670 Qualys Jobs - Page 9

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world! We are looking for a Senior Visual Designer (Brand) with the skills to create production-ready deliverables, with a technical eye for detail and the aptitude to support a growing and dynamic industry-leading cybersecurity innovator. The ideal candidate for this role is detail-oriented with a holistic view for constructing creative assets and webpages that meet brand guidelines and display a high degree of design standards with great emphasis on typography, color, layout, and use of imagery. We're looking for someone who is proactive, positive, and passionate about creating beautiful and functional marketing that plays a vital role in evolving our visual brand identity. At Qualys, you will… Develop digital assets: Work closely with Senior Brand Designers to produce digital assets for marketing campaigns such as email banners, social media graphics, website imagery and live events that meet brand guidelines. Website updates: Assist in upkeep and implementation of website updates according to wireframes or markups. Image sourcing and editing: Help source or take existing key art and re-purposing to meet specifications for a broad range of uses. Work with teams in a collegial environment: Work with global Marketing team members, other internal teams, and external partners to support impactful marketing and brand campaigns. File management: Maintain an organized approached to asset development and storage, from source files to individual assets. You may be a good fit if you… Have 4 years of relevant experience in a digital marketing environment. Portfolio demonstrating an eye for detail-oriented design work with strong use of typography, color, and imagery. Expert with Adobe Creative Suite and Sketch or Figma. Amazing skills in Microsoft Office. An organized and nimble mind with the ability to manage multiple projects concurrently in a dynamic, deadline-driven environment. Basic understanding of web environments and user centric design. Understanding of HTML and CMS systems is an advantage. Familiarity with Asana or other project management systems a plus. Demonstrated experience working with corporate brand guidelines

Location: India- Pune (Amdocs Site) In one sentence Secures enterprise information by developing, implementing, and enforcing security controls, safeguards, policies, and procedures. All you need is... Bachelor’s degree in computer science, Information Security, or related field (or equivalent experience). 3+ years of hands-on experience in information security, with a focus on threat detection, penetration testing, and AI-driven security solutions. Demonstrated experience working in financial or SaaS security environments (e.g., PCI DSS, SOC 2, ISO 27001). Advanced knowledge of networking protocols, encryption, firewalls, IDS/IPS, and VPNs. Strong experience with cloud platforms (AWS, GCP, or Azure), including security configurations, monitoring, and automation. Hands-on experience with security tools such as EDR, SIEM (Splunk, ElasticSearch, etc.), vulnerability scanners (Nessus, Qualys), and threat intelligence platforms. Practical experience in penetration testing (e.g., OWASP Top 10, API testing) and red teaming. Expertise in scripting languages (Python, PowerShell) and automation tools. Security Certifications: CEH (Certified Ethical Hacker), CISSP, CISA, or equivalent certifications (required). Additional certifications in cloud security (AWS Certified Security Specialty, etc.) or AI/ML for security (optional but preferred). What will your job look like? Proactively monitor and assess emerging threats using advanced AI-driven tools. Analyze identified threats and develop effective remediation plans to minimize risk to critical systems and data. Lead proactive threat hunts leveraging AI, machine learning models, and automation tools. Identify Indicators of Compromise (IOCs) and detect patterns to anticipate future attacks. Perform advanced penetration testing exercises to identify vulnerabilities, misconfigurations, and weaknesses in systems. Collaborate in purple team exercises to validate security measures and improve resilience. Participate in risk assessments, ensuring compliance with financial industry regulations (e.g., PCI DSS, SOC 2) and internal security policies. Provide guidance on mitigating risks through the integration of AI-based security solutions. Lead the investigation and response to security incidents. Utilize machine learning and EDR tools to perform in-depth analysis of malware, root causes, and attack methodologies. Conduct continuous monitoring using SIEM (Security Information and Event Management), AI-driven anomaly detection systems, and advanced analytics tools to detect and respond to security events. Collaborate with SecDevOps and Engineering teams to automate security controls, incident responses, and vulnerability management using AI and advanced scripting (Python, PowerShell). Work closely with teams across the organization to integrate security at every stage of development (DevSecOps), ensuring secure cloud infrastructure, services, and APIs. Deep involvement in securing public cloud environments (AWS, Azure, GCP), leveraging AI tools to detect misconfigurations, vulnerabilities, and unauthorized access attempts. Support penetration testing efforts, identifying vulnerabilities within cloud and on-premise infrastructure. Lead and contribute to purple team engagements to test and improve defensive capabilities. Stay current with the latest AI, machine learning, and cybersecurity trends. Actively research emerging threats and innovative tools to protect the organization’s assets. Evaluate and implement third-party security tools, AI-based solutions, and threat intelligence platforms to enhance security posture and detection capabilities. Use AI and behavioral analytics to proactively detect threats that evade traditional security solutions. Develop custom threat detection algorithms where needed. Leverage threat intelligence feeds, machine learning models, and threat-hunting tools to proactively identify and mitigate risks from advanced persistent threats (APTs).

As a professional services firm affiliated with KPMG International Limited, KPMG in India has been a prominent presence since its establishment in August 1993. Leveraging the extensive global network of firms, our professionals possess in-depth knowledge of local laws, regulations, markets, and competition dynamics. With offices spanning across major cities in India including Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara, and Vijayawada, we are dedicated to offering a wide range of services to both national and international clients in various sectors. At KPMG in India, we are committed to delivering rapid, performance-based, industry-focused, and technology-enabled services. Our approach is rooted in a deep understanding of global and local industries, coupled with extensive experience in navigating the complex Indian business environment. We strive to ensure that our clients benefit from our shared knowledge and expertise, enabling them to thrive in a constantly evolving marketplace. As an equal opportunity employer, we value diversity and inclusion in our workforce. We believe in providing a supportive and inclusive work environment where all individuals are respected, valued, and given equal opportunities to grow and contribute to our collective success. Should you choose to be a part of KPMG in India, you will join a dynamic team of professionals who are passionate about delivering high-quality services and making a positive impact in the business landscape. Together, we aim to drive innovation, foster collaboration, and achieve excellence in everything we do.,

