119 Threat Modeling Jobs - Page 3

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture Design Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Specialist, you will support the implementation and validation of security measures across vehicle systems and embedded platforms. You will assist in penetration testing, contribute to threat analysis activities, and help ensure secure communication and firmware integrity in alignment with automotive cybersecurity standards. Roles & Responsibilities: Assist in the execution of penetration testing activities targeting ECUs, in-vehicle communication networks, and diagnostic services to identify common vulnerabilities and misconfigurations. Support the use of automotive security tools such as CANoe, Wireshark, Scapy, and basic fuzzing frameworks to simulate attacks and gather system responses for analysis. Collect and organize logs, analyze test outputs, and document findings to assist senior security engineers in remediation and tracking of identified issues. Execute validation of standard UDS diagnostic services, including support for testing access controls, session management, and secure diagnostic configurations. Participate in asset identification and support foundational threat modeling efforts, including contributing to risk assessments and mitigation tracking under guidance. Assist in documenting security design considerations and implementation steps in alignment with ISO/SAE 21434 and internal cybersecurity processes. Collaborate with cybersecurity, software, and validation teams to support the integration of security controls across vehicle platforms. Continuously learn and apply core concepts of automotive cybersecurity, including secure communication, ECU hardening, and regulatory standards like WP.29 and ISO 26262. Professional & Technical Skills: 5+ years of experience in embedded systems, automotive engineering, or related fields, with growing specialization in cybersecurity principles and practices. Familiarity with in-vehicle communication protocols including CAN, UDS, and DoIP, with hands-on exposure to using tools such as CANoe, Wireshark, and Scapy for traffic analysis and basic attack simulation. Foundational understanding of penetration testing methodologies, vulnerability identification, and the use of fuzzers to evaluate ECU communication robustness. Exposure to diagnostics security concepts, including secure diagnostic sessions, seed-key mechanisms, and access control layers for UDS services. Basic knowledge of cybersecurity frameworks and risk assessment methodologies such as STRIDE, HEAVENS, and ISO/SAE 21434. Experience contributing to documentation of test results, secure design inputs, and mitigation reports under guidance from senior cybersecurity engineers. Understanding of secure firmware update concepts and cryptographic basics, including symmetric/asymmetric encryption, HSM usage, and key management fundamentals. Experience working in Agile or V-model development environments, collaborating with cross-functional teams including validation, software, and systems engineering. Demonstrated eagerness to learn new cybersecurity tools, standards, and technologies relevant to modern connected vehicle platforms. Strong analytical skills and attention to detail, with the ability to follow structured testing and security validation procedures. Additional Information: 3+ years' experience implementing and performing Automotive Cybersecurity Knowledge of tools like CANoe, Wireshark, or Ghidra. Basic understanding of ISO 21434, seed/key security, OTA updates, and cryptographic modules. This position is based at our Bengaluru office A 15-year full-time education is required Good to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : NA Minimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :AI Red Teaming Expert – Adversarial ML, Threat Simulation, and AI Security StrategyWe are seeking a highly experienced and visionary AI Red Teaming Expert 12+ years of experience across cybersecurity and machine learning. This role is ideal for professionals who thrive in dynamic environments and possess a passion for securing cutting-edge AI/ML systems. You will lead red teaming operations, simulate adversarial threats, and guide the organization's AI security posture at strategic and technical levels. The ideal candidate demonstrates deep technical expertise, exceptional leadership, and a keen understanding of adversarial machine learning and risk mitigation frameworks. Roles & Responsibilities: Define and execute the AI red teaming strategy across the organization. Simulate realistic and advanced adversarial attacks against AI/ML systems aligned with business contexts. Review AI/ML system architecture to identify security gaps and advocate for secure design patterns. Establish internal standards and workflows for AI threat modeling, risk assessment, and adversarial testing. Stay ahead of evolving adversarial ML threats and guide the development of defensive strategies. Contribute to secure development practices for model deployment pipelines and lifecycle management. Lead and mentor a specialized team of AI security analysts and red teamers. Represent AI security strategy in executive forums and drive cross-functional alignment. Collaborate with engineering, data science, compliance, and legal stakeholders to integrate security into AI innovation cycles. Drive internal policy-making efforts around responsible and secure AI development practices. Own and lead remediation initiatives, translating findings into actionable improvements across teams. Professional & Technical Skills: Exceptional communication and leadership skills with the ability to convey technical issues to non-technical stakeholders. Proven experience managing high-impact security initiatives and leading diverse teams. Strategic thinker capable of aligning AI security objectives with business goals. Passionate about AI safety, responsible innovation, and emerging threat landscapes. Strong analytical and problem-solving skills in high-pressure environments. Hands-on expertise in red teaming AI/ML systems at scale. Strong understanding of adversarial ML techniques, threat simulation tools, and AI model manipulation tactics. Experience implementing and aligning with frameworks such as OWASP Top 10 for LLMs, ISO 42001, NIST AI RMF. Proficiency in AI/ML pipeline security, model risk evaluation, and secure MLOps practices. Familiarity with deep learning frameworks (e.g., TensorFlow, PyTorch) and their associated vulnerabilities. Demonstrated ability to design, execute, and scale red teaming programs in AI-native environments. Additional Information:Bachelor's or Master's degree in Computer Science, Information Security, Machine Learning, or related field.Recognized certifications such as CEH, OSCP, CISSP, or credentials specific to AI security (e.g., MITRE ATLAS experience) are a plus. 12+ years of experience spanning cybersecurity, AI/ML, and adversarial testing This position is based at our Bengaluru office A 15 years full time education is required. Qualification 15 years full time education

