119 Threat Modeling Jobs - Page 4

You must evaluate diverse security risks in a fast-moving environment and be technically capable of suggesting and carrying out remediation, in accordance with Cisco's security policies and standards, implementing and maintaining security solutions Required Candidate profile • Information security consulting • Compliance (ISO27001, SOC2, GDPR, CCPA) • Network security, server security, and identity/access management. • CI/CD • SOC • Certificates - CISSP, CISM, or CCSP

6+ years of experience in cybersecurity roles, with at least 3+ years in a managerial capacity. Proven expertise in conducting and managing red and blue team operations. Professional certifications such as CISSP, CISM, CISA, CEH, or equivalent. Required Candidate profile Understanding of threat modelling, vulnerability assessment, and penetration testing. Proficiency in security tools such as SIEM, IDS/IPS, endpoint protection, and DLP. knowledge of cloud security

Job Summary :We're seeking an experienced .NET Developer with a strong background in IT Security to join our team in Pune. As a .NET Developer, you will be responsible for designing, developing, and maintaining secure .NET applications, ensuring the highest levels of security, scalability, and performance.Key Responsibilities :Design, develop, and maintain secure .NET applications, including web applications, APIs, and microservices.Ensure compliance with IT security best practices, industry standards, and regulatory requirements.Collaborate with cross-functional teams, including IT security, QA, and DevOps, to identify and mitigate security risks.Develop and implement secure coding practices, code reviews, and testing strategies.5. Troubleshoot and resolve complex technical issues, including security-related incidents.Stay up-to-date with emerging trends, technologies, and threats in IT security and .NET development.Mentor junior developers and provide technical guidance on secure coding practices. Technical Requirements :5+ years of experience in .NET development (C#, (link unavailable), MVC, Web API).Strong background in IT security, including security frameworks, threat modeling, and risk assessment.Experience with secure coding practices, code reviews, and testing strategies.Knowledge of security protocols, such as SSL/TLS, OAuth, and JWT.5. Familiarity with cloud security platforms, such as Azure Security Center or AWS IAM.Experience with Agile development methodologies and version control systems (e.g., Git).Strong problem-solving skills, attention to detail, and analytical thinking.Nice to Have :Certifications in IT security, such as CompTIA Security+ or CISSP.Experience with containerization (Docker) and orchestration (Kubernetes).Knowledge of DevOps tools, such as Jenkins, Azure DevOps, or TeamCity.Familiarity with cloud platforms, such as Azure or AWS.

Educational QualificationBE/BTech/MCA Experience6 to 9 years JD Details Required Skills Deep knowledge of web Application and mobile applications security testing Suggest mitigation for identified vulnerabilities SOC incidents and threat analysis A clear conceptual understanding of the SDLC Strong knowledge on automated scanning using HP Fortify, Burp suite or similar tools Strong knowledge on network penetration testing. Security knowledge capturing and consolidation Collaboration on product conceptualization for security by design Knowledge on web appsec, ethical hacking, DFRA, CSR Experience in understanding false positive from the Source code scans Led at least one CSR (Compressive security review) Knowledge static application security testing (SAST), dynamic application security testing (DAST), and open source security (OSS) Strong understanding of OWASP top 10. Experience in WAF logs analysis Rapid decision making to prevent delayed releases due to security issues To coordinate with various stakeholders for completion of Audit points observed by internal and external auditor. 8. Make sure all CERTS in, RBI and various security advisories are checked and recommended action taken on the respective platforms in the application. Outside the box thinking to anticipate possible threats Desirable Skills Working knowledge of web and mobile application security Extensive experience in Vulnerability Assessment and Penetration testing, Web Application security Knowledge on kali linux would be an added advantage Knowledge on conducting Security Audits Good knowledge on Threat modeling, cryptography, and common application vulnerabilities Certificate in Certified Application Security Engineer (CASE), Certified Ethical Hacker (Latest CEH)

Experience in working with Bluetooth profiles and ability to do analyze air traces to root cause issues Experience in Automotive Infotainment Domain Experience in Modern C++14/17, OOPs, Design patterns. Knowhow with coding guidelines/standards (e.g. MISRA C/C++, CERT C/C++) Experience in Multi-Threading, IPC, RPCThrift, DBUS, gRPC, Sockets. Experience in Build tools like Make, CMake and Git workflow. Experience in Linux, GDB, Valgrind, System Debugging skills. Experience with Test-Driven Development, Google-Test, Robot Framework, Python. Shell Understanding Infotainment System Architecture, Design Principles. Know how on Agile Frameworks and toolsScrum/Kanban, JIRA, Confluence, TMX, R4J Nice to have Experience with Embedded Linux / Yocto/ QNX Knowledge of ASPICE V-Model Processes. Understanding/Experience in containers, hyper visor, virtualization. Experience in Media player, Bluetooth, IAP, Android auto, Device manager, Remote UI. Experience with DevOps-CI/CD. Experience with AppArmour, Threat Modeling, TrustZone, Ability to understand and address Bluetooth security vulnerabilities reported by various research organizations.

