199 Threat Modeling Jobs - Page 5

FICO (NYSEFICO) is a leading global analytics software company, helping businesses in 100+ countries make better decisions. Join our world-class team today and fulfill your career potential! The Opportunity As a part of FICOs highly modern and innovative analytics and decision platform, the Cyber-Security Engineer will help shape the next generation security for FICOs Platform. You will address cutting edge security challenges in a highly automated, complex, cloud & microservices driven environments inclusive of design challenges and continuous delivery of security functionality and features to the FICO platform as well as the AI/ML capabilities used on top of the FICO platform." VP, Software Engineering . What Youll Contribute Secure the design of next generation FICO Platform, its capabilities and services. Support full-stack security architecture design from cloud infrastructure to application features for FICO customers. Work closely with product managers, architects and developers on the implementation of the security controls within products. Develop and maintain Kyverno policies for enforcing security controls in Kubernetes environments. Collaborate with platform, DevOps, and application teams to define and implement policy-as-code best practices. Contribute to automation efforts for policy deployment, validation, and reporting. Stay current with emerging threats, Kubernetes security features, and cloud-native security tools. Proof the security implementations within infrastructure & application deployment manifests and the CI/CD pipelines. Implement required controls and capabilities for the protection of FICO products and environments. Build & validate declarative threat models in continuous and automated manner. Prepare the product for compliance attestations and ensure adherence to best security practices. What Were Seeking 5+ years of experience in architecture, security reviews and requirement definition for complex product environments. Familiarity with industry regulations, frameworks, and practices. For example, PCI, ISO 27001, NIST, etc. Strong knowledge and hands-on experience with Kyverno and OPA/Gatekeeper (optional but a plus). Experience in threat modeling, code reviews, security testing, vulnerability detection, attacker exploit techniques, and methods for their remediation. Hands-on experience with programming languages, such asJava, Python, etc. Experience of deploying services and securing cloud environments, preferably AWS Experience of deploying and securing containers, container orchestration and mesh technologies (such as EKS, K8S, ISTIO). Ability to articulate complex architectural challenges with the business leadership and product management teams. Independently drive transformational security projects across teams and organizations. Experience with securing event streaming platforms like Kafka or Pulsar. Experience with ML/AI model security and adversarial techniques within the analytics domains. Hands-on experience with IaC (Such as Terraform, Cloudformation, Helm) and with CI/CD pipelines (such as Github, Jenkins, JFrog). Our Offer to You An inclusive culture strongly reflecting our core valuesAct Like an Owner, Delight Our Customers and Earn the Respect of Others. The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so. An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie. Why Make a Move to FICO At FICO, you can develop your career with a leading organization in one of the fastest-growing fields in technology today Big Data analytics. Youll play a part in our commitment to help businesses use data to improve every choice they make, using advances in artificial intelligence, machine learning, optimization, and much more. FICO makes a real difference in the way businesses operate worldwide Credit Scoring FICO Scores are used by 90 of the top 100 US lenders. Fraud Detection and Security 4 billion payment cards globally are protected by FICO fraud systems. Lending 3/4 of US mortgages are approved using the FICO Score. Global trends toward digital transformation have created tremendous demand for FICOs solutions, placing us among the worlds top 100 software companies by revenue. We help many of the worlds largest banks, insurers, retailers, telecommunications providers and other firms reach a new level of success. Our success is dependent on really talented people just like you who thrive on the collaboration and innovation thats nurtured by a diverse and inclusive environment. Well provide the support you need, while ensuring you have the freedom to develop your skills and grow your career. Join FICO and help change the way business thinks! Learn more about how you can fulfil your potential at www.fico.com/Careers FICO promotes a culture of inclusion and seeks to attract a diverse set of candidates for each job opportunity. We are an equal employment opportunity employer and were proud to offer employment and advancement opportunities to all candidates without regard to race, color, ancestry, religion, sex, national origin, pregnancy, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Research has shown that women and candidates from underrepresented communities may not apply for an opportunity if they dont meet all stated qualifications. While our qualifications are clearly related to role success, each candidates profile is unique and strengths in certain skill and/or experience areas can be equally effective. If you believe you have many, but not necessarily all, of the stated qualifications we encourage you to apply. Information submitted with your application is subject to theFICO Privacy policy at https://www.fico.com/en/privacy-policy

Educational Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems and if you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional : Security testing(3-5 years exp) - SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMIndividual should be open to learn new technology as needed and should work independently. Strong in ST with key ST related skills with good in driving a team and must be able to do client interaction. Preferred Skills: Technology-Application Security-Application Risk Profiling Threat Modeling-Microsoft Threat Modelling Technology-Application Security-Penetration Testing (Black/White/Grey Box Testing) Technology-Application Security-Vulnerability Management Technology-Infrastructure Security-Cloud Security Technology-Mobile Testing-Mobile Security Testing Technology-Security Testing-Security Testing - ALL Technology-Application Security-DevSecOps