Who We Are At Kyndryl, we design, build, manage and modernize the mission-critical technology systems that the world depends on every day. So why work at Kyndryl? We are always moving forward – always pushing ourselves to go further in our efforts to build a more equitable, inclusive world for our employees, our customers and our communities. The Role Are you passionate about security architecture and driven to protect against the latest threats? We are seeking a Security Lead who will join our team and take the lead on developing, implementing, and maintaining our security strategy within our Service Provider organization. As our Security Lead, you will work closely with our leadership team to design and implement effective security solutions that not only protect our business objectives and regulatory requirements, but also provide innovative solutions to stay ahead of emerging threats. You will conduct risk assessments and threat modeling to identify and prioritize risks to our business and IT assets, using your extensive experience in security architecture design and implementation within a Service Provider environment to create a cutting-edge security architecture framework. You will also work to maintain policies, standards, and guidelines related to information security within our organization, collaborating with cross-functional teams to implement security controls and technologies such as encryption, authentication, and authorization solutions. Your role will also involve conducting security reviews of vendors and third-party partners to ensure they meet our rigorous security standards, as well as performing regular security and risk reviews of our Service Provider environment to identify vulnerabilities and recommend remediation activities. At the forefront of security trends and technologies, you will advise our senior leadership team on the latest security best practices, and stay ahead of emerging security threats, always keeping our organization one step ahead. Join us on this exciting journey of securing our Service Provider organization and protecting our customer’s assets. Your Future at Kyndryl Every position at Kyndryl offers a way forward to grow your career, from a Junior Architect to Principal Architect – we have opportunities for that you won’t find anywhere else, including hands-on experience, learning opportunities, and the chance to certify in all four major platforms. Who You Are You’re good at what you do and possess the required experience to prove it. However, equally as important – you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused – someone who prioritizes customer success in their work. And finally, you’re open and borderless – naturally inclusive in how you work with others. Required Technical and Professional Expertise •Minimum of 8 years of experience in security architecture design and implementation within a Service Provider organization •Experience with security frameworks such as NIST CSF, ISO 27001, or CIS Controls. . Exp in Fortigate Firewall, WAF or Zscaler(Mandatory) •Deep understanding of security technologies, such as firewalls, intrusion detection and prevention systems, vulnerability scanners, and endpoint protection •Strong knowledge of cloud security concepts and technologies, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) Preferred Technical and Professional Experience •Relevant industry certifications such as CISSP, CISM, or CCSP •Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Being You Diversity is a whole lot more than what we look like or where we come from, it’s how we think and who we are. We welcome people of all cultures, backgrounds, and experiences. But we’re not doing it single-handily: Our Kyndryl Inclusion Networks are only one of many ways we create a workplace where all Kyndryls can find and provide support and advice. This dedication to welcoming everyone into our company means that Kyndryl gives you – and everyone next to you – the ability to bring your whole self to work, individually and collectively, and support the activation of our equitable culture. That’s the Kyndryl Way. What You Can Expect With state-of-the-art resources and Fortune 100 clients, every day is an opportunity to innovate, build new capabilities, new relationships, new processes, and new value. Kyndryl cares about your well-being and prides itself on offering benefits that give you choice, reflect the diversity of our employees and support you and your family through the moments that matter – wherever you are in your life journey. Our employee learning programs give you access to the best learning in the industry to receive certifications, including Microsoft, Google, Amazon, Skillsoft, and many more. Through our company-wide volunteering and giving platform, you can donate, start fundraisers, volunteer, and search over 2 million non-profit organizations. At Kyndryl, we invest heavily in you, we want you to succeed so that together, we will all succeed. Get Referred! If you know someone that works at Kyndryl, when asked ‘How Did You Hear About Us’ during the application process, select ‘Employee Referral’ and enter your contact's Kyndryl email address.

