203 Threat Modeling Jobs - Page 2

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Zscaler Architecture Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and transitioning to cloud security-managed operations. You will engage in discussions to refine security strategies and ensure that the architecture aligns with organizational objectives, while also addressing any emerging security challenges that may arise throughout the day. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in cloud security.- Continuously evaluate and improve the cloud security framework based on industry best practices. Professional & Technical Skills: - Must To Have Skills: Proficiency in Zscaler Architecture.- Strong understanding of cloud security principles and frameworks.- Experience with security compliance standards and regulations.- Ability to design and implement security solutions in cloud environments.- Familiarity with risk assessment methodologies and threat modeling. Additional Information:- The candidate should have minimum 5 years of experience in Zscaler Architecture.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Conduct comprehensive penetration testing of networks, web applications, mobile applications, and other systems to identify security vulnerabilities. Perform vulnerability assessments and provide detailed recommendations for remediation. Knowledge of OT-ICS Security standards, including ISA/IEC 62443, NIST 800-82, NERC-CIP, MITRE ATT&CK etc. Strong knowledge of common security vulnerabilities, attack vectors, threat modelling and exploitation techniques. Proficiency in using penetration testing tools and frameworks such as Nessus, Burp Suite, Nmap, and other ethical hacking tools. Strong understanding of network protocols, network and application security architectures, and common vulnerabilities (e.g., OWASP Top Ten). Prepare detailed reports of findings, including risk analysis and recommended mitigations, and present these findings to stakeholders. Stay current with emerging security threats, vulnerabilities, and technology trends, and apply this knowledge to improve our security posture. Understanding of component/system architectures in IT and OT environments. Understanding and evaluation of security testing methods. Knowledge of typical industrial protocols (e.g., Modbus, Profinet, OPC, DNP3.0, CAN) Excellent communication skills, with the ability to clearly articulate technical findings and recommendations to both technical and non-technical audiences Source code review for control flow and security flaws IEC 62443 Standard plus at least one of: ISO/IEC 27001 IEC 61508 NIST CSF IEC 61162-460:2024 Proficient in developing VAPT documentation and methodologies specifically aligned with IEC 61162-460:2024 for maritime navigation and radiocommunication equipment cybersecurity. Automotive Vehicle Testing Support Skilled in providing cybersecurity testing support for automotive vehicles , including VAPT of ECUs and in-vehicle networks , threat modeling , and ensuring compliance with industry standards like ISO/SAE 21434. Roles and Responsibilities Min. one professional certification such as Certified Ethical Hacker (CEH), ISA/IEC 62443, OSCP or certified Penetration Tester preferred. Min 2–5 years of experience performing security testing on Industrial control system components like IOT devices, PLCs, SCADA, IIOT devices etc. Familiarity with operating systems (Windows, Linux) and their security features. Excellent problem-solving skills and the ability to think critically to identify and address security issues. Strong verbal and written communication skills, with the ability to document and present technical information to both technical and non-technical audiences. Perform and report on penetration testing of systems, including cloud, NIST 800-53 CA-8 security control and using methodologies that may include, NIST SP 800-115, IEC 62243, PTES, and Information Systems Security Assessment Framework (ISSAF). Develop and maintain up-to-date knowledge of security testing tools and techniques. Contribute to the development and maintenance of security testing methodologies and procedures. Team Collaboration and Training Collaborate with other members of the security team to develop and maintain security policies, procedures, and standards

Responsibilities: Assist teams with risk analysis (TARA) and Threat Modeling (STRIDE). Guide secure architecture design. Integrate security tools (Static Analysis, Fuzzing). Lead security decisions. Review code/configs for vulnerabilities. Accessible workspace Flexi working Work from home Food allowance Health insurance Gratuity

The Product Security Principal Architect at Stryker plays a crucial role in collaborating with product development teams to implement effective security controls during the digital systems development processes. Responsible for shaping the security of Stryker products before market release, this professional guides teams to prioritize Security by Default, ensuring product resilience in the marketplace. Key responsibilities of this role include generating threat models with risk scoring, identifying and implementing security controls at various stages of product development, providing oversight during verification and validation, and supporting security investigations and responses post-market launch. **What You Will Do:** **Technical Responsibilities:** - Assess security risks and influence design decisions for new and evolving products to ensure they are secure by design. - Lead the development of threat models to address product risk related to security. - Define security requirements for new or evolving products. - Collaborate with product teams to address security issues and vulnerabilities identified through security tooling. - Assist product security incident response teams in effectively responding to and documenting security incidents. - Summarize security concepts used in product requirements, design, and build phases for internal and external communications. - Provide guidance on product security to internal taskforce teams. **Knowledge and Capabilities:** - Stay informed on security standards and guidelines from regulatory bodies such as FDA, NIST, ISO, and IEC. - Apply security control frameworks, threat modeling, and vulnerability severity scoring to secure products effectively. - Experience in designing secure products within the IoT ecosystem that includes embedded devices, clouds, and mobile devices. - Stay updated on vulnerabilities and exploits that may impact Stryker's ecosystem across various computing areas. **What You Will Need:** **Basic Qualifications:** - Bachelor's Degree in product security, computer science, mathematics, statistics, or related field. - Minimum of 8 years of relevant (product) security work experience. **Preferred Qualifications:** - Master's degree in a security-related discipline. - Knowledge of quality management systems in healthcare, medical device, or cyber-physical industries. - Experience implementing secure technologies in embedded devices, clouds, and mobile devices, including transport and communication protocols. - Possession of one or more active, industry-recognized cybersecurity certifications. Stryker, a global leader in medical technologies, is committed to enhancing healthcare outcomes through innovative products and services in MedSurg, Neurotechnology, Orthopaedics, and Spine. With a focus on making healthcare better, Stryker positively impacts over 150 million patients worldwide annually.,

