30 Sans Jobs

Role : Principal Network Engineer Location : Hyderabad (Hybrid) Experience : 10+ Years Shift Time : 4 AM 1 PM Interested candidates can share their updated resume to jobs@inumellas.com Key responsibilities: Responsible for the implementation, testing and training of new projects and initiatives. Performs the analysis, design, and development of new LAN/WAN initiatives. Responsible for integrating business systems within the corporate information technology environment. Develops business cases for request for new or additional hardware or software. Coordinates with Management and Technology Managers/Engineers to resolve issues relating to LAN/WAN. Conducts training and mentoring sessions. Provides the highest level of support to the technical operations groups and junior level engineers. Acts as a liaison with vendors and third-party providers. Responsible for creating and maintaining documentation for all assigned Enterprise network designs. Capable of project managing complex technical projects and communicating status to Customers. Flexible person with the ability to manage stressful situations and adapt to rapidly changing environments and requirements. Ability to thrive in a fast paced, multi-cultural, customer-oriented environment. Ability to workdays, evenings, and weekends as required; 24x7 support. Exceptional documentation and communication skills. Team motivated, especially when implementing new solutions and troubleshooting issues - the entire team must be able to work with other groups (network, telecom, systems) to build an environment or resolve an issue. Ability to communicate and interact with a variety of people at different levels (must have strong "people skills" to communicate basic non-technical concepts with end users, technical skills to communicate with engineering team, etc.) Other duties as assigned by management. Design, configure, and maintain network infrastructure using network automation tools. Have a passion to find out network operations use cases and automate them using tools such as Ansible and Python. Core Networking Requirements In-depth knowledge and implementation skills of Ciscos ACI, Switching, Routing and Security products. Well versed in SDWAN Technology; in particular SD-WAN Manager (formerly vManage) & Cisco SD-WAN (formally Viptela). In-depth knowledge of Voice Over IP; experience with Cisco and Avaya VOIP Products and or VoIP standard protocols ie SIP, H323 etc. In-depth knowledge of IP Routing, Quality of Service technologies with demonstrated implementation in a large enterprise organization. Cloud networking experience strongly desired. Practical experience with AWS and/or GCP and/or Azure Knowledge of Infrastructure as Code technology to include common scripting languages. Knowledgeable in Packet capture and packet analysis. Highly knowledgeable in Dynamic routing protocols such as OSPF, BGP, EIGRP etc. Ability to effectively troubleshoot complex IP networks that support voice, data and possibly video. In-depth knowledge of F5 BIG-IP with implementation experience in a large enterprise organization or equivalent Load Balancing schemas. Knowledgeable in UCS/VDI data center environments. Familiarization in VPN/IPSEC tunnels and NAT protocols. Ability to effectively communicate with internal Operations groups, company clients and or vendors. Highly knowledgeable in IP Management for Enterprise systems. Knowledgeable in WiFi design components and WiFi implementations. Expert knowledge of LAN/WAN systems, networks, and Layer 4-8 applications As in a computer-related field, Vendor certification classes, or equivalent experience with aptitude for certification in network administration (CCNA a start, CCNP desirable and CCIE Certification a plus). Develop new ideas and technical procedures to increase automation, improve operational efficiency with network focused tooling and enhance workflow to minimize and/or eliminate manual CLI processes. Possess automation tool abilities using such tools as Python, Ansible playbooks, Json, YAML, Jinja2, Netmiko, Paramiko desired. Knowledge of Terraform and Kubernetes tools used in application deployment and lifecycle management is a plus Network Security Requirements Responsible for the design, configuration and installation of our security infrastructure, including firewalls, proxy servers and policies, and virtual private networks (VPN). Thorough understanding of the latest technologies, security principles, and protocols Complete command of dealing with security systems, intrusion detection systems, firewalls, anti-virus software, log management, authentication systems, content filtering, etc. Extremely Strong troubleshooting skills on network and security platforms is a must; ability to triage multiple, concurrent technical issues. In-depth knowledge and implementation skills Palo Alto Networks PA-7000 Series, PA-5200 Series, PA-5000 Series, PA-3000 Series, PA-800 Series running PAN OS 8.X Cisco Systems ASA5500 Series running IOS 9.X, and Check Point 12200, 21800 running Gaia R77.30 with plans to migrate to Gaia R80.10 Practical experience with Palo Alto Prisma strongly desired In-depth knowledge and implementation skills of proxy technology to include WCCP, PAC Files, specifically utilizing the Cisco WSA series proxy platform. As some Security Engineer desired skills should be around policy, risk, assessments, and recommendations regarding technology in this related field. Course of studies should include CISSP as well as SANS certifications to complement.

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Privilege Password Management CyberArk. Experience: 8-10 Years.

Skills SIEM tools (Splunk), SentinalOne, CASB tool (NetSkope), DLP OWASP, CWE, SANS, NISTGoogle, Microsoft, AWS scripting languages like Python, PowerShell security certifications (Security+, CEH, ECIH, GCIH Wireshark and packet sniffing tools (Java, Shell, JavaScript, Python threat analysis python cloud security software siem tools information security event log analysis adaptability siem planning scripting securitypeople management skill system java team work gcp leadership splunk logging aws programming communication skills architecture Education BE/B.Tech/MCA/M.Sc./M.Tech in Computer Science or related discipline Year of Experience: Minimum7 to 10 years of experience in the security domain with exposure to Security Products About the Team & Role: Position Overview: We are seeking a highly experienced and proactive Information Security Manager to lead our security initiatives. This role requires deep expertise in threat analysis, SIEM tools (Splunk, SentinelOne), and major security frameworks (OWASP, NIST). The ideal candidate will be responsible for identifying and mitigating technical risks, enhancing security tools, preparing intelligence reports, and providing technical leadership to a team. Candidates should have a minimum of 10 years in the security domain, strong experience with cloud security (Google, Microsoft, AWS), scripting (Python, PowerShell), and security event log analysis. Excellent communication and problem-solving skills are essential. Preferred qualifications include SIEM and vulnerability management experience, relevant security certifications (Security+, CEH, GCIH), and a Bachelor's degree in a related field. What will you get to do here? Initial point of contact for client requirements and operational escalation Proactively identify technical and architectural risks, and work effectively to mitigate them Research, plan, and implement new tool features to make security tools more effective and add value Prepare and present Security Intelligence Reports Provide technical direction to Associates and Analysts within the team Assist in investigations of high-level, complex violations of information security policies Report security performance against established security metrics Provide deep subject matter expertise in architecture, policy, and operational processes for threat analysis and client escalation Provide guidance and support to 3rd-level technical support, including architecture review, rules and policy review/tuning Establish and communicate extent of threats, business impacts, and advise on containment and remediation Collaborate with other BUs on security gaps and educate teams on cybersecurity importance Manage platforms and vendors What qualities are we looking for? Minimum 10 years of experience in the security domain with exposure to Security Products Experience with methodologies and tools for threat analysis of complex systems, such as threat modeling SME knowledge of SIEM tools (Splunk), SentinalOne, CASB tool (NetSkope), DLP, etc. Understanding of major security frameworks (OWASP, CWE, SANS, NIST, etc.) SME-level knowledge of the current threat landscape Experience securing applications deployed on cloud platforms (Google, Microsoft, AWS) Knowledge and experience with scripting languages like Python, PowerShell Experience with security operations program development Proficiency with security event log analysis and various event logging systems Excellent verbal and written communication skills Ability to learn and retain new skills in a changing technical environment Willingness to learn new technology platforms SIEM experience and Vulnerability Management Recognized network and security certifications (Security+, CEH, ECIH, GCIH, etc.) Experience with Wireshark and packet sniffing tools Python development experience Bachelor's degree in Computer Science, Engineering, or a related field Strong proficiency in programming languages (Java, Shell, JavaScript, Python) Excellent problem-solving skills and attention to detail Strong communication and teamwork abilities Expertise with privacy software

