670 Qualys Jobs - Page 7

Join a team using leading edge security technology and processes to protect the F5 enterprise and product environment. The Security Engineer position will execute strategic processes and implement technical solutions to enable our information security program and address day-to-day security challenges amidst the industrys evolving technology landscape. Primary Responsibilities Build and implement new security controls, processes and tools. Identify organizational risks to confidentiality, integrity, and availability, and determine appropriate mitigations. Leverage native Azure, GCP, and AWS cloud services to automate and improve existing security and control activities. Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats. Perform technical security assessments against product and enterprise cloud hosted, virtual, and on-premise systems including static and dynamic analysis, and threat modeling. Review and test changes to services, applications, and networks for potential security impacts. Collaborate with Architecture, Site Reliability Engineering and Operations teams to develop and implement technical solutions and security standards. Stay abreast on security best practices and secure design principles. Review changes to and ongoing operations of enterpise environments and supporting systems for security and compliance impacts. Assist in incident detection and response efforts. Implement zero-trust patterns with cloud agnostic tools to support enterprise business units. Implement, design, develop, administer, and manage enterprise security tooling. Knowledge, Skills and Abilities Experience working with high-availability enterprise production environments Familiarity with scripting languages (e.g., (Go, Python, Ruby, Rust,etc.). and building scripts for process improvements Experience automating security testing and reporting outputs Technical knowledge and hands-on experience with security and networking security, basic networking protocols, cloud security, network security design, intrusion prevention/detection, and firewall architecture Experience assessing and implementing technical security controls Willingness to innovate and learn new technologies Excellent interpersonal and relationship skills with a collaborative mindset Knowledge or familiarity with technological stack (Big-IP, Azure, AWS, GCP, CentOS, Hashicorp Vault, Palo Alto, Qualys). Experience with network and application vulnerability and penetration testing tools. Baseline competency in administration of Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) or equivalent public cloud infrastructure. Exposure to DevOps tooling, CI/CD pipelines, container orchestration, and infrastructure as code approach (e.g. Puppet, Chef, Ansible, Terraform, Jenkins, CircleCI, Artifactory, Git) Strong written and verbal communication skills. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism. Agile, tactful, and proactive attitude that can manage prioritization and know when to escalate. Qualifications B.S. or M.S. in Computer Science, Engineering, or related field, or equivalent experience. 3+ years of relevant security and networking experience The About The Role is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Join a team using leading edge security technology and processes to protect the F5 enterprise and product environment. The Security Engineer position will execute strategic processes and implement technical solutions to enable our information security program and address day-to-day security challenges amidst the industrys evolving technology landscape. Primary Responsibilities Build and implement new security controls, processes and tools. Identify organizational risks to confidentiality, integrity, and availability, and determine appropriate mitigations. Leverage native Azure, GCP, and AWS cloud services to automate and improve existing security and control activities. Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats. Perform technical security assessments against product and enterprise cloud hosted, virtual, and on-premise systems including static and dynamic analysis, and threat modeling. Review and test changes to services, applications, and networks for potential security impacts. Collaborate with Architecture, Site Reliability Engineering and Operations teams to develop and implement technical solutions and security standards. Stay abreast on security best practices and secure design principles. Review changes to and ongoing operations of enterpise environments and supporting systems for security and compliance impacts. Assist in incident detection and response efforts. Implement zero-trust patterns with cloud agnostic tools to support enterprise business units. Implement, design, develop, administer, and manage enterprise security tooling. Knowledge, Skills and Abilities Experience working with high-availability enterprise production environments Familiarity with scripting languages (e.g., (Go, Python, Ruby, Rust,etc.). and building scripts for process improvements Experience automating security testing and reporting outputs Technical knowledge and hands-on experience with security and networking security, basic networking protocols, cloud security, network security design, intrusion prevention/detection, and firewall architecture Experience assessing and implementing technical security controls Willingness to innovate and learn new technologies Excellent interpersonal and relationship skills with a collaborative mindset Knowledge or familiarity with technological stack (Big-IP, Azure, AWS, GCP, CentOS, Hashicorp Vault, Palo Alto, Qualys). Experience with network and application vulnerability and penetration testing tools. Baseline competency in administration of Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) or equivalent public cloud infrastructure. Exposure to DevOps tooling, CI/CD pipelines, container orchestration, and infrastructure as code approach (e.g. Puppet, Chef, Ansible, Terraform, Jenkins, CircleCI, Artifactory, Git) Strong written and verbal communication skills. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism. Agile, tactful, and proactive attitude that can manage prioritization and know when to escalate. Qualifications B.S. or M.S. in Computer Science, Engineering, or related field, or equivalent experience. 3+ years of relevant security and networking experience The About The Role is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Join a team using leading edge security technology and processes to protect the F5 enterprise and product environment. The Security Engineer position will execute strategic processes and implement technical solutions to enable our information security program and address day-to-day security challenges amidst the industrys evolving technology landscape. Primary Responsibilities Build and implement new security controls, processes and tools. Identify organizational risks to confidentiality, integrity, and availability, and determine appropriate mitigations. Leverage native Azure, GCP, and AWS cloud services to automate and improve existing security and control activities. Develop or implement open-source/third-party tools to assist in detection, prevention and analysis of security threats. Perform technical security assessments against product and enterprise cloud hosted, virtual, and on-premise systems including static and dynamic analysis, and threat modeling. Review and test changes to services, applications, and networks for potential security impacts. Collaborate with Architecture, Site Reliability Engineering and Operations teams to develop and implement technical solutions and security standards. Stay abreast on security best practices and secure design principles. Review changes to and ongoing operations of enterpise environments and supporting systems for security and compliance impacts. Assist in incident detection and response efforts. Implement zero-trust patterns with cloud agnostic tools to support enterprise business units. Implement, design, develop, administer, and manage enterprise security tooling. Knowledge, Skills and Abilities Experience working with high-availability enterprise production environments Familiarity with scripting languages (e.g., (Go, Python, Ruby, Rust,etc.). and building scripts for process improvements Experience automating security testing and reporting outputs Technical knowledge and hands-on experience with security and networking security, basic networking protocols, cloud security, network security design, intrusion prevention/detection, and firewall architecture Experience assessing and implementing technical security controls Willingness to innovate and learn new technologies Excellent interpersonal and relationship skills with a collaborative mindset Knowledge or familiarity with technological stack (Big-IP, Azure, AWS, GCP, CentOS, Hashicorp Vault, Palo Alto, Qualys). Experience with network and application vulnerability and penetration testing tools. Baseline competency in administration of Microsoft Azure Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP) or equivalent public cloud infrastructure. Exposure to DevOps tooling, CI/CD pipelines, container orchestration, and infrastructure as code approach (e.g. Puppet, Chef, Ansible, Terraform, Jenkins, CircleCI, Artifactory, Git) Strong written and verbal communication skills. Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism. Agile, tactful, and proactive attitude that can manage prioritization and know when to escalate. Qualifications B.S. or M.S. in Computer Science, Engineering, or related field, or equivalent experience. 3+ years of relevant security and networking experience The About The Role is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Skills:- vulnerability management, information security, or a related discipline, Qualys, Tenable, or Rapid7, Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls), Experience with ITSM tools and ticketing systems for remediation tracking. Experience:- 3-5 Years Location:- Hyderabad Shift Timing:- 11.00 am - 8.00 pm Analyst, Vulnerability Management Omnicom Global Solutions, Hyderabad IN About Omnicom Global Solutions Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4000 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Role Overview We have an exciting opportunity for an Analyst, Vulnerability Management at our Hyderabad office. This role is central to maintaining and enhancing Omnicom’s cybersecurity framework by overseeing vulnerability assessments, remediation guidance, and program governance. As a Vulnerability Management Specialist, you will drive day-to-day scanning operations, review security exposures, and ensure that the organization’s attack surface is minimized through proactive analysis and mitigation. You’ll also collaborate on vendor assessments and support strategic improvements to our enterprise vulnerability management program. Key Responsibilities Maintain and operate vulnerability scanning tools and associated processes. Conduct regular scans and assessments of enterprise environments to detect security vulnerabilities. Review findings, prioritize risks, and recommend remediations or security patches in coordination with IT and security teams. Develop and present exception and management reports; track remediation status and escalate unresolved risks. Assist in creating and maintaining quality metrics and dashboards for vulnerability program performance. Monitor vendor and third-party security postures; support governance and compliance protocols. Collaborate with cross-functional teams to support risk mitigation strategies and secure configuration management. Contribute to the evolution of Omnicom’s next-generation vulnerability management and threat detection frameworks. Required Qualifications 3–5 years of experience in vulnerability management, information security, or a related discipline. Proficiency with vulnerability scanning tools such as Qualys, Tenable, or Rapid7. Familiarity with patch management workflows and remediation lifecycle practices. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS Controls). Ability to analyze technical findings, assess business impact, and provide actionable remediation guidance. Effective communication skills with experience in stakeholder engagement and reporting. Detail-oriented with strong problem-solving skills and the ability to work independently or in a team setting. Preferred Qualifications Security certifications such as CompTIA Security+, CEH, or equivalent. Exposure to vendor risk management and third-party security assessment. Experience with ITSM tools and ticketing systems for remediation tracking.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! About The Job Join Qualys, a global leader in cybersecurity, where innovation meets impact! We are looking for a visionary Senior Product Manager to own and drive the AI strategy and product development for the Qualys platform. This role offers a unique opportunity to lead AI-powered security solutions that protect enterprises worldwide. Location: Foster City, California OR Pune, Maharashtra (Minimum 3 days mandatory in office) Remote: Considered for exceptional candidates with strong AI and cybersecurity product management experience The Position Qualys seeks an experienced Senior Product Manager to own the AI product line within the Qualys platform. The ideal candidate will have end-to-end ownership of AI-driven security features, from ideation to delivery, including inbound and outbound product management responsibilities. You will be a subject matter expert in AI/ML technologies applied to cybersecurity, with a deep understanding of the Qualys platform and customer needs. A key focus of this role will be advancing Agentic AI capabilities—AI systems that go beyond reactive responses to autonomously plan, make decisions, and execute actions with minimal human intervention. You will lead the integration of agentic AI to enable proactive, self-driven security workflows that enhance threat detection, automate complex processes, and deliver predictive insights, transforming how enterprises manage cybersecurity risks. You will collaborate closely with engineering, data science, sales, marketing, and customer success teams to align AI product roadmaps with market demands and emerging security challenges. What You Will Be Doing Product Ownership: AI and Agentic AI for Qualys Platform Own the AI and Agentic AI product strategy and roadmap for Qualys’ cybersecurity platform, focusing on autonomous threat detection, intelligent automation, and predictive analytics Drive innovation in AI/ML and agentic AI capabilities that improve platform accuracy, operational efficiency, and user experience by enabling AI systems to act proactively and autonomously within defined guardrails. Define clear objectives and ethical boundaries for agentic AI features to ensure responsible deployment and maintain customer trust. Business Ownership and Responsibilities Act as the ‘Business Owner’ for AI and agentic AI features, prioritizing initiatives that drive revenue growth, customer adoption, and platform differentiation. Analyze product performance metrics such as feature adoption, customer retention, expansion, and renewal; develop business plans to optimize these metrics and present insights to leadership. Lead pipeline generation efforts by collaborating with marketing to design AI-focused campaigns that attract and convert leads. Evaluate pricing and packaging strategies for AI capabilities, including freemium, premium tiers, and bundling with other Qualys products to maximize market penetration. Innovate product-led growth (PLG) and product-led sales (PLS) strategies using AI-driven insights to accelerate pipeline and revenue. Outbound Product Management Responsibilities Develop sales enablement materials including AI and agentic AI product presentations, demo scripts, and competitive positioning documents. Research the AI, agentic AI, and cybersecurity competitive landscape; craft compelling messaging and positioning; and train sales teams to effectively communicate AI value propositions. Build thought leadership content such as white papers, webinars, and case studies to showcase AI and agentic AI innovation within Qualys. Engage directly with customers to gather feedback, understand pain points, and translate insights into actionable product requirements. Inbound Product Management Responsibilities Define and evangelize the AI and agentic AI product vision, strategy, and go-to-market plans. Lead cross-functional teams (Product, Engineering, Data Science, UX, Sales) to deliver AI and agentic AI features on time and with high quality. Prioritize feature development based on customer needs, market trends, and business impact. Establish strong customer relationships to validate AI and agentic AI use cases and ensure product-market fit. What We Need From You Bachelor’s degree in Computer Science, Engineering, Data Science, or related field; MBA or equivalent experience preferred. 7+ years of product management experience, with at least 2 years focused on AI/ML products in cybersecurity or related domains. Deep understanding of AI/ML technologies, including supervised/unsupervised learning, NLP, anomaly detection, predictive analytics, and agentic AI concepts such as autonomous decision-making, task planning, and minimal human oversight as applied to security. Proven track record of building and scaling AI-powered and agentic AI-enabled security products or platforms. Strong business acumen with experience in pricing, packaging, and go-to-market strategies for AI-driven solutions. Excellent communication skills with the ability to articulate complex AI and agentic AI concepts to technical and non-technical audiences. Experience collaborating with data scientists, engineers, and sales teams to deliver customer-centric AI and agentic AI products. Passion for innovation, experimentation, and data-driven decision-making. Familiarity with cybersecurity domains such as vulnerability management, threat intelligence, endpoint security, or cloud security is highly desirable. Ability to thrive in a fast-paced, collaborative environment and lead cross-functional teams to success. Why Qualys? Work on cutting-edge AI and agentic AI technologies that protect organizations worldwide. Collaborate with a passionate, diverse team committed to innovation and customer success. Competitive compensation, benefits, and career growth opportunities. This addition highlights the strategic importance and technical sophistication of agentic AI within the AI product management role, positioning the candidate to lead next-generation autonomous AI capabilities in cybersecurity

