119 Threat Modeling Jobs - Page 5

Position : Information Security Consultant Location : Remote Experience : 5+ Years in Information Security Payrol l : Delta Sys-Tech India Type: 8hrs - Freelance (can Freelance along with Parallel work)- 40 hours in a week, 8 hours per day Job Description : Must have: - Threat Modeling - Risk Assessment - Secure Design - Application Security - Strong knowledge on AI/ML Security - Web - API - JS Security - Mobile - Cloud Security - OWASP - ASVS - NIST - Strong communication skill Nice to have: - Strong - AI/ML Engineer - Security Architecture - Development experience - Web, API , Mobile, Full Stack Developer Preferred Certification: - CISSP - CISM - OSCP

Job Description Provide expert security advisory with the goal to built-in security” Support projects by reviewing planned IT architectures and performing threat analysis to identify potential risks for IT and business environments at an early stage Derive Security Requirements gathering as part of requirements gathering for software development. Perform Threat Modeling, Define Security Measures with the project & create / further develop the Security Profile for the software. Advise to find counter measures for identification, containment and elimination of impacts. Prioritize remediation based on Threat Model and Security Requirements as well assist the development team in remediation. Provide advisories as well as contribute in the implementation of DevSecOps from Application Security perspective. Ensure effective security testing in CI/CD which includes installation of the SAST / DAST etc. as well as integration with the pipeline. Security training of Product Owners and developers Working in close collaboration with applications- and infrastructure teams Skill Requirements A strong working knowledge of Security in Software Development Lifecycle is required Prior experience in software development is desired Extensive knowledge in threat analysis methodology, Threat Modelling and Security Profile creation for application would be required. Ability to perform code review manually as well as with the help of the tools. Ability to provide low level instructions to the developers on the gap remediations. Working experience on industry leading SAST / DAST and Open-Source Scanning tools ex. Fortify, Coverity, App Scan etc. Security paradigms, -technologies and –processes e.g. STRIDE Standards e.g. ISO 2700x, NIST-standards Analytical and strategic thinking Intercultural experience Distinct customer and target orientation Qualifications Bachelor’s Degree in Computer/Information Science; Information Technology; Cyber Security Experience Around 5 to 10 years of experience in Cyber Security / Application Development / Application Testing with minimum of 3 years in Application Security Certification Industry certifications such as CISSP CSSLP etc. would be an added advantage.

Job Title Application Security/Vulnerability Management Responsibilities A day in the life of an Infoscion As part of the Infosys consulting team, your primary role would be to actively aid the consulting team in different phases of the project including problem definition, effort estimation, diagnosis, solution generation and design and deployment You will explore the alternatives to the recommended solutions based on research that includes literature surveys, information available in public domains, vendor evaluation information, etc. and build POCs You will create requirement specifications from the business needs, define the to-be-processes and detailed functional designs based on requirements. You will support configuring solution requirements on the products; understand if any issues, diagnose the root-cause of such issues, seek clarifications, and then identify and shortlist solution alternatives You will also contribute to unit-level and organizational initiatives with an objective of providing high quality value adding solutions to customers. If you think you fit right in to help our clients navigate their next in their digital transformation journey, this is the place for you! Technical and Professional Requirements: Primary skills:Application Security,Application Security->Application Risk Profiling,Application Security->Burpsuite,Application Security->Devsecops,Application Security->Ethical Hacking(CEH),Application Security->Nessus,Application Security->SSL(Secure Sockets Layer),Application Security->Threat Modeling,Application Security->Vulnerability Assessment/Penetration Testing,Application Security->Vulnerability Management,Application Security->Web Security,Application Security->Webservices Security,Application Security->Wireshark,Security testing->Vulnerability testing,Technology->Application Security->Vulnerability Management->Qualys,Technology->Application Security->Vulnerability Management->Rapid 7 Nexpose,Vulnerability Management Preferred Skills: Application Security Vulnerability Management Application Security->Vulnerability Assessment/Penetration Testing Application Security->Nessus Application Security->Vulnerability Management Application Security->Wireshark Application Security->Burpsuite Application Security->Threat Modeling Application Security->Web Security Application Security->Application Risk Profiling Application Security->Ethical Hacking(CEH) Application Security->Webservices Security Application Security->SSL(Secure Sockets Layer) Application Security->Devsecops Security testing->Vulnerability testing Technology->Application Security->Vulnerability Management->Rapid 7 Nexpose Technology->Application Security->Vulnerability Management->Qualys Additional Responsibilities: Ability to work with clients to identify business challenges and contribute to client deliverables by refining, analyzing, and structuring relevant data Awareness of latest technologies and trends Logical thinking and problem solving skills along with an ability to collaborate Ability to assess the current processes, identify improvement areas and suggest the technology solutions One or two industry domain knowledge Educational Requirements Master of Computer Science,MCA,Intergrated course BCA+MCA,Post Graduate In Computer Science Application (PGDCSA),Bachelor Of Comp. Applications,Bachelor of Comp. Sc. & Engg.,Bachelor of Engineering,BCA Service Line Cyber Security * Location of posting is subject to business requirements

