682 Qualys Jobs - Page 25

Company Description Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, all using our unique combination of data, analytics and software. We also assist millions of people to realise their financial goals and help them save time and money. We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments. We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.co m Job Description Job Description You will be based in Hyderabad and reporting to your manager. This is individual contributor (Non-Managerial) role The Vulnerability Management and Endpoint Security Compliance Team perform the following key functions: Vulnerability Management: You will assess and address vulnerabilities to minimize security risks. Endpoint Security: You will ensure comprehensive security measures are in place to protect all endpoints from threats. Data Analytics: Utilize data analytics to interpret security data, identify trends, and create applicable insights. Provide comprehensive reporting to support informed decision-making. Collaboration and Innovation: Work closely with teams to ensure security is integrated into our operations. Continuous improvement: Stay ahead of emerging threats and technologies to enhance our security posture. Conduct regular vulnerability testing to identify security weaknesses. Develop and implement strategies to mitigate identified vulnerabilities. Monitor security incidents to identify trends and patterns. Collaborate with IT and development teams to ensure security best practices are integrated into system designs. Maintain and operate vulnerability management tools such as Defender VM, Qualys, Tenable, and Rapid7. Generate detailed reports on vulnerability findings and remediation efforts. Stay up to date with the latest security threats, vulnerabilities, and technology trends. Provide training and guidance to staff on vulnerability management and security best practices. Maintain documentation for vulnerability management processes. Utilize Tines for automation of security workflows. Leverage Power BI for data analytics and visualization to interpret vulnerability data and provide actionable insights. Technical Skills: Proficiency with vulnerability management tools (e.g., Defender VM, Qualys, Tenable, Rapid7). Experience with network protocols and architecture. Knowledge of security frameworks such as NIST, ISO 27001/27002, and HIPAA. Experience with scripting languages (e.g., Python, Perl) for automation. Familiarity with cloud security and application security principles. Experience with Tines for security automation and orchestration. Proficiency with Power BI for data analytics and visualization. Data Analytics Skills: Ability to analyze large datasets to identify trends and patterns in vulnerability data. Proficiency with data visualization tools (e.g., Power BI) to present findings. Experience with statistical analysis and data modeling techniques. Qualifications Qualifications Bachelor's degree in computer science, information security, or a related field. Relevant certifications such as CISSP, CEH, CISM, or similar. 5 years' experience in a related role. Additional Information Our uniqueness is that we celebrate yours. Experian's culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, collaboration, wellness, reward & recognition, volunteering... the list goes on. Experian's people first approach is award-winning; World's Best Workplaces™ 2024 (Fortune Global Top 25), Great Place To Work™ in 24 countries, and Glassdoor Best Places to Work 2024 to name a few. Check out Experian Life on social or our Careers Site and Glassdoor to understand why. Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is a critical part of Experian's DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, color, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity. Benefits Experian care for employee's work life balance, health, safety and wellbeing. To support this endeavor, we offer best-in-class family well-being benefits, enhanced medical benefits and paid time off. This is a hybrid remote/in-office role. Experian Careers - Creating a better tomorrow together Find out what its like to work for Experian by clicking here Show more Show less

Looking for a skilled & experienced freelance VA&PT Specialists to perform our VA&PT tasks. Candidate should have minimum 4 years of experience in VAPT roles and should capable to perform VA&PT Tasks independently, and can able to generate VAPT &, CAP reports. Independent VAPT consultants, or a small team of fascinating VAPT experts can apply as a single team. Key Responsibilities • Conduct Vulnerability Assessments using tools like Nessus, Qualys, OpenVAS • Perform Penetration Testing on web applications, networks, APIs, and mobile platforms • Simulate real-world attacks to uncover security gaps and provide actionable recommendations • Prepare detailed technical reports and executive summaries of findings • Collaborate with development, infrastructure, and security teams to address vulnerabilities • Stay updated on emerging threats, vulnerabilities, and attack techniques • Support compliance audits and security assessments (e.g., ISO 27001, PCI-DSS) Skill Set & Requirements • Minimum 4 years of hands-on experience in Red Teaming and VA&PT activities • Ability to independently handle on-call tasks, conduct VA&PT, and deliver comprehensive reports • Deep understanding of network protocols, web technologies, and operating systems • Proficient with tools like Burp Suite, Metasploit, Nmap, Wireshark, Nikto, etc. • Strong knowledge of OWASP Top 10, MITRE ATT&CK, and CVE databases How to Apply Send your CV to careers@isstechnologies.in with Job Code: CVPT4-0625 in the subject line. Show more Show less

Skills: Azure, GCP, IAM, Windows AD, Okta, Unix, vulnerability, Security Engineer (L1/L2) : System Compliance and Identity & Access Management Job Role Position: Security Engineer (L1/L2) : System Compliance and Identity & Access Management Work Location: Bhubaneshwar Educational Qualification: Bachelors degree in Engineering or equivalent Work Experience: 4 Years 8 Years Certification: Azure Security certification / GCP Security Certification / AWS Cloud Security Certification or similar certifications Flexible on working hours and ready for 24/7 support model. Knowledge & Skills Good knowledge in Security technologies of Azure or GCP or AWS or on-premises Identity and access management Working knowledge on IAM related protocols such as SAML, SPML, XACML, SCIM, OpenID and OAuth Working knowledge on Windows AD, Windows ADFS, Windows AD Sites and Trusts Working knowledge on various identity providers such as Windows AD, Okta, Oracle, PingID Working knowledge of multi-Factor authentication and Privileged Access Management Good understanding of Identity Protection, Identity & Access Solution Migration System Compliance Working knowledge of one of the technology administration & patching like Windows, Unix, DB, MW, Others Hands-on experience with one or more configuration management systems such as Ansible, Chef, or Puppet Knowledge of vulnerability scoring systems (CVSS/CMSS) Good understanding of Windows and Unix administration & patching Work experience with vulnerability assessment tools like Qualys, Foundstone, Rapid7, Nessus and similar Working experience in Public / Private / Hybrid Cloud solutions and their best practices Hands on experience using the various cloud administration portal Hands-on with PowerShell, Python, or other scripting languages Knowledge on Cloud (Azure, GCP, AWS) Security concepts and technologies Provides remediation guidance and prepares management reports to track remediation activities. Knowledge in information security management, compliance principles, practices, laws, rules and regulations Strong understanding on Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols Knowledge in cloud security standard frameworks, architecture, design, controls, technology solutions and service orchestration Show more Show less

Subject Matter Expert Location: Noida Position: 1 Experience: 2-4 years Act as a solution expert. Maintain Relationship with OEMs / distributors. Taking the valid lead from 20% to 60% (i.e., Deal Registration, Solutioning, PoC, BoM). Coordinating with the sales and technical teams to progress on opportunities created. Will carry bottom line targets. Post successful BoM finalization transfer the case to the respective sales team. Products : Veritas, Forescout, Forcepoint, Tenable, Ixia, Gemalto / Thales, etc..

