116 Threat Modeling Jobs

Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world. The ability to be a team player, Strong communication collaboration Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Application Security, Threat Modelling, Secure Code Review, Penetration Testing, Vulnerability Testing, SAST (Static Application Security Testing), DAST (Dynamic Application security Testing), DevSecOps Implemented Clean Code principles, JUnit’s * Java development, JavaScript, Python, Ruby, C++/C#, Perl etc Must have strong business acumen with ability to work with application development, QA and security teams. A strong understanding of application security frameworks The ability and skill to train other people in procedural and technical topics As a Security Consultant, you will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs Preferred technical and professional experience Must have a solid understanding of application security code reviews and penetration testing & Experience with enterprise java technologiesSpring, JUnit, Hibernate 4+ years' experience in application development and security. Practical understanding and use of commercial application security tools

Experience in working with Bluetooth profiles and ability to do analyze air traces to root cause issues Experience in Automotive Infotainment Domain Experience in Modern C++14/17, OOPs, Design patterns. Knowhow with coding guidelines/standards (e.g. MISRA C/C++, CERT C/C++) Experience in Multi-Threading, IPC, RPCThrift, DBUS, gRPC, Sockets. Experience in Build tools like Make, CMake and Git workflow. Experience in Linux, GDB, Valgrind, System Debugging skills. Experience with Test-Driven Development, Google-Test, Robot Framework, Python. Shell Understanding Infotainment System Architecture, Design Principles. Know how on Agile Frameworks and toolsScrum/Kanban, JIRA, Confluence, TMX, R4J Nice to have Experience with Embedded Linux / Yocto/ QNX Knowledge of ASPICE V-Model Processes. Understanding/Experience in containers, hyper visor, virtualization. Experience in Media player, Bluetooth, IAP, Android auto, Device manager, Remote UI. Experience with DevOps-CI/CD. Experience with AppArmour, Threat Modeling, TrustZone, Ability to understand and address Bluetooth security vulnerabilities reported by various research organizations.

As SIEM Analyst, you will be responsible for handling the daily monitoring of Information security events on the SIEM tools. Come join our team of IBM experts, who are leaders with vision, distinguished engineers and IT architects who have worked with thousands of clients to transform enterprise IT, migrate to cloud, apply automation and ensure business continuity. We help client run their IT better, accelerate innovation and deliver unmatched performance with the power automation. If you thrive in a dynamic, reciprocal workplace, IBM provides an environment to explore new opportunities every single day. And if you relish the freedom to bring creative, thoughtful solutions to the table, there's no limit to what you can accomplish here. * Responsible for security researcher to provide insight and understanding of new and existing information security threats * Responsible to participate in recommending improvements to SOC security process, procedures, policies, security incident management and vulnerability management processes * You will be involved in evaluating, recommending, implementing, and solving problems related to security solutions and evaluating IT security of the new IT Infrastructure systems * Keep yourself up-to-date with emerging security threats including applicable regulatory security requirements * Work in a 24x7 Security Operation Centre (SOC) environment Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise * Minimum 2+ years’ experience in SIEM. * Proven expertise in handling the daily monitoring of Information Security events on the QRadar / ArcSight / Splunk console platform * Proficient in monitoring security events from various SOC channels (SIEM, Tickets, Email and Phone), based on the security event severity to handle the service support teams, tier2 information security specialists * Expertise in threat modelling and Use case development and ability to review policies of security monitoring tools based on security concepts and logical approach. Preferred technical and professional experience * Preferred OEM Certified SOAR specialist + CEH * Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work * Intuitive individual with an ability to manage change and proven time management * Proven interpersonal skills while contributing to team effort by accomplishing related results as needed * Up-to-date technical knowledge by attending educational workshops, reviewing publications

