157 Sast Jobs

Hello Visionary! We know that the only way a business thrive is if our people are growing. That’s why we always put our people first. Our global, diverse team would be happy to support you and challenge you to grow in new ways. Who knows where our shared journey will take you We are looking for Product and Solution Security Expert (PSSE) How do you craft the future Smart BuildingsWe’re looking for the makers of tomorrow, the hardworking individuals ready to help Siemens transform entire industries, cities and even countries. Get to know us from the inside, develop your skills on the job. You’ll make a difference by: 1. Integration with SDLC: Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Perform security code reviews and analyze vulnerabilities during different SDLC phases. Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. 2. Security Activities: Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. 3. Stakeholder Interaction: Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization. 4. Security Tools and Technologies: Implement and manage security tools such as static and dynamic analysis tools, intrusion detection systems, and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance the organization's security posture. 5. Incident Response: Assist in the development and implementation of incident response plans and procedures. Participate in security incident investigations and provide expertise in resolving security breaches. 6. Training and Awareness: Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security. You’ll win us over by: 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred: Certified Secure Software Lifecycle Professional (CSSLP). Experience: Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. You’ll win us over by: Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. Minimum 5 years of experience in cybersecurity, with a focus on application security. We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Create a better #TomorrowWithUs! This role, based in Pune, is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow Find out more about the Digital world of Siemens here[1] www.siemens.com/careers/digitalminds Find out more about Siemens careers at[2] www.siemens.com/careers

Hello Visionary ! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. We are looking for a highly skilled and motivated Product & Solution Security Professional to join our team. The ideal candidate will be responsible for defining secure design principles and supporting cross-functional teams to ensure secure architecture, implementation, and testing of products and solutions. Key Responsibilities Integration with SDLC Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. Perform security code reviews and analyze vulnerabilities during different SDLC phases. 2. Security Activities Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. Stakeholder Interaction Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization . 4. Security Tools and Technologies Implement and manage security tools such as static and dynamic analysis tools and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance product’s security posture. 5. Training and Awareness Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security . Skills and Qualifications 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred CEH, Certified Secure Software Lifecycle Professional (CSSLP) or equivalent. Experience Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. 7 - 10 years of experience in cybersecurity, with a focus on application security. Make your mark in our exciting world at Siemens . This role, based in Bangalore , is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow We’ll support you with Hybrid working opportunities. Diverse and inclusive culture. Variety of learning & development opportunities. Attractive compensation package. Find out more about Siemens careers at www.siemens.com/careers

Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world. The ability to be a team player, Strong communication collaboration Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Application Security, Threat Modelling, Secure Code Review, Penetration Testing, Vulnerability Testing, SAST (Static Application Security Testing), DAST (Dynamic Application security Testing), DevSecOps Implemented Clean Code principles, JUnit’s * Java development, JavaScript, Python, Ruby, C++/C#, Perl etc Must have strong business acumen with ability to work with application development, QA and security teams. A strong understanding of application security frameworks The ability and skill to train other people in procedural and technical topics As a Security Consultant, you will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs Preferred technical and professional experience Must have a solid understanding of application security code reviews and penetration testing & Experience with enterprise java technologiesSpring, JUnit, Hibernate 4+ years' experience in application development and security. Practical understanding and use of commercial application security tools

Job Summary Proven hands on experience in Cloud Security technology and suites with Platforms GCP Azure OCI GCP and Kubernetes is a must Hands on experience and expertise with Prisma Cloud suite with CSPM and Compute modules CI or CD pipeline integration and security tooling SAST DAST OSS scanning Strong understanding of Kubernetes architecture clusters workloads RBAC networking auto scaling deployment Familiarity with cloud native DevOps environments Azure OCI and GCP Responsibilities Hands on experience working with various Cloud platforms GCP Azure and OCI GCP is a must with an understanding of native controls suite part of Google. Drive Cloud security initiatives around particularly around Prisma Cloud controls into CI or CD workflows runtime and CSPM. Define and enforce policies for secure build and deploy processes across cloud and various enforcement points CI or CD CSPM Runtime Gatekeep policies Azure tenant policies Assess and monitor Kubernetes environments for misconfigurations and risks Respond to security alerts and recommend remediation strategies Partner with DevOps and engineering to strengthen security posture across SDLC Strong understanding of cloud-native security concepts including network security identity and access management IAM container security vulnerability scanning threat management and incident response.

What You'll Do Join us in building a secure, scalable, and experienced platform to support Avalara's expanding business and global customer base. As a Senior Application Security Engineer , you'll work with world-class engineers and architects to ensure security is embedded in everything we buildboth in today's systems and the future of our architecture. This role is perfect for someone passionate about automation, cloud-native security, and AI-driven application defense . You'll help shape the future of Avalara Security , driving security as code, ensuring automation-first practices, and integrating modern AI tooling into security workflows. You understand the value of developer empathy, moves quickly without sacrificing quality, and excels in an environment that combines startup energy with enterprise scale. Job Responsibilities You will build, maintain, and continuously improve an automated security pipeline framework integrated into our CI/CD environments. You will lead development of Infrastructure-as-Code and Policy-as-Code for application security enforcement and consistency across environments. You will evaluate and integrate security tools (SAST, DAST, SCA, CSPM, EDR) and AI-based solutions into engineering workflows and CI/CD pipelines. You will provide applicable guidance and mentorship to development and Avalara Security engineering teams on secure development best practices. Investigate, prototype, and apply AI/ML-based solutions for application behavior analysis, anomaly detection, and threat hunting. Promote security by design across the organization, and help foster a security-first culture. Contribute to the continuous refinement of the SDLC to ensure security is smooth, consistent, and measurable. What You'll Need to be Successful Required Qualifications 8+ years of experience in application security, secure software development , or security engineering. Strong programming proficiency in Python and GoLang (hands-on). Experience with secure SDLC practices and CI/CD pipeline integration. Strong hands-on experience with Kubernetes , container security, and cloud infrastructure security preferably AWS and GCP . Experience with Infrastructure-as-Code (IaC) tools like Terraform or CloudFormation. Working knowledge of cryptographic protocols and standards: TLS, OAuth, SAML, JWT , etc. Familiarity with Git , modern source control practices, and agile development methodologies. Experience working with a broad range of security tools , including: Tenable , Wiz (Cloud Security Posture Management) Checkmarx , Mend (SAST, SCA) Acunetix , Burp Suite (DAST) CrowdStrike (EDR/XDR) Bachelor's Degree in Computer Science, Engineering, or a related field. Proven experience contributing to security automation efforts within a security organization like Avalara Security . Experience with AI/ML tools and frameworks applied to application security or behavior analytics. Security certifications such as OSWE, CSSLP, AWS Security Specialty, or Kubernetes Security Specialist. Passion for enabling developer-friendly security solutions and maximum automation.