Summary Position Summary Red Team — Senior Consultant 2 – Senior Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes Interacts with clients, managers and partners to build and nurture strong relationships Tailors firm tools and methodologies as per client requirements Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships with their direct client contacts at a minimum at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Advanced communication skills (written and verbal) with experience delivering high-level technical presentations, detailed engagement reports, and executive briefings to stakeholders and leadership teams. Proven ability to design and execute complex red team operations, providing tactical and strategic guidance for enhancing organizational security posture through actionable insights. Comprehensive project management skills, with experience in leading large-scale offensive security engagements from inception to execution, including coordinating cross-functional teams. Expert-level understanding of threat analysis, enterprise-level defense mechanisms, and advanced mitigation strategies, with a focus on bridging offensive techniques with defensive improvements. Hands-on experience in bypassing complex security defenses such as firewalls, EDR, IDS/IPS, SIEM solutions (e.g., Splunk, QRadar, ArcSight), using cutting-edge evasion techniques. Extensive knowledge of cyber kill chains, advanced multi-stage attack scenarios, and the ability to execute sophisticated adversarial campaigns using real-world TTPs. Deep expertise in reverse engineering, malware analysis, and exploiting vulnerabilities to uncover security flaws within complex infrastructures. Strong knowledge of cloud security (AWS, Azure, GCP) and demonstrated ability to conduct adversarial simulations targeting cloud-based environments. Advanced knowledge of operating systems (Windows/Linux) and networking technologies critical to red team operations, with the ability to exploit system misconfigurations and weaknesses. Mastery of adversarial simulation tools like Cobalt Strike, Sliver, Metasploit, Empire, Nessus, nmap, Qualys, and Tenable, with the capability to customize attack vectors. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Proven experience leading red teaming, purple teaming, and Breach Attack Simulations (BAS) at the enterprise level, simulating advanced persistent threats (APTs) to assess security defenses. Expertise in spear-phishing campaigns, HTML smuggling, payload delivery mechanisms, and opsec strategies to evade detection throughout engagements. Deep understanding of advanced attack frameworks like MITRE ATT&CK and SANS Top 25, using them to design tailored attack scenarios specific to client environments. In-depth knowledge of EDR/AV evasion techniques, privilege escalation, lateral movement, and persistence in both on-premise and hybrid cloud infrastructures. Ability to architect, deploy, and optimize custom Red Team/Offensive Security solutions, including managing command and control infrastructure, payload obfuscation, and real-time response actions. Ability to manage cross-functional teams across red, blue, and purple engagements, fostering collaboration and improving overall security resilience through continuous improvement cycles. High-level proficiency in strategic planning, engaging with leadership to define security objectives, risk prioritization, and translating technical findings into business-centric solutions. Strong knowledge of attack surface management and vulnerability management, with experience discovering and analyzing hidden or misconfigured assets, especially shadow IT. Advanced OpSec and tradecraft knowledge, ensuring red team engagements are conducted without exposing tools or tactics to detection, while continuously adapting methods to outpace blue team defenses. As a Senior Solutions Delivery Lead, you will lead the charge in adversarial simulation operations, pushing the boundaries of offensive security capabilities. You will: Architect and lead advanced red team engagements, simulating the tactics, tools, and techniques used by sophisticated threat actors to test client defenses. Conduct multi-phase, coordinated attack campaigns, including phishing simulations, exploitation of vulnerabilities, and covert lateral movement across complex environments. Develop and optimize adversarial simulation tactics, ensuring constant evolution of red team methodologies in response to emerging threats. Provide in-depth reports and post-engagement briefings with a focus on strategic remediation advice that aligns with organizational security goals. Oversee the red team infrastructure, ensuring all tools, C2 systems, and exploit frameworks are continually updated and configured for optimal effectiveness. Lead purple team exercises, working closely with blue teams to collaboratively improve detection, response, and mitigation strategies in real time. Remain at the forefront of offensive security innovations, guiding the team through new techniques, tools, and adversarial simulations to enhance effectiveness. Ensure OpSec best practices are strictly followed to avoid detection during engagements and protect the integrity of the red team toolkit. Collaborate with clients and stakeholders to review attack scenarios, findings, and deliver customized security enhancements tailored to their specific business risks. Preferred: B. E / B.Tech / M.S in any engineering discipline; 7-9 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 306123