Educational Bachelor of Engineering Service Line Infosys Quality Engineering Responsibilities As part of the Infosys delivery team, your primary role would be to ensure effective Design, Development, Validation and Support activities, to assure that our clients are satisfied with the high levels of service in the technology domain. You will gather the requirements and specifications to understand the client requirements in a detailed manner and translate the same into system requirements. You will play a key role in the overall estimation of work requirements to provide the right information on project estimations to Technology Leads and Project Managers. You would be a key contributor to building efficient programs/ systems and if you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional : Security testing(5-8 years exp) - SAST/DAST/API, Network, Mobile Security/DevSecops/Cloud Security/Threat Modelling/Vulnerability Management/Logging & Audit/GRC/Security Operations/IAMIndividual should be open to learn new technology as needed and should work independently. Strong in ST with key ST related skills with good in driving a team and must be able to do client interaction. Preferred Skills: Technology-Application Security-Application Risk Profiling Threat Modeling-Microsoft Threat Modelling Technology-Application Security-Application Security - ALL Technology-Application Security-Penetration Testing (Black/White/Grey Box Testing) Technology-Application Security-Vulnerability Management Technology-Infrastructure Security-Cloud Security Technology-Mobile Testing-Mobile Security Testing Technology-Security Testing-Security Testing - ALL Technology-Application Security-DevSecOps

Educational Bachelor of Engineering,Master Of Engineering Service Line Cyber Security Responsibilities Architect, Design and Review Application Security Architecture in distributed web applications, thick clients, mobile and cloud platforms.Perform Attack Surface Analysis, Threat Modeling using STRIDE, PASTA and Arrive at Threats, Risks, Vulnerabilities and propose re- mediatory, compensatory controls.Experience in tools like Threat Modeler, Microsoft Threat Modeling tool, Threat Dragon and similar tools.Application Security/ Threat Assessment with/without tools and RecommendationWork with Development/ Architecture team ensuring secure design principlesLead development team during design and build phaseExposure to Application Security threat modelsProgramming Skills - Java, C++, Python, Ruby, .Net, HTML, JSIn-depth understanding of Software development technologies and CI/CD pipelines. Technical and Professional : Architect, Design and Review Application Security Architecture in distributed web applications, thick clients, mobile and cloud platforms.Perform Attack Surface Analysis, Threat Modeling using STRIDE, PASTA and Arrive at Threats, Risks, Vulnerabilities and propose re- mediatory, compensatory controls.Experience in tools like Threat Modeler, Microsoft Threat Modeling tool, Threat Dragon and similar tools.Application Security/ Threat Assessment with/without tools and RecommendationWork with Development/ Architecture team ensuring secure design principlesLead development team during design and build phaseExposure to Application Security threat modelsProgramming Skills - Java, C++, Python, Ruby, .Net, HTML, JSIn-depth understanding of Software development technologies and CI/CD pipelines. Preferred Skills: Technology-Application Security-Application Security - ALL Technology-Application Security-Vulnerability Management Technology-Application Security-DevSecOps

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Architecture Design Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As Security Architect ability to provide Enterprise Security Strategy, Enterprise security design, performing threat modeling for building a Secure Application and Infrastructure for enterprise (Cloud, On-prem, hybrid model). Thorough understanding of IT and its security architecture principles, methodologies and designs patterns. Good working knowledge of current IT risks and experience in implementing security solutions. Experience in designing and reviewing security controls for IT infrastructure (Cloud and on-prem applications). Ability to assess and evaluate different security products as per the security design requirements. Work as Trusted Security Advisor for various clients. Roles & Responsibilities:- Minimum of 8 years of professional experience, preferably with a minimum of 3 years of hands-on involvement in security architecture and threat modeling.Demonstrate a profound comprehension of security architecture, capable of creating, assessing, and revising secure solutions that promote scalability, adaptability, and reusability.Act as the subject matter expert (SME) responsible for guiding and making security architecture decisions across all aspects of Accenture client presales, proposal design, and integration within client ecosystems.Develop and uphold reusable security architecture and design patterns for utilization.Create, devise, and troubleshoot intricate security implementations, overseeing the development of High-Level Design (HLD) and Low-Level Design (LLD) documents.Conduct design and implementation assessments and engage in threat modeling as necessary, adhering to established standards and best practices (e.g., STRIDE, PCI DSS, CSA CCM).Possess experience in cloud architectures and security controls, encompassing network security, Identity and Access Management (IAM), data protection, application security, and logging, among others.Proven track record in security frameworks and processes, including CIS, NIST, PCI/DSS, CCM SOCI/II, ISO/IEC 27001, NIST 800-53, OWASP, ISM, etc.Support Sales Leads by serving as a consultant during pre-sales activities, which involve assessing client requirements, defining project scopes, and preparing proposals and project plans.Demonstrate a robust understanding of potential attack vectors and the ability to design and articulate agile security controls to safeguard against them.Thorough comprehension of security principles and tools, including certificates, Data Loss Prevention (DLP), Web Application Firewalls (WAF), Security Information and Event Management (SIEM), firewalls, Distributed Denial of Service (DDoS) prevention, Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS), privileged access management, encryption, SSL, VPN, IPSec, TCP/IP, DNS, and web security architecture, among others. Professional & Technical Skills: Strong Network & Cyber Security Architecture Experience in architecting and developing security solutions on one or more cloud platform (AWS, GCP or Azure) and applying the cloud native security services.Cloud Security certifications (CCSP, AWS, Azure, Google Cloud etc.)Good to have Industry / academic accreditations / certifications in Security, Architecture, Network Security, Cloud or Technology disciplines preferred (e.g., CISSP, TOGAF, SABSA, CISM, CCIE etc.) Bonus if you have experience in DevSecOps, DevOps, Additional Information:- The candidate should have minimum 5 years of experience in Security Architecture Design.- This position is based in Pune.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Static Application Security Testing (SAST) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply security skills to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to assess security risks, implementing security measures, and ensuring compliance with industry standards. You will engage in proactive security assessments and work on developing strategies to mitigate potential threats, all while maintaining a focus on safeguarding information and business processes against cyber threats. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities.- Develop and implement security policies and procedures to enhance overall security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in Static Application Security Testing (SAST).- Strong understanding of secure coding practices and application security principles.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security tools and technologies for vulnerability scanning and remediation.- Knowledge of compliance frameworks and regulations related to information security. Additional Information:- The candidate should have minimum 5 years of experience in Static Application Security Testing (SAST).- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Email Security Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a detail-oriented and proactive Application Security Analyst to join our security team. The ideal candidate will have hands-on experience with Black Duck software composition analysis and a strong background in conducting thorough source code reviews to identify and mitigate security vulnerabilities. This role involves collaborating closely with development teams to ensure secure coding practices and maintaining the security posture of applications throughout the SDLC.Key Responsibilities:- Perform security assessments and vulnerability analysis of applications using Black Duck to identify open-source component risks and compliance issues.- Conduct in-depth source code reviews to detect security flaws, including injection attacks, authentication weaknesses, insecure data handling, and other common vulnerabilities.- Collaborate with developers, DevOps, and QA teams to remediate identified security vulnerabilities and integrate security controls into development processes.- Develop and enforce security policies and best practices for secure coding and application security.- Support threat modeling, risk assessments, and security testing activities throughout the software development lifecycle (SDLC).- Stay updated with the latest application security trends, vulnerabilities, tools, and mitigation techniques.- Provide security training and awareness sessions for development teams.- Create clear and concise documentation on findings, recommendations, and remediation strategies. Professional & Technical Skills: - Must To Have Skills: Proficiency in Email Security.- Strong understanding of cloud security principles and practices.- Experience with security frameworks such as NIST, ISO 27001, or CIS.- Knowledge of risk assessment methodologies and security compliance requirements.- Familiarity with incident response and threat management processes. Additional Information:- The candidate should have minimum 2 years of experience in Email Security.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Work within the Cyber security domain, focusing on the Automated security testing part of our services and improving overall security posture of products and systems for assigned business domain. You will be part of an agile team, constantly improving and automating the security posture of the cloud infrastructure. Perform threat modeling and security risk assessments. Utilizing CI/CD practices to Automate security testing tools like SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC scanning or Container scanning tools in GitHub, Azure DevOps etc You will build and operate reliable tooling to increase the visibility of cloud environments and remediate security misconfigurations. Primary Skills Experience in cloud native environments Azure,Google cloud platform Experience in working with REST APIs and API security. Good infrastructure security experience and are passionate about reducing security risks in the cloud. Experience with threat modeling, security design reviews, and security architecture. Understanding of security compliance requirements such as GDPR, NIS2, ISO27000. Experience with Kubernetes,CI/CD practices to Automate security testing tools like SAST,SCA (Software Composition Analysis).

