489 Threat Modeling Jobs - Page 5

Job Title: Senior Security Engineer Role Overview: The Senior Security Engineer is responsible for the secure design, development, and operation of Skyhigh products and services. This role involves a mix of proactive security design, vulnerability management, and incident response, with a strong focus on maintaining and enforcing compliance standards. You will be a key contributor to our security posture, working closely with cross-functional teams to embed security best practices throughout the entire development lifecycle. Responsibilities: As our Senior Security Engineer you'll play a pivotal role in architecting and securing our entire software ecosystem. You'll partner with engineering teams across the organization, influencing the design and development of our products to ensure they are secure by default. You'll be a key driver in maintaining our coveted security certifications, ensuring our platform adheres to stringent standards like FedRAMP and SOC 2. This is a high-impact, proactive role that goes beyond just finding flaws. You'll be instrumental in building security into our development process, from threat modeling and secure design to managing our vulnerability remediation lifecycle. You'll serve as a trusted advisor and subject matter expert, working collaboratively with all engineering teams to cultivate a robust security culture and empower them with the knowledge and tools to write secure code. Qualifications: 5 to 8 years of expertise in application security principles, methodologies, and common attack vectors (e.g., OWASP Top 10). You have hands-on experience with a variety of security tools for static and dynamic analysis (SAST/DAST) and vulnerability management. Passionate about DevSecOps and skilled in automating security tasks, integrating tools into CI/CD pipelines, and developing security policies for Infrastructure as Code (IaC). Natural problem-solver with a knack for incident detection, triage, and root cause analysis. You can provide practical, effective remediation plans for security issues across the stack. Excellent communicator who can influence and guide engineers and leadership without direct authority. You enjoy educating others and serving as a subject matter expert to build a strong security culture.

About The Role Project Role : Security Advisor Project Role Description : Provide enterprise-level advice to make organizations cyber resilient. Assist in navigating the complex landscape of cyber threats, ensuring robust digital asset protection while maintaining trust with stakeholders. Must have skills : Product Security Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Advisor, you will provide enterprise-level advice to make organizations cyber resilient. Your typical day will involve engaging with various stakeholders to assess their security posture, identifying vulnerabilities, and recommending strategies to enhance their defenses against cyber threats. You will also facilitate discussions on best practices and ensure that digital assets are protected while fostering trust within the organization and with external partners. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Conduct regular security assessments and audits to identify potential risks.- Develop and implement security policies and procedures to enhance organizational resilience. Professional & Technical Skills: - Must To Have Skills: Proficiency in Product Security.- Experience with threat modeling and risk assessment methodologies.- Strong understanding of security frameworks and compliance standards.- Ability to analyze security incidents and develop response strategies.- Familiarity with security tools and technologies for vulnerability management. Additional Information:- The candidate should have minimum 12 years of experience in Product Security.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Program Control Services Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and address any emerging challenges in the cloud environment, contributing to a secure and efficient operational landscape. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Assist in the development and maintenance of security policies and procedures.- Evaluate and recommend security technologies and solutions to enhance cloud security. Professional & Technical Skills: - Must To Have Skills: Proficiency in Program Control Services.- Good To Have Skills: Experience with cloud security frameworks and compliance standards.- Strong understanding of risk management and threat modeling.- Experience in implementing security controls in cloud environments.- Familiarity with security assessment tools and methodologies. Additional Information:- The candidate should have minimum 3 years of experience in Program Control Services.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Endpoint Protection Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture in the cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in cloud security.- Monitor and evaluate the effectiveness of implemented security measures and recommend improvements. Professional & Technical Skills: - Must To Have Skills: Proficiency in Endpoint Protection.