369 Qualys Jobs - Page 14

Role & responsibilities SOC Operations: Monitor and analyze security events across networks, systems, and endpoints. Investigate, escalate, and respond to security incidents in a timely manner. Collaborate with the SOC team to enhance incident response procedures. Microsoft Security Solutions: Manage and maintain Microsoft Defender suite of tools, Azure Sentinel, and Microsoft Services. Implement Microsoft security configurations and policies to protect digital environments. Conduct threat hunting and data analysis using Microsoft Sentinel, KQL, and other Microsoft tools. Ensure compliance with security standards and best practices within Microsoft environments. Threat Detection and Incident Response: Conduct root cause analysis for security incidents and create actionable remediation plans. Support threat intelligence and vulnerability management programs to proactively reduce risk. Automate response and remediation workflows using Microsofts security automation tools. Security Engineering and Improvements: Develop and fine-tune security alerts and rules to improve threat detection. Collaborate with cross-functional teams to assess and improve security architecture. Assist in the design and implementation of secure cloud and hybrid environments with a focus on Microsoft platforms. Documentation and Reporting: Maintain up-to-date documentation of security procedures and incident reports. Generate reports on security incidents, SOC performance, and security posture improvements. Provide recommendations to improve security operations and incident response Preferred candidate profile 7+ years of professional experience in Security Operations Centre (SOC) or 5+ years of experience cybersecurity engineering role Strong hands-on experience with Microsoft security products, including: Microsoft Defender for Endpoint, Azure Sentinel, and Microsoft 365 Defender. Knowledge of Kusto Query Language (KQL) for threat hunting and data analysis. Familiarity with Microsoft security compliance frameworks and configurations. Act as an escalation point for high and critical severity security incidents and conduct thorough investigations to determine potential impact and understand extend of compromise. Practical knowledge of SIEM platforms, preferably Azure Sentinel, and incident response processes. Hunt for Indicators of Compromise (IOCs) and signs of Advanced Persistent Threats (APTs) within the Clients environment. Analyse attack patterns, Tools, Techniques and Procedures (TTPs) to identify methods of attacks and attack life cycle. Experience with a variety of security technologies, including firewalls, intrusion detection systems, EDR, XDR, SASE, SSE, Email Security Gateways, IDAM, and vulnerability scanners Experience with security best practices, including incident response, risk assessments, and security controls. Strong analytical and problem-solving skills with the ability to work in a fast-paced environment. Perks and benefits Perks and benefits Oreta takes pride in providing a service of excellence to our customers and looking after our employees who enable our business to succeed. The successful applicant will enjoy working in a collaborative environment in Chandigarh, India with a friendly and highly driven people (the Oreos), where ideas are always welcome and ongoing training and development is strongly encouraged. The renumeration will be negotiated and based on the relevant skills and experience of the successful applicant. If you are interested in a long-term career with potential to develop and grow with the business and are available to start immediately, then we look forward to hearing from you.

Role & responsibilities SOC Operations: Monitor and analyze security events across networks, systems, and endpoints. Investigate, escalate, and respond to security incidents in a timely manner. Collaborate with the SOC team to enhance incident response procedures. Microsoft Security Solutions: Manage and maintain Microsoft Defender suite of tools, Azure Sentinel, and Microsoft Services. Implement Microsoft security configurations and policies to protect digital environments. Conduct threat hunting and data analysis using Microsoft Sentinel, KQL, and other Microsoft tools. Ensure compliance with security standards and best practices within Microsoft environments. Threat Detection and Incident Response: Conduct root cause analysis for security incidents and create actionable remediation plans. Support threat intelligence and vulnerability management programs to proactively reduce risk. Automate response and remediation workflows using Microsofts security automation tools. Security Engineering and Improvements: Develop and fine-tune security alerts and rules to improve threat detection. Collaborate with cross-functional teams to assess and improve security architecture. Assist in the design and implementation of secure cloud and hybrid environments with a focus on Microsoft platforms. Documentation and Reporting: Maintain up-to-date documentation of security procedures and incident reports. Generate reports on security incidents, SOC performance, and security posture improvements. Provide recommendations to improve security operations and incident response Preferred candidate profile 7+ years of professional experience in Security Operations Centre (SOC) or 5+ years of experience cybersecurity engineering role Strong hands-on experience with Microsoft security products, including: Microsoft Defender for Endpoint, Azure Sentinel, and Microsoft 365 Defender. Knowledge of Kusto Query Language (KQL) for threat hunting and data analysis. Familiarity with Microsoft security compliance frameworks and configurations. Act as an escalation point for high and critical severity security incidents and conduct thorough investigations to determine potential impact and understand extend of compromise. Practical knowledge of SIEM platforms, preferably Azure Sentinel, and incident response processes. Hunt for Indicators of Compromise (IOCs) and signs of Advanced Persistent Threats (APTs) within the Clients environment. Analyse attack patterns, Tools, Techniques and Procedures (TTPs) to identify methods of attacks and attack life cycle. Experience with a variety of security technologies, including firewalls, intrusion detection systems, EDR, XDR, SASE, SSE, Email Security Gateways, IDAM, and vulnerability scanners Experience with security best practices, including incident response, risk assessments, and security controls. Strong analytical and problem-solving skills with the ability to work in a fast-paced environment. Perks and benefits Perks and benefits Oreta takes pride in providing a service of excellence to our customers and looking after our employees who enable our business to succeed. The successful applicant will enjoy working in a collaborative environment in Chandigarh, India with a friendly and highly driven people (the Oreos), where ideas are always welcome and ongoing training and development is strongly encouraged. The renumeration will be negotiated and based on the relevant skills and experience of the successful applicant. If you are interested in a long-term career with potential to develop and grow with the business and are available to start immediately, then we look forward to hearing from you.