Position Description Direct Responsibilities Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Position Description 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Technical Access Management / Privilege Access Management Manage and maintain technical/privilege access controls for production and development environments Ensure compliance with organizational technical access control security policies and procedures Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation Review technical access segregation between production and development environments with respective support teams Data Leakage Prevention (DLP) Create, management and maintain DLP policies to detect and prevent data leaks Deploy and maintain DLP infrastructure Collaborate with IT teams to investigate and respond to data leak incidents Identity and Access Management (IAM) Collaborate with IT teams to deploy and maintain data encryption solutions IAM team to ensure seamless integration with technical access management solutions Ensure compliance with organizational IAM policies and procedures Data Encryption Deployment & Monitoring Collaborate with IT teams to deploy and maintain data encryption solutions Ensure compliance with organizational data encryption policies and procedures Unstructured & Structured Data Discovery & Activity Monitoring Collaborate with IT teams to: Deploy and maintain unstructured & structured data discovery and activity monitoring solution Identify and classify sensitive data Monitor and analyse restricted and sensitive database activities Remediate any non-compliant finding reported Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Position Description 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Cloud Container & Image Security Implement secure containerization strategies using tools like Docker, Kubernetes, and container orchestration platforms. Ensure container images are secure, up-to-date, and compliant with organizational security policies. Ensure cloud resources are properly configured, monitored, and secured in accordance with organizational security policies. Design and implement secure cloud image management strategies to ensure images are secure, up to date, and compliant with organizational security policies. Network Security Design and implement secure network architecture to protect cloud resources from unauthorized access. Ensure network traffic is properly monitored filtered and secured in accordance with organizational security policies. System Security Design and implement secure system configurations to protect cloud resources from unauthorized access. Ensure systems are properly patched, monitored and secured in accordance with organizational security policies. Threat Analysis and Risk Management Conduct regular threat analysis and risk assessment to identify potential security risks. Develop and implement risk mitigation strategies to ensure the security and integrity of cloud resources. Compliance and Governance Ensure cloud security controls are compliant with relevant regulatory requirements, such as HIPAA, PCI-DSS and GDPR. Develop and maintain cloud security policies, procedures and standards. Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Position Description Company Profile: At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve. At CGI, we’re a team of builders. We call our employees members because all who join CGI are building their own company - one that has grown to 72,000 professionals located in 40 countries. Founded in 1976, CGI is a leading IT and business process services firm committed to helping clients succeed. We have the global resources, expertise, stability and dedicated professionals needed to achieve results for our clients - and for our members. Come grow with us. Learn more at www.cgi.com. This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans. We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted. No unsolicited agency referrals please. Job Title: IT Security Professional Position: Systems Engineer/ Senior Systems Engineer Experience:2 - 6 Years Category: Software Development/ Engineering Main location: Mumbai Position ID: J0525-1868 Employment Type: Full Time Job Description : Direct Responsibilities Work on the remediation titles to be actionable – good understanding of vulnerabilities Provide data cleaning rules where needed – need understanding of Databases and Scripting Coordinate with Global counterparts Automatize reporting in GCSD – experience in scripting. Work closely with regional production security teams to transition scanning & reporting activities Document SOP for operational teams (tools maintenance and IVM activities) Contributing Responsibilities Contribute to the Permanent Control framework for implementation of policies and procedures in day-to-day business activities, such as Control Plan Contribute to Internal Audit response activities. Comply with regulatory requirements and internal guidelines. Contribute to improvement of tools used by Production Security to follow-up on the Security Incidents Must Have: OWASP methodologies application is a mandatory. 2 – 4-year experience in IT Security minimum University degree, preferably in Computer Science with spec. in IT Security Experience working in an international and complex financial environment, dealing with both business constraints and IT users across countries. Good knowledge of Security scanning tools like Qualys, Nexpose, Appspider is highly appreciated along with good understanding of Kubernetes. Experience in a multi-cultural environment is appreciated. CEH or Any Security certifications are appreciated. Good To Have: Experience in Development languages and scripting is appreciated. Note: This job description is a general outline of the responsibilities and qualifications typically associated with the Virtualization Specialist role. Actual duties and qualifications may vary based on the specific needs of the organization. CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs. Your future duties and responsibilities Required Skills & Qualifications: Business skills: Architecture (Mastered) Knowledge of Data (Mastered) Computer tests (Expert) IT infrastructure (Expert) Transversal skills: Analytical capacity (Expert) Ability to lead a meeting, a seminar, a committee, a training session, etc. (Mastered) Ability to understand, explain and lead change (Mastered) Ability to define relevant performance indicators (Mastered) Ability to work with Agile methods (Mastered) Behavioral skills: Ability to share/transmit knowledge (Expert) Be results oriented (Expert) Creativity & Innovation / Ability to solve problems (Expert) Ability to collaborate / teamwork (Expert) Develop and maintain system documentation, including configuration guides, and standard operating procedures. Direct and be responsible for the implementation effort. Provide technical guidance and mentorship to team members. Assess demand for their service or technology area and develop plans to meet future capacity needs and makes recommendations to the manager. Aware of all critical changes to infrastructure and applications that could impact service delivery to their business customers. Able to work autonomously and as part of a team using strong analytical skills. Be service oriented, customer focused, positive, committed and have an enthusiastic “can do” attitude. Demonstrate a systematic and logical approach to problem-solving. Able to follow the bank’s standards, processes, and procedures. Escalating incidents internally or to 3rd party partners when required. Required Qualifications To Be Successful In This Role Bachelor’s degree in Computer Science, Engineering, or related field preferred. Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

About the Opportunity Job Type: PermanentApplication Deadline: 31 August 2025 Title Cyber Security Operational Incident Manager - Technical Consultant Department Cyber Defence Operations - GCIS Location Kingswood, Surrey, Gurgaon, Bangalore Reports To Senior Manager - CDO Level 5 > About your team Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity, and Innovation. Fidelity is a value-driven, customer-obsessed organization and in Technology we are fortunate to play a direct role in helping our clients with one of the most important aspects of their lives their financial well-being. Within the Technology function is our Global Cyber & Information Security (GCIS) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting-edge solutions to protect clients digital assets and infrastructure against evolving cyber threats. The Cyber Security Operational Incident Manager will be responding to and managing widespread security events and should have an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About your role The successful candidate will be experienced in operational security incident management, including vulnerability management, understanding the value of rigorous planning, tested procedures and playbooks and quick response to critical security incidents. This is a critical role expected to develop and maintain our operational security incident management capability and help mature our global response processes. The successful candidate will be comfortable working at a technical level, proactively suggesting improvements to the incident playbooks whilst also being able to co-ordinate our front-line CIRT team during major events. The successful candidate will be able to demonstrate understanding of incident response tools and techniques, experience in responding to and managing widespread security events and an understanding on how best to maintain CIRT teams skills and knowledge. The role will be supported by a global team of CIRT analysts who are looking at this role to provide them with direction and guidance during serious incidents. It will also be supported by a strong security leadership team and global incident management process who are keen to develop this capability. Our leadership team will be looking at this role to report on a number of key incident KPIs and provide assurance to our customers on the global operational security response process. About you Key Responsibilities Own and be accountable for security incidents; taking the lead in driving global remediation activities Ensure simple, repeatable, manual tasks are automated within the Incident Response process Ensure a best-practice program is in place to manage and maintain our security response procedures Proactively develop and deliver new incident response capabilities, tooling and processes. Develop an incident management strategy, focussing on regular reviews and exercises. Create and deliver table-top and simulated exercises focussing on areas of risk identified by our Threat Intelligence team. Ensure the operational security process is consistently maintained across our global regions, taking into account different regulatory requirements and rules. Acting as the point of contact for our global business incident management team for all security related incidents. Run Post Incident Reviews and track and manage outcomes to delivery. Experience and Skills Required Experience and strong understanding of frontline security operations Experience running a vulnerability remediation programme or overseeing vulnerability teams would be advantageous Experience running complex security incidents at a global scale Experience creating or continually improving an incident management program Strong reporting ability, with an understanding on how to tailor reports to show improvements and learnings In depth understanding of modern attack techniques and flows Clear and demonstratable understanding of NIST and MITRE Att&ck Methodologies Experience in cloud environments (Ideally Azure) Strong communication skills with evidence of being in a position responsible for taking feedback from technical teams and turning this into improvements. Banking or Finance industry related experience desirable Security Incident Management Qualifications preferred Security Incident related qualifications (e.g SANS 504) At least 3 years of experience working in an Incident Response position. Experienced responding to global complex security events Experienced using NIST or MITRE frameworks to deploy defensive plans and/or actions Experience explaining the risk of security threats and creating mitigations. Experience of general IT infrastructure technologies and principles. Experience of using vulnerability management tooling e.g Nexpose, Qualys etc. Understanding of the underlying protocols including: HTTP, HTTPS, SMTP, SQL. Understanding of Networking Architecture (OSI Model). Analytical skills Challenge the current processes Passion for the cybersecurity field Time management Able to organize others Nice to Have Certifications - Security+, Network+, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP For starters, well offer you a comprehensive benefits package. Well value your wellbeing and support your development. And well be as flexible as we can about where and when you work finding a balance that works for all of us. Its all part of our commitment to making you feel motivated by the work you do and happy to be part of our team.