As a technical leader at Zinnia, you play a crucial role in shaping the product and cloud security architecture. Your deep expertise in designing secure systems and cloud environments allows you to embed security seamlessly into products without hindering innovation. You lead by example, knowing when to guide, when to lead, and when to actively contribute to building solutions. Collaborating with engineers and business leaders, you ensure that security acts as an enabler rather than a barrier. Your responsibilities include setting the vision for product and cloud security architecture, mentoring a team of security architects or engineers, and establishing secure architecture standards and best practices. You advocate for security across the organization, drive security architecture reviews, and design assessments. Architecting cloud security solutions for services on AWS and GCP, you focus on securing APIs, microservices, serverless functions, containerized environments, and CI/CD pipelines. You actively participate in code reviews, design discussions, and incident investigations, ensuring security is integrated into all aspects of the business. Collaborating with cross-functional stakeholders, you guarantee that security is an integral part of the development process. You work closely with GRC and Compliance teams to meet regulatory obligations through robust architectural controls. With over 8 years of experience in security architecture roles, including 2 years leading technical teams, you bring practical experience in building secure cloud architectures. Your technical expertise in AWS and/or GCP, along with hands-on experience in integrating security into modern DevOps environments, is essential. Proficiency in writing code and scripts for security automation, along with the ability to communicate technical details to non-technical stakeholders, is a key requirement. Your strong organizational skills, attention to detail, and ability to manage competing priorities make you a valuable asset to the team. Comfortable working independently yet collaborative when needed, you have a risk management mindset and experience in facilitating risk assessments and mitigation strategies. Join Zinnia as a humble team player and make a significant impact on our security architecture initiatives.,

As a Platform and Network Security Expert at ANDREW in Bangalore, Karnataka, you will play a crucial role in enhancing security measures for DAS and RAN products. Your responsibilities will include designing and defining security policies, architecting secure environments, and ensuring compliance with telecom security standards and customer requirements. You will collaborate with internal and external stakeholders, engage in security testing, and develop tools to automate security monitoring and vulnerability management. To be successful in this role, you should have a Bachelor's or Master's degree in Telecommunications, Computer Science, Cybersecurity/Information security, along with 10+ years of experience in the Telecommunications and Cellular industry. Expertise in mobile network security principles, knowledge of O-RAN architecture, cloud security, and security frameworks is essential. Proficiency in security testing tools, Linux security, and scripting is also required. Strong communication and collaboration skills are key for interfacing with centralized security teams and development stakeholders. Certifications such as CISSP, CEH, GICSP, or vendor-specific security certifications are a plus. Experience with AI/ML-based threat detection, 3GPP standards, and telco cloud environments will excite us. Join ANDREW, part of the Amphenol family, and be a part of our legacy of over 85 years in wireless innovation. We offer exciting career opportunities, a supportive work environment, and the chance to make a positive impact within a global organization. Visit our website at https://www.andrew.com to learn more about us.,

Product Security Architect Job Overview: Product Security Architect shall lead the integration of cybersecurity into the product lifecycle , from design to deployment . This role defines secure architecture , drives secure development practices , and partners with engineering and business teams to manage cyber risks and deliver secure, resilient products . As a technical authority , you will enhance the overall security posture and support innovation through robust security solutions. Key Responsibilities: Lead and support all phases of secure engineering, product support, and development of lifecycles Drive secure development principles and implement cybersecurity practices across engineering and production teams Define cybersecurity requirements, perform gap analysis, and establish roadmaps to manage and remediate residual risk Architect secure solutions, define security control frameworks, and integrate cybersecurity features into product designs Conduct and support threat modeling, risk assessments, security assurance testing, and vulnerability assessments Lead security design reviews and provide oversight for secure architecture implementation Serve as a subject matter expert to resolve complex product cybersecurity challenges Mentor engineering teams provide training and promote secure coding and design practices Participate in audit and compliance activities for certifications, governance, and standards. Collaborate on ad hoc cybersecurity initiatives to support secure operations and product innovation Ensure alignment of security strategies with overall product and business objectives Required Skills: Strong background in cybersecurity principles, secure software/hardware design, and development practices In-depth experience with risk management, threat modeling, security testing, and vulnerability assessments Solid understanding of industry security standards (e.g., NIST, ISO 27001/62443, OWASP) Excellent analytical, problem-solving, and decision-making capabilities Demonstrated ability to lead cross-functional teams and influence stakeholders Technical Skills: Secure Development Lifecycle (SDLC) frameworks Architecture risk analysis and mitigation strategies Embedded system and IoT security Cryptographic protocols and key management Threat modeling tools (e.g., STRIDE, DREAD, Microsoft Threat Modeling Tool) SAST/DAST tools and techniques Security compliance and regulatory standards (e.g., IEC 62443, NIST 800-53) Dev SecOps integration Cloud security (AWS, Azure) and container security principles Familiarity with secure firmware and hardware-level security controls Mandatory Certifications: OSCP Offensive Security Certified Professional Good to Have Certifications: CSSLP - Certified Secure Software Lifecycle Professional