Position: VAPT Engineer Reporting to: Platform Lead Infrastructure Security Employment Type: Employee - Full Time Work Location: Guwahati Key Focus area: Infrastructure Penetration Tester Key Responsibilities: Identification and remediation of new vulnerabilities and risk analysis for Infrastructure is a key responsibility. Identifying and maintaining Key metrics and SLA on Infrastructure Security. Ensure that vulnerability assessments are performed to evaluate effectiveness of security controls in applications, middleware, databases, network and operating systems. Thorough experience in configurations reviews against CIS benchmarks and security standards. Ensure all Hardening and Patching activities are conducted and tracked as per defined policies. Create/Update hardening documents and build audit file for automated testing. Knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities. Conduct security penetration testing to identify vulnerabilities and potential security risks along with designing and implement security solutions to protect enterprise systems, applications, data, assets, and people. Collaborate with cross-functional teams to ensure security measures are integrated into all aspects of the organization's operations. Perform Internal/ External Penetration Testing on Jio Infrastructure and producing reports with recommendations for detailed penetration testing findings. Sound understanding of Azure/GCP/AWS environment activities and Perform Vulnerability Assessment & Penetration Testing for networks (internal & external), applications, APIs & cloud assets along with Red & Purple Team assessments. Safeguarding information, infrastructures, applications, and business processes against cyber threats. Proactively create, share, and read reports as part of the penetration testing activities. Responsible for utilizing threat intelligence to identify new threats in our environment, coordinating with stakeholders to remediate identified vulnerabilities, and ensuring closure through thorough cross-validation. Qualification and Work Experience Qualification: BE / BTech (Similar Education Background) Work experience: 7-15 Years 7+ years of experience in Infrastructure Penetration Testing and Vulnerability Management including practical experience with Linux and Windows operating systems. Thorough understanding of Application and Infrastructure Architectures, and related vulnerabilities. Ability to interpret and prioritize vulnerability scan results into remediation actions and tracking those actions through to completion. Working knowledge of ORACLE DB, MS SQL DB, MYSQL DB & Network Devices is required. Ability to analyse vulnerabilities to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE). Extensive experience in vulnerability management, including the ability to forecast potential threats and develop proactive mitigation plans. Hands on experience in testing diverse infra components including various enterprise platforms such as private clouds, OpenShift infra, dockers/container infra etc. The candidate should be able to perform manual & automated penetration testing for internal, external perimeter, web applications, IT infrastructure, end-points, cloud etc. using hacking tools; e.g. Nuclei, Acunetix, BURP, Wireshark, Nmap, netcat, Firebug, Nessus, Kali OS, Parrot, Metasploit, Aircrack-ng. Preferred: Security related professional certification (e.g. CEH, CPENT, OSCP, OSCE, OSWE, GPEN, GWAPT or similar certifications) Preferred: Script writing skills (Python/Ruby/bash/PowerShell). Experience with security standards and frameworks such as ISO 27001, NIST, and PCI DSS. Preferred: Security solutions technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, Digital rights management, encryption, SEIM, and virtualization platforms. Expertise in performing grey box/Black box testing. Experience devising methods to automate testing activities and streamline testing processes. Proven ability to develop and test Proof of Concept (PoC) exploits as part of vulnerability assessment and penetration testing exercises. Competencies / Expertise Required (Functional & Behavioral) Systematic strong analytical thinking and problem-solving skills. Excellent in analytical thinking for translating data into informative visuals and reports. Adaptable to change. Quick Learner Open learn and work on new technologies and products. If you're interested, please share below mention details for the same. Location Preferred location Current Co Experience Current CTC Expected CTC Notice Period Offer in Hand Highest Education SSC % HSC % Graduation % University Name Regards, Ashwini Chakor

Network Security Vulnerability Management Specialist (SME) - This role will focus on identifying, assessing, and mitigating network security vulnerabilities within our organization’s infrastructure. The ideal candidate will have a strong understanding of security best practices, vulnerability scanning tools, and risk management, as well as the ability to work closely with cross-functional teams to drive the security posture of the organization. Key Responsibilities: • Vulnerability Assessment and Scanning: Lead and conduct comprehensive vulnerability assessments across network devices, systems, applications, and cloud infrastructures. Use industry-standard scanning tools such as Nessus, Qualys, or OpenVAS. • Risk Management: Assess and prioritize vulnerabilities based on their potential impact to the organization. Collaborate with stakeholders to develop risk mitigation strategies and recommend remediation actions. • Incident Response & Remediation Support: Provide expertise in addressing vulnerabilities during security incidents. Offer guidance to the IT and network teams on remediation best practices, helping to ensure timely patching and mitigation of vulnerabilities. • Continuous Monitoring: Develop and implement strategies for ongoing vulnerability monitoring and reporting. Regularly track the progress of vulnerability remediation efforts to ensure compliance with security standards. • Policy and Compliance: Ensure adherence to security policies, industry standards, and regulatory requirements (e.g., NIST, CIS, ISO 27001) concerning network security and vulnerability management. • Documentation and Reporting: Maintain thorough documentation of vulnerability assessments, remediation activities, and risk management processes. Provide regular status reports and executive summaries to senior management and key stakeholders. • Collaboration and Training: Work closely with security architects, network engineers, and other IT teams to ensure that security vulnerabilities are addressed across the network architecture. Provide mentorship and training to junior staff on vulnerability management practices. • Tool Optimization: Continuously evaluate and improve vulnerability management tools and processes. Stay up to date with the latest trends and emerging vulnerabilities in network security.

We are seeking a Cybersecurity professional to join our Information Technology t eam at Vadodara . The candidate Should have a strong understanding of information security principles , and common security technologies such as firewalls, IDS/IPS, and antivirus . Additionally, candidate should have hands-on experience with networking protocols , operating systems , and vulnerability assessment tools like Nessus , Qualys , Kali , BurpSuite , and Zap. Key Responsibilities: Assist in the implementation and maintenance of security measures to protect the organization's computer systems, networks, and data. Monitor security systems and tools for suspicious activity, unauthorized access attempts, and other security incidents. Conduct vulnerability assessments and penetration tests to identify and address security weaknesses. Analyze security logs and reports to identify trends, anomalies, and potential security threats. Participate in incident response activities, including containment, investigation, and remediation of security incidents. Assist in the development and enforcement of information security policies , standards, and procedures. Conduct security awareness training and educational programs for employees to promote a culture of security. Preferred Qualifications: Bachelor's degree in Computer Science, Information Security, Cybersecurity, or related field. Familiarity with common security frameworks and standards (e .g., NIST Cybersecurity Framework, ISO/IEC 27001, CIS Controls, OWASP). Knowledge of networking protocols, operating systems, and common security technologies (firewalls, intrusion detection/prevention systems, antivirus). Interested candidates can share there profile at "Itcv@alembic.co.in" with the subject line "Cybersecurity- Executive "