Be a part of our success story. Launch offers talented and motivated people the opportunity to do the best work of their lives in a dynamic and growing company. Through competitive salaries, outstanding benefits, internal advancement opportunities, and recognized community involvement, you will have the chance to create a career you can be proud of. Your new trajectory starts here at Launch. What we are looking for: We are looking for IOT Security Engineer for one of our internal projects. Role: IOT Security Engineer Location: Hyderabad Years of Experience: 8+ Years Job Responsibilities: IoT Device Security Conduct comprehensive IoT device security assessments against provided IEC 62443-based device security requirements. Clearly document security findings, compliance status, and detailed gap analysis. Conduct threat modelling and risk assessment for each finding or non-conformance. Provide actionable, risk-informed recommendations for remediation. Firmware and Hardware Vulnerability Assessments Conduct vulnerability assessments and penetration tests based on IEC 62443 standards. Clearly document findings, perform threat modelling, and assign clear risk ratings. Generate prioritized remediation plans based on identified risks. Firmware Integrity and Compliance Audits Regularly audit firmware integrity and compliance to IEC 62443 standards. Document non-conformances, conduct threat modelling, and assess associated risks. Clearly recommend corrective actions with prioritization based on risk levels Mandatory Skills: 5+ years of experience in embedded systems security, IoT device security, or related fields. Hands-on proficiency with C family programming languages. Deep understanding of hardware security, operating systems internals, cryptography, wire protocols, real-time embedded, and Linux SoC based solutions. Proven expertise with IoT protocols such as MQTT Demonstrated expertise in deploying IoT gateways in scaled public cloud environments Proficiency in conducting threat modeling, vulnerability assessments, and penetration testing of embedded systems. Knowledge of relevant security frameworks (e.g., NIST 800-53, ISO 27402/27001) and regulatory requirements for IoT devices. We are Navigators in the Age of Transformation: We use sophisticated technology to transform clients into the digital age, but our top priority is our positive impact on the human experience. We ease anxiety and fear around digital transformation and replace it with opportunity. Launch IT is an equal opportunity employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Launch IT is committed to creating a dynamic work environment that values diversity and inclusion, respect and integrity, customer focus, and innovation.

The Information Protection Associate Advisor is responsible for providing general technical, operational and review support to Cigna's Information Protection (CIP) Organization. This role will support in enforcing standard information protection controls through infrastructure, application and third-party security assessments . You will work with development teams to ensure they are using the appropriate application security tooling correctly through their SSDLC . Balance multiple project priorities appropriately. Work with the Cigna Information Protection team as required to support reviews, product implementations and security audits. Support the Management team (Regional Information Security Officer and Senior Manager) on dashboard reporting, coordination of incident responses, risk assessments and CIP led initiatives. Job Description: Infrastructure / Application reviews: Partners with the enterprise to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements Communicates risk assessment findings to information security customers, or business partners. Explore risk mitigation controls Serves as an information security expert and trusted advisor to partners in IT and the business Evaluate compliance of operation processes with Information Protection policies and related government regulations Identifies and implements appropriate controls to effectively manage information risks as needed Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk Maintains strong working relationships with individuals and groups involved in managing information risks across the organization Stays abreast of current and emerging security threats and designs security architectures to mitigate them Service Partner Security Assessment: Perform general walkthrough evaluations of new applications and processes under consideration. Provide recommendation to business. Meet with vendors and employees to resolve or track compliance issues. Attend demonstrations of applications and prepare reports on potential for data leakage or infrastructure security issues. Review any regular security reports for abnormality. Work with supplier chain management on contracts to include security terms. Escalation to the fellow CIP team on security issues related to service partners. Provide development teams with application security vulnerability validation and remediation guidance from various application security tooling (SAST, SCA, IAC, DAST, MAST, etc) Support the Management team (Regional Information Security Officer and Senior Manager): Work with individual local security teams assigned to ensure security controls applied are compliant to CIP policies and standards Work with the RISO on managing security incidents Regular risk & activity reporting Issue tracking with local security teams Review and approval of application/infrastructure changes in terms of security Coordinate CIP initiatives with other countries as required Maintain strong working relationships with individuals and groups involved in managing information risks across the organization Partner with the CIP and IT teams to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers Stay abreast of current and emerging security threats and security architectures to mitigate the threats Skills Needed: Health Insurance or Health Care Industry experience preferred Ability to multitask and timely execute Ability to grasp and understand complicated relationships Proven Communication skills, able to write and verbally communicate effectively Organizational courage to escalate and resolve risk issues Flexible can adapt to changing organization changing business needs, technological advances and agile methodology Demonstrates technical skills in infrastructure, application and third party security assessments. Self-starter and shows empathy towards business requirements and able to influence changes to facilitate security Experience with assessing and mitigating risk Experience with contracting and negotiations Travel required, approximately 10% Qualifications: BS degree or equivalent experience CISSP, CISA, CISM, CRISC or similar certifications preferred Broad high level knowledge, hands-on experience, and exposure to a wide range of IT subject areas, business, application security Strong written and spoken English skills Qualified candidates will typically have 8 to 11+ years of professional IT experience work experience, and 4 years in information security Experience with process and change management, reporting and incident handling. Demonstrated ability to communicate at high levels, both verbally and in reporting Excellent problem identification, solving and critical reasoning skills. Ability to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment. Techno Functional role Cyber security Analysts SDLC must have At least 1+ yrs of working experience SAST, DAST, MAST, SCA: Application Security scanning Tools must have Check vulnerability assessments. Help Developers to check if the integration process is aligned with the results. Check if the team is using the right tools and review the results. Threat Model & Programming languages is good to have not mandate. Software Development Lifecycle

