682 Qualys Jobs - Page 27

Role: Product Security Engineer Experience: 3+ Years Location: Noida Job Description: Security Specialist in areas of Security Vulnerability Assessment & Penetration Testing. Responsible for periodic assessment and implementation of remediation with the help of node owners. Job Key Tasks & Responsibilities: · Experience in developing trailored Vulnerability Assessment Profiles in collaboration with clients, outlining assessment scope, methodologies, risk assessment criteria, and reporting structures. · Have created and configured custom scan policies for vulnerability scanners, ensuring accurate, tailored scans to meet organizational needs and risk tolerance. · Configure scan policies for full network scans, application scans, compliance checks, and sensitive data exposure detection. · Performed both authenticated and unauthenticated scans across telecom networks and cloud environments (VNF, CNF). Troubleshooting and debugging scans. · Performed automated and manual scans against the CIS Benchmarks (e.g., CIS AWS Foundations, CIS Linux, CIS Windows) to ensure compliance with industry best practices. · Performed comprehensive risk triage by analyzing vulnerability reports, verifying false positives, and assigning accurate severity levels to vulnerabilities based on CVSS matrix. · Evaluate the impact of vulnerabilities and prioritize vulnerabilities based on CVSS scoring and considering exploitability in telecom environments (e.g., SS7, Diameter, GTP, VoIP, IoT, 5G). · Perform cloud-specific vulnerability assessments for containers and orchestration platforms (Docker, Kubernetes). · Provide remediation recommendations based on scan findings, including patching, work arounds, configuration hardening, and compensating controls. · Worked on remediation of non-compliant configurations and security issues based on CIS recommendations. · Experience in threat intelligence gathering to identify known exploits and determine the current exploitation risk of vulnerabilities (e.g., availability of exploit POC, exploit in wild). · Experience of working in ticketing tools i.e. ServiceNow, Jira. · Proficiency in Linux, Windows, and cloud security hardening. · Knowledge security frameworks and standards (e.g., NIST, ISO 27001, CIS) Experience & Certification: · Minimum 3+ years of relevant experience in a combination of security and operations technology jobs · Vulnerability Scanning tools: Nessus, Qualys, OpenVAS · Cloud Scanning Tools: Redhat ACS, Anchore, Trivy · Ticketing Systems: Jira, ServiceNow, Remedy Telecom Expertise: Telecom architecture(2G,3G,4G,5G), Nokia Nodes and functionalities Show more Show less

Job Title : Cybersecurity Analyst (Entry-Level) Location: Hyderabad, TS, India – Work From Office Must. Department : Information Technology / Cybersecurity Employment Type : Full-Time Reports To : Cybersecurity Manager Job Purpose The Cybersecurity Analyst (Fresher) will support the organization’s security operations by monitoring, analysing, and responding to cyber threats. This entry-level role is designed for recent graduates passionate about cybersecurity, eager to apply foundational knowledge, and grow into skilled professionals safeguarding critical systems and data. Key Responsibilities Threat Monitoring and Analysis : Monitor security alerts using tools like Splunk, CrowdStrike, or SIEM platforms to identify potential threats. Analyse logs and network traffic for suspicious activities under senior team guidance. Incident Response Support : Assist in investigating security incidents, documenting findings, and escalating issues as needed. Participate in containment and remediation efforts for low-level threats. Vulnerability Assessments : Support vulnerability scans using tools like Nessus or Qualys to identify system weaknesses. Help prioritize remediation based on risk severity with team input. Security Awareness : Contribute to employee training programs on phishing, password hygiene, and cyber best practices. Create basic awareness content under supervision. Documentation and Reporting : Maintain records of security events, incidents, and mitigation steps. Assist in preparing compliance reports for standards like ISO 27001 or GDPR. Learning and Development : Stay updated on emerging threats, attack vectors, and cybersecurity trends. Participate in training programs to gain certifications like CompTIA Security+ or CEH. Qualifications and Skills Education : Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field (2024/2025 graduates preferred). Relevant certifications (e.g., CompTIA Security+, CySA+, or equivalent) are a plus but not mandatory. Technical Skills : Basic understanding of networking concepts (TCP/IP, DNS, firewalls). Familiarity with operating systems (Windows, Linux) and command-line tools. Exposure to cybersecurity tools like Wireshark, Splunk, or endpoint detection platforms. Knowledge of common attack vectors (e.g., phishing, malware, DDoS). Soft Skills : Analytical mindset with strong problem-solving abilities. Clear communication to document findings and collaborate with teams. Eagerness to learn and adapt in a fast-paced environment. Attention to detail for identifying anomalies in data. Preferred but Not Required : Internship or project experience in cybersecurity, IT, or network administration. Basic scripting knowledge (e.g., Python, Bash) for automating tasks. Awareness of compliance frameworks (e.g., NIST, GDPR). Key Competencies Curiosity : Proactively seeks to understand cyber threats and solutions. Teamwork : Collaborates with senior analysts and cross-functional teams. Time Management : Prioritizes tasks effectively under tight deadlines. Ethics : Maintains integrity and confidentiality in handling sensitive data. Why Join Us? Growth Opportunities : Access to mentorship, certifications, and hands-on projects to build a cybersecurity career. Innovative Environment : Work with cutting-edge tools like AI-driven threat detection and cloud security platforms. Impactful Work : Protect critical systems and data, contributing to organizational and societal security. Inclusive Culture : Join a diverse team committed to collaboration and innovation. Show more Show less

Summary Position Summary Position: Cyber Security Senior BISO Analyst (L3) Location: USI Job Summary Cyber Security BISO Team works with the Deloitte Function Specific Subsidiaries (FSS) & Chief Information Security Officer (CISO) organization directly supporting Deloitte’s Enabling Areas functions. The role involves close integration with various internal and external client-service leaders, technical and non-technical stakeholders to drive widespread cyber security program adoption. The Business Information Security Officer (BISO) Analyst will work closely with the Application teams of various lines of businesses (LOB), including the Office of Chief Information Officer (OCIO). In this role, you will support a group/team to develop a deep understanding of the business to facilitate specialized information security risk-based discussions. This role requires a proactive individual with a keen eye for detail and a strong understanding of cybersecurity frameworks such as, ISO, NIST, CIS. This fast-paced multi-faceted environment requires a highly motivated, self-driven, strong team player who demonstrates an intrinsic desire for continuous personal and professional growth. Key Responsibilities: Oversight & Alignment: Partner with Deloitte’s central Cyber Security organization to ensure consistent adoption of security frameworks, policies, and controls within business units and client teams. Security Strategy Development: Collaborate with business leaders to develop and implement information security strategies that align with business goals and regulatory requirements. Risk Management: Identify, assess, and prioritize information security risks within the enabling areas. Develop and implement risk mitigation strategies. Policy and Compliance: Ensure compliance with relevant information security policies, standards, and regulations (e.g., ISO 27001, NIST, SOC 2, HIPAA). Maintain ongoing audit readiness. Incident Response: Lead the response to security incidents within the enabling areas, including investigation, containment, and remediation efforts. Vulnerability Management: Monitor cyber threats relevant to the business domain. Support risk assessments, issue management, and incident response coordination. Stakeholder Engagement: Serve as the primary point of contact for information security matters within the enabling areas. Build strong relationships with business leaders and other stakeholders. Mitigation Projects: Lead or support projects involving third-party risk, vulnerability remediation, data protection, secure application development, and identity & access governance Security Architecture: Work with IT and business teams to design and implement secure systems and processes that support business operations. Continuous Improvement: Stay current with emerging security threats and trends. Recommend and implement improvements to the organization's security posture Qualifications: Education: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field. Experience: Minimum of 4 years of experience in information security 2-3 years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments. 2-3 years of experience in vulnerability management, cybersecurity, or a related field. Experience with vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7). Experience with GRC platforms (e.g., ServiceNow, Archer, or similar). Certifications: Relevant certifications such as CISSP, CISM, CISA, or equivalent. Technical Skills: Strong understanding of information security principles, technologies, and best practices. Experience with risk management, incident response, and security architecture. Business Acumen: Ability to understand business operations and align security strategies with business objectives. Communication: Excellent verbal and written communication skills. Ability to effectively communicate complex security concepts to non-technical stakeholders. Leadership: Proven ability to lead cross-functional teams and manage multiple projects simultaneously. Soft Skills: Excellent analytical and problem-solving skills. Strong communication skills, both written and verbal. Ability to work independently and as part of a team. Detail-oriented with a strong focus on accuracy and quality. Ability to work in a fast-paced environment and manage multiple tasks simultaneously. This role is ideal for a motivated individual who is passionate about cybersecurity and eager to contribute to the organization's security posture. If you have a strong background in vulnerability management and a commitment to continuous improvement, we encourage you to apply. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Benefits At Deloitte, we know that great people make a great organization. We value our people and offer employees a broad range of benefits. Learn more about what working at Deloitte can mean for you. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Professional development From entry-level employees to senior leaders, we believe there’s always room to learn. We offer opportunities to build new skills, take on leadership opportunities and connect and grow through mentorship. From on-the-job learning experiences to formal development programs, our professionals have a variety of opportunities to continue to grow throughout their career. Requisition code: 302394 Show more Show less

