119 Threat Modeling Jobs - Page 2

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Threat Hunting Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture in the cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Evaluate emerging security technologies and recommend improvements to existing security frameworks. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Threat Hunting.- Good To Have Skills: Experience with cloud security tools and frameworks.- Strong understanding of risk assessment methodologies and threat modeling.- Familiarity with compliance standards such as ISO 27001, NIST, and GDPR.- Experience in incident response and security operations. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Threat Hunting.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Skill Description Experience in working with Bluetooth profiles and ability to do analyze air traces to root cause issues Experience in Automotive Infotainment Domain Experience in Modern C++14/17, OOPs, Design patterns . Knowhow with coding guidelines/standards (e.g. MISRA C/C++, CERT C/C++) Experience in Multi-Threading, IPC, RPCThrift, DBUS, gRPC , Sockets. Experience in Build tools like Make, CMake and Git workflow. Experience in Linux, GDB, Valgrind, System Debugging skills. Experience with Test-Driven Development, Google-Test, Robot Framework, Python. Shell Understanding Infotainment System Architecture, Design Principles. Know how on Agile Frameworks and toolsScrum/Kanban, JIRA, Confluence, TMX, R4J Nice to have Experience with Embedded Linux / Yocto/ QNX Knowledge of ASPICE V-Model Processes. Understanding/Experience in containers, hyper visor, virtualization. Experience in Media player, Bluetooth, IAP, Android auto, Device manager , Remote UI. Experience with DevOps-CI/CD. Experience with AppArmour, Threat Modeling, TrustZone, Ability to understand and address Bluetooth security vulnerabilities reported by various research organizations. Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Skills (competencies) Verbal Communication

Are you a skilled penetration tester looking for an exciting new opportunity to take your career to the next level? Join our dynamic cybersecurity team, where youll have the chance to work on cutting-edge projects, including cloud security, reverse engineering, threat modelling, and product security . Who we are? Payatu is an ISO certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual. What we look for outside work parameters? Your expertise is your primary qualification, not your degree or certification. Strong leadership qualities, plan, monitor and manage activities for self and team. Passion to deliver the promised service. Motivated, self-starter individual with high level of integrity, intensity, and activity with a can-do attitude. Ability to understand Organization objectives and execute them accordingly. Disciplined process-oriented work style and ability to work independently You are a perfect technical fit if: Advanced knowledge of common penetration testing tools (Burp Suite, Metasploit, Wireshark, etc.).Proficient in reverse engineering tools (IDA Pro, Ghidra, Binary Ninja, etc.).Deep understanding of cloud-native security issues and technologies (containers, Kubernetes, serverless, etc.).Strong knowledge of application security principles, including OWASP Top 10, secure coding practices, and common vulnerabilities.Understanding of product security practices and secure software development life cycles. You Have All Our Desired Qualities, if: Minimum 5+ years of hands-on experience in penetration testing, security research, or related fields. Proven track record in performing complex security assessments on cloud environments (AWS, Azure, GCP), thick client applications, and enterprise systems. Experience with reverse engineering (static and dynamic analysis) of software and binaries. Expertise in threat modelling, risk assessment, and security design for software products. Extensive experience in vulnerability analysis and exploitation techniques across diverse platforms. Deep understanding of: Web application and API vulnerabilities (e.g., SQLi, XSS, IDOR) Mobile app security (reverse engineering, instrumentation) Network and infrastructure testing Cloud security misconfigurations and privilege escalation AI/LLM attack vectors (prompt injection, model extraction, data poisoning, etc.) Your everyday work will look like: Lead penetration tests on cloud infrastructures (AWS, Azure, GCP), thick client apps, and enterprise systems. Conduct security research and vulnerability assessments on cloud platforms. Collaborate with product teams and clients to create threat models, identifying risks, vulnerabilities, and attack vectors with clear, actionable insights. Reverse-engineer binaries, software, and applications to uncover vulnerabilities, develop exploits, and improve product security. Assess and advise on security throughout the product lifecycle, from design to deployment, ensuring robust security measures. Develop custom security tools and scripts to improve testing efficiency and address new vulnerabilities. Stay updated on emerging threats, attack techniques, and security trends, sharing insights with the team to maintain cutting-edge expertise. Certifications : Offensive Security Certified Professional (OSCP) or similar certifications such as CEH, CRTP, OSCE, or CISSP.Additional certifications or training in cloud security, reverse engineering, or product security are a plus. Soft Skills: Excellent communication skills to present findings and security concepts clearly to both technical and non-technical stakeholders.Strong problem-solving skills with the ability to think creatively and develop solutions to complex security challenges.Leadership capabilities to mentor and guide junior security consultants and researchers.Ability to work independently and manage multiple projects effectively under tight deadlines. Preferred Qualifications: Experience in developing custom security tools or exploits.Experience with threat hunting or advanced adversarial techniques.Familiarity with advanced attack frameworks like MITRE ATT&CK.