Job Description We are seeking a highly motivated and analytical individual to join our global Cyber Threat Intelligence team as a Cyber Threat Intelligence Analyst. As a part of our Advisory & Assessment team, you will contribute to the identification and mitigation of emerging threats, enabling our clients to proactively defend against cyberattacks. Responsibilities Research and Analysis: Conduct in-depth research and analysis of emerging cyber threats, including the evolving threat landscape, industry-specific risks, and geographical threats, to identify potential risks and vulnerabilities. Threat Reporting: Create intelligence products including comprehensive reports for our customers, providing insights on the current threat landscape, outlining their attack surface, and highlighting open risks that need immediate attention. Threat Advisories: Develop and deliver concise and actionable threat advisories for our customers, offering recommendations and strategies to mitigate potential cyber threats and vulnerabilities. Customer Engagement: Engage with customers on weekly calls, presenting threat intelligence findings, discussing attack surfaces, and addressing any inquiries or concerns they may have. Ad hoc Intelligence Requests: Assist customers by fulfilling their ad hoc intelligence requests, which may include conducting deep-dive investigations, providing analysis on specific threats, or offering insights into industry-specific risks. Incident Qualification: Proactive monitoring of TRI tools and response to any identified incidents. You will be responsible for qualifying incidents to assess their fidelity. Requirements Knowledge and Interest: Passion for cybersecurity and a good understanding of the threat landscape, emerging trends, threat actors, and attack vectors. Awareness of different industry and regional threats is advantageous Analytical Skills: Excellent analytical and critical thinking abilities to interpret complex data, identify patterns, and extract meaningful insights. Communication Skills: Effective written and verbal communication skills to present technical information clearly and concisely, both internally and externally. Detail-oriented: Strong attention to detail, ensuring accuracy and precision in research, analysis, and reporting. Collaboration: Ability to work effectively in a team environment, collaborating with colleagues and customers to achieve common objectives. Continuous Learning: Eagerness to stay updated on the latest cybersecurity trends, threat intelligence methodologies, and tools. Education Requirements & Experience Bachelors in computer science/IT/Electronics Engineering, M.C.A. or equivalent University degree. 1 or 2 year experience in SOC or vulnerability assessment Certifications: Certified Ethical Hacker (CEH) CTIA, CPTIA.

Experience with vulnerability management, secure coding practices, and the OWASP Top 10 vulnerabilities. compliance standards (SOC 2, ISO 27001, PCI-DSS, GDPR). Experience with threat modelling, penetration testing, and security risk assessments. Required Candidate profile Proven experience with end-to-end security in cloud and containerized environments. Experience in leading security initiatives and guiding teams toward better security practices. CISSP

Product Cybersecurity Architect Kidde Global Solutions (KGS) is one of the worlds largest manufacturers of residential and commercial fire and life safety products. Each day, we work to expand upon our legacy of innovation, providing advanced solutions to protect people and property from fire and related hazards. Today, KGS products are found in homes and businesses around the globe. We bring together the most trusted and iconic brands in safety and security. By building upon our combined experience and expertise, we provide residential and commercial customers with advanced solutions and services to protect people and property in a wide range of applications, all around the globe. Global Product Security The purpose of the Global Product Security group is the enhancement of KGS products and services, and assurance of cyber competitive advantage by driving: Brand reputation and advancement within the product cyber domain. • Secure development, continuous improvement and security maturity of products and services. • Assurance of secure operations, response, support, and channel engagement for all offerings. • Product innovation and differentiation leveraging cybersecurity capabilities and expertise. Responsibilities Supports all phases of secure engineering, support, and development lifecycles in collaboration with multifunctional leaders, stakeholders, contributors, and businesses. Drives secure development principles, practices and activities within engineering and production to help quantify cybersecurity risk, issues, and defects within KGS offerings, such that teams may appropriately characterize, manage, and remediate to standard. Coordinates with engineering to help scope projects, define cybersecurity requirements, perform gap analysis, refine functional requirements, and road map residual cyber risk. Architects’ solutions and designs security controls to meet secure design requirements, support cyber related feature and function development, implement security related modules and solutions, and foster new product development and innovation. Provides subject matter expert guidance on cybersecurity and product development topics. Supports Product Security activities such as threat modeling, security assurance testing, cyber risk assessment, security reviews and threat vulnerability assessment for all offerings. Provides technical leadership, mentorship, and training. Leads business units and projects through security certification and accreditation. Supports ad hoc initiatives within the cybersecurity-engineering domain, as needed. Qualifications Bachelor’s degree or above in Cybersecurity, computer science, software engineering, or equivalent 2 to 5 years SW development exp w/5 years developing secure systems or controls. OR 3 or more years product cybersecurity experience Preferred Qualifications Exceptional cross-functional and multi-domain technical aptitude Diverse technical domain experience (ex., Embedded, Enterprise, Mobile, Cloud, etc.) Excellent cybersecurity depth and breadth knowledge and SW engineering skills Subject matter expertise of secure SW development lifecycle, practices, and activities Strong exp with secure by design principles and architecture level security concepts Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.), deployment orchestration, automation, and security configuration management (CircleCI, Jenkins, Puppet, Chef, Ansible, etc.) Working knowledge on implementing SSL/TLS, PKI, AES, Key management protocols etc. over HTTP/TCP and UDP. Strong understanding of cloud technologies including SaaS, PaaS, and IaaS Experience in security certifications or accreditations such as SOC2, ISO 27001, FedRAMP, etc. Familiarity with cybersecurity standards such as IEC 62443 Certifications proving deep practical knowledge such as CSSLP, CISSP, CCSP, CCSK, AWS Solutions Architect Professional ELIGIBILITY REQUIREMENTS Must be 18 years or older. Must be willing to take a drug test as part of the selection process. Must be willing to submit to a background investigation as part of the selection process. Must be willing to work out of an office in Hyderabad, INDIA Ability and availability to travel occasionally. The candidate must be proficient in spoken and written English. Added IEC 62443 as a nice to have.