Project Role : Software Development Engineer Project Role Description : Analyze, design, code and test multiple components of application code across one or more clients. Perform maintenance, enhancements and/or development work. Must have skills : SDV Product Security Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Software Development Engineer, you will engage in a dynamic work environment where you will analyze, design, code, and test various components of application code across multiple clients. Your typical day will involve collaborating with team members to perform maintenance and enhancements, ensuring that the software meets the highest standards of quality and functionality. You will also be responsible for developing new features and addressing any issues that arise, contributing to the overall success of the projects you are involved in. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Mentor junior team members to enhance their skills and knowledge.- Continuously evaluate and improve development processes to increase efficiency.Perform penetration testing of SoC Automotive products.Establish the Security goals and requirements.Verification strategies in compliance with ISO 21434Develop test specifications, test cases, and test plans for security vulnerability testing.Scan vulnerabilities with regards to CVSS levels and patch fixing from NIST database.Perform code-level fuzz testing using open source tools.Support documentation of test results and collaborate with the development teamParticipate in automating test process within CI/CD environments.Setup and maintain traceability in compliance with Automotive SPICE requirementsExperience in tools like OpenVAS, Nmap , wireshark, penetration testing for embedded systems. Experience in Automotive domain is a must.Practical experience performing TARA, security concepts and other Cybersecurity Artefacts mentioned in IS021434 Professional & Technical Skills: - Must To Have Skills: Proficiency in SDV Product Security.- Strong understanding of secure software development practices.- Experience with threat modeling and risk assessment.- Familiarity with security testing tools and methodologies.- Knowledge of compliance standards related to software security. Additional Information:- The candidate should have minimum 5 years of experience in SDV Product Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevOps Good to have skills : KubernetesMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. You will also document the implementation of the cloud security controls and transition to cloud security-managed operations. Roles & Responsibilities:- Expected to be an SME- Collaborate and manage the team to perform- Responsible for team decisions- Engage with multiple teams and contribute on key decisions- Expected to provide solutions to problems that apply across multiple teams- Develop and implement security policies and procedures- Conduct security assessments and audits- Stay updated on the latest security trends and technologies Professional & Technical Skills: - Must To Have Skills: Proficiency in DevOps- Good To Have Skills: Experience with Kubernetes- Strong understanding of cloud security principles- Knowledge of security frameworks and standards- Experience in designing and implementing security solutions- Ability to conduct risk assessments and threat modeling Additional Information:- The candidate should have a minimum of 12 years of experience in DevOps- This position is based at our Bengaluru office- A 15 years full time education is required Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Product Security Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 6-8 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts. Roles & Responsibilities:Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments.Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces.Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components.Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols.Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses.Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware.Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware.Perform hardware penetration testing to identify vulnerabilities in electronic systems.Assess the security of medical devices, ensuring compliance with industry regulations and standards.Identify and address security risks associated with healthcare information systems and connected medical instruments.Evaluate and prioritize security risks based on potential impact and likelihood.Provide recommendations and collaborate with cross-functional teams to implement effective security controls.Stay current with emerging security threats, vulnerabilities, and testing methodologies.Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle.Document security testing processes, findings, and remediation recommendations.Generate comprehensive reports for stakeholders, including technical details and actionable insights. Professional & Technical Skills: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders.Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability.Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling.Ability to manage multiple tasks and deadlines.Hands on experience with penetration testing tools and methodologies.Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments.Knowledge of secure coding practices and the ability to review code for security vulnerabilities.Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines.Experience with threat modeling and risk assessment frameworks.Familiarity with secure development practices for embedded systems.Understanding of regulatory requirements for medical device security.Strong understanding of networking protocols, encryption, and authentication mechanisms. Additional Information:Bachelors or masters degree in engineering or computer science, Information Security, or a related field.Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP).-5 or more years experience require in cyber security field including penetration testing, thread modeling, hardware security.-This position is based at our Bengaluru office-A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 7-11 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts. Roles & Responsibilities:Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments.Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces.Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components.Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols.Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses.Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware.Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware.Perform hardware penetration testing to identify vulnerabilities in electronic systems.Assess the security of medical devices, ensuring compliance with industry regulations and standards.Identify and address security risks associated with healthcare information systems and connected medical instruments.Evaluate and prioritize security risks based on potential impact and likelihood.Provide recommendations and collaborate with cross-functional teams to implement effective security controls.Stay current with emerging security threats, vulnerabilities, and testing methodologies.Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle.Document security testing processes, findings, and remediation recommendations.Generate comprehensive reports for stakeholders, including technical details and actionable insights. Professional & Technical Skills: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders.Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability.Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling.Ability to manage multiple tasks and deadlines.Hands on experience with penetration testing tools and methodologies.Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments.Knowledge of secure coding practices and the ability to review code for security vulnerabilities.Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines.Experience with threat modeling and risk assessment frameworks.Familiarity with secure development practices for embedded systems.Understanding of regulatory requirements for medical device security.Strong understanding of networking protocols, encryption, and authentication mechanisms.- Additional Information:Bachelors or masters degree in engineering or computer science, Information Security, or a related field.Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP).- 5 or more years experience require in cyber security field including penetration testing, thread modeling, hardware security.- This position is based at our Bengaluru office- A 15 years full time education is required. Qualification 15 years full time education

