199 Threat Modeling Jobs

As a Security Testing professional with 3-10 years of experience in SAST, DAST, API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, you will be an integral part of the Infosys delivery team. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities, aiming to meet and exceed client expectations in the technology domain. Your role will involve gathering requirements and specifications to deeply understand client needs, subsequently translating them into system requirements. You will also play a crucial part in estimating work requirements accurately to provide project estimations to Technology Leads and Project Managers. Your contribution will be significant in the development of efficient programs and systems. If you believe you possess the necessary skills and expertise to assist our clients in navigating their digital transformation journey, then this opportunity is tailored for you! This job opening is available at multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

Cowbell is signaling a new era in cyber insurance by harnessing technology and data to provide small and medium-sized enterprises (SMEs) with advanced warning of cyber risk exposures bundled with cyber insurance coverage adaptable to the threats of today and tomorrow. Championing adaptive insurance, Cowbell follows policyholders" cyber risk exposures as they evolve through continuous risk assessment and continuous underwriting. In its unique AI-based approach to risk selection and pricing, Cowbell's underwriting platform, powered by Cowbell Factors, compresses the insurance process from submission to issue to less than 5 minutes. Founded in 2019 and based in the San Francisco Bay Area, Cowbell has rapidly grown, now operating across the U.S., Canada, U.K., and India. This growth was recently bolstered by a successful Series C fundraising round of $60 million from Zurich Insurance. This investment not only underscores the confidence in Cowbell's mission but also accelerates our capacity to revolutionize cyber insurance on a global scale. With the backing of over 25 prominent reinsurance partners, Cowbell is poised to redefine how SMEs navigate the evolving landscape of cyber threats. In support of business objectives, we are actively looking for an ambitious person, who is not afraid of hard-work and embraces ambiguity as it comes to join our Information Security Team as a Sr. Developer, Application Security. The InfoSec team drives security, privacy, and compliance improvements to reduce risk by building out key security programs. We enable our colleagues to keep the company secure and support our customers" security journey with tried and true best practices. We are a Java, Python, and React shop combined with world-class cloud infrastructure such as AWS & Snowflake. Balancing proper security while enabling execution speed for our colleagues is our ultimate goal. It's challenging and rewarding! If you are up for the challenge, come join us. You will be instrumental in curing security defects in code, burning down any new and existing vulnerabilities. You can fix the code yourself and continuous patching is your north star. You will be the champion for safeguards and standards that will keep our code secure and reduce the introduction of new vulnerabilities. Partner and collaborate with internal stakeholders in assisting with the overall security posture with an emphasis on the Engineering and Operations/IT areas. Work across engineering, product and business systems teams to enhance and evangelize security in applications (& infrastructure). Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. Develop and maintain application scanning solutions to inform stakeholders of security weaknesses & vulnerabilities. Review outstanding vulnerabilities with product teams and assist in remediation efforts to reduce risk. Bachelor's degree in computer science or another STEM discipline and 8 to 10+ years of professional experience in security software development. Majority of prior experience as a Security Engineer focused on remediation of security vulnerabilities and defects in Java and Python. Must have prior in-depth demonstrable experience developing in JAVA and Python; Basically you are developer first and a security engineer second. Applicants that do not have this experience will not be considered. Experience developing in, and securing, Javascript and React a plus. Experience securing integrations and code that utilizes Elasticsearch, Snowflake, Databricks, RDS a big plus. Detail-oriented with problem-solving, communication, and analytical skills. Expert understanding of CVE and CVSS scoring and how to utilize this data for validation, prioritization, and remediation. Excellent understanding and utilization of OWASP. Demonstrated ability to secure API; Techniques, patterns, will be assessed. Experience designing and implementing application security solutions for web and or mobile applications. Experience developing and reporting vulnerability metrics as well as articulating how to reproduce and resolve those security defects. Experienced in application penetration testing; and understanding of remediation techniques for common misconfigurations and vulnerabilities. Demonstrable experience in understanding patching and library upgrade paths including interdependencies. Familiarity with CI/CD tools. Previous admin experience in CI/CD is not required but a big plus. Capability to deploy, provide maintenance for, and operationalize scanning solutions. Hands-on ability to conduct scans across application repositories and infrastructure. Must be willing to work extended hours and weekends as needed. Great at and enjoys documenting solutions; creating repeatable instruction for others, operational documentation, developing technical diagrams, and similar artifacts. Preferred Qualifications: You can demonstrate and document threat modeling scenarios using well-known frameworks such as STRIDE. Proficient with penetration testing tools such Burp suite, Metasploit or ZAP. You are already proficient with SAST & SCA tools; proficiency with DAST and/or OAST tool usage and techniques would be even better. As a mentor you also have the experience and desire in providing fellow engineering teams with technical guidance on the impact and priority of security issues and driving remediation. Capability to develop operational process from scratch or improve current processes and procedures through well-thought-out hand-offs, integrations, and automation. Familiarity with multiple security domains such as application security, infrastructure security, network security, incident response, and regulatory compliance and certifications. Understanding of modern endpoint security technologies/concepts. Adept at working with distributed team members. What Cowbell brings to the table: Employee equity plan for all and wealth enablement plan for select customer-facing roles. Comprehensive wellness program, meditation app subscriptions, lunch and learn, book club, happy hours, and much more. Professional development and the opportunity to learn the ins and outs of cyber insurance, cybersecurity as well as continuing to build your professional skills in a team environment. Equal Employment Opportunity: Cowbell is a leading innovator in cyber insurance, dedicated to empowering businesses to always deliver their intended outcomes as the cyber threat landscape evolves. Guided by our core values of TRUE Transparency, Resiliency, Urgency, and Empowerment, we are on a mission to be the gold standard for businesses to understand, manage, and transfer cyber risk. At Cowbell, we foster a collaborative and dynamic work environment where every employee is empowered to contribute and grow. We pride ourselves on our commitment to transparency and resilience, ensuring that we not only meet but exceed industry standards. We are proud to be an equal opportunity employer, promoting a diverse and inclusive workplace where all voices are heard and valued. Our employees enjoy competitive compensation, comprehensive benefits, and continuous opportunities for professional development.,