Role Summary: We are looking for dynamic and technically proficient professionals for CTI Analyst / Lead roles within our cybersecurity team. This is not a SOC analyst role — we are looking for individuals who can think like an attacker, connect the dots across TTPs, and strengthen our defensive capabilities with advanced analysis, automation, and strategic threat insights. The role requires deep understanding of cyber adversary behavior, use of threat intel platforms like MISP, and a strong grasp of MITRE ATT&CK and the Cyber Kill Chain. Key Responsibilities: Conduct threat intelligence gathering and enrichment from open-source and commercial feeds. Perform advanced threat hunting using IoCs, TTPs, and behavioral analytics across EDR, SIEM, and SOAR platforms. Utilize frameworks like MITRE ATT&CK and Lockheed Martin’s Cyber Kill Chain to map and predict adversary movements. Investigate suspicious activities and files using sandbox environments and generate intelligence reports. Execute vulnerability analysis and provide guidance to patch and mitigate known weaknesses. Coordinate blocking of IoCs across endpoints, web proxies, antivirus, and cloud tools. Use MISP (Malware Information Sharing Platform) for intelligence sharing, correlation, and operationalization of threat data. Contribute to monthly threat reports, KPIs, dashboards, and executive summaries. Support continuous improvement of internal detection logic and incident response processes. Required Skills & Qualifications: Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or related fields. 3–15 years of relevant experience in cybersecurity analysis, threat intelligence, or cyber defense. Strong hands-on experience with: SIEM (e.g., QRadar) XDR/EDR (e.g., Cortex XDR, CrowdStrike Falcon) SOAR (e.g., Demisto) Azure Active Directory Proficient in MITRE ATT&CK mapping, Cyber Kill Chain, and detection use case development. Deep understanding of network protocols, log analysis, malware behavior, and incident response. Mandatory experience with MISP for threat intelligence management. Scripting or automation experience using Python and tools like Git and VSCode. Familiarity with vulnerability scanners like Qualys and threat investigation tools like Trellix, SafeNet is a plus. Preferred/Bonus Skills: Knowledge of containerization (e.g., Docker). Familiarity with Pandas (Python library) for data analysis. Security certifications like GCTI, CEH, or CTIA (optional but valued) Soft Skills & Attributes: Must be Mumbai-based. Excellent analytical and problem-solving skills. Clear written and verbal communication. Ownership mindset with the ability to work independently and collaboratively. Strong prioritization and decision-making capabilities under pressure Location: Andheri, Mumbai, Maharashtra