About the role: At ICICI Bank, Information Security Group believes in providing services to its customers in the safest and most secure manner keeping in mind that data protection for its customers is as important as providing quality banking services across the spectrum. Our support application team performs application vulnerability assessments and document vulnerabilities which were found and provides recommendations for remediation according to BFSI guidelines and industry best practices. As an Application Security Manager, you will provide guidance to the application team on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. You will work along with cross functional business teams to get closure of identified gaps and utilize escalation matrix effectively wherever necessary. You will conduct application security assessment results review and mitigation approval. You will keep abreast of new technologies to ensure that the organization remains at the forefront of security. Key Responsibilities: Support and Testing Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets with security tools like BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc. Analysis Perform in-depth analysis of VAPT results, Review assessment reports to provide risk mitigation & recommendations on that basis. Collaboration Collaborate with the application team and provide them guidance on application security best practices, support remediation effort and track open issues and follow up to ensure remediation. Educational Qualification Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent with relevant experience. Certification for OSCP is an additional advantage Compliance and Network Security Knowledge of cyber security trends & hacking techniques, MITRE ATT&CK framework with hacker mindset. Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) Key Technologies Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance, Knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends

About Marvell Marvells semiconductor solutions are the essential building blocks of the data infrastructure that connects our world. Across enterprise, cloud and AI, automotive, and carrier architectures, our innovative technology is enabling new possibilities. At Marvell, you can affect the arc of individual lives, lift the trajectory of entire industries, and fuel the transformative potential of tomorrow. For those looking to make their mark on purposeful and enduring innovation, above and beyond fleeting trends, Marvell is a place to thrive, learn, and lead. Your Team, Your Impact You are responsible for delivering the cyber security risk & compliance-related activities defined as per Marvells internal and external standards, frameworks, and attestations. As a Cybersecurity Risk & Compliance Professional, you will play a critical role in developing and implementing a world-class information security risk and compliance program to meet industry-leading practices and customer security compliance. Youll have a deep understanding of the information security risk standards, frameworks, and methodologies we can use to strengthen our risk and compliance posture. What You Can Expect Responsible for executing day to day cyber security risk, compliance, and assurance activities. Support the global cyber security certifications such as ISO 27001, ISO 27017, and TISAX. Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of ISO 27001, ISO 27017, NIST CSF, TISAX, NIST 800-171 as well as knowledge of controls related to Privacy, Compliance, Cyber and other risk domains. Effectively develop thorough testing procedures, plan and execute the testing working with relevant stakeholders, document the testing workpapers, develop a summary report, capture observations / findings, recommend action plans, obtain agreement from stakeholders on management response plans, track remediation, and execute remediation testing. Drive the implementation of the cyber security projects and assessments in the areas of governance and risk Ensure relevant security controls are embedded in the project delivery process by providing appropriate insights to project teams. Collaborate with internal and external stakeholders assessing cyber security controls. Support the collection of any necessary evidence, coordination of walkthroughs / meetings, and any needed logistics to facilitate the assessment / audit effort. Timely report status and metrics to the cyber security management team. Complete work per agreed timelines with high quality. Support extended cyber security teams efforts What We&aposre Looking For Bachelors degree in Information Technology or a related field 5-8 years of experience in cyber security audit and/ or compliance. Strong implementation or assessment experience of NIST Cyber Security Framework standards and requirements. Proven track record and experience in executing information security-related projects in a global company Experience in supporting cyber security audits by internal audit or other third parties (i.e. ISO 27001, ISO 27017, and TISAX). Experience with infrastructure operations and processes associated with IT service management in an enterprise-level organization Experience presenting to large audiences. Very good oral and written communication skills in English Preferred Certifications: CISA, CISSP, CISM, CRISC, ISO27001 Lead Implementor and Auditor, SANS Additional Compensation And Benefit Elements With competitive compensation and great benefits, you will enjoy our workstyle within an environment of shared collaboration, transparency, and inclusivity. Were dedicated to giving our people the tools and resources they need to succeed in doing work that matters, and to grow and develop with us. For additional information on what its like to work at Marvell, visit our Careers page. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Show more Show less

About Marvell Marvells semiconductor solutions are the essential building blocks of the data infrastructure that connects our world. Across enterprise, cloud and AI, automotive, and carrier architectures, our innovative technology is enabling new possibilities. At Marvell, you can affect the arc of individual lives, lift the trajectory of entire industries, and fuel the transformative potential of tomorrow. For those looking to make their mark on purposeful and enduring innovation, above and beyond fleeting trends, Marvell is a place to thrive, learn, and lead. Your Team, Your Impact You are responsible for delivering the cyber security risk & compliance-related activities defined as per Marvells internal and external standards, frameworks, and attestations. As a Cybersecurity Risk & Compliance Professional, you will play a critical role in developing and implementing a world-class information security risk and compliance program to meet industry-leading practices and customer security compliance. Youll have a deep understanding of the information security risk standards, frameworks, and methodologies we can use to strengthen our risk and compliance posture. What You Can Expect Responsible for executing day to day cyber security risk, compliance, and assurance activities. Support the global cyber security certifications such as ISO 27001, ISO 27017, and TISAX. Evaluating control effectiveness and review evidence of controls by applying audit, compliance, security, and regulatory framework knowledge and experience, including, but not limited to review of ISO 27001, ISO 27017, NIST CSF, TISAX, NIST 800-171 as well as knowledge of controls related to Privacy, Compliance, Cyber and other risk domains. Effectively develop thorough testing procedures, plan and execute the testing working with relevant stakeholders, document the testing workpapers, develop a summary report, capture observations / findings, recommend action plans, obtain agreement from stakeholders on management response plans, track remediation, and execute remediation testing. Drive the implementation of the cyber security projects and assessments in the areas of governance and risk Ensure relevant security controls are embedded in the project delivery process by providing appropriate insights to project teams. Collaborate with internal and external stakeholders assessing cyber security controls. Support the collection of any necessary evidence, coordination of walkthroughs / meetings, and any needed logistics to facilitate the assessment / audit effort. Timely report status and metrics to the cyber security management team. Complete work per agreed timelines with high quality. Support extended cyber security teams efforts What We&aposre Looking For Bachelors degree in Information Technology or a related field 5-8 years of experience in cyber security audit and/ or compliance. Strong implementation or assessment experience of NIST Cyber Security Framework standards and requirements. Proven track record and experience in executing information security-related projects in a global company Experience in supporting cyber security audits by internal audit or other third parties (i.e. ISO 27001, ISO 27017, and TISAX). Experience with infrastructure operations and processes associated with IT service management in an enterprise-level organization Experience presenting to large audiences. Very good oral and written communication skills in English Preferred Certifications: CISA, CISSP, CISM, CRISC, ISO27001 Lead Implementor and Auditor, SANS Additional Compensation And Benefit Elements With competitive compensation and great benefits, you will enjoy our workstyle within an environment of shared collaboration, transparency, and inclusivity. Were dedicated to giving our people the tools and resources they need to succeed in doing work that matters, and to grow and develop with us. For additional information on what its like to work at Marvell, visit our Careers page. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Show more Show less