Container Security 7500 containers security scanning They are all in the same repository so scanning effort should be similar whether it is 200 or 7500 Need a Snyk technical expert who has performed container scanning in the past The following experience is a must have: Snyk, AWS, AWS Fargate, Artifactory, Jenkins, SCA/SAST They have already done a lot of the work around pipeline integration Threat Modeling Experience threat modeling expert using methodology like STRIDE Thought leader in the space Put a model together to perform Threat Modeling at the organization They already have questionnaires built but need someone to mature the process Start with up to 2 applications

Are you interested in working in one of the most impactful areas of technology in the world today? Do you want to build generative AI skills while working on a project to transform the most mission-critical IT workloads for organizations that power the global economy? Come join the team that is at the intersection of cutting-edge gen AI and mainframe software development, a key strategic pillar for IBM. As a Gen AI Transformation developer, you will leverage a highly tuned state-of-the-art large language model to transform code from one input source language to another. Role and Responsibilities Analyzing potential areas where non-compliance could occur and proposing mitigation strategies. Creating and updating company policies and procedures to reflect regulatory requirements. Providing compliance training to employees on relevant policies and procedure. Assessing potential security risks and prioritizing mitigation strategies, including PSIRTs and CSIRTs. Develop automation that will improve the reporting, including the creation of dashboards Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise 2+ Years of IT experience. The candidate must have demonstrated: Working knowledge of security concepts including IT security standards, threat modeling, access management, risk analysis. Familiarity with actioning non-compliances, such as vulnerabilities and proposing mitigation strategies Abilities to respond to potential cyber threats through vulnerability scanning, analyzing network traffic, and staying updated on emerging security trends Basic knowledge of security tools Preferred technical and professional experience The candidate should ideally have working knowledge of: Industry regulations and laws to identify potential compliance issues, including: HIPAA, NIST, SOC 2, FISMA, FedRamp, Privacy requirements. Interacting with external agencies to address compliance inquiries and audits. Typical security processes, product lifecycle, penetration testing, architectural diagrams and threat modeling.