The healthcare industry is the next great frontier of opportunity for software development, and Health Catalyst is one of the most dynamic and influential companies in this space. We are working on solving national-level healthcare problems, and this is your chance to improve the lives of millions of people, including your family and friends. Health Catalyst is a fast-growing company that values smart, hardworking, and humble individuals. Each product team is a small, mission-critical team focused on developing innovative tools to support Catalyst’s mission to improve healthcare performance, cost, and quality. Job Summary/Responsibilities Participate in the entire development lifecycle, from planning through implementation, security, testing, and deployment, all the way to production. Own the ideal pipeline blueprint that developers will base new applications on Own upgrades, manage systems integrations and guide tool selection. Build tools that help engineers rapidly develop new applications and have confidence that their changes will work flawlessly in production. Learn our stack inside and out, and triage cross-cutting issues in our environment. Experienced in Linux platform and shell scripting. Should be able to troubleshoot and perform installation of opensource toolsets in Linux OS. Familiar with CI/CD tools sets like Bitbucket, Jenkins and release process. Familiar with docker containers and deployment with Kubernetes. Qualification/Education Requirements Bachelor’s degree in Computer Science or equivalent. 3+ years of experience in DevOps Engineering. Public Cloud experience on AWS is a must. Experience with continuous integration platforms such as Jenkins, CodeBuild, Gitlab, etc. AWS certification is plus. Requirements Close involvement with developer communities and open-source web technologies. Strong sense of ownership and passion for engineering great products with stellar user experiences. Good background building fully automated CI/CD pipelines. Good DevOps experience, with significant time spent with web services. Experience working on various AWS services such as EKS, CloudFront, Lambda Functions etc. Experience working with Kubernetes Familiarity with agile methodology. Experience with Security and performance tools would be a plus. Key Competencies/Skills Ability to visualize automation in CI/CD. Hands-on experience on containerization platforms such as Docker, Kubernetes, EKS, ECS etc. Good programming skills with scripting languages such as Python, NodeJS, Shell Ability to learn and adapt to new technology. Good knowledge of Continuous Integration environment (i.e., Test and build systems such as CodeBuild, Jenkins, Maven, Ant) Code Quality performance tools integration with build pipelines. (SonarQube, Nessus, Qualys etc) Experience in Linux system administration Ability to follow documented specifications and plans with minimal supervision. Good verbal and written communication skills Good understanding on software development life cycle (analysis, design, coding, testing etc.,) Good experience writing Infrastructure as a Code (IaaC) – Terraform scripts

Vulnerability Identification & Assessment: Manage and oversee vulnerability scanning tools (Qualys, Tenable, Rapid7, etc.). Analyze vulnerability data from multiple sources and assess the impact on business operations. Perform risk assessments and categorize vulnerabilities based on severity and exploitability. Remediation & Risk Mitigation:Collaborate with IT and development teams to ensure timely remediation of identified vulnerabilities. Prioritize vulnerabilities based on risk to the business and potential exploitability. Track remediation efforts and ensure proper closure of security gaps. Process & Policy Development:Define and maintain vulnerability management policies, standards, and procedures. Establish workflows for vulnerability detection, reporting, remediation, and validation. Ensure compliance with security frameworks such as NIST, CIS, ISO 27001, and regulatory standards like GDPR, HIPAA, and PCI-DSS. Security Monitoring & Threat Intelligence Integration:Work with threat intelligence teams to understand emerging threats and vulnerabilities. Ensure vulnerability management aligns with incident response and threat-hunting processes. Continuously enhance detection mechanisms to improve vulnerability discovery and response. Compliance & Audit Readiness:Ensure that vulnerability management practices align with regulatory and compliance requirements. Maintain records of assessments, remediation efforts, and compliance reports for audits. Support internal and external audits related to vulnerability management. Reporting & Metrics: Develop and present vulnerability status reports to security leadership and executive teams. Track key performance indicators (KPIs) related to vulnerability remediation SLAs and risk reduction Provide insights on security posture improvements based on trend analysis. Security Awareness & Collaboration:Conduct training sessions to educate teams on vulnerability risks and remediation best practices. Work closely with DevSecOps, SOC, and infrastructure teams to integrate security best practices into the development lifecycle Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Vulnerability Management Preferred technical and professional experience Qualys