Job Description Strategy is a pioneering organization dedicated to transforming businesses into intelligent enterprises through data-driven innovation. As a market leader in enterprise analytics and mobility software, we have revolutionized the BI and analytics space, empowering individuals to make informed decisions and reshaping the operational landscape of businesses. Additionally, Strategy is at the forefront of a groundbreaking shift in treasury reserve strategy by boldly adopting Bitcoin as a key asset, solidifying our position as an innovative force in the market. Join us in our mission to redefine financial investment and push the boundaries of analytics. At Strategy, we value our people as the cornerstone of our success. Join a team of smart, creative minds engaged in dynamic projects with cutting-edge technologies. Our corporate values bold, agile, engaged, impactful, and united form the foundation of our culture. As we navigate the new era of AI and financial innovation, we foster an environment where every employee's contributions are recognized and valued. Become a part of an organization that thrives on innovation and challenges the status quo every day. Job Location: Pune, India (Full-time in person from Strategy Office, European Hours) Join Strategy's IT Security group as a Senior Application Security Engineer and play a pivotal role in safeguarding Strategy's software applications using modern security and AI tools. In this role, you will be responsible for implementing innovative security practices throughout the software development lifecycle to ensure the resilience of our software products against emerging threats and vulnerabilities. Your responsibilities will include: - Designing and implementing application security architecture and processes aligned with industry best practices and regulatory requirements. - Managing a risk-balanced Secure Software Development Life Cycle (SDLC) by incorporating threat modeling, secure code reviews, and security testing. - Identifying, triaging, and remediating security vulnerabilities through various security testing tools. - Performing advanced penetration testing and red teaming across web, mobile, and cloud applications. - Analyzing source code and providing security recommendations to developers to ensure adherence to secure coding best practices. - Leading and enhancing DevSecOps initiatives by integrating security automation within CI/CD pipelines. - Leading security incident response related to applications and collaborating with engineering teams for effective threat remediation. - Developing and leading customized security training programs for engineering teams. Qualifications: - Bachelor's degree in Computer Science, Engineering, or related field. - Minimum 5 years of software development or software security experience in an agile environment. - Hands-on experience with various security testing tools. - Deep knowledge of API security, containerized applications, AI/ML security risks, and infrastructure as code security. - Fluent in programming languages such as Python, Java, JavaScript. - Strong understanding of secure coding principles, application security frameworks, and security standards. - Experience with cloud security best practices in AWS, Azure, or GCP. - Strong interpersonal skills and ability to collaborate effectively with technical and non-technical stakeholders. - Experience mentoring junior engineers and leading security champions within development teams. Join Strategy and be a part of an organization that values innovation, excellence, and collaboration in shaping the future of analytics and financial investment.,

Job Summary This role encompasses a broad range of security responsibilities, including advanced offensive security operations, application security reviews, secure code reviews, and implementation of the Secure Software Development Lifecycle (SSDLC). The successful candidate will simulate sophisticated attacks, conduct secure code reviews, and contribute to the development of security tools. Responsibilities also include ensuring cloud security and Kubernetes security. The ideal candidate will possess the ability to conduct offensive security operations and apply their expertise to application security. They will perform threat modeling exercises with an attacker's mindset, leveraging their experience in bug bounty programs and red teaming simulations. The candidate will implement mitigations at the code level and support the Blue Team in improving detection capabilities using SIEM tools. This role requires a unique blend of skills and knowledge across multiple security domains. Job Requirements • Conduct Red Team exercises, simulating APTs in cloud, container, and AD environments. • Develop and execute adversary simulations based on the MITRE ATT&CK framework, focusing on assume breach scenarios. • Simulate attacks on software supply chains and CI/CD pipelines. • Perform in-depth penetration testing (both black-box and white-box) for web applications, APIs, and networks. • Conduct secure code reviews in collaboration with development teams to identify, exploit and implement mitigations on code level. • Integrate security tools and practices into the CI/CD pipeline, emphasizing DevSecOps methodologies. • Conduct threat modeling, design, and architectural reviews to identify potential security risks in the software development lifecycle. • Provide security guidance to development teams, assisting in risk mitigation and secure development practices. • Collaborate with the Blue Team to improve detection capabilities and test defensive measures. • Utilize SIEM tools for incident detection and response, providing insights to enhance monitoring and alerting mechanisms. • Develop and maintain custom security tools and frameworks to automate security testing and monitoring. • Stay informed about emerging threats, attack techniques, and security technologies. Education • Bachelor’s degree in computer science, information security, or a related field (or equivalent experience). • At least 4+ years of experience in offensive security and Application security. • Proven experience in offensive security, with a strong understanding of attack vectors and techniques. • Relevant certifications such as OSWE, OSCP, CRTO, or similar. • Significant contributions to security through Bug bounty programs, CVEs or recognized security research. • Recognized public acknowledgments in security research. • Experience with scripting or programming languages like Python, Go, or Ruby for developing custom attack tools/exploits. • Familiarity with CI/CD tools such as GitHub Actions, Jenkins, or TeamCity. • Knowledge of security practices of cloud computing platforms like AWS, Azure, GCP, as well as k8s.