Job Summary: As a Security Software Designer, you will be responsible for designing, developing, and implementing software solutions that protect systems and networks from cyber threats. You will work closely with cross-functional teams to ensure that security is integrated into every phase of the software development lifecycle. Primary responsibilities: 1. Carry security assessment Complying to Wabtec CATO requirements on Embedded Product Using Threat Model, Threat & Risk Analysis and vulnerability analysis. 2. Bring up the Security Architecture and Design as per the Need of the project to mitigate/Remediate the threats and Get final Cybersecurity approval for Release. 3. Design and Develop the Secure Embedded software applications 4. Analyze and propose mitigation for Security scan results - SAST,DAST,SCA and FST requirements. 5. Collaborate with Development team of Different Product lines to propose and integrate the secure Practices in product design lifecycle Qualification / Requirement: Bachelors/Masters degree in CS/E&C/IS with Overall Working experience of 8+ Years in Embedded System with Cybersecurity Proven experience in Secure software design development with security practices. Strong understanding of security protocols, cryptography, and secure coding techniques. Excellent problem-solving skills and attention to detail. Essential Requirements: Very strong technical knowledge on Secure Embedded system Design and Implementation in Bear Metal & Embedded Linux Secure Boot, Serial, USB, Ethernet and IoT Hands experience with Programming Language C, C++ and Python Secure Design Patterns & Principles, Standards IEC62443, NIST 800 Standard OWSAP, CWE Working experience with Network Protocols, network Infrastructure and services in Embedded Linux Firewalls, Router, Switches, VPN, HTTP, SH,SFTP,FTP,TFTP,SNMP,DHCP,MQTT,MQTTS,NTP etc Cryptographic Concept - Storage of passwords, accounts, keys, Certificates use, Crypto Key Management, Key Generation and Key Usage Desired Requirements : Sound Knowledge on the Network Security Protocols HTTPS, SSL,TLS Authentication and Authorization Gitlab Repository and Pipeline Concept Design and Development experience in FPGA, PLC, Cloud and IOT based secure systems Study and Propose best Security design Solution to meet the project needs Understand and Comply to customer proposed security Requirements and Standards Risk Assessment Security Scan tools Knowledge Polaris, Blackduck etc Ability to perceive the system knowledge and Analyse the Threat Surface and Vector of threat Proficient enough to Propose and Conceptualize the Security solution based on the Technology domain Work Model: Hybrid (3 Days a week), May change from time to time based on the Organization policies Travel: Domestic/International- Minimal Based on project need Physical Requirement: Shall be able to be work on hybrid model at Bengaluru facility and collaborate with team members Efficient enough to work long hours on Laptop/System as required by project needs.

Project Role : Enterprise Technology Architect Project Role Description : Support sales teams in solution development, managing an internal matrix team to scope and price solutions. Lead customers through the design process. Work directly with Internal Accenture Domain Architects, Partner Architects, Client Architects, and Accenture project teams to design solutions. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NA Minimum 7.5 year(s) of experience is required Educational Qualification : Bachelors or above degree in a related field or equivalent full-time course Project Role:Cloud Security Architect Summary :Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.Must have skills:Managed Cloud Security Services, Threat modeling. Roles & Responsibilities: Designing and implementing cloud security strategies and policies that meet an organization's specific needs. Ensuring the security of cloud-based data and applications against unauthorized access, theft, and other threats. Conducting regular security assessments and audits to identify vulnerabilities and develop plans to address them. Collaborating with other IT professionals, including network engineers, developers, and system administrators, to integrate cloud security measures into existing systems and processes. Staying up to date on the latest cloud security technologies, trends, and best practices.Professional & Technical Skills Must Have:Experience in cloud security, focusing on designing and implementing secure cloud computing solutions. Must Have:Experience with risk assessment, threat modeling, and vulnerability management. A strong understanding of cloud computing technologies, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Familiarity with cloud security platforms like Microsoft Azure, Amazon Web Services, and Google Cloud Platform. Strong analytical and problem-solving skills, with an ability to think strategically and tactically about complex cloud security issues. Excellent communication skills, including communicating complex technical concepts to non-technical stakeholders. Good to Have Skills:Certifications such as Certified Cloud Security Professional (CCSP), Certified Information Systems Security Professional (CISSP), or Certified Cloud Architect (CCA) are preferred. Qualification Bachelors or above degree in a related field or equivalent full-time course

Project Role : Technology Consulting Practitioner Project Role Description : Advises, leads and works on high impact activities within the systems development lifecycle,and provides advisory work for the IT function itself. Must have skills : Oracle Utilities Meter Data Management (MDM) Good to have skills : Oracle Utilities Work And Asset Management Minimum 5 year(s) of experience is required Educational Qualification : Should have completed Graduation from reputed College/University Summary :As an Oracle Utilities Meter Data Management (MDM) Technology Consulting Practitioner, you will be responsible for advising, leading, and working on high-impact activities within the systems development lifecycle. Your typical day will involve providing advisory work for the IT function itself and delivering impactful data-driven solutions. Roles & Responsibilities: Lead and manage the implementation of Oracle Utilities Meter Data Management (MDM) solutions for clients. Provide advisory services to clients on the best practices for Oracle Utilities Meter Data Management (MDM) implementation. Collaborate with cross-functional teams to ensure successful delivery of Oracle Utilities Meter Data Management (MDM) solutions. Develop and maintain strong relationships with clients and stakeholders to ensure customer satisfaction and repeat business. Stay updated with the latest advancements in Oracle Utilities Meter Data Management (MDM) and related technologies, integrating innovative approaches for sustained competitive advantage. Professional & Technical Skills: Must To Have Skills:Expertise in Oracle Utilities Meter Data Management (MDM). Good To Have Skills:Experience with Oracle Utilities Work And Asset Management. Strong understanding of the systems development lifecycle and related methodologies. Experience in leading and managing the implementation of Oracle Utilities Meter Data Management (MDM) solutions. Excellent communication and interpersonal skills to effectively collaborate with cross-functional teams and clients. Ability to stay updated with the latest advancements in Oracle Utilities Meter Data Management (MDM) and related technologies. Additional Information: The candidate should have a minimum of 5 years of experience in Oracle Utilities Meter Data Management (MDM). The ideal candidate will possess a strong educational background in technology consulting, computer science, or a related field. This position is based at our Gurugram office. Qualifications Should have completed Graduation from reputed College/University