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. We are seeking a skilled and detail-oriented Endpoint Patching Administrator to join our IT team. The successful candidate will be responsible for managing and maintaining the endpoint patching process using Tanium. This role is critical in ensuring that all endpoints within the organization are up-to-date with the latest security patches and software updates to protect against vulnerabilities. Primary Responsibilities Patching ManagementUtilize Tanium to deploy, manage, and monitor patches across all endpoints including desktops, laptops, servers, and other networked devices Assessment & ReportingRegularly assess the patch status of endpoints and generate detailed reports on patch compliance, vulnerabilities, and remediation progress Incident ResponseAct as a primary point of contact for patch-related incidents and vulnerabilities. Investigate issues arising from patch deployments and work towards their resolution promptly Configuration ManagementCreate, maintain, and update endpoint configuration baselines in line with organizational security policies Automation & ScriptingDevelop scripts to automate repetitive tasks related to patch management and endpoint maintenance CollaborationWork closely with IT security teams, system administrators, and other stakeholders to ensure coordinated efforts in maintaining secure systems DocumentationMaintain comprehensive documentation of all patching activities, configurations, procedures, and changes applied to endpoints ComplianceEnsure compliance with industry standards and regulatory requirements regarding system security updates Training & SupportProvide training sessions for team members on Tanium functionalities related to endpoint management. Offer support for troubleshooting issues related to endpoint patches Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so This role may require occasional after-hours work or on-call duties in response to critical vulnerabilities or emergencies. The position can be based either onsite or remote depending on company policies. Required Qualifications Undergraduate degree or equivalent experience 6+ years in Tanium and 2+ years in SCCM Experience with other endpoint management tools besides Tanium like SCCM or BigFix Knowledge of ITIL practices Solid understanding of operating systems (Windows/Linux/Mac) internals including system registry settings, file systems, processes/services management Familiarity with cybersecurity principles and practices including vulnerability management and threat mitigation strategies Proficiency in scripting languages such as PowerShell or Python for automation purposes Proven excellent problem-solving skills with the ability to troubleshoot complex technical issues effectively Proven solid communication skills both written and verbal; capable of explaining technical concepts clearly to non-technical stakeholders Preferred Qualification Experience working with Tanium for endpoint management

Shift: 24x7 rotational support for US and EMEA clients About ArmorCode ArmorCode is on a mission to supercharge security teams with a new independent governance approach to reduce risk and burn down critical security technical debt. With its AI-powered ASPM Platform, driven by over 15 billion findings from over 260 ecosystem integrations, ArmorCode delivers a single, unbiased view of your risk across applications, infrastructure, containers, and cloud. ArmorCode unifies and normalizes findings, correlates them with business context and threat intel through adaptive risk scoring, and orchestrates security workflows to empower users to easily remediate issues. ArmorCode delivers unified visibility, AI-enhanced prioritization, remediation and scalable automation for customers so they can realize a complete understanding of risk, respond at scale, and collaborate more effectively. Enterprises of all sizes, including dozens of Fortune 1000 companies, scale their security effectiveness by more than 10x and maximize their ROI on existing security investments with ArmorCode through managing Application Security Posture, Risk-Based Vulnerability Management, Software Supply Chain Security, DevSecOps, and Risk & Compliance.‍ ArmorCoders believe in 5 core values: Hungry. Humble. Hardworking. Honest. Human. Our organization is powered by exceptional professionals who bring fresh ideas and passion to their roles, believing that nothing is beyond reach when our "5H" principles are applied. In their work and professional relationships, ArmorCoders commit to excellence and experiences that leave an impression. Role Overview We’re seeking a Technical Support Engineer who thrives in a fast-paced environment and loves tackling complex problems. You’ll be the frontline hero, ensuring our customers receive world-class support while working closely with Engineering, Product, Quality, and Customer Success teams. This is a 24x7 rotational support role covering US and EMEA time zones. Key Responsibilities Serve as the primary technical point of contact for ArmorCode’s customers, ensuring high-quality support across Application Security Posture Management (ASPM), Risk-Based Vulnerability Management (RBVM), Software Supply Chain Security, DevSecOps, and Risk & Compliance solutions. Manage, prioritize, and resolve incoming support tickets through Zendesk and Jira, ensuring effective communication and SLA compliance. Troubleshoot issues related to integrations with 260+ ecosystem partners, including security scanners, CI/CD pipelines, cloud platforms, and developer tools. Diagnose and resolve technical problems in customer environments spanning applications, cloud infrastructure, containers, and APIs. Act as a subject matter expert (SME) on the ArmorCode platform’s key modules - assisting customers with configuration, deployment, integration, and optimization. Replicate customer issues in internal test environments, performing root cause analysis and driving towards permanent solutions. Provide expert guidance on usage of ArmorCode’s security capabilities, including Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), vulnerability management, and governance workflows. Analyze application and infrastructure logs to proactively identify issues and ensure optimal platform performance. Regularly contribute to and enhance the ArmorCode knowledge base with FAQs, troubleshooting articles, and technical how-to guides. Participate in regular triage calls with Engineering and Product teams, advocating for customer needs and ensuring swift resolution of product-related queries. Support customers in maximizing the value of ArmorCode’s AI-driven risk prioritization, correlation, and workflow orchestration features. Continuously stay updated on new ArmorCode features, security trends, integrations, and best practices through ongoing training and certifications. Drive continuous improvement in support processes by identifying areas for enhancement in ticket triaging, case resolution, and customer satisfaction. What You Bring 5–6 years of technical support experience, preferably supporting SaaS or cloud applications. Bachelor’s degree in Computer Science, Engineering, or a related field. Scripting language (e.g., Java, Python, Unix scripting). Solid understanding of REST APIs, web/cloud technologies, and security concepts. Experience with AppSec and infrastructure security tools such as SCA, SAST, DAST, Qualys, and Tenable. Exceptional troubleshooting, analytical, and problem-solving abilities. Excellent communication skills — both written and verbal. A customer-first attitude with a collaborative, detail-oriented, and organized approach. Ability to work in rotating shifts to provide 24x7 support for US and EMEA clients. Why You’ll Love Working Here Career Growth: Clear progression paths and opportunities to advance your career. Flexible Work: Remote work options and flexible hours to support work-life balance. Collaborative Culture: A team that values knowledge-sharing, learning, and innovation. Employee Recognition: Awards, spot bonuses, and acknowledgment programs. Competitive Compensation: Salary + performance bonuses. Comprehensive Benefits: Health insurance for you and your dependents, learning & development support. Diversity & Inclusion: A safe, respectful, and inclusive workplace for all. Equal Opportunity Employer ArmorCode is proud to be an Equal Opportunity Employer. We value diversity and are committed to creating an inclusive environment for all employees. Show more Show less