Dear Candidate, BuzzClan is looking for dynamic individual for heading its Cyber Security Practice. https://www.buzzclan.com/ Location: Noida/Mohali Mode of work: Hybrid Duration: Fulltime Preference immediate joiners Interested candidates can email me on egarg@buzzclan.com Role & responsibilities Skills needed: 10+ years of hard-core Security/Cybersecurity background. Advanced Knowledge of Security Frameworks : Familiarity with ISO 27001, NIST, and other cybersecurity frameworks. Intrusion Detection and Prevention Systems (IDPS) : Proficiency in setting up, managing, and interpreting IDPS. Firewall Management : Hands-on experience with firewall rules, policy management, and troubleshooting. Cloud Security : Expertise in securing cloud-based solutions like AWS, Azure, and Google Cloud. Penetration Testing : Ability to conduct and oversee penetration tests, including white-box and black-box approaches. Security Information and Event Management (SIEM) : Proficiency in SIEM tools like Splunk, ArcSight, or LogRhythm. Endpoint Security : Experience with endpoint protection platforms like Symantec, McAfee, or CrowdStrike. Data Loss Prevention (DLP) : Skills in implementing and managing DLP solutions to protect sensitive data. Secure Software Development : Familiarity with secure coding practices and software development life cycle (SDLC). Cryptography : Strong understanding of cryptographic protocols and secure communications. Network Protocols : Deep understanding of TCP/IP and other network protocols and the ability to analyze packet captures. VPN Technologies : Experience with VPNs, including site-to-site and remote access solutions. Identity and Access Management (IAM) : Expertise in IAM solutions like Okta, Azure AD, and LDAP. Incident Response : Demonstrated ability in managing incident response plans and activities. Compliance and Regulations : Understanding GDPR, CCPA, and other data protection regulations. Threat Intelligence : Ability to use threat intelligence platforms to inform security posture. Scripting and Automation : Proficiency in scripting languages like Python, Bash, or PowerShell for automating security tasks. OSINT Techniques : Skills in open-source intelligence gathering and analysis. Vulnerability Management : Experience in managing vulnerability assessment tools like Nessus or Qualys. Mobile Security : Understanding of securing mobile devices and applications. Cybersecurity Awareness Training : Ability to develop and deliver employee security training programs. Preferred candidate profile

Role & responsibilities Job Title: Senior Lead Engineer - Product Cyber Security Years Of Experience: 8-12 Years Role Overview: The Security Sr Lead Engineer/Tech Specialist works with product development teams across all regions globally to ensure commitment to the cyber security strategy of minimizing flaws and improving product resiliency to cyber-attacks by ensuring adherence to the integrated secure development lifecycle process, which embodies a secure-by-design defense in depth philosophy. You will be a strong technical expert in matters related to pentesting and cyber controls and will report to a team manager responsible for product architecture review and testing. This role is part of the Product Cyber team (under the Global DT Cyber team) which focuses on continuously improving the cyber posture of products that are often installed in customer's environments. On a typical day you will: Perform DAST, SAST & Pentest for different products Perform Threat Modeling and Architecture reviews for new products and design changes with existing products Handle Product Cyber Incident Response activities and Active contribution to Risk Management Work with product development teams towards secure DevOps activities and CI/CD integration issues with Security tools Work with product development teams and carry out functional cyber risk assessments to support their cyber requirements throughout the entire development cycle. Coordinate with quality and product development teams to periodically update cyber security design policies and ensure that these policies are incorporated into product design, with requirements for traceability and system validation and verification. Interface with global teams and share best practices and lessons learned Refine and support the standard work associated with product cyber security incident response management Work closely with the product testing teams to validate recommended security controls Continually enhance the capabilities of the Cyber security team: Identification of technology and methodology gaps Participation and leading technical and industry committees Creation of discipline health score card. Work in an environment of continuous improvement and lean process and product development. good to have knowledge in Agile methodologies. Stay updated on latest cyber security hacking news, technologies and methodologies including: The latest attack methodologies include penetration testing and red-team methodologies. Latest forensic and incident response methodologies. Attend security or hacker conferences and stay on the cutting edge What You Will Need to be Successful: Bachelor of Science/Engineering in cyber security, computer science or a related engineering discipline 8+ years of product cyber security engineering and software systems development experience; at least 4 years hands-on experience with penetration testing methodologies and tools. In depth knowledge of IEC 62443 and related cybersecurity standards. In-depth knowledge of requirements captures, cyber security threat modeling and systematic discovery of threats, as part of Secure Development Lifecycle, with broad understanding of potential vulnerabilities at different layers of hierarchical systems Cyber security certifications such as OSCP, GSEC, CEH Knowledge of state-of-the-art security analysis tools and various product cyber security safeguards. These include threat modeling, source code analysis, dynamic analysis, penetration testing and audit/compliance tools Excellent written and verbal communication and presentation skills. Adept at communicating with globally disperse cross functional teams. (Preferred) Strong knowledge in various cryptographic systems and requirements for authentication, authorization and encryption for various types of systems (Preferred) Intimate knowledge and experience with incident response management and risk assessment Preferred candidate profile