Strong understanding of OWASP Threats classification Exp with establishing penetration testing procedures & processes. Exp with standard security tools such as Metasploit, SQLMap, Nmap, OWASP ZAP, Burp Suite etc. Stay current with evolving threats Required Candidate profile Understanding of threat modelling, vulnerability assessment, and penetration testing Exp on application & infrastructure vulnerabilities, automated/manual testing, auditing and remediation techniques

Principal Security Architect Qualification -MS/M.Tech/ME from one of the top engrneering colleges in India or abroad Experience Should have at least 15 years of experience in Information Technology related fields and should have played major technology roles in lndia or abroad. Should have a pn ven record of playing a leading role information security department in organizations. Oversee the design and development of application security architecture, auditing all modules and components (including ecosystem components) and identify the security requirements to be implemented for each module and component. Responsible for ensuring that Aadhaar applications are secure and the integrity of application components is preserved. In-depth understanding of information security requirement related to Private cloud deployment. Haye a deep understanding about the latest advances in security technologies ,including algorithms, and appliances

Job Title: Penetration Testing SME Experiance:• 5-8 Years Locatin: Bangalore Job Descriptions:Lead Penetration Testing Efforts:• Oversee the penetration testing throughout the engagement lifecycle,• ensuring comprehensive coverage and quality. o Interview application teams,• review architecture documents and agree the scope with all stakeholders.• Ensure engagements are appropriately scoped. o• Define, collect and validate the pre-requisites for each pen test engagement.• Provide technical oversight during the execution phase.• Collaborate with vendors delivering security testing engagements.o Report Security Testing Activities:• Ensure the reporting of security testing activities is tailored to the intended audience.o Engage with Stakeholders:• Convey the outcome of security testing to both technical teams and business representatives, ensuring clarity and understanding across all parties.o Support Technical Teams: Help technical teams understand technical findings and cybersecurity concepts.o Overview/Debrief Sessions: Conduct sessions before and after security testing engagements to ensure clarity and understanding.• Consult on Remediation Efforts: Advise technical teams on remediation efforts to addres

Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Static Application Security Testing (SAST) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Practitioner, you will assist in defining requirements, designing and building security components, and testing efforts. A typical day involves collaborating with cross-functional teams to ensure security measures are integrated into the development process, conducting assessments to identify vulnerabilities, and providing recommendations for improvements. You will also engage in discussions to enhance security protocols and contribute to the overall security strategy of the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify potential vulnerabilities.- Collaborate with development teams to integrate security best practices into the software development lifecycle. Professional & Technical Skills: - Must To Have Skills: Proficiency in Static Application Security Testing (SAST).- Strong understanding of secure coding practices and methodologies.- Experience with security testing tools and frameworks.- Knowledge of application security standards and compliance requirements.- Familiarity with threat modeling and risk assessment techniques. Additional Information:- The candidate should have minimum 3 years of experience in Static Application Security Testing (SAST).- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a highly skilled and experienced Senior Threat Hunter with deep expertise in Microsoft Sentinel and Microsoft Defender for Endpoint (MDE). The ideal candidate will excel in advanced KQL query writing, hypothesis-driven hunting, detection engineering, and data visualization using Sentinel Notebooks and Workbooks. This role plays a critical part in proactively identifying threats, tuning detection logic, and enhancing our overall threat hunting capabilities.Key Responsibilities:- Write and optimize advanced KQL queries to detect malicious activities in Sentinel and MDE logs.- Conduct proactive threat hunting by forming hypotheses and correlating data across M365 Defender, Sentinel, and other sources.- Use Sentinel Notebooks (Azure ML/Log Analytics) and Workbooks to visualize hunt data and share findings with stakeholders.- Leverage MDE Advanced Hunting for in-depth endpoint telemetry analysis.- Integrate threat hunting with the MITRE ATT&CK framework, mapping TTPs and identifying gaps in coverage.- Collaborate with L3 analysts and detection engineers to fine-tune existing analytics rules and hunting queries.- Create and manage Sentinel Playbooks (Logic Apps) to automate threat response and investigation workflows.- Support continuous improvement of the threat detection lifecycle by contributing to new detection use cases and threat models.- Assist in Purple Team exercises and post-incident retrospectives by contributing hunt-driven insights. Professional & Technical Skills: - 5+ years of experience in cyber threat hunting, SOC operations, or detection engineering.- Strong proficiency in Kusto Query Language (KQL) with hands-on experience in Microsoft Sentinel and MDE.- In-depth knowledge of endpoint, network, and cloud telemetry (especially Microsoft ecosystem).- Experience using Sentinel Workbooks, Notebooks, and custom analytics rule creation.- Practical experience in hypothesis-driven threat hunting and developing custom detection rules.- Familiarity with MITRE ATT&CK framework and its use in mapping attacker TTPs.- Hands-on experience with Sentinel automation workflows using Logic Apps.- Microsoft SC-200:Microsoft Security Operations Analyst- Microsoft SC-100:Microsoft Cybersecurity Architect- GIAC GCFA/GCIA/GCED (or equivalent)- AZ-500:Microsoft Azure Security Technologies- OSCP (for offensive knowledge is a plus) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the security architecture, ensuring that it meets the business requirements and performance goals. Must have skills : Application Security Architecture and Design Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the security architecture, ensuring that it meets the business requirements and performance goals. You will play a crucial role in safeguarding the organization's digital assets and ensuring data protection. Roles & Responsibilities:- Expected to be an SME, collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Lead security architecture design and implementation.- Conduct security assessments and audits.- Develop security policies and procedures.- Stay updated on the latest security trends and technologies. Professional & Technical Skills: - Must To Have Skills: Proficiency in Application Security Architecture and Design.- Strong understanding of cybersecurity principles.- Experience in threat modeling and risk assessment.- Knowledge of security frameworks such as ISO 27001 and NIST.- Hands-on experience with security tools and technologies. Additional Information:- The candidate should have a minimum of 5 years of experience in Application Security Architecture and Design.- This position is based at our Pune office.- A 15 years full time education is required. Qualification 15 years full time education

Network Vulnerability management. Occasional network pen testing Network security architect The scope of the consultant services is to assist IKEA in Understanding the network architecture of MP. Assessing the vulnerability of the infrastructure. Scanning through the various reports of network vulnerability scans. Mitigation plan and report of various network vulnerability. Guiding infrastructure team around OT security. Requirements for this position. Industry experience of around 10 to 15 yrs . Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with a focus on recommendations for enhancements or remediation Strong knowledge of: computer network defense, identity management, incident management, network security and infrastructure design Strong knowledge of cybersecurity activities associated with: requirements analysis, risk analytics and modeling, risk management; emerging issues, risks, vulnerabilities and vulnerability assessment Strong understanding of the following: networking fundamentals (all OSI layers, protocols), OS and software vulnerably and exploitation techniques, commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post exploitation (e.g. Metasploit, Nmap, Nessus, Burp Suite), and familiarity with interpreting log output from networking devices, operating systems, and infrastructure services experience or working knowledge with threat modeling methodologies such as Stride, Pasta, or comparable experience visually representing data and process flows in an enterprise environment