About the Role :We are seeking a highly motivated and skilled Security Firmware Engineer to join our team and contribute to the development of cutting-edge security solutions. In this role, you will be responsible for designing, developing, and maintaining firmware for our security subsystems, ensuring the highest levels of security and reliability.Key Responsibilities :Design, develop, and maintain firmware for security subsystems, including but not limited to : - Root of Trust - Trusted Platform Module (TPM/fTPM) - Widevine DRM - Develop and implement secure boot and attestation mechanisms. - Integrate security features into existing firmware and hardware platforms. - Perform thorough code reviews and unit testing to ensure code quality and security. - Troubleshoot and debug firmware issues. - Collaborate with cross-functional teams (hardware, software, security) to ensure seamless integration and system-level security. - Stay abreast of the latest security threats and vulnerabilities, and implement mitigation strategies. - Contribute to the development and maintenance of security policies and procedures.Required Skills : Mandatory : - Very strong in C language programming and debugging - Working knowledge of git/gerritKey Skillsets : - Good knowledge about silicon security subsystem / policy, root of trust, TPM/fTPM, Widevine - Good knowledge of trusted applications and handshake - Experience with embedded systems development and debugging. - Strong understanding of security principles and best practices. - Experience with security protocols (e.g., TLS, SSL, IPsec). - Excellent problem-solving and analytical skills. - Strong communication and collaboration skills.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Job Description:Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 6-8 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts.Key responsibilities: Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments. Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces. Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components. Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols. Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses. Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware. Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware. Perform hardware penetration testing to identify vulnerabilities in electronic systems. Assess the security of medical devices, ensuring compliance with industry regulations and standards. Identify and address security risks associated with healthcare information systems and connected medical instruments. Evaluate and prioritize security risks based on potential impact and likelihood. Provide recommendations and collaborate with cross-functional teams to implement effective security controls. Stay current with emerging security threats, vulnerabilities, and testing methodologies. Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle. Document security testing processes, findings, and remediation recommendations. Generate comprehensive reports for stakeholders, including technical details and actionable insights.Technical experience: Hands on experience with penetration testing tools and methodologies. Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments. Knowledge of secure coding practices and the ability to review code for security vulnerabilities. Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines. Experience with threat modeling and risk assessment frameworks. Familiarity with secure development practices for embedded systems. Understanding of regulatory requirements for medical device security. Strong understanding of networking protocols, encryption, and authentication mechanisms.Professional attributes: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability. Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling. Ability to manage multiple tasks and deadlines. Qualifications: Bachelor's or master's degree in engineering or computer science, Information Security, or a related field. Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP). Qualifications 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Google Cloud Data ServicesMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :GCP Security Architect Solution Design, Compliance, and Security EngineeringWe are hiring GCP Security Architects with 7+ years of experience in designing secure GCP environments and integrating automated security across deployments. This role emphasizes applied engineering, platform security control implementation, and ensuring audit-ready, secure-by-default environments. Roles & Responsibilities:Design and implement secure, scalable GCP architectures.Configure and maintain IAM (roles, policies, IDP integrations, MFA, SSO).Establish secure configurations for VPCs, VPNs, Data Encryption (KMS), and Cloud Armor.Manage Cloud Security Command Center for visibility, governance, and incident response.Implement Cloud Operations Suite for logging, alerting, and security analytics.Conduct threat modeling, vulnerability assessments, and define remediation paths.Automate security checks and controls using Terraform, Cloud Shell, and CI/CD integrations.Collaborate with platform, DevOps, and risk teams to embed security into development lifecycles.Support audit preparation, policy compliance, and security documentation efforts.Review solution designs and assist with enforcing GCP security guardrails. Professional & Technical Skills: Analytical and detail-oriented with a strong problem-solving mindset.Strong communicator with cross-functional collaboration experience.Continuously stays updated with evolving cloud threat landscapes.Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders.Strong working knowledge of IAM, VPC SC, Cloud Armor, encryption practices, and security policy enforcement.Experience with Terraform, automated auditing, and log analysis tools.- Additional Information:Bachelors degree in engineering or computer science, Information Security, or a related field.Certifications such as Google Cloud Certified Professional Cloud Security Engineer is a must; CCSP preferred.- 7+ years in security roles, with 3+ years in hands-on GCP security delivery.- This position is based at our Bengaluru office- A 15 years full time education is required. Qualification 15 years full time education

Job Summary :We're seeking an experienced Senior .NET Developer with a strong background in IT Security to join our team in Pune. As a Senior .NET Developer, you will be responsible for designing, developing, and maintaining secure .NET applications, ensuring the highest levels of security, scalability, and performance. Key Responsibilities :1. Design, develop, and maintain secure .NET applications, including web applications, APIs, and microservices.2. Ensure compliance with IT security best practices, industry standards, and regulatory requirements.3. Collaborate with cross-functional teams, including IT security, QA, and DevOps, to identify and mitigate security risks.4. Develop and implement secure coding practices, code reviews, and testing strategies.5. Troubleshoot and resolve complex technical issues, including security-related incidents.6. Stay up-to-date with emerging trends, technologies, and threats in IT security and .NET development.7. Mentor junior developers and provide technical guidance on secure coding practices. Technical Requirements :1. 5+ years of experience in .NET development (C#, (link unavailable), MVC, Web API).2. Strong background in IT security, including security frameworks, threat modeling, and risk assessment.3. Experience with secure coding practices, code reviews, and testing strategies.4. Knowledge of security protocols, such as SSL/TLS, OAuth, and JWT.5. Familiarity with cloud security platforms, such as Azure Security Center or AWS IAM.6. Experience with Agile development methodologies and version control systems (e.g., Git).7. Strong problem-solving skills, attention to detail, and analytical thinking. Nice to Have :1. Certifications in IT security, such as CompTIA Security+ or CISSP.2. Experience with containerization (Docker) and orchestration (Kubernetes).3. Knowledge of DevOps tools, such as Jenkins, Azure DevOps, or TeamCity.4. Familiarity with cloud platforms, such as Azure or AWS.

