682 Qualys Jobs - Page 28

Position Details- Position: VAPT Lead Experience: 8-12 years Job Location: Powai, Mumbai - WORK FROM OFFICE Number of Position 1 Description: We are looking for VAPT LEAD who will be responsible for running automated and manual security scans which include but not limited to SAST, DAST, IAST, Mobile, Web, API and ad-hoc pen-testing. The candidate will play a key role of integrating Security element in DevSecOps The role entails taking responsibility of analysing security vulnerabilities and capability to provide mitigation solutions to fix issues, providing guidance to application teams, and coordinating with cross functional teams across the platform. Responsibilities: Hands-on experience creating and implementing DevSecOps pipeline using CICD automation tools like Jenkins, Automated scanning tools, BurpSuite, and open source tools. Implement Application Cyber Security Controls/Policies developed by IT Security Team. Ability to demo security vulnerability to application teams. Drive application security issues to a resolution. Provide a clear guidance to application teams during vulnerability mitigation effort Conduct application security assessment on periodic intervals and for every release Collect and report status on application security assessments including milestones, deliverables, timing, tasks, risk areas, and status to Head of IT Security Categorize and recommend assessment strategies for existing and new application development Coach development and vendor teams on application security Develop user training material on secure coding and conduct training sessions Coordinate and execute IT security projects Integrate the Application and DevOps processes and CI/CD pipelines from early stages of the development lifecycle. Evaluating and on-boarding security tools such as SAST, vulnerability and open source scanning into the Security DevOps life cycle for multiple tech stacks. Contributing features to internally developed Cyber security tools, and integrate those tools into the Security DevOps pipelines. Driving continuous improvement for Security DevOps pipelines and processes, and to the Cyber security tools, services, and processes. Engage in security research in keeping abreast of the latest security issues for Cloud enabled enterprises Research best practices for a variety of technologies and document / advice on solutions for security for multiple teams Develop, improve and monitor system compliance with the IT framework for controls and levels of access Collaborate with internal teams to manage and mitigate security vulnerabilities and risks Collaborate with software engineering and digital team to deliver integrated security solutions, and improve developer security practices Collaborate on Red Team penetration testing of IT systems Essential Qualification: Tenable/Qualys tool experience is mandatory. Experience with Dockers, Kubernetes, Terraform Good to have Appsec, API Testing, Infra Cloud Security testing experience. Must have experience with a modern version control system such as: Git, Github, GitLab. CISSP, OSCP or other security certifications desired. Experience with infrastructure as code and technologies behind it (Terraform preferred) Must have 4+ years of progressive experience in computing and information security. Capable of analysing data from various data sources and generating reports, charts and graphs. • Proven experience with at least one of the following technologies: MySQL, Postgres, FireBase, Google Cloud Storage and willing to learn and fill in any gaps. Working knowledge of agile methodology, techniques, and frameworks, such as Scrum or Kanban Excellent people and project management skills. Strong communication and presentation skills. Strong analytical and problem-solving skills.