Here's an updated version of the job description, incorporating your specified details: Staff Product Security Engineer (Embedded & IoT) Work Flexibility: Hybrid Work Mode: Hybrid Location: Bengaluru Work Flexibility Definitions: Remote Role allows you to work the majority to 100% of time from an alternate workplace. These roles could have travel expectations, and you must work within the country of the job requisition location. Field-based – You can expect to regularly work a majority to 100% of time at customer facilities and has a set territory or expectation to travel within a set boundary. Almost all sales roles would likely be qualified as field-based. Onsite – Role is 100% located at a company facility. Some ad hoc flexibility may be available depending on role, level, and job requirements. Manufacturing roles and any role that requires physical presence at the office would qualify under this category. Hybrid – You can expect to regularly work in both an alternate workplace and a company facility. Roles that are partially remote or co-located would qualify as hybrid, and the expectation to be on site would be defined and agreed upon by your manager/supervisor. What you will do: Provide technical leadership and guidance to a team of Web, Embedded, and IoT Security engineers. Execute and oversee Penetration Testing and Vulnerability Assessment activities for Embedded Systems and IoT devices. Leverage DevSecOps to embed security testing ( SAST, DAST, Host Scanning, ATO Scanning, SBOM Generation ) into all phases of the Software Development Life Cycle (SDLC). Develop/review technical documentation (procedures/work instructions/guidance documents) for technical services. Develop and maintain comprehensive test plans, methodologies, and tools for security testing. Conduct in-depth analysis of security vulnerabilities and propose mitigation strategies. Collaborate with cross-functional teams to design and implement secure Embedded and IoT solutions. Lead the Software Bill of Materials (SBOM) Management program , ensuring accurate identification and documentation of software components and dependencies. Drive continuous improvement initiatives related to Embedded and IoT security, testing, and vulnerability management. What you need: Required Qualifications: Bachelor's or Master’s in Computer Science Engineering or a related field. 4 to 10 years of experience in product security, with a strong focus on embedded systems and IoT . Experience with threat modeling, risk assessment , and security architecture reviews for Embedded Systems and IoT solutions. Proficiency in C, C++, and Python programming languages. Familiarity with relevant security standards and frameworks such as OWASP, NIST Cybersecurity Framework , and ISO 27001 . Solid understanding of software development lifecycles and methodologies, particularly in the Embedded Systems and IoT context. Preferred Qualifications: Proficiency in using security testing tools such as Burp Suite, Wireshark, Nessus, and Metasploit , and experience applying DevSecOps principles. Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby, or Python. Understanding of Cloud-based environments like Azure and AWS . At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams. Additional Details: Travel Percentage: 10% Mode of Interview: Face-to-Face

Job Description: Experience: At least 6 years in static code analysis/SAST (Static Application Security Testing), secure coding, and software development. Technical Skills: Proficiency in static code analysis tools (e.g., SonarQube, Veracode, Checkmarx) and experience with secure code review of multiple programming languages, including: Java Python .NET/C# C/C++ Code Review Skills: Ability to read and understand source code across various programming languages and tech stacks, troubleshoot false positives, and confirm genuine issues. Secure Coding Knowledge: Strong understanding of secure coding practices, including OWASP Top 10, SANS 25, and CWE, applicable to cloud and non-cloud environments. Communication and Collaboration Skills: Excellent communication and interpersonal skills, with the ability to: Effectively explain complex technical concepts to non-technical stakeholders Collaborate with developers across multiple teams to drive remediation efforts Facilitate training and awareness programs for developers Work independently and as part of a distributed team

T itle- Security SAST/SCA/DAST Job Description- Roles and Responsibilities: Perform SAST/SCA/DAST scans using industry vulnerability scanner SAST/SCA Veracode, using supplied compiled binary, configure scan platform to correct scan for both static code CWE's as well as SCA derived CVEs. Work will include coordination with app owner to ensure all branches of code are included in compiled binary file. DAST Work begins with crawling the target application to identify existing directory and file structure. Once identified, execute DAST scan using HCL product to identify dynamic issue only visible during code execution. Primary / Mandatory skills: Overall 8+ years of IT experience 7+ years of application security Experience 5+ years of Application Security testing Experience Bachelor's degree required. Deep familiarity with the OWASP Top 10 and other security concerns for web applications Deep Understanding of OWASP Application Security Verification Standards (ASVS) Deep understanding of SAST, DAST, SCA Scanning practices Experience in scanning leveraging Veracode, Appscan.or other enterprise tools. Understand how to interpret and assess CVEs (Common Vulnerability and Exposures) and CWEs (Common Weakness Enumeration) as found by scanning tools. Understanding of SAST, DAST tools and dependency scanning tools Experience working/integrating with secret management systems. Advanced knowledge of front-end and back-end web application development in at least one technology stack (.NET, Java, PHP, Ruby/Rails, Angular, Node.js, etc.) Track record of staying current with trends, techniques, tools, and processes that drive improvement of security posture of applications. Strong documentation skills Excellent verbal and written communication skills, with proven technical writing abilities (English language proficiency required) Team-oriented thinking with demonstrated ability to produce high-quality work as part of a fast-paced, dynamic team. Proven ability to communicate, collaborate, and present effectively with teams and individuals in different disciplines or areas. Technical Skills: SAST, DAST, SCA Must have skills: Application Security/SAST/DAST/SCA