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on third-party software security, container security, and SaaS security. Here is how, through this exciting role, YOU will contribute to BMC's and your own success: You will provide subject matter expertise for application security with focus areas such as third-party software composition analysis, container security. You as an SME, will assist the product teams in understanding and handling vulnerabilities. You will perform threat modeling and architecture review. You may be involved in the new initiatives of the Product Security Group, including cross collaboration with non-technical teams (Sales, Legal etc.) You will be supporting necessary application security practices and contributing to central security scanning infrastructure design and management. . To ensure youre set up for success, you will bring the following skillset & experience: 5+ years of experience in application security (any combination of code, web, mobile, API, cloud, infrastructure, and container security) or information security. Effective problem-solving skills when encountering unexpected challenges. Excellent communication skills (written and verbal), and ability to interact clearly and effectively with other teams of various technical levels. Excellent troubleshooting and problem-solving skills. . Whilst these are nice to have, our team can help you develop in the following skills: Experience in system or network administration, and software development. Timeliness and attention to detail

Designation: Senior Lead Engineer - Product Cyber Security Years of experience: 8 12 Years Location Hyderabad On a typical day you will: Perform DAST, SAST & Pentest for different products Perform Threat Modeling and Architecture reviews for new products and design changes with existing products Handle Product Cyber Incident Response activities and Active contribution to Risk Management Work with product development teams towards secure DevOps activities and CI/CD integration issues with Security tools Work with product development teams and carry out functional cyber risk assessments to support their cyber requirements throughout the entire development cycle. What You Will Need to be Successful: Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline 8+ years of product cyber security engineering and software systems development experience; at least 4 years hands-on experience with penetration testing methodologies and tools. In depth knowledge of IEC 62443 and related cybersecurity standards. In-depth knowledge of requirements captures, cyber security threat modeling and systematic discovery of threats, as part of Secure Development Lifecycle, with broad understanding of potential vulnerabilities at different layers of hierarchical systems Cyber security certifications such as OSCP, GSEC, CEH Knowledge of state-of-the-art security analysis tools and various product cyber security safeguards. These include threat modeling, source code analysis, dynamic analysis, penetration testing and audit/compliance tools Excellent written and verbal communication and presentation skills. Adept at communicating with globally disperse cross functional teams. (Preferred) Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems (Preferred) Intimate knowledge and experience with incident response management and risk assessment

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Are you passionate about cybersecurity and looking for an exciting role where you can make a difference? If so, we have an opportunity for you! As a Security Specialist at Kyndryl, you will play a crucial role in enabling and securing our customer organizations, cultures, and ecosystems. Your responsibilities will be varied and dynamic, spanning asset classification models, risk assessment reports, information security policies, security solution scenarios, implementation plans, organization models, procedures, security services, security effectiveness evaluation reports, and security awareness workshops. You will be tasked with configuring, monitoring, and managing the performance of networks to maintain the quality of services, while also protecting organizational infrastructure from malicious cyber-attacks. As a key member of our team, you will assess, predict, prevent, and manage the risk of IT infrastructure and data, helping our customers stay ahead of the curve and ensure their systems are secure. You will develop and implement security policies and procedures, working closely with other departments to ensure that all security measures are in place and operating effectively. But that is not all – at Kyndryl you will have the opportunity to explore innovation in CyberSecurity data science – taking information that has been gathered and looking for areas to have that “Ah Ha” moment. Drawing conclusions and patterns from the data across single and multiple clients. Creating new ideas in the area of risk management and risk quantification. In addition to your technical responsibilities, you will also play a key role in raising awareness of potential security threats through technical security training on best practices. This is an exciting opportunity to help shape the culture of our clients' organizations and make a tangible impact on their security posture. If you have a passion for cybersecurity – governance, risk and compliance, are looking for a challenging and dynamic role, and want to work with a team of like-minded individuals, then we want to hear from you! Join us as a Security Specialist and help us secure the future of our clients' organizations. Your Future at Kyndryl Every position at Kyndryl offers a way forward to grow your career. We have opportunities that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Whether you want to broaden your knowledge base or narrow your scope and specialize in a specific sector, you can find your opportunity here. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Experience: 3 to 6 years of experience in IT security with a strong understanding of information security principles and best practices. Expertise in application security, vulnerability management, cloud security ( AWS, Azure) and threat modeling. Risk Management & Compliance (NIST, GDPR, PCI DSS) Experience with programming languages and technologies, including Java, APIs, ASP.Net, Spark, Python, and React.js. Strong ability to conduct independent application security assessments (ASA, API Security), security control assessments, and risk reviews. Hands-on experience in security processes within the Software Development Lifecycle ( Secure by Design in SDLC ). Knowledge of security tools, customer/business interaction, and strong communication & stakeholder management skills required Ability to analyze security architectures and provide relevant security policies and recommendations. In-depth knowledge of regulatory compliance frameworks such as GDPR, NYDFS, SCHREMS, DORA, ECB Audit, NIST, and SECAIA. Proficiency in cloud and network security, identity and access management (IAM), data encryption, and SIEM tools. Exposure to security tools like Qualys, Nessus, Nmap, Burp Suite, SonarQube, Netsparker, OWASP, and open-source security testing tools. Experience in planning and executing security action plans while maintaining security documentation as per organizational guidelines. Ability to drive Secure by Design principles throughout the SDLC and train teams on the latest security technologies. Excellent problem-solving skills, adaptability, and interpersonal skills to collaborate with cross-functional teams. Preferred Technical and Professional Experience: Proven track record in implementing security solutions and compliance projects for banking service platforms and applications. Hands-on experience in DevSecOps, API security, and secure software development practices. Strong knowledge of infrastructure security, including firewalls, routers, and Wi-Fi security. Experience with security automation, penetration testing, and risk acceptance management. Ability to train and mentor teams on secure coding practices and emerging security technologies. Strong communication and influencing skills, with the ability to engage effectively with business stakeholders and technical teams. Demonstrated ability to prepare security reports and maintain clear, structured communication with project stakeholders Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Security engineer Protect our users and their data. 4+ years in security engineering. Encryption expertise. Threat modeling experience.

Position Overview We are seeking a highly skilled Automotive Cyber Security Engineer with a strong background in ISO21434 and hands-on expertise in security features such as secure boot, firewall, TLS, and PKI. The ideal candidate will have experience working with automotive protocols like CAN and Ethernet, and will be familiar with tools like TARA, STRIDE, and security architecture development. This role involves ensuring the security of automotive systems and collaborating with cross-functional teams to implement robust security measures. Key Responsibilities Design, implement, and validate security features in automotive systems using ISO21434 standards. Develop and debug software components in C/C++ for secure boot, firewall, and other security mechanisms. Analyze automotive protocols (CAN, Ethernet) for potential vulnerabilities and design countermeasures. Apply TARA and STRIDE methodologies to assess and mitigate security risks in automotive systems. Collaborate with stakeholders to define security requirements and architecture. Support the development and maintenance of CSMS (Cybersecurity Management System) and CIA (Confidentiality, Integrity, Availability) processes. Stay updated on UNECE R155/R156 regulations and assist in RED article 3.3d certification efforts. Qualifications 2 to 5 years of experience in the automotive cyber security domain, with hands-on expertise in ISO21434. Proficiency in security features such as secure boot, firewall, TLS, and PKI. Strong understanding of automotive protocols like CAN and Ethernet. Experience with security tools such as TARA, STRIDE, and security architecture frameworks. Development experience in C/C++, including debugging and optimization. Familiarity with CSMS, CIA, and CASE (Cyber Security Management) processes is a plus. Knowledge of ASPICE CS (Cyber Security) MAN.7 and SEC guidelines is highly desirable. Experience with UNECE R155/R156 and RED article 3.3d certification is a plus. Preferred Skills Experience with security certification processes and compliance requirements. Familiarity with advanced threat modeling and risk assessment techniques. Knowledge of cyber security management frameworks and best practices. Benefits and Perks Competitive salary and benefits package. Opportunities for professional growth and development. Collaborative and innovative work environment. Exposure to cutting-edge automotive security projects and technologies. Major Skills Cyber Security ,C/C++,TARA, STRIDE Minor Skills ASPICE

