369 Qualys Jobs - Page 12

ECI is the leading global provider of managed services, cybersecurity, and business transformation for mid-market financial services organizations across the globe. From its unmatched range of services, ECI provides stability, security and improved business performance, freeing clients from technology concerns and enabling them to focus on running their businesses. More than 1,000 customers worldwide with over $3 trillion of assets under management put their trust in ECI. At ECI, we believe success is driven by passion and purpose. Our passion for technology is only surpassed by our commitment to empowering our employees around the world . The Opportunity: ECI is looking for a Network Compliance Engineer to join our Network Engineering Department within a dynamic (MSP) environment. This role is critical in ensuring that both internal and client network infrastructures adhere to industry regulations, security policies, and best practices. You will collaborate with network engineers, security teams, and clients to implement and maintain network compliance frameworks, ensuring secure, reliable, and scalable network environments. As a Network Compliance Engineer, you will be responsible for performing assessments, audits, and remediation efforts, ensuring networks are compliant with relevant regulatory standards such as SOC 2, PCI-DSS, HIPAA, NIST , and other industry-specific requirements. This is an onsite role. What you will do: Ensure Compliance: Conduct regular compliance assessments for internal and client network infrastructure, ensuring they meet industry standards (SOC 2, HIPAA, PCI-DSS, NIST, ISO 27001) and internal security policies. Documentation & Reporting: Develop and maintain network compliance documentation, including risk assessments, configuration baselines, security policy compliance, and audit evidence for clients. Audits & Reviews: Perform network audits to verify compliance with established network security policies, best practices, and relevant industry regulations. Collaboration: Work closely with network engineers and security teams to design, implement, and maintain compliant network solutions for client environments. Remediation & Gap Analysis: Identify and track compliance gaps or vulnerabilities within client networks, and work to remediate those issues with network engineering teams. Compliance Monitoring: Use network monitoring tools (e.g., SolarWinds, PRTG) to continuously assess network configurations and activities for compliance and security risks. Client Interaction: Serve as a compliance advisor for clients, guiding them on how to align their network infrastructures with regulatory and security requirements. Incident Response: Support the incident response process when network-related compliance breaches or security incidents are detected, ensuring corrective actions are implemented. Training & Awareness: Educate and train internal teams and clients on compliance best practices, network security policies, and regulatory requirements. Continuous Improvement: Stay up to date with industry trends, evolving regulations, and emerging threats, integrating those insights into compliance strategies. Who you are: Bachelor’s degree in Information Technology, Network Engineering, Cybersecurity, or a related field (or equivalent work experience). 3+ years of experience in network engineering or network compliance, preferably in an MSP environment. Solid understanding of network protocols, including TCP/IP, VLANs, VPNs, firewalls, NAT, and routing (OSPF, BGP). Hands-on experience with firewall technologies (e.g., Fortinet, Cisco ASA, Palo Alto) and network monitoring tools (e.g., SolarWinds, PRTG, Auvik). Familiarity with industry standards and regulations like SOC 2, HIPAA, PCI-DSS, NIST, and ISO 27001. Strong analytical skills with the ability to assess and resolve network compliance issues. Excellent written and verbal communication skills, particularly for documentation and client-facing interactions. Bonus points if you have: Certifications such as CompTIA Security+, CCNA Security, CISSP, CISA, PCNSE, or Fortinet NSE. Experience with cloud networking, including AWS or Azure compliance standards. Exposure to SIEM tools (e.g., Splunk, LogRhythm) and vulnerability management tools (e.g., Nessus, Qualys). Familiarity with MSP platforms like ConnectWise, Datto, N-Able, or Autotask. Ability to work with cross-functional teams (e.g., security, DevOps, IT) to enforce security policies. ECI’s culture is all about connection – connection with our clients, our technology and most importantly with each other. In addition to working with an amazing team around the world, ECI also offers a competitive compensation package and so much more! If you believe you would be a great fit and are ready for your best job ever, we would like to hear from you! Love Your Job, Share Your Technology Passion, Create Your Future Here! Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! We are seeking a talented Lead Software Engineer to work on Qualy's next-generation security product. Working with a team of engineers and architects, you will be responsible for prototyping, designing, developing, and supporting a highly scalable SaaS-based cloud security product. You will get to team up with incredibly talented and highly motivated engineers and architects innovating on product processing over millions of transactions and terabytes of data per day. Responsibilities Research, prototype, and develop solutions to innovate and improve Qualys' security products. Co-develop Qualy's best-in-class next-generation SaaS application. Create high-performance APIs, libraries, and microservices that scale to meet/exceed the demands of processing over millions of transactions and terabytes of data per day. Produce high-quality software following good architecture and design principles that you and your team will find easy to work with in the future. Research, evaluate, and adopt next-generation technologies. Designing and implementing microservices that use the Spring boot framework. Act as a technical mentor to the team and guide team members Review code and set best practices for design, coding, and unit testing Lead product modules independently and collaborate with multiple stakeholders Requisite Qualifications Excellent programming and designing skills with 8+ years of hands-on experience in Java back-end development and skills with Spring-boot framework. Messaging middleware using Kafka . In-memory caching using Redis, Memcached, etc. Strong Java programming skills including object-oriented design, prototyping, development, testing, profiling, etc. Understand data structures and algorithms Expertise with RDBMS systems (preferably Oracle) Experience with NoSQL databases (preferably Cassandra) Knowledge of Docker, Kubernetes, Jenkins, and related CI/CD tools Ability and skill to debug & solve complex issues in a high-performing environment Desired Qualifications Bachelors/Masters in Computer Science or equivalent Show more Show less

Job Title: Senior SOC Analyst (SIEM, Threat Hunting & Incident Response) Department: Cybersecurity & IT Risk Management Reports To: CISO / Director – Cybersecurity & GRC Location: Manesar, Haryana (On-site at Client Location) Employer: VVNT SEQUOR, Noida Summary: VVNT SEQUOR is hiring a Senior SOC Analyst to strengthen the cybersecurity posture of a leading client in Manesar, Haryana. This is a full-time on-site role requiring deep hands-on expertise in threat detection, incident response, SIEM management, and vulnerability assessments. As a senior member of the Security Operations Center (SOC), you will lead advanced threat-hunting efforts, optimize detection logic, and ensure rapid response to cybersecurity events. Your key responsibilities will include: Leading 24x7 SOC operations , threat monitoring, triage, and escalations using tools like ArcSight, Splunk, and ELK . Creating and fine-tuning correlation rules , dashboards, and playbooks to enhance detection capabilities. Executing proactive threat hunting using MITRE ATT&CK , EDR telemetry, threat intel feeds, and custom threat models. Coordinating and leading incident response , performing forensic investigations using CHFI methodologies , memory analysis, and endpoint data. Performing and overseeing Vulnerability Assessment & Penetration Testing (VAPT) using Nessus, Qualys, OpenVAS, Metasploit , and Burp Suite . Managing EDR and SOAR platforms , integrating automated responses and threat intelligence feeds. Administering and securing firewalls (FortiGate, Palo Alto), WAFs, IDS/IPS, and Anti-DDoS infrastructure. Maintaining compliance with ISO 27001, NIST CSF, and internal security baselines , conducting regular audits and patch validations. Documenting Root Cause Analyses (RCA) , incident timelines, and post-incident review reports. Leading security awareness programs (e.g., KnowBe4) and mentoring junior analysts. We are looking for someone with: Bachelor's degree in Cybersecurity, Information Security, or related field. 7–9 years of SOC and cybersecurity operations experience. Strong knowledge of SIEMs (e.g., ArcSight, Splunk), EDRs (CrowdStrike, SentinelOne) , and log correlation techniques . Proven skills in threat analysis, IOC handling, malware analysis , and incident lifecycle management . Working experience with security automation (SOAR) and scripting (e.g., Python, PowerShell) for response actions. Solid understanding of MITRE ATT&CK, NIST 800-61, OWASP Top 10 , and compliance mandates . Proven experience in writing technical incident reports, security playbooks, and conducting RCA. Bonus points for: Certifications like CEH, CHFI, Security+, GCIA, GCFA, Splunk Certified Analyst, PCNSE . Experience with Tripwire SCM, KnowBe4 , or cloud-native security tools (AWS GuardDuty, Azure Sentinel). Exposure to OT/ICS security , manufacturing, or automotive environments. Familiarity with Purple Teaming, Red Team/Blue Team drills , and Threat Intelligence Platforms (TIPs) . Why join VVNT SEQUOR? Lead and influence real-time SOC strategies for a mission-critical enterprise. Gain hands-on experience with top-tier cybersecurity technologies and threat landscapes. Subsidized Cab and Lunch facilities at client site. Work in a client-focused, innovation-driven cybersecurity environment. To Apply: Please submit your resume along with the cover letter to chaitali@vvntsequor.in or parveen.arora@vvntsequor.in Also, you can connect over WhatsApp +91-9891810196 or +91-8802801739 IMPORTANT: Do mention clearly to Job Role that you are applying for along with your Last Salary Drawn information as well as your Earliest Joining Date in your covering letter or email. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Qualys is looking for a UX writer, who will be responsible for customer delight! You are an advocate for Qualys design, shaping product experiences by creating useful, meaningful text that helps users to complete tasks. You help to set the vision for content and drive cohesive product narratives across platform. As a UX writer, your portfolio of work demonstrates content that simplifies and beautifies the overall user experience. You work with people in a variety of UX design-related jobs including UX researchers, product managers, engineers. You regularly use empathy, logic and data to inform content choices and recommendations that include the right words and sometimes complementary data and images. You use your gift for language to design intuitive, delightful product experiences that help users accomplish their goals. Responsibilities: Writing UI text: Crafting the words that guide users through an interface, including button labels, error messages, onboarding flows, and confirmation dialogs. Creating and maintaining style guides: Establishing voice, tone, and terminology standards that ensure consistency across a product or organization. Participating in UX research: Working closely with UX researchers to conduct usability studies, analyze how users interact with content, and refine messaging based on insights. Collaborating with product teams: Partnering with UX designers, product managers, and engineers to ensure content aligns with the overall design and user experience. Optimizing accessibility: Ensuring text is inclusive and readable for all users, including those using assistive technologies. Testing and iterating content: Conducting A/B tests, gathering user feedback, and continuously refining content to improve usability. Writing for conversational interfaces: Creating chatbot scripts, voice assistant responses, and AI-driven customer interactions. Contributing to AI model training: Assisting in training AI-powered features by refining system prompts, structuring training datasets, and ensuring AI-generated content aligns with UX writing best practices. Qualifications: Bachelor's degree in English, Journalism, Communication, Literature, Business, Marketing, a related field, or equivalent practical experience. 4+ years of experience in writing, editorial, marketing, UX writing for web and mobile platforms. Experience on UX-focused product writing and shaping content for multi-disciplinary projects. Portfolio highlighting UX-focused writing samples and style guidelines. Knowledge of cyber security domain Show more Show less