Varonis is looking for Security Analyst to join our dynamic team and embark on a rewarding career journey. Defining, planning, implementing, maintaining, and upgrading security measures, policies, and controls Assisting with the creation of updates and training programs to secure the network and train the employees Keeping the security systems up to date Monitoring security access and maintaining the relevant data Conducting vulnerability testing and risk analyses to assess security and performing internal and external security audits Analyzing security breaches to identify the cause and to update incidence responses and disaster recovery plans

Job Description: Platform Engineer Bangalore, Karnataka, India As a member of the Digital Factory Platform team, the Platform Engineer is responsible for development of automation strategy, roadmap, KPI's, standards and practices for the platform and agile product teams. This is in support of the transformation towards fully automated testing & deployments for our application teams, as part of a wider GT transformation project. Leveraging solutions and services delivered by Platform team, the Platform Engineer will help drive adoption of Cloud and DevSecOps tooling throughout the organization. What you’ll be DOING What will your essential responsibilities include? Define the Platform automation (DevSecOPs ) strategy /integration patterns, roadmap, KPI's, standards and practices for the platform and agile product teams. Assess Product team requirements and propose automation solutions. Experience in implementing release automation frameworks (branching strategies / release deployment strategies – Blue Green/Canary ,rolling) using tools such as Azure DevOps , Bit bucket, teamscity, datadog,Harness ,Jenkins, Git,JFrog ,Docker ,Kubernetes and OpenShift. Provide hands-on assistance with automated embedded security testing (Static application security testing ,SCA & Dynamic application security testing). Mentor and collaborate with the Product Scrum teams on automation best practices. Implement containerization using Docker and orchestrate deployments with Kubernetes, ensuring scalability and portability of products in scope. Implement and enforce security compliance checks within the CI/CD pipeline, ensuring adherence to industry standards and regulatory requirements. Own and lead the design and implementation of automation frameworks. Create and run automation training /overview sessions. Delivering CI CD pipeline templates for reuse. Regularly assess and enhance the DevSecOps processes to improve efficiency, security, and overall development practices. Stay informed about emerging technologies and best practices in the DevSecOps space. Knowledge of Selenium, JIRA ,Rest Assured, SonarQube, CheckMarx,JFROG X Ray & Qualys. In-depth knowledge of Guidewire architecture and components. Understanding of Guidewire security features. Proficiency in Git for version control. Experience with CI/CD tools. (Bit bucket, Teamcity). Excellent scripting skills in Python, Shell, or PowerShell. Experience with automation frameworks. Familiarity with SAST and DAST tools. Knowledge of Data Dog is a plus. Azure API Management, Azure Logic Apps, Azure Service Bus, Azure Event Grid, Azure Functions, Azure Data Factory. Knowledge of security compliance frameworks (OWASP, NIST). Familiarity with Dynatrace,ELK stack, Splunk, or similar tools. Understanding of integrating security into the development lifecycle. Knowledge of static analysis, dynamic analysis, and penetration testing. Familiarity with secure coding practice. Exposure on Guidewire CI CD tools, JIRA, Azure /AWS, OpenShift, GHE, JFrog /Nexus Artifactory, Willingness to learn new tech & tools, Terraform, Docker. Terraform, Kubernetes. You will report to the Head of Digital Factory Delivery. What you will BRING We’re looking for someone who has these abilities and skills: Required Skills and Abilities: Excellent understanding of Automation frameworks /best practices. Effective understanding of Scrum Agile methodology and experience working in a Scrum team. Adaptable to new/different strategies, programs, technologies, practices, cultures, etc. ; comfortable with change, able to easily makes transitions. Effective communication skills, both verbal and written. Proven ability to clearly articulate goals and desired outcomes and influence key decisions to ensure deliverables are met. Proven ability to establish and maintain effective relationships and leverage those relationships to deliver on goals. Bachelor’s degree or equivalent work experience. Desired Skills and Abilities: Ability to effectively integrate colleagues and teams which are currently disparate, and introducing new technologies and process. Proven planning and organization skills, creating work schedules, prioritizing workload, preparing in advance and setting realistic timescales. Who WE are AXA XL, the P&C and specialty risk division of AXA, is known for solving complex risks. For mid-sized companies, multinationals and even some inspirational individuals we don’t just provide re/insurance, we reinvent it. How? By combining a comprehensive and efficient capital platform, data-driven insights, leading technology, and the best talent in an agile and inclusive workspace, empowered to deliver top client service across all our lines of business property, casualty, professional, financial lines and specialty. With an innovative and flexible approach to risk solutions, we partner with those who move the world forward. Learn more at axaxl.com What we OFFER Inclusion AXA XL is committed to equal employment opportunity and will consider applicants regardless of gender, sexual orientation, age, ethnicity and origins, marital status, religion, disability, or any other protected characteristic. At AXA XL, we know that an inclusive culture and enables business growth and is critical to our success. That’s why we have made a strategic commitment to attract, develop, advance and retain the most inclusive workforce possible, and create a culture where everyone can bring their full selves to work and reach their highest potential. It’s about helping one another — and our business — to move forward and succeed. Five Business Resource Groups focused on gender, LGBTQ+, ethnicity and origins, disability and inclusion with 20 Chapters around the globe. Robust support for Flexible Working Arrangements Enhanced family-friendly leave benefits Named to the Diversity Best Practices Index Signatory to the UK Women in Finance Charter Learn more at axaxl.com/about-us/inclusion-and-diversity. AXA XL is an Equal Opportunity Employer. Total Rewards AXA XL’s Reward program is designed to take care of what matters most to you, covering the full picture of your health, wellbeing, lifestyle and financial security. It provides competitive compensation and personalized, inclusive benefits that evolve as you do. We’re committed to rewarding your contribution for the long term, so you can be your best self today and look forward to the future with confidence. Sustainability At AXA XL, Sustainability is integral to our business strategy. In an ever-changing world, AXA XL protects what matters most for our clients and communities. We know that sustainability is at the root of a more resilient future. Our 2023-26 Sustainability strategy, called “Roots of resilience”, focuses on protecting natural ecosystems, addressing climate change, and embedding sustainable practices across our operations. Our Pillars: Valuing nature: How we impact nature affects how nature impacts us. Resilient ecosystems - the foundation of a sustainable planet and society – are essential to our future. We’re committed to protecting and restoring nature – from mangrove forests to the bees in our backyard – by increasing biodiversity awareness and inspiring clients and colleagues to put nature at the heart of their plans. Addressing climate change: The effects of a changing climate are far-reaching and significant. Unpredictable weather, increasing temperatures, and rising sea levels cause both social inequalities and environmental disruption. We're building a net zero strategy, developing insurance products and services, and mobilizing to advance thought leadership and investment in societal-led solutions. Integrating ESG: All companies have a role to play in building a more resilient future. Incorporating ESG considerations into our internal processes and practices builds resilience from the roots of our business. We’re training our colleagues, engaging our external partners, and evolving our sustainability governance and reporting. AXA Hearts in Action : We have established volunteering and charitable giving programs to help colleagues support causes that matter most to them, known as AXA XL’s “Hearts in Action” programs. These include our Matching Gifts program, Volunteering Leave, and our annual volunteering day – the Global Day of Giving. For more information, please see axaxl.com/sustainability. xaxl.com/sustainability.