Job Description Do you want to lead teams that find and exploit security vulnerabilities in Fortune 100 companies, critical infrastructure, and public sector agencies impacting millions of users? Join Securins Offensive Security Team where you'll emulate real-world attacks and oversee advanced offensive operations. We are a cross-disciplinary group of red teamers, adversarial AI researchers, and software developers dedicated to finding and fixing vulnerabilities across critical digital ecosystems. Role & responsibilities - Lead and perform advanced offensive security assessments, including Red Team operations, threat-based evaluations, and vulnerability exploitation. - Supervise and mentor a team of offensive engineers, manage task prioritization, and ensure high-quality delivery. - Execute Red Team operations on production systems, including AI platforms, using real-world adversarial tactics. - Provide strategic and technical security guidance to internal and external stakeholders. - Collaborate cross-functionally to integrate findings into enterprise detection and defense strategies. - Research and develop adversary TTPs across the full attack lifecycle. - Build tools to automate and scale offensive emulation and vulnerability discovery, utilizing AI/ML systems. - Continuously evaluate and enhance assessment methodologies and frameworks used by the team. - Contribute to the security community through publications, presentations, bug bounties, and open-source projects. Required Qualifications - 5+ years of experience in offensive security, red teaming, or penetration testing with at least 1 year in a leadership role. - Bachelors or Masters degree in Computer Science, Computer Engineering, or relevant field; or equivalent experience. - Expert knowledge of offensive security tactics, threat modeling, APT emulation, and Red Team operations. - Strong understanding of MITRE ATT&CK framework and exploitation of common vulnerabilities. - Proficiency in one or more programming/scripting languages (Python, Go, PowerShell, C/C++, etc.). - Hands-on experience with penetration testing tools such as Metasploit, Burp Suite Pro, NMAP, Nessus, etc. - Familiarity with security in cloud environments (AWS, Azure, GCP) and across Windows/Linux/macOS platforms. - Ability to clearly articulate findings to technical and executive audiences and lead mitigation efforts. - Authorization to work in the country of employment at time of hire and ongoing during employment. Preferred Qualifications - Certifications like OSCP, OSCE, OSEP, CRTO, or equivalent. - Experience with Purple Team operations and threat intelligence integration. - Track record in CTF competitions or bug bounty programs. - Reverse engineering experience or malware analysis expertise. - Exposure to Responsible AI and adversarial machine learning. - Participation in AI Village at DEFCON or similar security research events. - Publications or contributions to conferences such as AISec, NeurIPS, FAccT, or IC4. Other Requirements Ability to meet Securin, customer, and/or government security screening requirements. This includes a background check at the time of hire/transfer and every two years thereafter. Who Should Apply You have experience executing technical research and offensive security strategies with teams. You are skilled in experimental security science and confident in building your own tools. You clearly communicate findings, are mission-driven, and want to drive change in AI and cybersecurity. Role-Specific Policy This hybrid role requires in-office presence at least 50% of the time. Locations: Chennai, Tamil Nadu (India)

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

Role & responsibilities Architect, Design and Review Application Security Architecture in distributed web applications, thick clients, mobile and cloud platforms. Perform Attack Surface Analysis, Threat Modeling using STRIDE, PASTA and Arrive at Threats, Risks, Vulnerabilities and propose re- mediatory, compensatory controls. Experience in tools like Threat Modeler, Microsoft Threat Modeling tool, Threat Dragon and similar tools. Application Security/ Threat Assessment with/without tools and Recommendation Work with Development/ Architecture team ensuring secure design principles Lead development team during design and build phase Exposure to Application Security threat models Programming Skills - Java, C++, Python, Ruby, .Net, HTML, JS In-depth understanding of Software development technologies and CI/CD pipelines. Apply here: https://career.infosys.com/jobdesc?jobReferenceCode=INFSYS-EXTERNAL-210438

Job description We are inviting applications for multiple opportunities in our Network Practice. Candidates will be required to attend an in-person/ Face-2-Face round of interview at our Bangalore, Pune, Hyderabad and Chennai campuses on 19th April 2025. Pls note- This is not a walk-in recruitment event. Only scheduled candidates with valid invite letter will be allowed to participate in the event. Roles and Responsibilities Network penetration testing and manipulation of network infrastructure Mobile and/or web application assessments Email, phone social-engineering Shell scripting or automation of simple tasks using Python, Ruby, Bash and PowerShell Developing, extending, or modifying exploits, shellcode or exploit tools Architect, Design and Review Application Security Architecture in distributed web applications, thick clients, mobile and cloud platforms. Perform Attack Surface Analysis, Threat Modeling using STRIDE, PASTA and Arrive at Threats, Risks, Vulnerabilities and propose re- mediatory, compensatory controls. Experience in tools like Threat Modeler, Microsoft Threat Modeling tool, Threat Dragon and similar tools. Application Security/ Threat Assessment with/without tools and Recommendation Work with Development/ Architecture team ensuring secure design principles Lead development team during design and build phase Technical Skills (Optional) Programming Skills - Java, C++, Python, Ruby, .Net, HTML, JS Strong knowledge of tools used for wireless, web application, and network security testing Knowledge of Unix/Linux/Mac/Windows operating systems

