674 Qualys Jobs - Page 5

Category IT Security / Cyber Security Location Hyderabad, Telangana Job family IT Security Shift Evening Employee type Regular Full-Time Job Description (Summary) The primary responsibilities include managing vulnerability assessments using the Qualys tool, creating detailed metrics and reports, and collaborating with relevant teams to ensure timely remediation of identified vulnerabilities. To ensure the organization's IT infrastructure remains secure by proactively identifying, assessing, and mitigating vulnerabilities through effective use of the Qualys tool and coordinated efforts with cross-functional teams. The basic purpose of this position is to safeguard the organization's digital assets by maintaining a robust vulnerability management program that prioritizes risk reduction and compliance with security policies. Perform daily vulnerability assessments, create weekly metrics and reports, and handle ad-hoc requests as they arise. Work on analytical projects to enhance the vulnerability management process and develop strategies to address identified security issues. Prepare and present metrics and reports to senior leadership, showcasing trends in vulnerabilities over the year and how they are being addressed. Produce reports daily, weekly, and as needed on vulnerability assessments and remediation efforts. Responsible for training new hires and occasionally participating in candidate interviews. Technical/Job Specific Knowledge Vulnerability Management: In-depth knowledge of vulnerability assessment, prioritization, and remediation processes. Qualys: Proficiency in using Qualys for scanning, identifying, and managing vulnerabilities across various environments. Security Frameworks: Familiarity with industry standards and frameworks such as OWASP, NIST, and CIS. Network Security: Understanding of network protocols, firewalls, and intrusion detection/prevention systems. Skills Analytical Skills: Strong analytical abilities to identify and assess vulnerabilities and their potential impact. Technical Aptitude: Competence in using security tools and technologies to perform thorough assessments. Problem-Solving: Effective problem-solving skills to develop and implement remediation plans. Communication: Clear and concise communication skills to report findings and collaborate with different teams. Attention to Detail: High level of attention View more

Bangalore, MAHARASHTRA, India As a Senior Vulnerability Engineer at First Advantage (FA), you will be responsible for leading and evolving the organization’s vulnerability management program across cloud, on-premises, and hybrid environments. You will drive the identification, analysis, and remediation of critical security issues, while developing automated workflows and executive-level reporting to measure and improve risk posture. You will serve as a key liaison between security, infrastructure, and compliance teams, ensuring alignment with industry standards and audit requirements. This role is ideal for a technically skilled and process-oriented professional who is passionate about reducing risk, mentoring others, and strengthening enterprise security through scalable and strategic solutions. Roles and responsibilities: Lead Vulnerability Scanning Operations: Oversee and optimize vulnerability scanning across cloud, on-premises, and hybrid environments to ensure comprehensive coverage and timely detection of security risks. Coordinate Risk Analysis and Remediation: Lead the triage and risk assessment of critical vulnerabilities, coordinating remediation efforts with technical teams to reduce exposure and improve response times. Develop Dashboards and Reports: Build and maintain executive-level dashboards and reports to track key metrics such as mean time to remediation (MTTR), vulnerability trends, and risk posture. Automate and Streamline Workflows: Design and implement automated scanning and remediation workflows to enhance efficiency, consistency, and scalability of the vulnerability management program. Collaborate Across Teams: Partner with infrastructure, application, compliance, and security teams to resolve systemic issues, align on priorities, and drive continuous improvement in security posture. Support Compliance and Audit Readiness: Assist in maintaining compliance with internal policies and external frameworks (e.g., NIST, ISO), and ensure audit-ready documentation of standards and procedures. Mentor and Develop Talent: Provide guidance and mentorship to Vulnerability Engineers, contributing to team training, knowledge sharing, and process development. Enhance Program Maturity: Continuously evaluate and improve vulnerability management practices, tools, and processes to align with evolving threats and organizational goals. Skill required: Vulnerability Management Expertise: Extensive experience with enterprise vulnerability scanning platforms (e.g., Tenable, Qualys, Rapid7) and the ability to interpret and act on scan results effectively. Experience building and deploying these tools preferred. Risk Analysis and Remediation Coordination: Proven ability to assess risk, prioritize vulnerabilities, and coordinate remediation efforts across technical teams. Cloud and Infrastructure Knowledge: Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and hybrid infrastructure environments, including native security tools and configurations. Reporting and Metrics Development: Experience building dashboards and reports to track key metrics like MTTR, exposure trends, and remediation progress using tools such as Power BI, Tableau, or similar. Communication and Cross-Functional Collaboration: Strong communication skills with the ability to present technical findings to both technical and executive stakeholders, and a proven track record of working collaboratively across infrastructure, application, and compliance teams to drive security improvements. Self-Starter : A self-starter with a continuous improvement mindset, demonstrating the ability to take initiative and drive projects forward in a cross-functional environment. Automation and Scripting: Proficiency in scripting languages such as Python, Bash, or PowerShell to automate scanning and remediation workflows preferred. Qualifications: Experience: 6-10+ years of experience in cybersecurity, with focus on vulnerability management and/or risk analysis Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field preferred; equivalent professional experience will also be considered. Certifications: Relevant certifications in cybersecurity, such as CISSP, OSCP, or GIAC preferred. Work Location: Mumbai / Bangalore Joining time needed :15 days Perks and Benefits Health & Wellness Dental Insurance Vision Insurance Health Insurance Life Insurance Paid Time Off PTO / Vacation Policy Paid Holidays Financial Benefits 401K / Retirement Plan Employee Stock Purchase Plan Tuition Reimbursement Office Perks Work From Home Policy