Keywords: Cloud Security, Kubernetes Security, SaaS Security, DevSecOps, Infrastructure as Code, CI/CD Security, CSPM, Zero Trust, Cloud-Native Security, Identity and Access Management (IAM), Secrets Management, Threat Modeling, Risk Assessment, Secure SDLC, GitOps, API Security, Container Security Role Overview: Were looking for a Cloud-Native Security Lead to drive the security strategy across our modern cloud-native stack. This role calls for a thoughtful and pragmatic engineer, someone who understands the business context, evaluates trade-offs, and proposes secure, scalable solutions. You should be comfortable navigating ambiguity, using vendor guidance as one input, not the only one, and making decisions grounded in real-world needs. Key Responsibilities: Own and evolve the cloud-native security architecture across Kubernetes, APIs, CI/CD, and serverless platforms Define and implement practical security policies, standards, and controls Partner with engineering and DevOps to embed security early in the SDLC and infrastructure as code Evaluate and integrate security tools (e.g., SAST, DAST, CSPM, secrets management, container scanning) Lead risk assessments, threat modeling, and incident response planning Promote zero-trust principles, IAM best practices, and secure service-to-service communication Mentor teams and advocate for secure-by-design thinking across the organization Ensure security measures align with the pace and priorities of a fast-moving SaaS business Required Qualifications: 7+ years of security experience, including 23 years in cloud-native environments Strong background in SaaS security, with understanding of multitenancy, data isolation, and platform risks Deep knowledge of Kubernetes, containers, cloud platforms (AWS/GCP/Azure), and DevSecOps practices Experience with infrastructure as code (Terraform, CloudFormation), CI/CD pipelines, and GitOps Strong problem-solving skills and ability to weigh business context in security decisions Excellent communication and cross-functional collaboration skills

Senior Cyber Security Partner | 8+ yrs exp | Lead threat modeling, secure SDLC, cloud security (AWS/Azure/GCP), compliance (OWASP/NIST/ISO), incident response, mentoring, and tool evaluation. Pref: CISSP/CISM/CEH. Hybrid – Bengaluru.

Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems . If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Additional Responsibilities: Job Opening is for multiple locations- Bangalore, Hyderabad, Trivandrum, Chennai, Pune Technical and Professional Requirements: Security testing with 3-10 years exp - SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMSkills Required - Security Testing--Primary skills:Application Security,Application Security-Burpsuite,Application Security-Devsecops,Application Security-Ethical Hacking(CEH),Application Security-Nessus,Application Security-SSL(Secure Sockets Layer),Application Security-Threat Modeling,Application Security-Vulnerability Assessment/Penetration Testing,Application Security-Vulnerability Management,Application Security-Web Security,Application Security-Webservices Security,Security testing-Vulnerability testing,Technology-Application Security-Vulnerability Management-Qualys,Mobile Testing-Mobile Security Testing Preferred Skills: Technology-Application Security-Application Risk Profiling Threat Modeling Technology-Application Security-Ethical Hacking Technology-Application Security-Mobile Application Security Technology-Application Security-Penetration Testing (Black/White/Grey Box Testing) Technology-Application Security-Vulnerability Management Technology-Mobile Testing-Mobile Security Testing Technology-Security Testing-Security Testing - ALL Technology-Infrastructure Security-Secure Web Gateway-TrendMicro Interscan web security Virtual appliance

As a highly experienced Principal, Application Security Engineer, you will play a crucial role in leading and evolving our global application security strategy. Your primary focus will be to ensure that our products and platforms are developed securely from the ground up and remain resilient in the face of an ever-changing threat landscape. Collaboration with engineering, product, DevOps, and Security teams will be key as you work to integrate security into our software development life cycle (SDLC), promote secure coding practices, and influence stakeholders and leaders throughout the organization. Your responsibilities will include developing application security strategies at a global level, designing and implementing secure applications, and consistently enhancing the SDLC process. You will conduct comprehensive security assessments, encompassing static and dynamic application security testing (SAST/DAST), threat modeling, web/mobile application and API penetration testing, and reviews of application architecture. Collaboration with various teams such as security operations, DevOps, development, networking, IT, and product teams will be essential to remediate issues and uphold a strong security posture. Additionally, you will contribute to the development and automation of security testing tools and processes, manage third-party penetration testing services, and deliver threat modeling training to development teams to bolster product security and mitigate risks. In the event of incident response (IR) activities related to application security, your assistance will be invaluable. To excel in this role, you should possess at least 7 years of experience in areas such as application security engineering, threat modeling, penetration testing, web application/API development (e.g., .NET/C#, Java, JavaScript), system administration, networking, and information security. Proficiency in web application/API testing, static code analysis, and web application vulnerability scanners is crucial. Industry certifications from reputable organizations like OffSec, SANS, or isc2 will be advantageous. Prior experience in a technical security engineering role involving mentorship or training is desirable. Effective communication skills, along with experience in presenting to both technical audiences and executive leadership, are important attributes for success in this position. This position is based in Mumbai/Bangalore and offers remote work flexibility. The ideal candidate should be able to join within 30 days. Join us in promoting United States Equal Opportunity Employment by being part of our dynamic team focused on enhancing application security and safeguarding our products and platforms.,