The opportunity available as a Senior Software Security Engineer within FICO's advanced analytics and decision platform is a highly rewarding role where you will play a key part in shaping the cutting-edge security features for the future of the FICO platform. Your responsibilities will involve addressing intricate security challenges in automated, complex, cloud, and microservices-driven environments. This will include designing security solutions, integrating security features, and ensuring the continuous delivery of security functionalities for both the FICO platform and the AI/ML capabilities utilized on the platform. Your contributions to the team will include securing the design of the next-generation FICO Platform, providing comprehensive security architecture from cloud infrastructure to application features, collaborating with various stakeholders for implementing security controls, overseeing security aspects of the Analytical Model Life Cycle, defining necessary controls for product protection, building declarative threat models, and ensuring compliance with security standards. To excel in this role, you should possess over 10 years of experience in architecture, security reviews, and requirement definition for complex product environments. Additionally, familiarity with industry regulations and frameworks such as PCI, ISO 27001, NIST, etc., is essential. Hands-on experience with programming languages like Java, Python, deploying and securing cloud environments (preferably AWS), container technologies, threat modeling, security testing, and CI/CD pipelines will be advantageous. Your ability to communicate complex architectural challenges effectively with business and product management teams is crucial, along with the capability to independently drive transformative security projects. In return, FICO offers an inclusive culture that embodies core values, opportunities for professional development, competitive compensation, benefits, and rewards programs, and a people-first work environment that promotes work-life balance, employee engagement, and social activities to foster teamwork and collaboration.,

You will be responsible for defining and communicating a shared architectural vision for a complex product built on the Salesforce platform, focusing on Service Cloud, Manufacturing Cloud, and Field Services Lightning. Your role involves collaborating with Agile teams to evaluate solutions, validate technology assumptions, and drive platform direction aligned with business needs. Additionally, you will work closely with Enterprise and Solution Architects to deliver solutions that adhere to broader architecture guardrails. Your key responsibilities include setting the strategic direction and roadmap for Service Capabilities, leading the planning and high-level design of complex product solutions, enabling a continuous delivery pipeline, defining system interfaces and data structures, and establishing critical nonfunctional requirements. You will also participate in solution planning, develop architectural runways, provide technical oversight, and negotiate with the business to prioritize nonfunctional work effectively. To qualify for this role, you must hold a Bachelor's degree from an accredited institution and have over 12 years of experience in the software industry, with a strong track record of shipping high-quality products. You should possess at least 8 years of experience with the Salesforce Platform, particularly focusing on Service Cloud, and experience with Manufacturing Cloud and Field Service Lightning is advantageous. Additionally, you should have extensive knowledge of best practices in software engineering. As for skills, you should have an expert level understanding of Salesforce, Lightning Web Components, Apex, and associated development platforms, along with experience in developing enterprise-grade applications and distributed systems. Proficiency in software design principles, DevSecOps, CI/CD principles, modern software development practices, cybersecurity concepts, Agile methodologies, and cloud services is essential. Moreover, experience with multiple cloud service providers, such as Azure, AWS, and GCP, is beneficial, as well as advanced verbal and written communication skills, good judgment, and the ability to work collaboratively with diverse teams. In summary, this role requires a seasoned professional with a solid technical background, extensive experience in Salesforce and software engineering, strong communication skills, and the ability to drive architectural decisions in alignment with business objectives.,

As a Security Testing professional with 3-10 years of experience in SAST/DAST/API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, your role as a part of the Infosys delivery team will encompass various responsibilities. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities to meet and exceed client expectations in the technology domain. This will involve gathering requirements and specifications to deeply understand client needs and translating them into system requirements. Additionally, you will be pivotal in estimating work requirements accurately to provide vital input on project estimations to Technology Leads and Project Managers. Your contribution will be essential in the creation of efficient programs and systems that align with client requirements and industry best practices. If you are passionate about aiding clients in their digital transformation journey and possess the required expertise, then this opportunity is tailored for you! This job opening is available in multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