Project Role : Security Delivery Practitioner Project Role Description : Assist in defining requirements, designing and building security components, and testing efforts. Must have skills : Security Architecture Design Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : 15 years of full time education Summary :As a Security Delivery Practitioner, you will be responsible for assisting in defining requirements, designing and building security components, and testing efforts related to Security Architecture Design. Your typical day will involve working with the Security team, analyzing security requirements, and designing security solutions to meet those requirements. Roles & Responsibilities: Assist in defining security requirements and designing security solutions to meet those requirements. Collaborate with cross-functional teams to ensure security solutions are integrated into the overall project plan. Conduct security assessments and provide recommendations for improving security posture. Develop and maintain security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices. Professional & Technical Skills: Must To Have Skills:Strong understanding of Security Architecture Design. Good To Have Skills:Experience with security technologies such as firewalls, intrusion detection/prevention systems, and vulnerability scanners. Experience with security frameworks such as ISO 27001, NIST, and CIS Controls. Knowledge of cloud security best practices and experience with cloud security technologies. Experience with security risk assessments and threat modeling. Strong analytical and problem-solving skills. Additional Information: The candidate should have a minimum of 3 years of experience in Security Architecture Design. The ideal candidate will possess a strong educational background in computer science, information technology, or a related field, along with relevant security certifications such as CISSP, CISM, or CCSP. This position is based at our Bengaluru office. Qualification 15 years of full time education

Project Role : Technology Consulting Practitioner Project Role Description : Advises, leads and works on high impact activities within the systems development lifecycle,and provides advisory work for the IT function itself. Must have skills : Oracle Utilities Meter Data Management (MDM) Good to have skills : Oracle Utilities Work And Asset Management Minimum 5 year(s) of experience is required Educational Qualification : Should have completed Graduation from reputed College University Summary :As a Technology Consulting Practitioner, you will be responsible for advising, leading, and working on high-impact activities within the systems development lifecycle. Your typical day will involve providing advisory work for the IT function itself, and working with Oracle Utilities Meter Data Management (MDM) to ensure seamless integration and delivery of technology solutions. Roles & Responsibilities: Lead the design, development, and implementation of Oracle Utilities Meter Data Management (MDM) solutions for clients, ensuring seamless integration with existing systems. Provide expert advice and guidance to clients on the best practices for implementing Oracle Utilities Meter Data Management (MDM) solutions, and ensure that all solutions meet client requirements. Collaborate with cross-functional teams to ensure that all Oracle Utilities Meter Data Management (MDM) solutions are delivered on time, within budget, and to the highest quality standards. Develop and maintain strong relationships with clients, and act as a trusted advisor on all matters related to Oracle Utilities Meter Data Management (MDM) solutions. Stay up-to-date with the latest trends and developments in Oracle Utilities Meter Data Management (MDM) and related technologies, and apply this knowledge to drive innovation and continuous improvement. Professional & Technical Skills: Must To Have Skills:Strong experience in Oracle Utilities Meter Data Management (MDM) and related technologies. Good To Have Skills:Experience with Oracle Utilities Work And Asset Management. Experience in leading the design, development, and implementation of Oracle Utilities Meter Data Management (MDM) solutions. Strong understanding of the systems development lifecycle, and experience in providing advisory work for the IT function. Excellent communication and interpersonal skills, with the ability to build strong relationships with clients and stakeholders. Proven ability to work effectively in cross-functional teams, and to deliver projects on time, within budget, and to the highest quality standards. Additional Information: The candidate should have a minimum of 5 years of experience in Oracle Utilities Meter Data Management (MDM). The ideal candidate will possess a strong educational background in computer science, engineering, or a related field, along with a proven track record of delivering impactful technology solutions. This position is based at our Kolkata office. Qualification Should have completed Graduation from reputed College University