Introduction to IBM Consulting Client Innovation Centers In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers). These centers are where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology. Your Role and Responsibilities Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices. Education Required Education: Bachelor's Degree Preferred Education: Master's Degree Technical and Professional Expertise Required Technical and Professional Expertise: BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with minimum 5 plus years of experience. Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modelling: Ability to conduct threat modelling sessions to identify and mitigate security risks. Preferred Technical and Professional Experience: Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing. Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

IBM is seeking an experienced software engineer with competencies in Full Stack development . You will build, deploy, and maintain cloud microservice applications and tools that interact with the CIO's asset management systems in order to streamline our asset management processes and deliver exceptional user experience. Responsibilities:: * Front-end technologyExpertise in front-end technologies, including JavaScript, CSS3 and HTML5. Transform UX design prototypes into HTML/CSS web designs and implement with the appropriate front end programming language (Vue.js/React.js). * Develop, deploy, monitor and maintain backend micro-services in Java utilizing Spring framework on RedHat Openshift using the 12 factor application development methodology. * Develop, deploy, monitor and maintain front-end micro-services in Vue.js framework on RedHat Openshift using the 12 factor application development methodology. * Assist in design and architecture decisions for the systems and their interaction via APIs with other systems. * Configure and manage the security and observeability of deployed applications using various log analytics and application performance monitoring (APM) tools, including but not limited to LogDNA, Instana, Dynatrace, Grafana, and Splunk. * Build and maintain the necessary DevSecOps pipelines to implement Continuous Integration and Continuous Delivery. Familiarity with Maven, TravisCI, Selenium, GitOps, SAST, DAST and other DevSecOps tools is highly desirable. * Work in a global collaborative team environment. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Strong hands-on coding skills with a focus on full-stack web application development. JavaScript experience Required. A creative and precise problem solver. Familiar with cloud-native application development. Familiar with application performance concepts. Bachelor’s degree in computer science or computer engineering. English language fully required (advanced level).

As an Application Security Specialist,youll play a vital role in building secure systems from the ground up. Workingclosely with engineering, compliance, and DevOps teams, you will ensure ourapplications meet rigorous security and regulatory standards across globaljurisdictions. Your Impact on the Mission: Integrate security into the Software Development Lifecycle (SDLC) , embedding security controls at every phase. Conduct threat modeling , secure code reviews , and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR , NIS2 , PCI-DSS , and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain , improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience ofcloud-native and third-party platforms. What Youll Bring to The Table About You: 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10 , SAST/DAST , threat modeling , and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite , OWASP ZAP , SonarQube , Checkmarx , or similar. Preferred Certifications Industry-recognized certifications are a plus, including: OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks Compliance Working knowledge of: OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation

Role: * Design and implement security solutions using OWASP principles. Expertise in OWASP, SAST/DAST, OAuth2, SAML, and GDPR compliance is essential. Prior experience in banking or fintech domains preferred. cc: recruitment@fortitudecareer.com Flexi working Work from home

Static Code analysis Static/dynamic testing of mobile applications Vulnerability Assessment Penetration Testing. SAST Penetration testing Vulnerability Assessment

Need overall AppSec skills (SAST, DAST, Penetration testing) +Mobile app testing skills (Android, ioS). We should look for a candidate who has deep and diverse hands on exp in above skills. Also, The professional is expected to perform the application security activities - Static code assessment/ manual testing including mobile application testing for android and iOS apps.