About The Role Skill Description Experience in working with Bluetooth profiles and ability to do analyze air traces to root cause issues Experience in Automotive Infotainment Domain Experience in Modern C++14/17, OOPs, Design patterns . Knowhow with coding guidelines/standards (e.g. MISRA C/C++, CERT C/C++) Experience in Multi-Threading, IPC, RPCThrift, DBUS, gRPC , Sockets. Experience in Build tools like Make, CMake and Git workflow. Experience in Linux, GDB, Valgrind, System Debugging skills. Experience with Test-Driven Development, Google-Test, Robot Framework, Python. Shell Understanding Infotainment System Architecture, Design Principles. Know how on Agile Frameworks and toolsScrum/Kanban, JIRA, Confluence, TMX, R4J Nice to have Experience with Embedded Linux / Yocto/ QNX Knowledge of ASPICE V-Model Processes. Understanding/Experience in containers, hyper visor, virtualization. Experience in Media player, Bluetooth, IAP, Android auto, Device manager , Remote UI. Experience with DevOps-CI/CD. Experience with AppArmour, Threat Modeling, TrustZone, Ability to understand and address Bluetooth security vulnerabilities reported by various research organizations. Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Skills (competencies) Verbal Communication

What You'll Do As the Manager of Product Security with a focus on Data Privacy, you will help ensure that our products are designed with strong security and privacy controls. You will lead a team of security professionals, collaborate with teams, and lead the implementation of privacy-by-design principles across all stages of the product lifecycle. Your responsibilities will include safeguarding customer data, ensuring compliance with privacy regulations, and mitigating security risks in product development. You will report to VP Security What Your Responsibilities Will Be Lead the product security team focused on embedding data privacy and security controls into product development processes. Develop a comprehensive product security strategy with a focus on data privacy. Partner with engineering, legal, compliance, and product teams to ensure privacy and security are integrated into all stages of the product lifecycle. Drive privacy-by-design principles and advocate for secure development practices across the organization. Data Privacy Governance : Ensure products comply with relevant data privacy regulations such as GDPR, CCPA, HIPAA, and other global standards. Develop product security policies and procedures that align with legal, regulatory, and industry requirements. Perform privacy impact assessments (PIAs) and security risk assessments (SRAs) on products and services. Risk Management : Identify privacy and security risks related to product development and deployment. Implement controls and measures to reduce data breaches, unauthorized access, and other security incidents. Lead incident response efforts related to privacy violations or data security breaches in collaboration with legal and IT teams. Collaboration & Communication : Collaborate with engineering teams to integrate security tools, practices, and automated testing into CI/CD pipelines. Work closely with the legal and compliance teams to interpret and respond to data privacy regulations and standards. Communicate privacy and security risks, issues, and solutions to senior leadership and other stakeholders. Training & Awareness : Develop and conduct training programs to educate product development teams on privacy and security best practices. Stay up-to-date with emerging data privacy trends, threats, and technologies and ensure the team is aligned with industry best practices. Monitoring & Reporting : Oversee continuous monitoring of product security and privacy controls to ensure ongoing compliance and risk mitigation. Provide regular updates to leadership on the status of product security initiatives, privacy compliance, and risk management activities. What You'll Need To Be Successful Qualifications: Education & Experience : Bachelor's or Master's degree in Information Security, Computer Science, or related field. 10+ years of experience in product security, cybersecurity, or data privacy, with a focus on software product development. Proven experience managing teams in a security or privacy role. Skills & Knowledge : Deep understanding of data privacy laws and regulations (e.g., GDPR, CCPA, HIPAA). Strong knowledge of product security principles, including secure software development practices, encryption, and threat modeling. Familiarity with privacy-enhancing technologies, data anonymization, and data retention practices. Experience with security tools, automation, and CI/CD practices. Certifications (preferred): Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar certifications.