We are looking for a certified ethical hacker to assist in enhancing the security of our network against potential threats. Your main responsibility will involve evaluating our company's network, servers, and overall infrastructure to discover any vulnerabilities that may exist. As a certified ethical hacker, you must possess the knowledge and expertise in utilizing various network and security tools, along with a high-level comprehension of computer and network security principles. This includes a deep understanding of encryption and cryptography. Responsibilities Your duties as a certified professional ethical hacker will encompass the following: - Conducting ethical hacking and penetration testing - Performing vulnerability assessments - Analyzing malware - Collaborating with other penetration testers and information security analysts - Ensuring web application security - Executing social engineering tactics - Enhancing database security - Implementing reverse engineering techniques - Safeguarding network security - Conducting threat modeling and risk assessment Job Qualifications and Skill Sets The qualifications necessary for a certified ethical hacker are as follows: - A Bachelor's degree in computer science, information technology security, or a related field - Security certifications such as Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH) - Demonstrated proficiency in penetration tests, vulnerability assessment, and security monitoring - Knowledge of the OSI model, TCP/IP, HTTP, SSL, and wireless networking - Experience with common network infrastructure and security tools - Familiarity with web applications, including HTTP and SQL injection attacks - Understanding of security testing methodologies as per the EC-Council standards - Ability to thrive in a fast-paced work environment,

As a Staff Security Engineer at Loco, you will play a crucial role in developing the company's security strategy, enhancing threat visibility, and proactively hunting for adversaries. Your primary responsibilities will include analyzing security signals, devising innovative techniques to detect and mitigate threats, and collaborating with security researchers to validate and implement findings into real-world detection rules and playbooks. You will be tasked with building and optimizing security tools to detect and prevent malicious activities, analyzing threat feeds, IOCs, and TTPs to stay ahead of emerging threats, and integrating intelligence into security operations. Additionally, you will be expected to automate threat detection workflows using Python, Golang, or cloud-based automation tools and participate in industry working groups and standards initiatives such as the Cloud Security Alliance. To qualify for this role, you should have 10-12 years of experience in security engineering, with a focus on application and infrastructure security in AWS, Azure, or GCP environments. You should also possess 3-5 years of experience in protocol-level debugging using tools like Wireshark, tcpdump, nmap, netcat, mitmproxy, and censorship-resistant tunnels like Shadowsocks, WireGuard, and V2Ray. A deep understanding of Threat Modeling, Certificate Management, and Deep Packet Inspection techniques is essential, along with a strong grasp of TLS, DNS, Network protocols, and Proxy protocols like SOCKS5 and TLS Tunneling. Proficiency in Python 3.7 or above is a must. Candidates with relevant certifications such as GWAPT, OffSec's Advanced Web Attacks and Exploitation (WEB-300), a strong understanding of SSO protocols like OIDC, OAuth 2.0, and SAML, and active participation in security meetups, conferences, and bug bounty programs will be given bonus points. Join Loco and contribute your expertise to the dynamic field of security engineering under the guidance of Abin Chandra.,

As a Security Specialist, your primary responsibility will be to design, install, and manage security mechanisms to safeguard networks and information systems from potential threats such as hackers, breaches, viruses, and spyware. You will play a crucial role in detecting, eradicating, and preventing security threats within the NT environment. In this role, you will be required to review malware and security events, conduct in-depth analysis, and determine the necessity for additional incident response actions by relevant parties. When security breaches occur, you will be responsible for responding to incidents, investigating violations, and proposing enhancements to address potential security vulnerabilities. Your expertise in this field, gained through formal education or equivalent experience, will enable you to provide guidance and serve as a project manager or consultant. Additionally, you will utilize your knowledge of cybersecurity and project management to achieve organizational goals and enhance overall security measures. In this role, you will work within established guidelines and policies, contributing to the quality of your work and that of your team. Your expanded conceptual knowledge in cybersecurity will allow you to understand key business drivers and effectively communicate complex information to others in a clear and concise manner. Your ability to analyze problems, propose solutions based on technical expertise and judgment, and adhere to established protocols will be essential in ensuring the security of networks and information systems.,

The purpose at Avient Corporation is to be an innovator of materials solutions that help customers succeed, while enabling a sustainable world. Innovation is powered by the passion, creativity, and diverse expertise of 9,000 professionals worldwide. Whether you are a finance wizard, a tech enthusiast, an operational powerhouse, an HR changemaker, or a trailblazer in materials development, you will find your place at Avient. Join the global team and help shape the future with sustainable solutions that transform possibilities into realities. Your unique perspective could be the key to the next breakthrough! The Information Security Architecture and Engineering Senior Manager is responsible for defining and driving the overall design, implementation, and operation of security technologies at Avient. This position requires experience leading local and offshore resources, ensuring compliance with relevant regulations, and driving effective solutions that minimize risk. Design and lead the implementation of the security architecture roadmap, achieving business performance targets and cyber maturity protection goals. Ensure security capabilities are properly implemented and tuned to address known and emerging threats. Collaborate across IT and the business to ensure that technology roadmaps and implemented solutions meet risk requirements. Establish and maintain architecture and engineering standards for the organization. Consult on Operational Technology (OT) security requirements, recommend, design, and deliver capabilities to protect these environments. Stay informed of industry trends and relevant threat activity to adapt Avient's capabilities as needed. Perform other leadership duties as assigned. Education and Experience Qualifications: - Bachelor's degree in computer science, information technology, or related experience. Cloud and platform certifications preferred. - 10+ years of experience leading Information Technology teams, with substantial direct experience leading distributed engineering teams. - Strong track record of integrating modern architectures with traditional environments to achieve an effective security posture. - Strong application security knowledge of OWASP TOP 10 and other vulnerability frameworks. - Experience with threat modeling methodologies at an application and enterprise level. - Strong knowledge of NIST Cybersecurity Framework, and related security standards and best practices. Additional Qualifications: - Knowledge of modern authentication and identity infrastructures and cross-platform interoperability is a strong plus. - Cyber Incident Response experience. - Project Management and Quality Management methodologies. At Avient, all global employees are considered leaders, and the six most important behaviors for driving strategy and culture are consistent across all roles. By playing to win, acting customer-centric, driving innovation and profitable growth, collaborating seamlessly across Avient, and motivating and inspiring others and yourself, you will accelerate your ability to achieve Avient's strategic goals, meet customer needs, and accomplish your career goals. Avient stresses equality of opportunity for all qualified individuals in accordance with applicable laws. Decisions on hiring, promotion, development, compensation, or advancement are based solely on a person's qualifications, abilities, experience, and performance.,