Here's a reframed job description for an Application Security Engineer, keeping your specifications in mind: Security Engineer - Application Security Location: Bengaluru (Hybrid Work Mode) Experience: 6-11 Years We are seeking a highly skilled and experienced Security Engineer specializing in Application Security with 6-11 years of dedicated experience to join our team in Bengaluru . This role offers a hybrid work mode , combining the flexibility of remote work with in-office collaboration. As an Application Security Engineer, you will be instrumental in embedding security throughout our Software Development Lifecycle (SDLC). You will work closely with development teams to identify, remediate, and prevent security vulnerabilities in our applications, ensuring our products are built securely by design and default. Key Responsibilities: Integrate security best practices into the entire Software Development Lifecycle (SDLC), from design and development to deployment and maintenance. Conduct comprehensive threat modeling and security risk assessments for new and existing applications, identifying potential vulnerabilities and recommending appropriate controls. Perform various security testing activities , including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and manual code reviews. Collaborate directly with development and DevOps teams to provide secure coding guidelines, remediate identified vulnerabilities, and implement automated security checks in CI/CD pipelines. Review application architecture and designs to ensure security principles are integrated from the initial stages. Evaluate, implement, and manage application security tools and technologies to enhance our security posture. Develop and deliver security awareness training and secure coding practices to engineering teams. Stay current with the latest application security threats , vulnerabilities, attack techniques, and remediation strategies. Participate in security incident response activities related to application vulnerabilities as required. Contribute to the continuous improvement of our application security policies, standards, and processes. Required Qualifications: 6-11 years of progressive experience specifically in Application Security, Secure SDLC, or a similar role. Bachelor's degree in Computer Science, Information Security, or a related technical field. Proven experience working in Agile/DevOps environments. Mandatory Skills: Secure SDLC & DevSecOps: Deep understanding and practical experience in embedding security into all phases of the SDLC and integrating security practices into DevOps pipelines. Threat Modeling: Proficiency in applying threat modeling methodologies (e.g., STRIDE, DREAD) to identify and prioritize application security risks. Application Security Testing: Hands-on experience with SAST, DAST, and SCA tools (e.g., SonarQube, Fortify, Checkmarx, Veracode, OWASP ZAP, Burp Suite, Dependency-Check, Snyk). Secure Coding Practices: Strong knowledge of secure coding principles and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25), with the ability to perform manual code reviews across various programming languages (e.g., Java, Python, Node.js, .NET). Web Application Security: Extensive experience with web application security concepts, common attack vectors, and defense mechanisms. Cloud Security: Familiarity with cloud security principles and best practices for applications deployed on cloud platforms (e.g., AWS, Azure, GCP). API Security: Understanding of API security best practices, authentication, and authorization mechanisms. Container Security: Knowledge of containerization (Docker) and orchestration (Kubernetes) security considerations. Vulnerability Management: Experience in vulnerability assessment, prioritization, and remediation tracking. Communication & Collaboration: Excellent written and verbal communication skills, with the ability to effectively communicate complex security issues to technical and non-technical stakeholders.

Senior Data Engineer - Enterprise Data Platform Get to know Data Engineering Okta s Business Operations team is on a mission to accelerate Okta s scale and growth. We bring world-class business acumen and technology expertise to every interaction. We also drive cross-functional collaboration and are focused on delivering measurable business outcomes. Business Operations strives to deliver amazing technology experiences for our employees, and ensure that our offices have all the technology that is needed for the future of work. The Data Engineering team is focused on building platforms and capabilities that are utilized across the organization by sales, marketing, engineering, finance, product, and operations. The ideal candidate will have a strong engineering background with the ability to tie engineering initiatives to business impact. You will be part of a team doing detailed technical designs, development, and implementation of applications using cutting-edge technology stacks. The Senior Data Engineer Opportunity A Senior Data Engineer is responsible for designing, building, and maintaining scalable solutions. This role involves collaborating with data engineers, analysts, scientists and other engineers to ensure data availability, integrity, and security. The ideal candidate will have a strong background in cloud platforms, data warehousing, infrastructure as code, and continuous integration/continuous deployment (CI/CD) practices. What you ll be doing: Design, develop, and maintain scalable data platforms using AWS, Snowflake, dbt, and Databricks. Use Terraform to manage infrastructure as code, ensuring consistent and reproducible environments. Develop and maintain CI/CD pipelines for data platform applications using GitHub and GitLab. Troubleshoot and resolve issues related to data infrastructure and workflows. Containerize applications and services using Docker to ensure portability and scalability. Conduct vulnerability scans and apply necessary patches to ensure the security and integrity of the data platform. Work with data engineers to design and implement Secure Development Lifecycle practices and security tooling (DAST, SAST, SCA, Secret Scanning) into automated CI/CD pipelines. Ensure data security and compliance with industry standards and regulations. Stay updated with the latest trends and technologies in data engineering and cloud platforms. What we are looking for: BS in Computer Science, Engineering or another quantitative field of study 5+ years in a data engineering role 5+ years experience working with SQL, ETL tools such as Airflow and dbt, with relational and columnar MPP databases like Snowflake or Redshift, hands-on experience with AWS (e.g., S3, Lambda, EMR, EC2, EKS) 2+ years of experience managing CI/CD infrastructures, with strong proficiency in tools like GitHub Actions, Jenkins, ArgoCD, GitLab, or any CI/CD tool to streamline deployment pipelines and ensure efficient software delivery. 2+ years of experience with Java, Python, Go, or similar backend languages. Experience with Terraform for infrastructure as code. Experience with Docker and containerization technologies. Experience working with lakehouse architectures such as Databricks and file formats like Iceberg and Delta Experience in designing, building, and managing complex deployment pipelines.

The Senior Manager of Information Security (External Role Description Application / Product Security Architect) will report to the Chief Information Security Officer. As a leader in the Information Security organization, this role will lead the task of refining, managing and executing strategic product/application security roadmap that is based on industry standard software security frameworks. You will plan, implement and track key initiatives focused on product / application security strategy, metrics, compliance, policy, developer awareness, training and stakeholder engagement. You will work closely with multiple teams that make up Information Security, Product Management, Engineering, Legal, Risk and Compliance to improve product / application security controls and drive impactful change to the team and its members. Responsibilities: Bring a deep background and broad experience in Information Security, Application Security, & Application Development or related business areas. Lead a team of high performing individuals who create remediation plans, perform security reviews, and recommend security solutions to meet current and future needs for HMH products and applications. Drive the development and implementation of product and application standard security review processes that result in effective methods for reducing security risks before product releases. Demonstrate an ability to influence all project and portfolio stakeholders; communicate relevant security information to both executive leaders and individual contributors in an effective manner. Accountable for all aspects of staff management, hiring, coaching, training, performance reviews and recommending pay actions and promotions for the Security Engineering team Provide input into the Information Security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite of HMH. Collaborate closely with the Architecture teams Demonstrated experience handling the demand/supply of project and program resources and tracking allocation. Track policy exceptions and remediation dates through active engagement with development teams and operations teams. Partner with Audit teams to periodically audit controls and secure coding practices being followed by development teams. Staying abreast of latest cyber security threats both internal and external Oversee projects, program delivery, daily monitoring, response; review of cloud infrastructure, physical infrastructure, and the full life cycle of alerts through incident response; and the threat landscape to ensure ongoing and continued maturity of the organization's security controls in addition to service support Drive operational efficiency and excellence leveraging tools, process and automation with appropriate and transparency visibility and metrics that can meet SLAs/SLOs Support and implement controls and visibility to meet third party attestations (SOC2, ISO27001, GDPR, SOX) Balance being collaborative, open, and approachable while still being firm on security policies and in facilitating progress and compromise What you should have: 5 to 6+ years hands-on experience in application security utilizing SAST, DAST, IAST, RASP and WAF. 5+ years of application engineering, architecture or development management experience Proficient analyzing ambiguous problems, compelling communicator with the ability to receive and analyze information, translating security risk to business risk to driving actionable decisions across multiple levels and departments Experience in leading application security remediation work, leading the mitigation initiative to accommodate the developer community priority. Proficient experience with common web application attack vectors and related mitigation strategies that translate to controls within the organization You are highly organized. With many people doing many things in a fast-moving company, strong organizational skillsboth for yourself and for the teamwill be required