Educational Qualification: BE/BTech/MCA Experience: 6 to 9 years JD Details Required Skills Deep knowledge of web Application and mobile applications security testing Suggest mitigation for identified vulnerabilities SOC incidents and threat analysis A clear conceptual understanding of the SDLC Strong knowledge on automated scanning using HP Fortify, Burp suite or similar tools Strong knowledge on network penetration testing. Security knowledge capturing and consolidation Collaboration on product conceptualization for security by design Knowledge on web appsec, ethical hacking, DFRA, CSR Experience in understanding false positive from the Source code scans Led at least one CSR (Compressive security review) Knowledge static application security testing (SAST), dynamic application security testing (DAST), and open source security (OSS) Strong understanding of OWASP top 10. Experience in WAF logs analysis Rapid decision making to prevent delayed releases due to security issues To coordinate with various stakeholders for completion of Audit points observed by internal and external auditor. 8. Make sure all CERTS in, RBI and various security advisories are checked and recommended action taken on the respective platforms in the application. Outside the box thinking to anticipate possible threats Desirable Skills Working knowledge of web and mobile application security Extensive experience in Vulnerability Assessment and Penetration testing, Web Application security Knowledge on kali linux would be an added advantage Knowledge on conducting Security Audits Good knowledge on Threat modeling, cryptography, and common application vulnerabilities Certificate in Certified Application Security Engineer (CASE), Certified Ethical Hacker (Latest CEH)

Key Responsibilities : - Design and implement security features for embedded systems. - Conduct security assessments and vulnerability testing on firmware and hardware. - Develop secure coding practices for embedded software development. - Collaborate with cross-functional teams to integrate security into the product lifecycle. - Conduct threat modeling to anticipate potential security risks. - Research and analyze emerging security threats and vulnerabilities. - Implement security best practices and ensure compliance with industry regulations. - Create and maintain documentation related to security processes and protocols. - Participate in incident response activities to mitigate security breaches. - Review and enhance existing embedded security frameworks. Required Qualifications : - Bachelor's degree in Computer Science, Electrical Engineering, or a related field. - Minimum of 3 years experience in embedded systems or related field. - Proficient in programming languages such as C, C++, or Python. - Strong understanding of security protocols and standards. - Experience with operating systems such as RTOS or Linux. - Hands-on experience with hardware debugging tools and techniques. - Knowledge of cryptographic algorithms and implementation. - Experience in threat modeling and risk assessment methodologies. - Familiarity with secure software development life cycle (SDLC). - Ability to work in a team-oriented, collaborative environment. - Strong problem-solving and analytical skills. - Excellent written and verbal communication skills. Location: Delhi, Mumbai, Bengaluru, Chennai, Hyderabad, Kolkata, Pune,Ahmedabad

Position : Embedded Security Engineer Location : Hyderabad Experience : 11 to 15 years Key Responsibilities : Development and Security Implementation : - Design and develop secure embedded applications using Embedded C. - Implement security measures for embedded systems running on RTOS (FreeRTOS) and Linux environments. Threat Modeling and Vulnerability Assessment : - Conduct thorough threat modeling to identify potential risks and vulnerabilities in embedded systems. - Perform vulnerability assessments to evaluate the security of existing systems and recommend improvements. Encryption and Secure Communication : - Develop and implement encryption, authentication, and secure communication protocols to protect sensitive data. - Collaborate with cross-functional teams to integrate security solutions into product designs. Required Skills : Technical Expertise : - Proficient in C programming with a deep understanding of embedded system architectures. - Experience with RTOS (FreeRTOS) and Linux-based embedded systems. - Strong knowledge of cryptographic algorithms, encryption techniques, and secure communication protocols. Security Knowledge : - Proven experience in threat modeling methodologies and vulnerability assessment frameworks. - Familiarity with secure coding practices and the ability to review code for security vulnerabilities. Qualifications : - Bachelor's or Master's degree in Computer Science, Electrical Engineering, Cybersecurity, or a related field. - Minimum of 9 years of experience in embedded systems development with a focus on security.

Educational Qualification: BE/BTech/MCA Required Skills Deep knowledge of web Application and mobile applications security testing Suggest mitigation for identified vulnerabilities SOC incidents and threat analysis A clear conceptual understanding of the SDLC Strong knowledge on automated scanning using HP Fortify, Burp suite or similar tools Strong knowledge on network penetration testing. Security knowledge capturing and consolidation Collaboration on product conceptualization for security by design Knowledge on web appsec, ethical hacking, DFRA, CSR Experience in understanding false positive from the Source code scans Led at least one CSR (Compressive security review) Knowledge static application security testing (SAST), dynamic application security testing (DAST), and open source security (OSS) Strong understanding of OWASP top 10. Experience in WAF logs analysis Rapid decision making to prevent delayed releases due to security issues To coordinate with various stakeholders for completion of Audit points observed by internal and external auditor. 8. Make sure all CERTS in, RBI and various security advisories are checked and recommended action taken on the respective platforms in the application. Outside the box thinking to anticipate possible threats Desirable Skills Working knowledge of web and mobile application security Extensive experience in Vulnerability Assessment and Penetration testing, Web Application security Knowledge on kali linux would be an added advantage Knowledge on conducting Security Audits Good knowledge on Threat modeling, cryptography, and common application vulnerabilities Certificate in Certified Application Security Engineer (CASE), Certified Ethical Hacker (Latest CEH)