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive. Join a team using leading edge security technology and processes to protect the F5 enterprise and product environment. The Security Engineer position will execute strategic processes and implement technical solutions to enable our information security program and address day-to-day security challenges amidst the industry’s evolving technology landscape. Primary Responsibilities Build and implement new security controls, processes and tools. Identify organizational risks to confidentiality, integrity, and availability, and determine appropriate mitigations. Leverage native Azure, GCP, and AWS cloud services to automate and improve existing security and control activities. Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats. Perform technical security assessments against product and enterprise cloud hosted, virtual, and on-premise systems including static and dynamic analysis, and threat modeling. Review and test changes to services, applications, and networks for potential security impacts. Collaborate with Architecture, Site Reliability Engineering and Operations teams to develop and implement technical solutions and security standards. Stay abreast on security best practices and secure design principles. Review changes to and ongoing operations of enterpise environments and supporting systems for security and compliance impacts. Assist in incident detection and response efforts. Implement zero-trust patterns with cloud agnostic tools to support enterprise business units. Implement, design, develop, administer, and manage enterprise security tooling. Knowledge, Skills and Abilities Experience working with high-availability enterprise production environments Familiarity with scripting languages (e.g., (Go, Python, Ruby, Rust,etc.). and building scripts for process improvements Experience automating security testing and reporting outputs Technical knowledge and hands-on experience with security and networking security, basic networking protocols, cloud security, network security design, intrusion prevention/detection, and firewall architecture Experience assessing and implementing technical security controls Willingness to innovate and learn new technologies Excellent interpersonal and relationship skills with a collaborative mindset Knowledge or familiarity with technological stack (Big-IP, Azure, AWS, GCP, CentOS, Hashicorp Vault, Palo Alto, Qualys). Experience with network and application vulnerability and penetration testing tools. Baseline competency in administration of Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) or equivalent public cloud infrastructure. Exposure to DevOps tooling, CI/CD pipelines, container orchestration, and infrastructure as code approach (e.g. Puppet, Chef, Ansible, Terraform, Jenkins, CircleCI, Artifactory, Git) Strong written and verbal communication skills. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism. Agile, tactful, and proactive attitude that can manage prioritization and know when to escalate. Qualifications B.S. or M.S. in Computer Science, Engineering, or related field, or equivalent experience. 3+ years of relevant security and networking experience The About The Role is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change. Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com ) . Equal Employment Opportunity It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates . Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.