Preferred candidate profile - Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE Experience with application security controls (Web, API, Mobile, AI) Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS. Experience with Application Security design and DevSecOps Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications. Experience with Java, Java script and mobile application development. Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases Experience with Cloud security, architecture, design, implementation, and operations- Exposure to IAM Controls (OAuth 2.0, OIDC, JWT) Strong familiarity with Cryptography Controls (Data at rest, in motion).- CISSP, CISM, CSSLP, CISA, CRISC, OSCP

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : NA Minimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Job Description:Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 6-8 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts.Key responsibilities: Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments. Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces. Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components. Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols. Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses. Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware. Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware. Perform hardware penetration testing to identify vulnerabilities in electronic systems. Assess the security of medical devices, ensuring compliance with industry regulations and standards. Identify and address security risks associated with healthcare information systems and connected medical instruments. Evaluate and prioritize security risks based on potential impact and likelihood. Provide recommendations and collaborate with cross-functional teams to implement effective security controls. Stay current with emerging security threats, vulnerabilities, and testing methodologies. Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle. Document security testing processes, findings, and remediation recommendations. Generate comprehensive reports for stakeholders, including technical details and actionable insights.Technical experience: Hands on experience with penetration testing tools and methodologies. Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments. Knowledge of secure coding practices and the ability to review code for security vulnerabilities. Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines. Experience with threat modeling and risk assessment frameworks. Familiarity with secure development practices for embedded systems. Understanding of regulatory requirements for medical device security. Strong understanding of networking protocols, encryption, and authentication mechanisms.Professional attributes: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders. Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability. Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling. Ability to manage multiple tasks and deadlines. Qualifications: Bachelor's or master's degree in engineering or computer science, Information Security, or a related field. Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP). Qualifications 15 years full time education

Project Role : Technology Consulting Practitioner Project Role Description : Advises, leads and works on high impact activities within the systems development lifecycle,and provides advisory work for the IT function itself. Must have skills : SAP FI CO Finance Good to have skills : SAP FI S/4HANA Accounting Minimum 3 year(s) of experience is required Educational Qualification : Any professional Degree with 10 to 15 years of exp Summary :As a Technology Consulting Practitioner, you will advise, lead, and work on high-impact activities within the systems development lifecycle, providing advisory work for the IT function itself. Your day will involve strategic planning, collaborating with cross-functional teams, and implementing innovative solutions. Roles & Responsibilities: Expected to perform independently and become an SME. Required active participation/contribution in team discussions. Contribute in providing solutions to work-related problems. Lead and manage project deliverables effectively. Collaborate with stakeholders to gather requirements and provide technical solutions. Develop and implement SAP FI CO Finance solutions. Provide guidance and mentorship to junior team members. Stay updated with industry trends and best practices. Professional & Technical Skills: Must To Have Skills:Proficiency in SAP FI CO Finance. Good To Have Skills:Experience with SAP FI S/4HANA Accounting. Strong understanding of financial processes and systems. Knowledge of SAP integration with other modules. Experience in configuring and customizing SAP FI CO modules. Ability to troubleshoot and resolve technical issues efficiently. Additional Information: The candidate should have a minimum of 3 years of experience in SAP FI CO Finance. This position is based at our Gurugram office. A professional degree with 10 to 15 years of experience is required. Qualifications Any professional Degree with 10 to 15 years of exp