The Role Are you passionate about cybersecurity and looking for an exciting role where you can make a difference? If so, we have an opportunity for you! As a Security Specialist at Kyndryl, you will play a crucial role in enabling and securing our customer organizations, cultures, and ecosystems. Your responsibilities will be varied and dynamic, spanning asset classification models, risk assessment reports, information security policies, security solution scenarios, implementation plans, organization models, procedures, security services, security effectiveness evaluation reports, and security awareness workshops. You will be tasked with configuring, monitoring, and managing the performance of networks to maintain the quality of services, while also protecting organizational infrastructure from malicious cyber-attacks. As a key member of our team, you will assess, predict, prevent, and manage the risk of IT infrastructure and data, helping our customers stay ahead of the curve and ensure their systems are secure. You will develop and implement security policies and procedures, working closely with other departments to ensure that all security measures are in place and operating effectively. But that is not all at Kyndryl you will have the opportunity to explore innovation in CyberSecurity data science taking information that has been gathered and looking for areas to have that Ah Ha moment. Drawing conclusions and patterns from the data across single and multiple clients. Creating new ideas in the area of risk management and risk quantification. In addition to your technical responsibilities, you will also play a key role in raising awareness of potential security threats through technical security training on best practices. This is an exciting opportunity to help shape the culture of our clients' organizations and make a tangible impact on their security posture. If you have a passion for cybersecurity governance, risk and compliance, are looking for a challenging and dynamic role, and want to work with a team of like-minded individuals, then we want to hear from you! Join us as a Security Specialist and help us secure the future of our clients' organizations. Your Future at Kyndryl Every position at Kyndryl offers a way forward to grow your career. We have opportunities that you wont find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are Youre good at what you do and possess the required experience to prove it. However, equally as important you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused someone who prioritizes customer success in their work. And finally, youre open and borderless naturally inclusive in how you work with others. Required Skills and Experience 5 to 8 years of experience in vulnerability management, operational security, and risk assessment. End-to-end vulnerability management expertise, including scanning, remediation follow-up, and false positive verification. Experience with Qualys vulnerability management tools, including Vulnerability Management, Policy Compliance, Web Application Scanning, Cloud Agent, Asset View, Container Security, and VMDR. Strong understanding of vulnerability assessment processes, including interpreting scan results and reducing false positives. Experience in conducting network and system vulnerability assessments and documenting corrective actions. Ability to manage vulnerability scan processes, including user request administration, adding hosts/assets, creating scans, reports, and dashboards. Familiarity with Change Management processes for vulnerability scans on enterprise infrastructure. Knowledge of vulnerability management frameworks and standards, such as CVE, CVSS scoring, and attack vectors. Dashboard generation and reporting, including monthly and quarterly vulnerability assessment reports. Experience in managing internal Qualys infrastructure, including monitoring appliance status and handling RMA processes. Preferred Skills and Experience Experience in proactive security measures, including automated security processes. Hands-on experience in Qualys tag management and policy creation. Experience in driving the end-to-end vulnerability lifecycle, from discovery to remediation. Ability to work with patch management teams and coordinate remediation efforts. Understanding of security risk assessment methodologies and mitigation strategies. Knowledge of industry security compliance frameworks, such as ISO 27001, NIST, CIS, or SOC 2. Strong analytical and reporting skills, with experience in creating security dashboards and reports for stakeholders.

AM Enterprise is hiring a remote Red Team Security Specialist to simulate cyberattacks, perform penetration tests, and collaborate with Blue Team members to enhance cybersecurity defenses. Requires expertise in penetration testing tools, scripting. Health insurance Annual bonus Office cab/shuttle

The Role Kyndryls Security & Resiliency is one of our most critical practices, ensuring enterprises, regardless of their size and complexity, remain secure, available, reliable, and resilient. We take Cybersecurity seriously. We're not just invested; we're committed. We're not just protecting data; we're empowering. Kyndryl is committed to making the world safer, not only by investing in state-of-the-art services and technologies but also by empowering underserved communities with essential cyber skills. When you walk through our doors, you're not only joining a team but you're also becoming part of a legacy. Welcome to Kyndryl, where Cybersecurity isn't just a job its a passion; a commitment to designing, running, and managing the most modern and reliable technology infrastructure that the world depends on every day. As a Cybersecurity Defense professional at Kyndryl, you will encompass cybersecurity, incident response, security operations, vulnerability management, and the world of cyber threat hunting and security intelligence analysis all to protect the very heartbeat of organizations their infrastructure. In this role, you won't just monitor; you'll actively engage in the relentless hunt for cyber adversaries. In a world where every click and keystroke could be a potential gateway for attackers, your role will be nothing short of critical as you seek out advanced threats, attackers, and Indicators of Compromise (IOCs). Your expertise in endpoint detection and response (EDR) will be the shield that safeguards individual workstations, laptops, servers, and other devices from cybercrime. Your responsibilities go beyond vigilance. When it comes to network security, you'll utilize Network Detection and Response (NDR) to monitor the ever-flowing currents of network traffic. The incident management process will be used as you respond and manage to cybersecurity incidents. Cybersecurity Defense is all about information. You'll gather, analyze, and interpret data applying your own and external threat intelligence to uncover potential security threats and risks. These insights and your ability to analyze complex attack scenarios will be the foundation of our security strategy helping Kyndryl stay one step ahead of security breaches. In Cybersecurity Defense at Kyndryl, youre not just protecting the present youre shaping the future of digital security. Join us on this cybersecurity venture where your expertise and creativity will have a lasting impact in the world of digital defense. Your Future at Kyndryl When you join Kyndryl, you're not just joining a company you're entering a space of opportunities. Our partnerships with industry alliances and vendors mean you'll have access to skilling and certification programs needed to excel in Security & Resiliency, while simultaneously supporting your personal growth. Whether you envision your career path as a technical leader within cybersecurity or transition into other technical, consulting, or go-to-market roles were invested in your journey. Who You Are Youre good at what you do and possess the required experience to prove it. However, equally as important you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused someone who prioritizes customer success in their work. And finally, youre open and borderless naturally inclusive in how you work with others. Required Skills and Experience 4-7 years of professional experience Experience in Vulnerability Management Practical experience with Vulnerability scanning tools in example Qualys, Tenable, Nessus etc. General understanding of how to scan infrastructure, applications, containers, Cloud against known vulnerabilities will be an advantage. Experience in SQL Solid understanding of: Windows and Linux operating system, services and how they interact. Networks/networking Familiarity with Python scripting language will be an advantage. Understanding of security audit process Good analytical skills You have good English written and spoken communication skills. Qualys certification Any Offensive security Certification added value Preferred Skills and Experience Executing Vulnerability Scans on applications, containers and infrastructure. Performing scan result analysis to reduce false positive findings. Preparing detailed Vulnerability Scanning reports. Assist in conducting a risk analysis of applications or technology solutions. Identifying, communicating, and providing targeted remediation of vulnerabilities. Collaborating with technical and management personnel across whole organization. Delivering regularly aggregated reports of vulnerability findings to the service executive.

