterprises and society. With a responsible and diverse group of 340,000 team members in more than 50 countries, Capgemini is trusted by clients to unlock the value of technology to address the entire breadth of their business needs. The Group reported 2023 global revenues of 22.5 billion.,

Job Name: Infrastructure Security Engineer Location- Onsite- Ahmedabad Job Type- Full Time Position Overview We are seeking an experienced Infrastructure Security Engineer to join our cybersecurity team and play a critical role in protecting our organization's digital infrastructure. This position requires a versatile security professional who can operate across multiple domains including cloud security, vulnerability management/patch management, endpoint protection, and security operations. Key Responsibilities AWS Cloud Security Design, implement, and maintain security controls across AWS environments including IAM policies, security groups, NACLs, and VPC configurations Configure and manage AWS security services such as CloudTrail, GuardDuty, Security Hub, Config, and Inspector Implement Infrastructure as Code (IaC) security best practices using CloudFormation, Terraform, or CDK Conduct regular security assessments of cloud architectures and recommend improvements Manage AWS compliance frameworks and ensure adherence to industry standards (SOC 2, ISO 27001, etc.) Vulnerability Management Lead enterprise-wide vulnerability assessment programs using tools such as Nessus Develop and maintain vulnerability and patch management policies, procedures, and SLAs, regular reporting Coordinate with IT and development teams to prioritize and remediate security vulnerabilities Generate executive-level reports on vulnerability metrics and risk exposure Conduct regular penetration testing and security assessments of applications and infrastructure Patch Management Design and implement automated patch management strategies across Windows, Linux, and cloud environments Coordinate with system administrators to schedule and deploy critical security patches Maintain patch testing procedures to minimize business disruption Monitor patch compliance across the enterprise and report on patch deployment status Develop rollback procedures and incident response plans for patch-related issues Endpoint Security Deploy and manage endpoint detection and response (EDR) solutions such as CrowdStrike Configure and tune endpoint security policies including antivirus, application control, and device encryption Investigate and respond to endpoint security incidents and malware infections Implement mobile device management (MDM) and bring-your-own-device (BYOD) security policies Conduct forensic analysis of compromised endpoints when required Required Qualifications Education & Experience Bachelor's degree in computer science, Information Security, or related field Minimum 5+ years of hands-on experience in information security roles 3+ years of experience with AWS cloud security architecture and services Technical Skills Cloud Security: Deep expertise in AWS security services, IAM, VPC security, and cloud compliance frameworks Vulnerability Management: Proficiency with vulnerability scanners (Qualys, Nessus, Rapid7) and risk assessment methodologies Patch Management: Experience with automated patching tools (WSUS, Red Hat Satellite, AWS Systems Manager) Endpoint Security: Hands-on experience with EDR/XDR platforms and endpoint management tools SIEM/SOAR: Advanced skills in log analysis, correlation rule development, and security orchestration Operating Systems: Strong knowledge of Windows and Linux security hardening and administration Security Certifications (Preferred) AWS Certified Security - Specialty CISSP (Certified Information Systems Security Professional) GCIH (GIAC Certified Incident Handler) CEH (Certified Ethical Hacker) Key Competencies Strong analytical and problem-solving skills with attention to detail Excellent communication skills and ability to explain complex security concepts to technical and non-technical stakeholders Project management capabilities with experience leading cross-functional security initiatives Ability to work in fast-paced environments and manage multiple priorities Strong understanding of regulatory compliance requirements (PCI-DSS, HIPAA, SOX, GDPR) Experience with risk assessment frameworks and security governance Reporting Structure This position reports to the Engineering Manager Cyber Security and collaborates closely with IT Operations, Development Teams.