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Security Platform Engineer is a seasoned subject matter expert, responsible for facilitating problem resolution and mentoring for the overall Global Data Centers Office of Information Security (GDC-OIS) team. This role performs important tasks specialized at threat hunting, Crowdstrike, Network Security and other operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content maintenance (tuning). The Security Platform Engineer is responsible for detecting and monitoring escalated threats and suspicious activity affecting the organization's technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). Key Responsibilities What you'll be doing Works as part of a 24/7 global team in IT/OT environment. ICS and SCADA knowledge preferred. Administers the organization's security tools to gather security logs from the environment and performs lifecycle management, including break-fix, patching, and live updates. Performs security incident handling and response from various vectors, including endpoint protection, enterprise detection and response tools, attack analysis, malware analysis, network forensics, and computer forensics. Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results, prioritizes vulnerabilities based on severity, impact, and exploitability, and provides detailed remediation recommendations to system owners, administrators, and IT teams. Monitors security alerts and maintains awareness of new threats and vulnerabilities to identify potential risks. Reads reports, makes risk assessments, works to detect the source of attacks, and tests current defenses against threats. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Identifies opportunities to make automations that will help the incident response team. Ensures usage of knowledge articles in incident diagnosis and resolution and assists with updating as required. Investigates causes of incidents, seeks resolution, and escalates unresolved incidents, following up until resolved. Provides service recovery following the resolution of incidents and documents and closes resolved incidents according to agreed procedures. Maintains knowledge of specific , provides detailed advice regarding their application, and ensures efficient and comprehensive resolution of incidents. Logs all incidents in a timely manner with the required level of detail and cooperates with all stakeholders, including client IT environments, vendors, and carriers, to expedite diagnosis of errors and problems and identify a resolution. Analyzes data from various sources, including network traffic, email logs, malware files, web server logs, and DNS records, to identify potential risks and improve security measures Leads projects, self-starter, and performs any other related task as required. KNOWLEDGE & ATTRIBUTES Seasoned working knowledge on implementation and monitoring of any SIEM or security tools/technologies. ICS and SCADA knowledge preferred Seasoned knowledge on security architecture, worked across different security technologies. Customer service orientated and pro-active thinking. Problem solver who is highly driven and self-organized. Great attention to detail. Good analytical and logical thinking. Excellent spoken and written communication skills. Team leader with the ability to work well with others and in group with colleagues and stakeholders. Academic Qualifications & Certifications Bachelor's degree or equivalent in Information Technology or related field. Relevant level of Security certifications such as CySA+, PenTest+, CCSP, GCIH, OSCP, etc. preferred. Relevant level of IT certifications such as GRID, GICSP, AZ-500, SC-200, etc. will be added advantage. Required Experience Seasoned experience in Security technologies like (SIEM, PAM, IAM, PenTest, Threat Hunting, Firewall, Proxy etc.) preferably within a global IT services organization. Prior experience of working into Security Operation centers of a Data Center will be an added advantage. ICS and SCADA knowledge preferred. Seasoned experience in technical support to clients. Seasoned experience in diagnosis and troubleshooting. Seasoned experience providing remote support in Security Technologies. Seasoned experience in SOC/CSIRT Operations. Seasoned experience in handling security incidents end to end. Seasoned experience in Security Engineering. Knowledge on networking, Windows, Linux and security concepts. Seasoned experience in configuring/managing security controls such as RBAC, IAM, Zero Trust, UTM, Proxy, SOAR, etc.. Knowledge on log collection mechanism such as Syslog, Log file, DB API. Knowledge in security architecture. Prior experience of working on platforms like Crowd strike, Qualys, Palo Alto, Splunk, QRADAR, Cisco, VMWare and Ubuntu Physical Requirements Primarily sitting with some walking, standing, and bending. Able to hear and speak into a telephone. Close visual work on a computer terminal. Dexterity of hands and fingers to operate any required to operate computer keyboard, mouse, and other technical instruments. Work Conditions & Other Requirements This position is expected to be Hybrid for the foreseeable future with an occasional need to be onsite in a shared work environment. Must be comfortable with flexible working schedules across regions and their standard Time zones other than the base location. (US, EMEA & APAC) Extensive daily usage of workstation or computer. Must be comfortable working in a highly critical, fast paced environment with shifting priorities. Some domestic and/or international travel required, up to 25% of time. Perform work from a remote location with stable internet connection. Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today. Show more Show less

Line of Service Advisory Industry/Sector Not Applicable Specialism Risk Management Level Associate Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. In threat intelligence and vulnerability management at PwC, you will focus on identifying and analysing potential threats to an organisation's security, as well as managing vulnerabilities to prevent cyber attacks. You will play a crucial role in safeguarding sensitive information and enabling the resilience of digital infrastructure. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. Job Description & Summary: In-depth knowledge and hands-on experience in VAPT , including: Web Application Vulnerability Assessment & Penetration Testing, Mobile Application Vulnerability Assessment & Penetration Testing , API and Network Penetration Testing, Cloud Security, Network Security, SOC Monitoring and Incident management. Responsibilities Vulnerability Assessment and Penetration Testing (VA/PT) Conduct VAPT Program Management including Remediation and Closure Management Conduct secure configuration review Conduct/ Manage Secure Code review Conduct/ Manage API secure testing Conduct/ Manage VA/PT for new web/ app development Conduct/ Manage Application Security Conduct/ Manage Red Teaming Conduct/ Manage DevSec/DevSecOps Conduct/ Manage Patch Management Mandatory Skill Sets VAPT In-depth knowledge of security issues, exploitation techniques and remediation measures. Hands-on Experience in Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets ( IP,Web,Mobile,API and AWS) Hands-on experience with well-known security tools BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc Understanding of web application security vulnerabilities (OWASP Top 10), including XSS, SQL injection, CSRF, and others. Strong knowledge of network security concepts, firewalls, VPNs, IDS/IPS, and TCP/IP protocols. Familiarity with mobile security vulnerabilities in iOS and Android platforms, including reverse engineering, mobile app testing, and OWASP Mobile Security Project. Strong written and verbal communication skills for delivering clear, concise security reports and presenting findings to stakeholders. Preferred Skill Sets Strong organizational, teamwork, multitasking & time management skills. Outstanding communication abilities. Ability to effectively communicate the required recommendations. Years Of Experience Required 4+ Years Education Qualification Minimum Qualification: BE/ BTech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology, Bachelor of Engineering Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills Burp Suite, Nessus Vulnerability Scanner, Structured Query Language (SQL) Optional Skills Teamwork Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Cybersecurity Solution Architect Today’s world is fueled by vast amounts of information. Data is more valuable than ever before. Protecting data and information systems is central to doing business, and everyone in EY Information Security has a critical role to play. Join a global team of over 900 people who collaborate to support the business of EY by protecting EY and client information assets! Our Information Security professionals enable EY to work securely and deliver secure products and services, as well as detect and quickly respond to security events as they happen. Together, the efforts of our dedicated team help protect the EY brand and build client trust. Within Information Security we blend risk strategy, digital identity, cyber defense, application security and technology solutions as we consider the entre security lifecycle. You will join a team of hardworking, security-focused individuals dedicated to supporting, protecting, and enabling the business through innovative, secure solutions that provide speed to market and business value. The opportunity The Security Technology Services (STS) group is a division of Information Security that ensures secure access to systems and information for more than 390,000 people in over 150 countries. A Cybersecurity Architect on the STS team is responsible for turning strategic plans into reality by producing architectural designs, leading the development of solutions, and offering security advice to project teams. This person will also oversee experimental projects to determine the best technology choices for integration into EY's infrastructure. Your Key Responsibilities Connect with key