The company strongly believes in conducting business based on core values such as Inclusion, Innovation, Collaboration, and Wellness. These values guide the daily operations and ensure a cohesive global team approach with customers at the forefront. Prioritizing self-care, mutual support, and community engagement is central to our work ethos. As a Security Architect specializing in AI systems, data, and machine learning models, your responsibilities will include developing security architectures to safeguard data, ensure model integrity, and comply with regulations. You will conduct thorough research and threat modeling to identify vulnerabilities and risks associated with machine learning models and data. Establishing and upholding security standards, procedures, and guidelines pertaining to AI usage will be a key aspect of your role. Conducting security risk assessments for AI projects, pinpointing vulnerabilities in algorithms, data pipelines, and infrastructure, will be essential. You will evaluate data workflows for AI initiatives, focusing on aspects like data encryption, anonymization, and secure storage. Collaborating closely with AI/ML engineers, data scientists, and cybersecurity teams to embed security controls across the AI development lifecycle is crucial. Assessing third-party AI tools and vendors for security risks and compliance requirements is also part of your responsibilities. Implementing secure coding practices for AI models and conducting reviews to identify potential security risks like adversarial attacks or data poisoning will be vital. Staying abreast of the latest AI and cybersecurity trends to ensure ongoing protection against emerging threats is expected. Moreover, you will lead the development of novel algorithms and techniques to secure AI models, guaranteeing the integrity, confidentiality, and availability of AI systems. Your role will be instrumental in enhancing the security posture of AI initiatives within the organization. For further insights into our culture and community, please visit https://about.pypl.com/who-we-are/default.aspx. We are committed to fostering diversity and inclusion in our workforce. To explore opportunities that match your skills, we invite you to join our Talent Community. We acknowledge the challenges posed by the confidence gap and imposter syndrome and encourage all qualified candidates to apply without hesitation. REQ ID: R0122578,

The Senior Cyber Security Engineer role at our organization is crucial for safeguarding digital assets through the design, implementation, and maintenance of IT security infrastructures. Your responsibilities include preventing, detecting, and managing cyber threats by utilizing your knowledge of network and software security vulnerabilities, incident response skills, and risk management expertise. Collaboration with various teams is essential to develop and enforce security policies, conduct audits, and ensure compliance with regulatory standards. You will be accountable for Security Configuration, Monitoring, and Management (SCMM), where tasks involve configuring and maintaining security tools such as SIEM, Email security gateway, and advanced threat detection systems. Leading the monitoring of security events, directing incident response efforts, and proactively searching for threats within the environment are key responsibilities. You will also be required to aggregate logs, develop correlation rules, customize alerts, review security policies, and recommend security controls. Governance tasks include contributing to the creation, review, and updating of IT security policies, ensuring compliance with industry best practices and regulatory requirements. Overseeing security measures, promoting security awareness, conducting security audits, and reporting findings are part of your role. You will also be involved in developing documentation, conducting analyses, and preparing reports for executive leadership. Problem Resolution and Troubleshooting responsibilities include providing guidance to junior team members, conducting root cause analyses, collaborating with IT teams, and seeking continuous improvement through automation and process refinement. Training and Development tasks involve meeting certification requirements, expanding knowledge in security administration, and participating in technical events to increase professional knowledge and awareness. Your communication span will include internal teams and customers at FutureX. The required qualifications and certifications for this role include CompTIA Security+, CCNA Security, Certified Ethical Hacker, and CISSP. A minimum of 6-8 years of cybersecurity experience is necessary, along with skills in analyzing complex information, effective communication, leadership, time management, and prioritization. Technical competencies in SIEM, forensic analysis, network security, endpoint security, threat modeling, compliance, and risk management are essential. Certifications from vendors of widely used security tools, possible travel, project work at customer offices, and out-of-hours work may also be required for this position.,