FICO (NYSEFICO) is a leading global analytics software company, helping businesses in 100+ countries make better decisions. Join our world-class team today and fulfill your career potential! The Opportunity "As a part of FICOs highly modern and innovative analytics and decision platform, the Senior Software Security Engineer will help shape the next generation security for FICOs Platform. You will address cutting edge security challenges in a highly automated, complex, cloud & microservices driven environments inclusive of design challenges and continuous delivery of security functionality and features to the FICO platform as well as the AI/ML capabilities used on top of the FICO platform" VP of Engineering. What Youll Contribute Secure the design of next next-generation FICO Platform, its capabilities, and services. Provide full-stack security architecture design from cloud infrastructure to application features for FICO customers. Work closely with product managers, architects, and developers on implementing the security controls within products. Develop and maintain Kyverno policies for enforcing security controls in Kubernetes environments. Collaborate with platform, DevOps, and application teams to define and implement policy-as-code best practices. Contribute to automation efforts for policy deployment, validation, and reporting. Stay current with emerging threats, Kubernetes security features, and cloud-native security tools. Define required controls and capabilities for the protection of FICO products and environments. Build & validate declarative threat models in a continuous and automated manner. Prepare the product for compliance attestations and ensure adherence to best security practices. What Were Seeking 10+ years of experience in architecture, security reviews, and requirement definition for complex product environments. Strong knowledge and hands-on experience with Kyverno and OPA/Gatekeeper (optional but a plus). Familiarity with industry regulations, frameworks, and practices. For example, PCI, ISO 27001, NIST, etc. Experience in threat modeling, code reviews, security testing, vulnerability detection, attacker exploit techniques, and methods for their remediation. Hands-on experience with programming languages, such as Java, Python, etc. Experience in deploying services and securing cloud environments, preferably AWS. Experience deploying and securing containers, container orchestration, and mesh technologies (such as EKS, K8S, ISTIO). Experience with Crossplane to manage cloud infrastructure declaratively via Kubernetes. Certifications in Kubernetes or cloud security (e.g., CKA, CKAD, CISSP) are desirable. Proficiency with CI/CD tools (e.g., GitHub Actions, GitLab CI, Jenkins, Crossplane). Independently drive transformational security projects across teams and organizations. Experience with securing event streaming platforms like Kafka or Pulsar. Experience with ML/AI model security and adversarial techniques within the analytics domains. Hands-on experience with IaC (Such as Terraform, Cloudformation, Helm) and with CI/CD pipelines (such as Github, Jenkins, JFrog). Our Offer to You An inclusive culture strongly reflecting our core valuesAct Like an Owner, Delight Our Customers and Earn the Respect of Others. The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so. An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie. Why Make a Move to FICO At FICO, you can develop your career with a leading organization in one of the fastest-growing fields in technology today Big Data analytics. Youll play a part in our commitment to help businesses use data to improve every choice they make, using advances in artificial intelligence, machine learning, optimization, and much more. FICO makes a real difference in the way businesses operate worldwide Credit Scoring FICO Scores are used by 90 of the top 100 US lenders. Fraud Detection and Security 4 billion payment cards globally are protected by FICO fraud systems. Lending 3/4 of US mortgages are approved using the FICO Score. Global trends toward digital transformation have created tremendous demand for FICOs solutions, placing us among the worlds top 100 software companies by revenue. We help many of the worlds largest banks, insurers, retailers, telecommunications providers and other firms reach a new level of success. Our success is dependent on really talented people just like you who thrive on the collaboration and innovation thats nurtured by a diverse and inclusive environment. Well provide the support you need, while ensuring you have the freedom to develop your skills and grow your career. Join FICO and help change the way business thinks! Learn more about how you can fulfil your potential at www.fico.com/Careers FICO promotes a culture of inclusion and seeks to attract a diverse set of candidates for each job opportunity. We are an equal employment opportunity employer and were proud to offer employment and advancement opportunities to all candidates without regard to race, color, ancestry, religion, sex, national origin, pregnancy, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Research has shown that women and candidates from underrepresented communities may not apply for an opportunity if they dont meet all stated qualifications. While our qualifications are clearly related to role success, each candidates profile is unique and strengths in certain skill and/or experience areas can be equally effective. If you believe you have many, but not necessarily all, of the stated qualifications we encourage you to apply. Information submitted with your application is subject to theFICO Privacy policy at https://www.fico.com/en/privacy-policy