As a key member of our security team, you will collaborate closely with product managers, development teams, and external partners to define, implement, and test robust security measures. Your role will go beyond traditional cybersecurity practices, extending into the world of software engineering and agile development. Together, we will create a future where security is not just a feature, but the foundation of every product. Key Responsibilities: Lead Product Security Initiatives: Act as the cybersecurity champion across the entire Secure Development Lifecycle (SDLC), ensuring that security is integrated from concept to deployment. Define Secure Development Principles: Develop and enforce secure coding guidelines, architectural best practices, and secure design patterns to protect products from emerging threats. Collaborate with Development Teams: Work closely with software engineers and product architects to implement security measures within code, software design, and infrastructure. Perform Vulnerability Assessments & Code Reviews: Conduct regular code analysis, vulnerability assessments, and penetration testing to identify and mitigate security risks. Implement Advanced Security Testing: Support security testing efforts by verifying requirements and conducting penetration tests, ensuring that implemented security controls are effective. Act as a Security Advisor: Consult with internal teams on security best practices, including secure integration of third-party components, and ensure compliance with industry standards. Drive Continuous Improvement: Stay ahead of the latest cybersecurity trends and threats, constantly refining security practices, and driving DevSecOps principles across the organization. Required Skills & Experience: Cybersecurity Expertise: Advanced understanding of cybersecurity principles, secure development lifecycle, and industry best practices. Software Development Knowledge: Proficiency in programming/scripting (C#, PowerShell) and experience in guiding secure software implementations. Azure DevOps Expertise: Hands-on experience with Azure DevOps, managing security work items, and integrating security practices into DevOps pipelines. Agile Project Management: Experience working in agile teams, contributing to project success through secure coding, process documentation, and vulnerability management. Technical Communication Skills: Ability to translate complex security concepts into actionable insights for both technical and non-technical stakeholders. Experience with Security Testing: Strong background in penetration testing, threat modeling, and risk assessments. Nice-to-Have Skills: Cloud Security Experience: Familiarity with cloud platforms, such as Azure, and securing cloud-based applications. DevSecOps Knowledge: Experience implementing DevSecOps practices, embedding security throughout CI/CD pipelines. Linux & Container Security: Understanding of securing Linux systems and containerized environments (Docker, Kubernetes). Why Join Us? Impactful Work: Play a crucial role in securing cutting-edge technologies, contributing to innovative solutions that impact millions. Growth Opportunities: Expand your expertise in cybersecurity and product security within a fast-paced, dynamic environment. Collaborative Culture: Work alongside diverse, forward-thinking teams where your contributions are valued, and your ideas shape the future. Continuous Learning: Stay ahead of the curve with access to training, certifications, and opportunities to grow your technical and leadership skills. If you are a cybersecurity expert with a passion for product security and software development, ready to make a difference in shaping the future of secure technologies, we want to hear from you! Apply today and join us on our mission to build a safer, more secure digital world. Siemens Healthineers is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

A Senior Security Architect is a leadership role focused on designing, implementing, and managing an organization's cybersecurity infrastructure. They are responsible for ensuring the confidentiality, integrity, and availability of data and systems. Education & Qualification: B.E. / B.Tech / MCA./ BCA/ BSC with minimum 10 to 12 years of experience in Network security & architecture and Information security. Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar are preferred. Key Responsibilities: Develop and maintain a comprehensive security architecture framework aligned with business goals and regulatory requirements. Identify and assess security risks and develop mitigation strategies. Design and implement security solutions, including firewalls, intrusion detection systems, and data loss prevention tools. Create and maintain security architecture diagrams and documentation. Stay up-to-date on the latest security threats and technologies. Strong understanding of security domains (e.g., network security, data security, application security). Experience with security frameworks (e.g., MITRE, NIST, ISO). Profound understanding on cryptographic standards, application security, enterprise architecture, software development lifecycle etc Network security architecture and its development are both important to understand. Expertise in security measures such as firewalls, intrusion detection, and prevention systems (IDS/IPS), network access controls, and network segmentation. Perform security reviews, identify gaps in security architecture, and develop a security risk management plan Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements Thorough knowledge of authentication and authorization standards applicable in the web services, enterprise application, API development, eg: OAuth2, SAML, Tokenization etc. Responsible for designing, developing, and maintaining complex API architecture framework solutions that meet the requirements as well as adhering to established architectural principles, standards, and patterns. Advanced skill in Secure Software development lifecycle (SSDLC) methodology and Work with DevOps engineers to integrate new code into existing continuous integration (CI) and continuous delivery/deployment (CD) pipelines Deep understanding of security vulnerabilities, exploits application infrastructure, APIs etc Familiarity with OWASP, SANS and other coding guidelines Knowledge of Cyber kill chain (MITRE), Threat Modelling (STRIDE), NIST framework Experienced in security of middleware tools such as Service oriented architecture (SOA) Web architecture Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, NIST). Strong analytical and problem-solving skills. Provide guidance and mentorship to junior security team members.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of four (4) years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 4+ years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

We are seeking a dedicated Application Security Engineer to join our cybersecurity team.The ideal candidate will be responsible for ensuring the security of our software applications by integrating robust security throughout the software development Required Candidate profile Proficiency in multiple programming languages & secure coding practices Experience with security assessment tools & methodologies Good communication & collaboration abilities 2022 & 2023 can apply

Application Security Leader - We seek a visionary Application Security Leader to drive our DevSecOps and cloud-native security initiatives. This role requires expertise in securing multi-cloud and AI-driven applications while shaping a robust security framework. This role demands a forward-thinking leader who can anticipate and mitigate security risks in an evolving digital environment. Key Skills: Strong grasp of application security frameworks, secure coding, threat modeling, and security testing . Expertise in cloud security (AWS, Azure, GCP) , including: Cloud security architecture, governance, network engineering, and container security. Offensive Security: Vulnerability management, secure configuration audits, application security, and breach attack simulations. Security Architecture: Threat modeling, architecture reviews, and business impact analysis. Required Skills Application Security Expertise Experience in application security, including secure development practices and risk management. DevSecOps Leadership Proven ability to build and run DevSecOps programs (4+ years preferred). AI & Cloud Security Hands-on experience in AI-driven solutions, secure architecture, and cloud-native security . Application & Security Architecture Strong understanding of threat modeling, OWASP frameworks, and modern security design . Emerging Threat Awareness Familiarity with OWASP Top LLM threats, GenAI risks, and evolving cybersecurity landscapes . Data Security & Governance Knowledge of data protection principles, secure data management, and compliance frameworks . Trending Security Risks Awareness of cutting-edge threats like Prompt Injection and Data Poisoning . Experience: 12+ years in cybersecurity, with exposure to architecture, application security, compliance, and operations. 5+ years in cloud security architecture, covering multi-cloud environments, containerization, IAM, encryption, key management, S-SDLC, and DevSecOps. etc