As an Information Security Engineer with over 6 years of experience, your primary responsibility will be to conduct vulnerability assessments and policy compliance scanning using tools like Qualys across various environments including on-premises, cloud, containers, databases, web services, and infrastructure. You will play a crucial role in validating scan results, eliminating false positives, and producing accurate, high-quality vulnerability reports. In this role, you will act as a technical subject matter expert, analyzing findings, tracing root causes, and recommending sustainable remediations to support teams. It will be essential for you to maintain and share a knowledge base for vulnerability management, ensuring team-wide expertise. Additionally, you will be expected to stay updated on emerging vulnerabilities, trends, and improvements in the vulnerability management lifecycle. Your role will also involve clear communication of security policies, procedures, and compliance requirements across all levels of the organization. As a key member of the team, you may be required to provide leadership support by stepping in for the team lead when needed. To excel in this position, you should have a minimum of 6 years of experience in information security and hold a degree in Engineering, Computer Science, or a related field. Industry certifications such as CISSP, CISA, CISM, CRISC, CCNA/CCNP Security, or CCIE would be advantageous. Your technical proficiency will be crucial, including expertise in vulnerability scanning and compliance tools like Qualys. You should be skilled in assessing on-premises, cloud, container environments (Docker, Kubernetes), databases, and application stacks. Experience with security infrastructure such as firewalls, routers, switches, load balancers, and proxies is also important. Strong analytical capabilities for root-cause analysis and risk assessment will be necessary for success in this role. Leadership and communication skills are also key requirements for this position. You should be able to guide remediation efforts, influence infrastructure/application teams, and provide clear reporting and policy articulation. Strong organizational skills, time-management abilities, and team mentorship capabilities will be essential in your role. As an Information Security Engineer, you should be a proactive learner, adaptable to evolving threats and technologies. Hands-on experience in risk assessment and threat modeling will be beneficial. You should also be ready to take on ad-hoc duties and provide support to team leadership whenever necessary. If you are looking for a challenging role where you can leverage your expertise in information security to drive meaningful impact, this position may be the perfect fit for you.,

As a Senior Information Security Engineer, you will be responsible for leading vulnerability assessments and policy compliance scans across various environments including on-premises, cloud, container, database, and web environments using tools like Qualys. Your role will involve validating scan results, eliminating false positives, and delivering accurate, actionable reports to stakeholders. You will serve as a technical Subject Matter Expert (SME), analyzing findings, diagnosing root causes, and guiding remediation efforts. Additionally, you will be expected to develop and maintain a knowledge base to support continuous improvement and team expertise while staying current on emerging threats, tools, and vulnerability management lifecycle advancements to recommend service enhancements. Effective communication of security requirements across the organization and stepping in as an interim team lead when necessary will also be part of your responsibilities. In terms of experience and education, you should have a minimum of 8 years in the field of information security along with a Bachelor's degree in Engineering, Computer Science, Information Technology, or equivalent. Industry certifications such as CISSP, CISA, CISM, CRISC, or CCNA/CCNP/CCIE Security are preferred. You are expected to be proficient in working with vulnerability scanning platforms like Qualys, Nessus, etc., false-positive tuning, and compliance frameworks. Your technical expertise should span across cloud and on-premises systems, network devices such as routers, firewalls, proxies, and various infrastructure components. Skills in risk and threat assessment, as well as security policy enforcement, are essential. Familiarity with containers, DDI (DNS/DHCP/IPAM), WAF/CDN/DDOS solutions (e.g., Infoblox, Zscaler, Imperva) will be advantageous. Knowledge of scripting languages like Python and experience with monitoring tools like Spectrum, SevOne, ThousandEyes, CyberArk, and MS-Entra-ID will also be beneficial. Apart from technical skills, soft skills and leadership qualities are equally important. Excellent analytical, communication, and report-writing abilities are required. Strong organizational and time-management skills are essential for success in this role. Demonstrated leadership abilities, including guiding teams, managing escalations, and fostering a security culture, are expected. As an adaptable self-starter, you should be committed to continuous learning and proactive problem-solving.,

Job Title : E2.3 Technical Specialist – Security Tools (Qualys, Cisco ISE, ClearPass, FortiNAC, ForeScout) Location : Pune / Hyderabad, India Department : IT Security Services Job Level : E2.3 Technology Focus : Qualys, Cisco ISE, ClearPass, FortiNAC, ForeScout Job Overview: HCLTech is looking for an E2.3 Technical Specialist with expertise in Security Tools like Qualys , Cisco ISE , ClearPass , FortiNAC , and ForeScout to join our security team in Pune or Hyderabad . As a key member of our IT Security Services team, you will work on deploying, configuring, and managing advanced network security solutions, ensuring the integrity, availability, and confidentiality of client IT infrastructure. This role offers you the opportunity to enhance your skills in cutting-edge security technologies while addressing critical enterprise security challenges. Key Responsibilities: Security Tools Management : Deploy, configure, and manage security tools like Qualys , Cisco ISE , ClearPass , FortiNAC , and ForeScout to monitor, assess, and protect network assets. Vulnerability Management : Leverage Qualys to conduct vulnerability assessments, implement patch management strategies, and prioritize remediation activities based on risk. Network Access Control (NAC) : Administer and optimize Cisco ISE , ClearPass , and FortiNAC to implement Network Access Control (NAC) policies, enforce authentication and authorization controls, and improve network security posture. Security Incident Management : Monitor and respond to security alerts generated by these tools, collaborate with the security incident response teams to investigate and mitigate security threats. Integration & Automation : Integrate security tools with existing security infrastructure, implement automation scripts for routine tasks, and ensure seamless communication between security systems. Policy Development : Develop, enforce, and continuously improve security policies and procedures for network security, compliance, and vulnerability management. Compliance & Reporting : Generate compliance reports from security tools to meet industry standards (e.g., GDPR, PCI-DSS, ISO 27001) and communicate findings to internal and external stakeholders. Documentation & Knowledge Sharing : Create and maintain detailed documentation for tool configurations, operational procedures, and incident handling. Share best practices and technical expertise with internal teams. Client Consultation : Act as a trusted advisor to clients on security tool deployment, configuration, and optimization, ensuring alignment with their security requirements and compliance standards. Skills & Qualifications: Experience : 4-7 years of experience in deploying and managing security tools (e.g., Qualys , Cisco ISE , ClearPass , FortiNAC , ForeScout ). Technical Expertise : Qualys : Experience with vulnerability scanning, patch management, and security assessment using Qualys . Cisco ISE / ClearPass : Proficiency in implementing and managing Network Access Control solutions using Cisco ISE and ClearPass . FortiNAC : Expertise in FortiNAC for network access control, device profiling, and policy enforcement. ForeScout : Experience in deploying and managing ForeScout for visibility, control, and compliance across the network. Knowledge of network security protocols (e.g., RADIUS , TACACS+ , 802.1X ), encryption standards, and authentication methods. Security & Compliance : Understanding of security frameworks and standards such as ISO 27001 , NIST , PCI-DSS , and GDPR . Familiarity with vulnerability management and security incident response practices. Automation & Scripting : Proficiency in automation tools (e.g., Ansible , Python , Bash ) for configuring and managing security solutions. Soft Skills : Excellent problem-solving and troubleshooting skills. Strong communication skills to effectively collaborate with cross-functional teams and stakeholders. Ability to handle multiple tasks and priorities in a fast-paced, high-pressure environment. Ability to explain complex security issues and solutions to non-technical stakeholders.