Equal Opportunity Employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets Job Description : Job Title: Analyst SOC About News Corp News Corp is a global diversified media and information services company focused on creating and distributing authoritative and engaging content to consumers and businesses throughout the world. The company comprises global businesses across a range of media, including news and information services, book publishing, digital real estate services, cable network programming in Australia, and pay-TV distribution in Australia. The Role : We are looking for SOC analysts who will be responsible for monitoring and working on active alerts on various security tools (SIEM/XSOAR). The individual in this role is expected to have meticulous attention to detail, outstanding problem-solving skills, work comfortably under pressure, and deliver on tight deadlines. This position demands someone willing to use a network of sensors, security tools, and monitoring equipment to proactively identify, evaluate, and remediate potential cybersecurity threats. Based on an understanding of “normal” network activity, SOC analysts use tools and processes to detect anomalous activity, providing 24/7/365 detection and response capabilities. The person can multitask, work independently, and work collaboratively with teams, some of which may be geographically distributed. Key Responsibilities Use SIEM technologies and other native tools to perform the monitoring of security events on a 24x5 basis. Monitor various infrastructure log sources and Escalate potential security incidents to client personnel. Notify the Client of the incident and required mitigation works. Track and update incidents and requests based on client’s updates and analysis results. Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security, etc. Must know about SIEM Solutions (Splunk (Preferred), Qradar, ArcSight) Good understanding of Phishing email analysis and its terminologies. Knowing EDR solutions (Preferred CrowdStrike). Ability to run and understand Sandbox Static Analysis. Proactively research and monitor security information to identify potential threats that may impact the organization. Provide 24x7 monitoring operations for security alerts Required Skills and Qualifications : Bachelors in Computer Science/IT/Electronics Engineering, M.C.A. or equivalent University degree. Minimum of 2-4 years of experience in the IT security industry, preferably working in a SOC/NOC environment. Certifications CCNA, CEH, Security+, CySA+ A degree in Computer Science, IT, Systems Engineering, or a related qualification 2-4 years of experience in Information Security. Cybersecurity best practices, techniques, and tools Understanding of tools like Crowdstrike, Qualys, Service Now, Splunk, and similar to these. Ability to work under pressure in a fast-paced environment Networking concepts, including TCP/IP, routing and switching Windows, Linux, and UNIX operating systems Communication skills, both verbal and written Location: Bangalore, IN Work Arrangement: Hybrid (3 days per week in office) Equal Opportunity Employer: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets This job is posted with NTS Technology Services Pvt. Ltd. Job Category: Show more Show less

Job Title: ServiceNow SecOps Engineer Experience: 3+ Years Employment Type: Full-Time Industry: IT Services & Consulting Functional Area: IT Security / Cybersecurity / ServiceNow Job Description: We are seeking a dynamic and experienced ServiceNow Security Operations (SecOps) Engineer with 3+ years of hands-on experience in implementing and supporting Security Incident Response, Vulnerability Response, and Threat Intelligence modules. The ideal candidate will have a strong background in cybersecurity workflows, integrations, and automation within the ServiceNow platform. Key Responsibilities: Implement, configure, and support ServiceNow SecOps modules : Security Incident Response (SIR) Vulnerability Response (VR) Threat Intelligence (TI) Configuration Compliance (optional) Integrate ServiceNow SecOps with security tools such as Tenable, Qualys, Splunk, QRadar, MISP , and Threat Intel feeds using REST APIs or IntegrationHub. Build and customize playbooks, workflows, and automation using Flow Designer or Workflow Editor. Maintain integration between CMDB and SecOps , ensuring asset-vulnerability mapping and incident correlation. Customize vulnerability scoring algorithms and support remediation planning with stakeholders. Develop and maintain dashboards, reports, and KPIs for security operations. Collaborate with SOC teams, IT teams, and developers to streamline threat and vulnerability management processes. Perform routine upgrades, patching, and configuration audits for the SecOps suite. Participate in incident triage and threat hunting activities as required. Required Skills: 3+ years of hands-on experience with ServiceNow SecOps modules . Strong knowledge of cybersecurity concepts , frameworks (NIST, MITRE), and response workflows. Experience in ServiceNow scripting (Business Rules, Script Includes, Glide APIs). Working knowledge of REST API integrations , JSON parsing, and MID Server configurations. Familiarity with SIEM and vulnerability scanners (e.g., Splunk, Tenable, Qualys). Good understanding of CMDB , CI relationships, and data quality practices. Strong communication and problem-solving skills. ITIL v4 and/or ServiceNow Certified Implementation Specialist SecOps (preferred). Education: Bachelors degree in Computer Science, Information Security, or related field. Relevant certifications are a plus: ServiceNow Certified Implementation Specialist SecOps CEH, Security+, or equivalent