Job Applicant Privacy Notice CyberArk, Security Cloud Consultant Publication Date: Jul 16, 2025 Ref. No: 534401 Location: Chennai, IN Role of Wealth Management Operational Security Engineer, being understood this role includes delegations from APAC WM CISO. The incumbent will be responsible for managing and implementing technical access controls, privilege access management, data leakage prevention and other related technologies to ensure the confidentiality, integrity, and availability of our organization’s data and systems. Responsibilities Direct Responsibilities: ü Technical Access Management / Privilege Access Management o Manage and maintain technical/privilege access controls for production and development environments o Ensure compliance with organizational technical access control security policies and procedures o Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance o Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation o Review technical access segregation between production and development environments with respective support teams ü Data Leakage Prevention (DLP) o Create, management and maintain DLP policies to detect and prevent data leaks o Deploy and maintain DLP infrastructure o Collaborate with IT teams to investigate and respond to data leak incidents ü Identity and Access Management (IAM) o Collaborate with IT teams to deploy and maintain data encryption solutions o IAM team to ensure seamless integration with technical access management solutions o Ensure compliance with organizational IAM policies and procedures ü Data Encryption Deployment & Monitoring o Collaborate with IT teams to deploy and maintain data encryption solutions o Ensure compliance with organizational data encryption policies and procedures ü Unstructured & Structured Data Discovery & Activity Monitoring o Collaborate with IT teams to: § Deploy and maintain unstructured & structured data discovery and activity monitoring solution § Identify and classify sensitive data § Monitor and analyse restricted and sensitive database activities § Remediate any non-compliant finding reported ü Infrastructure Vulnerability Management o Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. o Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers o Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. o Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. o Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. o Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. ü Application Security o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. o Identify and implement the latest security standards for internet facing and internal assets o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). o Perform Security risk assessments and reviews to be presented to respective committees o Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider ü Cybersecurity o Ensure the protection of WM business data with an adequate security level of WM assets based on review processes o Ensure the coordination with other IT security or other actors in the region or globally o Assist for a Risk Treatment for any APAC WM issue, based on the processes o Identify the IT security risks in advance, record and follow-up them o Define and contribute to processes from cybersecurity perspective o Periodic reporting of security status to IT Security Domain Head o Ensure the regular reporting for management follow-up o Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. o Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. ü Production Security o Ensure the effectiveness and success of vulnerability management process o Ensure the compliance level of the production environment and integrate to reporting ü IT Security Compliance (delegation on WM APAC scope) o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) o Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements o Ensure the compliance with the Third-party Technology risks and the Cloud security o Identify the process gaps and provide solutions ü Coordination with IT Security actors o Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) o Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. o Coordination with the global security teams concerning integration of WM assets within production sites o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group

Job Title-Threat and Vulnerability Management Experience-8Years. Location-Bangalore. Mode Of work-Hybrid. Employment Type-FTE. Mandatory Skill Qualys, Vulnerability Management, Operating Systems, Operations Improvement, ITIL Process

We’re Hiring: Cybersecurity & GRC Audit (2+ Years Experience) Location: Mumbai / Gurgaon/ Bengaluru / Hybrid Experience: 3+ Years Budget: Competitive, based on experience Role: Cybersecurity Analyst / GRC Consultant / IT Risk & Compliance Specialist Are you a certified cybersecurity and GRC professional with 3+ years of experience looking to grow in a fast-paced, compliance-driven environment? We're looking for a motivated expert to support IT audits, compliance, risk assessments , and governance frameworks across leading clients and internal operations. What We’re Looking For: 3+ years of experience in Cybersecurity, IT Audit, Risk & Compliance Strong knowledge of frameworks and standards like ISO 27001:2022, GDPR, NIST, SOX, PCI-DSS, ITGC, COBIT, CIS Controls Certifications preferred: CISA, CISM, ISO 27001 LA, CRISC, or CISSP Hands-on experience with data protection , cloud security , SIEM/DLP tools , and policy documentation Ability to manage internal audits , perform gap assessments , and ensure regulatory compliance Key Responsibilities: Support implementation and audit of ISO 27001 , GDPR , NIST , and other compliance frameworks Perform risk assessments, policy reviews, and control validations Prepare audit documentation and reports for stakeholders Collaborate with IT, legal, and business teams to align security and compliance goals Monitor security events using tools like SIEM, DLP, EDR , and support in mitigation planning Nice to Have: Exposure to cloud platforms (Azure, AWS) Experience with tools like Qualys, Wireshark, ServiceNow, JIRA Strong communication and reporting skills

You will be joining the Vulnerability Management Services team at Atos Group, a global leader in data-driven, trusted, and sustainable digital transformation. With an annual revenue of approximately 5 billion, Atos operates as a next-generation digital business with leading positions in digital, cloud, data, advanced computing, and security across more than 47 countries. By leveraging high-end technologies and a team of 47,000 world-class talents, Atos expands the possibilities of data and technology for current and future generations. Your role will be based in Mumbai (Onsite) with a required experience of 5 to 8 years and the highest qualification of any full-time graduate. As a part of the team, you will be responsible for executing vulnerability scanning and managing VM programs for clients. It is crucial to complete projects within budgeted efforts and agreed timelines while ensuring high-quality deliverables. Key Responsibilities: - Perform vulnerability scanning using tools like SAINT, Nessus, Tenable.io, Tenable.sc, Qualys, etc. - Gain a deep understanding of client network architecture and infrastructure - Identify threats, vulnerabilities, and perform control analysis - Develop customized reports and dashboards as per client expectations - Proactively plan and execute projects - Determine likelihood, analyze impacts, and assess risks - Prioritize risks, recommend solutions, and document findings - Identify business risks associated with weaknesses identified during assessments - Collaborate with both business and technical teams for project scope definition, execution, and closure Skills Required: - 5+ years of experience in Vulnerability Scanning with expertise in tools like Qualys, Tenable, Rapid7, etc. - Ability to understand and explain vulnerabilities to stakeholders - Knowledge of various platforms such as Windows, Linux, Unix, Mac OS, Cisco, Juniper, etc. - Familiarity with standards like PCIDSS, CIS Benchmarks, etc. - Flexibility in handling challenging activities and creativity in problem-solving - Strong communication and writing skills with fluency in verbal communication If you are looking to grow and thrive in a dynamic and innovative environment, we invite you to join us on this exciting journey at Atos Group.,

You are a skilled and proactive Vulnerability Management Analyst with 3 to 6 years of experience who will be joining the security team at CyberProof, a UST Company. In this role, you will be responsible for leading the day-to-day operations of vulnerability assessment and remediation efforts for a client. You will work hands-on with tools like Qualys, Defender, Crowdstrike, and Nessus. Your sharp analysis, technical precision, and mentoring mindset will have a direct impact on the enterprise's security posture. Your key responsibilities will include leading and overseeing vulnerability assessment scans using various tools, configuring and scheduling scans, interpreting assessment findings, and supporting ongoing remediation efforts. You will also be responsible for managing and maintaining up-to-date vulnerability, asset, and configuration databases, performing continuous asset discovery, and ensuring comprehensive scan coverage. Prioritizing vulnerabilities based on criticality, exploitability, and potential business impact will be a crucial part of your role. Additionally, you will mentor junior analysts, escalate risks, coordinate mitigation tasks, and ensure adherence to company and customer information security standards and regulatory compliance. Preferred qualifications for this role include proven experience in vulnerability management, familiarity with CVSS scoring, patch management cycles, and vulnerability lifecycle workflows. Strong analytical skills with the ability to translate complex technical findings into actionable risk narratives are essential. Experience working in hybrid cloud or enterprise environments would be advantageous. Certifications like CompTIA Security+, CEH, or Qualys Vulnerability Management Specialist are also considered beneficial.,