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! We are seeking a talented Sr. QA Engineer to deliver roadmap features of Enterprise TruRisk Platform which would help customers to Measure, Communicate and Eliminate Cyber Risks. The Lead QA Engineer will design, implement, document, and maintain testing frameworks. You will be responsible for the quality of core product capabilities using micro-services and Big Data based components. This is a fantastic opportunity to be an integral part of a team building Qualys next generation platform using Big Data & Micro-Services based technology to process over billions of transactions data per day, leverage open-source technologies, and work on challenging and business-impacting initiatives. Responsibilities: Perform functional testing of the Enterprise TruRisk Platform and its various modules. Conduct integration testing across different systems, working closely with cross-functional teams to ensure seamless data and service flow. Test Big Data ingestion and aggregation pipelines using Spark shell, SQL, and other data tools. Develop and maintain automation frameworks for functional and regression testing. Own and execute end-to-end workflow automation using custom or industry-standard frameworks. Define test strategies, test plans, and test cases for new features, platform enhancements, and services. Debug and troubleshoot issues identified in pre-production or production environments. Drive system performance testing of the platform and data applications. Define operational procedures, service monitors, alerting mechanisms, and coordinate implementation with the NOC team. Collaborate with product and engineering teams to review requirements, specifications, and technical designs, and ensure proper test coverage. Recreate complex production/customer issues to verify root causes and ensure resolution. Identify technical interdependencies, potential issues, and propose effective solutions. Requirements: 6 years of experience in the full-time Functional testing & Automation role as lead. Hands on experience in automating backend applications (e.g., database, REST API's). Hands on experience with automating any backend applications (e.g., database, server side). Knowledge of relational databases and SQL. Good debugging skills. Working experience working in Linux/Unix environment. Good understanding of testing methodologies. Good to have hands-on experience in working on Big Data technologies like Hadoop, Spark, Airflow, Kafka, Elastic and other distributed components. Experience in the Security domain is an advantage.

Job Title: SOC – Information Security Location: Noida Experience: 4-6 Years Job Type: Full-Time Job Overview We are seeking a detail-oriented and technically proficient IT Security & Compliance Analyst with strong experience in Vulnerability Assessment & Penetration Testing (VAPT) , security audits , and IT controls . The ideal candidate will be responsible for evaluating IT systems, identifying gaps in compliance, performing security assessments, and ensuring alignment with regulatory and organizational security frameworks such as ISO 27001 and SEBI guidelines . Key Responsibilities Evaluate the adequacy and effectiveness of IT controls related to: Compliance & regulatory requirements Change management processes Information security policies System backup and recovery Business continuity and disaster recovery (BCP/DR) Monitor and assess control deficiencies, and provide recommendations to improve existing policies, documentation, and review processes. Work closely with external auditors to ensure alignment on in-scope systems and controls, and coordinate testing activities as required. Execute and manage multiple tasks efficiently, adhering to project timelines and allocated budgets. Conduct regular security audits and compliance assessments using frameworks such as: ISO 27001:2013, SEBI cybersecurity guidelines, OWASP Top 10, WASC TCv2, SANS Top 25, CWE 25 Perform manual security assessments using tools like: Burp Suite, Qualys, Netsparker, Nessus, NTO Spider or other industry-standard VAPT tools Provide insights on security system optimization and tuning based on alerts and real-time observations. Strong involvement in security incident response, malware handling, and vulnerability management. Work with SIEM tools for log correlation and threat detection. Required Skills & Experience Hands-on experience in VAPT (focus on manual testing) Deep understanding of information security principles Knowledge of data loss prevention (DLP), encryption, patch management, PGP, and anti-virus systems Proficiency in SIEM platforms and correlating security logs Strong documentation and communication skills Familiarity with security audit lifecycle and reporting Preferred Certifications (Optional) CEH, CISA, ISO 27001 Lead Auditor, or related certifications

Location: Hyderabad, Telangana Time type: Full time Job level: Senior Associate Job type: Regular Category: Technology Consulting ID: JR111102 About us We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. Position Description A Managed IT Back Office Engineer, within our Technology Consulting group, provides you with a unique opportunity to be a part of our dynamic practice. As our company continues to grow, we are looking for individuals who seek roles that expose them to multiple facets of technology including monitoring, security, and continuity services. Our team is composed of smart, self-motivated individuals who thrive in a cohesive and results-oriented environment and enjoy the challenge of real responsibility. As a Managed IT Back Office Engineer, you will work directly with our highly trained engineering team and have access to a large cross-section of technologies and environments that will develop your career. Profile : A Managed IT Back Office Engineer provides operational support to our service desk while configuring, maintaining, and improving efficiencies on several technology services. This position requires strong technical ability, self-motivation, and the desire to learn. These attributes will be used in a fast-paced, fun, team-oriented environment. Job Duties and Responsibilities: Support and maintain large complex technology solutions across multiple diverse client environments including: Monitoring Solutions Security Solutions Backup Solutions Patching Solutions Adopt and learn new technologies Interface with the service desk and consulting teams to resolve client issues. Maintain client security standards and confidentiality of information As a Managed IT Back Office Engineer, you will receive mentoring from our experienced team and have access to a variety of technology and training. You will be exposed to several aspects of our Technology Consulting Practices, including: Information Technology process, tools, and methodologies Security Solution architecture, design, and best practices Engaging with our internal teams and developing their solution knowledge. Basic Qualifications 3-5 years of experience working in Information Technology Security Solutions Preferred Qualifications Need 3 years of experience in Window domain who works and gives support on Desktop , Laptop & Servers OS Administration. Knowledge on Vulnerability Management(Nessus,Qualys,Rapid7) Experience on Patch Management(SCCM & 3rd party tools). Experience in Monitoring & Antivirus. Troubleshooting knowledge on Windows OS. OS Upgradation. Knowledge on Storage concepts. Knowledge on Active Directory Virtualization concepts like VMware & Azure. Scripting knowledge. Basic knowledge on Networking concepts. Knowledge, Skills and Abilities: Excellent written and verbal communication skills Able to quickly assess situations to pinpoint the scope/source of technical issues in a complex solution Must be able to manage individual workload Must be a strong team player Shift : 2PM to 11PM & 3PM to 12PM At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