Mizuho Global Services Pvt Ltd (MGS) is a subsidiary company of Mizuho Bank, Ltd, which is one of the largest banks or so called ‘Mega Banks’ of Japan. MGS was established in the year 2020 as part of Mizuho’s long-term strategy of creating a captive global processing center for remotely handling banking and IT related operations of Mizuho Bank’s domestic and overseas offices and Mizuho’s group companies across the globe. At Mizuho we are committed to a culture that is driven by ethical values and supports diversity in all its forms for its talent pool. Direction of MGS’s development is paved by its three key pillars, which are Mutual Respect, Discipline and Transparency, which are set as the baseline of every process and operation carried out at MGS. What’s in it for you? o Immense exposure and learning o Excellent career growth o Company of highly passionate leaders and mentors o Ability to build things from scratch Know more about MGS: https://www.mizuhogroup.com/asia-pacific/mizuho-global-services Walk-in drive in Mumbai Time : Between 3-5pm Date : 19-05-2025 to 23-05-2025 Relevant Skills and Experience for EDR Defender - - Project and delivery management experience 3+ years EDR administration (CrowdStrike Falcon, VMware Carbon Black, Palo Alto Network Cortex XDR, Microsoft Windows Defender, Cylance, Tanium etc.) - 3 + years of working with EDR tools performing requirements gathering, deployment, configuration, and conducting threat hunting. Relevant Skills and Experience for VAPT - • 5-7 years of experience in vulnerability assessment, penetration testing, or a related field. • Strong understanding of vulnerability management concepts, principles, and best practices. • Proficiency in using vulnerability assessment tools (e.g., Nessus, Tenable, Qualys). • Experience in conducting penetration testing using various methodologies (e.g., black box, gray box, white box). • Knowledge of common security threats, vulnerabilities, and attack vectors. • Experience with network and system security tools (e.g., firewalls, intrusion detection systems, antivirus). • Experience with scripting languages (e.g., Python, PowerShell). • Experience with cloud security (e.g., AWS, Azure, GCP). Relevant Skills and Experience for IAM - • 7-10 years of experience in IAM engineering or a related field. • Strong understanding of IAM concepts, principles, and best practices. •Experience with industry leading IAM solutions, such as SailPoint, Okta, Ping Identity, or ForgeRock. •Experience with scripting languages (e.g., Python, PowerShell). •Experience with cloud platforms (e.g., AWS, Azure, GCP). •Experience with directory services (e.g., Active Directory, LDAP). •Experience with security frameworks (e.g., NIST, ISO 27001). Relevant Experience FOR Splunk - · 7-10 years of experience in Splunk administration, engineering, or a related field. · Strong understanding of Splunk architecture, components, and workflows. · Experience with designing and implementing Splunk search processing orders (SPOs). · Experience with developing and optimizing Splunk dashboards, alerts, and reports. · Experience with integrating Splunk with other enterprise applications and systems. · Experience with data security and compliance best practices. · Experience with cloud platforms (e.g., AWS, Azure, GCP). Relevant Experience FOR ServiceNow - · 12+ years of experience in IT Service Management, with a strong focus on ServiceNow implementation. · Proven experience in leading teams and managing complex projects. · In-depth knowledge of ServiceNow modules and functionalities. · Experience with developing and optimizing ServiceNow dashboards, alerts, and reports. · Ability to communicate complex / technical issues to non-technical audiences · Proven track record of leading technical teams and managing managed services projects. Interested candidates can send resume on mgs.rec@mizuho-cb.com along with the below details. Current CTC Expected CTC NP Experience Current residential location Availability for F2F Address:Mizuho Global Services India Pvt. Ltd, 11th Floor, Q2 Building Aurum Q Park, Gen 4/1, Ttc, Thane Belapur Road, MIDC Industrial Area, Ghansoli, Navi Mumbai- 400710. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! The Technical Support Team is responsible for managing the prompt resolution of global customer and partner service requests in a highly secured environment. The Senior Technical Support Engineer - Security Applications works closely with Development, QA, Operations, Customer Service, Finance, Sales, and Alliances to ensure high customer satisfaction with all transactions. The primary function of this position is to ensure that each customer interaction is a friendly and professional experience that addresses the customer's needs in all stages of the customer service life cycle within Qualys. Customer relationship building and teamwork are key success criteria for this role. The role will provide support via phone, email, and WebEx focused on several different Product module which Qualys offers https://www.qualys.com/solutions/ over SaaS (Software as Service) platform. We are looking for passionate, self-motivated technical individuals that have the desire and capability to think outside the box to solve complex problems. The Technical Support Engineer - Security Applications acts as the main point of contact regarding technical issues and will work directly with Development and QA teams to facilitate resolution. This role will suit an individual who excels in a challenging and dynamic environment, enjoys world-class support, and is technically motivated. Qualifications The ideal candidate will have hands-on solid Networking, IT security and Windows troubleshooting knowledge. Should have previous experience in a Technical support role, and must be able to adapt quickly to any technical challenge. Must have a strong Windows foundation and/or solid Linux/Unix experience in an enterprise environment. The candidate must be passionate about security, and individuals with CISSP/CEH or equivalent are preferred. Applicants should have a deep understanding of network services and how they work from a protocol/configuration level. Required: 1-2 years of experience in a technical support role. Vulnerability Management, Web Application Security/Firewall application support experience is preferred. In-depth TCP/IP understanding. LAN/WAN infrastructures. Common OS services (IIS, BIND, Apache, AD, WINS, Samba, SSH). Strong knowledge of current firewall, Intrusion Detection System technologies, and Network Vulnerability Scanners. Outstanding troubleshooting and analytical skills. Excellent written and verbal communication skills. Bachelor of Science, preferably with a major in Computer Science or equivalent experience Preferred: Experienced with packet capture review and diagnosis. Previous API support and Regex knowledge. Understanding of scripting languages like Bash, Python, Powershell, etc. Knowledge of major web server software (IIS, Apache, WebSphere, Tomcat, WebLogic), UNIX/Windows web services, and diverse platforms and applications (Linux, Windows 2003/2008, Windows NT, Novell, Lotus Notes, Mac OS). Oracle and Microsoft SQL knowledge is desirable. CCNA, MCSE, CISSP, CompTIA Security+, and CEH are highly desirable. Experience with Customer Support and Development Tools (Salesforce, Jira, etc.) Willing to work in rotational / US work hours. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Summary: The Technology Risk Analyst plays a crucial role in identifying, assessing, and mitigating technical risks within an organization. Has an understanding of Enterprise Risk Management practices in a technical environment. This professional is responsible for developing and implementing risk management strategies to safeguard technology assets, systems, and operations. Technology risk analyst provides guidance on information security processes, controls, and compliance, and information security risk management to key stakeholders. The role requires a combination of technical expertise, risk analysis skills, and the ability to collaborate with cross-functional teams to ensure the effective management of technical risks. Key Responsibilities: Risk Identification: Conduct comprehensive assessments of potential technical risks associated with the organization's systems, infrastructure, and technology projects. Stay abreast of industry trends, emerging technologies, and potential vulnerabilities that may impact the organization's technical landscape. Risk Assessment: Evaluate the potential impact and likelihood of identified risks, considering both internal and external factors. Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing. The ability to articulate the business risks associated with technical vulnerabilities and risks. Risk Mitigation Planning: Develop and implement risk mitigation strategies and action plans to address identified technical risks. Collaborate with IT teams to prioritize and implement security measures, controls, and safeguards to mitigate potential threats. Incident Response and Management: Establish and maintain an incident response plan to address technical incidents promptly and effectively. Coordinate with relevant stakeholders to investigate and resolve technical security incidents, ensuring lessons learned are incorporated into future risk management strategies. Compliance and Standards: Ensure that the organization complies with relevant regulatory requirements and industry standards related to technical risk management. Stay informed about changes in regulations and standards, adjusting risk management processes accordingly. Facilitate deployment and maintenance of Technology risk and controls model with assigned Technology teams using globally known and industry standard models (e.g., COBIT5, OCTAVE, FAIR, NIST, ISO) as references. Manage and provide leadership on all key information security processes and procedures. Communication and Reporting: Communicate technical risk information to both technical and non-technical stakeholders, including executives and board members. Provide regular reports on the status of technical risks, mitigation efforts, and key performance indicators to demonstrate the effectiveness of risk management strategies. Direct the activities of project managers and project teams to ensure quality and timeliness of project completion. Development of project business cases, charters, plans and execution approach. Proven strong stakeholder engagement and management capabilities. Training and Awareness: Develop and deliver training programs to enhance the awareness and understanding of technical risks among employees. Foster a culture of security awareness and responsibility throughout the organization. Vendor Risk Management: Evaluate and manage risks associated with third-party vendors and partners, ensuring they meet the organization's security standards. Act as the change agent in the identification and execution of initiatives: Develop and implement strategies to protect the company’s cyber security. Including firewalls, security software, data encryption tools, safety protocols, etc. Qualifications: Total work experience of 6+ years with a minimum of 3 years in relevant field of work. Bachelor's or Master's degree in Computer Science, Information Security, Risk Management, System Resiliency & Availability & Software development practices and frameworks, Products and operations, Access and identity management, application security, assurance programs, or a related field. Proven experience in technical risk management, information security, or a related role. Industry Relevant Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certificate of Cloud Security Knowledge (CCSK), CPA, CIA, AWS, CIPP, CBCP, CRM or equivalent are highly desirable. Strong understanding of technology, information security principles, and risk management frameworks. Excellent analytical, communication, and interpersonal skills. Ability to work collaboratively with cross-functional teams and stakeholders. Knowledge of widely known Enterprise Architecture frameworks like TOGAF, SABSA, etc.. Project Management Certification (PRINCE II, PMP, Agile or otherwise) and be an outcome focussed self-starter. Current knowledge of best practice IT controls, risk management techniques, ISO27001, SOC1/2/3 SSAE18, CSA Star (CCM), PCI DSS and familiarity with GRC tools. Hands-on product experience on Qualys Enterprise Tru-Risk Platform and similar leading security automation products with broad market presence shall be added advantage. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! CAMS QGS Job Description As Software Engineer you will be working on the Centralized Appliance Management Service (CAMS). It allows us to optimize existing Qualys products and create an innovative way of delivering those to a customer. This opening is your chance to create a significant impact on product improvement and delivery options Responsibilities: Design, develop and deliver Linux services and automation behaviors using Python (shell scripts appreciated) Conceive and deliver new features and improvements in a fast-paced environment as a part of a growing engineering team Develop capacity and monitoring plans for the services you write Collaborate across the company to define, design, build and improve various products Qualifications Experience in Linux system-oriented software development using C/C++ (Makefile, RPMBuild, Docker, Kubernetes/Swarm) Experience in developing micro-services for private and public clouds Hands-on experience with DevOps tools like Puppet and/or Ansible is appreciated Good knowledge of networking and Linux system services (systemd, etcd). Understanding of HTTP (0.9/1.0, HTTPs, TLS/SSL, Certificates, HTTP proxy/reverse proxy architecture and behavior understanding appreciated). Ability to think out-of-box and zeal to continuously improve design and implementation. Excellent communicator and team player BS/MS in Computer Science or related field Preferred Skills Knowledge of Linux, Kubernetes, Docker, Swarm Knowledge of Kafka, Casandra, Elastic Search, python, bash script Good understanding of how distributed systems Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Qualys, Inc is a pioneer and leading provider of disruptive cloud-based IT, security, and compliance solutions with over 11,000 active customers in more than 130 countries, many of which are in the Forbes Global 100 and Fortune 100 companies. Qualys helps organizations streamline and consolidate their security and compliance solutions in a single platform and build security into digital transformation initiatives for greater agility, better business outcomes, and substantial cost savings. We are seeking a talented Senior Software Engineer to work on the Qualys Scanner Platform which is Qualys flagship offering. Working with a team of engineers and architects, you will be responsible for prototyping, designing, developing and supporting a highly scalable security platform Responsibilities: Analyze, design, code, and debug complex security software Provide ongoing maintenance, support and enhancements in existing systems and platforms. Provide recommendations for continuous improvement. Work alongside other engineers on the team to elevate technology and consistently apply best practices. Required Skills: Bachelor’s in computer science 5 years of experience as a hands-on engineer developing software products and solutions for service-oriented deployment in public or private clouds. 5 years of C/C programming in a Linux environment Working knowledge in Linux Kernel Demonstrated skills including design, prototype, development, unit test, performance profiling, etc. Hands-on with development tools like VIM, Jira, GIT, Nexus, Maven, JIRA Agile Development with Scrum Desired Skills: Takes complete ownership of successful delivery of the products components, modules and dependencies assigned Demonstrated high quality focus and exposure to Test-Driven Development. Must have launched or developed complex software projects with multiple complex features with short release cycles Excellent communications skills, both verbal and written Self-directed; requires minimal supervision on work products Assertive and must be able to influence team members to meet their commitments in a timely manner and also be able to forge consensus and resolve issues in the face of conflicting goals or interests Team player with a “can do” attitude yet modest and humble attitude when it comes to collaborating within team and across other teams Uncompromising attitude when it comes to quality and help raise bar of product, team members and hence overall engineering organization Show more Show less