Primary Skill Roles and responsibilities Work within the Cyber security domain, focusing on the Automated security testing part of our services and improving overall security posture of products and systems for assigned business domain. You will be part of an agile team, constantly improving and automating the security posture of the cloud infrastructure at IKEA. You will partner with and support the IKEA engineering community to build secure infrastructure at scale. You will perform threat modeling and security risk assessments. Understanding of security compliance requirements such as GDPR, NIS2, ISO27000. You will build and operate reliable tooling to increase the visibility of cloud environments and remediate security misconfigurations. You will be a valued member of the team, providing sound perspectives on infrastructure security as well as secure software development. You will be part of the IKEA Cyber Security organization, with a lot of room to grow and develop your skills, knowledge, and experience. Experience utilizing CI/CD practices to Automate security testing tools like SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC scanning or Container scanning tools in GitHub, Azure DevOps etc. Secondary Skill Experience in cloud native environments and preferably Google Cloud Platform or Azure. Experience in working with REST APIs and API security. You have good infrastructure security experience and are passionate about reducing security risks in the cloud. You have experience with threat modeling, security design reviews, and security architecture. Experience with CI/CD pipelines (preferably Github actions), Kubernetes and infrastructure Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders.

Role & responsibilities Perform Dynamic Application Security Testing (DAST) on web applications and APIs (manual and tool-based). Analyze DAST scan results, identify and prioritize vulnerabilities based on risk. Participate in triage meetings with application teams to explain and document findings. Lead deep API security testing (REST, SOAP, GraphQL), identifying flaws like BOLA, token leakage, replay attacks, etc. Conduct manual penetration testing using offensive tools and custom payloads. Craft custom exploit chains for vulnerabilities such as deserialization, command injection, and broken access controls. Maintain custom scripts, payloads, and test cases to simulate real-world attacker scenarios. Possibly perform Static Application Security Testing (SAST) and understand differences from DAST. Document testing procedures, findings, and remediation efforts. Communicate security findings to both technical and non-technical stakeholders. Collaborate with DevOps, developers, and security teams to address issues. Participate in process improvements and develop long-term testing strategies. Preferred candidate profile 5 to 7 years of hands-on experience in web application security testing. Strong knowledge in: Web & API penetration testing. DAST & SAST methodologies. API security concepts and testing. Proficiency in offensive security tools and Kali Linux tools (e.g., SQLMAP, Dirbuster). Experience in identifying and exploiting common vulnerabilities (SQL Injection, XSS, CSRF, etc.). Understanding of HTML, JavaScript . Bonus for experience with: Front-end tech: .NET, Java Back-end tech: Oracle Mobile or IoT app testing. Bug bounty programs. Familiarity with tools like: DAST: Burp Suite, NetSparker SAST: Checkmarx, Veracode, Fortify Clear written and verbal communication skills. Any relevant certifications (e.g., OSCP, OSWE, GWAPT, CREST) are a plus. Experience with Red Teaming/adversary emulation is a strong advantage.

Roles and Responsibilities Conduct SAST, DAST, SCA, and PT analysis on software applications to identify vulnerabilities and weaknesses. Collaborate with development teams to remediate identified issues and implement security patches. Develop expertise in multiple programming languages such as Java, Python, C++, JavaScript, HTML/CSS. Provide technical guidance on application security best practices to team members. Participate in code reviews to ensure adherence to coding standards.

Role & responsibilities Experience: At least 6 years in static code analysis/SAST (Static Application Security Testing), secure coding, and software development. Technical Skills: Proficiency in static code analysis tools (e.g., SonarQube, Veracode, Checkmarx) and experience with secure code review of multiple programming languages, including: Java Python .NET/C# C/C++ Code Review Skills: Ability to read and understand source code across various programming languages and tech stacks, troubleshoot false positives, and confirm genuine issues. Secure Coding Knowledge: Strong understanding of secure coding practices, including OWASP Top 10, SANS 25, and CWE, applicable to cloud and non-cloud environments.