- Strong understanding of cloud security principles and frameworks.- Experience with security architecture design and implementation.- Knowledge of compliance standards and regulations related to cloud security.- Familiarity with risk assessment methodologies and threat modeling. Additional Information:- The candidate should have minimum 7.5 years of experience in Endpoint Protection.- This position is based in Coimbatore.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 15 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture in the cloud environment. Roles & Responsibilities:- Expected to be a Subject Matter Expert with deep knowledge and experience.- Should have influencing and advisory skills.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team understanding of cloud security practices.- Evaluate emerging security technologies and recommend enhancements to existing security frameworks. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and best practices.- Experience with security incident response and management.- Knowledge of compliance frameworks and regulatory requirements.- Familiarity with risk assessment methodologies and threat modeling. Additional Information:- The candidate should have minimum 15 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Endpoint Protection Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitate the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide insights that enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Assist in the development and refinement of security policies and procedures.- Evaluate and recommend security technologies and tools to enhance cloud security. Professional & Technical Skills: - Must To Have Skills: Proficiency in Endpoint Protection.- Good To Have Skills: Experience with cloud security frameworks and compliance standards.- Strong understanding of risk assessment methodologies and threat modeling.- Experience in implementing security controls in cloud environments.- Familiarity with incident response and security monitoring tools. -Microsoft Defender and KQL queries Additional Information:- The candidate should have minimum 3 years of experience in Endpoint Protection.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Product Security Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to assess security risks, implementing protective measures, and ensuring compliance with security policies. You will engage in proactive monitoring of systems and respond to potential threats, all while maintaining a focus on safeguarding information and business processes against cyber threats. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular security assessments and audits to identify vulnerabilities.- Develop and implement security policies and procedures to enhance organizational security. Professional & Technical Skills: - Must To Have Skills: Proficiency in Product Security.- Good To Have Skills: Experience with threat modeling and risk assessment.- Strong understanding of security frameworks and compliance standards.- Experience with security tools and technologies for monitoring and incident response.- Knowledge of secure coding practices and application security testing. Additional Information:- The candidate should have minimum 3 years of experience in Product Security.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Advisor Project Role Description : Provide enterprise-level advice to make organizations cyber resilient. Assist in navigating the complex landscape of cyber threats, ensuring robust digital asset protection while maintaining trust with stakeholders. Must have skills : Product Security Good to have skills : NA Minimum 12 Year(s) Of Experience Is Required Educational Qualification : 15 years full time education Summary: As a Security Advisor, you will provide enterprise-level advice to make organizations cyber resilient. Your typical day will involve engaging with various stakeholders to assess their security posture, identifying vulnerabilities, and recommending strategies to enhance their defenses against cyber threats. You will also facilitate discussions on best practices and ensure that digital assets are protected while fostering trust within the organization and with external partners. Roles & Responsibilities: - Expected to be an SME. - Collaborate and manage the team to perform. - Responsible for team decisions. - Engage with multiple teams and contribute on key decisions. - Expected to provide solutions to problems that apply across multiple teams. - Conduct regular security assessments and audits to identify potential risks. - Develop and implement security policies and procedures to enhance organizational resilience. Professional & Technical Skills: - Must To Have Skills: Proficiency in Product Security. - Experience with threat modeling and risk assessment methodologies. - Strong understanding of security frameworks and compliance standards. - Ability to analyze security incidents and develop response strategies. - Familiarity with security tools and technologies for vulnerability management. Additional Information: - The candidate should have minimum 12 years of experience in Product Security. - This position is based at our Hyderabad office. - A 15 years full time education is required. Show more Show less