About The Role Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information ? Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails ? Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA’s (90-95%), response time and resolution time TAT ? ? Mandatory Skills: Threat Modeling. Experience3-5 Years. Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Project Role : Software Development Lead Project Role Description : Develop and configure software systems either end-to-end or for a specific stage of product lifecycle. Apply knowledge of technologies, applications, methodologies, processes and tools to support a client, project or entity. Must have skills : Automotive ECU Software Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Engineer, you will play a critical role in ensuring the security and safety of the client's software. Roles & Responsibilities:1.Performing threat analyses and conduct risk assessments to identify potential vulnerabilities in automotive systems, software, and communication networks.2.Reviewing code and software designs to ensure compliance with security best practices and industry standards like ISO 21434 and UNECE R155/R156.3.Conducting penetration testing and vulnerability assessments to proactively identify and mitigate weaknesses in automotive embedded systems before they can be exploited.4.Developing and implementing incident response plans to effectively handle cybersecurity breaches or incidents and minimize potential damage. Professional & Technical Skills: 1.In-depth knowledge and practical experience with various vehicle systems, including telematics, CAN bus, remote entry/start, OTA, EV charging are highly desired.2.Familiarity with relevant security standards and regulations, such as ISO/SAE 21434, ISO 27001, NIST Cybersecurity Framework, and UNECE R155.3.Experience with security testing tools and techniques, such as penetration testing, vulnerability assessments, and threat modelling. Additional Information:- The candidate should have a minimum of 5 years of experience in Automotive ECU Software- This position is based at our Hyderabad office- A 15 years full-time education is required Qualification 15 years full time education

As an Application Security Specialist,youll play a vital role in building secure systems from the ground up. Workingclosely with engineering, compliance, and DevOps teams, you will ensure ourapplications meet rigorous security and regulatory standards across globaljurisdictions. Your Impact on the Mission: Integrate security into the Software Development Lifecycle (SDLC) , embedding security controls at every phase. Conduct threat modeling , secure code reviews , and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR , NIS2 , PCI-DSS , and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain , improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience ofcloud-native and third-party platforms. What Youll Bring to The Table About You: 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10 , SAST/DAST , threat modeling , and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite , OWASP ZAP , SonarQube , Checkmarx , or similar. Preferred Certifications Industry-recognized certifications are a plus, including: OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks Compliance Working knowledge of: OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation

You are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following: o Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; o Understand and deep knowledge of application security engineering principles, and helping clients development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; o Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; o Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; o Perform manual and automated security assessment of the applications; o Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; o Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; o Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and o Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization

Primary Skill Roles and responsibilities Work within the Cyber security domain, focusing on the Automated security testing part of our services and improving overall security posture of products and systems for assigned business domain. You will be part of an agile team, constantly improving and automating the security posture of the cloud infrastructure at IKEA. You will partner with and support the IKEA engineering community to build secure infrastructure at scale. You will perform threat modeling and security risk assessments. Understanding of security compliance requirements such as GDPR, NIS2, ISO27000. You will build and operate reliable tooling to increase the visibility of cloud environments and remediate security misconfigurations. You will be a valued member of the team, providing sound perspectives on infrastructure security as well as secure software development. You will be part of the IKEA Cyber Security organization, with a lot of room to grow and develop your skills, knowledge, and experience. Experience utilizing CI/CD practices to Automate security testing tools like SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC scanning or Container scanning tools in GitHub, Azure DevOps etc. Secondary Skill Experience in cloud native environments and preferably Google Cloud Platform or Azure. Experience in working with REST APIs and API security. You have good infrastructure security experience and are passionate about reducing security risks in the cloud. You have experience with threat modeling, security design reviews, and security architecture. Experience with CI/CD pipelines (preferably Github actions), Kubernetes and infrastructure Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders.