locationsGURGAON, IND time typeFull time posted onPosted 4 Days Ago job requisition idR1147923 . We are seeking an experienced DevOps Engineer to join our team. In this role, you will be responsible for designing, implementing, and maintaining secure cloud infrastructure using cloud-based technologies, including Oracle and Microsoft platforms. You will build and support scalable and reliable application systems and automate deployments. Additionally, you will integrate various systems and technologies using REST APIs and automate the software development and deployment lifecycle. Leveraging automation and monitoring tools, along with AI-powered solutions, you will ensure the smooth operation of our cloud-based systems. Key Areas of Responsibility Implement automation to control and orchestrate cloud workloads, managing the build and deployment cycles for each deployed solution via CI/CD. Utilize a wide variety of cloud-based services, including containers, App Services, API , and SaaS-oriented integration. GitHub and CI/CD tools (e.g., Jenkins, GitHub Actions, Maven/ANT). Create and maintain build and deployment configurations using Helm and Yaml. Manage the software change control process, including Quality Control and SCM audits, enforcing adherence to all change control and code management processes. Continuously manage and maintain releases, clear understanding of release management process Collaborate with cross-functional teams to ensure seamless integration and deployment of cloud-based solutions. Problem-solving, teamwork, and communication to emphasize the collaborative nature of the role. Perform builds and environment configurations. Required Skills and Experience 10+ years of overall experience, with at least 5 years in DevOps. Expertise in automating the software development and deployment lifecycle using Jenkins, Github Actions, SAST, DAST, Compliances, and Oracle ERP DevOps tools. Proficient with Unix Shell Scripting, SQL*Plus, PL/SQL, and Oracle database objects. Understanding of branching models is important. Experience in creating cloud resources using automation tools. Strong hands-on experience with Terraform and Azure Infrastructure as Code (IaC). Hands-on experience in GitOps, Flux CD/Argo CD, Jenkins, Groovy. Building and deploying Java and .NET applications, Liquibase database deployments. Proficient with Azure cloud concepts, creating Azure Container Apps, Kubernetes, Load balancers, Az CLI, Kubectl, Observability, APM, App Performance reivews. Azure AZ-104 or AZ-400 Certification is a plus Offers of employment are conditional upon passage of screening criteria applicable to the job.

PREFERENCE: Early joiners preferred This position is strictly Work from Office. Please read this carefully before applying. Working days will be 5 per week. The job location will be Sec 59, Gurgaon Candidates currently based in Delhi-NCR Prior experience in a startup or fast-paced environment Immediate availability for interviews Strong communication skills and team fit Long-term commitment preferred Job Title: DevOps Engineer Location: Sector 59, Gurgaon/Gurugram Experience: 4 to 7 years Industry: BFSI Employment Type: Full-time Work Mode: On-site Job Description: We are hiring a DevOps/Integration Engineer with strong experience in CI/CD , cloud (AWS/OCI) , and DevSecOps tools . The candidate should be skilled in integrating and troubleshooting across build systems, application monitoring, and secure deployments in hybrid (on-prem + cloud) environments. Key Responsibilities: Set up and manage CI/CD pipelines , quality gates, and vulnerability scanning Configure & troubleshoot SAST/DAST tools Manage build/compile tools - Maven, Gradle, etc. Use tools like Prometheus , Grafana , ELK , or Splunk for monitoring/logging Work on cloud (AWS/OCI) and on-prem infrastructure Troubleshoot network issues and maintain system uptime Experience with Hibernate , clusters , and performance tuning Collaborate with development and security teams for smooth delivery Required Skills: CI/CD tools: Jenkins, GitLab CI, Azure DevOps Cloud platforms: AWS or Oracle Cloud Build tools: Maven, Gradle Security: SAST/DAST, DevSecOps integration Monitoring: ELK, Prometheus, Grafana Networking & troubleshooting Hibernate, clustering exposure Good to Have: Certifications (AWS, OCI, DevOps) Docker/Kubernetes knowledge Awareness of OWASP or ISO compliance

Senior Manager, Corporate Security – Application Security Architect Remote Job Description About Corporate Security Cognizant Corporate Security, a key organization within Cognizant Technology Solutions, is chartered with managing and directing the global enterprise physical and logical security programs. The Corporate Security organization is responsible for the oversight and coordination of security efforts across the company, including information technology, human resources, communications, legal, facilities management and various other groups, and is responsible for identifying security initiatives and standards. Corporate Security drives security compliance and serves as the key organization responsible with helping the business appropriately manage security risks. Position Description Cognizant is searching for an experienced Application Security Architect who can lead application security initiatives for product teams in the Cognizant Healthcare division. This will include day-to-day collaboration with product teams, ensuring that they meet Cognizant Security requirements and architectural standards in addition to regulatory and contractual obligations. This will also include reviewing application designs to ensure security is part of each product from the start. You would ensure solutions are appropriately assessed prior to release, and work with product teams to prioritize remediation of findings from security activities. This is not an assessment/testing role; although testing experience will be beneficial, the role is for design-level review and guidance. To excel in this role, you will need the following: 5+ years of application security and secure coding experience. Expertise in implementing a secure SDLC within an Agile framework for new and existing applications. Expertise in designing and implementing application security controls across complex and diverse environments. Experience reviewing testing/scanning results and communicating the technical implications to development teams. Ability to assess real-world risk and communicate that in technical and business/management contexts. Exceptional verbal and written communication skills, including the development of reports and best practices documents. An attitude of always learning, sharing your knowledge with the team, and collaborating across multiple security teams. Strong attention to detail and self-organization skills. Experience working remotely and with geographically separated teams. Additional preference for candidates who: Have done application development in large-scale environments. Have conducted threat models. Have integrated application security practices into CI/CD pipelines and DevOps environments. Have experience with Java and .NET. Have secured applications in Cloud environments (especially Azure). Understand network and infrastructure security. Have conducted application testing (SAST, DAST, and manual assessments). Obtained relevant GIAC or Offensive Security certifications. About Cognizant Technology Solutions Cognizant is a leading provider of Information Technology, Consulting, IT Infrastructure, and Business Process Outsourcing services. Cognizant’s single-minded mission is to dedicate our business process and technology innovation know-how, deep industry expertise, and worldwide resources to working together with customers to make their businesses stronger. As a customer-centric, relationship-driven partner, we are redefining the way companies experience and benefit from global services. Our unique delivery model is infused with a distinct culture of high customer satisfaction. Cognizant delivers a trusted partnership, cost reductions and business results. Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500. Cognizant is ranked among the top performing and fastest growing companies in the world. Visit us online at http://www.cognizant.com/ or follow us on Twitter: Cognizant. Cognizant is an Equal Opportunity Employer M/F/D/V. Cognizant is committed to ensuring that all current and prospective associates are afforded equal opportunities and treatment and a work environment free of harassment.