As a Security Testing professional with 3-10 years of experience in SAST/DAST/API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, your role as a part of the Infosys delivery team will encompass various responsibilities. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities to meet and exceed client expectations in the technology domain. This will involve gathering requirements and specifications to deeply understand client needs and translating them into system requirements. Additionally, you will be pivotal in estimating work requirements accurately to provide vital input on project estimations to Technology Leads and Project Managers. Your contribution will be essential in the creation of efficient programs and systems that align with client requirements and industry best practices. If you are passionate about aiding clients in their digital transformation journey and possess the required expertise, then this opportunity is tailored for you! This job opening is available in multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

Company Description We are a consulting company with a bunch of technology-interested and happy people! We love technology, we love design and we love quality. Our diversity makes us unique and creates an inclusive and welcoming workplace where each individual is highly valued. With us, each individual is her/himself and respects others for who they are and we believe that when a fantastic mix of people gather and share their knowledge, experiences and ideas, we can help our customers on a completely different level. We are looking for you who is immediate joiner and want to grow with us! With us, you have great opportunities to take real steps in your career and the opportunity to take great responsibility. Job Description We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong foundation in penetration testing and vulnerability management to join our dynamic cybersecurity team. In this role, you will be instrumental in identifying and mitigating security risks across our systems, applications, and network infrastructure. You will also lead internal and third-party penetration testing initiatives and work closely with cross-functional teams to strengthen our overall security posture. Key Responsibilities Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on systems, applications, and networks. Identify and assess security vulnerabilities using industry-standard tools and methodologies. Design and manage vulnerability management processes and drive effective remediation strategies. Coordinate and manage third-party penetration testing engagements and ensure alignment with security goals. Collaborate with IT and business teams to prioritize and remediate identified risks. Contribute to the development and maintenance of security policies, procedures, and standards. Continuously monitor systems for unauthorized access, suspicious activities, and emerging threats. Stay abreast of evolving cybersecurity trends, threat landscapes, and best practices in attack surface reduction. Required Qualifications Bachelors degree in Computer Science, Information Security, or related field. 4 to 5 years of hands-on experience in vulnerability scanning, penetration testing, and vulnerability management. In-depth knowledge of common vulnerabilities and exposures (CVEs) and attack vectors. Proficiency with tools such as Kali Linux, Qualys, Burp Suite, and other VA/PT platforms. Familiarity with security frameworks and standards (e.g., NIST, OWASP Top 10, CIS Controls). Strong analytical and problem-solving skills. Excellent written and verbal communication skills, including the ability to explain technical issues to non-technical stakeholders. Preferred Certifications (Certifications are a plus but not mandatory) OSCP, OSEP, SANS GIAC, CREST, CompTIA Security+, or similar. Start : Immediate Location : Bangalore Form of employment: Full-time until further notice, we apply 6 months probationary employment.

Responsibilities As a member of the incident/Workorder/Change handling team , you will have the following accountabilities: Will be working as an SME for Zscaler Support in Operations for ZIA, ZPA and ZDX. Assess and orchestrate the current and planned security posture for NTT data's Security infrastructure, providing recommendations for improvement and risk reduction. Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk. Support security incident response as required; First line responder to reported or detected incidents. Perform security research, analysis, security vulnerability assessments and penetration tests. Provide security audit and investigation support Monitor and track security systems for Vulnerability and respond to potential security Vulnerability. Provide support for the Vulnerability management program. Provide 24x7 support as operations team working in shifts. Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business. Skills and Experience 4 to 5 years+ in Information Security space. Strong experiance in Service Now Ticketing tool, Dashboards and Integration. Strong experience with Zscaler ZIA, ZPA and ZDX. Strong experience with Vulnerability Management Program. Strong experience with Qualys Vulnerability Management Tool. Some good to have Experience with Crowdstrike EDR and SIEM. Strong experience with multiple network operating systems, including two or more of the following: Cisco iOS, Juniper ScreenOS or Junos, Fortinet FortiOS, CheckPoint GAiA, or Palo Alto Networks PAN-OS; Tanium, Rapid 7, Nessus, Nitro ESM, Symantec SEP, Symantec Message labs, Thales encryption, Allgress, Forecpoint, Blue coat, Firepower, Cisco ISE, Carbon Black, Titus, Encase Strong oral, written, and presentation abilities. Experiance with M365 Copilot. Some experience with Unix/Linux system administration. Strong experience with logging and alerting platforms, including SIEM integration. Current understanding of Industry trends and emerging threats; and Working Knowledge of incident response methodologies and technologies. Desirable Zscaler Certifications Associate and Professional for ZIA, ZPA and ZDX. Excellent Experiance in Zscaler ZIA, ZPA and ZDX. Experiance in Vulnerability Management Program. Experiance in Qualys Vulnerability Management Tool. Well-rounded background in network, host, database, and application security. Experience implementing security controls in a bi-modal IT environment. Experience driving a culture of security awareness. Experience administering network devices, databases, and/or web application servers. Professional IT Accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CompTIA Security) Good to have. Abilities Non customer facing role but an ability to build strong relationships with internal teams, and security leadership, is essential act as Incident co-ordinator, for reviewing all security tools, ingesting incident data, tracking incident status, coordinating with internal and external assets to fulfill information requirements, and initiating escalation procedures. Document daily work and new processes. Embrace a culture of continuous service improvement and service excellence. Stay up to date on security industry trends.