You will be responsible for monitoring and analyzing information security events such as unauthorized use or access, fraudulent activities, and data leakage. This role involves initiating information security incident tickets at a third level, which complements the first and second level monitoring and support in the service desk. Your tasks will include monitoring and analyzing security events in central tools like ArcSight and local systems like IPS on a regular basis. You will be involved in developing and refining detective controls based on input from Information Security Investigation Coordinators, as well as controlling the effectiveness of preventive and detective measures. Additionally, you will develop and report metrics for the overall information security situation, such as the number of targeted attacks or attempts. In terms of incident management, you will be responsible for initiating information security incident tickets, triggering escalation processes if necessary, and implementing initial counter-measures. You will support and collaborate with the Information Security Incident Response Team by providing real-time information on current developments and identifying the origin and target of attacks. Furthermore, you will be involved in planning, performing, and monitoring vulnerability scans using tools like Qualys Guard and reporting the results. The ideal candidate should possess a graduate degree in computer sciences or a related field, with at least 5+ years of experience working with ArcSight. Proficiency in security monitoring tools and devices, including IDS/IPS, AV scanners, security gateways, and SIEM solutions (preferably ArcSight) is mandatory. You should demonstrate the ability to handle high workloads and pressure effectively. Knowledge of network and infrastructure security is essential for this role. Strong analytical skills, good communication abilities, self-organization, and motivation to work in a multicultural environment are highly desirable. Preferred certifications include CEH, ECSA, and GCIH. If you are a Senior Systems Engineer with expertise in SIEM, HP ArcSight, IDS/IPS, AV scanners, and security gateways, this opportunity in Trivandrum could be a perfect fit for you. Holders of B.Sc, B.Com, M.Sc, MCA, B.E, or B.Tech degrees are encouraged to apply by sending your resume to jobs@augustainfotech.com.,