As the System Architect for Enterprise Services - Treasury, Real Estate, and Audit Value Stream, your primary responsibility is to define and communicate a shared architectural vision that supports current and future business needs. You will collaborate with Agile teams to evaluate solutions, validate technology assumptions, and converge on the best possible solution. Working closely with Enterprise and Solution Architects, you will ensure that the solutions delivered align with broader architecture guardrails. Your role involves leading and participating in the planning, development, and high-level design of product solutions, as well as defining system interfaces, data structures, integrations, cybersecurity considerations, and deployment approaches. You will establish critical non-functional requirements, consider economic boundaries in design decisions, and enable a continuous delivery pipeline through proper design guidelines. Additionally, you will engage in solution planning, incremental planning, product demos, and inspect-and-adapt events. Your responsibilities include planning and developing the architectural runway to support desired business outcomes, providing technical oversight to promote security, quality, and automation, and negotiating with the business to prioritize non-functional work to reduce technical debt over time. Conducting requirements gathering activities such as brainstorming, focus groups, interviews, observation, and prototyping will be part of your daily tasks. You will document and validate requirements to ensure they meet stakeholders" needs, fall within the solution scope, and align with business objectives and solution design. Effective communication of requirements in a format understandable to stakeholders, including solution designers and developers, is essential. Qualifications: - Bachelor's degree from an accredited institution or equivalent level of education - 10+ years of experience in the software industry with a proven track record of shipping high-quality products Skills: - Extensive experience in software engineering best practices - Experience with Treasury, Audit systems, and associated development languages and platforms - Expert level skills in Java, C#, C++, and associated IDEs - Proficiency in software design principles, DevSecOps, CI/CD, and modern development principles - Basic understanding of cybersecurity concepts - Experience with Agile methodologies and cloud platforms - Strong communication, collaboration, presentation, and decision-making skills - Experience working with diverse, global cultures, organizations, and teams,

Experience in automotive cybersecurity, systems engineering, or related roles Strong knowledge of ISO/SAE 21434, ISO 26262, UNECE R155, and related standards Experience in writing and managing cybersecurity requirements for automotive systems and subsystems Proficient in threat modeling, risk assessments, and vulnerability analysis Skills & Competencies: Strong understanding of automotive architecture and in-vehicle communication protocols (CAN, Ethernet, etc) Knowledge of Automotive SPICE Familiarity with security mechanisms such as encryption, authentication, and intrusion detection, firewall Experience with tools for requirements management (e-g, DOORS, Jira), threat modeling, and risk assessment Ability to create clear, detailed documentation and artifacts (e-g, requirement specifications, reports) Excellent communication and interpersonal skills to effectively collaborate with multidisciplinary teams Required SkillsSystem Engineer,Cybersecurity SYS and SWE requirements,SYS and SWE requirements , ISO / SAE21434 , UNECER155 , ISO 26262,cybersecurity, systems engineeringSupported SkillsCyber Security System Engineer

Dear Candidate, We are hiring a Security Engineer to design and implement security measures that protect IT systems, data, and networks against threats and breaches. Key Responsibilities: Design and deploy security solutions such as firewalls, IDS/IPS, and endpoint protection. Conduct vulnerability assessments, penetration tests, and threat modeling. Monitor systems for security incidents and respond promptly. Ensure compliance with security standards (ISO 27001, NIST, etc.). Collaborate with DevOps and IT teams to embed security best practices. Required Skills & Qualifications: Proficiency in security tools (Nessus, Metasploit, Splunk, Wireshark). Strong understanding of network and application security. Knowledge of cloud security (AWS, Azure, GCP). Experience with encryption, IAM, and incident response. Security certifications preferred (CISSP, CEH, OSCP). Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

As a Security Triage Analyst at Snowflake, you will be part of a global team and have the opportunity to learn from the industry's best-in-class experts. You will serve as the front-line of the Incident Response Team, where your responsibilities include determining the scope and impact of security alerts without breaching SLAs. This involves monitoring multiple alerting systems for both corporate IT and production environments. You will triage security alerts, take remediation actions, or escalate validated threats as necessary. By being part of this role, you will have the chance to hone your technical and analytical skills while gaining invaluable experience. Additionally, you will follow and contribute to incident response playbooks and runbooks. Our ideal Security Triage Analyst will possess a Bachelor's or Master's degree in Information Security or an equivalent discipline. They should have at least 2 years of experience on a Global SOC, Incident Response Team, or in a similar role. The candidate should be able to work from 5:00 AM to 2:00 PM IST, five days a week, on one of two shifts: Shift A (Sunday through Thursday) or Shift B (Tuesday through Saturday). Experience in analyzing emails for phishing, email header analysis, URL analysis, basic dynamic and static file analysis, and basic knowledge of SQL are required. The candidate should also have a fundamental understanding of cloud computing and infrastructure, including knowledge of virtual machines, web servers, load balancers, reverse proxies, firewalls, etc. Strong knowledge of networking basics such as TCP/IP, HTTP, DNS, subnetting, VLAN, NAT, and basic network and system forensic principles is essential. Experience with the Linux Command Line Interface, ability to analyze logs, and identify abnormal patterns is required. Basic understanding of containerization, object-oriented programming, and excellent communication skills are also necessary. Bonus points will be given for candidates with prior experience using Snowflake, Python programming, regular expressions, knowledge of APIs, experience working with low-code/no-code automation or SOAR platforms, and exposure to security assessment/design review and threat modeling. Certification in cloud platforms, familiarity with JIRA, ServiceNow, or other case management tools, and the ability to communicate investigative findings to technical staff are advantageous. Snowflake is experiencing rapid growth, and the team is expanding to support and accelerate this growth. We are looking for individuals who share our values, challenge conventional thinking, drive innovation, and contribute to building a future for themselves and Snowflake. For more details regarding the job location, salary, and benefits information for positions in the United States, please visit the Snowflake Careers Site at careers.snowflake.com.,