stakeholders, cybersecurity experts, and operational teams within the information security department to help create security solutions that work well on a large scale. Collaborate with Enterprise Architects to make sure solutions are in line with the company's long-term goals, follow design guidelines, and contribute to the direction of projects when necessary. Turn business requirements into technical specifications for solutions, considering risks, dependencies, costs, and the overall risk of the technical solution. Lead the technical side of evaluating and choosing technologies through Requests for Information (RFI) and Requests for Proposal (RFP), which includes: Defining the criteria that will influence technology choices and solution development. Gather and summarize technology research and recommendations for leaders to make decisions. Oversee experimental projects, designs, and the actual building of solutions from an architectural standpoint. Create and update artifacts that describe solution architecture to guide the planning, design, and implementation of the chosen solution. Keep up with the latest in the industry, research thoroughly, and continuously learn about new security technologies. Share expertise with project teams, governance groups, and other audiences as required. Build and keep a network of contacts from different IT and security organizations. Create standards for security technology. Travel requirements Skills And Attributes For Success Proficient in leading the development and direction of solution architecture. Knowledgeable in security protection technologies, particularly those from Checkpoint, Zscaler, Entra Intra Internet Access and Azure Firewall Extensive experience in Network Protection, including Cloud Secure Web Gateways (CSWG), Zero Trust Network Access (ZTNA), Intrusion Prevention Systems (IPS), Network Detection and Response (NDR), and Network Access Control (NAC). Successfully directed enterprise projects involving complex network technologies such as Next-Generation Firewalls, Expressroute, Secure Access Service Edge (SASE), ZPA and ZIA. Skilled in Network solutions and infrastructure platforms, including Azure Networking/Network Security Groups (NSG), Azure Firewall, SASE, Software-Defined Wide Area Network (SD-WAN), Wide Area Network (WAN), Local Area Network (LAN), management/monitoring tools, Domain Name System (DNS), and wireless technologies. Exposure to Cybersecurity capabilities Vulnerability management, Qualys, Sentinel, Defender XDR, Vulnerability Management and SOAR Experience in building and maintaining client-service relationships, with an understanding of the importance of internal customers. Excellent communication and presentation skills, capable of effectively conveying information to executive leadership. Sensitivity to the perspective of various audiences, both technical and non-technical. Experience in creating security architecture documentation, such as vision statements and Solution Architecture (SA) Design documents. Well versed in common Information Security practices and the CISSP domains Able to identify opportunities for Cybersecurity transformation or enhancements To qualify for the role, you must have Degree in Computer Science, Engineering or equivalent work experience 12+ years of experience in the Information Technology field 2+ years of senior architecture experience, exposure to enterprise architecture teams. 3+ years working with network protection technologies Ideally, you’ll also have Security certification such as CISSP, CCIE or CISM TOGAF and/or SABSA architecture framework SANS Certifications including: GSEC, ECSA, ECSP What We Look For Deep critical thinking skills demonstrating analytical and systematic approach to problem solving Experience working in a global virtual environment Excellent written & verbal communication skills, including preparation & delivery of presentations Good judgment, tact, and decision-making ability Ability to understand and integrate cultural differences and motives and to work with cross cultural teams. Ability to deal with ambiguity and change, and exercise appropriate time management to meet objectives Ability to work autonomously but also within a team environment where necessary What We Offer As part of this role, you will work in a highly coordinated, globally diverse team with the opportunity and tools to grow, develop and drive your career forward. Here, you can combine global opportunity with flexible working. The EY benefits package goes above and beyond too, focusing on your physical, emotional, financial, and social well-being. Your recruiter can talk to you about the benefits available in your country. Here’s a snapshot of what we offer: Continuous learning: You will develop the mindset and skills to navigate whatever comes next. Success as defined by you: We will provide the tools and flexibility, so you can make a significant impact, your way. Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You will be accepted for who you are and empowered to use your voice to help others find theirs. EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Job description Role Overview : The Application Security Senior Engineer will play a crucial role in safeguarding our applications and digital assets against security threats. With a primary focus on Vulnerability Assessment and Penetration Testing (VAPT), the role involves identifying, assessing, and mitigating security vulnerabilities across our application portfolio. This position requires a proactive mindset, strong technical skills, and the ability to collaborate effectively with cross-functional teams and support the security projects. Key Responsibilities : 1. Vulnerability Assessment and Penetration Testing (VAPT): - Conduct comprehensive security assessments of applications using industry-standard tools and techniques. - Perform manual testing and automated scans to identify vulnerabilities such as OWASP Top 10, SQL injection, XSS, CSRF, etc. - Analyze and interpret assessment findings, providing clear and actionable recommendations to development teams. - Support the security gating process with timely security assessment and reporting. - Provide guidance and assistance on secure software development life cycle. - Track identified vulnerabilities through to resolution, collaborating closely with development teams to ensure timely mitigation. - Provide detailed vulnerability reports and metrics to stakeholders, including risk assessments and remediation progress. 2. Support for Security Projects: - Actively participate in security projects and initiatives, providing expertise and guidance on application security best practices. - Perform Security Architecture review for existing and new security projects and guide on security best practices. - Collaborate with architects and developers to integrate security into the SDLC (Secure Development Life Cycle) and CI/CD pipelines. 3. Incident Response and Support: - Assist in incident response activities related to application security incidents. - Contribute to root cause analysis and lessons learned sessions to improve incident handling and prevention strategies. 4. Security Awareness and Training: - Develop and deliver training sessions on secure coding practices and application security awareness. - Promote a culture of security within the organization, advocating for continuous improvement and adherence to security policies. Requirements: Bachelors degree in Computer Science/Information Technology, or a related field. Minimum of 5 years of experience in application security, with a focus on VAPT and secure development practices. Proven experience with security assessment tools such as Burp Suite, Qualys, Nessus, etc. Strong understanding of web application architecture, including front-end, back-end, and APIs. Solid knowledge of OWASP guidelines and best practices for secure coding. Certifications such as CISSP, CEH, OSCP, or similar are preferred. Excellent communication skills with the ability to articulate technical concepts to non-technical stakeholders. Strong analytical and problem-solving skills, with attention to detail. Why join us? Impactful Work: Play a pivotal role in safeguarding Tanla's assets, data, and reputation in the industry. Tremendous Growth Opportunities: Be part of a rapidly growing company in the telecom and CPaaS space, with opportunities for professional development. Innovative Environment: Work alongside a world-class team in a challenging and fun environment, where innovation is celebrated. Tanla is an equal opportunity employer. We champion diversity and are committed to creating an inclusive environment for all employees. www.tanla.com Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Description Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! We invite you to be part of motivated and agile Qualys engineering team responsible for developing high-end Cloud based Security Solutions. This opening is your chance to work in the rapidly expanding field of computer security, in a company with excellent customer ratings and outstanding growth rates. In this position you will be testing product for quality and performance, building utilities for automated functionality testing, and utilize advanced testing methodologies to deliver cutting edge products. This position is for our fastest growing R&D center in Pune, India, which is part of multi-continent engineering team. Responsibilities: Proficient in Performance testing tools like JMeter Manage for planning and creating automated performance tests, executing tests, and results to measure performance, scalability, stability and reliability. Expertise in Test Planning, Test Estimation, Test Strategy, Work Load Design, Test Cases Design, Test Environment Setup, Test Data Setup, Defect Management. Experience in Application Monitoring Tools like AppDynamics. Experience in Applications like ElasticSearch, OpenSearch, Grafana, Kafka. Hands-on experience in writing and executing performance test scenarios for complex systems. Hands-on experience with performance test simulations, performance analysis, performance tuning, performance monitoring in a microservices environment Perform analysis of performance issues in Pre-production and/or Production environments. Hands- on experience in analyzing the performance results - Capture/Analyze/Interpret technical data - performance metrics from application, database, OS, and Network. Demonstrated ability to capture key metrics, create accurate status reports and effectively communicate to the stake holders. Experience in Cloud (AWS / Azure) environment, Docker/Kubernetes. Analyze the CPU Utilization, Memory usage, Network usage, Garbage Collection to verify the performance of the applications. Identifying memory leakage, connection issues & Bottleneck problem in the application. Generate performance graphs, session reports, and other related documentation required for validation and analysis. Publish results and provide appropriate signoff. Prepare detailed status reports, and monitoring of all defects and issues. Good understanding of basic DB tuning, application server tuning and common issues around performance and scalability. Strong problem-solving skills and very good communication and time management skills. Qualifications: Degree in Computer Science or equivalent 5+ years of work experience in the field of software testing and test automation of multi-tier Enterprise and/or Cloud, SaaS applications Good experience in web applications user interface and RESTful web services testing both at functional and non-functional level Knowledge of Java programming that could be used in automation frameworks Experience in writing automation tools/framework (Selenium, JMeter) Understanding of XML, XSD, JSON, REST and SOAP and demonstrated experience with web services APIs Good understanding of computer networks and networking concepts Working knowledge of SQL Databases, like Oracle Good exposure to Linux platform Agile development experience Show more Show less