Job Title: Manager Application Security Company Name: Info Edge India Ltd Job Description: As the Manager Application Security, you will be responsible for leading the application security initiatives within Info Edge India Ltd. You will work closely with development teams to ensure that security is integrated into the software development lifecycle. The role involves assessing potential vulnerabilities in applications, implementing security best practices, and ensuring compliance with security standards. You will also be responsible for conducting security assessments, managing security incidents, and providing guidance on secure coding practices. Additionally, you will collaborate with cross-functional teams to promote a culture of security awareness throughout the organization. Key Responsibilities: - Lead application security assessments and conduct security reviews of applications. - Develop and implement application security policies, standards, and guidelines. - Collaborate with development teams to integrate security into the software development lifecycle. - Conduct threat modeling and vulnerability assessments to identify security risks. - Provide training and support to developers on secure coding practices. - Monitor security trends and stay updated on emerging threats and vulnerabilities. - Respond to security incidents and coordinate incident response efforts. - Prepare reports and presentations for management on application security metrics and status. Skills and Tools Required: - Strong understanding of application security principles and best practices. - Experience with application security testing tools, such as static and dynamic analysis tools. - Familiarity with secure coding practices and frameworks (e.g., OWASP Top Ten). - Knowledge of security standards and compliance frameworks (e.g., ISO 27001, NIST). - Proficiency in one or more programming languages (e.g., Java, Python, C#). - Experience in conducting threat modeling and risk assessment. - Strong analytical skills and attention to detail. - Excellent communication and interpersonal skills to work collaboratively with various teams. - Certifications in application security (e.g., Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP)) are a plus.

Greetings from IT.. I am now hiring a Threat Detection Engineer for my Clients. Location: Bangalore, Gurugram. Experience: 6-13 Years N[P: Immediate-30 days Primary skills: Threat hunting, threat intelligence, Splunk In-depth knowledge of external attacks and detection techniques to be able to run analysis of the requirements provided by threat intelligence / SOC teams, generate list of rules that could be implemented (based on self analysis of a threat and avaiable log sources), work with SOC team to operationalize and Purple Team to test.. Familiarity with MITRE ATT&CK framework and Tactics, Techniques, and Procedures (TTPs). Experience with security tools such as Splunk, MDE , Databricks to be able to write custom detections to detect various threats (preferably MDE). Kindly share your resume at chanchal@oitindia.com

Description: Work with multiple medical customers in the areas of - - Threat modelling, security requirements and architecture - Drive security lifecycle for multiple customer projects - Drive pen testing requirements across projects - Take part in customer discussions for new business development activities - Setup security practice for MedTech in India Requirements: - Must have 15+ years of experience in cyber security areas - Must be efficient in medical domain security - Must have experience with medical device security: threat modelling, pen testing, SAST, DAST - Must be hands on with pen testing of medical devices, application and cloud Job Responsibilities: Work with multiple medical customers in the areas of - - Threat modelling, security requirements and architecture - Drive security lifecycle for multiple customer projects - Drive pen testing requirements across projects - Take part in customer discussions for new business development activities - Setup security practice for MedTech in India What We Offer: Exciting Projects: We focus on industries like High-Tech, communication, media, healthcare, retail and telecom. Our customer list is full of fantastic global brands and leaders who love what we build for them. Collaborative Environment: You Can expand your skills by collaborating with a diverse team of highly talented people in an open, laidback environment — or even abroad in one of our global centers or client facilities! Work-Life Balance: GlobalLogic prioritizes work-life balance, which is why we offer flexible work schedules, opportunities to work from home, and paid time off and holidays. Professional Development: Our dedicated Learning & Development team regularly organizes Communication skills training(GL Vantage, Toast Master),Stress Management program, professional certifications, and technical and soft skill trainings. Excellent Benefits: We provide our employees with competitive salaries, family medical insurance, Group Term Life Insurance, Group Personal Accident Insurance , NPS(National Pension Scheme ), Periodic health awareness program, extended maternity leave, annual performance bonuses, and referral bonuses. Fun Perks: We want you to love where you work, which is why we host sports events, cultural activities, offer food on subsidies rates, Corporate parties. Our vibrant offices also include dedicated GL Zones, rooftop decks and GL Club where you can drink coffee or tea with your colleagues over a game of table and offer discounts for popular stores and restaurants!