You will be joining Olympus Corporation, a globally renowned leader in endoscopy enabled healthcare with a rich history spanning nearly a century. Olympus is committed to integrity, innovation, and quality, excelling in various fields including endoscopy, microscopy, life sciences, and digital imaging. As the Sr Manager, India, you will be leading the digital engineering R&D and acting as the business process owner for Olympuss Standard Operating Procedures related to digital product development. Your responsibilities will include overseeing digital systems design, cloud architecture, data engineering, AI/ML development, software integration, and more. You should be a strategic thinker with a deep understanding of digital technologies and a proven track record of managing high-performing teams in a global environment. Your role will involve setting up the Digital Unit engineering R&D function globally and executing digital engineering projects to align with Olympus global R&D strategy. You will lead the digital engineering teams in India, focusing on project planning, budget management, and technical oversight to meet project timelines and deliverables efficiently. Additionally, you will be responsible for providing strategic oversight in the development of digital systems and software, ensuring compliance with regulatory standards. Collaboration with global and India leadership teams will be essential to drive innovation and enhance operational efficiency. Key responsibilities include further developing the delivery scope and technology focus of the hub, optimizing workflows, enhancing digital engineering processes, collaborating with global teams, and implementing cutting-edge technologies. You will lead NPD activities, define digital strategies for medical devices, oversee system design and development, and ensure solutions meet performance and security requirements. Your background should include a degree or higher qualification in Computer Science, Digital Systems Engineering, or Software Engineering, with proven experience in creating and establishing software R&D teams globally. You should have expertise in digital engineering, cloud systems, AI/ML development, medical device regulations, and leading teams in digital systems and software development. Proficiency in project management, vendor partner management, cybersecurity risk management, and AI/ML technologies will be crucial for success in this role. Overall, you will play a pivotal role in driving innovation, improving operational efficiency, and enhancing patient and customer experiences through digital engineering excellence at Olympus Corporation.,

As an API and Application Security Specialist at Cywarden, you will play a crucial role in ensuring the robustness and resilience of APIs and applications. Working closely with developers, architects, and security teams, you will be responsible for implementing advanced security measures to protect critical digital assets. Your expertise will be instrumental in identifying and addressing potential security threats and vulnerabilities within API ecosystems and software applications. Your key responsibilities will include developing and implementing comprehensive security strategies aligned with organizational goals, conducting security assessments through penetration testing and code reviews, performing threat modeling and risk assessments, managing authentication and authorization mechanisms, enforcing secure coding practices, responding to security incidents, ensuring compliance with industry standards, maintaining detailed documentation, providing training to development teams, and implementing security monitoring solutions. To excel in this role, you should hold a Bachelor's degree in Computer Science, Information Technology, or a related field, along with a minimum of 3-5 years of experience in API and application security. Proficiency in security frameworks and protocols, experience with API gateways, familiarity with RESTful and GraphQL APIs, understanding of encryption mechanisms, knowledge of security testing tools, familiarity with secure coding practices, experience with programming languages, and awareness of DevSecOps practices are essential. Relevant certifications such as CISSP, CEH, CSSLP, GWAPT, or OSWE are preferred. Additionally, strong problem-solving skills, effective communication, and the ability to collaborate within a team environment are key soft skills required for this role. This is a full-time permanent position with benefits including paid sick time, paid time off, performance bonuses, yearly bonuses, and a work schedule of Monday to Friday with night shifts and rotational shifts. The work location is in Mohali, Punjab, and candidates must be willing to commute or relocate before starting work. Your dedication to securing APIs and applications at Cywarden will contribute significantly to safeguarding critical digital assets and ensuring the integrity of client systems and data.,

Role & RESPONSIBILTY Conduct threat modeling and risk assessments to evaluate potential security risks associated with the organization. Provide guidance on risk remediation strategies and the implementation of countermeasures to address identified security risks. Ensure GDPR & PCI-DSS compliance across all areas of the organization. Work with the development team to ensure compliance with SDLC lifecycle and secure coding practices. Lead encryption efforts and disable deprecated protocols to maintain data security while in transit or at rest. Incorporate NIST framework into the organization's security practices and stay up-to-date with the latest controls. Review penetration testing reports, static and dynamic application security testing results, SaaS platforms, Azure Defender reports, and third-party application integration risks to identify vulnerabilities and evaluate overall security posture. Provide expertise in security and network architecture and design. Create comprehensive data flow diagrams to identify potential threats and identify areas for improvement. Evaluate cloud security posture and provide recommendations to enhance overall security. Continuously identify potential flaws in the entire architecture and implement security controls and practices to prevent future breaches. REQUIREMENTS: Bachelor's degree in Computer Science, Information Technology, or related fields 8+ years of experience in information security or related fields Strong understanding of GDPR & PCI-DSS requirements Experience with threat modeling, risk assessment, and remediation Familiarity with secure application development principles and secure coding practices Experience with identity and access management (IAM) solutions and authentication protocols such as SAML, OAuth, and OpenID Connect Understanding of network security protocols such as TCP/IP, DNSSEC, SSL/TLS, IPSec, and firewalls Experience in encryption technologies and protocols for data security Knowledgeable in NIST framework controls Strong analytical and problem-solving skills Expertise in security architecture and network design Proficiency with creating detailed data flow diagrams Familiarity with cloud security trends and best practices Experience with DevOps and CI/CD pipelines and creating a DevSecOps culture Excellent communication and interpersonal skills Professional Certifications: CISSP, CCSP, CCSK, CEH