We are seeking a DevOps Engineer with expertise in vulnerability patching for Apache Struts and Spring Framework to enhance the security and stability of our applications. The ideal candidate will be responsible for identifying, assessing, and mitigating security vulnerabilities while ensuring system reliability and compliance with industry security standards. Responsibilities Key Responsibilities: Vulnerability Management: Identify, analyze, and remediate security vulnerabilities in Apache Struts and Spring Framework across production and development environments. Patch Deployment: Apply patches, updates, and security fixes for Apache Struts and Spring Framework while ensuring application stability. Automation & Scripting: Develop and maintain automation scripts (Bash,Shell Scripting, Python, Ansible) to streamline patching and deployment processes. Configuration Management: Utilize Ansible, Terraform, Puppet, or Chef to enforce secure configurations and automate patch deployments. CI/CD Pipeline Security: Ensure Struts and Spring updates are integrated into CI/CD pipelines (Jenkins, GitLab CI, Azure DevOps). Monitoring & Compliance: Implement security monitoring tools to track vulnerabilities and ensure compliance with CIS, NIST, ISO 27001, and PCI-DSS. Incident Response: Collaborate with security teams to address vulnerabilities, perform root cause analysis, and remediate security incidents. Documentation & Reporting: Maintain accurate documentation of security patching activities, risk assessments, and compliance reports. Requirements Required Skills & Experience: xx years of experience in a DevOps, IT Security, or System Administration role. Strong knowledge of Apache Struts and Spring Framework security vulnerabilities and patching methodologies. Experience with Java application servers (Tomcat, WildFly, JBoss, WebLogic). Proficiency in Linux administration (Ubuntu, RHEL, CentOS) and Windows Server. Hands-on experience with patch management tools and security updates for Java-based applications. Expertise in PowerShell, Bash, or Python scripting for automation. Familiarity with vulnerability scanning tools (Nessus, Qualys, Tenable, Rapid7). Experience working with Docker, Kubernetes, and cloud platforms (AWS, Azure, GCP). Collaborate closely with Dev teams and work on remediation solutions by understanding application architecture .Preferred Qualifications: Certifications such as AWS Certified DevOps Engineer, RHCE, CKA (Certified Kubernetes Administrator), or CISSP. Experience working in Telecom industiries Prior experience with SIEM tools (Splunk, ELK, Datadog) for security monitoring. Prior experience with endpoint security and system hardening.

Senior information security engineer Job Name: Senior information security engineer Job Role: Sr. IT Security Engineer Industry:IT, Software, Bpo Job Location:Udaipur (Rajasthan) Experience:5- 10 yearSkills:Team Handling, information security controls, VPN, Cloud Server Salary:Best in the Industry Education:BCA, MCA, B.tech(CS/IT) Job Summary: Looking for Sr.information security engineer. Should have strong work exposure in the IT Security department. having work exposure in the IT security environment to identify cybersecurity gaps in systems, processes, and controls and evaluate the potential risk exposure. Work with IT management to develop opportunities for improvement. Architect, configure, manage, and deploy devices including firewalls, IPS, and IDS to improve our ability to prevent and detect intrusions in real-time. About The Role :: Should have strong work exposure in the IT Security department. having work exposure in the IT security environment to identify cybersecurity gaps in systems, processes, and controls and evaluate the potential risk exposure. Work with IT management to develop opportunities for improvement. Architect, configure, manage, and deploy devices including firewalls, IPS, and IDS to improve our ability to prevent and detect intrusions in real-time.To develop and maintain the information security policy and accompanying standards, procedures, and guidance. Research and stay informed of potential information security threats, breaches, industry trends, emerging technologies, and response alternatives. Conduct research and provide insight to identify, assess, and deploy security technology solutions and partners including but not limited to encryption, firewalls, authorization, authentication, intrusion detection, and gateway security controls. To develop and deliver a programme of planned compliance reviews and ensure any gaps are addressed. Engage in regular assessment of the current IT security environment to identify cybersecurity gaps in systems, processes and controls and evaluate the potential risk exposure. Work with IT management to develop opportunities for improvement. Architect, configure, manage and deploy devices including firewalls, IPS and IDS to improve our ability to prevent and detect intrusions in real-time. Monitor and proactively recommend solutions for correcting issues related to security technology performance and capabilities of vendors. Collaborate on critical technology projects to ensure that security issues are addressed throughout the project life cycle. Develop and implement recommendations for security technology solutions, which may include technology for encryption, firewalls, authorization, authentication, intrusion, detection, and gateway security controls. Work in an advisory role in application development or acquisition projects to assess security requirements and implement controls as planned. Perform day- to- day security log review and analysis in adherence to company requirements and industry security best practices. Do static scanning (code, open-source libraries) and dynamic scanning. The log reviews include:operating systems, databases, applications, networks and security applications. Work with auditors to demonstrate processes and ensure appropriate levels of access are applied throughout the information lifecycle. Lead the design, development, and delivery of security training programs. 24x7 on-call availability as required. Knowledge of trends and developments in technology relating to security and risk management. Strong understanding of information security controls, risks and threats. Strong knowledge of enterprise security technologies, e.g., Virtual Private Network (VPN), Encryption, Firewalls, Intrusion Detection/ Prevention, and Anti- Virus. Working knowledge of Linux, Windows,Cloud Server, and other enterprise- wide applications. Knowledge of information security standards (ISO, SOC), data privacy laws, computer crime laws, and federal data protection laws, etc. Knowledge of vulnerability analysis tools, OWASP Zap, Veracode, Qualys, Sonarqube, Acunetix, Burp Suite, etc. Knowledge of information security audit and assessment methodologies, policies, standards, procedures and best practices. Ability to conduct risk management assessments; provide assistance in identification, prioritization and remediation of information systems vulnerabilities. Strong technical depth and passion for security. Experience working with 3rd party vendors and service providers.