Role & responsibilities SecOps Standards: Develop and update application security standards, secure coding principles, and threat modelling processes. Application Security Support: Provide application security support to development teams, including reviewing and explaining application security tools and processes, providing vulnerability explanations and remediation guidance. Vulnerability Assessment: Leverage automated tools and manual testing methods to identify vulnerabilities in codebase and engage in Static and Dynamic application security testing and engage in security automation efforts and process improvements. Penetration Testing: Exposure to web application and APIs application penetration tests. And conduct network and cloud penetration tests to identify security weaknesses. Security Monitoring & Incident Response: Deploy and manage security tools, detect threats, prevent sensitive data leaks and address incidents. Infrastructure & Cloud Security: Safeguard infrastructure on AWS, GCP, or Azure, focusing on encryption, IAM, and network security. \Security Automation: Integrate security into CI/CD pipelines and automate compliance checks. Compliance & Governance: Ensure adherence to security regulations (e.g., GDPR, SOC 2, ISO 27001). Threat Intelligence: Stay updated on emerging threats and apply security best practices. Preferred candidate profile Experience: Minimum of 3-5 years in DevSecOps or security engineering, with a focus on cloud security. Proficiency in DevSecOps operations and Application Security. Familiarity with secure by design and “shift left” security principles. o Strong knowledge of software security risks and threats (OWASP top 10) Secure Software Development Lifecycle (SDLC) knowledge. o Experience with application security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). Strong scripting skills (Python, Bash) for security automation. Proficient with cloud-native and containerized platforms with proven experience on Kubernetes (EKS), Jenkins, Docker, Terraform, etc. Excellent communication skills for cross-functional collaboration. Perks and benefits

Job Job Title Security Design Responsibilities Join our core R&D Automotive Engineering Team for our marquee Swedish Account- Polestar!Infosys is hiring core Automotive R&D professionals as part of a dedicated Offshore Delivery Center being setup for Sweden’s marquee EV brand ‘Polestar’ at our Electronics City, Bangalore Campus. This is an opportunity to be part of cutting-edge automotive software projects, working with passionate global teams tackling real-world Automotive and next-generation Electric Mobility Challenges. If such an opportunity excites you, apply for the job opening below -The Role: Expertise in various security mechanisms such as secure on-board communication and secure hardware design. Guide development teams in vulnerability analysis (static code analysis, known vulnerability analysis) and support tracking Cybersecurity implementation issues based on analysis Work with different teams across the business to ensure development and implementation complies with legislations such as R155 vehicle cyber security, according to ISO21434 process. Assess work products created by suppliers and review suppliers’ capability to deliver as per ISO21434. Participate in implementing process to comply with R155 for Polestar. Base technology requirements discussions with technology partners on vehicle architecture, communication and connectivity etc. Lead incident response activities as required and provide mitigation advise. The Person: Electrical, Electronic Systems, IT, Computer Engineering, or similar engineering degree Detailed knowledge of on ISO21434, UNECE WP29 R155/R156. Experience in at least one of the following fields:embedded security, secure design and hardware security Knowledge in secure coding and code analysis Knowledge of automotive vehicle systems, architecture, and automotive communication protocols (CAN, Ethernet etc.) would be considered an asset Experience in wireless technologies (WiFi, Bluetooth, NFC) and OTA updates would be beneficial but not critical.Why Choose Infosys Engineering Services? Cutting-Edge Projects:Work on innovative projects at the forefront of automotive technology. Global Exposure:Collaborate with international teams and clients. Career Growth:We invest in your professional development and growth. Inclusive Culture:Join a diverse and inclusive workplace that values creativity and collaboration.If you’re ready to accelerate your career in the automotive industry, apply now! Technical and Professional Requirements: Experience in at least one of the following fields:embedded security, secure design and hardware security Detailed knowledge of PKI and cryptography Knowledge of automotive vehicle systems, architecture, and automotive communication protocols (CAN, Ethernet etc.) would be considered an asset Work with different teams across the business to ensure development and implementation complies with legislation R155 vehicle cyber security, according to ISO21434 process. Participate in implementing process to comply with R155 for Polestar. Review Software applications for potential security vulnerabilities by conducting application security reviews i.e. Secure Design review, Threat Modelling. Preferred Skills: Domain->Automotive->Engine / Power Train Domain->Automotive->Infotainment System Domain->Automotive->Connected Car Domain->Automotive->Electric Vehicles (EVs)->EV Educational Requirements Master Of Engineering,Master Of Technology,Bachelor of Engineering,Bachelor Of Technology Service Line Engineering Services * Location of posting is subject to business requirements