About the Company: Northern Trust is a globally recognized, award-winning financial institution with a rich history dating back to 1889. As a Fortune 500 company, we pride ourselves on providing innovative financial services and guidance to successful individuals, families, and institutions worldwide, while upholding our core principles of service, expertise, and integrity. With over 130 years of experience and a team of over 22,000 partners, we leverage leading technology and exceptional service to cater to the needs of our sophisticated clients. Job Description: We are looking for an accomplished and visionary Director of Identity & Access Management (IAM) to lead our APAC IAM function. In this key leadership role, you will be tasked with defining, implementing, and overseeing the IAM strategy, architecture, and operations across the Asia-Pacific region. Success in this role requires strong people management skills, technical expertise in IAM, a track record of team building, and a deep understanding of the regulatory and business landscapes in APAC. Key Responsibilities: - Define and communicate the IAM roadmap for APAC, focusing on technology adoption, process enhancements, and team growth. - Develop and execute the APAC IAM strategy in alignment with global initiatives and regional business goals. - Collaborate with global IAM leadership and regional directors to ensure consistency and coherence across the IAM landscape. - Oversee the design, implementation, and maintenance of robust IAM solutions, including Identity Governance and Administration, Access Management, Privileged Access Management, and Customer IAM. - Drive continuous improvement in IAM processes, automation, and tooling. - Manage IAM-related incidents, problems, and changes, ensuring timely resolution and root cause analysis. - Lead, mentor, and develop a high-performing team of IAM professionals across Engineering, Operations, and Governance functions. - Conduct talent acquisition and retention efforts to ensure the team's readiness for future demands. - Lead internal and external audits related to IAM, addressing findings and implementing corrective actions. - Develop and report key IAM metrics and KPIs to measure program effectiveness and identify areas for enhancement. - Conduct regular risk assessments and implement controls to mitigate IAM-related risks. - Act as the primary IAM contact in APAC, engaging with business leaders, security teams, and stakeholders. - Communicate IAM concepts and risks effectively to both technical and non-technical audiences. Requirements: - Broad understanding of identity and access management, with expertise in identity governance and administration. - Knowledge of identity-related regulatory requirements globally. - Strong relationship-building skills and ability to leverage connections to achieve goals. - Excellent consultative, oral, and written communication skills. - In-depth functional and industry knowledge. - Analytical, problem-solving, leadership, and organizational skills. - College or University degree and/or relevant work experience required. - Industry certifications such as CISSP, CISM, CISA, Cisco, SANS preferred. Join Us: At Northern Trust, you will be part of a flexible and collaborative work culture that encourages growth and exploration. We value inclusivity and diversity, and we are committed to making a positive impact in the communities we serve. If you are excited about this opportunity, apply today and let's discuss how your skills and experience align with our mission of being a sustainable and admired company. Together, we can achieve greater things.,

As an Architect-Cyber Security with 12+ years of experience, you will be responsible for security architecture across multiple industries. Your primary tasks will include developing and managing security architecture for global companies, participating in security architecture review boards, implementing secure coding and SSDLC, and designing secure solutions based on industry standards and best practices. You should have a strong background in Azure, with experience in securing multi-tenant environments. Additionally, you must be proficient in creating current state and future state architecture diagrams, providing technical roadmap support, and staying updated on technology market trends. To qualify for this role, you need a Bachelors/Masters degree in Information Security/Systems, Computer Science, or relevant field. Possessing certifications such as CISSP, CISSP-ISSAP, Azure Architecture, or Azure Security will be advantageous. Membership in industry associations like SANS and ISACA is also preferred. If you have a passion for cybersecurity and a proven track record in security architecture, this position in Bangalore is ideal for you. Join our team and contribute to delivering cutting-edge security solutions in alignment with enterprise architecture principles.,

Position Purpose Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute to achieving the teams goal. Responsibilities Direct Responsibilities Strong expertise in application security concepts and activities like Source Code Review (SAST) & Dynamic application vulnerability scanning (DAST). Good understanding of Information Security concepts and strategies. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like Apisan, WebInspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Experience in Process Improvement, Controls Enhancement and Reporting. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Providing independent expert advice to the IT areas on application & data risk issues. Engaging with organization wide risk and control groups, including internal audit and territory control teams. Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulate appropriate remediation strategies based on a full understanding of business exposure and compensating controls. Contributing Responsibilities Monitoring and oversight of existing IT risks, working collaboratively with stakeholders in ensuring plans are managed within timescales and escalating where appropriate. Managing relationships with Business and IT teams, chairing periodic meetings and being a point of contact for escalating to wider team members. Assistance with drafting of risk acceptance statements and coordinating sign-off from business and IT stakeholders. SPOC for security architecture meetings. Technical & Behavioral Competencies Excellent Interpersonal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills. Specific Qualifications (if required) CEH, SSCP, OSCP certified. Technical Graduate (Computer Science) Preferable.