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion – it’s a place where you can grow, belong and thrive. Your day at NTT DATA The Vulnerability Assessment Specialist is a seasoned subject matter expert, responsible for conducting advanced vulnerability assessments, identifying vulnerabilities, and provides expert recommendations to mitigate security risks to ensure the security and integrity of the organization's systems and infrastructure. This role requires collaboration with cross-functional teams, and they lead/perform vulnerability assessments, analyze findings, and provide recommendations to mitigate security risks and contributes to the improvement of vulnerability management practices. What You'll Be Doing Key Responsibilities: Conducts vulnerability assessments using automated scanning tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Conducts penetration tests using automated tools and manual techniques to identify security vulnerabilities in systems, networks, applications, and infrastructure components. Analyzes scan results and prioritizes vulnerabilities based on severity, impact, and exploitability. Assesses the potential risks associated with identified vulnerabilities. Analyzes the business impact, likelihood of exploitation, and potential attack vectors to prioritize remediation efforts based on risk severity. Provides detailed remediation recommendations to system owners, administrators, and IT teams. Collaborates to develop practical mitigation strategies, configuration changes, and patch management processes to address identified vulnerabilities. Utilizes vulnerability scanning tools such as Nessus, OpenVAS, Qualys, or similar tools to conduct scans, configure scan policies, and fine-tune scan parameters for accurate and comprehensive assessments. Utilizes penetration testing tools such as Metasploit, Burp Suite, and similar tools to conduct tests, configure test policies, and fine-tune test parameters for accurate and comprehensive assessments. Prepares vulnerability assessment reports, documenting assessment findings, risk analysis, and recommended actions. Communicates assessment results to stakeholders, including technical and non-technical audiences, in a clear and concise manner. Collaborates with cross-functional teams, including IT operations, development teams, and security stakeholders, to ensure effective communication, coordination, and alignment on vulnerability management efforts. Communicates technical concepts and recommendations to non-technical stakeholders. Participates in security awareness programs and provides training to end-users and stakeholders on vulnerability management best practices, secure coding, and security hygiene. Promotes a culture of security awareness within the organization. Collaborates with incident response teams to identify and address vulnerabilities associated with security incidents. Provides support during incident response efforts and contribute to post-incident analysis and remediation. Stays updated with the latest security trends, emerging vulnerabilities, and industry best practices. Contributes to the enhancement of vulnerability assessment processes, methodologies, and tools. Shares knowledge and provides guidance to improve vulnerability management practices. Shares knowledge and provides guidance to improve penetration testing practices. Contributes to open source security projects and the security community. Performs any other related task as required. Knowledge and Attributes: Seasoned understanding of vulnerability assessment methodologies, tools, and industry best practices. Seasoned understanding of penetration testing methodologies, tools, and industry best practices. Seasoned understanding of networking concepts, operating systems, and common software vulnerabilities. Solid proficiency in using vulnerability assessment tools such as Nessus, OpenVAS, Qualys, or similar tools. Solid proficiency in using penetration testing tools such as Metasploit, Burp Suite, and similar tools. Seasoned knowledge of risk analysis principles and the ability to assess the business impact of vulnerabilities. Solid knowledge of vulnerability management frameworks, such as CVE, CVSS, and common vulnerability databases. Strong analytical and problem-solving skills to analyze scan results, prioritize vulnerabilities, and recommend effective remediation actions. Excellent written and verbal communication skills to prepare vulnerability assessment reports and effectively communicate technical information to diverse stakeholders. Excellent collaboration and teamwork skills to work effectively with cross-functional teams and stakeholders. Seasoned familiarity with security frameworks, standards, and regulatory compliance requirements. Academic Qualifications and Certifications: Bachelor's degree or equivalent in Computer Science, Information Security, or a related field. Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP) GIAC Penetration Tester (GPEN) or GIAC Certified Vulnerability Assessor (GCVA) are beneficial. Required Experience: Seasoned demonstrated experience in information security or related roles, with a focus on conducting vulnerability assessments and providing remediation recommendations. Seasoned demonstrated experience in conducting advanced vulnerability assessments, including application security assessments, network security assessments, penetration testing, or code review. Experience in bug bounty programs and identifying zero-day vulnerabilities is a plus. Workplace type: Hybrid Working About NTT DATA NTT DATA is a $30+ billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long-term success. We invest over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure, and connectivity. We are also one of the leading providers of digital and AI infrastructure in the world. NTT DATA is part of NTT Group and headquartered in Tokyo. Equal Opportunity Employer NTT DATA is proud to be an Equal Opportunity Employer with a global culture that embraces diversity. We are committed to providing an environment free of unfair discrimination and harassment. We do not discriminate based on age, race, colour, gender, sexual orientation, religion, nationality, disability, pregnancy, marital status, veteran status, or any other protected category. Join our growing global team and accelerate your career with us. Apply today. Show more Show less

The Vulnerability Management Engineer II is responsible for managing the identification, assessment, reporting, and mitigation of infrastructure and cloud vulnerabilities. A candidate for this role will have a mindset of a defender and be able to operate in a fast-paced environment working closely with our infrastructure team that includes Network, Firewall, Hypervisors, Servers, and business application teams. Key Responsibilities: • Serve in a contributing role that requires frequent interaction with IT and Infosec managers, engineers and developers. • Provide vulnerability remediation governance and operational support. • Perform vulnerability metrics reporting for ad-hoc and scheduled metrics report for various KPIs (Key Performance Indicators) around vulnerability management activities. • Drive and track remediation initiatives across multiple support teams. • Respond to questions from stakeholders about remediation and vulnerability assessment results and actions. • Collaborate with support groups/stakeholders on details about identified vulnerabilities. EXPERIENCE AND EDUCATIONAL REQUIREMENTS: • Bachelors degree in Computer Science, Cybersecurity or other related field, or equivalent work experience. • Proficient in various vulnerability assessment tools such as Qualys, Armis, Microsoft Defender for Endpoint/Cloud. • Ability to analyze vulnerability metrics using Microsoft Excel advanced techniques. • 5-8years of combined IT and security work experience with a broad range of exposure to cybersecurity, systems analysis, application development and/or systems administration and 3+ years of vulnerability management experience. • Requires Security Certification(s) (i.e., Certified Information Systems Security Professional (CISSP), or Certified Information Security Manage (CISM), Certificate of Cloud Security Knowledge (CCSK), Offensive Security Certified Professional (OSCP) or other equivalent recognized security certifications. • Good understanding of industry standard regulations and risk management frameworks and standards (e.g., ISO, PCI, NIST, COBIT, GAPP, HIPAA, GDPR). • Familiarity with SANS Top 25 controls, OWASP Top 10 and/or MITRE ATT&CK framework • Excellent communication skills: able to explain complex concepts clearly to both technical and non-technical stakeholders. Skills Desired: • Exposure or knowledge of cloud architectures, services, and vulnerabilities. • Understanding of risk assessment methodologies. • Proficiency in using vulnerability scanning tools such as Qualys, Armis, MS Defender, etc. • Ability to interpret vulnerability data from multiple sources. • Reporting and metrics expertise with platforms such as ServiceNow (SecOps), PowerBI, etc.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Should be able to handle the General Accounting activities for some of the Qualys India and Other international entities independently and ensure timely month-end/quarter end book closures. Assists in preparing and posting all entries and reconciliations for month-end close. Reviews various calculations and analysis to ensure accuracy and completeness of financial data and recommends and implements changes as needed. Assist in processing Intercompany fund transfers, Tax and payroll payments. Researches, analyzes, and uses independent judgment in a variety of daily and non-routine decisions affecting assigned function. Review of financial statements and prepare the variance analysis to present the findings along with necessary commentary. Collaborate with the consultants and internal stakeholders to make sure all the Statutory and compliance filings/payments are adhered to as per local laws. Review the open PO’s and record the necessary accruals. Coordinate Intercompany Payable/ Intercompany Receivable reconciliations between parent company and subsidiaries. Responsible for complete Fixed Assets and Prepaid accounting processes of assigned entities. Prepare audit schedules and assist the auditors in their inquiries Qualifications: CA Inter with 3-4 years of experience/ CA Fresher/Bachelor’s degree in accounting, Finance, or related discipline required with 5-6 years experience. Candidate should be self-motivated, prioritize responsibilities, and work in a dynamic environment. Good communication and presentation skills Analytical thinking & attention to detail is a must Continuously identify opportunities for process improvement. Advanced Microsoft Excel skills (Pivot Tables, VLOOKUP functions, etc.) Experience with NetSuite (Oracle Application), Concur and Coupa is preferred Show more Show less