We are seeking an OT Security Specialist to enhance the cybersecurity posture of our manufacturing environment. This role involves engaging with stakeholders to assess risks, conduct gap analyses, and implement mitigation strategies across IT and OT systems. Responsibilities include rolling out Microsoft Defender, implementing BitLocker, creating golden images, and improving compliance in line with corporate security policies. The ideal candidate will have strong technical expertise in Windows environments, experience with cybersecurity tools (EDR, Qualys, CTD, Archer), and a solid understanding of OT security concepts including SCADA, PLCs, and IoT devices. Prior experience in endpoint, network, application, and cloud security is essential. Familiarity with IEC 62443 standards is a plus. Your tasks Rolling out Microsoft Defender in the manufacturing environment Implementing BitLocker on Windows devices and developing necessary procedures to maintain the technology Creating golden images tailored for the manufacturing environment Assessing compliance, identifying deficiencies, determining risk levels, recommending solutions, and providing guidance to ensure protection of company information in line with the Information Security Policy Supporting efforts to reduce overall risk levels in the OT environment by analyzing outputs from various security tools such as EDR, OT Continuous Threat Detection, and Qualys Collaborating with manufacturing teams to improve security KPIs in the manufacturing environment Supporting the remediation of existing security findings in the OT environment Requirements Expertise in managing Microsoft Defender and BitLocker in enterprise environments Proven ability to secure end-user devices and implement defense mechanisms Experience securing business applications and enterprise resource planning systems Knowledge of securing cloud environments, including policy and access control Strong understanding of network segmentation, firewalls, and logical access protocols Experience with asset management and user access control processes - Identity & Access Management Hands-on experience with tools like Qualys, LabMan, Archer, EDR, and Palo Alto Prisma Familiarity with OT security concepts, including CTD tools, IoT, PLCs, and SCADA systems Job no. 250624-UJSTO Benefits For You Diverse portfolio of clients Wide portfolio of technologies Employment stability Remote work opportunities Contracts with the biggest brands Great Place to Work Europe Many experts you can learn from Open and accessible management team

Windows, Linux OS. We are looking for a skilled and proactive Security Analyst to join our Server and Vulnerability Management team. The ideal candidate will possess expertise in identifying, assessing, and mitigating vulnerabilities across operating and non-operating systems. The role requires proficiency in BigFix and Qualys, along with experience in providing solutions for vulnerabilities. A strong background in scripting and the ability to conduct impact analysis for critical non-OS vulnerabilities is essential.

Hi all, We are hiring for the role C&S ETL Engineer Experience: 6 - 8 Years Location: Bangalore Notice Period: Immediate - 15 Days Skills: Mandatory Skills: AWS Glue Job Description: Minimum experience of 6 years in building, optimizing, and maintaining scalable data pipelines as an ETL Engineer. Hands-on experience in coding techniques with a proven record. Hands-on experience in end-to-end data workflows, including pulling data from third-party and in-house tools via APIs, transforming and loading it into data warehouses, and improving performance across the ETL lifecycle. Hands-on experience with scripting (Python, shell scripting), relational databases (PostgreSQL, Redshift), REST APIs (OAuth, JWT, Basic Auth), job scheduler (cron), version control system (Git), and in AWS environment. Hands-on experience in integrating data from various data sources. Understanding of Agile processes and principles. Good communication and presentation skills. Good documentation skills. Preferred: Ability to understand business problems and customer needs and provide data solutions. Hands-on experience in working with Qualys and its APIs. Understanding of business intelligence tools such as PowerBI. Knowledge of data security and privacy. Design, develop, implement, and maintain robust and scalable ETL pipelines using Python and SQL as well as AWS Glue and AWS Lambda for data ingestion, transformation, loading into various data targets (e.g., PostgreSQL, Amazon S3, Redshift, Aurora) and structured data management. If you are interested drop your resume at mojesh.p@acesoftlabs.com Call: 9701971793

Job Description Qualifications Required . Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. Equivalent professional experience is acceptable. Minimum 5+ years of experience in Azure cloud operations, with a demonstrated focus on security and vulnerability management. Proven track record of managing and securing large-scale Azure environments in production. Hands-on experience with vulnerability scanning, remediation, and compliance in enterprise cloud environments. Extensive experience in responding to and managing security incidents and threat mitigation in Azure. Technical Skills Azure Expertise : In-depth knowledge of Azure services, including but not limited to: Azure Security Center Azure Defender Azure Key Vault Azure Policy Azure Sentinel (SIEM) Azure Active Directory (Azure AD) Security and Vulnerability Tools : Proficiency with vulnerability scanning and management tools like Qualys, Tenable Nessus, or Rapid7. Experience with Azure-native security tools for threat detection and remediation. Infrastructure Hardening : Strong knowledge of security best practices for securing virtual machines, storage accounts, AKS, and network components. Familiarity with zero-trust architecture principles and implementation in Azure. Automation & Scripting : Advanced skills in scripting languages such as PowerShell , Azure CLI , Python , or other automation tools to remediate vulnerabilities and improve operational efficiency. Experience in integrating security checks into CI/CD pipelines. Certifications (Preferred or Mandatory) Azure Cloud Certifications: Microsoft Certified: Azure Administrator Associate (AZ-104) Microsoft Certified: Azure Security Engineer Associate (AZ-500) Microsoft Certified: Cybersecurity Architect Expert (SC-100) Security Certifications: Certified Information Systems Security Professional ( CISSP ) Certified Ethical Hacker ( CEH ) CompTIA Security+ GIAC certifications (e.g., GCIH, GSEC, or GCED) Other Requirements Familiarity with regulatory and compliance standards, such as ISO 27001 , SOC 2 , GDPR , or HIPAA . Experience in performing and supporting audits related to cloud security. Proven ability to stay current with evolving cloud and cybersecurity trends.