Experience: 5+ years with experience in SNOW Vulnerability Module. Key Responsibilities: Strong background in ServiceNow Security Operations, a deep understanding of Vulnerability Management (VM), Good experience in ServiceNow development on ITSM module Excellent experience in Integrating third party tools with ServiceNow using web services and connectors Implement and manage the Vulnerability Management module in ServiceNow. Integrate vulnerability scanners with ServiceNow. Develop and automate workflows using ServiceNow Flow Designer and Orchestration to manage vulnerabilities.. Perform regular testing and validation of vulnerability data and its accuracy in the system. Create reports and dashboards in ServiceNow Performance Analytics to track vulnerabilities, remediation progress, and key metrics. Ensure compliance with regulatory standards and internal security policies through effective vulnerability tracking. Automate vulnerability response actions and integrate them with existing security incident management processes. Maintain proper documentation and provide training to teams on the ServiceNow Vulnerability Management process. Required Skills & Qualifications: Strong knowledge of ServiceNow platform, including its Security Incident Management (SIM) and Vulnerability Management (VM) modules. Familiarity with ServiceNow CMDB and how vulnerabilities relate to Configuration Items (CIs). Experience in integrating vulnerability scanning tools (e.g., Qualys, Tenable, Nessus) with ServiceNow. Experience with risk prioritization and the Common Vulnerability Scoring System (CVSS). Knowledge of Security Incident Management, Problem Management, and Change Management best practices in ServiceNow. Experience in creating reports and dashboards using ServiceNow Performance Analytics.

Project Role : Application Developer Project Role Description : Design, build and configure applications to meet business process and application requirements. Must have skills : Infrastructure Security Vulnerability Management Operations Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Application Developer, you will design, build, and configure applications to meet business process and application requirements. You will contribute to the development of innovative solutions and collaborate with multiple teams to ensure successful project delivery. Roles & Responsibilities: Expected to be an SME, collaborate and manage the team to perform. Responsible for team decisions. Engage with multiple teams and contribute on key decisions. Provide solutions to problems for their immediate team and across multiple teams. Ensure the security and vulnerability management operations are implemented effectively. Collaborate with stakeholders to identify and address security vulnerabilities. Develop and maintain vulnerability management processes and procedures. Conduct vulnerability assessments and penetration testing to identify potential risks. Implement security controls and measures to mitigate vulnerabilities. Professional & Technical Skills: Must To Have Skills:Proficiency in Infrastructure Security Vulnerability Management Operations. Strong understanding of security vulnerabilities and risk management. Experience with vulnerability scanning tools such as Nessus or Qualys. Knowledge of security frameworks and standards such as ISO 27001 and NIST. Familiarity with network security principles and technologies. Good To Have Skills:Experience with cloud security and DevSecOps practices. Additional Information: The candidate should have a minimum of 7.5 years of experience in Infrastructure Security Vulnerability Management Operations. This position is based at our Kolkata office. A 15 years full-time education is required. Qualifications 15 years full time education

About The Role ::Cyber Security Analyst A Cyber Security Analyst is responsible for identifying, assessing, and managing security vulnerabilities within an organization''s IT systems and infrastructure. This role involves conducting vulnerability assessments, analyzing security risks, and providing recommendations to mitigate potential threats. The analyst uses tools like Qualys to perform these assessments and ensure the security of servers and other critical assets. Key Responsibilities: Conducting regular and comprehensive vulnerability assessments of networks, systems, and applications using the Qualys tool. Prioritize remediation of discovered vulnerabilities and coordinate mitigation efforts across all teams and systems. Collaborate with team members and help operationalize defined vulnerability management processes. Coordinate with respective teams to ensure timely update and configuration of software and operating systems with the latest patches and security settings to ensure the proper defences are present. Contribute to defining, reviewing, and enacting security policies and practices. Stay apprised of the threat landscape, vulnerabilities, and industry best practices, and make recommendations to improve Wipros security posture. Review and create SOPs & technical documents/runbooks to support team processes and ISMS requirements. Work closely with other information security teams to ensure operational efficiency and stay apprised of overall Wipro security posture and capabilities. Qualifications: Bachelors degree in information security, Information Technology, or a related field. 5+ years of experience in Threat and Vulnerability Management or equivalent knowledge. Proficiency in using the Qualys VMDR tool for vulnerability assessments. Hands-on experience with Qualys reports and Excel representation with various dashboards. Good understanding of CIS benchmarks and Qualys Policy Compliance module. Familiarity with the ServiceNow tool will be advantageous. Must be a team player, dedicated, and proactive. Must possess good communication, problem-solving, critical thinking, and organizational skills. Must have good presentation skills. Ability to clearly present technical approaches or findings in oral and written format. Ability to present ideas in business-friendly and user-friendly language. Highly self-motivated and directed.

Key Responsibilities: Conduct thorough assessments of server infrastructure to identify vulnerabilities and security weaknesses. Develop and implement a comprehensive vulnerability remediation plan in collaboration with IT security teams, application teams, and server infrastructure teams. Prioritize vulnerabilities based on risk assessment and business impact, and establish timelines for remediation efforts. Monitor and report on remediation progress, metrics, and results to stakeholders. Document all findings, remediation steps taken, and recommendations for future improvements. Qualifications: Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field. Minimum [3] years of experience in IT security, system administration, or a related role. Proven experience leading vulnerability remediation projects in enterprise environments. Strong knowledge of server operating systems (e.g., Linux, Windows Server) and security best practices. Familiarity with vulnerability scanning tools (e.g., Nessus, Qualys, Rapid7) and patch management solutions. Excellent problem-solving skills and attention to detail. Strong communication and interpersonal skills, with the ability to collaborate effectively with various teams. Relevant certifications (e.g., CISSP, CISM, CEH) are a plus.

About The Role ::Cyber Security Analyst A Cyber Security Analyst is responsible for identifying, assessing, and managing security vulnerabilities within an organization''s IT systems and infrastructure. This role involves conducting vulnerability assessments, analyzing security risks, and providing recommendations to mitigate potential threats. The analyst uses tools like Qualys to perform these assessments and ensure the security of servers and other critical assets. Key Responsibilities: Conducting regular and comprehensive vulnerability assessments of networks, systems, and applications using the Qualys tool. Prioritize remediation of discovered vulnerabilities and coordinate mitigation efforts across all teams and systems. Collaborate with team members and help operationalize defined vulnerability management processes. Coordinate with respective teams to ensure timely update and configuration of software and operating systems with the latest patches and security settings to ensure the proper defences are present. Contribute to defining, reviewing, and enacting security policies and practices. Stay apprised of the threat landscape, vulnerabilities, and industry best practices, and make recommendations to improve Wipros security posture. Review and create SOPs & technical documents/runbooks to support team processes and ISMS requirements. Work closely with other information security teams to ensure operational efficiency and stay apprised of overall Wipro security posture and capabilities. Qualifications: Bachelors degree in information security, Information Technology, or a related field. 5+ years of experience in Threat and Vulnerability Management or equivalent knowledge. Proficiency in using the Qualys VMDR tool for vulnerability assessments. Hands-on experience with Qualys reports and Excel representation with various dashboards. Good understanding of CIS benchmarks and Qualys Policy Compliance module. Familiarity with the ServiceNow tool will be advantageous. Must be a team player, dedicated, and proactive. Must possess good communication, problem-solving, critical thinking, and organizational skills. Must have good presentation skills. Ability to clearly present technical approaches or findings in oral and written format. Ability to present ideas in business-friendly and user-friendly language. Highly self-motivated and directed.