Key Responsibilities: Vulnerability Triage & Risk Assessment Review and analyze vulnerability findings from tools (e.g., Snyk, Trivy, Aqua, Qualys, etc.). Prioritize vulnerabilities based on severity, exploitability, and business impact. Maintain a backlog of security issues and actively track remediation progress. Code-Based Remediation Support Partner with developers to remediate vulnerabilities across multiple languages including TypeScript, Python, JavaScript, Java, Ruby, Go, HCL, Shell, and SQL variants. Provide secure coding guidance and implement secure development patterns. Assist in refactoring insecure legacy code. Container Security & Infrastructure Hardening Remediate vulnerabilities in Docker images, base OS layers, and Kubernetes (AKS) configurations. Harden CI/CD pipelines and container orchestration using IaC (Terraform, HCL). Manage and maintain secure container images in registries. Pipeline Integration & Automation Integrate security tools into CI/CD workflows (e.g., GitHub Actions, Azure DevOps). Automate remediation suggestions and enforce policy gates for critical vulnerabilities. Write scripts and automation in Shell, Python, and Go for security enforcement. Cross-Team Collaboration Act as a bridge between development, security, and DevOps teams. Host working sessions and knowledge transfers on remediation strategies and DevSecOps best practices. Drive secure SDLC adoption across engineering teams. Documentation & Reporting Maintain clear documentation on remediation strategies, architecture decisions, and tool configurations. Provide metrics and reports to leadership on vulnerability trends and remediation velocity.

Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks. Key Roles You will be responsible for managing and maintaining the VMDR and CASB platform. Your primary role will involve deploying, configuring, and optimizing the CASB system to ensure effective vulnerability monitoring, security incident monitoring and threat intelligence correlation. You will collaborate with security analysts, network engineers, and other IT teams to implement and maintain a robust security infrastructure. Hands-on experience working with Configure, schedule, and execute authenticated and unauthenticated vulnerability scans across diverse infrastructure assets (servers, workstations, network devices, cloud instances, databases) using Qualys VMDR and associated modules. Manage and maintain the Qualys scanning infrastructure, including scanner appliances and cloud agents. Prioritize vulnerabilities based on severity (CVSS scores), exploitability (e.g., leveraging Qualys Threat Protection data, known exploits), asset criticality, and potential business impact. Create and maintain dashboards within Qualys to provide real-time visibility into the vulnerability landscape and remediation status Configure, deploy, and manage policies across the organization's CASB platform (e.g., Microsoft Defender for Cloud Apps, Netskope, McAfee MVISION Cloud, or similar) to monitor and control cloud application usage. Troubleshoot integration issues, data ingestion problems, and policy misconfigurations across supported cloud platforms. Monitor and report KPIs such as cloud usage trends, policy violation frequency, DLP incident metrics, and sanctioned app compliance. Collaborate with application owners, IT, and InfoSec teams to enforce governance on cloud usage and third-party integrations. How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterized by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognize there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Our technology services client is seeking multiple System Administrator to join their team on a contract basis. These positions offer a strong potential for conversion to full-time employment upon completion of the initial contract period. Below are further details about the role: Role: System Administrator Experience: 1.5 - 3 Years Location: Chennai, Kolkata Notice Period: Immediate- 15 Days Mandatory Skills: VMware , Onpremise, Windows, VMare Configuration Job Description: Maintenance, Administration, Configuration, Monitoring and Troubleshooting of Windows 2012 / 2016 / 2019 / 2025 Servers. VMware vSphere Infrastructure - Installation, configuration, troubleshooting of VMware ESXi servers, Virtual appliance, vCenter, ESXI host upgrade and patching. Creating and managing VMware cluster, Enabling HA, and DRS features in a cluster. Configuration of Virtual switches, port groups and network connections Creating and managing