Hi All, We are hiring for Product Security Engineer Greetings from Shivsys Softwares Pvt Ltd Role: Product Security Engineer Experience: 3+ Years Location: Noida Job Description: Security Specialist in areas of Security Vulnerability Assessment & Penetration Testing. Responsible for periodic assessment and implementation of remediation with the help of node owners. Job Key Tasks & Responsibilities: · Experience in developing tailored Vulnerability Assessment Profiles in collaboration with clients, outlining assessment scope, methodologies, risk assessment criteria, and reporting structures. · Have created and configured custom scan policies for vulnerability scanners, ensuring accurate, tailored scans to meet organizational needs and risk tolerance. · Configure scan policies for full network scans, application scans, compliance checks, and sensitive data exposure detection. · Performed both authenticated and unauthenticated scans across telecom networks and cloud environments (VNF, CNF). Troubleshooting and debugging scans. · Performed automated and manual scans against the CIS Benchmarks (e.g., CIS AWS Foundations, CIS Linux, CIS Windows) to ensure compliance with industry best practices. · Performed comprehensive risk triage by analyzing vulnerability reports, verifying false positives, and assigning accurate severity levels to vulnerabilities based on CVSS matrix. · Evaluate the impact of vulnerabilities and prioritize vulnerabilities based on CVSS scoring and considering exploitability in telecom environments (e.g., SS7, Diameter, GTP, VoIP, IoT, 5G). · Perform cloud-specific vulnerability assessments for containers and orchestration platforms (Docker, Kubernetes). · Provide remediation recommendations based on scan findings, including patching, workarounds, configuration hardening, and compensating controls. · Worked on remediation of non-compliant configurations and security issues based on CIS recommendations. · Experience in threat intelligence gathering to identify known exploits and determine the current exploitation risk of vulnerabilities (e.g., availability of exploit POC, exploit in wild). · Experience of working in ticketing tools i.e. ServiceNow, Jira. · Proficiency in Linux, Windows, and cloud security hardening. · Knowledge security frameworks and standards (e.g., NIST, ISO 27001, CIS) Experience & Certification: · Minimum 3+ years of relevant experience in a combination of security and operations technology jobs · Vulnerability Scanning tools: Nessus, Qualys, OpenVAS · Cloud Scanning Tools: Redhat ACS, Anchor, Trivy · Ticketing Systems: Jira, ServiceNow, Remedy Telecom Expertise: Telecom architecture(2G,3G,4G,5G), Nokia Nodes and functionalities You can also share your CV at karan.prajapati@shivsys.com Show more Show less

Company Description BETSOL is a cloud-first digital transformation and data management company offering products and IT services to enterprises in over 40 countries. BETSOL team holds several engineering patents, is recognized with industry awards, and BETSOL maintains a net promoter score that is 2x the industry average. BETSOL’s open source backup and recovery product line, Zmanda (Zmanda.com), delivers up to 50% savings in total cost of ownership (TCO) and best-in-class performance. BETSOL Global IT Services (BETSOL.com) builds and supports end-to-end enterprise solutions, reducing time-to-market for its customers. BETSOL offices are set against the vibrant backdrops of Broomfield, Colorado and Bangalore, India. We take pride in being an employee-centric organization, offering comprehensive health insurance, competitive salaries, 401K, volunteer programs, and scholarship opportunities. Office amenities include a fitness center, cafe, and recreational facilities. Learn more at betsol.com Job Description Roles & Responsibilities: Triage alerts and analyze security events/logs for threats such as computer viruses, exploits, and malicious attacks. Use critical thinking to bring together information from multiple sources to determine if a threat is present. Conduct security incident response and investigation. Conduct comprehensive security assessments and risk analysis on existing systems and applications. Analyze web traffic for suspicious patterns and potential security breaches. Perform vulnerability assessments and penetration testing. Prepare and provide security documentation and evidence for internal and external audits, ensuring compliance with regulatory requirements and security standards. Stay abreast of the latest cybersecurity trends, threats, and technologies to proactively address emerging risks. Qualifications Bachelor’s degree in computer science, Information Technology, cybersecurity, or a related field. 3+ years of relevant experience. Proficiency in conducting risk assessments, vulnerability assessments, and penetration testing. Experience deploying and maintaining email security systems including anti-phishing, DLP, and encryption technologies to safeguard sensitive data and mitigate threats. Hands-on experience with security tools and technologies such as IDS/IPS, SIEM, and Penetration testing tools like Qualys/Tenable. Hands-on troubleshooting skills for security alerts related to Firewall (SonicWall & FortiGate), Microsoft Entra ID/O365, Windows and Linux Servers. Strong knowledge of GRC frameworks such as PCI-DSS ISO 27001:2022 & 9001:2015, SOC2 Type II CEH (Certified Ethical Hacker) AZ-500 Microsoft Azure Security Technoligies/Cloud Security Certifications with hands on experience Experience with evidence gathering for any of the compliances like PCI DSS, SOC2, HIPPA and ISO. Good understanding of the IT infrastructure architecture both on-prem and AWS and Azure clouds. Tools: Vulnerability management: Tenable, QualysGuard, Nessus Endpoint protection: Sophos, Bitdefender, Trend Micro, Windows Defender SIEM: Wazuh, DataDog, Splunk, Microsoft Sentinel, Sumo Logic Email Security: Zix email security, Exchange Online Protection, Defender for Office 365 Compliance standards: ISO ISMS, SOC2, PCI DSS, HIPAA Preferred: Any of the Certifications like - AWS Certified Security - Specialty, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), GIAC Certifications, or NIST Cybersecurity Framework (CSF) Additional Information NA Show more Show less

The Opportunity "This is an opportunity to define, build, and shape the future of FICO’s Cybersecurity and Risk Posture. As part of the Threat & Vulnerability Management team, you will collaborate across the business, IT, and client environments to secure our cloud and data center infrastructure. Your contributions will be key to strengthening FICO's defense mechanisms and enhancing our compliance posture. We're looking for a cybersecurity expert passionate about continuous improvement, cloud security, and vulnerability risk reduction. If you're someone who thrives in a fast-paced environment and wants to work on high-impact global security initiatives, this role is for you" - VP, Software Engineering. What You’ll Contribute Detect, identify, and analyze vulnerabilities across FICO environment. 3.6 + years of overall experience. Assess the risk of vulnerabilities detected to determine true impact. Support stakeholders as a SME to understand technical details of vulnerabilities and steps to carry out remediation. Coordinate with stakeholders to track issues remediation until closure. Act as a SME for new projects in terms of vulnerability management lifecycle. Manage, maintain, and tune tools used to support the VM process. Update yourself with the latest security and technology developments. What We’re Seeking Experience in a similar role such as vulnerability management specialist. Experience with Qualys or other security vulnerability detection technology required. Demonstrates subject-matter expert level understanding in multiple IT, Security and Software disciplines. Ability to understand the cause and effect of application vulnerabilities with Operating System Vulnerabilities. Must be able to multi-task and keep track of large amounts of information across disparate systems. Ability to keep making progress and define future strategy/policy with regards to Enterprise. Adherent to ‘continuous monitoring’ and ‘continuous improvement’ thought process. Demonstrated technical IT skills, ability to understand and manage different OS flavors, network technologies and topologies. Demonstrated technical security expertise in a variety of cloud platforms (AWS is preferred). Comfortable interfacing with other internal or external organizations regarding problems that must be addressed to enhance security posture. Ability to effectively translate and present solutions in business or management terms. Ability to work effectively in a team environment. Knowledge of Python scripting or other languages is nice to have. Moderate documentation and analytical skills; documenting processes, policies, and standards. Moderate ability to provide end-to-end support to enterprise counterparts, identifying root- cause of complex enterprise initiatives. Moderate trouble shooting skills across complex enterprise applications, server, and endpoint environments. Moderate ability to learn onboard and adapt to new technologies. Basic privileged access management/right management experience, designing solutions based on least privilege. Basic knowledge of malware operation, indicators or threat. Moderate knowledge of current threat landscape Entry Cybersecurity certifications, such as CompTIA Security +, GIAC Security Fundamentals, GIAC Security Essentials, ISC2 Associate, ISACA Cybersecurity Fundamentals are nice to have. Our Offer to You An inclusive culture strongly reflecting our core values: Act Like an Owner, Delight Our Customers and Earn the Respect of Others. The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so. An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie. Show more Show less