FICO (NYSEFICO) is a leading global analytics software company, helping businesses in 100+ countries make better decisions. Join our world-class team today and fulfill your career potential! The Opportunity "As a part of FICOs highly modern and innovative analytics and decision platform, the Senior Software Security Engineer will help shape the next generation security for FICOs Platform. You will address cutting edge security challenges in a highly automated, complex, cloud & microservices driven environments inclusive of design challenges and continuous delivery of security functionality and features to the FICO platform as well as the AI/ML capabilities used on top of the FICO platform" VP of Engineering. What Youll Contribute Secure the design of next next-generation FICO Platform, its capabilities, and services. Provide full-stack security architecture design from cloud infrastructure to application features for FICO customers. Work closely with product managers, architects, and developers on implementing the security controls within products. Develop and maintain Kyverno policies for enforcing security controls in Kubernetes environments. Collaborate with platform, DevOps, and application teams to define and implement policy-as-code best practices. Contribute to automation efforts for policy deployment, validation, and reporting. Stay current with emerging threats, Kubernetes security features, and cloud-native security tools. Define required controls and capabilities for the protection of FICO products and environments. Build & validate declarative threat models in a continuous and automated manner. Prepare the product for compliance attestations and ensure adherence to best security practices. What Were Seeking 10+ years of experience in architecture, security reviews, and requirement definition for complex product environments. Strong knowledge and hands-on experience with Kyverno and OPA/Gatekeeper (optional but a plus). Familiarity with industry regulations, frameworks, and practices. For example, PCI, ISO 27001, NIST, etc. Experience in threat modeling, code reviews, security testing, vulnerability detection, attacker exploit techniques, and methods for their remediation. Hands-on experience with programming languages, such as Java, Python, etc. Experience in deploying services and securing cloud environments, preferably AWS Experience deploying and securing containers, container orchestration, and mesh technologies (such as EKS, K8S, ISTIO). Experience with Crossplane to manage cloud infrastructure declaratively via Kubernetes. Certifications in Kubernetes or cloud security (e.g., CKA, CKAD, CISSP) are desirable Proficiency with CI/CD tools (e.g., GitHub Actions, GitLab CI, Jenkins, Crossplane, ). Independently drive transformational security projects across teams and organizations. Experience with securing event streaming platforms like Kafka or Pulsar. Experience with ML/AI model security and adversarial techniques within the analytics domains. Hands-on experience with IaC (Such as Terraform, Cloudformation, Helm) and with CI/CD pipelines (such as Github, Jenkins, JFrog). Our Offer to You An inclusive culture strongly reflecting our core valuesAct Like an Owner, Delight Our Customers and Earn the Respect of Others. The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so. An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie. Why Make a Move to FICO At FICO, you can develop your career with a leading organization in one of the fastest-growing fields in technology today Big Data analytics. Youll play a part in our commitment to help businesses use data to improve every choice they make, using advances in artificial intelligence, machine learning, optimization, and much more. FICO makes a real difference in the way businesses operate worldwide Credit Scoring FICO Scores are used by 90 of the top 100 US lenders. Fraud Detection and Security 4 billion payment cards globally are protected by FICO fraud systems. Lending 3/4 of US mortgages are approved using the FICO Score. Global trends toward digital transformation have created tremendous demand for FICOs solutions, placing us among the worlds top 100 software companies by revenue. We help many of the worlds largest banks, insurers, retailers, telecommunications providers and other firms reach a new level of success. Our success is dependent on really talented people just like you who thrive on the collaboration and innovation thats nurtured by a diverse and inclusive environment. Well provide the support you need, while ensuring you have the freedom to develop your skills and grow your career. Join FICO and help change the way business thinks! Learn more about how you can fulfil your potential at www.fico.com/Careers FICO promotes a culture of inclusion and seeks to attract a diverse set of candidates for each job opportunity. We are an equal employment opportunity employer and were proud to offer employment and advancement opportunities to all candidates without regard to race, color, ancestry, religion, sex, national origin, pregnancy, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Research has shown that women and candidates from underrepresented communities may not apply for an opportunity if they dont meet all stated qualifications. While our qualifications are clearly related to role success, each candidates profile is unique and strengths in certain skill and/or experience areas can be equally effective. If you believe you have many, but not necessarily all, of the stated qualifications we encourage you to apply. Information submitted with your application is subject to theFICO Privacy policy at https://www.fico.com/en/privacy-policy

Essential knowledge• Have over 8+ years of rich experience in information security domain and at least 4-6 years of dedicated experience in Threat-hunting.• Proficiency in using threat intel platforms such as CybelAngel, ThreatConnect, Recorded Future, DarkTrace etc.• Proficiency in using SIEM and SOAR solutions.• Strong understanding of network protocols and security technologies.• Strong understanding of endpoint detection and response (EDR) tools.• Excellent analytical and problem-solving skills• Preferably worked in BFSI domain with proven experience in SOC function.• Knowledge of key security standards and regulations such as NIST 800-61, CERT/CC, ISO 27035 etc.Skills and Application• Maintaining up-to-date knowledge of security landscape, threats, attack patterns and counter measures• Assess and design threat-hunting processes through solutions, tools and methodologies• Reviewing use cases/playbooks for integrating threat-intel• Continuously monitor security hygiene and performance using tools and processes• Collaborate with other IS teams, Ops and tech teams on enhancing security incident response resilienceOther• Knowledge of evolving advanced tech stacks and related control and risk universe from a threat-hunting perspective.• The ideal candidate will have a technical or computer science degree.• Professional certifications: GCIH, CISSP, CEH,etc.

Role Purpose As a DevSecOps Consultant, you will be involved in a combination of designing & implementing transformation roadmaps, facilitation, mentoring, coaching and training teams to enable DevOps / DevSecOps adoption at scale. You should be an experienced CI-CD practitioner who has gone through the process of Agile-DevOps adoption & enablement at scale (either at an enterprise level OR at a large account level). You should have exposure and experience in one of the following CI-CD stacks - Open Source / Atlassian / Microsoft / IBM. You should also have an understanding of security practices and how to integrate the same in the engineering lifecycle Do Provide solution/consultation to implement continuous exploration, continuous integration, continuous deployment, continuous testing, and continuous monitoring and release automation solutions for all sized products. Create reference architecture for DevOps build & release automation implementation Conduct discovery workshops with customers to understand the products current state and unearth the potential issues. Implement the DevOps / DevSecOps maturity assessment framework and create operating models for subsequent DevOps / DevSecOps adoption. Analyze emerging build and release automation trends. Define reusable solutions for build & release automation which can be leveraged across customers. Provide solutions to implement enterprise infrastructure automation solutions for environment provisioning Help develop CI-CD / DevOps Practices, Tools, platforms | Build solutions and frameworks / POVs for different technologies / domain Implement and maintain DevOps / DevSecOps toolchains for both centralized and federated DevOps Coach the team to ensure DevOps adoption. Coaches engineering teams on the new Ways of Working for improved Route to Live Conduct training workshops on CI-CD/DevOps and related roles to teams and other stakeholders Help the customer to adopt to the defined engagement model to maximize the benefits. Anchor the DevOps / DevSecOps solution for large RFP's. Participate in the practiuce sales initiative for opportunity shaping and closure Mandatory Skills: Threat Modeling. Experience8-10 Years.

Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLAs (90-95%), response time and resolution time TAT Mandatory Skills: Threat Modeling. Experience3-5 Years.