Skills SIEM tools (Splunk), SentinalOne, CASB tool (NetSkope), DLP OWASP, CWE, SANS, NISTGoogle, Microsoft, AWS scripting languages like Python, PowerShell security certifications (Security+, CEH, ECIH, GCIH Wireshark and packet sniffing tools (Java, Shell, JavaScript, Python threat analysis python cloud security software siem tools information security event log analysis adaptability siem planning scripting securitypeople management skill system java team work gcp leadership splunk logging aws programming communication skills architecture Education BE/B.Tech/MCA/M.Sc./M.Tech in Computer Science or related discipline Year of Experience: Minimum7 to 10 years of experience in the security domain with exposure to Security Products About the Team & Role: Position Overview: We are seeking a highly experienced and proactive Information Security Manager to lead our security initiatives. This role requires deep expertise in threat analysis, SIEM tools (Splunk, SentinelOne), and major security frameworks (OWASP, NIST). The ideal candidate will be responsible for identifying and mitigating technical risks, enhancing security tools, preparing intelligence reports, and providing technical leadership to a team. Candidates should have a minimum of 10 years in the security domain, strong experience with cloud security (Google, Microsoft, AWS), scripting (Python, PowerShell), and security event log analysis. Excellent communication and problem-solving skills are essential. Preferred qualifications include SIEM and vulnerability management experience, relevant security certifications (Security+, CEH, GCIH), and a Bachelor's degree in a related field. What will you get to do here? Initial point of contact for client requirements and operational escalation Proactively identify technical and architectural risks, and work effectively to mitigate them Research, plan, and implement new tool features to make security tools more effective and add value Prepare and present Security Intelligence Reports Provide technical direction to Associates and Analysts within the team Assist in investigations of high-level, complex violations of information security policies Report security performance against established security metrics Provide deep subject matter expertise in architecture, policy, and operational processes for threat analysis and client escalation Provide guidance and support to 3rd-level technical support, including architecture review, rules and policy review/tuning Establish and communicate extent of threats, business impacts, and advise on containment and remediation Collaborate with other BUs on security gaps and educate teams on cybersecurity importance Manage platforms and vendors What qualities are we looking for? Minimum 10 years of experience in the security domain with exposure to Security Products Experience with methodologies and tools for threat analysis of complex systems, such as threat modeling SME knowledge of SIEM tools (Splunk), SentinalOne, CASB tool (NetSkope), DLP, etc. Understanding of major security frameworks (OWASP, CWE, SANS, NIST, etc.) SME-level knowledge of the current threat landscape Experience securing applications deployed on cloud platforms (Google, Microsoft, AWS) Knowledge and experience with scripting languages like Python, PowerShell Experience with security operations program development Proficiency with security event log analysis and various event logging systems Excellent verbal and written communication skills Ability to learn and retain new skills in a changing technical environment Willingness to learn new technology platforms SIEM experience and Vulnerability Management Recognized network and security certifications (Security+, CEH, ECIH, GCIH, etc.) Experience with Wireshark and packet sniffing tools Python development experience Bachelor's degree in Computer Science, Engineering, or a related field Strong proficiency in programming languages (Java, Shell, JavaScript, Python) Excellent problem-solving skills and attention to detail Strong communication and teamwork abilities Expertise with privacy software

We are looking for an experienced Application Security Engineer with 23 years of hands-on experience in security testing across web, mobile, API, and cloud environments. You will perform in-depth manual and automated testing, identify vulnerabilities using frameworks like OWASP and NIST, and provide actionable remediation guidance with clear PoCs. This role involves close collaboration with development and DevOps teams to integrate security into the SDLC, support secure coding practices, and contribute to threat simulations and R&D efforts. Strong knowledge of CVSS, MITRE ATT&CK, and scripting skills (Python, Bash) are essential, along with the ability to clearly communicate security findings to both technical and non-technical stakeholders Key Responsibilities: Conduct hands-on security testing of web applications, mobile apps, cloud environments, and APIs, identifying security vulnerabilities based on industry-standard methodologies (e.g., OWASP, SANS, NIST). Evaluate the risk and severity of discovered vulnerabilities using frameworks such as CVSS and document findings with clear Proof-of-Concepts (PoCs), highlighting real-world business impact and custom remediation guidance. Collaborate with development teams to explain vulnerabilities, answer technical queries, and recommend secure coding practices and mitigation strategies. Participate in research and development (R&D) initiatives, including the discovery of new attack vectors, tooling improvements, and security automation. Contribute to secure SDLC processes, including secure design reviews, code reviews alongside DevOps and architecture teams. Assist in conducting threat simulations, adversary emulation, and red team exercises when required. Maintain awareness of emerging threats, CVEs, and vulnerability trends affecting web, mobile, and cloud technologies. Required Skills & Tools 2-3 years of hands-on experience in security testing or penetration testing across web, mobile, API, and/or network layers. Bachelors degree in Computer Science or a related technical field (or equivalent experience). Having published CVEs is considered a strong advantage. Solid knowledge of OWASP Top 10, MITRE ATT&CK, and Secure Coding Guidelines. Strong understanding of manual testing approaches — not just tool-assisted scans. Hands-on experience with reporting, PoC generation, and remediation consulting. Scripting or automation skills in Python, Bash for creating custom tools. Effective communication skills to interact with both technical and non-technical stakeholders.

As an experienced Application Security Manager, you will play a crucial role in leading our security initiatives to ensure the integrity, confidentiality, and availability of our systems and data. Your responsibilities will involve integrating security tools, standards, and processes into the product life cycle (PLC), training developers and QA personnel on security knowledge, supporting application security tool deployments, and managing periodic penetration testing exercises. You will be tasked with creating, integrating, and managing threat modeling processes/practices, following SSDLC and application framework, as well as managing secure configuration/hardening guidelines and compliance. Additionally, you will need to create and manage application security KPIs, KRIs compliance reports, and dashboards. Your role will also require hands-on experience with tools and processes related to SAST, DAST, API Security, and Threat Modelling. Furthermore, you will oversee Infosec functions by coordinating with various stakeholders such as the App Team, Vendors, Auditors, and Regulators. It is essential to have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST, as well as experience with cloud environments (AWS) and WAF (Imperva, Akamai). Knowledge of Network and Data Security is considered a plus. In terms of qualifications and experience, we are looking for candidates with 8-10 years of hands-on experience in application security. A strong understanding of application security best practices, frameworks, and security technologies is required. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes is essential. Familiarity with regulatory requirements and compliance standards, such as RBI and SEBI, is beneficial. Excellent communication, interpersonal, analytical, and problem-solving skills are important for this role. A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required, while a Master's degree or relevant certifications are preferred.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. To provide security monitoring and support to Client's technology platforms, network, applications, crew, and environments in response to incidents of varying severity and perform other security monitoring/incident response functions as needed. **Duties and Responsibilities:** - Support Client Data Loss Prevention (DLP) initiatives through monitoring and investigation of email, network, and endpoint DLP alerts. - Performs remediation actions to resolve incidents relating to violations of Client Information Security policies. - Establishes and maintains effective service relationships with business users - keeping them informed of the status of their security requests and tickets; understanding their business needs and escalating as necessary; providing non-technical answers to security questions that come in via email or hotline; and explaining the rationale behind security policies, procedures, and monitoring. - Keeps management within the department informed by communicating progress, issues, concerns, and opportunities. Assesses and immediately notifies the manager of any potential information security breach and security issues that may have a negative impact on business operations. - Identifies opportunities to improve the quality, efficiency, and effectiveness of the team. - Adheres to Client Information Security policies and departmental procedures, along with following industry best practices. - Works with other departments (within and outside of Information Security) to communicate appropriate and consistent security requirements. - Participates in the development of team and departmental objectives. - Participates in special projects and performs other duties as assigned. - Supporting the clients" team by acting as an interim team member (e.g. security officer, security manager, security analyst.) - Should independently manage the assigned project/engagement with minimal oversight/guidance from the manager. **Qualifications:** - Undergraduate degree in information/cybersecurity, an information technology-related field, or equivalent combination of training, certifications, and experience. - 4-6 years related experience. - CompTIA Security+, ISC2 CISSP, SANS, or other similar certifications are a plus but not required. - Knowledge of security concepts, theories, and best practices. - Ability to analyze and demonstrate problem resolution skills. - Demonstrated ability to work collaboratively as well as independently, with attention to detail. - Demonstrated ability to be flexible and exercise good judgment. - Demonstrated strong organization and time management skills. - Strong verbal, written, and interpersonal communication skills. - Ability to deal effectively with various levels of business unit crew and management. - Experience on Elastic SIEM, Tines SOAR, and CrowdStrike EDR is good to have. **Special Factors:** - Willing to work in a hybrid model (3 days in the office) in a rotational shift. - Weekend availability/flexibility to work weekends is a MUST. - Willing to support the US shift (Night shift),