About PhonePe Group: PhonePe is India’s leading digital payments company with 50 crore (500 Million) registered users and 3.7 crore (37 Million) merchants covering over 99% of the postal codes across India. On the back of its leadership in digital payments, PhonePe has expanded into financial services (Insurance, Mutual Funds, Stock Broking, and Lending) as well as adjacent tech-enabled businesses such as Pincode for hyperlocal shopping and Indus App Store which is India's first localized App Store. The PhonePe Group is a portfolio of businesses aligned with the company's vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services. Culture At PhonePe, we take extra care to make sure you give your best at work, Everyday! And creating the right environment for you is just one of the things we do. We empower people and trust them to do the right thing. Here, you own your work from start to finish, right from day one. Being enthusiastic about tech is a big part of being at PhonePe. If you like building technology that impacts millions, ideating with some of the best minds in the country and executing on your dreams with purpose and speed, join us! Information Security Engineer Objectives of this Role:  Drive secure system configuration standards (E.g. CIS Benchmarks) implementation and vulnerability management efforts across the enterprise. Primarily in Linuxenvironments  Evaluate and drive implementation of new Information security processes, tools and technologies  Own the implemented solutions end-to-end, right from inception to deployment and monitoring to regular upkeep  Liaise with cross functional teams to increase adoption of Information security standards  Provide security event correlation use cases and logic to generate SIEM alerts  Follow-up and close Information Security incidents/exceptions  Measure and increase efficacy of Information Security initiatives  Bring a DevSecOps mindset to implementations Skills And Qualifications  3+ years’ experience in Information security operations in a Linux heavy environment  Experience with IDS/IPS systems like OSSEC, Wazhu, Suricata, Snort etc.  Experience with Elastic and Kibana  Experience with Vulnerability and Configuration Assessment and Management standards, tools/technologies like – CIS Benchmarks, CVE, OVAL, OpenVAS, Nessus, Qualys etc.  Experience with opensource Identity Management with products like Apache Syncope, OpenIAM, Gluu etc.  Hands-on experience with common Security tools in Linux  Experience with SaltStack (or any other Infrastructure as code tools)  Proficient in at least two of these languages: Python/Go/Java/Perl  Good in basic data structures/algorithms  Hands on experience on web scale production setup  Awareness of cloud technologies, networking fundamentals, Mesos, KVM/QEMU, NodeJS/React will be good to have  Ability to manage small teams PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy Working at PhonePe is a rewarding experience! Great people, a work environment that thrives on creativity, the opportunity to take on roles beyond a defined job description are just some of the reasons you should work with us. Read more about PhonePe on our blog. Life at PhonePe PhonePe in the news

Who We Are: Take-Two Interactive Software, Inc. is a leading developer, publisher, and marketer of interactive entertainment for consumers around the globe. The Company develops and publishes products principally through Rockstar Games, 2K, Private Division, and Zynga. Our products are currently designed for console gaming systems, PC, and Mobile, including smartphones and tablets, and are delivered through physical retail, digital download, online platforms, and cloud streaming services. The Company’s common stock is publicly traded on NASDAQ under the symbol TTWO. While our offices (physical and virtual) are casual and inviting, we are deeply committed to our core tenets of creativity, innovation and efficiency, and individual and team development opportunities. Our industry and business are continually evolving and fast-paced, providing numerous opportunities to learn and hone your skills. We work hard, but we also like to have fun, and believe that we provide a great place to come to work each day to pursue your passions. What You’ll Take On Analyze vulnerability scan results from scanning tools and threat intel to identify risks, prioritize remediation based on regulatory and business requirements, while leveraging the tool's capabilities for asset grouping, dynamic analysis, and reporting. Develop and execute remediation plans in close collaboration with technical teams across our Label subsidiaries (Zynga, Rockstar, 2K) and development studios documenting and tracking progress within our ticketing and workflow management system. Lead validation of remediation effectiveness through post-remediation assessments, leveraging scanning tools for rescans and confirming closure within our ticketing and workflow management system. Enforce patch compliance by tracking deployments, managing exceptions, and ensuring adherence to SLAs, utilizing our ticketing and workflow management system for assignment, tracking, and escalation of exceptions, informed by scanning tool data. Monitor and report remediation progress, providing detailed metrics, trends, and outstanding issues, generating reports directly from our ticketing and workflow management system and leveraging scanning tool data for context. Communicate remediation updates to stakeholders, addressing potential business impacts, utilizing our ticketing and workflow management system for clear communication and workflow updates. Collaborate with the broader Information Security team to align remediation with the overall security strategy, leveraging insights from our scanning and ticketing/workflow management tools to inform strategic decisions. Build strong partnerships with teams across our Labels to foster an integrated vulnerability management approach, utilizing our ticketing and workflow management system as the central platform for collaboration and tracking. Work with engineering to maintain integrations between our scanning tools and ticketing/workflow management system to ensure seamless data flow and efficient workflow automation. Develop and customize workflows within our ticketing and workflow management system to optimize the vulnerability remediation lifecycle. Create and maintain dashboards and reports within both our scanning tools and ticketing/workflow management system to provide clear visibility into the vulnerability landscape and remediation progress. Troubleshoot issues related to scanning processes, data ingestion into our ticketing system, and the overall functionality of the vulnerability management toolset. What You Bring 3+ years in a security operations role, with a focus on vulnerability management, patching, and remediation workflows. Hands-on experience with vulnerability scanners (Tenable, Qualys, Rapid7) and enterprise patching platforms (SCCM, JAMF). Strong familiarity with workflow/ticketing systems like ServiceNow, Jira, or similar — including workflow automation, dashboarding, and reporting. A deep understanding of common vulnerabilities, CVSS scoring, EPSS, KEV, threat exposure, and remediation best practices across OS, network, and application layers. Comfort working cross-functionally with infrastructure, development, and support teams to drive remediation at scale. Strong scripting or automation experience is a plus (Python, PowerShell, API integration). Excellent communication skills — able to explain technical risk to non-technical stakeholders and influence without authority. Security certifications (e.g., SecurityX / CASP+, CySA+, GEVA, ) are a plus, but not required. What We Offer You Great Company Culture. We pride ourselves as being one of the most creative and innovative places to work, creativity, innovation, efficiency, diversity and philanthropy are among the core tenets of our organization and are integral drivers of our continued success. Growth: As a global entertainment company, we pride ourselves on creating environments where employees are encouraged to be themselves, inquisitive, collaborative and to grow within and around the company. Work Hard, Enjoy Life. Our employees’ bond, blow-off steam, and flex some creative muscles – through corporate boot camp classes, company parties, our Office gaming spaces, game release events, monthly socials, and team challenges. Benefits. Benefits include, but are not limited to; Discretionary bonus, Provident fund contributions, 1+5 medical insurance + top up options and access to Practo online Doctor consultation App, Employee assistance program, 3X CTC Life Assurance, 3X CTC Personal accident insurance, childcare services, 20 days holiday + statutory holidays, Perks. Gym reimbursement up to INR1150 per month, wellbeing program with the chance to earn up to $93 per annum, charitable giving program, access to learning platforms, employee discount program’s plus free games and events! Please be aware that Take-Two does not conduct job interviews or make job offers over third-party messaging apps such as Telegram, WhatsApp, or others. Take-Two also does not engage in any financial exchanges during the recruitment or onboarding process, and the Company will never ask a candidate for their personal or financial information over an app or other unofficial chat channel. Any attempt to do so may be the result of a scam or phishing exercise. Take-Two’s in-house recruitment team will only contact individuals through their official Company email addresses (i.e., via a take2games.com email domain). If you need to report an issue or otherwise have questions, please contact Careers@take2games.com.* As an equal opportunity employer, Take-Two Interactive Software, Inc. (“Take-Two”) is committed to fostering and celebrating the diverse thoughts, cultures, and backgrounds of its talent, partners, and communities throughout its organization. Consistent with this commitment, Take-Two does not discriminate or retaliate against any employee or job applicant because of their race, color, religion, sex (including pregnancy, sexual orientation, and gender identity), national origin, age, disability, and genetic information (including family medical history), or on the basis of any other trait protected by applicable law. If you need to report a concern or have questions regarding Take-Two’s equal opportunity commitment, please contact Careers@take2games.com.