standard templates and keeping them update. Deploying VMs from template and allocates resources as per client requirements. Security hardening of VMs and Esxi servers for security compliance. Performing snapshots, cloning, migrations of VMs Vulnerability Management - Assist in providing support and resolution for the Critical/High open vulnerabilities on Windows/ VMware Servers. Providing support to mitigate external Vulnerabilities reported by KPMG team. Coordinate with Server Owners to fix Application related vulnerabilities with the defined SLA. Providing support to raise a risk on insight360 portal for servers which have surpassed the SLA. Data Centre Operations - Installation, Configuration, Monitoring and Troubleshooting of physical servers like DELL PowerEdge, HP ProLiant, Cisco UCS servers. Coordination with OEM/Partners Technical Support Team to resolve problems. Support for Windows Defender, SOC SIEM, BigFix, Qualys, CIS CAT, SolarWinds team for installation, configuration, upgradation and troubleshooting of applications. Coordination with Backup team, Database and Network team to resolve problems. Incident and RITM Management - Work on Incidents, RITM raised for Server OS issue, backup failure, access management, performance alerts etc. Change Management – Work on Change Requests for Commission of new servers, Decommission, Operating system upgradation, IP change Activity, virtual machine CPU/Memory/Disk upgradation and others. Installation of monthly windows security updates for the on-prem windows servers. If you are interested, share the updated resume to madhuri.p@s3staff.com

As a member of our team, your main responsibility will be to evaluate new and existing security vulnerabilities sourced both internally and externally. You will need to determine their relevance, document the impact, and devise a remediation strategy in a format that is understandable to our customers. Your focus will encompass a wide range of technologies, including major cloud hosting environments, Linux servers, specialized hardware, various coding languages, and virtualization technologies. The ideal candidate will possess the ability to comprehend the technicalities of security, evaluate risks, and communicate these complex concepts in a clear and simple manner. Your tasks will include: - Reviewing vulnerability scan reports - Monitoring external sources for new vulnerabilities - Assessing the applicability of vulnerabilities within context - Determining the real impact of vulnerabilities - Documenting findings and disclosures for each vulnerability and sharing them with customers - Negotiating disclosure timing with external researchers - Monitoring remediation progress and updating documentation - Participating in Security Incidents related to urgent vulnerabilities - Providing metrics and statistics Minimum Qualifications: - At least five (5) years of relevant experience (including indirectly related experience) - Strong team player - Ability to interpret and communicate CVEs to both technical and non-technical audiences - Familiarity with hacking techniques and programming languages - Knowledge of risk evaluation - Proficiency in the MS Office suite - Excellent written and verbal communication skills - Ability to adapt quickly to changing priorities - High school diploma, GED, or equivalent professional experience - Flexibility in terms of work location Preferred Qualifications: - Experience in evaluating security risks within a production environment - Familiarity with Jira - Direct customer communication experience - Proficiency in at least one of the following languages: Python, Go, Java, or C - Experience with scan reports from various tools like Snyk, Qualys, Crowdstrike, Inspector, Vdoo, or Binwalk - Remote work experience across different time zones and cultures - Security certifications such as CISSP, CRISC, AWS SCS, etc. - Ability to work flexible hours Join our team today and be part of a dynamic environment where your expertise in cybersecurity will be valued and utilized to make a real impact.,