Roles & Responsibilities: We are seeking an experienced Vulnerability Management Engineer to join our Security Operations team. The ideal candidate will be responsible for identifying, tracking, and remediating vulnerabilities across cloud and on-premises environments, while also supporting broader security operations initiatives. Vulnerability Remediation & Patch Management: Work with InfoSec and IT teams to coordinate and track the remediation of vulnerabilities across the organization. Provide hands-on support in implementing and verifying patches for critical vulnerabilities on Windows, Linux, and cloud systems. Coordinate with infrastructure and application teams to validate patch readiness, test deployments, and confirm successful remediation. Ensure timely resolution of high and critical vulnerabilities in line with internal SLAs. Reporting & Compliance: Create and maintain weekly remediation reports outlining prioritization, risk classification, remediation status, and compliance metrics. Develop dashboards, trackers, and compliance summaries using internal tools (e.g., Excel, Power BI, or ServiceNow). Track patch management lifecycle from detection to closure with detailed documentation and metrics. Security Operations Support: Continuously monitor security alerts and events via tools like QRadar SIEM, Palo Alto Cortex XDR, and others to identify indicators of compromise. Investigate and respond to security incidents, including endpoint and email threats, escalating as needed. Tune SIEM rules and threat detection logic to reduce false positives and improve response efficiency. Stay updated on emerging threats, vulnerability disclosures, and zero-day advisories to support proactive mitigation. Policy & Documentation: Maintain detailed documentation of vulnerability management procedures, remediation efforts, patch testing results, and lessons learned. Support compliance initiatives (e.g., ISO 27001, HIPAA, GDPR) by ensuring vulnerability data and remediation timelines meet audit requirements. Qualifications: Experience : 6+ years in a Security Operations or Vulnerability Management role. Education : Bachelor's degree in Computer Science, Information Security, or a related field. Certifications (preferred): CISSP, CEH, CISM, CompTIA Security+, or equivalent. Technical Skills : Experience with tools like IBM QRadar, Palo Alto Cortex XDR, Qualys/Tenable/Nessus. Familiarity with cloud security in Azure and Microsoft 365. Strong understanding of patch management, CVSS scoring, and vulnerability lifecycle. Soft Skills : Strong analytical and communication skills. Ability to work cross-functionally with IT and infrastructure teams. Adaptability to changing threat environments and security priorities. Nice to Have: Experience building Power BI dashboards or using reporting tools to visualize patch status. Familiarity with ServiceNow or other ITSM platforms for tracking remediation tasks.