About BNP Paribas India Solutions Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions. About BNP Paribas Group BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability Commitment to Diversity and Inclusion At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. About Business Line/Function ITG is a group function established recently (2019) in ISPL with presence in Mumbai, Chennai. We collaborate with various business lines of the group to provide IT Services. BNP PARIBAS, the leading bank in the European Union and a leading international player, is seeking to complement and reinforce its existing teams in the areas of IT risk management, cybersecurity and the fight against digital fraud. Job Title Cyber Security Engineer Date Department: CDF. IN Location: Mumbai Business Line / Function ITG Central Reports To (Direct) Service Delivery Manager Grade (if applicable) (Functional) Number Of Direct Reports Directorship / Registration: NA Position Purpose The main responsibility of Cybersecurity personal is to develop and implement integrated solutions in the IT risk management policy approach. Responsibilities Direct Responsibilities Define and implement the needs regarding Cybersecurity within the ITRMG referential framework and IT system development projects Organize regular reviews of IS component source codes and ensure that the vulnerabilities identified are remedied Design application security or related architectures (API, services, etc.) Perform the security review of applications by enforcing security requirements Organize project support for securing applications/sensitive data during application development lifecycle for software development projects Ensure that security, operational risk and remediation plans are properly managed Define a communication, training and/or cyber culture awareness raising program Assist and provide advisory services for operational staff (Remote access, Privileged account, Exception management) Prepare reports, risk measurements and the relevant management information Execute risk and cyber security permanent controls based on the group generic ICT control plans Cyber Resilience opinion: Participate in the analysis of cyber resilience and cyber fraud documents Provide IT & Cyber risk management (IT, Cyber, Operational Resilience) advisory and guidance to the stakeholders involved Contributing Responsibilities Contribute to overall department and ISPL Vision goals as directed by Dept. head and Manager Build a thorough understanding of Global Cybersecurity posture of the Bank in order to provide high impact risk analysis to protect the firm. Contribute to classify the applications based on data confidentiality, integrity, availability and traceability, in order to obtain an end-to-end view of the most critical IT assets/sensitive data. Contribute towards the identification of KPIs for the Operational Resilience Dashboards. Publishing the dashboard on regular basis. Technical & Behavioral Competencies Functional Skills Experience in IT Risk and Cyber Security domains in a financial institution demonstrating a high-level of commitment and self-motivation. Experience in the Finance & IT industry with a strong exposure to IT Operations, Application Security, SOC/SIEM, and/or network administration, IPS Strong demonstrated knowledge of cybersecurity, cyber risk and cyber threats Risk knowledge and awareness of risks combined with enthusiasm and a genuine interest in the role of Risk Assessment, Risk Analysis in business and providing Risk Opinion as a subject matter expert. Working knowledge of global threats to international cyber security, and conversant in the tactics, techniques and procedures used by cyber adversaries. Demonstrates a calm professional approach, with a good understanding of delivery within time constraints and the need to escalate/inform departmental management as appropriate; IT knowledge Technical Good understanding of organizations and IT Businesses Good technical understanding of infrastructures and IT Security Productions and Systems IT risk analysis and management methods Knowledge of Cyber Resilience, IT continuity and business continuity Knowledge of application code analysis (SAST/SCA), infrastructure scan (Qualys IVS) GRC - Governance, Risk Management and Compliance Management. A good understanding of large-scale technology infrastructure and SOC/CERT operations. Should have worked with Risk Management Tools IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. Network protocols and network connectivity concepts; Firewall and Internet technologies; Cloud Security, Banking Tools & Technologies; Secure access control mechanisms; Encryption and Key management technics Behavioral Strong Communication, Analytical and problem-solving skills. Proven organizational skills with excellent multi-tasking, result oriented and prioritization skills Good documentation and reporting skills Ability to work independently Strong communication and interpersonal skills, able to communicate and relate easily with IT, Finance and back office users Good communication, technical writing/diagramming skills Attention to detail and accuracy Capacité for créativité and innovation Self-discipline Specific Qualifications (if Required) One or more Industry-recognized information Security certifications such as CISSP, CISA, GCCC, CISM, CRISC, CEH, OSCP or Security+. IT Security tools like Firewalls, IPS, WAF, Endpoint protection, Network security, etc. IT Auditing (ISO27001, ISO27005) Regulatory Compliance MBA in Finance/Systems/IT, Bachelor of Commerce, Master in Commerce, Bachelor in Science Skills Referential Behavioural Skills: (Please select up to 4 skills) Communication skills - oral & written Ability to collaborate / Teamwork Creativity & Innovation / Problem solving Ability to deliver / Results driven Transversal Skills: (Please select up to 5 skills) Ability to develop and adapt a process Choose an item. Choose an item. Choose an item. Choose an item. Education Level Bachelor Degree or equivalent Experience Level At least 5 - 9 years Other/Specific Qualifications (if Required) CISA/CISSP/CISM/CRISC Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Description Qualys, a leading cybersecurity firm, is seeking an experienced Senior Technical Support Engineer for Security Applications to resolve global customer and partner service requests promptly. Collaborate across teams for high customer satisfaction in a secure environment. Ideal for security enthusiasts with solid networking skills. Lead in resolving technical issues, provide top-tier support, and contribute to world-class assistance. Responsibilities: Promptly resolve global customer and partner service requests in a highly secured environment. Collaborate with cross-functional teams for high customer satisfaction. Provide support via phone, email, and MS Teams for Product modules over the SaaS platform. Ensure friendly and professional customer interactions throughout the service life cycle. Act as the main point of contact for technical issues, collaborating directly with Development and QA teams. Thrive in a challenging and dynamic environment, delivering world-class support and technical solutions. Qualifications: 2+ years of technical support experience. Experience in Vulnerability Management and Web Application Security/Firewall application support. In-depth TCP/IP understanding and LAN/WAN infrastructure knowledge. Strong foundation in Windows and/or solid Linux/Unix experience in an enterprise environment. Familiarity with common OS services (IIS, BIND, Apache, AD, WINS, Samba, SSH). Knowledge of firewalls, Intrusion Detection System technologies, and Network Vulnerability Scanners. Outstanding troubleshooting and analytical skills. Excellent written and verbal communication skills. Bachelor of Science in Computer Science or equivalent experience. Show more Show less