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. Skills and Competencies Working knowledge and hands on experience in three or more of the following technology areas: Intune, Autopilot, Patch Management / Vulnerability Remediation, Application Packaging, Windows Update for Business etc. Intermediate level expertise on Windows 10/11 and configuring Microsoft applications & browsers. Patch management expertise using Windows Update for business/ Auto Patch or any third-party SaaS product like Qualys Patch management. Preferred Skills: Strong understanding and experience in Vulnerability remediation using various tools. Expertise on compliance policies related to windows desktop environments. Basic understanding of security concepts (SSL, PKI, IPsec, VPNs, Firewalls, DMZ, Proxy, and cyber-attacks) is required. Automation skills - PowerShell, Python are preferred. Other programming languages are a plus. Education Qualification and Certifications: Bachelor’s degree in computer science or equivalent area of study. Industry certifications in relevant areas is a plus. ITIL Certification is highly preferred. Minimum 4 years’ experience in IT industry in relevant area. Responsibilities Support the day-to-day business operations for Windows: (HW and Software/ /Autopilot, Intune/ M365/ Mobility) as well as creation of associated operating documentation. Vulnerability remediation/Patch management/Software deployment operations. Follows standard ITIL processes and procedures related to Incident, Change, Problem Management. Work with Security team to ensure system configurations are compliant with security policies and controls standards. Ability to deal with ambiguity and drive clarity and actions Ability to summarize complex technical and business issues to the appropriate audience (technical & non-technical) Analyse metrics, logs, and system alarms to troubleshoot issues and perform preventative maintenance. Facilitate major incidents/ outage restoration calls to access application impact, notify the business, and restore system issues. Effectively and independently take on and manage tasks / work inside multiple projects simultaneously. Ensure availability outside standard working hours to foster collaboration with offshore partners. About the team The Digital Workplace Services Operations Team works at the highest systems level to provide expert advice and counsel to users, management and IT project teams for systems of the most complex nature (typically crossing function/location lines). Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law. Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

Job Title: ISMS (Information Security Management System) Location: Airoli, Navi Mumbai Key Responsibilities: ISMS Implementation & Management: Develop, implement, and maintain the ISMS framework, including policies, procedures, and guidelines based on ISO 27001 and other relevant standards. Conduct regular risk assessments to identify vulnerabilities and recommend appropriate controls to mitigate information security risks. Coordinate with other departments to ensure adherence to ISMS protocols and align information security with business goals. 2. Compliance & Audits: Ensure the organization complies with regulatory requirements related information security, privacy, and data protection. Lead internal and external audits to assess the effectiveness of the ISMS, manage audit processes, and work towards continuous improvement. 3. Documentation & Reporting: Maintain comprehensive documentation for all ISMS processes, policies, controls, and audit activities. Prepare reports for senior management, detailing the effectiveness of the ISMS and recommending improvements. 4. Continuous Improvement: Monitor industry best practices and emerging security trends to enhance the organizations security posture. Recommend improvements to the ISMS based on audit findings, risk assessments, and new business requirements. 5. Desired Traits: Proactive and self-driven. Ability to work independently as well as part of a team. Strong collaboration and interpersonal skills to engage with stakeholders at all levels. Regards, Yugant Mirajkar Human Resources Kiya.ai

Position: AWS Vulnerability Management Engineer Location: Gurugram/Bangalore Experience: 5+ years Job Description: We are seeking a highly motivated and skilled Security Engineer with 5+ years of experience to join our dynamic team. The ideal candidate will have a strong background in vulnerability management and remediation activities in an enterprise environment. This role requires a proactive approach to identifying, assessing, and mitigating security vulnerabilities to ensure the safety and integrity of our systems. Responsibilities Conduct regular vulnerability assessments and scans to identify security weakness in our systems and applications. Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in timely manner. Develop and implement remediation plans ensuring compliance with industry standards and best practices. Requires comprehensive knowledge and practical experience with one or more cutting-edge cyber tools for vulnerability assessment. Recommend security tools and solutions to improve overall security posture. Create and maintain documentation related to vulnerability management process and remediation activities. Provide support and guidance to other team members on best practices and possible remediation efforts. Generate and present regular reports on vulnerability metrics with progress and anomalies detected. Required Skills: 5+ years of experience in vulnerability management and remediation activities within an enterprise environment. Strong understanding of security principles, vulnerabilities, and remediation planning. Proficiency in Scripting and automation using python or similar. Experience with API's and integrating security tools with other systems. Strong communication and collaboration skills. Experience with vulnerability assessment tools such as SNYK, Qualys, Wiz, Container security, Prisma Cloud, and GitHub Advanced Security . Experience with security frameworks and standards such as NIST, ISO 27001, or CIS. Knowledge of cloud security best practices and experience with cloud platform such as AWS. Relevant Security certifications such as CISSP, CEH, or CompTIA Security+. About Stratacent: Stratacent is a Global IT Consulting and Services firm, headquartered in Jersey City, NJ, with global delivery centres in Pune and Gurugram plus offices in USA, London, Canada and South Africa. We are a leading IT services provider focusing in Financial Services, Insurance, Healthcare and Life Sciences. We help our customers in their transformation journey and provides services around Information Security, Cloud Services, Data and AI, Automation, Application Development and IT Operations. URL - http://stratacent.com Employee Benefits: Group medical and accidental insurance Transport facility One-time meal Continuous Learning Program Stratacent India Private Limited is an equal opportunity employer and will not discriminate against any employee or applicant for employment on the basis of race, color, creed, religion, age, sex, national origin, ancestry, handicap, or any other factor protected by law.