Enterprise Security Engineer (P3) Location: Bangalore, India Who We Are: Aviatrix is the cloud network security company trusted by more than 500 of the worlds leading enterprises. As cloud infrastructures become more complex and costly, the Aviatrix Cloud Network Security platform gives companies back the power, control, security, and simplicity they need to modernize their cloud strategies. Aviatrix is the only secure networking solution built specifically for the cloud, that ensures companies are ready for AI and whats next. Combined with the Aviatrix Certified Engineer (ACE) Program, the industrys leading secure multicloud networking certification, Aviatrix unifies cloud, networking, and security teams and unlocks greater potential across any cloud. About the Role: This mid-to-senior-level role is critical for enhancing the security posture of our enterprise systems and ensuring a robust defense against evolving threats. As a key team member, you will drive security initiatives, collaborate with our Detection and Response team, and address complex challenges in a fast-paced, innovative environment. This position requires a self-starter with a strong foundation in enterprise and cloud security, coupled with a track record of learning and adapting to emerging security trends. Responsibilities: Cloud & Infrastructure Security: Architect, deploy, and maintain security measures across Aviatrixs multi-cloud environments (AWS, Azure, GCP), including infrastructure hardening, configuration reviews, and continuous monitoring. Application & AI Security Review: Conduct security assessments of business-critical applications and AI/ML deploymentsperform threat modeling, secure code reviews, dependency scanning, and penetration tests to identify and remediate vulnerabilities. Platform & Tool Management: Design, configure, and manage core security platforms (SSO, IAM, MDM, SIEM, EDR/NDR, email security) to enforce policies consistently across both applications and infrastructure. Network Defense & Threat Detection: Evaluate, integrate, and optimize network security technologies (firewalls, IDS/IPS, VPNs) to strengthen protections against ransomware, DDoS, insider threats, and data leakage. Incident Response & SOC Partnership: Collaborate with the SOC to triage, investigate, and remediate incidents affecting applications or infrastructure, driving rapid response and post-incident learning. Security Automation & Enablement: Develop automation workflows using Python and AWS Lambda to support security operations, incident response, and compliance tasks. Phishing Defense & User Education: Design and execute phishing simulation campaigns, analyze results, and lead user education initiatives to improve security awareness across the organization. Requirements: Demonstrated experience conducting in-depth cloud infrastructure security reviewsassessing configurations, network architectures, and control implementations to identify and remediate risks. Hands-on experience architecting and securing cloud applications deployed in AWS, with familiarity in other CSPs such as Azure and OCI, and knowledge of each platforms native security services and best practices. Strong background in application and AI security: threat modeling, secure code reviews, dependency scanning, and penetration testing of business-critical applications. Solid understanding of network defense and threat detection technologies (firewalls, IDS/IPS, VPNs) and proven track record mitigating ransomware, DDoS, insider threats, and data loss. Experience with infrastructure-as-code (Terraform, CloudFormation) and CI/CD pipelines to drive automated, secure deployments. Proficiency in Python and experience building security automation using AWS Lambda. Experience designing and managing phishing simulations and leading user security awareness programs. Experience partnering with SOC teams on incident response, investigation workflows, and post-incident lessons learned. Excellent communicator and mentor, capable of sharing best practices, coaching junior engineers, and driving cross-functional security awareness. Relevant certifications are highly desirable, such as CISSP, CISM, CCSP, AWS Certified Security Specialty, Azure Security Engineer Associate, or equivalent. Show more Show less