Key Responsibilities Lead a team of L1 and L2 engineers in shift. Work balancing of tickets across the shifts. Ensure shift handover. Manage the Quality audits of the L1 and L2 offense analysis. Support the Project Manager with escalations and timely RCA of incidents. Training of L1 and L2 resources on latest attack vectors and log analysis. Work with the SIEM Engineering team to fine tune the use cases and content on the SIEM platform. Bring down the false positives to a manageable level. Manage the work pressure on the project and keep the team alert and manage their work life balance. Ensure timely preparation of daily/weekly/monthly reports. Desired Qualifications Sound Cyber Security Principles and well versed in security domains of Endpoint , Network, Database, Cloud Security technologies like IPS, WAF, Firewall, Deception, Cloud Security, AV, EDR, . Conduct senior level log analysis, proactive monitoring, mitigation & response to network & security incidents. Triage security events and carry out incident response steps. Implement & Maintain Extensive Security Operation Policies and procedures documentation including AWS cloud Proactively Hunt & research potential malicious activity using tool like Cortex, Shodan, Qrdar etc. Identify Indicator of Compromise through static & dynamic analysis of commodity and 0-day malware Perform advanced security event detection and threat analysis for complex and/or escalated security events. QRadar , Demisto/XSOAR , Qualys, MITRE Framework Attack Methodology. Preferred Certifications T&T - Cyber | Deputy Manager IBM QRadar SIEM Certification. CISSP, CEH, CISM, or other relevant security certifications. Location and way of working : Base location: Mumbai/Navi Mumbai Professional is required to work from office Your role as Consultant/Sr Consultant. (ref:hirist.tech)

Responsibilities As a member of the incident/Workorder/Change handling team , you will have the following accountabilities: Will be working as an SME for Zscaler Support in Operations for ZIA, ZPA and ZDX. Assess and orchestrate the current and planned security posture for NTT data’s Security infrastructure, providing recommendations for improvement and risk reduction. Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk. Support security incident response as required; First line responder to reported or detected incidents. Perform security research, analysis, security vulnerability assessments and penetration tests. Provide security audit and investigation support Monitor and track security systems for Vulnerability and respond to potential security Vulnerability. Provide support for the Vulnerability management program. Provide 24x7 support as operations team working in shifts. Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business. Skills And Experience 4 to 5 years+ in Information Security space. Strong experiance in Service Now Ticketing tool, Dashboards and Integration. Strong experience with Zscaler ZIA, ZPA and ZDX. Strong experience with Vulnerability Management Program. Strong experience with Qualys Vulnerability Management Tool. Some good to have Experience with Crowdstrike EDR and SIEM. Strong experience with multiple network operating systems, including two or more of the following: Cisco iOS, Juniper ScreenOS or Junos, Fortinet FortiOS, CheckPoint GAiA, or Palo Alto Networks PAN-OS; Tanium, Rapid 7, Nessus, Nitro ESM, Symantec SEP, Symantec Message labs, Thales encryption, Allgress, Forecpoint, Blue coat, Firepower, Cisco ISE, Carbon Black, Titus, Encase Strong oral, written, and presentation abilities. Experiance with M365 Copilot. Some experience with Unix/Linux system administration. Strong experience with logging and alerting platforms, including SIEM integration. Current understanding of Industry trends and emerging threats; and Working Knowledge of incident response methodologies and technologies. Desirable Zscaler Certifications Associate and Professional for ZIA, ZPA and ZDX. Excellent Experiance in Zscaler ZIA, ZPA and ZDX. Experiance in Vulnerability Management Program. Experiance in Qualys Vulnerability Management Tool. Well-rounded background in network, host, database, and application security. Experience implementing security controls in a bi-modal IT environment. Experience driving a culture of security awareness. Experience administering network devices, databases, and/or web application servers. Professional IT Accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CompTIA Security) Good to have. Abilities Non customer facing role but an ability to build strong relationships with internal teams, and security leadership, is essential act as Incident co-ordinator, for reviewing all security tools, ingesting incident data, tracking incident status, coordinating with internal and external assets to fulfill information requirements, and initiating escalation procedures. Document daily work and new processes. Embrace a culture of continuous service improvement and service excellence. Stay up to date on security industry trends.