Greetings potential candidate, We are looking for a Security Assessment & Compliance Specialist with 3-6 years of experience to join our team at Netsach, a Cyber Security Company based in Dubai. As a Security Threat Assessment & Compliance Specialist, you will be responsible for conducting testing on bank installations using focused threat-based methodologies to identify vulnerabilities, enhance Cyber readiness, and ensure security controls and system configurations adhere to compliance standards. Your role will involve collecting open source intelligence on threats, developing Cyber assessment plans, assessing The bank group installations & controls, and providing insight on IT technology assets. Key Responsibilities: - Conduct testing on bank installations using threat-based methodologies - Identify, expose, and exploit vulnerabilities to enhance Cyber readiness - Review security controls and system configurations to ensure compliance - Collect open source intelligence on threats and vulnerabilities - Develop Cyber assessment plans and conduct assessment tests - Ensure threat controls and systems are appropriately configured - Identify and track IT risks and remediate gaps through operational activities - Provide threat activity reporting and insight on IT technology assets - Manage ad-hoc review and reporting requests from stakeholders Requirements: - Bachelor's or Master's degree in Computer Science, Mathematics, or related field - Master's Degree in Business Management or equivalent - Certifications such as CISSP, OSCP, OSCE, CREST, GPEN, SANS GWAPT - 3-5 years of experience in technical Cyber security - Proficiency in Bash scripting, Perl, Python, and Machine Learning frameworks - Experience with malware scanning tools and mobile digitization platforms - Familiarity with threat modeling frameworks such as STRIDE, PASTA, and VAST - Knowledge of Cloud, DBMS, Containerization Technologies, and Microservices/API architecture - Strong technical background covering heterogeneous technologies and multiple security domains - Deep experience in vulnerability assessment, threat evaluation, and mitigation recommendations - Extensive experience with Security scanning solutions like Tenable Security Center, Tripwire, Rapid Scan, Qualys - Ability to integrate open source frameworks and solutions for unified reporting If you meet the above requirements and are passionate about Cybersecurity, we would love to hear from you. Join us in our mission to enhance Cyber readiness and ensure compliance in the banking sector. Thank you, Emily Jha emily@netsach.co.in,

Role Purpose The purpose of this role is to design the organisations computer and network security infrastructure and protect its systems and sensitive information from cyber threats Do 1. Design and develop enterprise cyber security strategy and architecture a. Understand security requirements by evaluating business strategies and conducting system security vulnerability and risk analyses b. Identify risks associated with business processes, operations, information security programs and technology projects c. Identify and communicate current and emerging security threats and design security architecture elements to mitigate threats as they emerge d. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements e. Provide product best fit analysis to ensure end to end security covering different faucets of architecture e.g. Layered security, Zoning, Integration aspects, API, Endpoint security, Data security, Compliance and regulations f. Demonstrate experience in doing security assessment against NIST Frameworks, SANS, CIS, etc. g. Provide support during technical deployment, configuration, integration and administration of security technologies h. Demonstrate experience around ITIL or Key process-oriented domains like incident management, configuration management, change management, problem management etc. i. Provide assistance for disaster recovery in the event of any security breaches, attacks, intrusions and unusual, unauthorized or illegal activity j. Provide solution of RFPs received from clients and ensure overall design assurance i. Develop a direction to manage the portfolio of to-be-solutions including systems, shared infrastructure services, applications, hardware related to cyber risk security in order to better match business outcome objectives ii. Analyse technology environment, enterprise specifics, client requirements to set a collaboration design framework/ architecture iii. Depending on the clients need with particular standards and technology stacks create complete RFPs iv. Provide technical leadership to the design, development and implementation of custom solutions through thoughtful use of modern technology v. Define and understand current state solutions and identify improvements, options & tradeoffs to define target state solutions vi. Clearly articulate and sell architectural targets, recommendations and reusable patterns and accordingly propose investment roadmaps vii. Evaluate and recommend solutions to integrate with overall technology ecosystem viii. Tracks industry and application trends and relates these to planning current and future IT needs 2. Stakeholder coordination & audit assistance a. Liaise with stakeholders in relation to cyber security issues and provide timely support and future recommendations b. Provide assistance in maintaining an information security risk register and help with internal and external audits relating to information security c. Support audit of security best practices and implementation of security principles across the organization, to meet business goals along with customer and regulatory requirements d. Assist with the creation, maintenance and delivery of cyber security awareness training to team members and customers e. Provide training to employees on issues such as spam and unwanted or malicious emails Mandatory Skills: Privilege Password Management CyberArk. Experience: 8-10 Years.