Category: Infrastructure/Cloud Main location: India, Tamil Nadu, Chennai Position ID: J0325-1818 Employment Type: Full Time Position Description: 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Cloud Container & Image Security Implement secure containerization strategies using tools like Docker, Kubernetes, and container orchestration platforms. Ensure container images are secure, up-to-date, and compliant with organizational security policies. Ensure cloud resources are properly configured, monitored, and secured in accordance with organizational security policies. Design and implement secure cloud image management strategies to ensure images are secure, up to date, and compliant with organizational security policies. Network Security Design and implement secure network architecture to protect cloud resources from unauthorized access. Ensure network traffic is properly monitored filtered and secured in accordance with organizational security policies. System Security Design and implement secure system configurations to protect cloud resources from unauthorized access. Ensure systems are properly patched, monitored and secured in accordance with organizational security policies. Threat Analysis and Risk Management Conduct regular threat analysis and risk assessment to identify potential security risks. Develop and implement risk mitigation strategies to ensure the security and integrity of cloud resources. Compliance and Governance Ensure cloud security controls are compliant with relevant regulatory requirements, such as HIPAA, PCI-DSS and GDPR. Develop and maintain cloud security policies, procedures and standards. Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Skills: Compliance Container Technology Network Security Threat Risk Assessment What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Category: Infrastructure/Cloud Main location: India, Tamil Nadu, Chennai Position ID: J0325-1817 Employment Type: Full Time Position Description: 5 to 10 years' experience in information security Experience in evaluation and design of technical architectures and processes Functional as well as technical knowledge of the common technical frameworks and solutions Knowledge of the Norms and Standards of the banking and cybersecurity industry Direct Responsibilities Technical Access Management / Privilege Access Management Manage and maintain technical/privilege access controls for production and development environments Ensure compliance with organizational technical access control security policies and procedures Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation Review technical access segregation between production and development environments with respective support teams Data Leakage Prevention (DLP) Create, management and maintain DLP policies to detect and prevent data leaks Deploy and maintain DLP infrastructure Collaborate with IT teams to investigate and respond to data leak incidents Identity and Access Management (IAM) Collaborate with IT teams to deploy and maintain data encryption solutions IAM team to ensure seamless integration with technical access management solutions Ensure compliance with organizational IAM policies and procedures Data Encryption Deployment & Monitoring Collaborate with IT teams to deploy and maintain data encryption solutions Ensure compliance with organizational data encryption policies and procedures Unstructured & Structured Data Discovery & Activity Monitoring Collaborate with IT teams to: Deploy and maintain unstructured & structured data discovery and activity monitoring solution Identify and classify sensitive data Monitor and analyse restricted and sensitive database activities Remediate any non-compliant finding reported Infrastructure Vulnerability Management Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure. Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented. Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status. Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives. Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins. Application Security Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. Identify and implement the latest security standards for internet facing and internal assets Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA). Perform Security risk assessments and reviews to be presented to respective committees Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider Cybersecurity Ensure the protection of WM business data with an adequate security level of WM assets based on review processes Ensure the coordination with other IT security or other actors in the region or globally Assist for a Risk Treatment for any APAC WM issue, based on the processes Identify the IT security risks in advance, record and follow-up them Define and contribute to processes from cybersecurity perspective Periodic reporting of security status to IT Security Domain Head Ensure the regular reporting for management follow-up Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed. Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents. Production Security Ensure the effectiveness and success of vulnerability management process Ensure the compliance level of the production environment and integrate to reporting IT Security Compliance (delegation on WM APAC scope) Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements Ensure the compliance with the Third-party Technology risks and the Cloud security Identify the process gaps and provide solutions Coordination with IT Security actors Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…) Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope. Coordination with the global security teams concerning integration of WM assets within production sites Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group Skills: Identity and Access Mgt (IAM) Vulnerability Management(IAVM) What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Category: Infrastructure/Cloud Main location: India, Tamil Nadu, Chennai Position ID: J0625-1351 Employment Type: Full Time Position Description: Responsibilities Direct Responsibilities Operate the log collection platforms: Monitoring of performance and capacity Monitoring of log collection coverage of various sources Update and patching of all components of the collection environment. Working with IT Production teams in case of Incidents to ensure the continuous delivery of log data Monitoring of the pipelines sending log data to the SIEM environments Alignment with Asset Management teams to keep logging baseline up to date. Build and regular update of operational KPI’s Contributing Responsibilities Support CSIRT team in investigations in case local log data is needed Technical & Behavioral Competencies Technical Skills Proven expertise of all components of the Elastic stack – Kafka, Elastic search, Log stash Expertise in Linux server administration and load balancer Familiarity with security tools and technologies such as SIEM, IDS / IPS, firewalls and antivirus systems. Ability to interpret and analyze logs generated by various systems, applications, and devices to detect. anomalies, security incidents, and unauthorized activities. Familiarity with incident response procedures and methodologies. Proficiency in using vulnerability scanning tools such as Nessus, Qualys, or OpenVAS to identify and prioritize security vulnerabilities in systems and networks. Proficiency in deploying, configuring, and managing IDS/IPS solutions to detect and prevent intrusion. and malicious activities on networks. Specific Qualifications (if required) Skills Referential Behavioural Skills: (Please select up to 4 skills) Attention to detail / rigor Ability to collaborate / Teamwork Ability to deliver / Results driven Client focused Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to develop and adapt a process Ability to understand, explain and support change Ability to set up relevant performance indicators Ability to develop and adapt a process Education Level: Bachelor Degree or equivalent Experience Level At least 5 years Other/Specific Qualifications (if required) Certification like CEH, CompTIA Security+, CISSP could be added advantage Skills: Linux Nessus What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

Responsibilities Penetration Testing: Proficiency in conducting Web Application VAPT (Black/Gray/White box) activities to identify and mitigate security vulnerabilities. Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security vulnerabilities. Proficiency in Conducting external and internal infra-Penetration testing. Assessing and scoping application security penetration test requirements. Proficient in writing end to end penetration testing report including management and technical sections. Hands on experience on penetration testing tools such as Burp Suite, Qualys, Kali Linux, POSTMAN, SOAPUI, HCL AppScan. Experience Required: Candidate must have 5+ years of relevant experience in penetration testing. Certification: Must have – CEH. Desired - eWAPT, ECSA, OSCP, GWAPT, eWPTX. Vulnerability Management: Proficient in handling Qualys vulnerability Management tool. Should have working experience on configuring the Qualys – Authentications, asset tags, asset groups, option profiles, reporting templates, policy compliance templates, scanning schedules etc. Should have basic knowledge around Qualys agent and scanner deployment. Should have experience in creating and providing vulnerability remediation updates to customer. Must have excellent customer handing and communication skills. Experience Required: Candidate must have 3+ years of relevant experience in vulnerability management using Qualys. Certification: Desired – Qualys Vulnerability Management and Qualys Policy Compliance.