Overview Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4000 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Responsibilities Conduct cybersecurity and privacy risk assessments in alignment with internal frameworks and regulatory requirements. Engage with risk owners and business stakeholders to manage and mitigate identified risks. Develop and present risk reports to senior leaders and governance forums. Advise on cybersecurity architecture and leading practices to strengthen the enterprise risk posture. Assist global agency teams and networks with compliance to cybersecurity regulations and requirements. Monitor the global threat landscape and identify emerging risks; implement proactive control measures. Contribute to the maintenance and effectiveness of the Information Security Management System (ISMS). Participate in risk governance, compliance programs, and strategic risk reduction initiatives. Qualifications 3–5 years of experience in information risk management, cybersecurity, or GRC domains. Proficiency in risk assessment methodologies, threat modelling, and risk mitigation practices. Strong knowledge of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, CIS, GDPR). Experience preparing risk reports and dashboards for leadership audiences. Excellent collaboration and stakeholder engagement skills across global teams. Analytical mindset with the ability to evaluate and prioritize risks effectively. Preferred Qualifications Industry certifications such as CRISC, CISM, CISSP, ISO 27001 Lead Implementer, or similar. Exposure to cloud security risk and compliance monitoring tools. Experience working within enterprise ISMS or regulatory compliance programs .

Key Responsibilities: • Design and review secure systems and application architectures. • Lead threat modeling, risk assessment, and attack surface analysis. • Advise project teams on security best practices throughout SDLC. • Use SD Elements to capture risks, track remediation, and ensure traceability. • Contribute to architecture boards and governance processes. • Validate secure design for cloud, hybrid, and on-premises environments. Required Skills & Experience: • 7- 9 years in Information Security or related architecture roles. • Experience in VAPT (execution & remediation). • Strong knowledge of application security, secure SDLC. • Hands-on with SD Elements (mandatory). • Expertise in TOGAF, SABSA, or NIST architecture frameworks. • Cloud Security (preferably Azure), DevSecOps knowledge. Certifications (Mandatory/Preferred): • Mandatory: CISSP • Preferred: AZ-500, CCSP Tools/Frameworks Knowledge: • SD Elements, ThreatModeler, Microsoft Defender • TOGAF, SABSA, NIST CSF, OWASP Top 10, MITRE ATT&CK Email ID: akila.s@acesoftlabs.com

Preferred Candidate Profile:- Bachelors degree in Computer Science, Information Security, or related field. 3-6 years of experience in DevOps or Security Engineering roles. Relevant certifications such as CISSP, CEH, Security+ (preferred). Hands-on experience with cloud security across AWS, Azure, or GCP . Proficiency in scripting languages such as Python, Java, or Bash . Strong understanding of DevSecOps practices , threat modeling, and risk assessment. Excellent problem-solving skills and the ability to work in a fast-paced, collaborative environment.

Conduct threat modeling, enforce Secure SDLC, embed security in CI/CD pipelines, and collaborate with teams to identify risks and drive remediation early in the development lifecycle. Required Candidate profile Candidate should have a Bachelor's in CS or related field with strong knowledge of AppSec, DevSecOps, and secure coding practices.