The Opportunity As a part of FICOs highly modern and innovative analytics and decision platform, the Cyber-Security Engineer will help shape the next generation security for FICOs Platform. You will address cutting edge security challenges in a highly automated, complex, cloud & microservices driven environments inclusive of design challenges and continuous delivery of security functionality and features to the FICO platform as well as the AI/ML capabilities used on top of the FICO platform." VP of Engineering. What Youll Contribute Secure the design of next next-generation FICO Platform, its capabilities, and services. Support full-stack security architecture design from cloud infrastructure to application features for FICO customers. Work closely with product managers, architects, and developers on implementing the security controls within products. Develop and maintain Kyverno policies for enforcing security controls in Kubernetes environments. Collaborate with platform, DevOps, and application teams to define and implement policy-as-code best practices. Contribute to automation efforts for policy deployment, validation, and reporting. Stay current with emerging threats, Kubernetes security features, and cloud-native security tools. Implement required controls and capabilities for the protection of FICO products and environments. Build & validate declarative threat models in a continuous and automated manner. Prepare the product for compliance attestations and ensure adherence to best security practices. Provide expertise as a subject matter expert regarding edge services for public/private cloud information system controls related infrastructure, policy, and decision-making processes. Provide timely resolutions for security configuration or solutions in support of service availability. Work on problems of diverse scope where analysis of situation requires evaluation and troubleshooting including network packet analysis, Linux or Windows DNS, certificates lifecycle, logfile analysis, and related. What Were Seeking Strong knowledge and hands-on experience with Kyverno and OPA/Gatekeeper (optional but a plus). Experience in threat modeling, code reviews, security testing, vulnerability detection, attacker exploit techniques, and methods for their remediation. Hands-on experience with programming languages, such as: Java, Python, etc. Experience of deploying services and securing cloud environments, preferably AWS Experience of deploying and securing containers, container orchestration and mesh technologies (such as EKS, K8S, ISTIO). Experience with Crossplane to manage cloud infrastructure declaratively via Kubernetes. Certifications in Kubernetes or cloud security (e.g., CKA, CKAD, CISSP) are desirable Ability to articulate complex architectural challenges with the business leadership and product management teams. Independently drive transformational security projects across teams and organizations. Experience with securing event streaming platforms like Kafka or Pulsar. Experience with ML/AI model security and adversarial techniques within the analytics domains. Hands-on experience with IaC (Such as Terraform, Cloudformation, Helm) and with CI/CD pipelines (such as Github, Jenkins, JFrog). Resourceful problem-solver skilled at navigating ambiguity and change. Customer-focused individual with strong analytical problem-solving skills and solid communication abilities.

As a Principal Application Security Engineer at Prudent Technologies and Consulting, you will be responsible for leading the web application penetration testing services. Your role will involve mentoring junior security consultants, delivering high-value security assessments to global clients, and advancing the offensive security capabilities of the organization. You will serve as a technical leader within the offensive security practice, focusing on web application penetration testing methodologies. Your responsibilities will include leading complex security engagements, providing expertise to clients and internal teams, mentoring junior consultants, and contributing to service offerings development. This position requires a deep understanding of application security principles, hands-on testing experience, and strong communication skills to convey technical findings effectively. Your key responsibilities will include leading web application penetration testing engagements for enterprise clients, acting as the principal security advisor, developing and enhancing application security testing methodologies, conducting advanced manual testing, performing threat modeling sessions, leading code reviews, creating technical reports, mentoring junior consultants, collaborating with sales teams, and contributing to research initiatives. The ideal candidate for this role should have 5-8+ years of experience in application security with a focus on web application penetration testing. Proficiency in using tools like Burp Suite Professional, DAST scanners, and exploitation frameworks is required. Candidates should also possess expertise in secure coding practices, vulnerability patterns, and remediation strategies across various programming languages and frameworks. Strong technical writing skills, relationship-building abilities with clients, and experience in mentoring security professionals are essential qualifications. Preferred qualifications include a bachelor's degree in computer science or cybersecurity, advanced security certifications like OSWE, and experience in developing custom tools or scripts for penetration testing automation. Prior software development experience, contributions to the security community, knowledge of mobile application security testing, cloud security architecture, and AI/ML system security evaluation are also beneficial. Education requirements include direct work experience in application penetration testing assessments and a bachelor's degree in computer science or related technical field. Advanced security certifications are a plus for this role.,

As a member of the Software Security Engineering team at Splunk, a Cisco company, you will play a crucial role in tackling sophisticated security challenges at scale. Working closely with product development teams, you will be responsible for implementing secure software practices across Splunk's entire product portfolio. By analyzing evolving vulnerability patterns and real-world attack tactics, you will contribute to crafting innovative security solutions that safeguard Splunk's industry-leading products. Collaborating with Product Security, Risk, and Compliance teams, you will ensure that Splunk not only meets but exceeds new policy and regulatory requirements. The Global Security Team at Splunk is dedicated to building a safer and more resilient digital world. While our customers appreciate our unified security and observability platform, it is our employees who truly make Splunk a standout career destination. We value authenticity and encourage our employees to bring their whole selves to work, including their work experience, problem-solving skills, and unique passions. In this role, you will have the opportunity to: - Analyze emerging code vulnerability trends and research real-world attack patterns to address evolving security threats proactively. - Design and implement sophisticated security mechanisms to protect Splunk's products from vulnerabilities and attacks. - Work closely with cross-functional teams, including Product Development, Product Security, Risk, and Compliance, to integrate security into every phase of the software development lifecycle. - Contribute to shaping Splunk's security strategy by implementing secure coding standards and vulnerability management practices. - Ensure regulatory compliance by staying aligned with the latest policy and regulatory requirements. To be successful in this role, you should have: - A minimum of 4 years of experience in software security, with a deep understanding of secure coding practices, vulnerability management, and common security flaws. - Proficiency in programming languages such as Python, Java, C++, or Go, with the ability to identify and remediate security issues in code. - Knowledge of risk management principles and popular regulatory requirements such as FEDRAMP, HIPAA, and SOC 2. - Strong analytical and problem-solving skills to address sophisticated security challenges at scale. - A Bachelor's degree in Computer Science, Security, or equivalent work experience. Nice-to-have qualifications include familiarity with threat modeling techniques, experience in implementing security tooling and automation within software build pipelines, and security certifications such as CompTIA Security+ or GIAC Security Essentials. While these qualifications are desirable, we value the whole individual and encourage candidates to apply even if they do not meet all the criteria. Splunk is committed to creating an inclusive and diverse work environment and is an Equal Opportunity Employer. Join us in our mission to build a safer digital world and make a meaningful impact on the future of security at Splunk.,