Job Summary: We are looking for a skilled and certified Security Analyst with 3 to 5 years of experience in vulnerability assessment, server configuration review, CIS hardening, and VAPT. The ideal candidate should have hands-on experience with Qualys VMDR , vendor management, and compliance frameworks. The candidate should have an engineering background and hold relevant security certifications. Key Responsibilities: 1. Vulnerability Assessment & Management: Conduct server vulnerability assessments (VA) and remediation tracking. Perform configuration reviews to ensure compliance with security baselines. Use Qualys VMDR or equivalent tools to scan, analyze, and report vulnerabilities. Work with system administrators to validate and patch vulnerabilities. 2. Server Hardening & Configuration Review: Perform server configuration reviews based on CIS benchmarks and best practices. Recommend and implement server hardening measures. Ensure compliance with industry security standards and internal policies. 3. VAPT & Security Testing: Conduct Vulnerability Assessment & Penetration Testing (VAPT) for servers and networks. Work closely with third-party security testing vendors to review findings and ensure fixes. Track and manage security incidents related to server vulnerabilities . 4. Compliance & Risk Management: Ensure compliance with OWASP , ISO 27001, PCI DSS, NIST, or other security standards . Work with teams to close security gaps found during audits and risk assessments . Document security controls, remediation plans, and compliance reports. 5. Vendor Management: Evaluate security vendors , review security reports, and track remediation efforts. Coordinate with third-party vendors for security audits and compliance checks . Ensure vendor-provided solutions comply with security policies. Required Skills & Qualifications: Bachelor’s degree in computer science, Information Security, or Engineering (BE/B.Tech). 3-5 years of experience in server security, vulnerability assessment, and compliance . Hands-on experience with Qualys VMDR, Nessus, or equivalent vulnerability scanning tools . Strong knowledge of CIS benchmarks, server hardening, and security best practices . Experience in VAPT and security testing methodologies . Understanding of ISO 27001, PCI DSS, NIST, or other security compliance frameworks . Good analytical and communication skills to work with internal teams and vendors. Preferred Certifications: Certified Ethical Hacker (CEH) ECSA CompTIA Security+ GIAC Security Essentials (GSEC) Qualys Certified Specialist (QCS) (Preferred) Why Join Us? Opportunity to work with cutting-edge security tools and frameworks . Exposure to enterprise security compliance and risk management . Growth opportunities in a fast-paced cybersecurity environment.

Position Details- Position: VAPT and DevSecOps Lead Experience: 7-10 years Job Location: Powai, Mumbai - WORK FROM OFFICE Number of Position 1 Description: We are looking for DevSecOps Security Engineer who will be responsible for running automated and manual security scans which include but not limited to SAST, DAST, IAST, Mobile, Web, API and ad-hoc pen-testing. The candidate will play a key role of integrating Security element in DevSecOps The role entails taking responsibility of analysing security vulnerabilities and capability to provide mitigation solutions to fix issues, providing guidance to application teams, and coordinating with cross functional teams across the platform. Responsibilities: Hands-on experience creating and implementing DevSecOps pipeline using CICD automation tools like Jenkins, Automated scanning tools, BurpSuite, and open source tools. Implement Application Cyber Security Controls/Policies developed by IT Security Team. Ability to demo security vulnerability to application teams. Drive application security issues to a resolution. Provide a clear guidance to application teams during vulnerability mitigation effort Conduct application security assessment on periodic intervals and for every release Collect and report status on application security assessments including milestones, deliverables, timing, tasks, risk areas, and status to Head of IT Security Categorize and recommend assessment strategies for existing and new application development Coach development and vendor teams on application security Develop user training material on secure coding and conduct training sessions Coordinate and execute IT security projects Integrate the Application and DevOps processes and CI/CD pipelines from early stages of the development lifecycle. Evaluating and on-boarding security tools such as SAST, vulnerability and open source scanning into the Security DevOps life cycle for multiple tech stacks. Contributing features to internally developed Cyber security tools, and integrate those tools into the Security DevOps pipelines. Driving continuous improvement for Security DevOps pipelines and processes, and to the Cyber security tools, services, and processes. Engage in security research in keeping abreast of the latest security issues for Cloud enabled enterprises Research best practices for a variety of technologies and document / advice on solutions for security for multiple teams Develop, improve and monitor system compliance with the IT framework for controls and levels of access Collaborate with internal teams to manage and mitigate security vulnerabilities and risks Collaborate with software engineering and digital team to deliver integrated security solutions, and improve developer security practices Collaborate on Red Team penetration testing of IT systems Essential Qualification: Tenable/Qualys tool experience is mandatory. Experience with Dockers, Kubernetes, Terraform Good to have Appsec, API Testing, Infra Cloud Security testing experience. Must have experience with a modern version control system such as: Git, Github, GitLab. CISSP, OSCP or other security certifications desired. Experience with infrastructure as code and technologies behind it (Terraform preferred) Must have 4+ years of progressive experience in computing and information security. Capable of analysing data from various data sources and generating reports, charts and graphs. • Proven experience with at least one of the following technologies: MySQL, Postgres, FireBase, Google Cloud Storage and willing to learn and fill in any gaps. Working knowledge of agile methodology, techniques, and frameworks, such as Scrum or Kanban Excellent people and project management skills. Strong communication and presentation skills. Strong analytical and problem-solving skills.