We are seeking a highly experienced Senior Software Security Architect to lead the design and enforcement of robust security architectures across our AI and machine learning platforms. This role focuses on ensuring the secure design, implementation, and operation of AI systems, including agentic AI, large language model (LLM) integrations, and machine learning pipelines-while aligning with modern DevSecOps and enterprise compliance standards. Key Responsibilities: Architect Secure AI Systems: Design end-to-end security for AI/ML systems, including model training pipelines, data ingestion workflows, inference APIs, and agentic AI orchestration (e.g., using n8n, LangChain, Azure ML, etc.). Threat Modeling & Risk Assessment: Conduct in-depth threat modeling and risk assessments for AI applications, including adversarial attacks, model poisoning, data leakage, prompt injection, and misuse of LLMs. Policy & Governance: Establish and enforce AI-specific security policies including Model Context Protocol (MCP) integration, audit trails, data access controls, and responsible AI guidelines. Secure Code & Infrastructure: Guide engineering teams on secure development practices for AI workloads running on cloud-native infrastructure (e.g., Kubernetes, Azure, AWS, GCP) and integrating with vector databases and APIs. Data Privacy & Compliance: Ensure AI systems comply with regulatory and industry standards (GDPR, NIST, ISO 27001, etc.), with a focus on data provenance, lineage, and user privacy. Tooling & Automation: Evaluate and implement security automation tools (e.g., SAST/DAST, SBOM scanning, model validation, AI-specific security tools) within CI/CD pipelines. Incident Response & Monitoring: Define AI-specific observability and response strategies for misuse, model drift, unauthorized access, and data exfiltration. Cross-Team Leadership: Collaborate with platform engineers, AI/ML teams, enterprise architects, and legal/compliance stakeholders to drive secure-by-design principles across the AI ecosystem. Required Qualifications: Overall experience of 12+ years in software engineering, including significant hands-on development. 8+ years of experience in software security architecture , with at least 2+ years focused on AI/ML platforms or services . Deep understanding of software and cloud security principles, including identity and access management, encryption, secrets management, and network segmentation. Familiarity with AI security risks, model lifecycle management, and ML pipeline security (e.g., MLflow, TensorFlow Extended, Azure ML). Hands-on experience with securing LLM-based applications, API endpoints, prompt engineering, and protecting model endpoints. Strong coding and architecture skills in Python, TypeScript, or Java, and experience with secure CI/CD practices (GitHub Actions, Azure DevOps, etc.). Experience with infrastructure-as-code (Terraform, Bicep, Pulumi) and Kubernetes security best practices. Excellent communication and documentation skills, with the ability to influence technical and executive audiences. Bachelor's or Master's degree in Computer Science, Engineering, or related field. Preferred Qualifications: Certifications: CISSP, CCSP, OSWE, or AI-specific certifications (e.g., Microsoft AI-102, NVIDIA AI). Experience with agentic AI frameworks, LangChain, Semantic Kernel, or OpenAI integrations. Prior experience implementing AI governance frameworks or responsible AI initiatives.

The Information Technology (IT) team plays a key role in providing business enablement throughout ResMed. We are focused on application, infrastructure, and user productivity solutions, with innovation, efficiency and security. Our goal is providing customer-oriented agile delivery, effective business partnership, and state-of-the-art technology solutions. At ResMed, the Enterprise Security team safeguards the systems, data, and technologies that enable our mission to improve lives through connected health. We collaborate across engineering, data science, enterprise architecture, and business units to embed security in everything we build. We are seeking an experienced Application Security Architect to join our growing Secure Architecture team. In this role, you will focus on designing secure solutions for modern application architectures including AI/ML workloads, APIs, and cloud-native systems across hybrid environments. You will partner with cross-functional teams to embed security into solution designs, champion secure development practices, and align architecture with Resmed's overall security strategy. This role is ideal for someone who thrives on innovation, thinks like an adversary, and believes secure design is critical to scalable growth. **Responsibilities:** - Lead security architecture efforts for AI, API, and cloud-based applications across AWS, Azure, and GCP platforms. - Define and evaluate security controls to protect models from adversarial attacks, data poisoning, and unauthorized inference. - Develop secure design patterns, reusable controls, and architecture blueprints aligned with ResMed's security standards. - Partner with data scientists and engineering teams to develop secure ML pipelines, including feature engineering, validation, and anomaly detection mechanisms. - Design secure-by-design architecture patterns and reusable controls for APIs, microservices, and distributed cloud environments. - Guide the implementation of zero-trust architecture principles across systems, including identity, access, networking, application, and data flows. - Perform threat modeling, risk assessments, and architecture reviews on high-impact projects. - Establish detection and response capabilities around AI systems and APIs. - Engage with stakeholders across the business to ensure security solutions enable agility, innovation, and growth. **Requirements:** - 10+ years in cybersecurity, with strong