As a Cybersecurity Analyst II - GRC at AGCO, you will play a crucial role in addressing some of the world's most pressing challenges related to cybersecurity. Your primary responsibilities will involve developing and maintaining relationships with various teams within the enterprise to influence and achieve cybersecurity objectives related to governance, risk, and compliance. By leveraging best practices, you will lead risk activities across product, enterprise, and manufacturing teams, ensuring compliance with policies and standards while staying informed about the latest regulatory trends. Your expertise will be pivotal in serving as a subject-matter expert in governance, risk, and compliance, guiding teams through threat modeling exercises and risk analysis using industry-leading practices. Key Responsibilities: - Maintain an active crosswalk mapping between all policies and standards and cybersecurity frameworks like NIST CSF and ISO 21434. - Define threat modeling strategies and lead teams in executing them across different sectors within the enterprise. - Act as an independent voice for the GRC team, contributing to innovative risk analysis efforts across projects. - Conduct regular risk register reviews, follow up on identified risks, and escalate high-risk areas appropriately. - Assist in defining the annual program calendar for all GRC activities, including compliance audits and risk reviews. - Develop standards and control checks to ensure compliance with policies and standards across teams and projects. Qualifications: - Bachelor's degree with at least 7 years of industry experience in information technology or GRC roles, with a minimum of 5 years of relevant experience. - Experience in developing or maintaining cybersecurity policies, risk management frameworks, and working in enterprise, cloud computing, product security, or manufacturing security. - Familiarity with cybersecurity frameworks such as NIST, ISO standards, and various risk methodologies. - Ability to evaluate cybersecurity risk and business value across different scenarios, with a willingness to learn new technologies quickly. - Comfortable working in a fast-paced, global organization with dispersed teams. Preferred Qualifications: - Experience in Agile, Scrum, or SAFe environments. - Relevant cybersecurity or risk management certifications like CRISC, CISSP, GTSRT. - Proficiency in working with GRC tools, managing policy documentation, and assessing cybersecurity risk. - Familiarity with the agriculture or manufacturing industry. At AGCO, we value diversity, inclusion, and innovation, and we are committed to providing a positive workplace culture where every individual can thrive. Join us in shaping the future of agriculture and contribute to making a positive impact on the world. Apply now and be part of our dynamic team! Please note that this job description may not encompass all duties, responsibilities, or benefits associated with the role and is subject to change as needed. AGCO is an Equal Opportunity Employer.,

You will be responsible for developing reliable server-side logic for serverless applications using public cloud services such as Google Cloud and AWS. With more than 3 years of experience, you should have a strong proficiency in Node.js, JavaScript, and understanding of asynchronous programming. Your role will involve developing distributed systems that are scalable, reliable, and efficient. Your expertise in serverless architectures, including AWS Lambda, DynamoDB, Firebase Real Time Database, Google Cloud SQL, and Cloud Tasks, will be essential. Experience with NoSQL and SQL databases, creating database schemas, and integrating multiple data sources will be required. Additionally, you will be involved in deploying, maintaining, debugging live systems, and end-to-end testing. You should have experience in creating micro-services architectures, REST APIs, data processing pipelines, and be familiar with various application architectures. Knowledge of code design practices, exploring new frameworks, and adhering to project management methodologies like Agile is expected. Extra points for Google, AWS certifications, and familiarity with object storage, in-memory caches, and security practices. Your responsibilities will include developing server-side logic for real-time multiplayer gaming backends, designing low-latency, high-availability systems, and maintaining databases for optimal performance. You will have ownership of designing, developing, debugging, and scaling backend services to ensure an exceptional user experience. Skills required include Java, NoSQL databases, and API integration.,

As an Application Security professional, you will play a crucial role in safeguarding the solutions by analyzing their design and identifying potential security threats. Your expertise in threat modeling methodologies such as STRIDE and DREAD will enable you to recommend appropriate mitigations for the identified threats. Furthermore, you will be responsible for providing Secure Software Development Lifecycle (SDL) Training, where you will communicate security concepts effectively to developers and deliver engaging training sessions. Your proficiency in manual code review techniques and familiarity with automated code analysis tools like SAST and SCA will be essential in identifying vulnerabilities and interpreting code review results. In addition, your hands-on experience with security testing tools like Burp Suite and knowledge of security testing methodologies will help you identify and exploit common web application vulnerabilities. You will also be involved in vulnerability scanning and analysis using tools such as Nessus and Qualys, where your ability to analyze scan results, filter out false positives, and prioritize remediation actions will be critical. Your technology-specific knowledge of Microsoft .NET technologies, Identity protocols like OpenID Connect and OAuth 2.0, and cloud technologies, particularly Microsoft Azure, will be beneficial in addressing security implications. A deep understanding of web security fundamentals, including HTTP, HTML, JavaScript, and databases, along with knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and web security mitigations and best practices, will be required in this role. Additionally, your basic penetration testing skills, understanding of penetration testing methodologies and tools, and ability to report findings and recommend remediation actions will be valuable assets. To excel in this role, you should stay up-to-date with the latest security trends, vulnerabilities, and mitigation strategies. Active participation in the security community to maintain current knowledge will be essential to ensure the security posture of applications remains robust. Your skills in threat modeling, penetration testing, code review, Burp Suite, OWASP, and Nessus will be instrumental in fulfilling the responsibilities of this role effectively.,