Role: Product Security Engineer Experience: 3+ Years Location: Noida Job Description: Security Specialist in areas of Security Vulnerability Assessment & Penetration Testing. Responsible for periodic assessment and implementation of remediation with the help of node owners. Job Key Tasks & Responsibilities: · Experience in developing trailored Vulnerability Assessment Profiles in collaboration with clients, outlining assessment scope, methodologies, risk assessment criteria, and reporting structures. · Have created and configured custom scan policies for vulnerability scanners, ensuring accurate, tailored scans to meet organizational needs and risk tolerance. · Configure scan policies for full network scans, application scans, compliance checks, and sensitive data exposure detection. · Performed both authenticated and unauthenticated scans across telecom networks and cloud environments (VNF, CNF). Troubleshooting and debugging scans. · Performed automated and manual scans against the CIS Benchmarks (e.g., CIS AWS Foundations, CIS Linux, CIS Windows) to ensure compliance with industry best practices. · Performed comprehensive risk triage by analyzing vulnerability reports, verifying false positives, and assigning accurate severity levels to vulnerabilities based on CVSS matrix. · Evaluate the impact of vulnerabilities and prioritize vulnerabilities based on CVSS scoring and considering exploitability in telecom environments (e.g., SS7, Diameter, GTP, VoIP, IoT, 5G). · Perform cloud-specific vulnerability assessments for containers and orchestration platforms (Docker, Kubernetes). · Provide remediation recommendations based on scan findings, including patching, work arounds, configuration hardening, and compensating controls. · Worked on remediation of non-compliant configurations and security issues based on CIS recommendations. · Experience in threat intelligence gathering to identify known exploits and determine the current exploitation risk of vulnerabilities (e.g., availability of exploit POC, exploit in wild). · Experience of working in ticketing tools i.e. ServiceNow, Jira. · Proficiency in Linux, Windows, and cloud security hardening. · Knowledge security frameworks and standards (e.g., NIST, ISO 27001, CIS) Experience & Certification: · Minimum 3+ years of relevant experience in a combination of security and operations technology jobs · Vulnerability Scanning tools: Nessus, Qualys, OpenVAS · Cloud Scanning Tools: Redhat ACS, Anchore, Trivy · Ticketing Systems: Jira, ServiceNow, Remedy Telecom Expertise: Telecom architecture(2G,3G,4G,5G), Nokia Nodes and functionalities Show more Show less

Job Title : Cybersecurity Analyst (Entry-Level) Location: Hyderabad, TS, India – Work From Office Must. Department : Information Technology / Cybersecurity Employment Type : Full-Time Reports To : Cybersecurity Manager Job Purpose The Cybersecurity Analyst (Fresher) will support the organization’s security operations by monitoring, analysing, and responding to cyber threats. This entry-level role is designed for recent graduates passionate about cybersecurity, eager to apply foundational knowledge, and grow into skilled professionals safeguarding critical systems and data. Key Responsibilities Threat Monitoring and Analysis : Monitor security alerts using tools like Splunk, CrowdStrike, or SIEM platforms to identify potential threats. Analyse logs and network traffic for suspicious activities under senior team guidance. Incident Response Support : Assist in investigating security incidents, documenting findings, and escalating issues as needed. Participate in containment and remediation efforts for low-level threats. Vulnerability Assessments : Support vulnerability scans using tools like Nessus or Qualys to identify system weaknesses. Help prioritize remediation based on risk severity with team input. Security Awareness : Contribute to employee training programs on phishing, password hygiene, and cyber best practices. Create basic awareness content under supervision. Documentation and Reporting : Maintain records of security events, incidents, and mitigation steps. Assist in preparing compliance reports for standards like ISO 27001 or GDPR. Learning and Development : Stay updated on emerging threats, attack vectors, and cybersecurity trends. Participate in training programs to gain certifications like CompTIA Security+ or CEH. Qualifications and Skills Education : Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field (2024/2025 graduates preferred). Relevant certifications (e.g., CompTIA Security+, CySA+, or equivalent) are a plus but not mandatory. Technical Skills : Basic understanding of networking concepts (TCP/IP, DNS, firewalls). Familiarity with operating systems (Windows, Linux) and command-line tools. Exposure to cybersecurity tools like Wireshark, Splunk, or endpoint detection platforms. Knowledge of common attack vectors (e.g., phishing, malware, DDoS). Soft Skills : Analytical mindset with strong problem-solving abilities. Clear communication to document findings and collaborate with teams. Eagerness to learn and adapt in a fast-paced environment. Attention to detail for identifying anomalies in data. Preferred but Not Required : Internship or project experience in cybersecurity, IT, or network administration. Basic scripting knowledge (e.g., Python, Bash) for automating tasks. Awareness of compliance frameworks (e.g., NIST, GDPR). Key Competencies Curiosity : Proactively seeks to understand cyber threats and solutions. Teamwork : Collaborates with senior analysts and cross-functional teams. Time Management : Prioritizes tasks effectively under tight deadlines. Ethics : Maintains integrity and confidentiality in handling sensitive data. Why Join Us? Growth Opportunities : Access to mentorship, certifications, and hands-on projects to build a cybersecurity career. Innovative Environment : Work with cutting-edge tools like AI-driven threat detection and cloud security platforms. Impactful Work : Protect critical systems and data, contributing to organizational and societal security. Inclusive Culture : Join a diverse team committed to collaboration and innovation. Show more Show less

Summary Position Summary Position: Cyber Security Senior BISO Analyst (L3) Location: USI Job Summary Cyber Security BISO Team works with the Deloitte Function Specific Subsidiaries (FSS) & Chief Information Security Officer (CISO) organization directly supporting Deloitte’s Enabling Areas functions. The role involves close integration with various internal and external client-service leaders, technical and non-technical stakeholders to drive widespread cyber security program adoption. The Business Information Security Officer (BISO) Analyst will work closely with the Application teams of various lines of businesses (LOB), including the Office of Chief Information Officer (OCIO). In this role, you will support a group/team to develop a deep understanding of the business to facilitate specialized information security risk-based discussions. This role requires a proactive individual with a keen eye for detail and a strong understanding of cybersecurity frameworks such as, ISO, NIST, CIS. This fast-paced multi-faceted environment requires a highly motivated, self-driven, strong team player who demonstrates an intrinsic desire for continuous personal and professional growth. Key Responsibilities: Oversight & Alignment: Partner with Deloitte’s central Cyber Security organization to ensure consistent adoption of security frameworks, policies, and controls within business units and client teams. Security Strategy Development: Collaborate with business leaders to develop and implement information security strategies that align with business goals and regulatory requirements. Risk Management: Identify, assess, and prioritize information security risks within the enabling areas. Develop and implement risk mitigation strategies. Policy and Compliance: Ensure compliance with relevant information security policies, standards, and regulations (e.g., ISO 27001, NIST, SOC 2, HIPAA). Maintain ongoing audit readiness. Incident Response: Lead the response to security incidents within the enabling areas, including investigation, containment, and remediation efforts. Vulnerability Management: Monitor cyber threats relevant to the business domain. Support risk assessments, issue management, and incident response coordination. Stakeholder Engagement: Serve as the primary point of contact for information security matters within the enabling areas. Build strong relationships with business leaders and other stakeholders. Mitigation Projects: Lead or support projects involving third-party risk, vulnerability remediation, data protection, secure application development, and identity & access governance Security Architecture: Work with IT and business teams to design and implement secure systems and processes that support business operations. Continuous Improvement: Stay current with emerging security threats and trends. Recommend and implement improvements to the organization's security posture Qualifications: Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field. Experience: Minimum of 4 years of experience in information security 2-3 years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments. 2-3 years of experience in vulnerability management, cybersecurity, or a related field. Experience with vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7). Experience with GRC platforms (e.g., ServiceNow, Archer, or similar). Certifications: Relevant certifications such as CISSP, CISM, CISA, or equivalent. Technical Skills: Strong understanding of information security principles, technologies, and best practices. Experience with risk management, incident response, and security architecture. Business Acumen: Ability to understand business operations and align security strategies with business objectives. Communication: Excellent verbal and written communication skills. Ability to effectively communicate complex security concepts to non-technical stakeholders. Leadership: Proven ability to lead cross-functional teams and manage multiple projects simultaneously. Soft Skills: Excellent analytical and problem-solving skills. Strong communication skills, both written and verbal. Ability to work independently and as part of a team. Detail-oriented with a strong focus on accuracy and quality. Ability to work in a fast-paced environment and manage multiple tasks simultaneously. This role is ideal for a motivated individual who is passionate about cybersecurity and eager to contribute to the organization's security posture. If you have a strong background in vulnerability management and a commitment to continuous improvement, we encourage you to apply. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302394 Show more Show less

Varonis is looking for Security Analyst to join our dynamic team and embark on a rewarding career journey. Defining, planning, implementing, maintaining, and upgrading security measures, policies, and controls Assisting with the creation of updates and training programs to secure the network and train the employees Keeping the security systems up to date Monitoring security access and maintaining the relevant data Conducting vulnerability testing and risk analyses to assess security and performing internal and external security audits Analyzing security breaches to identify the cause and to update incidence responses and disaster recovery plans