Regeneron is founded on the belief that the right idea, combined with the right team, can lead to significant transformations. Our growing global network is dedicated to inventing, developing, and commercializing medicines that change lives for those with serious diseases. In doing so, we are pioneering innovative approaches to science, manufacturing, and commercialization, as well as redefining our understanding of health. TVM Analysts focus on cybersecurity vulnerability identification, facilitate priority-based patching, and validate remediation efficiency. Operational requirements include leveraging TVM and information technology service management (ITSM) platforms to provide transparency, quantification, and accountability for remediation efficacy. This includes the utilization of reporting, executive summaries, and real-time dashboards. Additional responsibilities include chipping in to cybersecurity’s strategic maturity roadmaps, collection and analysis of cyber vulnerability intelligence, IT, and business unit partnership. A typical day might include the following: Manage cybersecurity vulnerabilities and risks across Regeneron including identifying, supporting application and system owners to manage risks and remediate vulnerabilities. Conduct vulnerability assessments of scans of servers, websites, workstations, serverless technology, network devices, cloud infrastructure, and other assets using various vulnerability management platforms and tools. Analyze enterprise cybersecurity policies and configurations to evaluate compliance with regulations and enterprise policies and standards. Assist with selection of industry best of breed cybersecurity controls to mitigate risk Collection, reporting, and metrics generation for multiple cyber TVM datasets. This includes patching efficiency, identifying system misconfigurations, and security hygiene assessments. Support the process of Security Compliance assessments of systems and multi-tenant cloud services, using industry standard processes, to include, Center for Internet Security (CIS) hardening guidelines Analysis and monitoring of cybersecurity feeds, cyber threat intelligence, and open-source intelligence on trending vulnerabilities and exploits. Partner with IT service providers to operate, maintain, and enhance TVM platforms. This includes native Operating System, cloud security, and data aggregation platforms Collaborate and partner with cross-departmental peers (technical and non-technical) to report, synthesize, and prioritize vulnerabilities and threats based on contextual assets and relationship data. Leverage industry and compute environment data to assess current and alternative technical solutions and processes for continuous enhancement and issue resolution. Supports and enables Regeneron’s, global (US (United States), EU (European Union), APAC) Science to Medicine business objectives through enriching the cybersecurity defense posture. Support Regeneron's TVM capability to identify, assign, and validate remediation of compute environment vulnerabilities. This encompasses Regeneron’s on-prem, hybrid, and multi-tenant cloud environments. This job might be for you if you: Possess a Bachelor’s Degree and 2+ years of relevant experience into Threat and Vulnerability Knowledge, proven track record, and skills in vulnerability assessment, prioritization, assignment, validation, and tracking. Experience and working knowledge of vulnerability management tools such as Nmap, Qualys, Tenable, Nessus, Microsoft Defender, Wiz, Rapid7, AWS Inspector, Orca. Familiarity with OWASP (Open Web Application Security Project) Top 10, CIS Security Controls, MITRE ATT&CK Framework Solid understanding of multi-tenant cloud environments (AWS, Azure, GCP), vulnerability mitigation techniques, and system hardening. Proven threat and vulnerability assessment skills or knowledge gained through experience or academia. Ability to understand threat modeling and apply technical, administrative, and security control risk mitigation. Organized, reliable, detail oriented. Proven or conceptual abilities to navigate levels through thought equity. Cybersecurity tool familiarity. E.g., SIEM (Security Information and Event Management), IDS/IPS, Email Protection, Firewalls, DLP (Data Loss Prevention), EDR (Endpoint Detection and Response), etc. Experience gained through a sophisticated organization and managed security providers and vendors. Excellent problem-solving skills and attention to detail. Demonstrable experience in customer service, communication, and relationship building. Ability to work independently and as part of a team. CISSP, CEH, Security+, Network+ or equivalent are preferred. Connect with us, so we can learn more about you, and you can learn more about our medicines. And join us in crafting the future of healthcare. Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, membership of the Traveler community, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or parental status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations. We will ensure that individuals with disabilities are provided reasonable accommodations to participate in the job application process. Please contact us to discuss any accommodations you think you may need. Does this sound like you? Apply now to take your first step towards living the Regeneron Way! We have an inclusive and diverse culture that provides comprehensive benefits, which often include (depending on location) health and wellness programs, fitness centers, equity awards, annual bonuses, and paid time off for eligible employees at all levels! Regeneron is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion or belief (or lack thereof), sex, nationality, national or ethnic origin, civil status, age, citizenship status, membership of the Traveler community, sexual orientation, disability, genetic information, familial status, marital or registered civil partnership status, pregnancy or parental status, gender identity, gender reassignment, military or veteran status, or any other protected characteristic in accordance with applicable laws and regulations. The Company will also provide reasonable accommodation to the known disabilities or chronic illnesses of an otherwise qualified applicant for employment, unless the accommodation would impose undue hardship on the operation of the Company's business. For roles in which the hired candidate will be working in the U.S., the salary ranges provided are shown in accordance with U.S. law and apply to U.S.-based positions. For roles which will be based in Japan and/or Canada, the salary ranges are shown in accordance with the applicable local law and currency. If you are outside the U.S, Japan or Canada, please speak with your recruiter about salaries and benefits in your location. Please note that certain background checks will form part of the recruitment process. Background checks will be conducted in accordance with the law of the country where the position is based, including the type of background checks conducted. The purpose of carrying out such checks is for Regeneron to verify certain information regarding a candidate prior to the commencement of employment such as identity, right to work, educational qualifications etc.

Position : Lead Security Engineer Experience : 10-12 Years TO SUCCEED IN THIS ROLE: You'll have a Bachelor's degree OR equivalent. Expert level knowledge on AWS Cloud security NIST, ISO27001, PCI DSS Compliance: Hands-on experience with PCI-compliant environments and managing vulnerability cycles (identification, remediation, and mitigation) for OS and Non OS Patch. TSL/SSL and Cryptographic Standards: Have a hands-on experience with TSL/SSL and cryptography lifecycle (identify and mitigate risks from deprecated algorithms or vulnerabilities). DevSecOps: In-depth understanding and experience integrating security practices into the software development lifecycle, from secure coding to automated deployment of security measures. CI/CD Tools: Experience with CI/CD pipelines, preferably using Jenkins. GitFlow fluency: Experience with the gitflow process using any GIT like tool. Monitoring and Security: Familiarity with monitoring tools (CloudWatch, Dynatrace, Splunk, etc.) and vulnerability scanning tools (SonarQube, Qualys, etc.). Java Basic: It is important to have a nice basic knowledge of Java applications. Network Basic: PCI segmentation perspective and a good understanding of firewall rules regarding that are necessary for this position. WAF: Have some experience with WAF Management and configuration (Akamai solution) will be considered as a differential.