Attack Surface Reduction Analyst Swedium Global is looking for Attack Surface Reduction Analyst Period from: 2025-08-01 Period to: 2026-01-31 Job description: Attack Surface Reduction (ASR) Analyst Purpose of the Role The ASR Analyst is an entry-to-mid-level role focused on supporting the organization's attack surface reduction (ASR) efforts. This role involves conducting vulnerability scanning , attack path analysis , and penetration testing while participating in remediation campaigns to address identified risks. The ASR Analyst collaborates with cross-functional teams to ensure the organization's attack surface is proactively managed and aligned with security best practices , DevSecOps principles , and compliance standards . Responsibilities Perform vulnerability scanning across cloud , on-premise , and containerized environments , ensuring comprehensive coverage. Assist in attack path analysis to identify potential risks, prioritize vulnerabilities, and recommend mitigation strategies. Support penetration testing activities, including internal and external testing, under the guidance of senior analysts. Deploy, configure, and manage security tools (e.g., Qualys, Prisma Cloud, Tenable) to enhance the organization's security posture. Contribute to remediation campaigns , tracking progress, coordinating with stakeholders, and ensuring timely resolution of vulnerabilities. Document findings, prepare detailed technical reports , and communicate actionable insights to stakeholders. Collaborate with cross-functional teams to integrate security policies and standards into DevSecOps pipelines and operational processes. Support cloud security assessments , container security reviews , and digital shadow monitoring to identify and mitigate external threats. Assist in implementing CI/CD security controls , ensuring secure software development and deployment practices. Participate in automation initiatives , leveraging tools to streamline vulnerability management, patching, and security monitoring. Qualifications & Experience : 2-4+ years in cybersecurity , offensive security , or IT-related field Skills and Abilities : Secure operations and service delivery (80% of CIISec Level 3 of Primary Skills). Foundational knowledge of vulnerability management , penetration testing , and attack surface monitoring . Basic understanding of DevSecOps , CI/CD pipelines , and container security . Foundational understanding of cloud security and secure software development . Certifications : OSCP, CompTIA Security+ , GIAC Certified Penetration Tester (GPEN), CEH or equivalent. Cloud foundational certifications (e.g., Microsoft AZ-900 , AWS Certified Cloud Practitioner). Optional: Certificate of Cloud Security Knowledge (CCSK), Azure Security Engineer-AZ500, AWS Security Specialist, or Certified Kubernetes Security Specialist (CKS). Role-Specific Skills Vulnerability Management : Proficiency in tools like Qualys , Nessus , and Prisma Cloud for identifying and mitigating vulnerabilities. Attack Surface Monitoring : Foundational knowledge of monitoring tools and processes to identify risks across the organization's digital footprint. Penetration Testing : Familiarity with methodologies and tools (e.g., Metasploit , Burp Suite ) to simulate adversarial tactics and uncover security gaps. Cloud Security : Basic understanding of securing cloud-based services (e.g., AWS , Azure , GCP ) and implementing cloud-native security solutions . Container Security : Foundational knowledge of securing containerized environments (e.g., Docker , Kubernetes ) and implementing runtime security controls. DevSecOps : Understanding of integrating security into CI/CD pipelines , including automated testing and secure deployment practices. Data Protection : Knowledge of data classification, encryption, and compliance with standards like GDPR and CCPA . Key Behaviors Technical Proficiency : Demonstrates foundational skills in vulnerability scanning, penetration testing, and security tool management while showing curiosity to learn new security technologies. Analytical Thinking : Applies logical reasoning to identify patterns in vulnerability data, demonstrates attention to detail in security assessments, and prioritizes vulnerabilities based on risk level. Communication : Documents technical findings clearly, communicates security concepts effectively to various stakeholders, and actively incorporates feedback from senior team members. Collaboration : Works effectively with cross-functional teams to integrate security into development processes and supports remediation efforts by coordinating with system owners. Continuous Improvement : Regularly updates knowledge of emerging threats and security practices while seeking opportunities to enhance skills in cloud security, container security, and DevSecOps. Initiative & Problem-Solving : Proactively identifies security issues, takes ownership of assigned tasks, and applies creative thinking to develop practical solutions for identified vulnerabilities. Ethical Conduct & Reliability : Maintains confidentiality of sensitive security information, adheres to security policies, and consistently delivers quality work within established timeframes. Job Overview Location : Bangalore, Karnataka Vacancy : 1 Key Skills : Cyber Security, Azure, Devsecops, CI/CD

Your role Monitor network security events and take action per security policy. Analyze incidents, raise tickets, and assign to resolver teams. Perform health checks of security tools and vulnerability assessments. Create and review daily/weekly/monthly dashboards and reports. Act as escalation point for L1/L2 analysts and backup for SOC Manager. Develop and fine-tune SIEM use cases. Participate in Change Control Board and infrastructure design reviews. Coordinate and implement security-related changes in line with policies. Identify and remediate rogue, unpatched, or unauthorized systems. Support incident response, maintain logs, and assist in investigations. Your profile SIEM ToolsIBM QRadar, ArcSight, RSA Envision, Nitro Security with 4 to 9 years of experience Vulnerability ManagementNessus, Qualys Guard Malware Protection & Anti-Spam Web Filtering, Content Filtering PKI, Forensic Analysis Work location Pan India and preferred location is Bengaluru What Youll Love About Working Here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work oncutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges.

Description The Security Engineer II develops, enhances, and maintains applications that support automated information security processes, vulnerability management, threat intelligence, and compliance enforcement, with supervision, to advance CMEG information security capabilities. The incumbent should have knowledge of the Java programming language and a basic knowledge of information security tooling and automation. They should have some ability to work independently and as part of a team and also have good written and oral communication skills. Security Engineer II Designs, develops, tests, and maintains Java-based systems supporting security tools and platforms, with supervision. Develops, tests, and maintains integrations with third-party security, collaboration, and ITSM tools such as Qualys, Google Container Analysis, Jira, Archer, Remedy, and Service Now, with supervision. Writes automation supporting vulnerability management and sensitive data remediation workflows, with supervision. Uses best practices when developing solutions. Writes unit tests with minimal supervision. Follows secure coding practices. Principle Accountabilities Improves effectiveness of the vulnerability management program through automation. Ensures timely and accurate execution of automated security tasks. Collaborates with more senior team members to continuously identify automation opportunities and implement solutions. Defines simple problems. Gathers and compares data about problems and documents the details to assist more senior engineers. Exhibits basic proficiency with programming language, can write code and tests with guidance Skills & Software Requirements Java experience (1-3 years) Basic knowledge of Linux environments and shell scripting Familiarity with issue tracking systems ( eq. Jira) Nice to Have Experience with security tooling and automation Familiarity with containerization and cloud platforms Basic knowledge of SQL commands and programming with databases Scripting language experience (Python, Perl, Powershell, 1-3 years) Familiarity with REST and JSON Familiarity with secure coding practices and basic security concepts

vulnerability assessments using Nessus , Tenable , Qualys ,Develop and maintain vulnerability management processes and procedures ,Coordinate vulnerability remediation activities, penetration testing, scripting languages KALI ,Linux Parrot

Noida,Uttar Pradesh,India Job ID 763123 Join our Team Our Exciting Opportunity We are now looking for a Security Engineer professional. This job role is responsible for tracking, coordination, support, management, and execution of security related activities to ensure that services provided to customers are continuously available and performing to Service Level Agreement (SLA) performance levels. What you will do, Incident Management Respond after hours (on-call support) Coordinate and conduct event collection, log management, event management, and compliance automation Respond to day-to-day security change requests related to security operations Conduct security research and intelligence gathering on emerging threats and exploits Create new rules based on identified scenarios Perform postmortem analysis on logs, traffic flows, and other activities to identify malicious activity Security analysis (networking devices and operating systems, endpoint analysis, network attacks) Work with the various Technical Authority teams to respond to and resolve security incidents effectively and quickly Provide Root Cause Analysis for security incidents, and outages / impairments related to security tools Administer authentication and access controls, including provisioning, changes, and deprovisioning of user and system accounts, security/access roles, and access permissions to information assets Tools Integration Integration of nodes to security tools (SIEM, VA, IAM, etc.) Deploy content (policies, signatures, parsers or rules) for the security infrastructure Vendor Communications Work with SIEM, IPS/IDS, IAM vendors for application related issues Process Improvement Mentor level 1 analysts to improve detection capability within the SOC Prepare Use Cases & MOPs on identified scenarios Create, maintain and improve technical operational work instructions Drive continuous process improvements by providing inputs on the current processes and possible improvement opportunities Governance and Reporting Business intelligence reporting based on SOC and customer needs Identify and report risks related to security Perform periodic reporting and when applicable, present to management and/or the customer’s security team To be successful in this role, you must have: Strong knowledge of information security Working knowledge of SIEM tools (such as McAfee ESM, QRadar, ArcSight, Splunk, etc.), scanning tools (Nessus, Qualys, IBM AppScan, etc.) and PAM tools (BeyondTrust, CyberArk, etc.) Knowledge of both Linux-based and MS Windows-based system platforms with a strong technical understanding and aptitude for analytical problem-solving Understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks, along with available security controls (technical & process controls) for respective layers Key Qualifications: Graduate in Computer Science or similar 5 to 11 years' experience with at least 2 years of experience in IT and 2 years in security ITIL certification, CCSP, OSCP, Security +, CCNA Security or similar will be an advantage