Role: Cyber Security engineer Location: Pune Mode: Hybrid Must have: Medical device experience Key Skills & Qualifications: Deep understanding of cybersecurity principles and concepts, including cryptography, network security, authentication, authorization, and data protection. Expertise in medical device cybersecurity standards and regulations (FDA, IEC 62304, ISO 14971, IEC 81001-5-1) Proven experience in threat modeling, risk assessment, and vulnerability management within the medical device context Strong knowledge of secure coding practices and software development methodologies Experience with penetration testing tools and techniques for medical devices Excellent communication and collaboration skills to work effectively with cross-functional teams Bachelor's degree in computer science, electrical engineering, or a related field 12+ years of experience with cybersecurity and software systems Advanced cybersecurity certifications (e.g., CISSP, CISA, OSCP) are highly desirable Key responsibilities: Responsible for leading the design, implementation, and maintenance of comprehensive security measures across all stages of medical device development, ensuring compliance with relevant regulations and standards while protecting patient data and device integrity Lead the design and implementation of secure architectures for new medical devices, considering connectivity, data protection, access controls, and secure communication protocols Conduct thorough vulnerability assessments and penetration testing on medical devices to identify potential security flaws and implement corrective actions Ensure compliance with relevant medical device cybersecurity regulations and standards , including documentation and reporting requirements. Mentor and guide junior cybersecurity engineers on best practices, security techniques, and emerging threats within the medical device domain Collaborate with cross-functional teams including product development, quality assurance, regulatory affairs, and clinical teams to address cybersecurity concerns

Hiring: Principal Cybersecurity Engineer Medical Devices | Pune, India Looking for an experienced Cybersecurity Engineer (P5 level) with 10-15 years in medical device cybersecurity . Ideal candidates will have expertise in: Secure architecture design & implementation Threat modeling, risk assessment & penetration testing Compliance with FDA, IEC 62304, ISO 14971, IEC 81001-5-1 Secure coding & vulnerability management Strong cross-functional collaboration Location: Pune (Gurgaon profiles can be considered) Core Cybersecurity Expertise: Secure Architecture & Design Experience in designing security controls for connected medical devices. Threat Modeling & Risk Assessment – Identifying vulnerabilities and mitigating risks in medical device environments. Penetration Testing & Vulnerability Management – Hands-on experience with security testing tools and techniques. Secure Coding Practices – Strong knowledge of software security and secure development methodologies. Regulatory Compliance & Standards – Familiarity with FDA, IEC 62304, ISO 14971, IEC 81001-5-1 , and other medical device cybersecurity regulations. Technical & Soft Skills: Cryptography, Authentication & Data Protection – Deep understanding of encryption, access controls, and data security. Network Security – Securing communication channels and mitigating network threats. Cross-functional Collaboration – Working with R&D, regulatory, quality assurance, and clinical teams. Mentoring & Leadership – Guiding junior engineers and shaping cybersecurity strategies. Preferred (But Not Mandatory): Certifications: CISSP, CISA, OSCP (highly desirable). Medical Device Experience: Strong plus for candidates with prior experience in medical device cybersecurity. Preferred: CISSP, CISA, OSCP certifications Ready to make an impact in medical device cybersecurity ? Apply now!

We are Hiring: Principal Cybersecurity Engineer Location: Pune / Gurugram Experience: 13-18 Years Deep understanding of cybersecurity principles and concepts , including cryptography, network security, authentication, authorization, and data protection . Expertise in medical device cybersecurity standards and regulations (FDA, IEC 62304, ISO 14971, IEC 81001-5-1) Proven experience in threat modelling, risk assessment, and vulnerability management within the medical device context Strong knowledge of secure coding practices and software development methodologies Experience with penetration testing tools a nd techniques for medical devices Excellent communication and collaboration skills to work effectively with cross-functional teams Bachelor's degree in computer science, electrical engineering, or a related field 10+ years of experience with cybersecurity and software systems Advanced cybersecurity certifications (e.g., CISSP, CISA, OSCP) are highly desirable

To protect our organization’s infrastructure, data, and systems from cyber threats. Will be responsible for threat analysis, risk assessment, incident response, and security compliance while implementing the latest security solutions and protocols. Required Candidate profile 5-10 years of experience in cybersecurity, ethical hacking, or security operations. Strong understanding of firewalls, IDS/IPS, DLP, SIEM (Splunk, QRadar, ArcSight), and endpoint security tools.