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Description Position Title: Content Writer Creator Department: Content Experience Reports To: Director Location: Pune - Hybrid Job Type: Full-time Overview Qualys is looking for an experienced content writer for our IT security and compliance solutions in the cloud. The candidate must possess a background in content writing with 5+ years of content development experience for IT products. You need to deliver platform stories based on user persona to help customers see the big picture of the solutions offered by Qualys integrations. This role will involve close collaboration with cross-functional teams such as Product Managers, Engineering, SMEs, Support, Documentation, and marketing. It requires experience and understanding in the domain of cloud-native infrastructure. The ideal candidate has worked with networking and/or security products and is passionate about creating helpful content in a modern way. Skills: Technical Skills Ability to evaluate new and evolving blog technologies. Solid understanding of all sections related to the anatomy of a blog Ability to utilize reporting tools for analysis of traffic, referral links and reader demographics Knowledge and understanding of current editing, authoring tools, and related blog technologies. Ability to utilize computerized word processing, blogging and internet software. Knowledge and understanding of internet operations and functionality Skill in the use of computerized blog layout and design software. Writing And Editing Skills Proofreading and editing skills. Ability to research, create, compose, and edit written materials. Ability to write simply with a conversational style Writing should be informative, but not verbose Project Management Skills Ability to effectively manage time and schedules for content projects. Ability to work independently and as a member of a team. Strategic planning skills. Key Responsibilities As part of your role, you will act as a conduit between various internal and external teams to deliver an integrated documentation management architecture and roadmap to support the Qualys vision. Work cross-functionally to develop and cultivate relationships with SMEs and stakeholders to gain an understanding of customer needs and priorities and get buy-in from the functional units as required. Technical Blogs – Get technical blogs created and published by various stakeholders. Create templates for blogs and newsletters so they can be used easily by other teams. Threat Protection blogs – Google search and call to action Customer Content Strategies - You will need to work with other team members and the product documentation team to enhance the existing documents and to incorporate the playbook style of content strategies. Integration Documents - These will be high-level integration documents that tell platform stories of our upcoming products and solutions. You will need to work closely with other product managers to deliver on a unified central platform approach for cross-product interoperation and use case-driven upsells. Show more Show less

Requisition Number: 100676 Cloud Infrastructure Engineer II Location- Bangalore, it's 5 days work from office. Shifts- 24*7 rotational Insight at a Glance 14,000+ engaged teammates globally with operations in 25 countries across the globe. Received 35+ industry and partner awards in the past year $9.2 billion in revenue #20 on Fortune’s World's Best Workplaces™ list #14 on Forbes World's Best Employers in IT – 2023 #23 on Forbes Best Employers for Women in IT- 2023 $1.4M+ total charitable contributions in 2023 by Insight globally Now is the time to bring your expertise to Insight. We are not just a tech company; we are a people-first company. We believe that by unlocking the power of people and technology, we can accelerate transformation and achieve extraordinary results. As a Fortune 500 Solutions Integrator with deep expertise in cloud, data, AI, cybersecurity, and intelligent edge, we guide organizations through complex digital decisions. About The Role We are looking for a Cloud and On-Prem Security Engineer with expertise in managing vulnerabilities, hardening servers, and ensuring the security of both cloud and on-premises environments. The ideal candidate should have hands-on experience with Orca Security for cloud security and Qualys for on-prem vulnerability management. Additionally, they should be proficient in patching using Puppet (Cloud) and SCCM/MECM (On-Prem), as well as server hardening across Windows and Linux environments. As a Cloud Infra Engineer II, you will get to: Vulnerability Management: Experience in managing and remediate vulnerabilities in Azure Cloud using Orca Security. Perform on-prem vulnerability assessments and patching using Qualys. Server Hardening & Security Compliance: Implement security best practices for Windows Server 20 (various versions) and Linux (CentOS, RedHat, Ubuntu). Ensure compliance with security standards and policies for both cloud and on-prem servers. Patch Management: Conduct monthly patching of Windows and Linux servers using: Puppet for cloud-based patching. SCCM/MECM for on-prem patching. Cloud & On-Prem Infrastructure Security: Secure and manage Azure cloud resources. Experience in managing on-prem virtualization using Hypervisor and Failover Clustering. Be Ambitious: This opportunity is not just about what you do today but also about where you can go tomorrow. As a Cloud Infra Engineer III, you are positioned for swift advancement within our organization through a structured career path. When you bring your hunger, heart, and harmony to Insight, your potential will be met with continuous opportunities to upskill, earn promotions, and elevate your career. We are looking for a Cloud Infra Engineer II with: 4+ years of experience in cloud and on-prem security. Strong understanding of server security hardening and vulnerability remediation. Experience with compliance frameworks such as ISO 27001, NIST, CIS benchmarks, PCI-DSS, and OWASP security principles, ensuring adherence to industry security standards and best practices. Bachelor’s degree in computer science, Information Technology, or a related field. Exp on Security Tools & Platforms: Cloud Security: Orca Security On-Prem Security: Qualys Patch Management: Puppet (Cloud), SCCM/MECM (On-Prem) Operating Systems: Exp on Windows Server 2016, 2019, 2022 or Linux (CentOS, RedHat, Ubuntu) Infrastructure & Cloud Expertise: Azure Cloud Security & Administration , On-Prem Hypervisor & Failover Cluster Management (good to have) What you can expect - We’re legendary for taking care of you, your family and to help you engage with your local community. We want you to enjoy a full, meaningful life and own your career at Insight. Some of our benefits include: Freedom to work from another location, even an international destination—for up to 30 consecutive calendar days per year. Medical Insurance Health Benefits Professional Development: Learning Platform and Certificate Reimbursement Shift Allowance The position described above provides a summary of some the job duties required and what it would be like to work at Insight. For a comprehensive list of physical demands and work environment for this position, click here. Internal Teammate Application Guidelines Meet the minimum qualifications and requirements of the position; Have completed twelve (12) months service in their current position; Not be under a disciplinary evaluation or suspension period; Have satisfactory performance in their current position; Have their current manager/supervisor recommendation Do you know someone who would make a great Insight teammate? Referrals are the best way to build quality teams – and a great way for you to earn a little extra cash. Insight to find out how you can refer someone to this job at Insight. Insight is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, sexual orientation or any other characteristic protected by law. Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Senior Associate Job Description & Summary The SOC Analyst –L3 will be part of existing Ares Global SOC team and will be responsible for day-to-day security operations by responding to and investigating security events of interest and recommending or taking corrective action by working with IT and non-IT team members. They will also respond to security incident and investigation requests in line with established Security Incident Response processes and procedures, within defined service level targets. This position requires shift work in a 24*7*365 environment. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary: We are seeking a highly skilled and experienced Cybersecurity/Risk Consulting Senior Associate to join our Risk Consulting team. As a Cybersecurity Senior Associate, you will be responsible for leading and managing a team of consultants to deliver high-quality cybersecurity and risk management services to our clients. Responsibilities Key Responsibilities: Good interpersonal skills (written and oral communication) and ability to articulate complex issues Ability to communicate technical information clearly and concisely, commensurate with the audience Conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates. Good communicator (written and verbal) and listener. Must be a team player and motivated self-starter with ability to work independently with limited supervision. Must be assertive, methodical and detail oriented Technical Experience Experience in Web and Mobile Application Security Testing, Vulnerability Assessment and Penetration testing Analyze scan reports and suggest remediation / mitigation plan for security vulnerabilities Should be aware of tools like Qualys, HP Fortify, IBM Appscan, Burpsuite, Kali Linux suite of tools Expertise in mobile apps reverse engineering and in-depth knowledge of Android and iOS ecosystems. Knowledge of industry standard tools for mobile pentest. Thorough understanding of OWASP Top 10 vulnerabilities and their mitigations. Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Conduct penetration test and launch exploits using Nessus, Metaspoilt, kali linux penetration testing distribution tools sets Conduct Vulnerability Assessments of Network Devices using various open source and commercial tools Map out a network, discover ports and services running on the different exposed network and security devices Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption. In-depth understanding on Common Vulnerability Exposure (CVE)/ CERT advisory database. Broad background of networks, operating systems (Window, Unix, Linux), firewalls and security engineering concepts. Knowledge of scripting languages (Perl, Python, Shell etc) will be added advantage Knowledge of Open-Source Security Testing Methodology Manual (OSSTMM) Mandatory Skill Sets CEH, ECSA, LPT (any one) Preferred Skill Sets OSCP, OSWE Years Of Experience Required 2-10 Years Education Qualification B.Tech ee in Information Technology, Cybersecurity, Computer Science Professional Certifications like CEH, CCSE, CCNA, Security+, etc., will be plus SIEM certifications Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering, Master of Business Administration Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills Microsoft Defender, Palo Alto Cortex XSOAR, Splunk Optional Skills SoCs Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