We are seeking a talented Security Engineer to join our team. The ideal candidate should have a strong background in production security, DevSecOps, and extensive experience with SDLC practices and multiple security tools, including but not limited to Qualys, Black Duck, and JFrog X-ray. As a Security Engineer, you will be responsible for ensuring robust security practices and implementing cutting-edge security measures to protect our systems and data. Vulnerability Management The core responsibilities for the job include the following: Own end-to-end vulnerability lifecycle for a given Business Unit, consisting of multiple enterprise-level products. (SaaS and on-prem). Triage, track, Correlate, and remediate vulnerabilities from tools like Black Duck, Prisma Cloud, Qualys, Jfrog Xray, etc. Understanding the working of these tools and mapping in a common tool. Coordinate with business security leads to plan patching strategies and risk mitigation. Security Automation Integrate security scanning tools into common tools. In progress and SLA tracking for all the vulnerabilities, and will work closely with the respective business units. Develop dashboards and reports for compliance and leadership visibility. Write a high-level design to automate a few of the manual tasks. Collaboration And Governance Work cross-functionally with product teams and stakeholders. Contribute to security policies, standards, and best practices. Participate in incident response and post-mortem analysis. Requirements Publish security advisories on high-priority vulnerabilities (CVEs). Helping Junior team members with security aspects. Kubernetes, container build pipeline, and repository platform knowledge are a plus. Familiarity with vulnerability scoring models like CVSS, EPSS, and BDSA. This job was posted by Helora Padmini from Squareshift.

Role Proficiency: Maintain and improve security posture by identifying scoping and prioritizing vulnerabilities in our systems. Provide guidance and drive accountability of risk-based vulnerability remediation across business and technology teams. Outcomes: Identification of vulnerabilities in the organization's network and IT infrastructure. Identification of risk for the company and the required remediation performed. Perform gap analysis of current vulnerability remediation policies and processes versus industry best practices for the client and identify opportunities for improvement. Vulnerabilities prioritization based on their severity and impact. Accountable for the identification and subsequent use of remedial methods to improve the outcome Measures of Outcomes: Average time to action Mean time to remediation Rate Of Recurrence Total Risk Remediated Average Vulnerability Age Provide 3-5 reports and analysis follow-up on a weekly basis Provide at least 2 vulnerability analysis Produce 2 reports for management in each quarter Own and manage at least 2 identified threats & vulnerabilities Outputs Expected: Daily Activities : Daily/Weekly/Monthly Reports on the status of the Platform Execute the latest 1 threat variants to test detection and prevention capabilities. Priority assistance in agent upgrades (scenarios include - Agent update patching) Creating one Standard policy recommendation and configuration according to environment each month. IOC & IOA management. Security research community: Stay on top of the security research community. Will be up to date on current attacks campaigns and trends to initiate innovative research activities. Continuous Learning innovation and optimization: Ensure completion of the learning program suggested by Managers Suggest ideas that will help innovation and optimization of processes Skill Examples: Experience in IT optimally in Security with exposure to infrastructure and application vulnerability scan configurations vulnerability assessments and vulnerability management Good understanding of network protocols design and security operations Strong analytical skills and efficient problem solving Proficient in scripting languages such as Python Security hardening techniques and hardening standards patching Ability to design and document security operational procedures Understanding of attacker behaviors and techniques is required. Knowledge Examples: Knowledge Examples A strong understanding of the current threat landscape including the latest tactics tools and procedures common malware variants and effective techniques for detecting this malicious activity. Familiarity with basic security concepts in vulnerability management network security systems administration or other areas of technology is required. Hands-on experience with Vulnerability management tools such as Spotlight Rapid7 Nessus Tenable or Qualys. Knowledge of security principles techniques and technologies Knowledge in exploit development. Security certifications such as CEH GPEN GSEC CISSP. Additional Comments: # Areas Must to Have 1 Vulnerability Operations The candidate should have hands-on experience in vulnerability handling within large-scale or regulated environments (preferably financial services). strong understanding of theVulnerability management process including vulnerability lifecycle, including asset discovery, scanning, CVSS-based prioritization, remediation. Experience implementing or improving vulnerability lifecycle workflows Ability to interpret threat feeds (e.g., CISA