Skills: Expertise in application security frameworks and best practices, including OWASP, secure coding standards, and threat modelling. Proficiency in security assessment tools and techniques, including static and dynamic analysis, penetration testing, and code review. Strong understanding of secure software development life cycle (SDLC) processes and methodologies. Knowledge of common security vulnerabilities and how to mitigate them, including SQL injection, XSS, CSRF, and other application-layer attacks. Familiarity with authentication and authorization mechanisms, such as OAuth, SAML, JWT, and other identity management protocols. Experience with secure API development and web services security. Understanding of cryptography principles, including data encryption, hashing, and key management. Ability to design and implement security controls for cloud-native applications and microservices architectures. Strong problem-solving skills and the ability to work collaboratively with development teams, DevOps, and other stakeholders. Experience: 3-5 years of experience in application security or software development with a focus on security. 5 years of experience in information security or related roles. Experience in conducting security assessments and vulnerability management for applications. Scope of Work: Lead the design and implementation of secure software architectures for the organization's applications. Develop and enforce application security policies, procedures, and best practices. Conduct security assessments of applications, including vulnerability assessments, penetration testing, and code reviews. Collaborate with development teams to integrate security into the software development life cycle (SDLC) and ensure secure coding practices. Identify and mitigate security vulnerabilities in both new and existing applications. Provide guidance on secure design patterns, threat modelling, and risk assessment for applications. Review and approve security requirements and technical specifications for application projects. Develop and implement strategies for secure API development and integration. Work with DevOps teams to integrate security tools and practices into CI/CD pipelines. Stay current with emerging application security technologies, trends, and best practices. Educate and train development teams on application security principles and practices. Collaborate with other security teams, such as network security, OS security, and incident response, to ensure a cohesive security strategy. Develop and maintain documentation for application security controls, processes, and procedures. Participate in incident response activities related to application security breaches and vulnerabilities. Provide regular reports and metrics on application security posture and improvements.

We are looking for C/C++ programming, Cryptography, Threat modelling, Penetration testing, knowledge of vehicle electrical architecture and vulnerabilities, Embedded Linux, Python is added advantage. Threat modeling at the vehicle level, and also the ECU level Influencing the architecture design of new features (embedded, cloud and mobile) to ensure that our security needs can be met Identifying and implementing cryptographic security controls Providing technical leadership to teams to help them grow their security capability Developing tools and frameworks that make it easy for teams to adopt security Performing penetration testing on new products to find vulnerabilities Driveembeddedcybersecurity requirements into new product programs - Drive process improvements. Ideate and deploy innovative solutions in implementing the security in automotiveembeddedSoftware development 6+ years of experience withembeddedsystems/software engineering and/or IoT systems 3+ years of experience with leading and creating a vision for a team, and communication with leadership 5+ years of experience in development ofembeddedapplications in C or C++ 5+ years of experience with Agile practices Experience with Linux distributions Experience with applying cryptographic concepts in theembeddedspace Experience interpreting and applying standards (e.g. ISO 21434) and specifications in theembeddedsoftware space Experience withembeddedLinux and other Real Time Operating Systems (RTOS) Experience in the application of cryptographic security controls forembeddedsystems Experience in the development ofembeddedsystems for vehicles Experience in the development of IoT devices Experience performing penetration testing ofembeddedsystems PKI experience Experience in a DevOps role Developed AWS-native applications Understanding of FTP, TLS, UDP, PCI/IP Bachelor's degree Computer Engineering, Cyber Security / Security Engineering, Computer Science, Electronics Engineering or equivalent experience Advanced degree is a plus

Greetings from BCforward INDIA TECHNOLOGIES PRIVATE LIMITED. Contract To Hire(C2H) Role Location: Bangalore Payroll: BCforward Work Mode: Hybrid JD 5+ Years of Security experience Threat Modeling , Risk Assessment, Secure Design, Application Security Strong knowledge on AI/ML Security, Web , API , JS Security, Mobile, Cloud Security OWASP , ASVS , NIST Strong communication skill. CSSP Certification Please share your Updated Resume, PAN card soft copy, Passport size Photo & UAN History. Interested applicants can share updated resume to g.sreekanth@bcforward.com Note: Looking for Immediate to 30-Days joiners at most.