The Vulnerability Management Analyst will be part of ZS IT Information Security team in Pune. As a Vulnerability Management Analyst, you will be responsible for security vulnerability and threat analysis, planning, prioritizing, and remediating discovered vulnerabilities. To help achieve these goals, you will be responsible for collaboration with multiple teams across ZS to coordinate and enforce mitigation efforts. In addition, you will be expected to stay up to date on technology and security trends and make recommendations to enhance the security posture of ZS infrastructure and applications. What you'll do: Review internal and external vulnerability scans, pen test results, threat intelligence, red team findings, and additional vulnerability inputs, prioritize remediation of discovered vulnerabilities, and coordinate mitigation efforts across all teams and systems Collaborate with the team members and help operationalize defined vulnerability management processes Coordinate with respective teams to ensure timely update and configuration of software and operating systems with the latest patches and security settings to ensure the proper defenses are present Contribute to defining, reviewing, and enacting security policies and practices Stay apprised of the threat landscape, vulnerabilities, and industry best practices and make recommendations to improve ZSs security posture Review and create SOPs & technical documents/runbooks to support team processes and ISMS requirements Work closely with other information security teams to ensure operational efficiency and stay apprised of overall ZS security posture and capabilities What you'll bring: Bachelors degree in information security, Information Technology, or related field 1-3 years of experience in Threat and Vulnerability Management or equivalent knowledge Strong knowledge in industry standard VAPT tools like Tenable (Nessus), Rapid7, Qualys, Wiz and open-source tools Demonstratable expertise and experience with security related incidents is desirable Understanding and experience on working with cloud security services (AWS, Azure, GCP; others a plus) Must be a team player, dedicated, and proactive Must possess good communication, problem-solving, critical thinking, and organizational skills Must have good presentation skills Ability to clearly present technical approaches or findings in oral and written format Ability to present ideas in business-friendly and user-friendly language Highly self-motivated and directed Candidate should be flexible to work in late shifts to converse with leadership teams in US as needed

Vulnerability Management (Rapid7) Overview : Candidate is responsible for identifying, analyzing, and prioritizing vulnerabilities in an organization system, applications and ensuring appropriate measures are taken to remediate them. Candidate will work closely with all required IT Teams to ensure that identifies vulnerabilities are addressed in a timely and effective manner. Responsibilities : • Conduct Regular Vulnerability assessments using tools such as Rapid 7, Qualys. • Hands on experience on Rapid7 is a must. • Analyze and prioritize the identified vulnerabilities based on risk assessment, severity, and exploitability. • Work with IT Teams to develop and implement remediation plans. • Monitor the progress of remediation efforts and provide regular updates to stakeholders. • Participate in Incident response and investigations related to vulnerabilities. • Stay up to date with latest threats and vulnerabilities and adjust the Vulnerability management accordingly. • Ensure compliance with applicable regulatory requirements. • Create reports and metrics to track the progress of the Vulnerabilities. • Be a champion for vulnerability management and information security including broadening awareness and use of the teams services, education of security best practices, and integration with other business areas. • Support teammates regarding vulnerability assessment, communication/rapport with other divisions and various levels of leadership, technical expertise, and career development. Requirements : • Bachelors Degree in computer science or related field. • At least 7-9 years of experience in vulnerability management • Familiarity with Vulnerability scan and assessment techniques. • Good understanding on CVSS scores • Excellent Analytical and Problem-solving skills • Strong communication skills Verbal and Written. • Ability to work independently. • Familiarity with security frameworks like NIST, ISO27001 and regulatory compliance like SOX. • Experience in Azure cloud. • Knowledge on Scripting languages like PowerShell or python will be advantage. • Experience with risk assessments and prioritization methodologies. Responsibilities: • Architectural Design: Develop and maintain security architecture frameworks incorporating Tenable solutions to address organizational risk, compliance, and security objectives. • Solution Integration: Design and oversee the integration of Tenable products (e.g., Tenable.io, Tenable.sc, Tenable.ot) into existing security infrastructures. • Strategic Planning: Collaborate with senior leadership to define security requirements and develop long-term security strategies. • Risk Management: Assess and mitigate risks related to vulnerabilities and threats using Tenable's tools. • Policy and Standards: Establish and enforce security policies and best practices for Tenable product implementation. • Technical Leadership: Provide technical guidance and support on the effective use of Tenable solutions. • Optimization and Innovation: Continuously evaluate and enhance security architectures and Tenable deployments. • Documentation and Reporting: Maintain comprehensive documentation of security architectures and generate reports on security posture. • Training and Awareness: Lead training sessions to enhance understanding of Tenable products and security architecture principles.

DevOps Engineer Vulnerability Patching (Adobe, cURL, Jenkins, Notepad++, NumPy, Vim) Overview We are seeking a DevOps Engineer with expertise in vulnerability management and patching for Adobe products, cURL, Jenkins, Notepad++, NumPy, and Vim. The ideal candidate will be responsible for identifying, assessing, and mitigating security vulnerabilities in these tools while ensuring system stability, compliance, and automation of patching processes. Responsibilities Vulnerability Management: Identify, analyze, and remediate security vulnerabilities in Adobe, cURL, Jenkins, Notepad++, NumPy, and Vim across development and production environments. Patch Deployment: Apply security patches and updates efficiently to mitigate risks while ensuring minimal downtime. Automation & Scripting: Develop automation scripts (PowerShell, Bash, Python, Ansible) to streamline vulnerability patching. Configuration Management: Utilize SCCM, Intune, Ansible, Puppet, or Chef to enforce secure configurations and manage patch deployments. CI/CD Pipeline Security: Ensure Jenkins updates and security fixes are integrated into CI/CD pipelines to prevent pipeline vulnerabilities. Monitoring & Compliance: Implement monitoring solutions and security best practices to ensure compliance with CIS, NIST, ISO 27001, and PCI-DSS. Incident Response: Work with security teams to investigate and remediate security incidents related to vulnerabilities in the specified software. Documentation & Reporting: Maintain accurate documentation of patching activities, vulnerability reports, and risk assessments. Requirements Required Skills & Experience: xx years of experience in DevOps, IT Security, or System Administration. Strong experience with vulnerability patching for Adobe, cURL, Jenkins, Notepad++, NumPy, and Vim. Proficiency in Windows and Linux administration, including package management tools (APT, YUM, Chocolatey, Winget). Experience with patch management tools (WSUS, SCCM, Intune, or third-party patching solutions like Ivanti, Qualys, or Tenable). Expertise in PowerShell, Bash, or Python scripting for automation and deployment. Hands-on experience with Jenkins administration, security hardening, and plugin management. Familiarity with vulnerability scanning tools (Nessus, Qualys, Tenable, Rapid7). Understanding of CI/CD security best practices and open-source security risks. Knowledge of cloud platforms (AWS, Azure, GCP) and infrastructure-as-code (Terraform, Ansible). Collaborate closely with Dev teams and work on remediation solutions by understanding application architecture . Preferred Qualifications: Certifications such as AWS Certified DevOps Engineer, Microsoft Certified: Security Operations Analyst, RHCE, or CISSP. Experience working in Telecom industiries Prior experience with endpoint security and system hardening.