As a DevOps Architect, you will manage the software development process and create an automated delivery pipeline (CI/CD) to enhance infrastructure and application release efficiency. You are responsible for evaluating customer automation needs, supporting DevSecOps transformations, and designing and implementing high-quality DevOps architectures. Our ideal candidate has professional experience automating complex DevSecOps Pipeline deployments using modern CI/CD tools, along with a strong background in managing public cloud infrastructure through Infrastructure As Code (AWS, Azure, and GCP). To be a successful DevOps Architect, you should demonstrate a leadership mindset, possess solid operational experience, and possess effective problem-solving skills. The candidate should have excellent communication skills, be innovative, and stay current with industry trends and best practices in DevSecOps, AIOps, and FinOps. In this position, you will handle all the solution and technical aspects (DevOps) during the pre-sales process. Your responsibilities include identifying and addressing issues affecting customer satisfaction, actively collaborating with customers to enhance operational excellence and cost optimization, and implementing DevSecOps best practices to deliver business value. Building and maintaining relationships with key individuals within customer accounts and serving as a trusted advisor are crucial skills for driving the organic growth of customer accounts. Missions and main activities The main missions are : Automate build, deployment, and other aspects of the software development life cycle. Evaluate, Design, Implement, and streamline best practices architecture for Cloud and DevOps Solutions Implement microservice / container-based architectures. Conduct technical workshops with the customers and find automated solutions to problems that disrupt the availability, performance, and stability of customer systems. Work with the customer development, QA, security, and operations teams to understand requirements for functionality, performance, and security of applications. Explore and maintain an understanding of the internal architecture and client requirements of our applications. Manage the processes of deployments using a blue-green deployment pattern whenever possible. Implement the observability tools for infrastructure and applications. Ensure proper failover and backup architectures are implemented. Audit the customer environment, perform Gap Analysis, and propose remediation plans to address the gaps using Automation tools. Suggest FinOps practices for resource and cost optimization. Investigate and develop skills in new technologies (Data and AI) and collaborate across the company. Experience Total minimum professional working experience of 10 years in IT domain . Minimum 8 years of experience in managing operations of the virtualized platform. Minimum of 5 years of Public Cloud (AWS/Azure/GCP) deployment and management experience 10 years of application integration and deployment experience with a minimum of 5 years of good hands-on experience with cloud services related to computing, network, storage, content delivery, security, deployment, and implementing Cloud and DevOps best practices. Extensive knowledge of various Cloud services at the SDK Level Experience hosting an application on the Public Cloud using Cloud services with IAAS offerings. Expertise in Infrastructure capacity sizing and costing of Cloud services to drive optimized solution architecture, leading to optimal infrastructure investment vs performance and scale. Experience with software and product development lifecycle (incl. coding, coding standards and reviews, source control, testing, debugging, build, deployment, and operations) Good experience in automating manual activities using a scripting language. Expert-level experience in writing infrastructure as code templates Experience in Cloud Native DevSecOps CI/CD components Hands-on experience using version control systems, build, and deployment tools. Good knowledge of Microservices Design and Architecture Provide hands-on technical support for business applications and processes. Balance of strategic and tactical skills and the ability to work on cross-functional teams. Ability to review deployment and delivery pipelines i.e., implement initiatives to minimize chances of failure, identify bottlenecks, and troubleshoot issues. Excellent time management and organizational skills Deep knowledge and experience in complex and large-scale projects Deep understanding of Application, Infrastructure, and security architecture and non-functional aspects like Performance, Scalability, Reliability, Availability, etc Technical skills: Extensive hands-on experience using AWS/Azure/GCP Cloud services: Networking, Windows/Linux virtual machines, Container, Storage, LB, Auto Scaling, Serverless Architecture, Managed DB services, DW, Data Factory, and Analytics Services . Must have expert-level hands-on experience in writing Infrastructure As Code templates using Terraform, CloudFormation/Azure Resource Manager templates/ GCP deployment manager . Must possess excellent knowledge of Configuration Management tools ( Ansible, Chef, Puppet ). Must have strong expertise in operating Linux/Unix environments and scripting languages like Python, Perl, Bash, and PowerShell . Expert in architecting and maintaining containerization and virtualization platforms like Docker, Kubernetes, AWS EKS, Azure AKS, GCP GKE, or OpenShift Experience with Version control systems like GitHub , AWS Code Commit, and Azure Repos Experience with CI/CD tools like Jenkins, GitLab, Bamboo, Circle CI, GitHub Actions, and Argo CD Experience with Cloud Native CI/CD tools: AWS Code Build/Pipeline/Deploy and Azure DevOps Experience with monitoring and observability tools like AppDynamics, Dynatrace, DataDog, Prometheus, Grafana, and NewRelic Familiar with Quality and Security Management tools like SonarQube, Snyk, Aqua Security, Fortify, CheckMarx, Selenium, JUnit, Qualys, Tenable and OWASP ZAP Strong understanding of one or more development platforms DotNet technologies, (C#), Java / JavaScript Familiarity with REST API/ Webservices/ Postman Familiarity with Data Ingestion, Analytics, and AI technologies Knowledge of integration techniques (System & network configuration) Knowledge of Databases ( Mysql, MS SQL, MongoDB ) would be a plus. Consulting & Pre-Sales Assist the sales, and pre-sales team in prospecting with relevant technical pitches and market Orange business-specific data. Support and organize technical responses to RFP / RFI’s Assist sales teams in responses to RFPs and technical requirements documents. Propose the Level Of Effort based on the Sales team-provided Scope Of Work for the implementation. Conduct detailed technical workshops with customers to define the “to-be” architecture and plan the migration roadmap together. Strong executive speaking and presentation skills - Formal presentations, whiteboarding, large and small group presentations. Soft skills: Demonstrate strong analytical and technical problem-solving skills by leveraging the latest trends in technologies. Handle ambiguity and be able to move forward with imperfect information and get things done in a rapidly changing environment. Must be comfortable working in an environment where ideas are challenged. Should possess good product instinct and excellent project management skills to push projects over the finish line with sound planning and persistent execution. Excellent communication, presentation, and conflict resolution skills Astute in aligning effort & resources to achieve desired results. Education and certifications: Bachelor’s degree, Software Engineering, or equivalent work experience Professional Cloud Certifications ( AWS/Azure/GCP) AWS Certified DevOps Engineer Professional preferred Azure DevOps Engineer ­­­­­­­­Certification preferred. Docket/Kubernetes certification preferred.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Grow your career at Qualys — where innovation and talent thrive! About Qualys: Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance, and IT solutions with over 10,000 subscription customers worldwide, including most of the Forbes Global 100 and Fortune 100. We help organizations streamline and automate security and compliance workflows onto a single platform, delivering greater agility, stronger security outcomes, and substantial cost savings. As part of the evolving Qualys Enterprise TruRisk Platform, we are expanding into Cloud Detection and Response (CDR) — helping organizations detect active threats, manage cloud risk, and respond quickly in cloud-native, multi-cloud, and hybrid environments. We are building deep capabilities around cloud log analysis , eBPF-based runtime security , network security , and Zero Trust enforcement — integrating technologies such as Sysdig Falco , Tetragon , and advanced runtime behavioral analytics. Brief Description: We are seeking a dynamic and experienced Senior Product Manager to join our growing Cloud Detection and Response (CDR) team at Qualys. In this role, you will drive the strategy and execution for key areas of our CDR product line — focused on cloud threat detection, investigation, and automated response capabilities. You will bring a strong background in cloud security, detection and response technologies, and a “can-do” attitude to help global enterprise customers secure their cloud infrastructure and containerized workloads. You will collaborate closely with engineering, product design, product marketing, sales, and solution engineering teams, and interface with product leadership in a globally distributed environment. This is an exciting opportunity to have a high-impact role at a company known for innovation and trusted by the world’s leading enterprises. Qualifications: Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or a related technical field (MBA or equivalent experience preferred). 5+ years of experience in product management, or 8+ years in a technical leadership, security engineering, or solution architecture role in cybersecurity or cloud security. Deep understanding of cloud security, cloud-native environments (AWS, Azure, GCP), Kubernetes, and containerized workloads. Familiarity with Cloud Detection and Response (CDR), CNAPP, or adjacent technologies such as SIEM, XDR, EDR, or threat hunting platforms. Hands-on experience or strong working knowledge of cloud telemetry (e.g., AWS CloudTrail, Azure Activity Logs), cloud audit logging, and event-based threat detection. Knowledge of modern runtime security technologies, including eBPF-based monitoring, Sysdig Falco, Tetragon, and cloud-native network security techniques. Understanding of Zero Trust architectures and least-privilege enforcement in cloud environments. Experience working with cybersecurity concepts such as malware detection, file integrity monitoring, secure configuration management, and policy compliance. Strong analytical, organizational, and technical writing skills, with a data-driven approach to decision-making. Exceptional communication skills, both technical and non-technical, across geographically distributed teams and customer environments. Experience collaborating across multiple time zones and managing complex projects in a fast-paced environment. Role and Responsibilities: Define and execute product strategy and roadmap for cloud detection and response capabilities within the Qualys platform. Gather and prioritize requirements based on customer feedback, industry trends, and competitive analysis. Develop clear product themes, epics, and user stories as input to engineering and design teams. Work closely with engineering teams to deliver high-quality product features on time and within scope. Drive key initiatives in cloud log ingestion and analysis, runtime threat detection using eBPF/Falco/Tetragon, network security analytics, and Zero Trust policy enforcement. Actively engage with enterprise customers to understand needs, gather feedback, and validate product direction. Track product success through metrics and KPIs, iterating based on customer impact and business outcomes. Support product marketing with positioning, messaging, launch readiness, and field enablement. Collaborate with sales teams to support key customer opportunities and strategic accounts. Join Us: This is a highly visible and impactful role where you will be part of a passionate and collaborative product team shaping the future of cloud security. If you're excited about building next-generation security solutions, helping customers stay ahead of modern threats, and growing your career at a company known for excellence and innovation — we would love to hear from you.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Requirements: Experience: 7+ Years Security Tools: Black Duck, Prisma Cloud, Qualys, Snyk, Coverity, SonarQube, Burpsuite (Anyone) DevOps Stack: Jenkins, Kubernetes, Helm, Docker Programming: Python, Shell, YAML, JSON (Good to have) Cloud Platforms: AWS, GCP (Understanding basics of Cloud) Vulnerability Management: Own end-to-end vulnerability lifecycle for a given Business Unit consisting of multiple enterprise level products. (SaaS & on-prem). Triage, track, Correlate and remediate vulnerabilities from tools like Black Duck, Prisma Cloud, Qualys, Jfrog Xray etc. Security Automation: Integrate security scanning tools into common tools. Develop dashboards and reports for compliance and leadership visibility. Write high level design to automate a few of the manual work. Collaboration & Governance: Work cross-functionally with product teams, and stakeholders. Contribute to security policies, standards, and best practices. Qualification: Bachelor’s degree in computer science, Engineering, or a related field Job Category: IT Support Job Location: Hyderabad Job Country: India