As a Security Engineer at Pluang based in Gurgaon, you will play a crucial role in enhancing the investment experience for users by ensuring state-of-the-art security and reliability of the platform. Your responsibilities will include collaborating with software engineering teams, defining security requirements, participating in architecture discussions, and maintaining a vulnerability management program to identify security risks across various systems. Your expertise will be utilized in designing and developing automated solutions for security processes, implementing perimeter security measures, application security practices, cloud security controls, and threat detection mechanisms. Additionally, you will support compliance and regulatory requirements, work with third parties to enhance information security governance, and contribute to security projects as necessary. Required qualifications for this role include a minimum of 3 years of experience in Vulnerability Assessment & Penetration Testing for web and mobile applications, as well as infrastructure. You should be familiar with threat detection tools such as EDR and WAF, possess experience with cloud-based microservice architectures, and have conducted application security reviews and code analysis. Collaboration with product managers and software engineering teams to enhance security throughout the software development lifecycle is also essential. Desirable skills for this position include experience in a fast-paced environment, implementing SAST and DAST technologies, and working with Container Security. Pluang offers an attractive compensation package, opportunities for career growth, a healthy work environment, and policies promoting work-life balance and team building. Join Pluang to be part of a team that aims to empower millennials to achieve financial freedom through a diverse range of investment options. With a focus on providing access to financial products in a simple and inclusive manner, Pluang utilizes robust technology to facilitate financial investments with high returns. As an affiliate of PG Berjangka with a trading license from Bappebti, Pluang is committed to making financial markets accessible to individuals from all backgrounds.,

As a Security-focused Code Reviewer, your primary responsibility will be conducting thorough security assessments by reviewing source code utilizing the Checkmarx Platform. Your tasks will involve performing static application security testing (SAST) and software composition analysis (SCA) across various programming languages and frameworks. It will be essential for you to identify, document, and communicate vulnerabilities discovered during the code review process, ensuring comprehensive reports and analysis are provided. In terms of Customer Support for Vulnerability Mitigation, you will directly collaborate with customers" Application Security (AppSec) and Development teams to offer actionable advice on remediating vulnerabilities. Your role will also include providing hands-on guidance on secure coding practices, assisting in understanding the root cause of vulnerabilities, and applying best practices for remediation. Additionally, you will support customers in prioritizing security fixes based on severity and potential impact. You will be expected to develop and present proof-of-concept (PoC) attacks to illustrate how identified vulnerabilities can be exploited in real-world scenarios. Providing technical demonstrations to help customers understand the risk level of specific vulnerabilities and the importance of remediation will be crucial aspects of your responsibilities. Collaboration with AppSec and Dev teams for Application Architecture Analysis will also be part of your role. You will collaborate to analyze the security aspects of application architecture, provide recommendations to secure the architecture at the design stage, and conduct threat modeling to identify potential attack vectors, embedding security into the development lifecycle. Furthermore, you will play a key role in mentoring junior engineers and security analysts, conducting internal training sessions, and staying updated on the latest security vulnerabilities, exploit techniques, and industry trends to contribute to continuous improvement. Act as a trusted advisor to clients, provide security consulting services, and collaborate with internal teams to ensure that security tools and platforms remain at the cutting edge of technology. Your skills should include a Bachelor's degree in computer science or a related technical discipline, 8+ years of experience in high-level programming languages, 5+ years of experience in security-focused code review, a deep understanding of enterprise-grade systems and architectures, and a proactive approach to problem-solving. Proficiency in English and security-related certifications are highly desirable. Please note that the role involves a hybrid work model with international travel occasionally required.,

Min 4–7-year experience performing security testing on Industrial control system components like PLC’s, SCADA, IIOT devices etc. Proven experience in conducting penetration tests, vulnerability assessments, and security audits across diverse environments. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP etc. Strong knowledge of common security vulnerabilities, attack vectors, threat modelling and exploitation techniques. Proficiency in using penetration testing tools and frameworks such as Nessus, Burp Suite, Nmap, and other ethical hacking tools. Understanding of component/system architectures in OT environments. Understanding and evaluation of security testing methods. Knowledge of typical industrial protocols (e.g., Modbus, Profinet, OPC, DNP3.0, CAN) Excellent communication skills, with the ability to clearly articulate technical findings and recommendations to both technical and non-technical audiences Roles and Responsibilities Handle the training delivery for IEC 62443 topics and OT security Handle the OT security project delivery and AUdits