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Job Description:Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 6-8 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts.Key responsibilities: Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments. Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces. Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components. Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols. Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses. Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware. Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware. Perform hardware penetration testing to identify vulnerabilities in electronic systems. Assess the security of medical devices, ensuring compliance with industry regulations and standards. Identify and address security risks associated with healthcare information systems and connected medical instruments. Evaluate and prioritize security risks based on potential impact and likelihood. Provide recommendations and collaborate with cross-functional teams to implement effective security controls. Stay current with emerging security threats, vulnerabilities, and testing methodologies. Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle. Document security testing processes, findings, and remediation recommendations. Generate comprehensive reports for stakeholders, including technical details and actionable insights.Technical experience: Hands on experience with penetration testing tools and methodologies. Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments. Knowledge of secure coding practices and the ability to review code for security vulnerabilities. Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines. Experience with threat modeling and risk assessment frameworks. Familiarity with secure development practices for embedded systems. Understanding of regulatory requirements for medical device security. Strong understanding of networking protocols, encryption, and authentication mechanisms.Professional attributes: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability. Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling. Ability to manage multiple tasks and deadlines. Qualifications: Bachelor's or master's degree in engineering or computer science, Information Security, or a related field. Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP). Qualifications 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Product Security Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. You will provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Your typical day will involve utilizing your expertise in product security to ensure the security of our systems and data, identifying vulnerabilities, and implementing effective security measures. Roles & Responsibilities: Expected to perform independently and become an SME. Required active participation/contribution in team discussions. Contribute in providing solutions to work related problems. Identify vulnerabilities in systems and applications and develop strategies to mitigate risks. Implement and maintain security measures to protect systems and data. Conduct security assessments and audits to identify potential threats and weaknesses. Collaborate with cross-functional teams to ensure security best practices are implemented. Stay up-to-date with the latest security trends and technologies. Assist in incident response and recovery efforts. Provide guidance and support to junior security professionals. Professional & Technical Skills: Must To Have Skills:Proficiency in Product Security. Experience with threat modeling and risk assessment methodologies. Strong understanding of network security protocols and technologies. Knowledge of secure coding practices and vulnerability management. Familiarity with security frameworks and compliance standards. Good To Have Skills:Experience with cloud security technologies. Experience with security incident management and forensics. Knowledge of encryption algorithms and cryptographic protocols. Additional Information: The candidate should have a minimum of 3 years of experience in Product Security. This position is based at our Pune office. A 15 years full time education is required. Qualifications 15 years full time education

Experience of SQL & advance SQL . Develop and implement data governance policies, standards, and procedures to ensure data quality and complianceSecurity Excellent communication and problem-solving skills Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4-7 yrs of exp, 3 + yrs of relevant experience Experience with data quality tools and data management software Experience in Data Management (Data Quality, Data Governance)Threat Modeling. Experience with data visualization and reporting tools (Tableau Preferred technical and professional experience Excellent communication and problem-solving skills.. Thorough understanding of SQL & advance SQL . Develop and implement data governance policies, standards, and procedures to ensure data quality and compliance

Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Product Security Good to have skills : Google Cloud Data Transfer Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :GCP Security Architect – Cloud Security Strategy, Governance, and ArchitectureWe are seeking an accomplished GCP Security Architect with 12+ years of experience in cloud security architecture, threat modeling, and governance across enterprise-scale environments. This strategic role involves defining secure cloud architecture standards, driving security-first GCP adoption, and automating risk mitigation initiatives across business units. Roles & Responsibilities: Define and implement enterprise-wide GCP security architecture strategy. Design and implement secure GCP architectures aligned with business and compliance needs. Lead design reviews covering IAM (IDP, SSO, MFA), VPC security, VPNs, data encryption, and secure interconnects. Implement Cloud Armor, Cloud Security Command Center, and threat detection pipelines. Conduct threat modeling, risk analysis, and vulnerability assessments for high-impact platforms. Define automated controls and audit checks using Terraform, Cloud Shell, and GCP APIs. Ensure monitoring, logging, and auditing using Cloud Operations Suite. Lead enterprise security design and architecture governance forums. Mentor a team of cloud security professionals and guide platform standardization. Represent GCP security strategy to CISO teams, compliance leadership, and auditors. Define secure-by-design templates and enforce zero-trust access architectures Professional & Technical Skills: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability. Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling. Ability to manage multiple tasks and deadlines. Expertise in GCP IAM roles, Identity Federation, and Policy Troubleshooting. Advanced knowledge of VPC SC, KMS, security perimeters, and encryption standards. Hands-on with IaC tools like Terraform, Cloud Shell scripting, and GCP-native tools. Strong understanding of networking protocols, encryption, and authentication mechanisms. Confident communicator with executive presence. Proactive leader capable of owning enterprise transformation initiatives. Strategic thinker with deep technical foundations. Additional Information:Bachelor's or master's degree in engineering or computer science, Information Security, or a related field.Certifications such as Google Cloud Certified – Professional Cloud Security Engineer is a must; CISSP or CCSP preferred. 12+ years in security, including 5+ years specifically with GCP. This position is based at our Bengaluru office A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Google Cloud Data Services Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :GCP Security Engineer / Associate Architect – Cloud Security Operations & EngineeringWe are looking for GCP Security Engineers / Associate Architects with 5+ years of experience in cloud security engineering and automation. This role supports operational security, control configuration, and secure design practices for GCP workloads. Roles & Responsibilities: Implement GCP security controls:IAM, VPC security, VPNs, KMS, Cloud Armor, and secure networking. Manage GCP identity and access, including SSO, MFA, and federated IDP configurations. Monitor workloads using Cloud Operations Suite and escalate anomalies. Conduct basic threat modeling, vulnerability scanning, and patching processes. Automate security audits and compliance controls using Terraform and Cloud Shell scripting. Assist architects in deploying and maintaining secure-by-default infrastructure. Support audit preparation, policy enforcement, and evidence gathering. Collaborate with cross-functional teams to resolve security alerts and findings. Maintain detailed technical documentation and knowledge sharing resources. Professional & Technical Skills: Working knowledge of IAM, KMS, GCP networking, and cloud policy enforcement. Familiarity with IaC tools (Terraform), scripting, and log analytics. Strong desire to grow in the cloud security domain. Good communication skills and proactive approach to problem-solving. Thrives in a fast-paced, learning-oriented environment. Additional Information:Bachelor's degree in Computer Science, IT, or Information Security.Certifications such as Google Cloud Certified – Professional Cloud Security Engineer is a must; Associate Cloud Engineer is a plus. 5+ years in security or cloud engineering, with at least 1–2 years in GCP. This position is based at our Bengaluru office A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Architect, you will define the end-to-end security architecture and strategy for in-vehicle systems, telematics, and cloud-connected services, ensuring alignment with regulatory requirements and industry best practices. You will also lead penetration testing efforts, document security controls across ECUs and communication interfaces, and guide the implementation of secure system designs across the vehicle ecosystem. Roles & Responsibilities: Define and implement end-to-end cybersecurity architecture for connected vehicles, ECUs, and backend services, ensuring alignment with ISO/SAE 21434, UNECE WP.29, and CSMS requirements. Develop secure communication and firmware update frameworks, supporting over-the-air (OTA) updates and in-vehicle data integrity. Perform threat modeling and risk analysis using industry-standard methodologies such as HEAVENS, STRIDE, and attack trees to identify vulnerabilities across vehicle networks and interfaces. Guide the definition of mitigation strategies and ensure full traceability between threats, assets, and controls throughout the development lifecycle. Plan and lead security validation activities, including advanced penetration testing and fuzzing of vehicle interfaces (CAN, DoIP, Ethernet, Bluetooth, Wi-Fi, Cellular). Create and maintain documentation for test cases, tooling, security controls, and validation outcomes across ECUs and connected modules. Collaborate with cross-functional teams to drive secure design practices in diagnostics, boot process, and firmware integrity verification. Conduct vulnerability assessments using tools such as CANoe, CANalyzer, Wireshark, Ghidra, and custom analysis scripts, and support remediation planning. Lead red team exercises and security reviews in coordination with product security and development teams. Represent cybersecurity in internal audits and regulatory assessments, ensuring alignment with WP.29 R155/R156 and ISO 26262. Work with suppliers and partners to evaluate and integrate security solutions aligned with evolving vehicle cybersecurity requirements. Professional & Technical Skills: Extensive experience (12+ years) in embedded and automotive systems, with over 6 years specializing in automotive cybersecurity strategy, architecture, and threat analysis. Hands-on experience designing and executing penetration testing of automotive systems, including ECUs, ADAS, telematics, infotainment, and V2X components, across in-vehicle networks and external interfaces. Strong knowledge of in-vehicle communication protocols such as CAN, LIN, FlexRay, DoIP, and automotive diagnostic protocols (UDS), as well as wireless technologies including Bluetooth, Wi-Fi, and Cellular. In-depth understanding of secure communication protocols and cryptographic standards, including TLS, MACsec, AES, RSA, ECC, and Public Key Infrastructure (PKI) for automotive applications. Proven experience in designing and implementing Secure Boot, Secure OTA (Over-the-Air) update mechanisms, and ECU firmware authentication using HSMs and trusted execution environments. Demonstrated ability to conduct and lead threat modeling and risk assessments using HEAVENS, STRIDE, attack trees, and DFD methodologies in compliance with ISO/SAE 21434. Familiarity with regulatory and compliance frameworks such as UNECE WP.29 (R155/R156), CSMS, and ISO 26262, and practical experience aligning security activities to these standards. Proficiency in security validation tools and platforms including