Job Purpose (overall high-level summary of the role) Build and lead global relationships for Cybersecurity (sitting within the wider IT organization), representing WPB IT and WPB Cyber interests within the context of transformational and service uplift from central and federated functions. As a senior Cybersecurity SME for WPB, promote the principles of secure development and ensure effective coverage for all Cybersecurity services consumed. The Senior Cyber SME is, among many other things, responsible for the following key activities: Coordinate and manage the relationship between the central Cybersecurity leadership teams, WPB IT leadership and WBP CISO; reporting to WPB IT CISO. Provide specialist technical and process knowledge to influence support and manage the direction of cyber tooling, processes and practices into WPB IT and engineering teams. Lead the Information Security agenda within the central cyber control owners, including driving business/functional stakeholder engagement to ensure delivery of security programmes, tooling, and initiatives. Develop and maintain strong relationships with the cyber control owners and Heads of cybersecurity functions to ensure optimum synergy and collaboration between them WPB IT. Monitor and engage with cyber control owners, heads of cyber practices and central programme managers to shape and represent WPB IT in order to ensure that deliveries align with WPB IT interests and strategic direction. Promote the development and rollout of security tools and processes that aligns with WPB IT engineering strategies and ensure that group security scanning and orchestration tools can be adopted and used within WPB IT s CI/CD pipeline and engineering teams. Work with service line and value stream CIOs and their representatives to ensure that cyber assurance actions, vulnerability remediation and KCI compliance receives the right level of attention and support, and to escalate and highlight blockers if required. Guide the service lines/value streams CIOs and their representatives with respect to compliance with relevant security policies, standards, and governance, including challenging the risk profile, appetite, and control effectiveness, coordinating with embedded WPB Cyber SMEs, Risk Champions, and central Cyber teams required to ensure overall WPB IT operation within appetite. With specific focus ensure that control and risk metrics and related responsibilities for cyber assurance activities, vulnerability, and secure development practices & tooling, third party security reviews are monitored, actioned, and understood by WPB CIOs and their delegates. Ensure that WPB IT and Cyber priorities are communicated to cyber control owners and central cyber functions. Facilitate ongoing cybersecurity awareness within the Service Line to strengthen the responsible culture. Lead Annual Assurance activities (Pen Test & TMA) for WPB and provide oversight responsibility for TPSR Organization structure Reports to the WPB IT CISO Principal Accountabilities: key activities and decision-making areas Typical Targets and Measures Impact on the Business/Function Protect the Bank. Lead Security embedding within WPB IT together with the WPB CISO, owning the relationship with cybersecurity control owners and heads of cyber functions. Uses technical expertise and experience to enable WPB IT and Cybersecurity to develop implementable designs, solutions and operational plans to ensure compliant security is enforced. Leads and drives this change through effective communication, preparation, and implementation. Driving sustainable growth. Drive efficiencies in the SDL through secure from start development, SecDevOps and minimal iterative issue-remediation. Ensure that evolving technologies are embraced with appropriate mitigation controls and contingency planning. Achieving excellence. Promote the understanding of risk in the context of security in order to align WPB security practices with business risk appetite and strategic objectives. Generate an environment in which innovation is supported by security in the working practices. Measures benefits over the short, medium, and long term. Demonstrates a comprehensive WPB IT view when developing solutions. Executes ideas and innovation that are original but remain aligned to business objectives and cybersecurity principles and plans. Customers / Stakeholders Customer focus. Lead a customer-centered culture, championing activities encouraging outstanding customer advocacy. Proactively seek opportunities to utilize strong Cybersecurity principles to improve availability and ensure privacy for customers. Strengthening stakeholder relationships. Enhance key relationships, using rapport-building expertise and appropriate influencing to add value beyond the initial scope, increasing stakeholder advocacy. Maintain key relationships to include technology and business heads across WPB and Cybersecurity along with other GB/GF/R counterparts across the globe. Understanding markets and customers Cultivate strong relationships with organizationally important global and/or high value stakeholders with a tailored approach. Deliver fair outcomes for our customers and ensure own conduct maintains the orderly and transparent operation of financial markets. Promotes the most appropriate security solution even if there are short term additional costs. Demonstrates sensitivity to the realities and concerns of their stakeholders' situation. Analyses and interprets the evolving security threat landscape. Uses innovation to address the needs of customers and stakeholders (building trust). Leadership & Teamwork Drive the development and communication of a clear vision for secure development and maintenance in WPB IT which is aligned to the overall HSBC and Cybersecurity strategy, values and goals in order to inspire and engage people to create an inclusive, high performing, customer-centered culture. Lead, develop and motivate adoption of and compliance with the cybersecurity principles across the lifecycle in the PODs, XFTs, and service Lines / value streams within WPB IT. Lead and encourage constructive teamwork within value streams by demonstrating collaboration and matrix management in action and taking prompt action to address any activities and behaviors that are not consistent with HSBC's diversity policy and/or the best interests of the business and its customers. Monitors complex dependencies and respond accordingly to ensure on-going delivery to local and WPB IT goals. Translates the required course of action into a clear and realistic vision. Develops international solutions that are beneficial for the Service Line across its geographies and its customers. Identifies and builds relationships with key contacts and influencers Effectively translates coaching requirements to WPB IT s overall performance requirements. Operational Effectiveness & Control: Lead the continuing development, implementation