KEV, AlienVault OTX, ThreatConnect) and map those threats to assets. Oversee vulnerabiliy consolidation system and promptly report any operational issues Monitor the health of interconnected environments updating the central planning platform,escalate and resolve failures, and coordinate with the internal engineering team. Ensure clear and concise senior management reporting Coordinating and leading regular meeting with internal business team focussed on vulnerability management 3 Stakeholder Management & Soft skills Experience in influencing and managing stakeholder with strong interpersonal skills to build relationships and collaborate within teams Strong communication skills to effectively coordinate with global infrastructure, application, and compliance teams. Skillled in preparing reports and presentations for senior management and delivering them to large audience 4 Tools and Technologies Experience in using Microsoft teams,JIRA Skilled in MS Excel for data analysis, including filtering, pivoting, and dashboarding Experience in analyzing large datasets to identify issues and gaps Proficient in Servicenow and Confluence 5 Education and experience Bachelor's degree in Computer Science, Engineer or Related field Minimum of 5 years in cybersecurity, specifically in vulnerability management, risk management, or cyber operations Good to have Knowledge of API, python Scripting Prior experience in handling JIRA tickets Expertize in Advanced excel or any other reporting tools Required Skills Advanced Excel,Vulnerability Management,Patch Management

Ankura is a team of excellence founded on innovation and growth. Location: Conditional Remote / Gurgaon Hours: 40 hours a week Reporting: Director - Threat Detection Operations (TDO) Duties include providing On-Job Training to fellow Senior Analysts and Analysts, continuous monitoring of Security Information Event Management (SIEM), EDR, XDR and related platforms for correlated events and alerts and working with the client to take action. Senior Analysts leverage events to determine the impact, document possible causes, and provide useful information to clients. A deep understanding of various commercial and open-source network sensors, intrusion detection systems, and event log correlation engines is required as senior analysts are expected to deliver enhanced threat awareness and knowledge through research and continuous improvement of use cases, signatures, and metrics. Expected to help automate anomaly detection and alerting while documenting security incidents, processes, investigations, and remediation efforts. Senior Analysts are also expected to maintain open communication and visibility with their team members, Directors, and Clients. Usually, employees will be permitted to work remotely in the current operational setup however that setup may change based on company and/or business needs, with or without notice. It may also be considered a conditional privilege as the employees are personally responsible to maintain uninterrupted availability and communication via all official channels throughout their designated shifts. If the employee's performance cannot be satisfactorily ascertained by their manager or the employee is unable to adapt to work without disturbance, they may be called upon to work out of the company’s office. CAPABILITIES Knowledge of IR process, ticketing tools, Knowledgeable in various IR response commands related to Windows, Linux Strong knowledge on advanced attack techniques related to Endpoints and servers, Threat hunting using EDR/XDR. Experience in handling latest attack techniques LOLBAS, fileless malware etc. Experience in monitor globally emerging threats, vulnerabilities, malicious activities etc. research about the same and reports to concerned teams and management for proactive actions. Must have knowledge of various OSINT tools: VirusTotal, Cisco Talos Intelligence, IBM X-force Exchange, URL.io etc. during the investigation of security alerts. Capable to handle a team of L1 analysts, impart training etc Must have experience of Vulnerability management to identify emerging risks in organization's environment using Qualys, Nessus, MS-Defender etc Knowledgeable about Automation and SOAR Must have the necessary experience to conduct initial triage and in depth analysis of security events and incidents; determine the priority, criticality, and impact; facilitate communication within the client's SOC, escalate to the for containment and remediation, and document/journal progress throughout the Incident Response Lifecycle within the respective service level objectives. Required to have experience in conducting research analysis and data gathering requirements to present in a report format. Should be detail-oriented and able to work independently and communicate effectively both verbally and in writing.Must be flexible enough to work in a 24x7 rotational shift setup, including overnight, weekend, and national holidays. TECHNICAL Emerging SIEM/XDR such as MS Azure Sentinel, SentinelOne Experience with security tools: Nessus, Burpsuite, Acunetix, Kali Linux Strong knowledge on XDR tools such as Sentinel One, Cortex, CrowdStrike, Microsoft etc Understanding of KQL, Lucene, Python, and/or other similar programming/query/scripting languages Proficient in finetuning detection rules of XDR, creation of SOPs, Playbooks for various