Responsibilities Experience of SQL & advance SQL . Develop and implement data governance policies, standards, and procedures to ensure data quality and complianceSecurity Excellent communication and problem-solving skills Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4-7 yrs of exp, 3 + yrs of relevant experience Experience with data quality tools and data management software Experience in Data Management (Data Quality, Data Governance)Threat Modeling. Experience with data visualization and reporting tools (Tableau) Preferred technical and professional experience Excellent communication and problem-solving skills.. Thorough understanding of SQL & advance SQL . Develop and implement data governance policies, standards, and procedures to ensure data quality and compliance

Deeply experienced in Threat Intelligence & Threat Hunting, with a focus on Cloud/SaaS threats. Strong understanding of phishing, cloud-native threats, and adversary TTPs targeting identity and email security. Data-driven mindset, with experience analyzing large datasets using SQL, PySpark, and other query-based analysis tools. Skilled at bridging threat intelligence with engineering teams, ensuring insights translate into effective security controls. Comfortable working in agile, cross-functional teams, driving threat research into practical security improvements. Proven ability to present complex technical concepts to both technical and non-technical audiences. Results-driven, highly collaborative, self-motivated, and adaptable in fast-paced environments. What you will do Threat Hunting & Threat Intelligence Perform threat hunting and investigative research in Cloud/SaaS environments, focusing on email security, phishing, and account takeovers. Identify MFA bypass techniques, phishing infrastructure, and cloud-native attack methods targeting enterprise SaaS environments. Fuse internal telemetry, OSINT, and third-party intelligence sources to uncover and disrupt evolving threat actor campaigns. Develop threat models and attack hypotheses to identify new cloud-focused attack vectors. Conduct incident triage and investigative support for escalated incidents, providing internal teams with expertise on threat actors tools, techniques, and procedures (TTPs). Detection Engineering Collaborate with R&D and Engineering teams to translate threat intelligence into scalable detections and mitigations. Design and refine cloud threat detection logic, hunting queries, and behavioral analytics to identify attacker activity. Analyze phishing toolkits, adversary infrastructure, and cloud-native attack methodologies to enhance proactive defenses. Work with product security teams to improve email security and identity protection mechanisms in Cloud/SaaS platforms. Security Research Track and analyze threat actor groups, phishing campaigns, and cloud-based attack methodologies. Provide technical intelligence briefings to R&D and Engineering teams to inform security product improvements. Partner with internal stakeholders to evaluate emerging threats and recommend security enhancements for SaaS environments. Must Haves Deep Expertise: 5+ years in cyber threat intelligence, threat hunting, or security research. 3+ years of experience in threat hunting and threat research within cloud ecosystems. Expertise in cloud security, SaaS-based attacks, and email security threats (ATO, BEC, phishing, MFA bypass, etc.). Strong data analysis skills with experience using SQL, PySpark, or other query languages to investigate large-scale threats. Deep understanding of MITRE ATT&CK, phishing tactics, and adversary infrastructure analysis. Hands-on experience with email security platforms, cloud threat analytics, and security automation Collaborative Mindset: Ability to work cross-functionally with other departments such as R&D, Engineering, and Operations to achieve comprehensive cybersecurity coverage. Nice to Have Security certifications (GCTI, GCFA, CISSP, or similar). Experience in security engineering, cloud-native security, or advanced detection development. Background in threat modeling, adversary emulation, or attacker TTP analysis. Experience working in high-scale SaaS environments, analyzing large security datasets.

Experience in working with Bluetooth profiles and ability to do analyze air traces to root cause issues Experience in Automotive Infotainment Domain Experience in Modern C++14/17, OOPs, Design patterns. Knowhow with coding guidelines/standards (e.g. MISRA C/C++, CERT C/C++) Experience in Multi-Threading, IPC, RPC:Thrift, DBUS, gRPC, Sockets. Experience in Build tools like Make, CMake and Git workflow. Experience in Linux, GDB, Valgrind, System Debugging skills. Experience with Test-Driven Development, Google-Test, Robot Framework, Python. Shell Understanding Infotainment System Architecture, Design Principles. Know how on Agile Frameworks and tools:Scrum/Kanban, JIRA, Confluence, TMX, R4J Nice to have Experience with Embedded Linux / Yocto/ QNX Knowledge of ASPICE V-Model Processes. Understanding/Experience in containers, hyper visor, virtualization. Experience in Media player, Bluetooth, IAP, Android auto, Device manager, Remote UI. Experience with DevOps-CI/CD. Experience with AppArmour, Threat Modeling, TrustZone, Ability to understand and address Bluetooth security vulnerabilities reported by various research organizations.