Job Summary Strong understanding of security vulnerabilities and secure coding practices. Extensive work experience in implementing and managing security features such as secure boot, secure software updates, secure authentication, encryption, and other critical security-related topics. Proficiency in programming languages C, C++,Python, Java with experience applying secure coding techniques. Experience with security testing tools and CI/CD security integration. Familiarity with cloud platforms (AWS, Azure) and securing cloud-native applications and services. Experience with Hardware Security Modules (HSM) and ARM TrustZones. Experience with open source libraries such as OpenSSL Expertise in cryptography, including RSA, ECDSA, AES, PKCS Hands-on experience with Linux and Android security. Roles & Responsibilities Key Responsibilities Lead the integration of security best practices throughout the product lifecycle, including secure coding, architecture, and testing. Collaborate with product, engineering, and development teams to embed security into product designs from the beginning of the development process. Implement key security features, such as authentication, encryption, and access controls, to protect the product's data and operations. Conduct threat modeling and vulnerability assessments on new product designs and features to identify potential security risks. Develop and implement risk mitigation strategies, ensuring security controls are integrated into product architectures and design specifications. Implement and manage secure code reviews, security testing tools, and frameworks to automate security testing as part of the CI/CD pipeline. Collaborate with the security architecture team to ensure security guidelines and frameworks are consistently followed throughout the development process Education and Experience Required BE/B.Tech/ M.Tech Competencies Description Application Protocol & Engines - Linux engineer is one: who has done one or more of the following on Embedded Linux design, development/customization, bug fixing/sustenance who has experience in one or more of the following domains Multimedia Telephony Connectivity Sensor Security Platforms- Mandatory to have worked on one or more of the following: Embedded Linux Tools- Mandatory to have worked on one or more of the following; gdb/ddd; linux editors; top; ps; meminfo Languages- Mandatory to have worked on one or more of the following; C; C++ Specialization- MULTIMEDIA, CONNECTIVITY, TELEPHONY, CARRIER GRADE PLATFORM, GENERIC FRAMEWORK