We are seeking a highly skilled and self-motivated Senior .NET Developer with deep expertise in secure application development. The ideal candidate will combine advanced .NET development skills with a strong foundation in application security, vulnerability assessments (VA), and secure coding practices (SCD). You will play a crucial role in leading a technical team, ensuring application security, and collaborating with stakeholders to deliver secure and high-performance applications. Key Responsibilities: Lead the design, development, and deployment of enterprise-grade applications using C#, ASP.NET, MVC, and .NET Core . Ensure secure coding practices in line with OWASP, SANS Top 25, and organizational standards. Conduct and guide team members in Vulnerability Assessment (VA) and Secure Code Development (SCD) . Review and implement modern security headers including CSP, HSTS, X-Content-Type-Options, X-Frame-Options, etc. Configure, optimize, and troubleshoot IIS web servers to ensure secure and high-performing hosting environments. Collaborate with application owners and conduct security-focused meetings with HODs to communicate risks, mitigation plans, and progress updates. Act as a subject matter expert during security audits, assessments, and compliance checks . Develop and maintain technical documentation , including security guidelines, server configurations, and incident reports. Mentor and lead a team of developers and security analysts to instill a culture of secure development practices. Required Skills & Qualifications: Strong hands-on experience with C#, ASP.NET, MVC, and .NET Core . Deep understanding of IIS server architecture and web application deployment best practices. Expertise in application security , including VA tools , OWASP Top 10 , SANS Top 25 , and CWE . Proficient in applying HTTP security headers and other web application security mechanisms. Excellent analytical, troubleshooting, and problem-solving skills. Strong communication and stakeholder management skills. Experience in leading teams and working in cross-functional environments. Preferred Qualifications: Certifications such as CEH , OSCP , CSSLP , or Microsoft Security Certifications . Exposure to DevSecOps practices and CI/CD security integration. Familiarity with cloud security (Azure/AWS) and containerized application security (Docker/Kubernetes).

We are seeking an experienced Application Security Specialist to join our team. As an Application Security Specialist, you will be responsible for conducting SSDLC security assessments, integrating security throughout the software development lifecycle, and ensuring that applications meet the highest security standards before deployment. Your key responsibilities will include conducting internal and third-party SSDLC risk assessments on critical assets and processes, coordinating with project teams to enforce security frameworks in all phases of the SSDLC, and preparing security effectiveness reports for management. You will also be tasked with performing SSDLC assessments aligning with security practices, ensuring that new applications undergo SSDLC assessments before induction into data centers, and defining and enhancing application security requirements for agile development and traditional architectures. Additionally, you will assist DevSecOps teams in creating secure CI/CD pipeline processes, follow up on and escalate closure of identified security gaps, and contribute to standardizing application security tools and methodologies. The ideal candidate should have at least 6 years of experience in Information Security with a focus on application and software security, along with 4 years of experience in software development lifecycle security reviews. You should also possess expertise in architecture reviews, software design reviews, threat modelling, and design flaw assessments, as well as hands-on experience with SAST, DAST, SCA, IAST, RASP, and other application analysis tools. Familiarity with OWASP, SANS, ISACA, NIST, IETF best practices is required, and the ability to develop detailed security frameworks for developers to integrate into the SDLC is essential. Preferred certifications include CISSP, CSSLP, Cloud Security Certifications, and DevSecOps Automation Certifications. If you meet these qualifications and are passionate about enhancing application security, we encourage you to apply for this position.,

Greetings, We are looking for a Security Assessment & Compliance Specialist with 3-6 years of experience to join our team at Netsach, a Cyber Security Company in Dubai. As a Security Threat Assessment & Compliance Specialist, your role will involve conducting testing for bank installations using threat-based methodologies to identify vulnerabilities, improve Cyber readiness, and review security controls and system configurations across IT systems to ensure security posture and compliance. Your responsibilities will include collecting open-source intelligence on threats and vulnerabilities related to the bank's technology stack, participating in event planning stages to develop Cyber assessment plans, ensuring that threat controls and systems are appropriately configured across the Group, identifying and tracking IT risks and gaps for remediation, providing threat activity reporting and insights on IT technology assets, and managing ad-hoc review and reporting requests from stakeholders. The ideal candidate should have a Bachelor's or Master's degree in Computer Science, Mathematics, or equivalent discipline, along with certifications such as CISSP, OSCP, OSCE, CREST, GPEN, SANS GWAPT. You should have 3-5 years of experience in technical Cyber security, proficiency in Bash scripting, Perl, Python, or R, expertise in Machine Learning frameworks and code development, familiarity with malware scanning tools, experience with mobile and digitization platforms, and knowledge of threat modeling frameworks like STRIDE, PASTA, and VAST. Moreover, you should have a strong technical background covering heterogeneous technologies and multiple security domains, deep knowledge of vulnerabilities in banking environments, expertise in threat assessment and mitigation, and experience in evaluating threats based on the latest threat landscape in EMEA & North Africa. Additionally, you should be well-versed in security scanning solutions such as Tenable Security Center, Tripwire, Rapid Scan, Qualys, and be able to integrate open-source frameworks and solutions into the Threat and Vulnerability solution environment for unified reporting. If you are passionate about Cybersecurity and possess the required skills and experience, we would like to hear from you. Thank You, Emily Jha emily@netsach.co.in,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As part of our EY-Cyber security, the EKM Team owns the Public Key Infrastructure (PKI) and is responsible for certificate lifecycle management, distribution, and key management. The Lead Info Security engineer will be a part of a team of subject matter experts to facilitate the protection of data at rest, in-transit, or in-use by providing systems of processes, technologies, and policies. We're looking for Security Analysts in the Risk Consulting team to work on various privacy/data protection related projects for our customers across the globe. As an influential member of the team, you will help create a positive learning culture, coach and counsel junior team members, and assist in their development. **Your key responsibilities include:** - Designing, developing, integrating, and deploying encryption and key management solutions both on-premises and in the cloud. - Defining business/technical strategies to reduce risk and improve the overall security posture of applications, platforms, and infrastructure. - Collaborating with stakeholders at all levels to understand security needs and prioritize the roadmap accordingly. - Ensuring projects are completed on time, within budget, and with high quality. - Supporting necessary compliance activities and developing runbooks, SOPs, and troubleshooting guides. - Continuously validating the team's products/solutions against policies, guidelines, procedures, and regulations to ensure compliance. - Supporting the client's team by acting as an interim team member (e.g., security officer, security manager, security analyst). **Skills and attributes for success:** - Being a good team player with excellent verbal and written communication skills. - Proficient in documentation and PowerPoint skills, with good social, communication, and technical writing skills. - Ability to prioritize tasks, work accurately under pressure, and follow workplace policies and procedures. - Strong analytical/problem-solving skills and the ability to work independently on projects with minimal oversight. **To qualify for the role, you must have:** - Bachelor's or master's degree in Computer Science, Information Systems, Engineering, or a related field. - At least 7+ years of experience in Information Security with subject matter expertise in PKI, CLM, HSM. - Excellent scripting skills and experience with developing SOPs, runbooks, CP/CPS. - Technical experience with a combination of CLM, KMS, and PKI services, along with Linux and Windows systems. - 2+ years of working experience in cloud technologies such as AWS, Azure, and Google Cloud Platform. - Knowledge of security technologies like Venafi, AppViewX CERT+, Luna HSM, Fortanix DSM, MS-PKI, Sectigo. **Ideally, you'll also have:** - Experience with data tokenization/data masking and leading high performing technical teams. - Security certifications such as CISSP, CISM, CRISC, AWS, Azure, SANS, etc. - Ability to provide strong customer service and willingness to work weekends and travel as required. **What we look for:** - A team of people with commercial acumen, technical experience, and enthusiasm to learn in a fast-moving environment with consulting skills. - An opportunity to be part of a market-leading, multi-disciplinary team of professionals, working with leading businesses across various industries. **What working at EY offers:** - Inspiring and meaningful projects with a focus on education, coaching, and personal development. - Support, coaching, and feedback from engaging colleagues. - Opportunities to develop new skills, progress your career, and handle your role in a way that suits you. EY exists to build a better working world, creating long-term value for clients, people, and society, and building trust in the capital markets. Join EY's diverse global teams to provide assurance, help clients grow and transform, and find new answers to complex issues facing the world today across assurance, consulting, law, strategy, tax, and transactions.,