Conduct vulnerability assessments using industry-leading tools (e.g., Nessus, Tenable, Qualys). Develop and maintain vulnerability management processes, Analyze assessment results to identify and prioritize risks. Perform penetration testing.

Key Responsibilities: Tool Proficiency: Demonstrate expertise in security tools, including: • Qualys Vulnerability Scanner • Qualys Cloud Agent Having knowledge on below tools will be preferrable. • Imperva • Wallix Bastion • Microsoft PKI • Trellix Endpoint • SafeNet • CrowdStrike Operating System Knowledge: • Maintain a good understanding of Linux OS and its security features. Problem Solving & Feedback: • Provide valuable feedback on security tools and processes. • Analyze and solve complex cybersecurity issues. • Suggest and implement improvements to enhance security posture. Scripting & Automation: • Develop scripts for process automation and system integration. • Collaborate on creating efficient workflows to streamline operations. Development Skills: • Possess a solid understanding of Python development for automation and security tasks. • Utilize development tools, such as Git and VSCode, for version control and code management. Containerization Knowledge: • Have a basic understanding of Docker and its application in cybersecurity. Other Skills: • Proven experience with cybersecurity tools and practices. • Strong analytical and problem-solving skills. • Familiarity with scripting and process automation. • Basic knowledge of containerization using Docker is a plus. • Excellent communication and collaboration skills. • Scripting and process automation experience with any mentioned tools • Usage of development tools like Git, VSCode is mandatory. • Knowledge of data analytics library like pandas, will be added advantage Personal skills: • Good Team Player • Posses Positive and Learning attitude • Good Verbal and Witten communication skills • Sense of Ownership, Priorities and Autonomous Qualification: • Bachelors Degree in Computer Engineering, Information Technology or any relevant certifications • Familiar with basic understanding of TCP/UDP packets, security tools such IDS/IPS, Web proxies, DNS security, DDoS protection, firewalls

Req ID: 315027 NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Systems Integration Advisor to join our team in Hyderbad, Andhra Pradesh (IN-AP), India (IN). Key Responsibilities: Lead and manage incident and request handling for DLP, Tanium and Qualys Attain and maintain SLAs and KPIs, providing detailed reporting and the timely escalation when necessary to management Escalate complex issues to STO management and leadership as necessary Conduct log analysis to identify potential data loss issues Assist in advanced troubleshooting of system performance-related incidents Engage with stakeholders including Business Unit, Data Privacy and Data Protection Engineering teams Assist in the creation, configuration updates, and testing of DLP policies and Tanium workflows Support change request creation, representation, and implementation for the technology stack Provide general workstation and server troubleshooting support and support Lvl1 team members Participate in major incident management calls to provide support on active incidents Mentor and share advanced knowledge with Lvl1 analysts Identify and help implement automation and optimization opportunities Experience: Prior experience with and understanding of Data Loss Prevention terminology and processes 3-5 years of experience in a security operations role and fundamental knowledge of incident and service request handling Good understanding of Windows, MacOS, and *nix operating systems Proven advanced troubleshooting capabilities Familiarity with scripting languages such as PowerShell and batch files Exceptional communication skills and the ability to mentor junior team members About NTT DATA NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us at us.nttdata.com NTT DATA endeavors to make https://us.nttdata.com accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at https://us.nttdata.com/en/contact-us. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here. If you'd like more information on your EEO rights under the law, please click here. For Pay Transparency information, please click here.