scenarios and techniques EDUCATION, EXPERINCE, TRAINING & CERTIFICATIONS Minimum Experince in SOC/IR/VM 4 yrs plus Preferred to have a degree in CS/IT or a Masters's Diploma in the field of IT Security. Certifications such as CEH, Security+ CHFI,ACE, and specific to vendor XDR tools SentinelOne cortex, Microsoft CrowdStrike etc COMMUNICATION Comfortable working in a remote work environment including web-based team management and collaboration applications, and time-keeping systems e.g. Slack, Microsoft Teams, Intapp, and Workday. Ability to communicate complex ideas effectively, both verbally and in writing in English and the local office language(s) Able to provide reports showing progress or achievement of assigned goals and responsibilities as required. Must be an active listener and ask questions of others when clarity is needed Ability to gain an understanding of client needs and apply analytic reasoning Demonstrates proactive engagement in meetings and process discussions KEY PERFORMANCE INDICATORS Analyze client networks for threats using analytical platforms for event monitoring such as NSM, SIEM, UEBA, ETDR. Deliver client reports based on analyses that are timely, high quality, and accurate. Understand and support incident response and triage Improve reporting to avoid ‘analysis paralysis’. Develop new skills within analytical platforms INDIVIDUAL & TEAMWORK Must be able to effortlessly switch between independent and team-based work Understands that the work product is dependent on team efforts and remains responsive to internal and external deadlines Able to share expertise and experience with team members to encourage growth and shared success Able to maintain focus and attention to detail for sustained periods of time Engaged in supporting the development and growth of all team members GROWTH MINDSET Can receive and provide feedback in a constructive manner that leads to the growth of self and others. Displays perseverance of effort and passion for a long-term goal and end state. Works well under timelines and puts in extra effort as required to meet timelines. Self-motivated to identify areas for team & process improvement and collaborate with others to develop creative solutions LEADERSHIP TRAITS Willing to adapt leadership skills to support larger and more complex projects. Work product for self and team is consistently of excellent quality and efficiency. Respectful and professional in all interactions with team members, clients, and colleagues. Maintains composure and calm disposition under high-pressure or stressful circumstances. #LI-JK1 Ankura is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability. Equal Employment Opportunity Posters, if you have a disability and believe you need a reasonable accommodation to search for a job opening, submit an online application, or participate in an interview/assessment, please email accommodations@ankura.com or call toll-free +1.312-583-2122. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues unrelated to a disability, will not receive a response.

🔐 We're Hiring: Cyber Security Expert (4–5 Years Experience) 📍 Location : CS Soft Solutions Pvt. Ltd., I-18, Sector 101, IT City Rd, JLPL Industrial Area, Sahibzada Ajit Singh Nagar, Punjab – 160062 📧 Email: shivani-kanwar@cssoftsolutions.com At CS Soft Solutions, we're not just about building digital products—we’re about building trust in every digital interaction. We're expanding our cybersecurity division and are on the lookout for a Cyber Security Expert who’s ready to take ownership, drive strategic initiatives, and protect our clients across industries. 🚀 Key Responsibilities : Act as a trusted advisor to clients, assessing posture & identifying risks Conduct vulnerability assessments, penetration tests & risk analyses Design and implement tailored cybersecurity policies & frameworks Respond to incidents & coordinate response with internal and client teams Ensure compliance (GDPR, HIPAA, ISO 27001, NIST, SOC 2) Lead client workshops, trainings, and briefings Collaborate with DevOps, IT, and Engineering for secure solution design Engage directly with CXOs to understand needs & propose solutions Drive proposal creation, pre-sales, and client success Mentor and lead junior cybersecurity professionals ✅ Required Qualifications : Bachelor’s/Master’s in Cybersecurity, InfoSec, or related field 5+ years hands-on cybersecurity experience Expertise in threat detection, incident response, and network security Hands-on with SIEMs (Splunk, QRadar), Nessus, Qualys, Metasploit, etc. Cloud security exposure (AWS, Azure, GCP) Knowledge of compliance & frameworks (ISO 27001, NIST, SOC 2) Industry exposure: IT, BFSI, Healthcare, Manufacturing Certifications Preferred: CEH, CISSP, OSCP, CISM, ISO 27001 LA/LI 💡 Nice to Have : MSSP or cybersecurity consulting experience DevSecOps and secure SDLC familiarity Forensics or threat hunting background 🧠 Key Traits : Strategic mindset with strong business acumen Excellent communication & client-handling skills Ownership-driven, independent, and team-oriented 📩 If you're passionate about securing digital transformation journeys and thrive in a dynamic, high-growth environment—CS Soft wants you on board! #CyberSecurityJobs #HiringNow #CSSoftSolutions #InformationSecurity #CybersecurityExpert #MSSP #ISO27001 #SIEM #DevSecOps #CloudSecurity #CISSP #OSCP #JoinOurTeam