Canoe, CANalyzer, Wireshark, Ghidra, Scapy, and custom-built tools for binary analysis, fuzzing, and reverse engineering. Experience guiding vulnerability remediation efforts across hardware and software development teams in an Agile or V-model development environment. Strong technical documentation skills and the ability to translate complex cybersecurity concepts into actionable guidance for engineering and compliance teams. Capable of engaging with external vendors, regulatory bodies, and cross-functional stakeholders to align security requirements, audits, and certifications. Additional Information: 7+ years' experience implementing and performing Automotive Cybersecurity This position is based at our Bengaluru office A 15-year full time education is required Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Google Cloud Data Services Minimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :GCP Security Architect – Solution Design, Compliance, and Security EngineeringWe are hiring GCP Security Architects with 7+ years of experience in designing secure GCP environments and integrating automated security across deployments. This role emphasizes applied engineering, platform security control implementation, and ensuring audit-ready, secure-by-default environments. Roles & Responsibilities: Design and implement secure, scalable GCP architectures. Configure and maintain IAM (roles, policies, IDP integrations, MFA, SSO). Establish secure configurations for VPCs, VPNs, Data Encryption (KMS), and Cloud Armor. Manage Cloud Security Command Center for visibility, governance, and incident response. Implement Cloud Operations Suite for logging, alerting, and security analytics. Conduct threat modeling, vulnerability assessments, and define remediation paths. Automate security checks and controls using Terraform, Cloud Shell, and CI/CD integrations. Collaborate with platform, DevOps, and risk teams to embed security into development lifecycles. Support audit preparation, policy compliance, and security documentation efforts. Review solution designs and assist with enforcing GCP security guardrails. Professional & Technical Skills: Analytical and detail-oriented with a strong problem-solving mindset. Strong communicator with cross-functional collaboration experience. Continuously stays updated with evolving cloud threat landscapes. Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. Strong working knowledge of IAM, VPC SC, Cloud Armor, encryption practices, and security policy enforcement. Experience with Terraform, automated auditing, and log analysis tools. Additional Information:Bachelor's degree in engineering or computer science, Information Security, or a related field.Certifications such as Google Cloud Certified – Professional Cloud Security Engineer is a must; CCSP preferred. 7+ years in security roles, with 3+ years in hands-on GCP security delivery. This position is based at our Bengaluru office A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Specialist, you will support the implementation and validation of security measures across vehicle systems and embedded platforms. You will assist in penetration testing, contribute to threat analysis activities, and help ensure secure communication and firmware integrity in alignment with automotive cybersecurity standards. Roles & Responsibilities: Assist in the execution of penetration testing activities targeting ECUs, in-vehicle communication networks, and diagnostic services to identify common vulnerabilities and misconfigurations. Support the use of automotive security tools such as CANoe, Wireshark, Scapy, and basic fuzzing frameworks to simulate attacks and gather system responses for analysis. Collect and organize logs, analyze test outputs, and document findings to assist senior security engineers in remediation and tracking of identified issues. Execute validation of standard UDS diagnostic services, including support for testing access controls, session management, and secure diagnostic configurations. Participate in asset identification and support foundational threat modeling efforts, including contributing to risk assessments and mitigation tracking under guidance. Assist in documenting security design considerations and implementation steps in alignment with ISO/SAE 21434 and internal cybersecurity processes. Collaborate with cybersecurity, software, and validation teams to support the integration of security controls across vehicle platforms. Continuously learn and apply core concepts of automotive cybersecurity, including secure communication, ECU hardening, and regulatory standards like WP.29 and ISO 26262. Professional & Technical Skills: 5+ years of experience in embedded systems, automotive engineering, or related fields, with growing specialization in cybersecurity principles and practices. Familiarity with in-vehicle communication protocols including CAN, UDS, and DoIP, with hands-on exposure to using tools such as CANoe, Wireshark, and Scapy for traffic analysis and basic attack simulation. Foundational understanding of penetration testing methodologies, vulnerability identification, and the use of fuzzers to evaluate ECU communication robustness. Exposure to diagnostics security concepts, including secure diagnostic sessions, seed-key mechanisms, and access control layers for UDS services. Basic knowledge of cybersecurity frameworks and risk assessment methodologies such as STRIDE, HEAVENS, and ISO/SAE 21434. Experience contributing to documentation of test results, secure design inputs, and mitigation reports under guidance from senior cybersecurity engineers. Understanding of secure firmware update concepts and cryptographic basics, including symmetric/asymmetric encryption, HSM usage, and key management fundamentals. Experience working in Agile or V-model development environments, collaborating with cross-functional teams including validation, software, and systems engineering. Demonstrated eagerness to learn new cybersecurity tools, standards, and technologies relevant to modern connected vehicle platforms. Strong analytical skills and attention to detail, with the ability to follow structured testing and security validation procedures. Additional Information: 3+ years' experience implementing and performing Automotive Cybersecurity Knowledge of tools like CANoe, Wireshark, or Ghidra. Basic understanding of ISO 21434, seed/key security, OTA updates, and cryptographic modules. This position is based at our Bengaluru office A 15-year full-time education is required Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education