About Narayana Health: Narayana Health is headquartered in Bengaluru, India, and operates a network of hospitals in India and Overseas. Our mission is to deliver high-quality, affordable healthcare services to the broader population. Narayana Health Group is Indias leading healthcare provider and one of the largest hospital groups in the country with a network of 21 hospitals, 5 heart centers, and 19 primary care facilities. The NH group treats over 2.6 Million patients every year from over 78 countries covering 30+ medical specialties. Our Centers of Excellence help in treating Adult & Pediatric patients and we have one of the largest transplant centers in India. We have a strong presence across 17 locations in India, and an overseas hospital in the Cayman Islands, USA. Two of our hospitals have international accreditation from the Joint Commission International (JCI) and 19 hospitals have domestic accreditation from the National Accreditation Board for Hospitals (NABH). For more details, please refer to our website at: https://www.narayanahealth.org About Athma: Software Development Centre is the technology arm of Narayana Health, a leading healthcare network spanning two countries. We at Athma SDC, are engaged in building next generation products for healthcare with the goal of making healthcare safe and affordable to the patients. Our products are handling more than 10M transactions daily and help 7M patients navigate their health journeys.For more details, please refer to our website at - https://athma.health Why Join ATHMA? Be Part of a Health Tech Revolution: Join ATHMA in transforming healthcare through technology, making it more personalized, accessible, and effective for Indian users. Work-Life Balance: We support a balanced work environment that fosters personal well-being and professional growth. Growth & Learning: Youll have opportunities to learn from the best in health tech and work on products that directly impact millions of users. Impactful Work: Play a key role in improving patient outcomes, driving innovation, and setting new standards for healthcare technology in India. Role: Senior Security Architect As a vital member of our team, the Application Security Architect will play a key role in fortifying our organization's application security. You will be responsible for implementing and enhancing security measures, ensuring compliance, and collaborating with cross-functional teams to safeguard our products. Key Responsibilities: Develop and integrate security measures throughout the software development life cycle. Conduct security testing for mobile/web applications. Work with Cyber Security solutions, including Web/Mobile Application Security and API Management. Oversee and ensure compliance with regulatory standards and security best practices. Provide guidance in code reviews, emphasizing secure coding practices. Collaborate with cross-functional teams for security risk assessments, incident response, and remediation efforts. Communicate security concepts effectively to both internal and external stakeholders. Understand and apply knowledge of enterprise architecture, operations, and security controls. Good to have Relevant certifications in application security and cyber security. Experience - 8 to 13 Years Required Skills: Java-based Technologies & Spring Security: Hands-on experience in securing applications developed using Java, with a strong focus on frameworks like Spring, Spring Boot, and Spring Security. In-depth knowledge of authentication, authorization, and other security functionalities provided by Spring Security. Ability to identify and mitigate Java-specific security vulnerabilities. Secure SDLC and Threat Modelling: Proven experience in implementing security throughout the software development life cycle. Ability to apply threat modeling methodologies for designing secure applications. Security Testing: Proficiency in conducting security testing for mobile applications and APIs. Experience with SCA, SAST, DAST, and other relevant security testing tools. Cyber Security Solutions: Familiarity with Cyber Security solutions, including Web/Mobile Application Security and API Management. Knowledge of Assessment frameworks and compliance obligations. Compliance and Standards: Experience in overseeing and ensuring compliance with security standards. Implementation and maintenance of security controls to meet compliance requirements. Code Reviews and Communication: Ability to provide guidance in code reviews, emphasizing security best practices. Strong communication skills to articulate complex security concepts to diverse stakeholders. Cross-functional Collaboration: Proven collaboration skills with cross-functional teams for security risk assessments and incident response. Enterprise Knowledge: Strong understanding of enterprise architecture, operations, and security controls.