Your Impact As part of the Product Security team, you must have a strong understanding of information security processes across product development lifecycle including secure coding principle, static code / dynamic scanning, application penetration testing, container security, cloud security, supply chain security and threat modelling the applications. You should be familiar with the industry best practices for information security policies and product security. standards. You will have the opportunity to collaborate with the product stakeholders such as product development, cloud operation, system architects, security champions, Global Information Security on the Product security process and customer escalations/support What The Role Offers Please review the below write up and highlight for any corrects Strategic Planning: Align application security initiatives with business goals; refine Product Security processes and tools. Technical Leadership: Stay updated on the latest trends and advancements in application security and apply them to continually improve the organizations security program. Recommend mitigations for vulnerabilities; manage third-party and open-source software risk. Architecture and Design: Review application designs for security best practices. Design, enhance, and advocate for the threat modelling process. Conduct threat modelling and advise product teams on implementing appropriate security controls. Security Reviews: Conduct security assessments throughout the development lifecycle. Collaborate with development teams to remediate security vulnerabilities. Code Review and Analysis: Conduct code reviews and implement automated code analysis tools. Secure Development Practices: Enforce secure coding practices, train developers in secure coding. Incident Response/Customer Escalations: Lead incident response efforts related to application security incidents. Work with cross-functional teams to investigate and remediate security breaches. Policy and Standards: Develop and enforce application security policies; ensure compliance with industry standards. Security Testing: Oversee the implementation of security testing methodologies Conduct Penetration Testing activity for applications/systems Security Awareness: Promote security awareness across engineering; conduct training for development teams on Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Collaboration: Collaborate with cross-functional teams, including development, operations, GIS, etc., to integrate security into all aspects of the software development lifecycle and improve security maturity. Documentation and Reporting: Maintain comprehensive documentation of security processes/policies; produce maturity status reports for senior management. Generate reports and conduct peer reviews. Research and Innovation: Stay informed on emerging threats and vulnerabilities, and proactively implement innovative security solutions. Vendor and Tool Evaluation: Evaluate and recommend security tools/technologies; Manage vendor relationships What You Need To Succeed 5 - 8 years of experience with the relevant technologies Bachelors degree in engineering, computer science or equivalent is preferred Industry standard best practices on application security controls, requirements, features, and specifications Application security issues, weaknesses, vulnerabilities, threats, risks, and impacts of exploitation Familiarity with Security Standards and groups (OWASP, PCI, SANS, OSSTMM etc.) Strong vulnerability assessment experience of web, mobile and thick client applications, RESTful & JSON APIs, web servers, databases, and hosting environments (cloud, off-cloud, Containers) Strong experience in manual vulnerability assessment and penetration testing Hands on experience on Application Security tools such as Fortify, WebInspect, Burp, etc. Experience in planning, researching and developing security policies, standards and procedures in line with industry best practices A natural curiosity to learn how things work, and more importantly, how they can be made to work outside of their intended purposes, (i.e. the ethical hacker mentality) Preferably to have application security penetration testing related certifications, (e.g. GWAPT, OSWE, OSCP, GPEN, CPTE, CEH, GWEB, GCIH, etc.) Highly desirable to have general information security related certifications, (e.g. CISSP, CISM, GSEC, CCSP, etc.) Should have excellent team playing and collaborative skills, to work with multiple stake holders. Strong analytical, troubleshooting, writing, communication, and consultancy skills Possess a commitment to quality and a thorough approach to work.

1)The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with the operation and construction of tools to assist in these tasks. 2)Well-versed with OWASP Top 10, SANS, NIST and WASC Threat Classifications 3)Expertise in Vulnerability Assessment and Penetration Testing of Web Applications, Networks and Cloud (AWS/Azure) 4)Expertise in Penetration testing of Mobile applications 5)Well versed in Source Code Reviews 6)Familiar with popular tools like Burp suite, Paros, OWASP ZAP, Wireshark Nessus, NTO Spider, Metasploit, Exploit DB, Kali etc. 7)Understanding of the nature and sources of security vulnerabilities, how to identify and exploit them 8)Must be CEH certified 9)Excellent communication skills written and verbal

Job Title: Sr GRC Analyst Duration: Full time role Location: Bengaluru (Hybrid) Note: Looking for immediate joiners OR who can join in at least 20-30 days of notice. Job Description: Duties: Perform vendor risk assessments against all security domains Perform technical implementation assessments from a security perspective related to vendor integrations (i.e. API integrations, SFTP integrations, etc.) to validate the secure implementation of the third party service at the client Maintain and expand Customer Trust knowledge base Support customer security assessment requests Support customer audits Skills: Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, and SOC2. Great understanding of IT control frameworks (COBIT) and IT general controls Strong knowledge of information security concepts, risk and controls concepts Strong knowledge of standards such as ISO 27001/2, NIST CSF, NIST 800-53, TSC 2017 (SOC2), PCI DSS, etc. Strong knowledge of security control domains such as Asset Management, Configuration Management, SDLC, Logging and Monitoring, Data Security, Network Security, Security Governance, Identity Access Management, Vulnerability Management, etc. Proficiency in a wide spectrum of technical security controls encompassing logical access control, encryption , data loss prevention, secure coding practices, security architecture, vulnerability management, and network security technologies. Expert in conducting Vendor risk assessments and understand risk exposure of technology deficiencies and translating them to business impact Strong domain experience in security risk assessments Working knowledge of risk treatment and exception processes Strong knowledge of Security architecture design and review including key security controls related to authorization, authentication, and encryption of data in transit/at rest Ability to configure and/or maintain 3rd party customer audit management tools (such as OneTrust Compliance Automation or a similar tool) for automated evidence collection to support customer audits is a plus Ability to configure and/or maintain 3rd party vendor risk management tools (such as OneTrust vendor assessment or a similar tool) for third party risk assessments is a plus One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer Open to learning and working on new domains and technology Good written and spoken communications skills to explain and articulate technical concepts effectively to stakeholders including system engineers, and auditors Strong attention to detail and diligence