Job Title: Attack Surface Management (ASM) Trainer Location: Remote Employment Type: Full-time Experience Required: 5+ Years in Cybersecurity / Offensive Security About the Role We are looking for an experienced and passionate Attack Surface Management (ASM) Trainer to lead hands-on training sessions for cybersecurity professionals and red teamers. The ideal candidate will have strong technical expertise in external attack surface discovery, vulnerability assessment, and ASM tools, along with a flair for teaching and mentoring. As a trainer, you will be responsible for designing and delivering high-impact training programs that equip learners with practical skills in ASM, OSINT, and vulnerability intelligence. You'll also guide learners in mastering real-world ASM tools and offensive techniques used in red team engagements. Key Responsibilities Design and deliver structured training modules on Attack Surface Management, OSINT, and vulnerability intelligence. Train participants in the use of ASM platforms (e.g., CyCognito, Netlas, Shodan, Censys, RiskIQ, etc.). Conduct hands-on labs covering domain/IP discovery, cloud exposure mapping, asset attribution, and misconfiguration detection. Teach how to analyze and prioritize external threats using frameworks like MITRE ATT&CK and CVSS/EPSS. Stay up to date with the latest ASM trends, tools, and adversary techniques and update course content accordingly. Conduct assessments and evaluations to monitor trainee progress. Mentor learners through real-world simulations and lab-based challenges. Support internal teams by developing knowledge-sharing sessions and upskilling programs. Technical Skills Required Strong experience in ASM, external threat mapping, and internet-wide scanning. Hands-on with tools like CyCognito, Netlas, Shodan, Censys, SecurityTrails, FOFA, ZoomEye, etc. Knowledge of vulnerability intelligence platforms (Tenable, Qualys, AWS Inspector). Deep understanding of OSINT techniques, reconnaissance workflows, and attack surface mapping. Scripting knowledge (Python, Bash, PowerShell) for automation is a plus. Familiarity with networking protocols (TCP/IP, HTTP/S, DNS), cloud services, and web attack vectors. Soft Skills Excellent presentation and public speaking skills. Strong ability to simplify complex concepts and communicate effectively with learners of all levels. Passionate about teaching, mentoring, and continuous learning. Ability to create engaging, hands-on content and real-world simulation environments. Preferred Certifications (Optional but a Plus) OSCP / CRTP / CRTO / CEH CySA+, CompTIA Security+ CVA or equivalent vulnerability-focused certifications Any cloud or OSINT certifications

Essential Services : Role & Location fungibility At ICICI Bank, we believe in serving our customers beyond our role definition, product boundaries, and domain limitations through our philosophy of customer 360-degree. In essence, this captures our belief in serving the entire banking needs of our customers as One Bank, One Team . To achieve this, employees at ICICI Bank are expected to be role and location-fungible with the understanding that Banking is an essential service . The role descriptions give you an overview of the responsibilities, it is only directional and guiding in nature. About the Role At ICICI Bank, Information Security Group believes in providing services to its customers in the safest and most secure manner keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security. Key Responsibilities: Support and Testing: Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc. Analysis: Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis. Collaboration: Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. Qualifications & Skills Educational Qualification: Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with relevant experience. Certifications: OSCP Compliance: Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset. Network Security: Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Key Technologies: Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends. About the Business Group ICICI Bank’s Information Security Group believes in providing services to its customers in the safest and secured manner, keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. The CIA triad of Confidentiality, Integrity, and Availability is built on the vision of creating a comprehensive information security framework. The Bank also lays emphasis on customer elements like protection from phishing, adaptive authentication, awareness initiatives, and provide easy to use protection and risk configuration ability in the hands of customers. With this core responsibly, ICICI administer and promotes on going campaigns to create awareness among customers on security aspects while banking through digital channels.

The IS Analyst- Vulnerability Management position is an integral member of the GCS IS team and shall contribute recommendations regarding physical and technical information security best practices. The IS Analyst- Vulnerability Management position consults with local offices and their administrators to assist in the implementation of administrative and technical procedures for their networks and applications. The position reports to the Information Security Manager in India. Duties/Responsibilities Key member of the GCS IS Ethical Hacking & Data Protection Team Conduct regular vulnerability assessments using industry-standard tools (e.g., Qualys, Nessus). Analyze scan results, prioritize vulnerabilities based on risk, and coordinate remediation efforts with IT and development teams. Maintain and improve vulnerability management lifecycle, including scanning, reporting, tracking, and verification. Monitor threat intelligence feeds and correlates internal findings to assess potential impact. Develop and maintain dashboards and metrics to report on vulnerability trends and remediation progress. Assist in the development and enforcement of security policies, standards, and procedures. Keep up to date on information security threats and countermeasures and advise technical staff. Participate as a member of the GCS Cyber Security Incident Response Team (CSIRT) as needed to consult on compromise vectors or the cyber kill chain. Required Skills & Attributes Experience with vulnerability management tools- Qualys VMDR, Cloud Agents, and Nessus Professional. Exhibit skills in the Vulnerability Management lifecycle, including vulnerability scanning, remediation and validation. Proficiency with vulnerability scanning tools and interpreting CVSS scores. Strong knowledge of operating systems (Windows, Linux), networking, and cloud environments. Understanding of scanning cloud services (Azure, AWS) environment. Strong English verbal and written communication skills—including the ability to effectively document and ability to clearly communicate vulnerability to the network administrators, asset owners, and key stakeholder. Strong ability to work in a team effectively and collaborate across multiple time zones. Required Qualifications Bachelor’s degree in Computer Science, Information Security, or a related field. 5+ years of experience in vulnerability management or a related cybersecurity role. Familiarity with regulatory and compliance frameworks (e.g., ISO 27001, NIST, PCI-DSS). Preferred Skills & Attributes One (or more) relevant certifications: CISSP, CEH, CompTIA Security+, Qualys VMDR, etc. Ability to interpret information security data and processes to identify potential compliance issues. Decision-making and problem-solving skills including the ability to clearly define and resolve issues. Assertive and proactive in identifying and resolving issues and concerns. Excellent time management skills including the ability to prepare prioritize and complete work plans. Ability to work with geographically diverse offices in a global organization, with a willingness to work offset hours occasionally to accommodate time zones.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Job Description This role is within the TechPubs team of the Support organization and would create modern online content that helps users of Qualys Cloud Platform and its integrated apps. The ideal candidate is passionate about creating content that helps train users quickly and effectively in a modern way. Role and Responsibilities: Contribute to the development of high-quality technical documentation by working with diverse stakeholders to scope, design, edit, and publish internal/external facing technical content. Interactively contribute to the document creation and maintenance process. Take ownership of the documentation for multiple products, follow through and complete the product cycle, and report accurate and timely status for all assignments. Write and update high-quality help content and user interface (UI) messaging. -Create new help content that addresses user needs, use cases. Deliver a variety of content i.e. online help, quick starts, Support KB articles, FAQs, API user guides, videos. Work with reviewers to ensure technical accuracy and appropriateness of content according to prescribed project deliverables and schedules. Performs tasks related to the construction of technical and non-technical illustrations and graphics or changes to existing illustrations/graphics. Work closely with the Support team, Product Management, Development, QA, to drive the creation and production of technical information for blogs, Community, Knowledge Base system, technical white papers, etc. Ensures compliance with customer requirements, company and government specifications, engineering standards, and language usage principles. Ensure quality and timeliness of documentation. Ability to concentrate, attention to detail, and command of the English language. The lead must be a self-motivating and self-managing writer who can learn complex technologies quickly, and manage the entire process of writing top-quality documentation. As an Information Developer, the candidate should: Have at least 8-12 years of technical writing experience. Have experience developing technical documentation for enterprise software audiences. Have worked on creating User Guides, Online Help, API documents, etc. Have the ability to adjust priorities and quickly learn new technologies and software applications. Have the ability to effectively own and handle multiple products. Have some experience leading/mentoring junior technical writers. Have been a team player Demonstrate excellent communication and interpersonal skills with the ability to effectively work with global and culturally diverse departments and groups to gather the right information at the right time. Have the ability to ask the right questions to understand the product and product features well. Hands-on experience with accepted team collaboration, authoring, and publishing tools Have good editing skills and preferred to have hands-on with Adobe FrameMaker, Robohelp, Illustrator, Acrobat, Microsoft Office Tools/Suite, and Google Docs. Have the enthusiasm and eagerness to contribute towards building great technical content Be able to think out-of-the-box for technical writing solutions Be up-to-date with the latest trends in Technical Writing.