Role Description Job Title: Site Reliability Engineer Experience Range: 5-10 years Hiring Location: Mumbai, Chennai, Gurugram Must-Have Skills Professional experience working with public cloud platforms (AWS) Expertise in Infrastructure as Code (IaC) tools such as Terraform Hands-on experience with CI/CD tools like GitLab CI/CD, GitHub Actions, or Jenkins Strong coding and scripting skills (PowerShell, Bash, Python, or equivalent) Proficiency in Configuration Management tools like Ansible, Puppet, or Chef Experience managing and troubleshooting Linux servers Strong analytical and troubleshooting skills Exposure to security best practices and remediation Familiarity with security-related tools such as Wiz and Qualys Hands-on experience in Static/Dynamic Security Testing & Penetration Testing using tools like SonarQube, CheckMarx, AppScan, BurpSuite, OWASP ZAP Proxy, WebInspect, Fortify, Veracode, Nessus, etc. Good-to-Have Skills Knowledge of System and Application Monitoring tools (Prometheus, Grafana, CloudWatch) Experience with Log Management tools (Elastic Stack, Graylog, Splunk) Working experience with relational databases (MySQL, MS SQL Server, or similar) Use of Secret Management services like HashiCorp Vault Understanding of Change Control procedures Main Responsibilities Deliver resilient application stacks via Infrastructure as Code and DevOps practices Monitor and support critical, high-revenue business applications Diagnose and resolve complex system and application issues Implement and maintain security best practices and remediation strategies Work with cross-functional teams including Development, QA, IT Operations, and Project Management Write and maintain technical and non-technical documentation Skills Aws Cloud,Terraform,Powershell,Github Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Qualys is looking for threat researchers who can leverage their experience and expertise to identify and analyze threats, produce original research publications, and work with engineering teams to provide a feedback and related insights into a multitude of Qualys products. You will be a member of the Qualys Threat Research Team, a team of security researchers working together to solve security challenges in new and innovative methods. The team is responsible for leading and conducting research related to adversary attack tactics and techniques, threat actor groups and campaign activity. The primary output of the Threat Research Team is security content for Qualys products, blog posts, and conference presentations via researching the latest tactics, techniques, and procedures leveraged by adversaries. The Threat Research Team also works closely with the security, malware research, product, and engineering teams to develop novel protection strategies against emerging cybersecurity threats. Responsibilities: Monitor, analyze and research emerging cyber threats, vulnerabilities, and exploits to identify novel TTPs and their related mitigations. Produce and test rules for hunting and enrichment (Yara, etc.) Analyze threat attack life-cycle including its behavior, modus operandi and objectives. Follow an exhaustive approach involving intelligence collection, signature creation, and initial malware analysis. Research new methods and technologies to detect cyber threats, identify signals, and design approaches to use these signals to identify security threats and security breaches. Develop tools to automate and scale detection and response activities Writing detailed technical blog posts about the threats and TTPs discovered. Collaborate with other teams in developing and adding cross-product intelligence. Educational Qualifications: E./B.Tech/M.Tech Computer Science/MCA/MCS from a reputed institution. Certifications in Computer Security domains are desired.Experience: 3 years of relevant technical experience Technical Qualifications: Expertise in MITRE ATT&CK and EDR/XDR technologies. Experience with threat hunting, incident response, or security operations Experience with common threat intelligence tools, such as VirusTotal, Shodan, etc. Understanding of security controls, forensics, kill chain analysis, risk assessment and security metrics. Ability to perform initial static and dynamic malware analysis. Understanding of reverse engineering techniques. Knowledge of networking and the TCP/IP stack. Knowledge of programming or scripting languages. Knowledge of networking protocols and application file formats like PDF, Office files, and operating system internals.Soft Skills: Excellent written and verbal communication. 'Can-do' attitude and great problem-solving skills. Adapt to changing priorities and quickly come up with innovative solutions. Take initiatives and work with minimal supervision. Act as a go-to person for your area of expertise. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Description About Us: Qualys is the leading provider of information security and compliance cloud solutions. We are currently seeking a highly skilled Principal QA Engineer to join our team to lead and deliver roadmap features of backend systems. Job Summary: As a Principal QA Engineer, you will play a critical role in ensuring the highest quality standards for our products. You will lead quality assurance efforts, mentor QA team members, and collaborate with cross-functional teams to drive quality initiatives. Your deep expertise in QA methodologies, automation, and leadership will be instrumental in shaping our quality strategies and ensuring the delivery of high-quality software. Key Responsibilities: Lead QA Strategy : Define and implement the QA strategy, ensuring alignment with overall product goals. Establish and maintain best practices for testing, automation, and quality control. Test Planning and Execution: Develop, execute, and maintain comprehensive test plans, test cases, and test scripts. Ensure thorough testing of software products across multiple platforms. Automation Leadership: Lead the design and development of automated test frameworks and scripts. Drive the adoption of automation across the QA team to improve efficiency and effectiveness. Mentorship and Leadership: Mentor and guide QA engineers, fostering a culture of continuous improvement. Provide technical leadership and support to the QA team, ensuring high standards of quality and performance. Collaboration: Work closely with development, product management, and operations teams to understand product requirements and ensure quality at all stages of the development lifecycle. Defect Management: Oversee the defect management process, ensuring timely identification, tracking, and resolution of defects. Analyze defect trends and implement corrective actions to prevent recurrence. Continuous Improvement: Identify areas for process improvement within the QA team and across the organization. Implement changes to enhance productivity, quality, and customer satisfaction. Compliance and Standards: Ensure that all QA activities comply with industry standards, company policies, and regulatory requirements. Maintain up-to-date knowledge of industry trends and best practices. Reporting and Documentation: Provide regular reports on QA metrics, test coverage, and product quality. Ensure thorough documentation of QA processes, test cases, and results. Risk Management: Identify potential risks in the product development process and work proactively to mitigate them. Ensure that all risks are thoroughly documented and communicated to relevant stakeholders. Qualifications: Education: Bachelor’s or Master’s degree in Computer Science, Engineering, or a related field. Experience: 10+ years of experience in software quality assurance, with at least 3 years in a leadership or principal-level role. Extensive experience with test automation tools and frameworks (e.g.Java,Python, Selenium, restAssured, JUnit, TestNG). Strong knowledge of QA methodologies, tools, and processes. Skills: Proficient in programming languages such as Java, Python, or C#. Hands on experience with RESTful API, API Integration Testing automation, Jenkins, CI/CD pipelines Strong knowledge of Linux/UNIX and Database concepts. Good understanding of Docker, Kubernetes, Kafka, Kibana. Strong problem-solving skills and attention to details. Excellent communication and leadership skills. Ability to work in a fast-paced, agile environment. Preferred: Experience in performance testing and security testing. Familiarity with CI/CD pipelines and DevOps practices. Why Join Us: Innovative Environment: Work with cutting-edge technology and be part of a team that values innovation. Growth Opportunities: We offer continuous learning and development opportunities to help you grow in your career. Impactful Work: Play a key role in delivering high-quality products that has wide impact. Collaborative Culture: Join a supportive and collaborative team that values diverse perspectives. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Responsibilities: Provide product and technical support for assigned accounts. Support, manage and sell to SMB Customers with defined geographic territory. Drive a culture of success through product expertise and positive account management. Provide accurate forecasting on Sales pipeline. Carefully monitor the quality of all services Qualys delivers to the customer by conducting QBRs (Quarterly Business Reviews) and ensuring adoption of technology and discovering upsell opportunity. Engage with channel partners and provide accurate renewal quotes. Raise any necessary alert for the customer’s business or technical situation in a timely manner. Work closely with customers to grow and expand the implementation/integration of Qualys products and services. Act as customer advocate with focus on improving customer contentment. Qualification: The ideal candidate will come from a security and/or networking background while performing an engineering, administration, or support role with 3-6 years of experience. General knowledge of current IT security fields including Firewall, Intrusion Detection Systems IDS, Intrusion Prevention Systems IPS, Vulnerability Management, Network Scanners (Nessus, nmap, Scan alert, ISS Internet Scanner), PCI, Policy Compliance/GRC-IT and Audit Tools is a plus. General knowledge of Desktop and Server operating system configuration, TCP/IP networking hardware, protocols, and LAN configuration, knowledge of LAN and WAN technologies, network design, and web security architectures is a plus. Ability to understand network and security infrastructure elements on advising how best to use Qualys products on cloud platforms. Must have a strong technical background and possess an excellent work ethic with a “make it happen” attitude. Excellent written and verbal communication skills. Works well in small group settings. A strong desire to be a customer-facing, technical solution expert. Extensive use of CRM (preferably salesforce.com) to maintain accurate activity, contact and account information of all customers. Ability to work rotational hours supporting global customers. Preferred Qualification: 3 - 6 years of equivalent experience in consulting or account management. Preferred pre-sales experience in computer networking or information security or public clouds. Candidates from STEM preferred. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Qualys is looking for a Senior Financial Analyst with strong financial modeling and MS Excel skills to manage the general and administrative unit/s, including the annual budget plan, long term plan, regular forecast process, and for providing analytical support to management. He/she will also assist in building and maintaining analytics tools to provide actionable insights to business ongoing basis. Key responsibilities/work area: Coordinate across both business and FP&A teams to support reporting requirements and drive cross functional alignment Prepare monthly and quarterly results, comparing actuals to budget / forecast and any other variance analysis as needed Responsible for maintaining headcount related updates/activities related to forecasting/planning including reports on an ongoing basis Responsible for maintaining vendor schedule related to forecasting/planning including reports on an ongoing basis Support the team with month end activities – Accrual review, reclass review, HC allocation and attributes, and activities leading to impact to forecast Assist with preparation for earnings calls and board material preparation as per requirement Assist building review packages, forecast models, and handle day-to-day activities related to forecasting/planning Responsible for short term and long-term projects related to data packages, forecast models, and related data which will help aid forecasting/planning Perform ad hoc modeling and analysis as per requirement Qualifications: Bachelor's/Master’s degree in accounting/finance or related field 5+ years of relevant experience, such as in FP&A, accounting, or other analytical role requiring strong modeling skills and ability to handle complex data Strong understanding of financial statements, ability to analyze financial impacts, results, and good understanding of corporate finance concepts Ability to assist in the development and updates of complex financial models Strong business and analytical skills; ability to multi-task, stay organized and prioritize deadlines in a continually evolving environment Strong Excel experience (Pivots, look-ups, logic functions, etc.). Macros and other advanced Excel skills (e.g. modern array formulas), and other tools such as Power Query and Power BI, will be an added advantage. Knowledge of systems Netsuite, Coupa, and Anaplan preferred Data organization and management skills. Technical expertise with data models, data import methodologies, database design development, and data mining; preferred experience with a BI tool and ERP systems. You are/have skills and traits: A strong team player with a positive, service-oriented attitude who drives process improvements to increase effectiveness of the team and minimize room for errors Highest level of integrity and good judgment with the ability to effectively deal with highly sensitive, confidential information Self-starter with a great work ethic and an analytical thinker with superior problem solving and decision making skills, possessing the initiative to provide analysis from scratch to answer questions posed and look into the details and interpret the impact of key business drivers Extremely detail-oriented and organized with prior experience having gathered, structured, monitored, and validated data to ensure data integrity and detailed documentation Excellent multi-tasker who is always “on it” with stellar time and project management skills; understands the importance of planning in advance to meet deadlines that include multiple review points and iterations Strong relationship building and communication skills, both written and verbal; reliable and responsive to email, teams and phone communications A team player open to work flextime and in sync with PST as few of our stakeholders are based out of US and you will be interacting with them directly. We at Qualys follow a hybrid model (3 days work from office and 2 days work from home) Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Role Summary: As Senior Video Producer, you will lead the video production process with a strong focus on post-production. While filming comprises a portion of the role and we do expect you to be able to light/film/run audio for any needed productions, the majority of your time will involve editing, creating motion graphics, and crafting compelling narratives through stock footage, animations, and original content. A critical aspect of the position involves transforming complex software functionalities into engaging, simple visual metaphors that resonate with diverse audiences. You will work closely with internal stakeholders, the Senior Motion Animator, and the U.S.-based Video Production Lead to develop scripts, storyboards, and polished deliverables for both live events and digital platforms. Key Responsibilities: Own the entire video production lifecycle, with a primary focus on post-production, ensuring timely, high-quality delivery. Edit and enhance video content using Adobe Premiere Pro and After Effects, integrating motion graphics, titling, and stock assets to craft compelling visual narratives. Manipulate stock footage and animations to tell cohesive and impactful stories. Develop creative scripts, storyboards, and visual metaphors that simplify and communicate complex software concepts. Collaborate with internal stakeholders to create videos aligned with brand messaging and project objectives. Handle multiple concurrent projects with tight deadlines, maintaining high-quality production standards and excellent organizational skills. Take charge of live event coverage, including capturing large scale customer focused events and our events in the Pune office. Manage any external vendors, such as photographers or videographers, for larger shoots, ensuring seamless execution and collaboration. Conduct live streaming, live switching, and live editing for webinars, events, and internal communications. Stay up-to-date with the latest AI technologies and tools to enhance video production efficiency and creativity. Utilize photography skills as needed for smaller projects, ensuring cohesive visual standards across media. Set up and operate studio lighting, cameras, and audio equipment for both in-studio and on-location shoots. Qualifications: Bachelor’s degree in Video Production, Film, or a related field. 5+ years of professional experience in video production, with a strong focus on post-production and storytelling. Expertise in Adobe Premiere Pro and After Effects, with demonstrated skills in motion graphics, titling, and stock asset manipulation. Proficiency in supplementary tools such as Figma, Illustrator, Photoshop, Canva, and other creative software. Proven ability to script, storyboard, and create visually engaging narratives that distill complex ideas into simple concepts. Strong understanding of live event coverage, including setup, filming, and streaming. Robust portfolio showcasing video production, motion graphics, and storytelling expertise. Knowledge of and ability to integrate the latest AI technologies into workflows. Exceptional organizational skills, with the ability to manage multiple projects and meet tight deadlines with ease. Excellent communication and collaboration skills, with experience in cross-functional team environments. Why Qualys? Join Qualys and bring your expertise to a collaborative, innovative team dedicated to pushing the boundaries of creative storytelling in the tech industry. As part of our growing company, you’ll play a pivotal role in crafting impactful video content for a global audience. If you’re ready to combine technical skill, creativity, and innovation to elevate our brand, we invite you to apply! Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Qualys is seeking a Principle Visual Designer to join our team. As a Principle Visual Designer, you'll be tasked with creating modern, intuitive, effective, progressive visual solutions for our progressive webapps and mobile apps. We’re looking for someone who is passionate about this role and who enjoys the unique responsibility of helping to define the customer experience. You'll work closely with cross-functional teams, including product managers, UX designers, and engineers, to ensure that our products not only look great but also provide a seamless user experience for data-driven professionals and organizations. Responsibilities : Create visually engaging design elements and assets for web, mobile. Focus on enhancing the user experience with design systems, icons, typography, and data visualizations. Design compelling data visualizations that simplify complex data for users, ensuring clarity, accuracy, and intuitive usability. Work with data scientists and product teams to translate complex datasets into visual representations that help users make informed decisions. Participate in design and product review sessions to provide visual insight Develop and maintain a visual design system that ensures consistency across the product suite, adhering to branding guidelines and style guides while incorporating feedback from various teams. Create high-fidelity mock-ups, prototypes, and design presentations that communicate design concepts effectively. Ensure that designs are aligned with user needs, business goals, and technical constraints. Balance the need for visually attractive design with the requirement for clear, effective communication, especially when dealing with complex datasets and user tasks. Create visuals that enhance usability and user engagement. Ensure that all visual designs reflect the company’s brand identity and values. Work with developers and QA teams to ensure design integrity and pixel-perfect implementation across different devices, platforms, and browsers. Qualifications 12+ years of experience as a Visual Designer, preferably in web design/ product design Bachelor’s degree in Graphic Design, Visual Design, Interaction Design, or a related field (or equivalent practical experience). Proficiency in visual design tools such as Figma Strong understanding of typography, color theory, layout, and visual hierarchy. Experience with designing data visualizations (charts, graphs, dashboards) that represent complex information in an easy-to-understand manner. Familiarity with design systems and responsive design principles. Knowledge of HTML, CSS, and an understanding of how designs translate to front-end code is a plus. A strong portfolio showcasing previous visual design work, with examples of data visualizations, design systems, and enterprise applications. Strong communication skills with the ability to explain design decisions clearly. Detail-oriented with a focus on creating pixel-perfect, high-quality designs. Strong problem-solving skills and a creative approach to solving design challenges. Ability to adapt to a fast-paced work environment and manage multiple projects at once. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Qualys is seeking a website developer to join our team. As a website developer, you'll be tasked with creating modern, intuitive, data-driven, progressive website. We’re looking for someone who is passionate about front-end technologies and who enjoys the unique responsibility of delivering the customer experience. Responsibilities You will collaborate with a UX/UI designer and other website engineers to Design and Build Qualys website. Hands-on development of proof of concepts and evaluation of new technologies Customer delight! Yes, you will be in charge of ensuring that the customer's experience is seamless. To understand the new requirements, and workflows, you must collaborate closely with our Marketing and Product teams. Qualifications 3+ years front-end development experience. The fundamentals: HTML, CSS, Tailwind CSS, and JavaScript. Must have an excellent understanding of the browser DOM. Proven experience in designing, building, improving, and operating high-performance websites Hands on experience of ReactJS/ NextJs framework Knowledge of Builder.Io/contentful Prior experience of WordPress development Proficient with debugging and testing tools to troubleshoot and optimize the UI. Understanding of accessibility, 508 compliance. Experienced in building Responsive UI with Understanding of front-end security best practices and XSS, CSRF, etc. Experienced in building Progressive Web Apps Knowledge of back-end technologies like nodejs, php and how they integrate with front-end systems Show more Show less