SENIOR EXPERT ENGINEER role for the Vulnerability Management Services team. Designation Senior Expert Engineer Location Mumbai ( Onsite) Experience 5 to 8 years Here are the Job Responsibilities Execute vulnerability scanning and manage VM programs for clients Complete the projects within budgeted efforts and agreed timelines with high quality deliverables - Perform vulnerability scanning using different scanning solutions including SAINT, Nessus, Tenable.io, Tenable.sc, Qualys, etc. - Gain good understanding of client network architecture and infrastructure to be scanned - Be involved in threat identification, vulnerability identification and control analysis - Develop customized reports and dashboards as per client expectations - Be proactive in project planning and execution - Perform likelihood determination, impact analysis and risk determination - Showcase prioritization of risks including solution recommendation and documentation - Identify and infer the business risk posed by the weaknesses identified during the assessments - Engage with both business and technical teams within and outside the organization from a project scope definition, project execution, project closure perspectives Skills required 5+ year of experience in Vulnerability Scanning - Expertise in Vulnerability Scanning tools such as Qualys, Tenable, Rapid7, etc. - Experience with understanding and explaining vulnerabilities to stakeholders - Good knowledge of various platforms such as Windows, Linux, Unix, Mac OS, Cisco, Juniper, etc. - Insights on standards such as PCIDSS, CIS Benchmarks, etc. - Flexible in working on challenging activities and creative in problem solving - Good communication and writing skills with ability to talk fluently

Job Description WHAT YOU’LL DO We are seeking a skilled and experienced Attack Surface Reduction Analyst with a strong background in penetration testing to join our cybersecurity team. The successful candidate will be responsible for identifying potential security risks and vulnerabilities in our organization's systems, applications, and networks, performing penetration testing, and facilitating and managing third-party penetration testing engagements. Who You’ll Work With Attack Surface Reduction team helps and contribute to improve the security posture of H&M by operating within an Agile model. We play a crucial role in proactively identifying and help in mitigating potential security risks and vulnerabilities across H&M's systems, applications, and networks, with the aim of preventing unauthorized access, data breaches, and other security incidents. Key Responsibilities: Conduct comprehensive vulnerability assessments (VA) and penetration tests (PT) on H&M's systems, networks, and applications. Utilize industry-standard tools and methodologies to identify potential vulnerabilities and weaknesses in our attack surface. Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities in a timely manner. Experience in designing, implementing, and managing vulnerability management processes and workflows. Facilitate and manage penetration testing engagements with third-party vendors. Collaborate with other members of the cybersecurity team to develop and implement strategies to reduce our attack surface. Develop and maintain security policies and procedures for our organization's systems, applications, and networks. Monitor our organization's systems, applications, and networks for unauthorized access, suspicious activity, and other security threats. Stay up to date with the latest trends and developments in the field of cybersecurity, specifically related to attack surface reduction techniques. Who You Are We are looking for people with… Bachelor's degree in computer science, information security, or a related field. 6-10 years of experience in vulnerability scanning, vulnerability management, and penetration testing. Solid knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Strong knowledge of security assessment tools, vulnerability scanning, and penetration testing. Proficient in using industry-standard vulnerability assessment and penetration testing tools (e.g., Kali Distro, Qualys, Burp Suite, etc.). Familiarity with industry frameworks and standards, such as NIST, OWASP, and CIS. Effective communication skills, with the ability to clearly convey technical concepts to both technical and non-technical stakeholders. Excellent analytical, problem-solving, and communication skills. Relevant certifications, such as SANS, OSCP, OSEP, CompTIA Security+ or CREST are a plus. WHY YOU’LL LOVE WORKING HERE At H&M, we are proud to be a vibrant and welcoming company. We offer our employees attractive benefits with extensive development opportunities around the globe. We offer all our employees at H&M attractive benefits with extensive development opportunities around the globe. All our employees receive a staff discount card, usable on all our H&M brands in stores and online. Brands covered by the discount are H&M (Beauty and Move included), COS, Weekday, Monki, H&M HOME, & Other Stories, ARKET, Afound. In addition to our staff discount, all our employees are included in our H&M Incentive Program – HIP. You can read more about our H&M Incentive Program here. In addition to our global benefits, all our local markets offer different competitive perks and benefits. Please note that they may differ between employment types and countries. JOIN US Our uniqueness comes from a combination of many things – our inclusive and collaborative culture, our strong values, and opportunities for growth. But most of all, it’s our people who make us who we are. Take the next step in your career together with us. The journey starts here. We are committed to a recruitment process that is fair, equitable, and based on competency. We therefore kindly ask you to not attach a cover letter in your application. Additional Information This is a full-time position, starting in June 2025 . Apply by sending in your CV in English as soon as possible, but no later than the 30th of May 2025 . Due to data policies, we only accept applications through the SmartRecruiters or career page

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. Skills and Competencies Working knowledge and hands on experience in three or more of the following technology areas: Intune, Autopilot, Patch Management / Vulnerability Remediation, Application Packaging, Windows Update for Business etc. Intermediate level expertise on Windows 10/11 and configuring Microsoft applications & browsers. Patch management expertise using Windows Update for business/ Auto Patch or any third-party SaaS product like Qualys Patch management. Preferred Skills: Strong understanding and experience in Vulnerability remediation using various tools. Expertise on compliance policies related to windows desktop environments. Basic understanding of security concepts (SSL, PKI, IPsec, VPNs, Firewalls, DMZ, Proxy, and cyber-attacks) is required. Automation skills - PowerShell, Python are preferred. Other programming languages are a plus. Education Qualification and Certifications: Bachelor’s degree in computer science or equivalent area of study. Industry certifications in relevant areas is a plus. ITIL Certification is highly preferred. Minimum 4 years’ experience in IT industry in relevant area. Responsibilities Support the day-to-day business operations for Windows: (HW and Software/ /Autopilot, Intune/ M365/ Mobility) as well as creation of associated operating documentation. Vulnerability remediation/Patch management/Software deployment operations. Follows standard ITIL processes and procedures related to Incident, Change, Problem Management. Work with Security team to ensure system configurations are compliant with security policies and controls standards. Ability to deal with ambiguity and drive clarity and actions Ability to summarize complex technical and business issues to the appropriate audience (technical & non-technical) Analyse metrics, logs, and system alarms to troubleshoot issues and perform preventative maintenance. Facilitate major incidents/ outage restoration calls to access application impact, notify the business, and restore system issues. Effectively and independently take on and manage tasks / work inside multiple projects simultaneously. Ensure availability outside standard working hours to foster collaboration with offshore partners. About The Team The Digital Workplace Services Operations Team works at the highest systems level to provide expert advice and counsel to users, management and IT project teams for systems of the most complex nature (typically crossing function/location lines). Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law. Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