Who We Are: Jolera stands as a distinguished multinational Global Systems Integrator (GSI), a vanguard in delivering comprehensive and bespoke IT solutions to a diverse clientele, encompassing both direct customers and channel partners across the globe. We are driven by a commitment to excellence, leveraging a team of over 550 highly skilled professionals to design, implement, and manage technology systems that are not only effective and competitive but also scalable and value driven. Our comprehensive suite of services includes the creation of customized technology solutions tailored to specific business needs, in-depth IT assessments and strategic planning, meticulous IT device and infrastructure management, robust data backup and recovery solutions, seamless cloud and on-premise migrations, enterprise-grade security services, and round-the-clock, 24/7/365 quad-lingual end-user support. At Jolera, we believe in empowering organizations worldwide with innovative and reliable IT solutions, and we invite you to join us in this mission. Join us as a Security Platform Engineer —where you’ll own the full stack of endpoint, identity, and cloud-detection defenses, and your ideas will shape how we protect thousands of devices and user identities every day. If you thrive on solving challenging security problems, automate everything you touch, and expect real feedback, you’ll fit right in. We champion people who take initiative, speak up, and deliver measurable results What You'll Do Administer & Support Security Products – Own day-to-day operation of CrowdStrike, SentinelOne, Proofpoint, Qualys, Microsoft, and our Cyber-Awareness Training suite. Deploy & Configure – Support Migrations, build repositories, and fine-tune policies and tasks across platforms. Troubleshoot & Escalate – Act as the SME for complex security incidents, providing Tier-3 support to our operations team. Identity Protection – Monitor Azure AD / Microsoft Entra ID and Okta, enforce least-privilege access, and remediate identity-based threats. Automate & Optimize – Script (PowerShell/Python) to speed deployment, reporting, and continuous configuration compliance. Document & Improve – Maintain clear exception/run-book documentation and drive process improvements that elevate customer satisfaction. Who You Are Experience with Endpoint Security Solutions: Proven hands-on experience administering and supporting a variety of endpoint security products, including but not limited to CrowdStrike, SentinelOne, Qualys, and email security solutions like Proofpoint. Operating System Expertise: Strong proficiency in Microsoft Windows operating systems (client and server versions), including administration, troubleshooting, and understanding of security configurations. Identity Security Expertise: Administered Azure AD / Entra ID or Okta: conditional access, MFA, PIM, SSO, SAML/OIDC. Networking Fundamentals: Solid understanding of networking concepts (TCP/IP, DNS, firewalls, proxies) as they relate to endpoint security communication and troubleshooting. Automation Skills: Demonstrated experience in scripting and automation (e.g., PowerShell, Python) to streamline security operations, agent deployment, policy management, and reporting. Subject Matter Expertise: Ability to act as a subject matter expert for operating, troubleshooting, installing, and configuring diverse security solutions. Documentation & Communication: Strong ability to maintain relevant documentation for exceptions and processes, and excellent verbal and written communication skills for technical and non-technical audiences. Customer Focus: A strong commitment to identifying and driving process improvements to ensure improved customer satisfaction Ownership Mindset: A proactive and responsible approach to tasks and projects, taking full accountability for outcomes. Preferred Qualifications: Vendor Specific Certifications (CrowdStrike, SentinelOne, Proofpoint) CompTIA Cybersecurity Analyst CompTIA Network+ Microsoft Certified: Windows Server Hybrid Administrator Associate Microsoft 365 Certified: Administrator Expert Microsoft Certified: Security Administrator Associate Azure Security Engineer Associate What We Offer Competitive compensation package and comprehensive benefits Professional development including certifications and specialized training Exposure to cutting-edge technologies and globally recognized projects Work with diverse international teams and Fortune 500 clients Career advancement opportunities within a growing global organization Collaborative and innovative work culture that values your contributions Regular company events, recognition programs, and celebrations Opportunity to build a portfolio of high-impact, global-scale projects At Jolera, we are committed to creating a diverse, equal and inclusive. Our goal is to attract and retain the best talent while embracing diversity in all its forms. We value and respect differences in ethnic background, gender, age, religion, identity, disability, or any other characteristic protected by applicable law.

Job Title : SOC Information Security. Location : Noida. Experience : 4-6 Years. Job Type : Full-Time. Job Overview We are seeking a detail-oriented and technically proficient IT Security & Compliance Analyst with strong experience in Vulnerability Assessment & Penetration Testing (VAPT), security audits, and IT controls. The ideal candidate will be responsible for evaluating IT systems, identifying gaps in compliance, performing security assessments, and ensuring alignment with regulatory and organizational security frameworks such as ISO 27001 and SEBI guidelines. Key Responsibilities Evaluate the adequacy and effectiveness of IT controls related to : Compliance & regulatory requirements. Change management processes. Information security policies. System backup and recovery. Business continuity and disaster recovery (BCP/DR). Monitor and assess control deficiencies, and provide recommendations to improve existing policies, documentation, and review processes. Work closely with external auditors to ensure alignment on in-scope systems and controls, and coordinate testing activities as required. Execute and manage multiple tasks efficiently, adhering to project timelines and allocated budgets. Conduct regular security audits and compliance assessments using frameworks such as : ISO 27001 :2013, SEBI cybersecurity guidelines, OWASP Top 10, WASC TCv2, SANS Top 25, CWE 25. Perform manual security assessments using tools like : Burp Suite, Qualys, Netsparker, Nessus, NTO Spider or other industry-standard VAPT tools. Provide insights on security system optimization and tuning based on alerts and real-time observations. Strong involvement in security incident response, malware handling, and vulnerability management. Work with SIEM tools for log correlation and threat detection. Required Skills & Experience Hands-on experience in VAPT (focus on manual testing). Deep understanding of information security principles. Knowledge of data loss prevention (DLP), encryption, patch management, PGP, and anti-virus systems. Proficiency in SIEM platforms and correlating security logs. Strong documentation and communication skills. Familiarity with security audit lifecycle and reporting. Preferred Certifications (Optional) CEH, CISA, ISO 27001 Lead Auditor, or related certifications. (ref:hirist.tech)