Job Summary We are looking for an experienced, self-motivated and proactive System Engineer with 5-7 years of experience to join our dynamic team. The ideal candidate will have a strong background in customer service, systems administration, network concepts, performance optimization, and troubleshooting in multi-platform environments. You will be responsible for managing, monitoring, and optimizing our infrastructure, ensuring high availability and performance across our systems and applications. This position requires a high level of collaboration with other departments around the globe to support both regional and global efforts. About Milliman Milliman is among the world's largest providers of actuarial and related products and services. The firm has consulting practices in healthcare, property & casualty insurance, life insurance and financial services, and employee benefits. Founded in 1947, Milliman is an independent firm with offices in major cities around the globe. About Milliman’s GCS IT Team GCS IT (Global Corporate Services Information Technology) plays a critical role in supporting firm wide technologies, security framework, and application landscape of the firm. Its responsibilities encompass a wide array of functions that are essential for the organization's innovation and entrepreneurial efforts, and seamless operations. Key Responsibilities Infrastructure Management : Manage and maintain Windows/Linux-based servers, Windows and Mac endpoint management, Knowledge of virtualization administration such as Hyper-V or VMWare or both, Manage Microsoft Entra ID, Exchange Online, One Drive and Intune, Sound knowledge of Single Sign-On Management (For ex: Okta), SQL database maintenance and basic configuration, and Azure resource deployment and management. Perform regular system updates, patches, backups, and vulnerability remediation. Performance Optimization Monitor system performance, resolve bottlenecks, and optimize resources for scalability and availability. Conduct system performance assessments and provide recommendations for improvement. Define metrics and establish targets, driving process and service improvements. Automation & Scripting Develop and maintain automation scripts using tools like Terraform, Bash, PowerShell, or Python scripting to streamline workflows, system configuration, and software deployment. Troubleshooting & Support Be self-directed in diagnosing, troubleshooting, and resolving issues related to system performance, network connectivity, software, hardware, and applications in accordance with SLA standards. Alert management with escalation to appropriate team. Participate in on-call support rotation. Collaboration & Documentation Collaborate with cross-functional teams (development, DevOps, infrastructure, practice support teams, etc.) to support system deployments and integrations. Prepare and maintain detailed documentation for system configurations, processes, and troubleshooting steps. Experience Required Skills & Attributes: 5-7 years of experience as a System Engineer or in a similar role, automating day-to-day tasks, system implementation, administration, and troubleshooting, use data to create reports and present findings, administer M365 services and Microsoft-based systems, and improve operational tasks. Technical Skills Microsoft 365 Services – Entra ID, Exchange online, OneDrive and Intune Microsoft Active Directory and Windows Operating Systems Configuration and Administration Strong experience with server operating systems (Linux, Windows) Knowledge of cloud platforms (AWS, Azure, or Google Cloud) Experience with virtualization technologies (VMware, Hyper-V, etc.) Experience in managing single sign-on (Okta, Microsoft Azure SSO etc.) Proficiency in system automation and scripting (Python, Shell, PowerShell, Terraform, etc.) Experience with monitoring tools (Logic Monitor, New Relic, Nagios, Zabbix, etc.) Experience with backup and disaster recovery systems (For example: Rubrik) Experience with vulnerability management and patch management (For Example: Qualys) Soft Skills Strong analytical and problem-solving skills Excellent communication and documentation skills Ability to work independently and as part of a team Detail-oriented with a focus on system reliability and performance Required Qualifications Bachelor's degree in computer science, information technology, or a related field (or equivalent experience). Relevant certifications (e.g., ITIL, Microsoft Certified: Azure Fundamentals, etc.) are a plus. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. TEM Senior – Vulnerability Management As a Senior with EY’s Global Delivery Services (GDS) Cybersecurity Team, you will contribute technically to client engagements and internal initiatives. An important part of your role will be to actively establish, maintain and strengthen client’s relationships. You will also identify potential business opportunities for EY within existing engagements, and report and escalate any engagement related issues to senior team members as appropriate. The opportunity In line with EY’s commitment to quality, you’ll confirm that work is of the highest quality as per EY’s quality standards, and is reviewed by the next-level reviewer. As an influential member of the team, you’ll help to create a positive learning culture, coach and counsel junior team members and help senior members with business development activities. Your Key Responsibilities Must have handled a Vulnerability Management process for a large enterprise using any one of the solutions: Qualys / Nexpose / Tenable or similar Must have thorough understanding about the Vulnerability Management and Exception & Exemption process on Cloud hosted systems, databases, web services and other widely deployed infrastructure components Strong knowledge and experience in Linux Experience in Nexpose and Tenable administration Working in shifts and provide weekend support Experience working with vendors to troubleshoot issues and/or operationalize new features Scripting rest API for automation (Python and/or Bash) Familiarity on databases (Oracle, Sql Server, AWS Aurora, Hadoop, MongoDB) Maintain a strong client focus by effectively serving client needs and developing productive working relationships with client personnel. Stay abreast of current business and economic developments and new pronouncements/standards relevant to the client's business. Demonstrate industry expertise (deep understanding of the industry, emerging trends, issues/challenges, key players & leading practices) Actively contribute to improving operational efficiency through standardization and process automation on client engagements and internal initiatives Skills And Attributes For Success Knowledge of Windows, Linux, UNIX, any other major operating systems. Familiarized with the latest security vulnerabilities and exploit, understanding of web-based application vulnerabilities (OWASP Top 10), cloud security and architecture Experience with scripting / programming skills (e.g., Python, PowerShell) Hands on operational experience with vulnerability management tools (e.g. Qualys, Nexpose) including the ability to deploy, configure, and run these tools Fluency in English, other language skills are considered an asset Experience in handling data using Pandas, XML libraries Exposure to handling computer networking and operating systems use cases using python. Required knowledge for Python libraries: netaddr, ipaddress, qualysapi, lxml, pandas, numpy To qualify for the role, you must have Graduates / BE / BTech / MSc / MTech / MBA in the fields of Computer Science, Information Systems, Engineering, Business or related major with minimum 3 years of work experience especially in penetration testing and vulnerability assessment. Any one of the following technical certifications: CEH, Qualys Certified Specialist, CISM Knowledge of Windows, Linux, UNIX, any other major operating systems Willingness to work in shifts and weekend Ideally, you’ll also have Project management skills Certifications: CEH, Qualys Certified Specialist, CISM What We Look For Who can perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