Who are we looking for? Focused on the customer, Managed Services' mission is to ensure that clients get the most out of Checkmarx Products and Solutions. We are looking to grow our team with a talented Application Security Architect to support Checkmarx services and our customers. We are looking for a resilient and self-motivated individual who wants to be part of an expanding team in a fast-growing industry. Responsibilities : Review customers software architectures with a focus on potential security threats Provide dev teams with explanation and mitigation advice for security vulnerabilities found in the Checkmarx scans; Design and coordinate the implementation and maintenance of tailored solutions that will meet customer requests, needs and requirements; Collaborate with Product Management, R&D and Support teams in handling customer issues or internal Checkmarx initiatives; Occasionally assist in pre-sale activities, like providing product demonstrations; Assistance in the implementation of Application Security Programs and processes; Providing training for developers and management Travel to customer sites for meetings and technical activities; Requirements Degree in Software Engineering or equivalent At least 4+ years of combined experience in development, in any programming language,and Application Security (minimum 2 years in AppSec). Previous experience in one or more Application Security practices, such as pen-testing, security code review, AST products, research Knowledge on how to conduct a Threat Modeling exercise. Knowledge of AppSec industry standards, frameworks and guidelines, such as OWASP Top 10 (Web, Api or Mobile) and Secure SDLC. Client handling skills for Security Engagements; Good written and verbal communication skills in English; Ability to travel (up to 20%); Pro-active and sense of ownership; Get an advantage if you have Security Certifications (CISSP, CSSLP, CEH, OSCP, etc.).

General Tasks: You will consult and hands-on assist multiple teams in creating risk analyses (e.g. TARA) and performing Threat Modeling ( STRIDE) You will guide, teach, and train teams on how to create secure software architectures Actively adapting the software development process to benefit from modern tools to enhance security (e.g., Static Code Analysis, Fuzzing, Security Testing Frameworks) You will drive project decisions to roll out security measures You will actively check source code and configurations for potential security issues and guide/train development teams on how to prevent identified issues General required knowledge/Skills/Background: University degree in Computer Science or a similar field of study Professional experience in Threat Modeling (STRIDE), TARA and ISO 21434 Experience in security source code reviews and active vulnerability hunting Deep technical understanding of best-practice security features and internals of Linux and Android Strong understanding of Linux Kernel Security features (SELinux, Secure Boot, Namespaces, cgroups, seccomp, KASLR, Stack protector, dm-verity / IMA-EVM, ...) A background in modern software development in C++ / Java / Kotlin on Linux / Android The ability to motivate, influence and convince multiple worldwide teams; ideally with experience creating and performing security trainings Skills Must have skills : Linux, Android, security, SELinux, secure boot Should have skills : Namespaces, cgroups, seccomp, KASLR, Stack protector, dm-verity / IMA-EVM, c++, Java, Kotlin, TARA, STRIDE, fuzzing

About The Role : Experience in working with Bluetooth profiles and ability to do analyze air traces to root cause issues Experience in Automotive Infotainment Domain Experience in Modern C++14/17, OOPs, Design patterns. Knowhow with coding guidelines/standards (e.g. MISRA C/C++, CERT C/C++) Experience in Multi-Threading, IPC, RPC:Thrift, DBUS, gRPC, Sockets. Experience in Build tools like Make, CMake and Git workflow. Experience in Linux, GDB, Valgrind, System Debugging skills. Experience with Test-Driven Development, Google-Test, Robot Framework, Python. Shell Understanding Infotainment System Architecture, Design Principles. Know how on Agile Frameworks and tools:Scrum/Kanban, JIRA, Confluence, TMX, R4J Nice to have Experience with Embedded Linux / Yocto/ QNX Knowledge of ASPICE V-Model Processes. Understanding/Experience in containers, hyper visor, virtualization. Experience in Media player, Bluetooth, IAP, Android auto, Device manager, Remote UI. Experience with DevOps-CI/CD. Experience with AppArmour, Threat Modeling, TrustZone, Ability to understand and address Bluetooth security vulnerabilities reported by various research organizations. Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Product Security Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education About The Role ::Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 6-8 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts.Key responsibilities: Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments. Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces. Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components. Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols. Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses. Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware. Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware. Perform hardware penetration testing to identify vulnerabilities in electronic systems. Assess the security of medical devices, ensuring compliance with industry regulations and standards. Identify and address security risks associated with healthcare information systems and connected medical instruments. Evaluate and prioritize security risks based on potential impact and likelihood. Provide recommendations and collaborate with cross-functional teams to implement effective security controls. Stay current with emerging security threats, vulnerabilities, and testing methodologies. Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle. Document security testing processes, findings, and remediation recommendations. Generate comprehensive reports for stakeholders, including technical details and actionable insights.Technical experience: Hands on experience with penetration testing tools and methodologies. Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments. Knowledge of secure coding practices and the ability to review code for security vulnerabilities. Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines. Experience with threat modeling and risk assessment frameworks. Familiarity with secure development practices for embedded systems. Understanding of regulatory requirements for medical device security. Strong understanding of networking protocols, encryption, and authentication mechanisms.Professional attributes: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability. Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling. Ability to manage multiple tasks and deadlines. Qualifications: Bachelor's or master's degree in engineering or computer science, Information Security, or a related field. Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP). Qualifications 15 years full time education