and improvement of the security processes, understanding of risk and controls, and capabilities needed to deliver agreed plans and targets. Collaborate with control owners and WPB leadership to maximize end-to-end integration, effectiveness, and efficiency. Establish and maintain a robust and efficient control environment across the lifecycle to ensure good operational, financial and project management and compliance with HSBC policy and procedures, together with early identification and effective resolution or escalation of issues that arise. Lead the implementation and oversight of the Cyber Risk standards and governance frameworks, process and procedures, including adaptation of documentation, to ensure relevance to WPB operations, effective risk management and regulatory compliance. Creates an environment which anticipates risk, ensuring action is taken to quantify and mitigate them. . Coordinate with central cyber teams, 2LOD and control owners to ensure that WPB specific requirements and ways of working are integral to adopted Cyber Policies, Processes, and tooling. Implement IT best practices in risk policies and governance frameworks in areas across WPB IT. Management of Risk (Operational Risk / FIM requirements) The Senior Cyber SME will ensure the fair treatment (service excellence) of our customers is at the heart of everything we do, both personally and as an organisation. The Senior Cyber SME will also continually reassess the Cybersecurity and operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology. This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring. Also by addressing any areas of concern in conjunction with entity management and/or the appropriate department. Observation of Internal Controls (Compliance Policy / FIM requirements) Maintains HSBC internal control standards vis- -vis cybersecurity operations, including coordination and resolution planning of internal and external audit points together with any issues raised by external regulators. The Senior Cyber SME will also manage and coordinate the implementation of new internal control and risk -related metrics relating to cyber and secure development practices (KCIs, KRIs, and GRAS). This will be achieved by service line / value stream adherence to all relevant procedures, keeping appropriate records and, where appropriate, by driving the timely implementation of internal and external audit points, including issues raised by external regulators, and internally identified Cybersecurity risks. Escalation to CIOs and CISO when required for prompt addressing to relevant risk forum, such as WPB IT Cyber Working Groups, RCMMs to mention some examples. Local Job Requirements (This could include; Job Dimensions, Job Context & Major Challenges) Budget & people. This is a cross-functional and Senior Cyber SME role which supports and represents WPB IT interests against central cyber and group IT initiatives. This is achieved though and with the support of a large number of CIO delegates (risk champions), embedded cyber-SMEs, pod leads and ITSOs within WPB IT. It will secure applications leveraging right tools and processes enabled by Cybersecurity. The indirect headcount which will be supported by this role would be more than 150-200 staff. Relationships. Key relationships include ownership of the relationship with Cybersecurity control owners and Heads of Cybersecurity Functions and extends to peers across other Global Businesses, Global Functions and Regions up to MD levels in HSBC, including relationships with auditors, regulators and external security forums. This may also include external relationships with TPEMs and potentially vendors, focusing on security support to the WPB IT. Regulatory & Risk Management. Working closely with WPB IT Value Streams and governance counterparts (such as 2LOD, RR and CCO), build strong relationships with internal and external stakeholders (risk, audit, government agencies, industry forums etc) to understand the IT/Information Security risk profile, monitor compliance with policies and standards, and identify and address WPB IT specific requirements. Strategic input. Providing influence and input to ensure alignment between Cybersecurity and Central Cyber Functions and Leadership to represent and ensure WPB IT strategic outcomes and business goals. Uses technical knowledge and experience to solve complex problems, and propose implementable solutions, to deliver ongoing improvements in line with business strategy. Certifications, Qualifications & Experience (For the Job not the Job holder. Minimum requirements of the Job) Good understanding of WPB businesses and general understanding of the bank s businesses and differentiating factors between retail, wholesale, and investment banking A fair understanding of laws and regulations with an emphasis on regulations, rules and standards with global or boarder regional impact (e.g. GDPR, PCI DSS, DORA, HIPAA, etc.) Formal education with a post-graduate degree in IT, Information Security, Risk Management, Business Management or other relevant areas 10+ years of experience in Information Security Management and Cybersecurity High level of personal drive and motivation to ensure delivery of a broad range of outputs simultaneously across WPB IT and HSBC Technology Extensive Programme Management experience and analytical skills. Proven ability to articulate complex issues concisely and in simple language to support problem analysis. Strong knowledge of the external environment regulatory, political, competitors etc. Outstanding relationship management, collaboration and influencing skills. Strong attention to detail and business writing skills and to be able to challenge and shape submissions. Outstanding communication and interpersonal skills with the ability to produce clear and concise reports and communications to senior internal and external stakeholders. Excellent stakeholder management skills with a proven ability to build and maintain strong relationships and communicate on complex issues with a wide spectrum of stakeholders. Proven abilities in working across cultures. Familiarity with Information Security Control and Risk Frameworks (e.g., NIST, ISO 27001, COBIT, etc.) Strong familiarity with and competence in application security tools in general and with specific focus on security tooling used in secure development (e.g., SAST, DAST, MAST, FOSS), threat modelling and risk management. Certifications, Qualifications & Experience (For the Job not the Job holder. Minimum requirements of the Job) Familiarity with security controls around technologies such as cloud, mobile, social, open-banking, etc. Familiarity with OWASP, Cloud, and SANS guidelines on application-security. Experience in supporting Agile and DevOps methodologies. Experience in lifecycle management across the CI/CD pipeline Excellent understanding of banking and security in context of wider industry trends and direction