Are you passionate about driving innovation in security solutions and have a strong background in application security If so, we have a perfect opportunity for you! We are looking for a dynamic and experienced Product Manager to join our Enterprise TruRisk Platform PM Team at Qualys. In this role, you will be responsible for driving the strategy and execution of our Connectors to unlock value with new use cases by integrating Qualys with 3rd Party Cloud Security Solutions. To excel in this role, you should have a solid background in cloud security and a can-do attitude to help global enterprise customers seamlessly integrate their cloud security data with Qualys ecosystem. Collaboration is key in this role as you will work closely with engineering, product design, product marketing, sales, and solution engineering teams, and interface with product leadership in a globally distributed environment. Your responsibilities will include defining and executing the product strategy and roadmap for Qualys connectors based on company goals, customer feedback, industry trends, competitive analysis, and market research. You will also be involved in defining clear product themes, epics, and user stories, collaborating with various teams to prioritize and refine product plans, attending engineering grooming sessions, and driving product delivery. To be successful in this role, you should have a background in solution engineering, product development, product management, business analysis, integration architecture, and implementation consulting. You should possess strong knowledge of Cloud Security concepts across major cloud platforms such as AWS, Azure, GCP, and OCI. Hands-on experience or a strong understanding of cloud-native security tools and services is highly desirable. If you have a Bachelor's degree in Computer Science, Engineering, Cybersecurity, or a related technical field, along with 3+ years of experience in product management or 5+ years in a technical leadership role in cybersecurity or cloud security products, we would like to hear from you. Relevant certifications such as AWS/Azure/GCP certifications, CISSP, CCSP, etc., are a plus. If you are ready to take on an exciting opportunity with a high-impact role at a company known for innovation and trusted by the world's leading enterprises, please submit your application, including your resume and a cover letter outlining your experience and qualifications for this role.,

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Description: Qualys is looking for a skilled Security QA Engineer with 3–4 years of experience to join our engineering team. In this role, you will be responsible for testing, validating, and ensuring the quality of our security products and solutions. You will collaborate closely with developers, security analysts, and product managers to identify issues, automate test cases, and ensure our solutions meet the highest security and quality standards. Key Responsibilities: Design, develop, and execute manual and automated test cases for security products and tools. Validate security features, threat detection, and mitigation workflows. Write and maintain automated test scripts in Python. Perform regression, functional, integration, and security testing on Linux-based systems. Analyze test results, report defects, and work with developers to resolve issues. Set up and manage Linux-based test environments, VMs, or containers. Contribute to improving QA processes, test coverage, and automation frameworks. Document test plans, test cases, and test results clearly and thoroughly. Collaborate with the wider security engineering team to ensure product security and compliance with best practices. Required Skills and Qualifications: Bachelor’s degree in Computer Science, Information Security, or related field. 3–4 years of experience in software QA, preferably with security products. Strong working knowledge of Linux operating systems (installing, configuring, troubleshooting). Proficiency in Python scripting for test automation. Familiarity with security concepts such as threat detection, vulnerability scanning, or incident response workflows. Strong analytical and problem-solving skills. Excellent verbal and written communication skills. Preferred: Candidates holding a CEH (Certified Ethical Hacker) certification will be given preference. Experience with CI/CD pipelines and automation tools (Jenkins, GitLab CI). Familiarity with network security tools (IDS/IPS, firewalls). Knowledge of container security (Docker, Kubernetes).