Role Overview : The Application Security Senior Engineer will play a crucial role in safeguarding our applications and digital assets against security threats. With a primary focus on Vulnerability Assessment and Penetration Testing (VAPT), the role involves identifying, assessing, and mitigating security vulnerabilities across our application portfolio. This position requires a proactive mindset, strong technical skills, and the ability to collaborate effectively with cross-functional teams and support the security projects. Youll be Responsible for? I. Vulnerability Assessment and Penetration Testing (VAPT): Conduct comprehensive security assessments of applications using industry-standard tools and techniques. Perform manual testing and automated scans to identify vulnerabilities such as OWASP Top 10, SQL injection, XSS, CSRF, etc. Analyze and interpret assessment findings, providing clear and actionable recommendations to development teams. Support the security gating process with timely security assessment and reporting. Provide guidance and assistance on secure software development life cycle. Track identified vulnerabilities through to resolution, collaborating closely with development teams to ensure timely mitigation. Provide detailed vulnerability reports and metrics to stakeholders, including risk assessments and remediation progress. II. Support for Security Projects: Actively participate in security projects and initiatives, providing expertise and guidance on application security best practices. Perform Security Architecture review for existing and new security projects and guide on security best practices. Collaborate with architects and developers to integrate security into the SDLC (Secure Development Life Cycle) and CI/CD pipelines. III. Incident Response and Support: Assist in incident response activities related to application security incidents. Contribute to root cause analysis and lessons learned sessions to improve incident handling and prevention strategies. IV. Security Awareness and Training: Develop and deliver training sessions on secure coding practices and application security awareness. Promote a culture of security within the organization, advocating for continuous improvement and adherence to security policies. What we’ll look in you? Bachelor’s degree in computer science/information technology, or a related field. Minimum of 5 years of experience in application security, with a focus on VAPT and secure development practices. Proven experience with security assessment tools such as Burp Suite, Qualys, Nessus, etc. Strong understanding of web application architecture, including front-end, back-end, and APIs. Solid knowledge of OWASP guidelines and best practices for secure coding. Certifications such as CISSP, CEH, OSCP, or similar are preferred. Excellent communication skills with the ability to articulate technical concepts to non-technical stakeholders. Strong analytical and problem-solving skills, with attention to detail. Why join us? Impactful Work : Play a pivotal role in safeguarding Tanla's assets, data, and reputation in the industry. Tremendous Growth Opportunities : Be part of a rapidly growing company in the telecom and CPaaS space, with opportunities for professional development. Innovative Environment: Work alongside a world-class team in a challenging and fun environment, where innovation is celebrated. Tanla is an equal opportunity employer. We champion diversity and are committed to creating an inclusive environment for all employees. www.tanla.com

The Opportunity "This is an opportunity to define, build, and shape the future of FICOs Cybersecurity and Risk Posture. As part of the Threat & Vulnerability Management team, you will collaborate across the business, IT, and client environments to secure our cloud and data center infrastructure. Your contributions will be key to strengthening FICO's defense mechanisms and enhancing our compliance posture. We're looking for a cybersecurity expert passionate about continuous improvement, cloud security, and vulnerability risk reduction. If you're someone who thrives in a fast-paced environment and wants to work on high-impact global security initiatives, this role is for you" - VP, Software Engineering. What Youll Contribute Collaborate with the Cyber Security Team, business stakeholders, IT partners, and clients to manage and reduce cybersecurity risk. Act as a subject matter expert in vulnerability scanning, compliance monitoring, and risk reporting. Operate and optimize tools such as Wiz, Qualys, or similar for vulnerability scanning across cloud and on-prem environments. Validate, triage, and risk-rank vulnerabilities based on severity, exposure, and potential business impact. Drive remediation planning with Product and IT teams, and oversee patch management cycles. Contribute to threat & vulnerability management strategy, policy, and continuous process improvement. Conduct periodic risk assessments and develop mitigation strategies in line with compliance requirements. Monitor the evolving threat landscapeincluding zero-day exploits, vendor patches, EOL systemsand proactively update mitigation plans. Lead initiatives to improve configuration, cloud asset management, vulnerability and patch management practices. Provide documentation, reporting, and cross-functional collaboration support. What Were Seeking Bachelors degree in Computer Science, Information Security, or a related field (or equivalent work experience). 3 6 years of hands-on experience with cloud security tools such as Wiz, Qualys, or similar vulnerability scanning platforms. Strong understanding of AWS infrastructure and cloud security principles. Working knowledge of operating system and application-level vulnerabilities and how they relate. Familiarity with risk-based vulnerability management and compliance frameworks. CISSP, CISM or equivalent certifications preferred (or willingness to obtain). Ability to multitask, manage complex data sets, and collaborate with diverse teams. Knowledge of scripting languages (e.g., Python, Bash) is a plus. Demonstrated experience in cloud (especially AWS) patch and configuration management. Familiarity with malware behavior, indicators of compromise, and modern threat vectors. Strong documentation, analytical, and communication skills.

To support in presales and sales closure as a Cybersecurity Engineer, the ideal candidate should combine technical knowledge with client-facing and business-oriented skills. ResponsibilitiesThis person acts as the bridge between your clients' problems and your service offerings — a key role in winning and delivering cybersecurity consulting work. Qualifications, Skills, ExpertiseTechnicalKnowledge of VAPT, SIEM, firewalls, cloud security, endpoint protectionFamiliar with frameworks: ISO 27001, NIST, OWASP Top 10, CIS ControlsBasic hands-on exprience with tools like Burp Suite, Nessus, Metasploit Wireshark, Splunk, Qualys etc.Client Communication & PresentationAbility to translate technical jargon into business valueBuild trust during discovery and solution demo callsComfprtable with writing technical proposals, RFP responses and SOWsSales Awareness / Presales ExperienceExperience mapping client pain points to servicesFamiliar with solutioning - creating custom packages, BoQs, effort estimatesCan perform initial scoping and handover to delivery teamsExperience in demoing services(e.g. walkthough of VAPT or risk assessment approach)

Role & responsibilities Primary Skills (All mandate) -Qualys, VMDR, Policy Compliance, Cloud Agent Location: Chennai/Bangalore Preferred candidate profile

About the Role: We are seeking an experienced and passionate Threat & Vulnerability Trainer to join our team in Kochi. The ideal candidate will be responsible for delivering comprehensive training programs focused on cybersecurity threats, vulnerability assessments, and remediation strategies. You will work closely with technical teams and trainees to upskill professionals and ensure readiness to tackle evolving cyber threats. Key Responsibilities: Design and deliver in-depth training sessions on cybersecurity topics including: Threat intelligence Vulnerability scanning and management Common attack vectors (phishing, malware, zero-day exploits, etc.) Security frameworks (NIST, ISO 27001, OWASP Top 10) Remediation techniques and best practices Develop customized training materials, hands-on labs, and assessments. Conduct workshops, webinars, and classroom sessions for internal and external learners. Continuously update training content to align with industry trends and threat landscapes. Assess the effectiveness of training sessions through feedback, tests, and practical evaluations. Collaborate with SMEs, SOC teams, and IT departments to understand training needs and integrate real-world scenarios into modules. Required Qualifications: Bachelor’s degree in Computer Science, Information Security, or related field. 3+ years of experience in cybersecurity, with a focus on threat and vulnerability management. Proven experience in delivering technical training or mentoring. Familiarity with tools like Nessus, Qualys, Rapid7, Metasploit, Burp Suite, etc. Strong knowledge of CVEs, threat modeling, penetration testing basics, and SIEM concepts. Excellent communication, presentation, and facilitation skills. Preferred Qualifications: Certifications such as CEH, CompTIA Security+, OSCP, CISSP, or similar. Experience working in a SOC or red/blue team environment. Prior experience with learning management systems (LMS) or e-learning content creation. Work Location & Schedule: Location: Kochi (mandatory on-site presence) Work Hours: Monday to Friday, 9:00 AM – 6:00 PM Job Type: Full-time Benefits: Flexible schedule Internet reimbursement Schedule: Day shift Evening shift Monday to Friday Morning shift US shift Experience: total work: 4 years (Required) Language: English (Required) Work Location: Hybrid remote in Kochi, Ernakulam, Kerala Expected Start Date: 13/05/2025