Job Description Experience : 5 to 8 Years We are looking for a second-line support person who can assist the squad in their daily activities, in scripting and in delivering documents using your technical writing skills such as but not limited to secure standard documents, evidencing documents for audits & controls, standard operating procedures, end-user documentation and helpdesk documentation. Some of the main activities in the squad are: Managing the lifecycle management of the squad’s security assets Specifically: · Expert knowledge of Red Hat Idm (Directory Server) OpenLDAP and Kerberos MIT Active Directory Linux security (OS) Windows Integrated Security · Solid knowledge of Authentication and authorization IAM-solutions Scripting (bash, PowerShell, …) the main IT-security principles and best practices Basic Networking knowledgeTrellix maintenance and support Configuration of the security monitoring tools Security monitoring and analysis of events Contribute to the migration of BNPPF assets to the group’s cloud infra: Windows security components Windows / Linux applications Third line security support and incident response, related to authentication, authorisation or vulnerability issues. Contribution to the Critical Asset Recovery, DORA, ... Risk and vulnerability management Take necessary actions to close risks and vulnerabilities Contribution to audit campaigns and control plans Reporting to management and other stakeholders Good To Have · Knowledge of monitoring tools (SCOM, Dynatrace, Elasticsearch, Splunk, …) · Knowledge of anti-malware and EDR solutions (Trellix, Tanium, Qualys, …) About BNP Paribas India Solutions : Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions. About BNP Paribas Group : BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Show more Show less