Role & responsibilities 1. Ability to conduct Vulnerability Assessments on systems, web applications, mobile applications and network devices. 2. Have basic knowledge of Penetration Testing & Exploitation. 3. Have Good Knowledge and experience of working on Application Level and Network Level Audit. 4. Should have the understanding of OWASP Top 10, SANS Top 25, NIST and other relevant framework. 5. Should have knowledge of server-side languages (any programming language). 6. Must be Familiar with Kali, Metasploit etc. 7. Should have good knowledge of Vulnerability Assessment tools - Application (Rational Appscan, Acunetix, Netsparker, Qualys, BurpSuit etc), Network (Nessus, Nexpose, NMap, OpenVAS etc.). Preferred candidate profile 1. B. Tech (CS/IT)/BCA/MCA/BSC/Diploma (No bar for deserving candidates). 2. CEH is mandatory. CHFI, OSCP, ECSA, ISO27k LA, etc. will be an added advantage. 3. Must have Good Communication skills. 4. Must be Passionate about information security.

What you will do Let s do this. Let s change the world. In this vital role the Senior Associate Data Security Engineer role will cover Data Loss Prevention (DLP) and Data Security Posture Management (DSPM) technologies. This role will report to the Manager, Data Security. This position will provide essential services that enable us to better pursue our mission. Sr. Associate Data Security Engineers operate, manage, and improve Amgen s DLP and DSPM solutions. In our Data Security team, they will operate data protection security technologies in a rapidly changing global security sector. They will work with other engineers and business units to help craft, build, coordinate, configure, and implement critical preventive and detective security controls related to the protection of Amgen data. This engineer will play a key role in designing, deploying, and maintaining solutions to build our rapidly growing operations. Roles & Responsibilities: Maintain the service delivery and working order of Amgen data security solutions across Amgen s global enterprise Execute Amgen service management processes such as Incident Management, change processes, and service improvements for Amgen s data security technologies Assist in the design and improvement of Amgen s data security technologies and solutions. Build scripts for the configuration and the testing of the solution Manage and perform analysis of escalated DLP events, engage with the business, fulfill legal hold requests, and provide executive reporting Work with business domain specialists to collect, analyze, build, tune and automate DLP policy sets Analyze events and logs for suspicious activity and opportunities to improve posture, processes, procedures, and protections. Consult to the Incident Response team on investigations Develop automation solutions in increase response times and reduce risk of identified incidents Participate in regular meetings and conference calls with the client, IT, business partners and vendors to help ensure technical coverage for new or existing projects across the business Functional Skills: Must-Have Skills: Knowledge of Cloud Access Security Platforms (Elastica, Netskope, SkyHigh, etc) Understanding of cloud and SAAS environments (AWS, O365, Box, Salesforce, etc) Solid experience with potential to grow knowledge in Linux/Windows OS and other infrastructure systems Experience with DLP and data protection technologies for a large global enterprise Demonstrated understanding on how emerging security technologies and data flows interoperate across complex, multi-cloud systems. What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Master s degree and 1 to 3 years of experience OR Bachelor s degree and 3 to 5 years of experience OR Diploma and 7 to 9 years of experience. Preferred Qualifications: Good-to-Have Skills: Comfort with scripting (PowerShell, Python, etc) and expression development (SQL, Regex) Ability to develop documentation for Infrastructure Security implementations Basic experience with ITIL processes such as Incident, Problem, and configuration management Experience in complex enterprise environments with competing business priorities Professional Certifications (please mention if the certification is preferred or mandatory for the role): Systems Security Certified Practitioner (SSCP) or Security+ SANS Certifications Relevant vendor-specific certifications Soft Skills: Established analytical and gap/fit assessment skills. Ability to work effectively with global, virtual teams High degree of initiative and self-motivation. Ability to manage multiple priorities successfully. Team-oriented, with a focus on achieving team goals Effective presentation and public speaking skills. What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards.

Position Purpose The purpose of the position is to help with the information security topics mentioned in the direct responsibilities. Responsibilities Direct Responsibilities - Executing IT risk assessment reviews, identifying controls gaps and working in collaboration with subject matter experts to devise appropriate mitigation plans. Identifying key risk trends, issues and other insights requiring further investigation and following up with Technology as appropriate. Knowledge of Secure Development methodologies and frameworks. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. - Engaging with organization wide risk and control groups, including internal audit and territory control teams. - Working with Technology stakeholders (including Production Support and Development teams) to identify the IT risks affecting the organization and formulating appropriate remediation strategies based on full understanding of business exposure and compensating controls. Contributing Responsibilities Excellent understanding of development security and its implementation in systems: identification, authentication, access control and provisioning, alignment of jurisdiction to business process Knowledge of single-sign-on security strategies (e.g. SAML, OAUTH2, SiteMinder etc.) Excellent understanding of authentication related mechanisms (Kerberos, One Time Passwords, PKI) Good understanding of cryptography and its practical uses within secure application development Familiarity with common security vulnerabilities (e.g. OWASP Top 10) Strong technical skills required to understand vulnerabilities in detail and how to resolve/mitigate them. Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarise key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Technical & Behavioral Competencies Excellent knowledge of programming best practices, design patterns, etc. Excellent problem solving skills, being able to develop approaches to complex technology and strategy problems, building consensus across diverse interest groups and working within constraints of practical delivery yet able to think beyond the requirements of immediate issues. Well-developed written communication skills with the ability to summarize key issues, conclusions and recommendations in report form. Target audiences will include regulatory authorities and internal/external auditors. Hands-on experience in penetration testing and tools like AppScan, Webinspect, Fortify, AppSpider, BurpSuite, Qualys, Checkmarx, Coverity, Sonatype, Blackduck Well-versed in conducting Security Review, Assessments and providing recommendations. Knowledge of OWASP, SANS standards. Experience in Process Improvement, Controls Enhancement and Reporting. Excellent Inter personal and presentation skills Strong in verbal and written communication Ability to liaise with cross-functional stakeholders globally Clear understanding of application and data security Must be flexible, independent, self-motivated Good analytical skills Specific Qualifications (if required) - CEH, SSCP, OSCP certified. - Technical Graduate (Computer Science) Preferable. Skills Referential Behavioural Skills : (Please select up to 4 skills) Ability to collaborate / Teamwork Communication skills - oral & written Ability to share / pass on knowledge Active listening Transversal Skills: (Please select up to 5 skills) Ability to understand, explain and support change Analytical Ability Ability to develop and adapt a process Ability to develop and leverage networks Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Bachelor Degree or equivalent Experience Level At least 7 years