Experience of SQL & advance SQL . Develop and implement data governance policies, standards, and procedures to ensure data quality and compliance Security Excellent communication and problem-solving skills Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4-7 yrs of exp, 3 + yrs of relevant experience Experience with data quality tools and data management software Experience in Data Management (Data Quality, Data Governance)Threat Modeling. Experience with data visualization and reporting tools (Tableau) Preferred technical and professional experience Excellent communication and problem-solving skills.. Thorough understanding of SQL & advance SQL . Develop and implement data governance policies, standards, and procedures to ensure data quality and compliance

Dear Candidate, We are looking for a Security Architect to design and implement enterprise-wide security strategies, ensuring that security is embedded across IT infrastructure, applications, and cloud environments. Key Responsibilities: Define and implement robust security architectures for networks, applications, and cloud environments. Develop and enforce enterprise security policies, standards, and best practices. Design secure system integrations and data protection strategies. Lead risk assessment efforts and recommend security controls to mitigate identified threats. Establish a zero-trust security model to protect enterprise assets. Guide security operations teams in implementing SIEM, EDR, and threat intelligence solutions. Collaborate with IT and DevOps teams to integrate security into development pipelines (DevSecOps). Ensure compliance with industry security frameworks (NIST, ISO 27001, CIS, SOC 2). Conduct security architecture reviews and vulnerability assessments. Provide strategic guidance on security investments and emerging technologies. Required Skills & Qualifications: Strong knowledge of security frameworks (TOGAF, SABSA, NIST). Experience with cloud security architectures (AWS, Azure, GCP). Expertise in encryption, identity & access management (IAM), and network security protocols. Hands-on experience with security technologies such as firewalls, SIEM, EDR, and WAF. Strong communication and leadership skills to engage with stakeholders and technical teams. Soft Skills: Strong problem-solving and analytical skills. Excellent communication skills to work with cross-functional teams. Ability to work independently and as part of a team. Detail-oriented with a focus on delivering high-quality solutions Note: If you are interested, please share your updated resume and suggest the best number & time to connect with you. If your resume is shortlisted, one of the HR from my team will contact you as soon as possible. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Dear Candidate, We are seeking a Firmware Security Engineer to play a critical role in identifying, analyzing, and mitigating security risks in firmware and embedded systems . As cyber threats increasingly target firmware layers, securing these components is crucial for protecting devices, industrial systems, and IoT ecosystems . Key Responsibilities: Analyze and assess firmware security in embedded systems, IoT devices, and industrial control systems (ICS) . Perform reverse engineering and static/dynamic analysis to detect backdoors, malware implants, and unauthorized modifications in firmware. Identify and mitigate vulnerabilities such as buffer overflows, stack/heap exploitation, and privilege escalation in embedded environments. Implement secure boot mechanisms and firmware authentication methods to prevent unauthorized execution. Develop and integrate firmware integrity verification techniques , including code signing, cryptographic hashing, and trusted execution environments (TEE) . Conduct hardware penetration testing on IoT and embedded systems to assess potential attack vectors. Research and implement defenses against firmware rootkits, BIOS/UEFI attacks, and bootkit threats . Collaborate with hardware engineers and chip manufacturers to enhance hardware security features such as TPM (Trusted Platform Module), ARM TrustZone, and secure enclaves . Work with Secure OTA (Over-the-Air) Update Mechanisms to ensure firmware updates are encrypted and verified. Design and develop custom security tools for binary analysis, firmware extraction, and vulnerability assessment . Assess and improve hardware security for medical devices, automotive ECUs, smart appliances, and industrial controllers . Monitor and respond to emerging firmware security threats , vulnerabilities (CVE analysis), and zero-day exploits in embedded software. Perform side-channel analysis and fault injection testing to detect potential weaknesses in hardware cryptographic implementations. Ensure compliance with security standards such as NIST 800-193, ISO 26262 (automotive security), and IEC 62443 (industrial security) . Develop security best practices and secure coding guidelines for firmware developers. Required Skills & Qualifications: Strong experience in firmware security analysis, reverse engineering, and embedded software development . Proficiency in C, C++, and assembly language for low-level embedded programming. Hands-on expertise with reverse engineering tools such as Ghidra, IDA Pro, Binwalk, Radare2, and Firmware Analysis Toolkit. Deep knowledge of hardware debugging tools like JTAG, UART, SPI, I2C sniffers, and logic analyzers . Experience in UEFI/BIOS security, secure boot implementations, and trusted execution environments (TEE) . Strong understanding of binary exploitation techniques, stack/heap manipulation, and firmware patching . Familiarity with cryptographic security mechanisms such as AES, RSA, ECC, TPM, HSMs (Hardware Security Modules) . Experience securing IoT protocols , including MQTT, CoAP, Zigbee, LoRaWAN, and BLE security . Strong understanding of ARM Cortex-M, RISC-V, and x86 firmware architectures . Hands-on experience with penetration testing on embedded systems and hardware hacking . Ability to analyze firmware binaries for vulnerabilities and create proof-of-concept exploits . Understanding of automotive security (CAN bus, AUTOSAR, ISO 21434) and industrial IoT security . Soft Skills: Strong problem-solving and analytical skills. Excellent communication skills to work with cross-functional teams. Ability to work independently and as part of a team. Detail-oriented with a focus on delivering high-quality solutions Note: If you are interested, please share your updated resume and suggest the best number & time to connect with you. If your resume is shortlisted, one of the HR from my team will contact you as soon as possible. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Responsibilities A day in the life of an Infoscion As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems and if you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you!If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Preferred Skills: Technology->Application Security->Application Risk Profiling Threat Modeling Technology->Application Security->Application Security - ALL Technology->Application Security->Vulnerability Management Technology->Application Security->Access Management Technology->Infrastructure Vulnerability Management->Container security Educational Requirements Master Of Engineering,Bachelor Of Science,Bachelor of Engineering,BTech Service Line Cloud & Infrastructure Services * Location of posting is subject to business requirements