Job Description Oracle Key Vault team is a diverse group of highly talented people who are passionate about improving data security in general and securing key & secrets in particular. The proliferation of key & secrets in corporate IT and Cloud is making key & secrets management an arduous task for enterprises. Oracle Key Vault simplifies this task while ensuring security of keys and secrets. Oracle Key Vault (OKV) provides continuously available, fault-tolerant, and highly scalable centralized key and secrets management for Oracle Database, MySQL, GoldenGate, ZFS storage appliance and engineered systems like Exadata, ZDLRA, etc. OKV is the preferred key management solution for Cloud databases like Exadata Cloud@Customer and Autonomous Database on Exadata Cloud@Customer. Customers can deploy Key Vault in Oracle Cloud Infrastructure (OCI), Microsoft Azure, Amazon AWS, and on-premises on dedicated hardware or virtual machines. Oracle Key Vault (OKV) is a full-stack, security hardened software appliance that manages TDE Master Keys, secrets like database passwords, certificates, public and private keys, Oracle wallets, Java keystores and credential files. An understanding of basic security principles of data encryption, network encryption, access control, etc. is necessary to secure the appliance. OKV developers design, build, maintain and extend a secure, scalable, distributed and continuously available appliance. Requirements include, Understanding of enterprise software development and full stack appliance Proficiency in C and one or more of the following: C/C++Java, Python, javascript, shell scripting Understanding of software concepts for scalability and availability, distributed computing, memory management, multiprocessing, and multi-threading Understanding of security concepts including cryptography, key management, authentication, and authorization and protocols like PKCS#11, KMIP, TLS Understanding of the security vulnerabilities and familiarity with static analysis tools like Qualys and Fortify Good understanding of the database, networking and OS concepts Understanding of system software like openssl, ssh, Apache, Tomcat, Linux, Oracle Database Good working knowledge of debugging and profiling tools like gdb, valgrind General interest in security Good communicator, approachable and a team player Career Level - IC4 Responsibilities Oracle Key Vault (OKV) appliance bundles Oracle Linux, Oracle Database, and the Key Vault application with an APEX driven web console. OKV clients interface with the Key Vault server using a PKCS#11 libraries, SDKs or the REST based utility As a principle database engineer you will design, build, maintain and extend a secure, scalable, distributed and continuously available Key Vault In this role, you will play the crucial role of building Key Vault to manage and secure the keys and secrets for mission critical Oracle Databases deployed in Oracle Cloud Infrastructure (OCI), Azure, AWS, GCP and on-premises on dedicated hardware or virtual machines You must understand the end-to-end design, configuration, technical dependencies, and deployment environments of Key Vault You will collaborate with other cross-functional teams to document features and ensure quality, availability and scalability of Key Vault You will provide technical guidance and support to engineering teams integrating with Key Vault You will be responsible for reviewing customer requests and requirements You should be able to effectively communicate technical ideas in design specifications and verbally You should be familiar with basic software development About Us As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s challenges. We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity. We know that true innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing an inclusive workforce that promotes opportunities for all. Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs. We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling +1 888 404 2494 in the United States. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law. Show more Show less

Description Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Requirements Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Job responsibilities Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. What we offer Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally. Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today. Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way! High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do. About GlobalLogic GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services. Show more Show less

Description Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Requirements Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Job responsibilities Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. What we offer Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally. Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today. Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way! High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do. About GlobalLogic GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services. Show more Show less

Description Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Requirements Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Job responsibilities Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. What we offer Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally. Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today. Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way! High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do. About GlobalLogic GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services. Show more Show less