Architects, designs, and provides technical oversight of the development of Intel security software technologies and solutions. Scope spans the entire stack including firmware, drivers, frameworks, protocols, algorithms, and applications as well as structure and validation direction. Responsible for pathfinding and providing technical direction for security software development and interacts with technologists across Intel and within the industry to evaluate feasibility of requirements and determine priorities for development. Qualifications Minimum qualifications are required to be initially considered for this position. Preferred qualifications are in addition to the minimum requirements and are considered a plus factor in identifying top candidates. Minimum Qualifications: Strong understanding of Platform Level Security Features and threat modeling Strong understanding of SDL practices Knowledge of trusted platform design and trusted execution environments (TEE), e.g., Intel SGX and BIOS / UEFI 8 years of C, C++ development, configuration management and debug experience 5 years of Linux driver development experience with exposure/knowledge of Windows operating systems Fluency in python Breadth of knowledge that spans BIOS and bootloaders, boot flows, drivers, FPGA and middleware Experienced in key management systems, security architecture, cryptography experience, cryptographic algorithms, security modeling, encryption/decryption, and/or security and identity management. Experienced with Docker, Kubernetes, Linux namespaces Excellent written and verbal communication skills The candidate must demonstrate the ability to prioritize, work cross-organizationally as part of a multi-site team, and provide concise lateral and upward status and communications to coordinate, influence, or raise issues to management and other architecture groups The candidate must be able to work independently and cross-organizationally to translate use cases into solutions incorporating both hardware and software Preferred Qualifications : Foster a secure-by-design approach to Intel's product development and for enabling compliance with security and privacy requirements in support of Intel's security-first pledge to make our customers' security an ongoing priority for Intel. Develop, implement, and operationalize security requirements and tasks, processes, tools, and training to accelerate the security-first culture across the company. Perform platform level analysis to create a threat model covering unique NEX features Monitor PRTs and PSIRTs affecting the platform and any exceptions Monitor Quality of execution and evidence across ingredient SDL projects Create reports (Wiki's) updating the Threat Model, SDL Creation, PSIRT/PRT Monitoring and Research Plans. Define, architect, develop and implement security software solutions using Intel Architecture Understand and define use cases, develop requirements, produce architectural documentation Establishing relationships and coordinating across sites to deliver a product Oversee product implementation and participate in code reviews Implement large sub-systems of the product Mentor the developer team as needed. Additional Skills Desired (like to have) Security knowledge Power management experience Virtualization knowledge Remote manageability knowledge Requirements listed would be obtained through a combination of industry relevant job experience, internship experiences and or schoolwork/ classes/research.

Key Responsibilities : Adversarial Simulations : Plan and execute red team engagements to simulate real-world adversary attacks, including network infiltration, social engineering, web application exploitation, and physical security testing. Vulnerability Assessment : Identify vulnerabilities in the organization's infrastructure, applications, and networks by conducting simulated attacks, including penetration testing and security assessments. Threat Emulation : Develop and simulate advanced persistent threats (APTs), insider threats, and other sophisticated adversary tactics, techniques, and procedures (TTPs) to evaluate defense mechanisms. Collaboration : Work closely with other cybersecurity teams, such as blue teams (defensive security) and incident response, to enhance the security posture of the organization through proactive threat identification and remediation. Security Improvement Recommendations : Provide detailed reports and recommendations after each red team engagement, ensuring that identified vulnerabilities are addressed and mitigated in a timely manner. Exploit Development : Design and develop proof-of-concept exploits to demonstrate the feasibility of identified vulnerabilities. Social Engineering : Perform social engineering assessments, including phishing campaigns, pretexting, and physical security assessments to evaluate an organizations susceptibility to human factors in security. Incident Reporting : Document findings and vulnerabilities in a clear, concise manner and present them to stakeholders, including executives, technical teams, and IT staff, in both written and verbal formats. Continuous Learning : Stay current with the latest cybersecurity threats, tools, techniques, and industry best practices to continuously improve the red team’s effectiveness. Tool Utilization and Development : Use commercial and open-source tools to conduct red team operations. Additionally, develop custom scripts or tools to facilitate specific attack scenarios. Qualifications : Education : Bachelor’s degree in Computer Science, Information Security, or related field, or equivalent work experience. Experience : 3+ years of experience in offensive security, penetration testing, or red teaming. Experience with conducting and leading red team exercises, vulnerability assessments, and penetration tests. Strong understanding of security concepts, network protocols, operating systems (Linux, Windows, macOS), and web application security. Certifications : Certified Red Team Expert (CRTE) Offensive Security Certified Professional (OSCP) Certified Ethical Hacker (CEH) - Preferable GIAC Penetration Tester (GPEN) - Preferable Certified Information Systems Security Professional (CISSP) - Preferable Technical Skills : Proficiency in programming/scripting languages such as Python, Bash, PowerShell, or others. Experience with red team tools (e.g., Cobalt Strike, Metasploit, Burp Suite, Nmap, etc.). Familiarity with attack simulation platforms, threat emulation frameworks (e.g., MITRE ATT&CK). Strong knowledge of attack methodologies and the tactics, techniques, and procedures (TTPs) of advanced persistent threats (APTs). Soft Skills : Strong analytical and problem-solving skills. Ability to communicate complex technical findings to both technical and non-technical stakeholders. Strong attention to detail and ability to work independently or as part of a team. Proactive, self-motivated, and eager to learn new security techniques and

A degree in Computer Science, Computer Systems Engineering, or a related field. 5+ years of experience performing security design reviews and Threat modeling of products and features. Expertise in Web and Network Security Strong communication skills Excellent problem-solving skills Ability to translate technical security requirements and risks into terms that anyone can understand. Ability to work independently and handle multiple tasks concurrently.