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Qualys is seeking a ReactJs Front-end Engineer to join our team. As a ReactJs developer, you'll be tasked with creating modern, intuitive, data-driven interfaces for our multiple web-based SaaS products. We’re looking for someone who is passionate about front-end technologies and who enjoys the unique responsibility of helping to define the customer experience. Responsibilities Coding! You will collaborate with a UX/UI designer and other front-end and middle-tier engineers to design, prototype, and build complex cloud-based security applications. You will assist other developers with integration of UI components with backend logic, interface implementation, and troubleshooting. Of course supporting the existing UI is a must, however, there will be plenty of opportunities to create solutions for advanced functionality while making improvements to existing areas of the application, as well as with new features. Qualifications 3+ years front-end development experience.The fundamentals: HTML, CSS, and JavaScript. Must have an excellent understanding of the browser DOM.You’re a JavaScript expert! Firm grasp of lexical scoping, closures, and OO JavaScript. Proficient in native JavaScript as well as one or more frameworks such as ReactJS, etc.Ability to bring Photoshop designs to life with near pixel-perfect accuracy.Proficient with debugging and testing tools to troubleshoot and optimize the UI.Understanding of accessibility, 508 compliance.Experienced in building Responsive UI Understanding of front-end security best practices and XSS, CSRF, etc.

Welcome to Veradigm! Our Mission is to be the most trusted provider of innovative solutions that empower all stakeholders across the healthcare continuum to deliver world-class outcomes. Our Vision is a Connected Community of Health that spans continents and borders. With the largest community of clients in healthcare, Veradigm is able to deliver an integrated platform of clinical, financial, connectivity and information solutions to facilitate enhanced collaboration and exchange of critical patient information. Veradigm Veradigm is here to transform health, insightfully. Veradigm delivers a unique combination of point-of-care clinical and financial solutions, a commitment to open interoperability, a large and diverse healthcare provider footprint, along with industry proven expert insights. We are dedicated to simplifying the complicated healthcare system with next-generation technology and solutions, transforming healthcare from the point-of-patient care to everyday life. For more information, please explore www.veradigm.com. What will your job look like: Cyber Security Engineers supports and implements cloud and application security tools and technologies. These technologies include firewalls, IDS/IPS, antivirus, web proxy, certificate management, SIEM, patch management, access controls as well as vulnerability assessments within the Veradigm environment. The Cyber Security Engineer should be comfortable working with a variety of security technologies and implements security measures to protect our systems from attacks, intrusion, and infiltration. An Ideal Candidate will have: Experience monitoring and maintaining firewalls, IDS/IPS systems, web proxy, and content filtering security products for policy violations, intrusions, anomalous behaviors, and day to day incident response activities. Experience with deployment, administration and troubleshooting of endpoint detection and response (EDR) and antivirus (AV) solutions supporting both servers and workstations. Experience securing cloud infrastructure (Azure or AWS). Administers authentication and access controls including provisioning, changes and deprovisioning of user and system accounts, security/access roles and access permissions. Monitoring and analyzing system access logs and deployment and implementation of SIEM solution such as Microsoft Sentinel or Splunk. Experience with Active Directory, Entra ID, and IAM protocols such as SAML, Single Sign On (SSO) and MFA solutions. Experience with email security and filtering, and sender authentication. Experience creating and maintaining automation and scripting tools such as PowerShell, JavaScript, Python, Perl, or Bash. Working knowledge of Windows Server administration and support including security best practices and understanding of Active Directory/Entra ID. Analyze and report organizational security posture trends. Experience with Linux distros such as RHEL, CentOS, Ubuntu, or Oracle Linux a plus. Experience conducting vulnerability assessments or risk assessments with tools such as Nessus, Qualys, Metasploit, Kali and working with application and server owners to review scan results, suggest remediation actions, and track/report on progress to management Certification Requirements Comptia Security Certification Security+ or CySA+ or CASP+ or PenTest+ Other Security Certifications- GSEC or CEH or OSCP or CCSP or MS-500 or AZ-500 Benefits Veradigm believes in empowering our associates with the tools and flexibility to bring the best version of themselves to work. Through our generous benefits package with an emphasis on work/life balance, we give our employees the opportunity to allow their careers to flourish. Quarterly Company-Wide Recharge Days Flexible Work Environment (Remote/Hybrid Options) Peer-based incentive "Cheer" awards "All in to Win" bonus Program Tuition Reimbursement Program To know more about the benefits and culture at Veradigm, please visit the links mentioned below: - https://veradigm.com/about-veradigm/careers/benefits/ https://veradigm.com/about-veradigm/careers/culture/ We are an Equal Opportunity Employer. No job applicant or employee shall receive less favorable treatment or be disadvantaged because of their gender, marital or family status, color, race, ethnic origin, religion, disability or age; nor be subject to less favorable treatment or be disadvantaged on any other basis prohibited by applicable law. #LI-SM1 #LI-REMOTE Veradigm is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse and inclusive workforce. Thank you for reviewing this opportunity! Does this look like a great match for your skill set? If so, please scroll down and tell us more about yourself!

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Description: We are seeking a skilled Penetration Tester to assess and enhance the security of our cross-platform executable Qualys Cloud Agent. This agent is responsible for system monitoring, data collection, and secure communication with a cloud platform. Operating across Unix, Windows, and macOS environments, the agent plays a critical role in our security and compliance solutions. The ideal candidate will uncover vulnerabilities, simulate attack scenarios, and work with our teams to fortify the system against threats. Key Responsibilities: Cross-Platform Agent Testing: Conduct comprehensive security testing of the executable agent, ensuring robust functionality across Unix/Linux, Windows, and macOS platforms. Identify and exploit vulnerabilities in the agent’s runtime behavior, system interactions, and interprocess communications. Test agent privilege management and evaluate risks of escalation or exploitation. Data Collection and Handling: Analyze the agent’s data collection mechanisms to ensure data privacy and integrity. Validate proper implementation of sensitive data redaction and secure storage practices. Communication Security: Test the agent’s secure communication mechanisms with the cloud server, focusing on: Encryption (TLS/SSL, public key cryptography). Authentication and session management. Mitigation of threats like MITM, replay attacks, and DNS spoofing. Reverse Engineering and Exploitation: Perform binary analysis to identify vulnerabilities in the agent's implementation. Reverse engineer agent components to assess the effectiveness of tamper-proofing mechanisms and embedded security features. Simulate advanced threat scenarios, including code injection and runtime manipulation. System Security Evaluations: Assess the agent’s impact on host system security, ensuring it does not inadvertently introduce risks (e.g., open ports, exploitable configurations). Evaluate installation, update, and self-defense mechanisms for tamper resistance and exploitation risks. Reporting and Remediation: Provide detailed vulnerability reports with proof of concept (PoC), risk impact assessments, and actionable remediation steps. Collaborate with development team to address vulnerabilities and validate fixes Contribute to improving secure development practices and robust agent design. Required Qualifications: Technical Expertise: In-depth knowledge of penetration testing methodologies for executable agents, system processes, and OS-specific security models (Windows, Unix/Linux, macOS). Proficiency in network security and cryptographic protocol testing. Strong background in reverse engineering tools and techniques Tools & Scripting: Scripting skills in Python, Bash, PowerShell, for creating custom tests. Hands on experience with proxy solutions ex Burp or Fiddler Experience: Proven track record of assessing software agents or similar system monitoring tools. Familiarity with common vulnerabilities, including CVEs related to agent-based applications. Experience working with security tools or platforms similar to Qualys Agent. Certifications (Preferred): OSCP, OSWE, CEH, GPEN, or equivalent cybersecurity certifications. Relevant cloud certifications such as AWS Security Specialty, Azure Security Engineer Associate. Preferred Qualifications: Hands-on experience with agent technologies similar to Qualys Cloud Agent. Familiarity with cloud architecture, APIs, and integration points. Knowledge of secure coding practices and defensive programming. Experience with CI/CD pipeline security.