We are seeking a skilled and motivated Cyber Security Engineer to lead efforts in securing our Software as a Medical Device (SaaMD) offerings. This pivotal role ensures global compliance and best-in-class security practices throughout the software development lifecycle, anchored in standards like ISO/IEC 27001, ISO/IEC 27002, and ISO 13485. Key Responsibilities : Security Control Implementation : - Design, implement, and monitor robust security controls across the SaaMD SDLC. - Align with ISO/IEC 27001, 27002, and ISO 13485 frameworks. - Guide secure coding, DevSecOps practices, and vulnerability management. - Apply a risk-based approach to identify and mitigate threats proactively. Compliance & Audit Readiness : - Support internal and external audits with detailed documentation. - Collaborate with Quality & Regulatory teams for ISO 13485 compliance. - Maintain audit-ready procedures and manage change documentation. Threat Modeling & Penetration Testing : - Develop threat models using tools like LucidChart. - Conduct pen-testing via BurpSuite, nmap, Wireshark, and Deptrack. - Run static and dynamic code analysis for vulnerability detection. Vulnerability Management : - Assess vulnerabilities using Grype, Dockle, Trivy, and Deptrack. - Partner with development teams for triage and resolution. - Drive remediation workflows and monitor KPIs. Reporting & Stakeholder Communication : - Produce detailed security assessments with actionable steps. - Deliver periodic updates on security posture to leadership. - Translate complex risks into business-friendly language. Security Awareness & Training : - Build training modules to cultivate a security-first mindset. - Advocate for secure engineering culture across teams. Qualifications : Required : - Bachelors in Computer Science, Information Security, or relevant experience. - 3+ years in cybersecurity engineering, ideally in healthcare or medical devices. - Proven knowledge of ISO/IEC 27001, 27002 & ISO 13485. - Hands-on expertise with LucidChart, BurpSuite, nmap, Wireshark, Deptrack. - Experience with Grype, Dockle, Trivy; DevSecOps & secure coding practices. - Track record in audit support and regulatory compliance. Preferred : - Certifications like CISSP, CEH, OSCP, CISM, or ISO/IEC 27001 Lead Implementer. - Background in SaaMD or regulated industries (healthcare/pharma). - Familiarity with frameworks like NIST, HITRUST, and CI/CD workflows. Skills & Traits : - Strong analytical, communication, and problem-solving skills. - Detail-oriented with a proactive risk management approach. - Team collaborator able to influence across engineering and compliance functions.

About this Role: Wells Fargo is seeking a Senior Information Security Analyst. Responsibilities : This position is a Senior Information Security Analyst performing the role of an Application Security Champion who will be responsible for reviewing security requirements and security design submissions by application teams. Reviewing security requirements and security design submissions by application teams. Submissions will either be approved or rejected based on evaluation and comparison to systems of record. Provide information security consultation to improve awareness and compliance with Enterprise Application Security Program (EASP) policy, processes, and standards. Perform remediation of security assessment review issues and reporting to support EASP risk management. Provide guidance and direction in reviewing assessment findings and mitigating controls to optimize application security. Validate SAST, DAST and SCA scans and recommend the fix for application teams. Collaborate and consult with peers, colleagues, and managers to resolve issues and achieve goals. Interact with teammates across all Lines of Business. Required Qualifications: 4+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Skills: 2+ years of experience as application security champion 2+ years of experience in at least one of the following practices like Security Requirements, Application Threat Modeling, Static Analysis, Application Security Risk Assessments, Security Design requirements. Knowledge and experience in identifying and suggesting mitigations to OWASP top 10, CWE/SANS top 25 to development teams. Ability to manage multiple priorities in a fast-paced dynamic environment. Advanced problem solving skills, ability to develop effective long-term solutions to problems. Excellent verbal and written communication skills Excellent inter-personal skills contributing to cordial team environment Knowledge and understanding of secure SDLC (System Development Life Cycle) methodologies. Experience in drafting application security coding standards. Ability to manage highly complex issues and negotiate solutions. Knowledge and understanding of Application security threat management and mitigation domain. Application security experience with banking/financial services applications. Certified in Industry renowned certifications like CISSP, CSSLP, CEH etc. Job Expectations: This position will also be responsible to work with software development partners, business system consultants and LOB leads to perform security assessments on variety of applications to identify security defects and provide remediation recommendation by following the processes and policies. Submissions will either be approved or rejected based on evaluation and comparison to systems of record.