Job Title: Cyber Security Specialist Location: Ambernath, India Job Type: Full-Time Reporting : CISO, Global IT Governance About Polypeptide Group: PolyPeptide Group AG and its consolidated subsidiaries (“PolyPeptide”) is a specialized Contract Development & Manufacturing Organization (CDMO) for peptide- and oligonucleotide-based active pharmaceutical ingredients. By supporting its customers mainly in pharma and biotech, it contributes to the health of millions of patients across the world. PolyPeptide serves a fast-growing market, offering products and services from pre-clinical to commercial stages. Its broad portfolio reflects the opportunities in drug therapies across areas and with a large exposure to metabolic diseases, including GLP-1. Dating back to 1952, PolyPeptide today runs a global network of six GMP-certified facilities in Europe, the U.S. and India. PolyPeptide’s shares (SIX: PPGN) are listed on SIX Swiss Exchange. Position Overview: We are seeking a diligent and detail-oriented Cybersecurity specialist to join our cybersecurity team. This role is focused on executing vulnerability scans, analyzing results, and coordinating mitigation efforts to reduce risk across the organization. The candidate should be hands-on with tools like NMAP/ Zenmap and able to generate insightful visualizations and reports using Power BI . As the rest of the team is located in Europe (Sweden), flexibility in working times, and to be self-driven and efficient is highly rated. Key Responsibilities: Conduct regular vulnerability assessments using tools such as NMAP/Zenmap to identify security weaknesses in systems and applications. Analyze scan results, assess risk severity, and escalate critical findings to appropriate stakeholders for timely action. Collaborate with IT and application teams to ensure effective remediation of identified vulnerabilities and verify implemented fixes. Track and document remediation progress, ensuring closure of findings and proper risk mitigation. Develop and maintain reports and dashboards (preferably using Power BI) to monitor vulnerability trends, risk exposure, and key performance indicators (KPIs). Continuously improve and standardize vulnerability management processes and workflows, ensuring alignment with industry standards. Stay updated on the latest security vulnerabilities, exploits, and remediation techniques, and apply threat intelligence to prioritize risks. Work in coordination with the Security Operations Center (SOC) to address vulnerabilities associated with active threats. Participate in patch management and configuration compliance cycles, following security benchmarks such as CIS, NIST, or ISO 27001. Maintain an accurate and up-to-date asset inventory, ensuring comprehensive coverage in scanning and remediation activities. Contribute to the development of security awareness materials, particularly focused on vulnerability risks and secure practices. Create and maintain relevant documentation, SOPs, and playbooks for vulnerability scanning, triage, and response procedures. Support third-party risk assessments by evaluating external vendors' vulnerability exposure and security posture. Participate in red/blue team exercises and tabletop simulations to evaluate and improve vulnerability response readiness. Assist during audits and assessments, with occasional travel as required. Be available to contribute during U.S. operational hours at regular intervals, supporting cross-time-zone collaboration and incident response as needed. Qualifications & Requirements: Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent hands-on experience). 2–3+ years of experience in vulnerability management, security operations, or related fields. Strong hands-on experience with NMAP/Zenmap for scanning and analysis. Familiarity with vulnerability scoring systems like CVSS. Working knowledge of vulnerability management lifecycle and remediation workflows. Experience generating actionable reports and insights; Power BI experience is a plus. Strong analytical and communication skills. Strong skills in writing and speaking English Preferred Qualifications: Certifications such as CompTIA Security+, CEH, or equivalent are desirable. Experience with additional scanning tools (e.g., Nessus, Qualys) is a plus. Familiarity with security standards and frameworks (e.g., ISO 27001, NIST); NIS2 knowledge is a plus. Why Join Us at Polypeptide Group: Polypeptide Group offers an exciting opportunity to work at the forefront of peptide-based therapeutics, a rapidly growing and innovative segment of the pharmaceutical industry. As a key member of our Global IT Cyber Security and IT Compliance, you will have the opportunity to contribute to a company that is dedicated to the success of its clients and the advancement of peptide science. Join us and be part of a global organization that is shaping the future of life-saving therapies.

```html About the Company [Provide a brief introduction to the company, its mission, and culture.] About the Role [A short paragraph summarizing the key role responsibilities.] Responsibilities Qualifications: BS in Computer Science, Information Security, or a related field 6-8+ years’ experience focused in the areas of software engineering, application security, cloud security and related disciplines Solid understanding of current secure coding principles (e.g., OWASP Top10, OWASP SAMM) and Agile software development practices. Familiarity with a variety of software development & automation tools (e.g., GitHub, Jira, Jenkins, Qualys, SonarCube, Veracode, BlackDuck etc.) A good understanding of threat modeling and how to mitigate application security risks. Knowledge of vulnerability management including CVSS scoring and CVEs across open source and third-party software and supply chains. Strong understanding of various types of cloud service models (IAAS, PAAS, SAAS). In Addition, good understanding of security features in AWS, Azure and GCP Infrastructure. Good understanding of SSO, including OAUTH, SAML, Database and Mobile security experience a plus. Industry Certifications such as CISSP, CISM, AWS Certified Security, Azure Security, Google Cloud Security Engineer are considered a plus. Qualifications BS in Computer Science, Information Security, or a related field 6-8+ years’ experience focused in the areas of software engineering, application security, cloud security and related disciplines Required Skills Solid understanding of current secure coding principles (e.g., OWASP Top10, OWASP SAMM) and Agile software development practices. Familiarity with a variety of software development & automation tools (e.g., GitHub, Jira, Jenkins, Qualys, SonarCube, Veracode, BlackDuck etc.) A good understanding of threat modeling and how to mitigate application security risks. Knowledge of vulnerability management including CVSS scoring and CVEs across open source and third-party software and supply chains. Strong understanding of various types of cloud service models (IAAS, PAAS, SAAS). In Addition, good understanding of security features in AWS, Azure and GCP Infrastructure. Good understanding of SSO, including OAUTH, SAML, Database and Mobile security experience a plus. Preferred Skills Industry Certifications such as CISSP, CISM, AWS Certified Security, Azure Security, Google Cloud Security Engineer are considered a plus. P ```

Introduction At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk. Your Role And Responsibilities Expertise on Endpoint Security as in DLP, AV, EDR/EPP solutions Experience with EDR tools (e.g., SentinelOne, CrowdStrike) and anti-virus/anti-malware solutions. Proficiency in analyzing and mitigating endpoint security threats and managing endpoint protection policies. SIEM and Incident Response: Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel). Strong skills in incident response, threat hunting, and forensic investigation. Access and Identity Management: Familiarity with IAM concepts and tools, including MFA and SSO solutions. Experience with configuring and troubleshooting access control for network and endpoint systems. Automation and Scripting: Basic scripting abilities (e.g., Python, PowerShell) for automating security processes. Excellent analytical and problem-solving skills. Effective communication skills for interacting with team members and stakeholders. Ability to work in a fast-paced environment and handle high-stakes incidents. Certifications (Preferred) CompTIA Security+, Cisco CCNA Security, Certified Ethical Hacker (CEH), or other relevant security certifications. Preferred Education Bachelor's Degree Required Technical And Professional Expertise 10 years of experience in security & infrastructure administration Experience on any Products for Implementation & Operations in SIEM, Nessus, CEH, Qualys guard, Vulnerability Assessment and Penetration Testing, Network Security, Web Application Expertise of handling industry standard risk, governance and security standard methodologies and incident response processes (detection, triage, incident analysis, remediation and reporting). have shown attention to detail and interpersonal skills and expertise to oversee input and develop relevant metrics and Competence with Microsoft Office, e.g. Word, Presentation, Excel, Visio, etc Preferred Technical And Professional Experience Ability to multitask and work independently with minimal direction and maximum accountability. One or more security certifications. (CEH, Security+, GSEC, GCIH, etc).