Project Role : Application Security Architect Project Role Description : Review and integrate all application requirements, involving security requirements. Review and integrate the application security technical architecture requirements. Provide input into final decisions regarding application security. Must have skills : Java Standard Edition Good to have skills : Docker (Software), Prometheus Event Monitoring System, GrafanaMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Application Security Architect, you will engage in a dynamic environment where your primary focus will be on reviewing and integrating all application requirements, particularly those related to security. Your typical day will involve collaborating with various teams to ensure that security considerations are embedded in the application architecture. You will analyze security requirements and provide insights that influence final decisions, ensuring that the applications developed are secure and resilient against potential threats. Your role will also require you to stay updated with the latest security trends and technologies to effectively safeguard the applications under your purview. Roles & Responsibilities:- Expected to be an SME, collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and maintain security policies and procedures to ensure compliance with industry standards. Professional & Technical Skills: - Must To Have Skills: Proficiency in Java Standard Edition.- Good To Have Skills: Experience with Docker, Prometheus Event Monitoring System, Grafana.- Strong understanding of application security principles and best practices.- Experience with threat modeling and risk assessment methodologies.- Familiarity with secure coding practices and security testing tools. Additional Information:- The candidate should have minimum 5 years of experience in Java Standard Edition.- This position is based in Mumbai.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NA Educational Qualification : 15 years full time education Summary :As an Application Developer, you will design, build, and configure applications to meet business process and application requirements. A typical day involves collaborating with various teams to understand their needs, developing innovative solutions, and ensuring that applications are aligned with business objectives. You will engage in problem-solving activities, contribute to key decisions, and manage the development process to deliver high-quality applications that enhance operational efficiency and user experience. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate knowledge sharing sessions to enhance team capabilities.- Monitor project progress and ensure alignment with business goals. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Architecture Design.- Strong understanding of application security principles and best practices.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security frameworks and compliance standards.- Ability to design secure application architectures and implement security controls. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Architecture Design.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Cyber Threat Intelligence Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. You will engage in discussions to refine security strategies and provide guidance on implementing effective security measures across the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of cloud security measures to identify potential vulnerabilities and recommend improvements.- Collaborate with cross-functional teams to ensure alignment of security practices with business objectives. Professional & Technical Skills: - Must To Have Skills: Proficiency in Cyber Threat Intelligence.- Strong understanding of cloud security principles and frameworks.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security compliance standards such as ISO 27001, NIST, and GDPR.- Ability to analyze and respond to security incidents effectively. Additional Information:- The candidate should have minimum 3 years of experience in Cyber Threat Intelligence.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Zscaler Architecture Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure that the architecture aligns with organizational objectives, while also addressing any emerging security challenges that may arise throughout the day. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in cloud security.- Continuously evaluate and improve the cloud security framework based on industry best practices. Professional & Technical Skills: - Must To Have Skills: Proficiency in Zscaler Architecture.- Strong understanding of cloud security principles and frameworks.- Experience with security compliance standards and regulations.- Ability to design and implement security solutions in cloud environments.- Familiarity with risk assessment methodologies and threat modeling. Additional Information:- The candidate should have minimum 5 years of experience in Zscaler Architecture.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Conduct comprehensive penetration testing of networks, web applications, mobile applications, and other systems to identify security vulnerabilities. Perform vulnerability assessments and provide detailed recommendations for remediation. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP, MITRE ATT&CK etc. Strong knowledge of common security vulnerabilities, attack vectors, threat modelling and exploitation techniques. Proficiency in using penetration testing tools and frameworks such as Nessus, Burp Suite, Nmap, and other ethical hacking tools. Strong understanding of network protocols, network and application security architectures, and common vulnerabilities (e.g., OWASP Top Ten). Prepare detailed reports of findings, including risk analysis and recommended mitigations, and present these findings to stakeholders. Stay current with emerging security threats, vulnerabilities, and technology trends, and apply this knowledge to improve our security posture. Understanding of component/system architectures in IT and OT environments. Understanding and evaluation of security testing methods. Knowledge of typical industrial protocols (e.g., Modbus, Profinet, OPC, DNP3.0, CAN) Excellent communication skills, with the ability to clearly articulate technical findings and recommendations to both technical and non-technical audiences Source code review for control flow and security flaws IEC 62443 Standard plus at least one of: ISO/IEC 27001 IEC 61508 NIST CSF IEC 61162-460:2024 Proficient in developing VAPT documentation and methodologies specifically aligned with IEC 61162-460:2024 for maritime navigation and radiocommunication equipment cybersecurity. Automotive Vehicle Testing Support Skilled in providing cybersecurity testing support for automotive vehicles , including VAPT of ECUs and in-vehicle networks , threat modeling , and ensuring compliance with industry standards like ISO/SAE 21434. Roles and Responsibilities Min. one professional certification such as Certified Ethical Hacker (CEH), ISA/IEC 62443, OSCP or certified Penetration Tester preferred. Min 2–5 years of experience performing security testing on Industrial control system components like IOT devices, PLCs, SCADA, IIOT devices etc. Familiarity with operating systems (Windows, Linux) and their security features. Excellent problem-solving skills and the ability to think critically to identify and address security issues. Strong verbal and written communication skills, with the ability to document and present technical information to both technical and non-technical audiences. Perform and report on penetration testing of systems, including cloud, NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, IEC 62243, PTES, and Information Systems Security Assessment Framework (ISSAF). Develop and maintain up-to-date knowledge of security testing tools and techniques. Contribute to the development and maintenance of security testing methodologies and procedures. Team Collaboration and Training Collaborate with other members of the security team to develop and maintain security policies, procedures, and standards

Responsibilities: Assist teams with risk analysis (TARA) and Threat Modeling (STRIDE). Guide secure architecture design. Integrate security tools (Static Analysis, Fuzzing). Lead security decisions. Review code/configs for vulnerabilities. Accessible workspace Flexi working Work from home Food allowance Health insurance Gratuity

The Product Security Principal Architect at Stryker plays a crucial role in collaborating with product development teams to implement effective security controls during the digital systems development processes. Responsible for shaping the security of Stryker products before market release, this professional guides teams to prioritize Security by Default, ensuring product resilience in the marketplace. Key responsibilities of this role include generating threat models with risk scoring, identifying and implementing security controls at various stages of product development, providing oversight during verification and validation, and supporting security investigations and responses post-market launch. **What You Will Do:** **Technical Responsibilities:** - Assess security risks and influence design decisions for new and evolving products to ensure they are secure by design. - Lead the development of threat models to address product risk related to security. - Define security requirements for new or evolving products. - Collaborate with product teams to address security issues and vulnerabilities identified through security tooling. - Assist product security incident response teams in effectively responding to and documenting security incidents. - Summarize security concepts used in product requirements, design, and build phases for internal and external communications. - Provide guidance on product security to internal taskforce teams. **Knowledge and Capabilities:** - Stay informed on security standards and guidelines from regulatory bodies such as FDA, NIST, ISO, and IEC. - Apply security control frameworks, threat modeling, and vulnerability severity scoring to secure products effectively. - Experience in designing secure products within the IoT ecosystem that includes embedded devices, clouds, and mobile devices. - Stay updated on vulnerabilities and exploits that may impact Stryker's ecosystem across various computing areas. **What You Will Need:** **Basic Qualifications:** - Bachelor's Degree in product security, computer science, mathematics, statistics, or related field. - Minimum of 8 years of relevant (product) security work experience. **Preferred Qualifications:** - Master's degree in a security-related discipline. - Knowledge of quality management systems in healthcare, medical device, or cyber-physical industries. - Experience implementing secure technologies in embedded devices, clouds, and mobile devices, including transport and communication protocols. - Possession of one or more active, industry-recognized cybersecurity certifications. Stryker, a global leader in medical technologies, is committed to enhancing healthcare outcomes through innovative products and services in MedSurg, Neurotechnology, Orthopaedics, and Spine. With a focus on making healthcare better, Stryker positively impacts over 150 million patients worldwide annually.,