Job Description: Platform Engineer Bangalore, Karnataka, India As a member of the Digital Factory Platform team, the Platform Engineer is responsible for development of automation strategy, roadmap, KPI's, standards and practices for the platform and agile product teams. This is in support of the transformation towards fully automated testing & deployments for our application teams, as part of a wider GT transformation project. Leveraging solutions and services delivered by Platform team, the Platform Engineer will help drive adoption of Cloud and DevSecOps tooling throughout the organization. What you’ll be DOING What will your essential responsibilities include? Define the Platform automation (DevSecOPs ) strategy /integration patterns, roadmap, KPI's, standards and practices for the platform and agile product teams. Assess Product team requirements and propose automation solutions. Experience in implementing release automation frameworks (branching strategies / release deployment strategies – Blue Green/Canary ,rolling) using tools such as Azure DevOps , Bit bucket, teamscity, datadog,Harness ,Jenkins, Git,JFrog ,Docker ,Kubernetes and OpenShift. Provide hands-on assistance with automated embedded security testing (Static application security testing ,SCA & Dynamic application security testing). Mentor and collaborate with the Product Scrum teams on automation best practices. Implement containerization using Docker and orchestrate deployments with Kubernetes, ensuring scalability and portability of products in scope. Implement and enforce security compliance checks within the CI/CD pipeline, ensuring adherence to industry standards and regulatory requirements. Own and lead the design and implementation of automation frameworks. Create and run automation training /overview sessions. Delivering CI CD pipeline templates for reuse. Regularly assess and enhance the DevSecOps processes to improve efficiency, security, and overall development practices. Stay informed about emerging technologies and best practices in the DevSecOps space. Knowledge of Selenium, JIRA ,Rest Assured, SonarQube, CheckMarx,JFROG X Ray & Qualys. In-depth knowledge of Guidewire architecture and components. Understanding of Guidewire security features. Proficiency in Git for version control. Experience with CI/CD tools. (Bit bucket, Teamcity). Excellent scripting skills in Python, Shell, or PowerShell. Experience with automation frameworks. Familiarity with SAST and DAST tools. Knowledge of Data Dog is a plus. Azure API Management, Azure Logic Apps, Azure Service Bus, Azure Event Grid, Azure Functions, Azure Data Factory. Knowledge of security compliance frameworks (OWASP, NIST). Familiarity with Dynatrace,ELK stack, Splunk, or similar tools. Understanding of integrating security into the development lifecycle. Knowledge of static analysis, dynamic analysis, and penetration testing. Familiarity with secure coding practice. Exposure on Guidewire CI CD tools, JIRA, Azure /AWS, OpenShift, GHE, JFrog /Nexus Artifactory, Willingness to learn new tech & tools, Terraform, Docker. Terraform, Kubernetes. You will report to the Head of Digital Factory Delivery. What you will BRING We’re looking for someone who has these abilities and skills: Required Skills and Abilities: Excellent understanding of Automation frameworks /best practices. Effective understanding of Scrum Agile methodology and experience working in a Scrum team. Adaptable to new/different strategies, programs, technologies, practices, cultures, etc. ; comfortable with change, able to easily makes transitions. Effective communication skills, both verbal and written. Proven ability to clearly articulate goals and desired outcomes and influence key decisions to ensure deliverables are met. Proven ability to establish and maintain effective relationships and leverage those relationships to deliver on goals. Bachelor’s degree or equivalent work experience. Desired Skills and Abilities: Ability to effectively integrate colleagues and teams which are currently disparate, and introducing new technologies and process. Proven planning and organization skills, creating work schedules, prioritizing workload, preparing in advance and setting realistic timescales. Who WE are AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it. How? By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business property, casualty, professional, financial lines and specialty. With an innovative and flexible approach to risk solutions, we partner with those who move the world forward. Learn more at axaxl.com What we OFFER Inclusion AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic. At AXA XL, we know that an inclusive culture and enables business growth and is critical to our success. That’s why we have made a strategic commitment to attract, develop, advance and retain the most inclusive workforce possible, and create a culture where everyone can bring their full selves to work and reach their highest potential. It’s about helping one another — and our business — to move forward and succeed. Five Business Resource Groups focused on gender, LGBTQ+, ethnicity and origins, disability and inclusion with 20 Chapters around the globe. Robust support for Flexible Working Arrangements Enhanced family-friendly leave benefits Named to the Diversity Best Practices Index Signatory to the UK Women in Finance Charter Learn more at axaxl.com/about-us/inclusion-and-diversity. AXA XL is an Equal Opportunity Employer. Total Rewards AXA XL’s Reward program is designed to take care of what matters most to you, covering the full picture of your health, wellbeing, lifestyle and financial security. It provides competitive compensation and personalized, inclusive benefits that evolve as you do. We’re committed to rewarding your contribution for the long term, so you can be your best self today and look forward to the future with confidence. Sustainability At AXA XL, Sustainability is integral to our business strategy. In an ever-changing world, AXA XL protects what matters most for our clients and communities. We know that sustainability is at the root of a more resilient future. Our 2023-26 Sustainability strategy, called “Roots of resilience”, focuses on protecting natural ecosystems, addressing climate change, and embedding sustainable practices across our operations. Our Pillars: Valuing nature: How we impact nature affects how nature impacts us. Resilient ecosystems - the foundation of a sustainable planet and society – are essential to our future. We’re committed to protecting and restoring nature – from mangrove forests to the bees in our backyard – by increasing biodiversity awareness and inspiring clients and colleagues to put nature at the heart of their plans. Addressing climate change: The effects of a changing climate are far-reaching and significant. Unpredictable weather, increasing temperatures, and rising sea levels cause both social inequalities and environmental disruption. We're building a net zero strategy, developing insurance products and services, and mobilizing to advance thought leadership and investment in societal-led solutions. Integrating ESG: All companies have a role to play in building a more resilient future. Incorporating ESG considerations into our internal processes and practices builds resilience from the roots of our business. We’re training our colleagues, engaging our external partners, and evolving our sustainability governance and reporting. AXA Hearts in Action : We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as AXA XL’s “Hearts in Action” programs. These include our Matching Gifts program, Volunteering Leave, and our annual volunteering day – the Global Day of Giving. For more information, please see axaxl.com/sustainability. xaxl.com/sustainability.

Mizuho Global Services Pvt Ltd (MGS) is a subsidiary company of Mizuho Bank, Ltd, which is one of the largest banks or so called ‘Mega Banks’ of Japan. MGS was established in the year 2020 as part of Mizuho’s long-term strategy of creating a captive global processing center for remotely handling banking and IT related operations of Mizuho Bank’s domestic and overseas offices and Mizuho’s group companies across the globe. At Mizuho we are committed to a culture that is driven by ethical values and supports diversity in all its forms for its talent pool. Direction of MGS’s development is paved by its three key pillars, which are Mutual Respect, Discipline and Transparency, which are set as the baseline of every process and operation carried out at MGS. What’s in it for you? o Immense exposure and learning o Excellent career growth o Company of highly passionate leaders and mentors o Ability to build things from scratch Know more about MGS: https://www.mizuhogroup.com/asia-pacific/mizuho-global-services Walk-in drive in Mumbai Time : Between 3-5pm Date : 19-05-2025 to 23-05-2025 Relevant Skills and Experience for EDR Defender - - Project and delivery management experience 3+ years EDR administration (CrowdStrike Falcon, VMware Carbon Black, Palo Alto Network Cortex XDR, Microsoft Windows Defender, Cylance, Tanium etc.) - 3 + years of working with EDR tools performing requirements gathering, deployment, configuration, and conducting threat hunting. Relevant Skills and Experience for VAPT - • 5-7 years of experience in vulnerability assessment, penetration testing, or a related field. • Strong understanding of vulnerability management concepts, principles, and best practices. • Proficiency in using vulnerability assessment tools (e.g., Nessus, Tenable, Qualys). • Experience in conducting penetration testing using various methodologies (e.g., black box, gray box, white box). • Knowledge of common security threats, vulnerabilities, and attack vectors. • Experience with network and system security tools (e.g., firewalls, intrusion detection systems, antivirus). • Experience with scripting languages (e.g., Python, PowerShell). • Experience with cloud security (e.g., AWS, Azure, GCP). Relevant Skills and Experience for IAM - • 7-10 years of experience in IAM engineering or a related field. • Strong understanding of IAM concepts, principles, and best practices. •Experience with industry leading IAM solutions, such as SailPoint, Okta, Ping Identity, or ForgeRock. •Experience with scripting languages (e.g., Python, PowerShell). •Experience with cloud platforms (e.g., AWS, Azure, GCP). •Experience with directory services (e.g., Active Directory, LDAP). •Experience with security frameworks (e.g., NIST, ISO 27001). Relevant Experience FOR Splunk - · 7-10 years of experience in Splunk administration, engineering, or a related field. · Strong understanding of Splunk architecture, components, and workflows. · Experience with designing and implementing Splunk search processing orders (SPOs). · Experience with developing and optimizing Splunk dashboards, alerts, and reports. · Experience with integrating Splunk with other enterprise applications and systems. · Experience with data security and compliance best practices. · Experience with cloud platforms (e.g., AWS, Azure, GCP). Relevant Experience FOR ServiceNow - · 12+ years of experience in IT Service Management, with a strong focus on ServiceNow implementation. · Proven experience in leading teams and managing complex projects. · In-depth knowledge of ServiceNow modules and functionalities. · Experience with developing and optimizing ServiceNow dashboards, alerts, and reports. · Ability to communicate complex / technical issues to non-technical audiences · Proven track record of leading technical teams and managing managed services projects. Interested candidates can send resume on mgs.rec@mizuho-cb.com along with the below details. Current CTC Expected CTC NP Experience Current residential location Availability for F2F Address:Mizuho Global Services India Pvt. Ltd, 11th Floor, Q2 Building Aurum Q Park, Gen 4/1, Ttc, Thane Belapur Road, MIDC Industrial Area, Ghansoli, Navi Mumbai- 400710. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! The Technical Support Team is responsible for managing the prompt resolution of global customer and partner service requests in a highly secured environment. The Senior Technical Support Engineer - Security Applications works closely with Development, QA, Operations, Customer Service, Finance, Sales, and Alliances to ensure high customer satisfaction with all transactions. The primary function of this position is to ensure that each customer interaction is a friendly and professional experience that addresses the customer's needs in all stages of the customer service life cycle within Qualys. Customer relationship building and teamwork are key success criteria for this role. The role will provide support via phone, email, and WebEx focused on several different Product module which Qualys offers https://www.qualys.com/solutions/ over SaaS (Software as Service) platform. We are looking for passionate, self-motivated technical individuals that have the desire and capability to think outside the box to solve complex problems. The Technical Support Engineer - Security Applications acts as the main point of contact regarding technical issues and will work directly with Development and QA teams to facilitate resolution. This role will suit an individual who excels in a challenging and dynamic environment, enjoys world-class support, and is technically motivated. Qualifications The ideal candidate will have hands-on solid Networking, IT security and Windows troubleshooting knowledge. Should have previous experience in a Technical support role, and must be able to adapt quickly to any technical challenge. Must have a strong Windows foundation and/or solid Linux/Unix experience in an enterprise environment. The candidate must be passionate about security, and individuals with CISSP/CEH or equivalent are preferred. Applicants should have a deep understanding of network services and how they work from a protocol/configuration level. Required: 1-2 years of experience in a technical support role. Vulnerability Management, Web Application Security/Firewall application support experience is preferred. In-depth TCP/IP understanding. LAN/WAN infrastructures. Common OS services (IIS, BIND, Apache, AD, WINS, Samba, SSH). Strong knowledge of current firewall, Intrusion Detection System technologies, and Network Vulnerability Scanners. Outstanding troubleshooting and analytical skills. Excellent written and verbal communication skills. Bachelor of Science, preferably with a major in Computer Science or equivalent experience Preferred: Experienced with packet capture review and diagnosis. Previous API support and Regex knowledge. Understanding of scripting languages like Bash, Python, Powershell, etc. Knowledge of major web server software (IIS, Apache, WebSphere, Tomcat, WebLogic), UNIX/Windows web services, and diverse platforms and applications (Linux, Windows 2003/2008, Windows NT, Novell, Lotus Notes, Mac OS). Oracle and Microsoft SQL knowledge is desirable. CCNA, MCSE, CISSP, CompTIA Security+, and CEH are highly desirable. Experience with Customer Support and Development Tools (Salesforce, Jira, etc.) Willing to work in rotational / US work hours. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Summary: The Technology Risk Analyst plays a crucial role in identifying, assessing, and mitigating technical risks within an organization. Has an understanding of Enterprise Risk Management practices in a technical environment. This professional is responsible for developing and implementing risk management strategies to safeguard technology assets, systems, and operations. Technology risk analyst provides guidance on information security processes, controls, and compliance, and information security risk management to key stakeholders. The role requires a combination of technical expertise, risk analysis skills, and the ability to collaborate with cross-functional teams to ensure the effective management of technical risks. Key Responsibilities: Risk Identification: Conduct comprehensive assessments of potential technical risks associated with the organization's systems, infrastructure, and technology projects. Stay abreast of industry trends, emerging technologies, and potential vulnerabilities that may impact the organization's technical landscape. Risk Assessment: Evaluate the potential impact and likelihood of identified risks, considering both internal and external factors. Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing. The ability to articulate the business risks associated with technical vulnerabilities and risks. Risk Mitigation Planning: Develop and implement risk mitigation strategies and action plans to address identified technical risks. Collaborate with IT teams to prioritize and implement security measures, controls, and safeguards to mitigate potential threats. Incident Response and Management: Establish and maintain an incident response plan to address technical incidents promptly and effectively. Coordinate with relevant stakeholders to investigate and resolve technical security incidents, ensuring lessons learned are incorporated into future risk management strategies. Compliance and Standards: Ensure that the organization complies with relevant regulatory requirements and industry standards related to technical risk management. Stay informed about changes in regulations and standards, adjusting risk management processes accordingly. Facilitate deployment and maintenance of Technology risk and controls model with assigned Technology teams using globally known and industry standard models (e.g., COBIT5, OCTAVE, FAIR, NIST, ISO) as references. Manage and provide leadership on all key information security processes and procedures. Communication and Reporting: Communicate technical risk information to both technical and non-technical stakeholders, including executives and board members. Provide regular reports on the status of technical risks, mitigation efforts, and key performance indicators to demonstrate the effectiveness of risk management strategies. Direct the activities of project managers and project teams to ensure quality and timeliness of project completion. Development of project business cases, charters, plans and execution approach. Proven strong stakeholder engagement and management capabilities. Training and Awareness: Develop and deliver training programs to enhance the awareness and understanding of technical risks among employees. Foster a culture of security awareness and responsibility throughout the organization. Vendor Risk Management: Evaluate and manage risks associated with third-party vendors and partners, ensuring they meet the organization's security standards. Act as the change agent in the identification and execution of initiatives: Develop and implement strategies to protect the company’s cyber security. Including firewalls, security software, data encryption tools, safety protocols, etc. Qualifications: Total work experience of 6+ years with a minimum of 3 years in relevant field of work. Bachelor's or Master's degree in Computer Science, Information Security, Risk Management, System Resiliency & Availability & Software development practices and frameworks, Products and operations, Access and identity management, application security, assurance programs, or a related field. Proven experience in technical risk management, information security, or a related role. Industry Relevant Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certificate of Cloud Security Knowledge (CCSK), CPA, CIA, AWS, CIPP, CBCP, CRM or equivalent are highly desirable. Strong understanding of technology, information security principles, and risk management frameworks. Excellent analytical, communication, and interpersonal skills. Ability to work collaboratively with cross-functional teams and stakeholders. Knowledge of widely known Enterprise Architecture frameworks like TOGAF, SABSA, etc.. Project Management Certification (PRINCE II, PMP, Agile or otherwise) and be an outcome focussed self-starter. Current knowledge of best practice IT controls, risk management techniques, ISO27001, SOC1/2/3 SSAE18, CSA Star (CCM), PCI DSS and familiarity with GRC tools. Hands-on product experience on Qualys Enterprise Tru-Risk Platform and similar leading security automation products with broad market presence shall be added advantage. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! CAMS QGS Job Description As Software Engineer you will be working on the Centralized Appliance Management Service (CAMS). It allows us to optimize existing Qualys products and create an innovative way of delivering those to a customer. This opening is your chance to create a significant impact on product improvement and delivery options Responsibilities: Design, develop and deliver Linux services and automation behaviors using Python (shell scripts appreciated) Conceive and deliver new features and improvements in a fast-paced environment as a part of a growing engineering team Develop capacity and monitoring plans for the services you write Collaborate across the company to define, design, build and improve various products Qualifications Experience in Linux system-oriented software development using C/C++ (Makefile, RPMBuild, Docker, Kubernetes/Swarm) Experience in developing micro-services for private and public clouds Hands-on experience with DevOps tools like Puppet and/or Ansible is appreciated Good knowledge of networking and Linux system services (systemd, etcd). Understanding of HTTP (0.9/1.0, HTTPs, TLS/SSL, Certificates, HTTP proxy/reverse proxy architecture and behavior understanding appreciated). Ability to think out-of-box and zeal to continuously improve design and implementation. Excellent communicator and team player BS/MS in Computer Science or related field Preferred Skills Knowledge of Linux, Kubernetes, Docker, Swarm Knowledge of Kafka, Casandra, Elastic Search, python, bash script Good understanding of how distributed systems Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Qualys, Inc is a pioneer and leading provider of disruptive cloud-based IT, security, and compliance solutions with over 11,000 active customers in more than 130 countries, many of which are in the Forbes Global 100 and Fortune 100 companies. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings. We are seeking a talented Senior Software Engineer to work on the Qualys Scanner Platform which is Qualys flagship offering. Working with a team of engineers and architects, you will be responsible for prototyping, designing, developing and supporting a highly scalable security platform Responsibilities: Analyze, design, code, and debug complex security software Provide ongoing maintenance, support and enhancements in existing systems and platforms. Provide recommendations for continuous improvement. Work alongside other engineers on the team to elevate technology and consistently apply best practices. Required Skills: Bachelor’s in computer science 5 years of experience as a hands-on engineer developing software products and solutions for service-oriented deployment in public or private clouds. 5 years of C/C programming in a Linux environment Working knowledge in Linux Kernel Demonstrated skills including design, prototype, development, unit test, performance profiling, etc. Hands-on with development tools like VIM, Jira, GIT, Nexus, Maven, JIRA Agile Development with Scrum Desired Skills: Takes complete ownership of successful delivery of the products components, modules and dependencies assigned Demonstrated high quality focus and exposure to Test-Driven Development. Must have launched or developed complex software projects with multiple complex features with short release cycles Excellent communications skills, both verbal and written Self-directed; requires minimal supervision on work products Assertive and must be able to influence team members to meet their commitments in a timely manner and also be able to forge consensus and resolve issues in the face of conflicting goals or interests Team player with a “can do” attitude yet modest and humble attitude when it comes to collaborating within team and across other teams Uncompromising attitude when it comes to quality and help raise bar of product, team members and hence overall engineering organization Show more Show less