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture DesignMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Specialist, you will support the implementation and validation of security measures across vehicle systems and embedded platforms. You will assist in penetration testing, contribute to threat analysis activities, and help ensure secure communication and firmware integrity in alignment with automotive cybersecurity standards. Roles & Responsibilities:Assist in the execution of penetration testing activities targeting ECUs, in-vehicle communication networks, and diagnostic services to identify common vulnerabilities and misconfigurations.Support the use of automotive security tools such as CANoe, Wireshark, Scapy, and basic fuzzing frameworks to simulate attacks and gather system responses for analysis.Collect and organize logs, analyze test outputs, and document findings to assist senior security engineers in remediation and tracking of identified issues.Execute validation of standard UDS diagnostic services, including support for testing access controls, session management, and secure diagnostic configurations.Participate in asset identification and support foundational threat modeling efforts, including contributing to risk assessments and mitigation tracking under guidance.Assist in documenting security design considerations and implementation steps in alignment with ISO/SAE 21434 and internal cybersecurity processes.Collaborate with cybersecurity, software, and validation teams to support the integration of security controls across vehicle platforms.Continuously learn and apply core concepts of automotive cybersecurity, including secure communication, ECU hardening, and regulatory standards like WP.29 and ISO 26262. Professional & Technical Skills: 5+ years of experience in embedded systems, automotive engineering, or related fields, with growing specialization in cybersecurity principles and practices.Familiarity with in-vehicle communication protocols including CAN, UDS, and DoIP, with hands-on exposure to using tools such as CANoe, Wireshark, and Scapy for traffic analysis and basic attack simulation.Foundational understanding of penetration testing methodologies, vulnerability identification, and the use of fuzzers to evaluate ECU communication robustness.Exposure to diagnostics security concepts, including secure diagnostic sessions, seed-key mechanisms, and access control layers for UDS services.Basic knowledge of cybersecurity frameworks and risk assessment methodologies such as STRIDE, HEAVENS, and ISO/SAE 21434.Experience contributing to documentation of test results, secure design inputs, and mitigation reports under guidance from senior cybersecurity engineers.Understanding of secure firmware update concepts and cryptographic basics, including symmetric/asymmetric encryption, HSM usage, and key management fundamentals.Experience working in Agile or V-model development environments, collaborating with cross-functional teams including validation, software, and systems engineering.Demonstrated eagerness to learn new cybersecurity tools, standards, and technologies relevant to modern connected vehicle platforms.Strong analytical skills and attention to detail, with the ability to follow structured testing and security validation procedures. Additional Information:3+ years experience implementing and performing Automotive CybersecurityKnowledge of tools like CANoe, Wireshark, or Ghidra.Basic understanding of ISO 21434, seed/key security, OTA updates, and cryptographic modules.This position is based at our Bengaluru officeA 15-year full-time education is requiredGood to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 6-8 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts. Roles & Responsibilities:Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments.Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces.Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components.Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols.Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses.Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware.Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware.Perform hardware penetration testing to identify vulnerabilities in electronic systems.Assess the security of medical devices, ensuring compliance with industry regulations and standards.Identify and address security risks associated with healthcare information systems and connected medical instruments.Evaluate and prioritize security risks based on potential impact and likelihood.Provide recommendations and collaborate with cross-functional teams to implement effective security controls.Stay current with emerging security threats, vulnerabilities, and testing methodologies.Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle.Document security testing processes, findings, and remediation recommendations.Generate comprehensive reports for stakeholders, including technical details and actionable insights. Professional & Technical Skills: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders.Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability.Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling.Ability to manage multiple tasks and deadlines.Hands on experience with penetration testing tools and methodologies.Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments.Knowledge of secure coding practices and the ability to review code for security vulnerabilities.Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines.Experience with threat modeling and risk assessment frameworks.Familiarity with secure development practices for embedded systems.Understanding of regulatory requirements for medical device security.Strong understanding of networking protocols, encryption, and authentication mechanisms. Additional Information:Bachelors or masters degree in engineering or computer science, Information Security, or a related field.Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP).- 5 or more years experience require in cyber security field including penetration testing, thread modeling, hardware security.- This position is based at our Bengaluru office- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : Security Architecture DesignMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Engineer, you will implement and validate security controls across in-vehicle systems, ensuring protection of ECUs, telematics units, and connected vehicle infrastructure. You will contribute to threat modeling and diagnostics hardening efforts, support penetration testing activities, and document the integration of cybersecurity measures in alignment with regulatory and technical requirements. Roles & Responsibilities:Support the development and implementation of cybersecurity controls across ECUs, telematics systems, and in-vehicle networks in alignment with ISO/SAE 21434 and company CSMS.Participate in security architecture and design reviews, contributing to the definition and validation of security requirements for embedded vehicle systems.Conduct and document threat modeling and risk assessments using methodologies such as HEAVENS, STRIDE, and custom attack graphs.Perform penetration testing and intrusion validation on in-vehicle protocols including CAN, DoIP, and Ethernet, as well as wireless interfaces such as Bluetooth and Wi-Fi.Assist in the execution of fuzz testing and vulnerability analysis using tools like CANoe, Wireshark, Scapy, and Python-based custom scripts.Contribute to the validation of secure boot mechanisms and assist in reverse engineering activities to verify firmware security compliance.Work with software and hardware teams to analyze security issues, identify root causes, and define corrective actions and mitigations.Maintain operational documentation, including test procedures, vulnerability logs, and mitigation tracking in compliance with regulatory requirements.Collaborate with cross-functional teams to integrate secure diagnostics, access control strategies, and key management protocols.Participate in internal assessments and support audit readiness for cybersecurity compliance frameworks such as UNECE WP.29 and ISO 26262. Professional & Technical Skills: Experience supporting in-vehicle cybersecurity programs with 8+ years in embedded or automotive systems development, including 34 years focused on penetration testing, diagnostics security, or secure ECU architecture.Hands-on experience conducting security testing and vulnerability assessments on vehicle communication interfaces such as CAN, DoIP, and Ethernet, as well as wireless protocols including Bluetooth, Wi-Fi, and cellular.Strong working knowledge of UDS diagnostics (ISO 14229), secure diagnostics access control, and protocol fuzzing techniques to uncover vulnerabilities in ECUs and vehicle gateways.Proficiency with security testing tools and platforms such as CANoe, Wireshark, Scapy, Python, and Ghidra for traffic analysis, custom scripting, and reverse engineering.Familiarity with cryptographic principles and practical usage of cryptographic libraries (e.g., OpenSSL, mbedTLS) and hardware security modules (HSM) for secure key storage, boot processes, and firmware authentication.Experience supporting OTA (Over-the-Air) update platforms and ensuring their secure integration using encryption, authentication, and rollback protection mechanisms.Exposure to cybersecurity development in Agile-based or V-model automotive environments, working collaboratively with software, systems, and validation teams.Knowledge of regulatory and compliance standards relevant to automotive cybersecurity, including ISO/SAE 21434, UNECE WP.29 (R155/R156), and functional safety (ISO 26262).Ability to document test cases, generate detailed security analysis reports, and provide engineering teams with clear recommendations and follow-up actions for mitigation.Demonstrated problem-solving skills and the ability to troubleshoot complex issues related to embedded systems security, communication integrity, and control system protection. Additional Information:5+ years experience implementing and performing Automotive CybersecurityExperience with AUTOSAR (Classic/Adaptive), ECU firmware security, or secure telematics units.This position is based at our Bengaluru officeA 15-year full-time education is requiredGood to have Certifications in ISO 21434, CISSP, CEH, OSCP, GICSP Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Product Security Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time educationProduct Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 4-6 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts. Roles & Responsibilities:Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments.Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces.Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components.Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols.Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses.Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware.Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware.Perform hardware penetration testing to identify vulnerabilities in electronic systems.Assess the security of medical devices, ensuring compliance with industry regulations and standards.Identify and address security risks associated with healthcare information systems and connected medical instruments.Evaluate and prioritize security risks based on potential impact and likelihood.Provide recommendations and collaborate with cross-functional teams to implement effective security controls.Stay current with emerging security threats, vulnerabilities, and testing methodologies.Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle.Document security testing processes, findings, and remediation recommendations.Generate comprehensive reports for stakeholders, including technical details and actionable insights. Professional & Technical Skills: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders.Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability.Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling.Ability to manage multiple tasks and deadlines.Hands on experience with penetration testing tools and methodologies.Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments.Knowledge of secure coding practices and the ability to review code for security vulnerabilities.Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines.Experience with threat modeling and risk assessment frameworks.Familiarity with secure development practices for embedded systems.Understanding of regulatory requirements for medical device security.Strong understanding of networking protocols, encryption, and authentication mechanisms.- Additional Information:Bachelors or masters degree in engineering or computer science, Information Security, or a related field.Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP).- 5 or more years experience require in cyber security field including penetration testing, thread modeling, hardware security.- This position is based at our Bengaluru office- A 15 years full time education is required. Qualification 15 years full time education