Mandatory Skill Must Have : - Network Vulnerability Assessment + Testing Job Detail : - Job Description: VAPT Engineer Position: Security Analyst (U2) Employment Type: [Full Time] Experience: [2 5 years] Job Summary : We are seeking a skilled VAPT Engineer to identify, assess, and mitigate security vulnerabilities in our applications, networks, and IT infrastructure. The ideal candidate will be proficient in conducting manual and automated testing to uncover weaknesses, providing actionable recommendations for remediation, and ensuring the security of our systems against emerging threats. Key Responsibilities: Perform vulnerability assessments and penetration tests on networks, web applications, APIs, mobile applications, and cloud environments. Container Security on Cloud and On Prem Containers Use both automated tools (e.g., Nessus, Burp Suite, Metasploit, Qualys, Acunetix) and manual techniques to identify security vulnerabilities and exploit them in a controlled manner. Develop detailed technical reports on findings, including the severity of vulnerabilities and actionable mitigation strategies. Collaborate with development and IT teams to remediate identified vulnerabilities and enhance security configurations. Conduct post remediation testing to ensure vulnerabilities have been addressed effectively. Stay updated on emerging vulnerabilities, threats, and attack vectors to continuously refine testing methodologies. Coordinating with relevant stake holders/ Application owners for timely closure of vulnerabilities. Ensure compliance with applicable security standards and frameworks (e.g., OWASP Top 10, SANS 25, ISO 27001, PCI DSS). Contribute to the creation and enhancement of security policies and best practices. Required Qualifications: Bachelor degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience). 2-5 years of hands on experience in Vulnerability Assessment and Penetration Testing. Strong knowledge of OWASP Top 10, SANS 25, and common security vulnerabilities and exploits. Proficiency in using penetration testing tools such as Nessus, Burp Suite, Metasploit, Qualys, Acunetix, and others. Familiarity with manual testing techniques, scripting, and basic programming skills (Python, Bash, or PowerShell). Solid understanding of network protocols, operating systems, and security concepts. Strong analytical and problem solving skills, with the ability to explain technical findings to non technical stakeholders. Preferred Certifications: Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) GIAC Penetration Tester (GPEN) CompTIA PenTest+ Experience Range : - 2-5 Years

Employment Type: [Full Time] Job Summary: We are seeking a skilled VAPT Engineer to identify, assess, and mitigate security vulnerabilities in our applications, networks, and IT infrastructure. The ideal candidate will be proficient in conducting manual and automated testing to uncover weaknesses, providing actionable recommendations for remediation, and ensuring the security of our systems against emerging threats. Key Responsibilities: Perform vulnerability assessments and penetration tests on networks, web applications, APIs, mobile applications, and cloud environments. Container Security on Cloud and On Prem Containers Use both automated tools (e.g., Nessus, Burp Suite, Metasploit, Qualys, Acunetix) and manual techniques to identify security vulnerabilities and exploit them in a controlled manner. Develop detailed technical reports on findings, including the severity of vulnerabilities and actionable mitigation strategies. Collaborate with development and IT teams to remediate identified vulnerabilities and enhance security configurations. Conduct post remediation testing to ensure vulnerabilities have been addressed effectively. Stay updated on emerging vulnerabilities, threats, and attack vectors to continuously refine testing methodologies. Coordinating with relevant stake holders/ Application owners for timely closure of vulnerabilities. Ensure compliance with applicable security standards and frameworks (e.g., OWASP Top 10, SANS 25, ISO 27001, PCI DSS). Contribute to the creation and enhancement of security policies and best practices. Required Qualifications: Bachelors degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience). 2 5 years of hands on experience in Vulnerability Assessment and Penetration Testing. Strong knowledge of OWASP Top 10, SANS 25, and common security vulnerabilities and exploits. Proficiency in using penetration testing tools such as Nessus, Burp Suite, Metasploit, Qualys, Acunetix, and others. Familiarity with manual testing techniques, scripting, and basic programming skills (Python, Bash, or PowerShell). Solid understanding of network protocols, operating systems, and security concepts. Strong analytical and problem solving skills, with the ability to explain technical findings to non technical stakeholders. Preferred Certifications: Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) GIAC Penetration Tester (GPEN) CompTIA PenTest+

Hi, We are looking for a Vulnerability Analyst, Skills: Vulnerability management and Qualys Exp: 4 to 8 Location : Bangalore NP: Immediate within 15 days Interested candidate send resume to sreeram.sekhar@thakralone.in

Hi, We are looking for a Vulnerability Analyst, Skills: Vulnerability management and Qualys Exp: 4 to 8 Location : Bangalore NP: Immediate within 15 days Interested candidate send resume to sreeram.sekhar@thakralone.in

A security analyst role within the Global Technology Transversal Application Services (TAS) function, supporting the provision of a robust and consistent security scanning, remediation and guidance service within the TAS Application Operations team. The team provides a global, centralized Operations, Governance, Audit, Risk & Security service across Application Delivery. DISCOVER your opportunity What will your essential responsibilities include? Support the Application Operations (Security) team in all security related activities, forums and discussions Perform application scanning across the Application Delivery estate using tools such as SonarQube, Checkmarx, JFrog Xray, CAST Highlight, Defender and Qualys Assist in setting up Jenkins pipeline integration to CI/CD lifecycle Perform Static Application Security Testing (SAST) and Software Composition Analysis (SCA), including analysis of components in applications to detect vulnerabilities and compliance issues Work with Application Delivery teams to communicate the outcome of scanning and analysis, and agree remediation actions including target dates for completion, in alignment with Information Security Policy requirements Assist in Risk Assessments, evaluating the severity of identified vulnerabilities and prioritizing remediation efforts based on potential impact to the organization Assist in Policy development, contributing to the development and implementation of vulnerability management policies and procedures Manage the production of reporting and metrics to both internal and external stakeholders You will report to the Operations Lead (under Head of Application Operations) SHARE your talent Were looking for someone who has these abilities and skills: Required Skills and Abilities: Security First mindset Understanding of vulnerability analysis, scanning and remediation processes Understanding of CVEs, CVSS Understanding of security industry compliancy benchmarks and standards i.e. CIS Understanding of security best practices/standards i.e. OWASP, NIST Preferable experience with at least 2 coding languages i.e. Java, .NET, C++, Python etc. Strong analytical, critical thinking and organizational skills, ability to multitask and work to deadlines Proficiency in Power BI, MS Work and MS Excel: We maintain and continually develop a number of Power BI Dashboards to support provision of critical data and use Excel to support our data capture and analysis and reporting Excellent communication, interpersonal and relationship building skills (verbal and written)