Embedded C - RTOS(FreeRTOS)/ Linux - Encryption, authentication, and secure communication. - Threat Modeling\ Vulnerability assesment.

Job Description We're looking for a full-time phenomenal Application Security Engineer II to identify and assist in the mitigation of application vulnerabilities discovered in the Phenom ITX platform. This includes prioritization of vulnerabilities according to the threat vectors and attack techniques, the orchestration of remediation plans and the vulnerability remediation progress tracking via reports and dashboards. Additionally, the Application Security Analyst will participate in the continuous improvement and innovation of Phenoms vulnerability management program and help on the deployment of Phenom Secure Architecture & Software Development program. What You’ll Do Research, identify and analyze and triage vulnerabilities that could affect Phenom ITX Platform and its supporting infrastructure, and determine its severity, exploitability and corrective action recommendations, summarizing and reporting results. Collaborate with engineering/development teams to evolve software assurance processes to address security risks, and help teams learn and adopt shift-security-to-left practices. Work on implementing the required fixes to remediate the vulnerabilities in collaboration with the engineering team Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to identify and communicate security vulnerabilities to Phenom production teams Maintain and report progress on the state of application vulnerabilities and escalate as necessary to ensure vulnerability issues are closed and handled in a manner consistent with Phenom standards Work closely with the business, support and production teams to provide input and guidance on development of planned remediation plans and strategies to solve identified vulnerabilities Use technical writing and effective communications to prepare and deliver vulnerability assessment result reports to all levels of audiences (peers and or leadership). Drive compliance support and improvements over time through the management, analysis and tracking of vulnerabilities discovered through audits, products or collaborations. Perform research and analytics and stay apprised on new security vulnerability, threats, risks, attack tools and techniques to contribute and improve Phenom’s Threat model and collaborate with senior engineering and product management staff to incorporate effective security standards and controls into product design. Help in the deployment of Phenom Secure Architecture & Software Development program to support the best cybersecurity development practice, and ensure Phenom ITX Platform is highly secure, resilient and aligned with business and product development strategy. Continuously review and identify security improvement opportunities in existing processes, services, and workflows to ensure Phenom ITX platform is robust against current and future cybersecurity threats. Support cybersecurity process activities including security requirements definition, threat modelling, code reviews and cyber risk assessment. Support on development and maintenance of a “security by default” standard to be used in the development, infrastructure, or any other technology project. Deliver training on Security Development Lifecycle to engineering/development teams Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation. Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security. Provide analytic support to answer questions about vulnerabilities, and general threat intelligence trends Must Have Bachelor’s degree or higher in related field 3 to 5 years’ hands-on technical expertise as Application Security Engineer Specialized Knowledge Experience with Amazon Web Services cloud environments and its security controls and their corresponding challenges. Experience with microservices architectures & distributed Platforms especially in the SaaS businesses Experience using Agile software development Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.) Knowledge of information security principles (Confidentiality, Integrity, Availability Authentication & Public Key Infrastructure (PKI), Data Security or Cryptography), and understanding of common exploitation techniques and mitigation. Experience implementing, managing, and supporting a vulnerability management program (process and technology). Experience and well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and infrastructure automation/development utilizing APIs. Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.) and how they help to protect an application. Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation. Thought leadership, critical thinking, strong organizational skills, report writing skills to senior level, ability to prioritize and multitask Benefits We want you to be your best self and to pursue your passions! Health and wellness benefits/programs to support holistic employee health Flexible hours and working schedules, as well as parental leave for new parents Growing organization with career pathing and development opportunities Tons of perks and extras in every location for all Phenoms! Diversity, Equity, & Inclusion Our commitment to diversity runs deep! Diversity is essential to building phenomenal teams, products, and customer experiences. Phenom is proud to be an equal opportunity employer taking collective action to build a more inclusive environment where every candidate and employee feels welcomed. We recognize there is more to be done. Our teams are committed to continuous improvement until these powerful ideas are ingrained in our culture for Phenom and employers everywhere!

Experience of SQL & advance SQL . Develop and implement data governance policies, standards, and procedures to ensure data quality and complianceSecurity Excellent communication and problem-solving skills Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4-7 yrs of exp, 3 + yrs of relevant experience Experience with data quality tools and data management software Experience in Data Management (Data Quality, Data Governance)Threat Modeling. Experience with data visualization and reporting tools (Tableau) Preferred technical and professional experience Excellent communication and problem-solving skills.. Thorough understanding of SQL & advance SQL . Develop and implement data governance policies, standards, and procedures to ensure data quality and compliance