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The candidate would be expected to work in diverse risk consulting engagements and are willing to travel to Middle East countries for project execution atleast 60% of their time. The candidate are expected to have experience / knowledge with respect to the following: Experience with infrastructure penetration testing and vulnerability assessments Good knowledge of OWASP and Secure SDLC standards Should have performed web/mobile/API penetration testing. Good knowledge of encryption technologies & MiTM attacks Experience in performing security code reviews and log analysis. Knowledge of Linux administration, TCP/IP, DNS, Network protocols and OSI model Good understanding of MITRE ATT&CK framework and how to leverage it. Good understanding of AD administration, different authentication mechanisms, trust boundaries etc. Experience in performing security configuration reviews for OS, Databases, Network & Security devices, applications etc. Should have good understanding of the cloud services (AWS, Azure and GCP), its architecture, potential attack vectors and mitigation plans Should have good understanding of the Container services, Kubernetes auditing and LLM security Experience in performing architecture design review for network and applications Experience in performing CS audits/maturity assessments against relevant standards like SAMA CSF, NCA, NIST, NESA, Qatar Cybersecurity Framework etc. Support in conducting technical reviews as part of IT/CS audits Should hold atleast 1 of the certifications or its equivalent : OSCP, GPEN, OSWE, OSWP, CRTP, LPT, ECSA, ISO27001, CEH Hands on experience will security testing tools/frameworks like Burp Suite, Nessus, Qualys etc. Hands on experience with programming using Python/Perl/PowerShell/C# Hands on experience with setting-up phishing and performing social engineering assessments Experience with AV/NAC evasion, obfuscation, bypass windows ASR/device guard, network security controls, emails gateway filtering etc. Experience with Active directory assessments Experience with different stages of cyber kill chain Review operational logs and event console activity to determine cause of security-related events or to identify potential security related events Analysis of the patches released by the vendors Good in report writing and convey the observations to the top management in layman’s language emphasizing on the business risks. Experience with mentoring junior resources or managing stakeholders/client Should be open-minded and ready to take up additional challenges or tasks outside your core domain expertise Skills Network Vulnerability Scanning and Penetration Testing, Web Application Penetration Testing, Mobile Application Penetration Testing, Web service/API Security Assessment, Secure Code review, AD Security Assessments, Social Engineering Assessments, Configuration Audit (Automated and Manual), Wireless Penetration Testing, Threat Modelling Qualification required-MCA/BTech /BSc ( Comp Science/Electronics and communication, or equivalent) Qualification preferred- Minimum 4+ years of IT/cyber risk consulting & penetration testing experience EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Brief Description: Lead Software development engineer for Cloud Appliance/Cyber security product Full Job Description: We invite you to be part of motivated and agile Qualys engineering team responsible for developing high-end Cloud based Security Solutions. This opening is your chance to work in the rapidly expanding field of computer security, in a company with excellent customer ratings and outstanding growth rates. In this position you will be working on network security solutions to deliver cutting-edge products. This position is for our fastest growing R&D center in Pune, India, which is part of multi-continent engineering team. Responsibilities: Develop understanding of the product functionality spanning in-field appliance to cloud services i.e. the end-to-end architecture, how customers use the product, how the product fits in the overall Qualys security platform and its value-add, various customer use case scenarios etc. This perspective is required for in-depth understanding and handling customer queries. Ability to read and comprehend written code and participate in reviews. Develop in-depth knowledge in security and networking domains. Contribute to the appliance stack development. Understand the existing appliance architecture well to be able to own new feature development - design, develop, deliver. Study and decipher documentation needed to accomplish tasks at hand viz standards, RFCs and protocol specifications, network topologies, networking fundamentals ( Tcp/Ip stack, switches, routers, networking protocols, firewalls), Linux platform fundamentals, virtualization, deep packet inspection etc. Debug issues in the product reported by internal QA teams or in production by customers and suggest solutions. Interact with QA teams to describe product feature and methods to test it – functionality, performance, negative scenarios. Document the design and test plans as part of development activities. Communicate with other team members, including with the QA team and collaborate as required. Qualifications: Must Have: Degree in Computer Science/Electronics/Instrumentation. 8 to 15 years software development or testing experience in Cyber Security / Networking Systems. Professional experience developing products in kernel/networking domains is an added advantage for example experience in areas such as deep packet inspection, packet parsing, kernel programming, control and data paths, kernel bypass and fast packet processing techniques, firewalls, networking protocols socket programming, virtualization and hypervisors etc. Ability to write as well as comprehend written code in C/C++ and/or Python programs. Passion to build a career in embedded systems, networking as applicable to Network Security Systems. Good academic record. Good reading and comprehension skills to be able to read technical literature of Network Security products and make inferences. Ability to operate Linux and Windows Operating System commands and related applications. Good written and verbal communication skills. Additional skills that are good to have: Good debugging skills, ability to inspects packet captures Understanding of Linux boot loaders, grub, kernel compilation and networking stack internals, TCP/IP knowledge. Knowledge of one or more protocols used in Network Security systems - eg. LDAP, DHCP, ARP, DNS etc. Knowledge of Layer 2 and 3 switching, High availability, VPN, VLAN technologies etc. Working knowledge of deployment of Virtual Machines such as Vmware. Good understanding of Database concepts and good working knowledge with Oracle/PLSQL/Postgres. Excellent analytical and program solving skills, excellent written and oral communication, self-starter and highly motivated. Work in a dynamic environment and ability to adapt quickly to changes.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! Responsibilities: Hunt, develop, and close new business opportunities CNAPP selling experience will be useful Delivery high-level and detailed sales presentations Respond to functional and technical elements of RFIs/RFPs Provide functional and technical support to prospects and customers Responsible for attending conferences, seminars virtually, in-region and nationally Ability to manage a realistic sales funnel, follow up on inbound leads quickly, and cold call into large Fortune 500 / S&P 500 size organizations Qualifications: Ideal candidate must be self-motivated with strong knowledge in security and compliance space: CNAPP, Container Security, Vulnerability Management, Policy Compliance, Web Application Scanning, Threat Hunting / EDR, File Integrity Monitoring, and other enterprise security solutions. Strong track record of hunting, consulting, and closing new business Experience with Qualys is a plus, but not required Familiarity with compliance benchmarks such as CIS level 1 & 2, PCI, HIPAA, HITRUST, NERC, CIP, NIST, etc. Must possess strong presentation skills and be able to communicate professionally in response to emails, RFPs and when submitting reports 10+ years relevant experience Excellent written and oral communication skills Able to travel throughout sales territory Able to comfortably present to prospects and clients using video conferencing solutions in a work-from-home environment

Job Description WHAT YOU’LL DO We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong background in penetration testing to join our cybersecurity team. The successful candidate will be responsible for identifying potential security risks and vulnerabilities in our organization's systems, applications, and networks, performing penetration testing, and facilitating and managing third-party penetration testing engagements. Who You’ll Work With Attack Surface Reduction team helps and contribute to improve the security posture of H&M by operating within an Agile model. We play a crucial role in proactively identifying and help in mitigating potential security risks and vulnerabilities across H&M's systems, applications, and networks, with the aim of preventing unauthorized access, data breaches, and other security incidents. Key Responsibilities: Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on H&M's systems, networks, and applications. Utilize industry-standard tools and methodologies to identify potential vulnerabilities and weaknesses in our attack surface. Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in a timely manner. Experience in designing, implementing, and managing vulnerability management processes and workflows. Facilitate and manage penetration testing engagements with third-party vendors. Collaborate with other members of the cybersecurity team to develop and implement strategies to reduce our attack surface. Develop and maintain security policies and procedures for our organization's systems, applications, and networks. Monitor our organization's systems, applications, and networks for unauthorized access, suspicious activity, and other security threats. Stay up to date with the latest trends and developments in the field of cybersecurity, specifically related to attack surface reduction techniques. Who You Are We are looking for people with… Bachelor's degree in computer science, information security, or a related field. 3-5 years of experience in vulnerability scanning, vulnerability management, and penetration testing. Solid knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Strong knowledge of security assessment tools, vulnerability scanning, and penetration testing. Proficient in using industry-standard vulnerability assessment and penetration testing tools (e.g., Kali Distro, Qualys, Burp Suite, etc.). Familiarity with industry frameworks and standards, such as NIST, OWASP, and CIS. Effective communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders. Excellent analytical, problem-solving, and communication skills. Relevant certifications, such as SANS, OSCP, OSEP, CompTIA Security+ or CREST are a plus. WHY YOU’LL LOVE WORKING HERE At H&M, we are proud to be a vibrant and welcoming company. We offer our employees attractive benefits with extensive development opportunities around the globe. We offer all our employees at H&M attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP. You can read more about our H&M Incentive Program here. In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment types and countries. JOIN US Our uniqueness comes from a combination of many things – our inclusive and collaborative culture, our strong values, and opportunities for growth. But most of all, it’s our people who make us who we are. Take the next step in your career together with us. The journey starts here. We are committed to a recruitment process that is fair, equitable, and based on competency. We therefore kindly ask you to not attach a cover letter in your application. Additional Information This is a full-time position, starting in August 2025 . Apply by sending in your CV in English as soon as possible, but no later than the 30th of June 2025 . Due to data policies, we only accept applications through the SmartRecruiters or career page