We are seeking an experienced Product Security professional with a background in Manufacturing or Electronics Manufacturing industries (candidates from IT industry will not be considered). The role involves ensuring the safety and security of personnel, property, and assets within our manufacturing facilities by enforcing stringent security protocols and managing security personnel effectively. Key Responsibilities: Manage checkpoint operations and building access control to maintain a secure facility environment. Enforce security protocols and standard operating procedures across the manufacturing premises. Coordinate security for public safety involving customers, VIPs, government officials, and vendors. Conduct shift-wise inspection of emergency exit doors and checkpoint doors for compliance and safety. Perform regular perimeter and internal patrolling to prevent security breaches. Lead investigations related to security violations, unauthorized entry, theft, process violations, and suspicious materials found on-site. Maintain guard profiles and ensure accurate documentation. Oversee guard recruitment, retention strategies, training, and deployment plans to maintain an effective security workforce. Liaise with guard vendors for service quality and contract management. Address guard welfare concerns and resolve grievances. Design and implement guard incentive programs to motivate the security team. Conduct regular guard assessments to ensure performance standards and compliance. Required Profile: 6 to 13 years of relevant experience in security management within Manufacturing or Electronics Manufacturing industries. Strong understanding of physical security, access control, and emergency protocols specific to manufacturing environments. Proven experience in managing security personnel and vendor relationships. Ability to conduct investigations and enforce compliance effectively. Excellent communication and stakeholder management skills. Strong organizational and documentation skills. Proactive and detail-oriented approach to security challenges.

Following are the details: ANZEN Technologies Private Limited stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. Job Summary: We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies. Key Responsibilities: Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Execute full-scope Red Team engagements, including phishing, social engineering, and network penetration. Simulate advanced hacking techniques and replicate adversary tactics to uncover security weaknesses. Develop, extend, or modify exploits, shellcode, or tools to simulate sophisticated attacks. Perform reverse engineering of malware (advantageous but not mandatory). Write clear and actionable reports outlining vulnerabilities, exploitation techniques, and remediation strategies. Stay updated on the latest cyber threats, attack methods, and emerging technologies. Qualification: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Skills : Excellent communication and collaboration skills. Red Teaming, VAPT, Application Security (Web/Mobile/API), Red Teaming and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as Burp Suite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modelling and secure coding practices. Strong understanding of TTPs, threat modelling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques. Preferred Certificates : OSCP, CRTP, eWPTX, Security+, CREST, CRTO Job Location : Mumbai/Navi Mumbai Job Mode : Work from Office Need an immediate Joiner who may join by 15th June, 2025

We are seeking an experienced, strategic, and hands-on Manager - Product Security to lead a growing team of penetration testers supporting BMCs IZOT product line. This team focuses on offensive security assessments across mainframe-based solutions and modern application ecosystems. Leadership & Management Lead and mentor a team of penetration testers with diverse skill sets (mainframe, distributed, web, and cloud security). Define and execute the teams roadmap, goals, and priorities in alignment with product and organizational objectives. Foster a culture of innovation, continuous learning, and technical excellence in security testing. Manage staffing, performance, and career development of team members. REQUIRED SKILLS: Bachelor's or master's degree in computer science, Information Security, or related field. 8+ years in cybersecurity roles, with 3+ years in technical leadership or management capacity. Proven experience leading or performing penetration testing on both mainframe and modern platforms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe and modern systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF, JCL Security tools: Nmap, Burp Suite, Wireshark, custom scripts Proficient in scripting and automation skills (Python, REXX, Bash, or similar). Experience delivering technical and executive-level security reports. Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services.

Job Title: Senior Security Engineer Medical Device Cybersecurity & Compliance Experience Level: 5 to 10 years Location- Ahmedabad/Pune Key Responsibilities: Drive end-to-end cybersecurity integration across the medical device product development life cycle, ensuring security is embedded from concept to release. Develop and maintain cybersecurity for medical products, including security requirements specifications, risk assessments, threat models, and product security architecture documentation. Conduct thorough gap assessments to evaluate compliance with IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97 standards, and implement remediation measures. Perform hands-on vulnerability assessments, penetration testing, and secure code reviews of embedded devices, IoMT (Internet of Medical Things) components, and connected systems. Collaborate closely with development, compliance, and regulatory teams to ensure product security measures meet both internal security policies and external regulatory expectations. Support SBOM management, software supply chain risk evaluations, and third-party component analysis to maintain software transparency and mitigate risks. Provide expert input on secure communication protocols, encryption standards, data protection for both at-rest and in-transit data, and cloud-based connectivity of medical systems. Assist in developing incident response strategies and bring working knowledge of HIPAA, GDPR, and HL7 to address data privacy and healthcare-specific regulatory concerns. Contribute to the continuous enhancement of internal secure development processes, tools, and methodologies, while championing security best practices within product teams. We are inviting applications from candidates who can join 15 to 30 days notice. Interested candidates please email your latest updated resume to: ravindra.m@creenosolutions.com For more details please free to reach out to RAVINDRA @ 6305363701

Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will understand how to deliver value to clients and apply methods or certifications appropriately. Attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Key responsibility:- Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:- Perform audits/reviews to assess risks in Application development and maintenance service environment- Manage risk in Application development and maintenance service to an acceptable level - Increase the level of awareness of and compliance with policy and process related matters - Support successful completion of various external compliance certification programs and internal compliance assessments- Introduce continual improvement including lessons learned from matters requiring intervention- This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.Must-Have Skills/ Qualifications:- Minimum of 1-year experience in Auditing principles and practices (sample qualifications*:CISA, ISO 27001 Lead Auditor)- Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry(sample qualifications*:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), - Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development- Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption - Minimum of 1-year experience in Operational compliance requirements)- Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)- Risk management or assessment (sample qualification*:CRISC)- Knowledge of cloud environment and services (sample qualification*:Microsoft Azure/AWS/Google Certifications)- Team and stakeholder managementNice-to-Have Skills/ Qualifications:- Data privacy and protection (sample qualifications*:CIPM, CIPT, CIPP)- CISSP*, CISM*, CISA*, CCSK*, CCSP*- SOC1 and SOC2 (SSAE16 / ISAE3402) awareness- Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %)1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Cyber Threat Intelligence Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. You will engage in discussions to refine security strategies and provide insights that enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of cloud security measures to identify potential vulnerabilities and recommend improvements.- Collaborate with cross-functional teams to ensure alignment of security practices with business objectives. Professional & Technical Skills: - Must To Have Skills: Proficiency in Cyber Threat Intelligence.- Strong understanding of cloud security principles and frameworks.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security compliance standards such as ISO 27001, NIST, and GDPR.- Ability to analyze and respond to security incidents effectively. Additional Information:- The candidate should have minimum 3 years of experience in Cyber Threat Intelligence.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Threat Hunting Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture in the cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Evaluate emerging security technologies and recommend improvements to existing security frameworks. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Threat Hunting.- Good To Have Skills: Experience with cloud security tools and frameworks.- Strong understanding of risk assessment methodologies and threat modeling.- Familiarity with compliance standards such as ISO 27001, NIST, and GDPR.- Experience in incident response and security operations. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Threat Hunting.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Skill Description Experience in working with Bluetooth profiles and ability to do analyze air traces to root cause issues Experience in Automotive Infotainment Domain Experience in Modern C++14/17, OOPs, Design patterns . Knowhow with coding guidelines/standards (e.g. MISRA C/C++, CERT C/C++) Experience in Multi-Threading, IPC, RPCThrift, DBUS, gRPC , Sockets. Experience in Build tools like Make, CMake and Git workflow. Experience in Linux, GDB, Valgrind, System Debugging skills. Experience with Test-Driven Development, Google-Test, Robot Framework, Python. Shell Understanding Infotainment System Architecture, Design Principles. Know how on Agile Frameworks and toolsScrum/Kanban, JIRA, Confluence, TMX, R4J Nice to have Experience with Embedded Linux / Yocto/ QNX Knowledge of ASPICE V-Model Processes. Understanding/Experience in containers, hyper visor, virtualization. Experience in Media player, Bluetooth, IAP, Android auto, Device manager , Remote UI. Experience with DevOps-CI/CD. Experience with AppArmour, Threat Modeling, TrustZone, Ability to understand and address Bluetooth security vulnerabilities reported by various research organizations. Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Skills (competencies) Verbal Communication