Location: Hyderabad, Telangana Time type: Full time Job level: Senior Associate Job type: Regular Category: Technology Consulting ID: JR111102 About us We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM. Position Description A Managed IT Back Office Engineer, within our Technology Consulting group, provides you with a unique opportunity to be a part of our dynamic practice. As our company continues to grow, we are looking for individuals who seek roles that expose them to multiple facets of technology including monitoring, security, and continuity services. Our team is composed of smart, self-motivated individuals who thrive in a cohesive and results-oriented environment and enjoy the challenge of real responsibility. As a Managed IT Back Office Engineer, you will work directly with our highly trained engineering team and have access to a large cross-section of technologies and environments that will develop your career. Profile : A Managed IT Back Office Engineer provides operational support to our service desk while configuring, maintaining, and improving efficiencies on several technology services. This position requires strong technical ability, self-motivation, and the desire to learn. These attributes will be used in a fast-paced, fun, team-oriented environment. Job Duties and Responsibilities: Support and maintain large complex technology solutions across multiple diverse client environments including: Monitoring Solutions Security Solutions Backup Solutions Patching Solutions Adopt and learn new technologies Interface with the service desk and consulting teams to resolve client issues. Maintain client security standards and confidentiality of information As a Managed IT Back Office Engineer, you will receive mentoring from our experienced team and have access to a variety of technology and training. You will be exposed to several aspects of our Technology Consulting Practices, including: Information Technology process, tools, and methodologies Security Solution architecture, design, and best practices Engaging with our internal teams and developing their solution knowledge. Basic Qualifications 3-5 years of experience working in Information Technology Security Solutions Preferred Qualifications Need 3 years of experience in Window domain who works and gives support on Desktop , Laptop & Servers OS Administration. Knowledge on Vulnerability Management(Nessus,Qualys,Rapid7) Experience on Patch Management(SCCM & 3rd party tools). Experience in Monitoring & Antivirus. Troubleshooting knowledge on Windows OS. OS Upgradation. Knowledge on Storage concepts. Knowledge on Active Directory Virtualization concepts like VMware & Azure. Scripting knowledge. Basic knowledge on Networking concepts. Knowledge, Skills and Abilities: Excellent written and verbal communication skills Able to quickly assess situations to pinpoint the scope/source of technical issues in a complex solution Must be able to manage individual workload Must be a strong team player Shift : 2PM to 11PM & 3PM to 12PM At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmus.com/careers/india.html. RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; HIV Status; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Indian Armed Forces; Indian Armed Forces Veterans, and Indian Armed Forces Personnel status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please send us an email at careers@rsmus.com.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevSecOps Good to have skills : NA Minimum 7.5 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: To play a key role in enabling successful project delivery across multiple projects. This role expects you to specialize in a range of security domains, including penetration testing, dynamic and static application security testing, software composition analysis, security architecture review and container security. Additionally, you provide comprehensive support in vulnerability management, service monitoring, and DevSecOps practices. Roles & Responsibilities: -Should have hands-on experience and knowledge of manual and automated penetration testing on the web, mobile and cloud-based applications. -Should have hands-on experience and knowledge of DAST (Dynamic Application Security Testing) to identify runtime vulnerabilities in staging and production environments. -Should have hands-on experience and knowledge of SAST (Static Application Security Testing) for early-stage source code and binary analysis. -Should have hands-on experience and knowledge of SCA (Software Composition Analysis) to detect open-source risks and license compliance issues. -Should have hands-on experience and knowledge of executing SAR (Security Architecture Review) of complex and cloud-based application and should be able to strategize risk remediation with the stakeholders or Security Architect. -Should have hands-on experience and knowledge of integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI). -Should have hands-on experience and knowledge of enforcing policy-as-code, shift-left security testing, and secure code delivery practices and automate security checks for container images and Kubernetes workloads. -Should be able to scan and harden docker containers using industry-standard tools. -Should be able to monitor vulnerabilities in container registries and orchestrators (e.g., Kubernetes, ECS). -Skilled in communicating security findings to technical and non-technical stakeholders. -Contribute to secure architecture reviews, risk assessments, and compliance initiatives. -Should be able to manage clients and various stakeholders. Should be a good people manager and should have experience of people and project management. Professional & Technical Skills: Tools & Technologies:Pentest Tools: Burp Suite Pro, OWASP ZAP, Nmap, Postman, Kali Linux,DAST/SAST/SCA: Fortify, Checkmarx, Veracode, Coverity, AppScan, Black Duck, Snyk,DevSecOps: GitHub Actions, Jenkins, GitLab, Docker, Kubernetes,VM Tools: Qualys, Tenable, ThreadFix,Monitoring: ServiceNow, Jira, Confluence -Should be able to collaborate with infrastructure and DevOps teams to secure cloud-native deployments. -Should be able to identify, triage, and manage vulnerabilities using centralized platforms (e.g., ThreadFix). -Should track vulnerability lifecycle from detection through remediation and reporting. -Should support real-time service monitoring to maintain system integrity and threat detection coverage. Additional Information: - The candidate should have minimum 7.5 years of experience in DevSecOps. - This position is based at our Gurugram office. - A 15 years full time education is required.

Key Responsibilities Lead a team of L1 and L2 engineers in shift. Work balancing of tickets across the shifts. Ensure shift handover. Manage the Quality audits of the L1 and L2 offense analysis. Support the Project Manager with escalations and timely RCA of incidents. Training of L1 and L2 resources on latest attack vectors and log analysis. Work with the SIEM Engineering team to fine tune the use cases and content on the SIEM platform. Bring down the false positives to a manageable level. Manage the work pressure on the project and keep the team alert and manage their work life balance. Ensure timely preparation of daily/weekly/monthly reports. Desired Qualifications Sound Cyber Security Principles and well versed in security domains of Endpoint , Network, Database, Cloud Security technologies like IPS, WAF, Firewall, Deception, Cloud Security, AV, EDR, . Conduct senior level log analysis, proactive monitoring, mitigation & response to network & security incidents. Triage security events and carry out incident response steps. Implement & Maintain Extensive Security Operation Policies and procedures documentation including AWS cloud Proactively Hunt & research potential malicious activity using tool like Cortex, Shodan, Qrdar etc. Identify Indicator of Compromise through static & dynamic analysis of commodity and 0-day malware Perform advanced security event detection and threat analysis for complex and/or escalated security events. QRadar , Demisto/XSOAR , Qualys, MITRE Framework Attack Methodology. Preferred Certifications T&T - Cyber | Deputy Manager IBM QRadar SIEM Certification. CISSP, CEH, CISM, or other relevant security certifications. Location and way of working : Base location: Mumbai/Navi Mumbai Professional is required to work from office Your role as Consultant/Sr Consultant. (ref:hirist.tech)