About BNP Paribas India Solutions Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions. About BNP Paribas Group BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Commitment to Diversity and Inclusion At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. About Business Line/Function ITG is a group function established recently (2019) in ISPL with presence in Mumbai, Chennai. We collaborate with various business lines of the group to provide IT Services. BNP PARIBAS, the leading bank in the European Union and a leading international player, is seeking to complement and reinforce its existing teams in the areas of IT risk management, cybersecurity and the fight against digital fraud. Job Title Cyber Security Engineer Date Department: CDF. IN Location: Mumbai Business Line / Function ITG Central Reports To (Direct) Service Delivery Manager Grade (if applicable) (Functional) Number Of Direct Reports Directorship / Registration: NA Position Purpose The main responsibility of Cybersecurity personal is to develop and implement integrated solutions in the IT risk management policy approach. Responsibilities Direct Responsibilities Define and implement the needs regarding Cybersecurity within the ITRMG referential framework and IT system development projects Organize regular reviews of IS component source codes and ensure that the vulnerabilities identified are remedied Design application security or related architectures (API, services, etc.) Perform the security review of applications by enforcing security requirements Organize project support for securing applications/sensitive data during application development lifecycle for software development projects Ensure that security, operational risk and remediation plans are properly managed Define a communication, training and/or cyber culture awareness raising program Assist and provide advisory services for operational staff (Remote access, Privileged account, Exception management) Prepare reports, risk measurements and the relevant management information Execute risk and cyber security permanent controls based on the group generic ICT control plans Cyber Resilience opinion: Participate in the analysis of cyber resilience and cyber fraud documents Provide IT & Cyber risk management (IT, Cyber, Operational Resilience) advisory and guidance to the stakeholders involved Contributing Responsibilities Contribute to overall department and ISPL Vision goals as directed by Dept. head and Manager Build a thorough understanding of Global Cybersecurity posture of the Bank in order to provide high impact risk analysis to protect the firm. Contribute to classify the applications based on data confidentiality, integrity, availability and traceability, in order to obtain an end-to-end view of the most critical IT assets/sensitive data. Contribute towards the identification of KPIs for the Operational Resilience Dashboards. Publishing the dashboard on regular basis. Technical & Behavioral Competencies Functional Skills Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation. Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, SOC/SIEM, and/or network administration, IPS Strong demonstrated knowledge of cybersecurity, cyber risk and cyber threats Risk knowledge and awareness of risks combined with enthusiasm and a genuine interest in the role of Risk Assessment, Risk Analysis in business and providing Risk Opinion as a subject matter expert. Working knowledge of global threats to international cyber security, and conversant in the tactics, techniques and procedures used by cyber adversaries. Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate; IT knowledge Technical Good understanding of organizations and IT Businesses Good technical understanding of infrastructures and IT Security Productions and Systems IT risk analysis and management methods Knowledge of Cyber Resilience, IT continuity and business continuity Knowledge of application code analysis (SAST/SCA), infrastructure scan (Qualys IVS) GRC - Governance, Risk Management and Compliance Management. A good understanding of large-scale technology infrastructure and SOC/CERT operations. Should have worked with Risk Management Tools IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. Network protocols and network connectivity concepts; Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies; Secure access control mechanisms; Encryption and Key management technics Behavioral Strong Communication, Analytical and problem-solving skills. Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills Good documentation and reporting skills Ability to work independently Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back office users Good communication, technical writing/diagramming skills Attention to detail and accuracy Capacité for créativité and innovation Self-discipline Specific Qualifications (if Required) One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CRISC, CEH, OSCP or Security+. IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. IT Auditing (ISO27001, ISO27005) Regulatory Compliance MBA in Finance/Systems/IT, Bachelor of Commerce, Master in Commerce, Bachelor in Science Skills Referential Behavioural Skills: (Please select up to 4 skills) Communication skills - oral & written Ability to collaborate / Teamwork Creativity & Innovation / Problem solving Ability to deliver / Results driven Transversal Skills: (Please select up to 5 skills) Ability to develop and adapt a process Choose an item. Choose an item. Choose an item. Choose an item. Education Level Bachelor Degree or equivalent Experience Level At least 5 - 9 years Other/Specific Qualifications (if Required) CISA/CISSP/CISM/CRISC Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. TEM Senior – Vulnerability Management As a Senior with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagements and internal initiatives. An important part of your role will be to actively establish, maintain and strengthen client’s relationships. You will also identify potential business opportunities for EY within existing engagements, and report and escalate any engagement related issues to senior team members as appropriate. The opportunity In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help senior members with business development activities. Your Key Responsibilities Must have handled a Vulnerability Management process for a large enterprise using any one of the solutions: Qualys / Nexpose / Tenable or similar Must have thorough understanding about the Vulnerability Management and Exception & Exemption process on Cloud hosted systems, databases, web services and other widely deployed infrastructure components Strong knowledge and experience in Linux Experience in Nexpose and Tenable administration Working in shifts and provide weekend support Experience working with vendors to troubleshoot issues and/or operationalize new features Scripting rest API for automation (Python and/or Bash) Familiarity on databases (Oracle, Sql Server, AWS Aurora, Hadoop, MongoDB) Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) Actively contribute to improving operational efficiency through standardization and process automation on client engagements and internal initiatives Skills And Attributes For Success Knowledge of Windows, Linux, UNIX, any other major operating systems. Familiarized with the latest security vulnerabilities and exploit, understanding of web-based application vulnerabilities (OWASP Top 10), cloud security and architecture Experience with scripting / programming skills (e.g., Python, PowerShell) Hands on operational experience with vulnerability management tools (e.g. Qualys, Nexpose) including the ability to deploy, configure, and run these tools Fluency in English, other language skills are considered an asset Experience in handling data using Pandas, XML libraries Exposure to handling computer networking and operating systems use cases using python. Required knowledge for Python libraries: netaddr, ipaddress, qualysapi, lxml, pandas, numpy To qualify for the role, you must have Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major with minimum 3 years of work experience especially in penetration testing and vulnerability assessment. Any one of the following technical certifications: CEH, Qualys Certified Specialist, CISM Knowledge of Windows, Linux, UNIX, any other major operating systems Willingness to work in shifts and weekend Ideally, you’ll also have Project management skills Certifications: CEH, Qualys Certified Specialist, CISM What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. TEM Senior – Vulnerability Management As a Senior with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagements and internal initiatives. An important part of your role will be to actively establish, maintain and strengthen client’s relationships. You will also identify potential business opportunities for EY within existing engagements, and report and escalate any engagement related issues to senior team members as appropriate. The opportunity In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help senior members with business development activities. Your Key Responsibilities Must have handled a Vulnerability Management process for a large enterprise using any one of the solutions: Qualys / Nexpose / Tenable or similar Must have thorough understanding about the Vulnerability Management and Exception & Exemption process on Cloud hosted systems, databases, web services and other widely deployed infrastructure components Strong knowledge and experience in Linux Experience in Nexpose and Tenable administration Working in shifts and provide weekend support Experience working with vendors to troubleshoot issues and/or operationalize new features Scripting rest API for automation (Python and/or Bash) Familiarity on databases (Oracle, Sql Server, AWS Aurora, Hadoop, MongoDB) Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) Actively contribute to improving operational efficiency through standardization and process automation on client engagements and internal initiatives Skills And Attributes For Success Knowledge of Windows, Linux, UNIX, any other major operating systems. Familiarized with the latest security vulnerabilities and exploit, understanding of web-based application vulnerabilities (OWASP Top 10), cloud security and architecture Experience with scripting / programming skills (e.g., Python, PowerShell) Hands on operational experience with vulnerability management tools (e.g. Qualys, Nexpose) including the ability to deploy, configure, and run these tools Fluency in English, other language skills are considered an asset Experience in handling data using Pandas, XML libraries Exposure to handling computer networking and operating systems use cases using python. Required knowledge for Python libraries: netaddr, ipaddress, qualysapi, lxml, pandas, numpy To qualify for the role, you must have Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major with minimum 3 years of work experience especially in penetration testing and vulnerability assessment. Any one of the following technical certifications: CEH, Qualys Certified Specialist, CISM Knowledge of Windows, Linux, UNIX, any other major operating systems Willingness to work in shifts and weekend Ideally, you’ll also have Project management skills Certifications: CEH, Qualys Certified Specialist, CISM What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less