experience in cloud-native application and data security. - Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001), secure software development, and encryption. - Experience designing security for distributed systems, APIs, and AI/ML pipelines. - Strong knowledge of cloud platforms (AWS, GCP, Azure), API security protocols, and DevSecOps practices. - Proven experience in designing and reviewing modern application architectures in agile and data-driven environments. - Familiarity with machine learning operations (MLOps), model governance, and responsible AI frameworks. - Excellent communicator, able to translate complex risks into actionable guidance. - Industry certifications like CISSP, CCSP, or cloud security specializations. Joining us is more than saying yes to making the world a healthier place. It's discovering a career that's challenging, supportive, and inspiring. Where a culture driven by excellence helps you not only meet your goals but also create new ones. We focus on creating a diverse and inclusive culture, encouraging individual expression in the workplace, and thrive on the innovative ideas this generates. If this sounds like the workplace for you, apply now! We commit to respond to every applicant.,

Imagine what you could accomplish by joining Apple's innovative team. At Apple, new ideas are transformed into exceptional products and experiences at a rapid pace. The diverse individuals at Apple are not just product builders but creators of revolutionary wonders that redefine entire industries. The collaborative environment fosters innovation and drives everything we do, from cutting-edge technology to industry-leading environmental initiatives. Join Apple's B2B team, where critical integrations with supply chain partners are managed, and play a vital role as a motivated and technically adept Security Engineer. As a Senior Security Engineer at Apple, your responsibilities will include conducting code reviews, collaborating with development teams to ensure secure coding practices, and utilizing analysis tools to assess software security. You will lead security assessments and threat modeling exercises to identify and address potential risks. Automation of security testing using various tools and technologies, incident response, and security awareness training are also key aspects of this role. Strong analytical skills and an automation mindset are valued, as they contribute to addressing complex security challenges and driving proactive threat detection. Qualifications: - Bachelor's or Master's degree in Computer Science or related field - Proficiency in programming/scripting languages (Java, JavaScript, Python) - Experience integrating and automating security checks in CI/CD pipelines - Conducting penetration testing on diverse technologies Preferred Qualifications: - Strong knowledge of network security, encryption protocols, access control, and identity management - Hands-on experience with security technologies like SAST, IAST, and DAST - Familiarity with cloud security principles, container security, and incident response - Understanding of SDLC security practices and compliance assessments - Relevant certifications such as CISSP, CISM, CEH, or CompTIA Security+ are desirable Apple is an Equal Opportunity Employer that values inclusion and diversity. We actively promote equal employment opportunities for all applicants, including minorities, women, protected veterans, and individuals with disabilities. Accommodations will be provided upon request for individuals with disabilities to ensure equal participation in the application process. If you are a talented and passionate individual looking to make a difference, we would love to hear from you. Submit your CV to join our amazing team at Apple B2B.,

As a Principal Cybersecurity Engineer at Boston Scientific, you will play a crucial role in designing, developing, and testing cybersecurity features and controls in the regulated medical device industry. Your expertise will guide the cybersecurity strategy throughout the product lifecycle within the R&D Division, ensuring compliance with relevant standards and regulations. Your responsibilities will include leading the design, implementation, and maintenance of comprehensive security measures across all stages of medical device development. You will focus on protecting patient data and device integrity by creating secure architectures for new medical devices, conducting vulnerability assessments, and ensuring compliance with medical device cybersecurity regulations and standards. You will mentor and guide junior cybersecurity engineers, collaborate with cross-functional teams, and address cybersecurity concerns by leveraging your deep understanding of cybersecurity principles, cryptography, network security, and secure coding practices. Your expertise in medical device cybersecurity standards and regulations, threat modeling, risk assessment, and vulnerability management will be essential in this role. To excel in this position, you should possess a Bachelor's degree in computer science, electrical engineering, or a related field, along with 10+ years of experience in cybersecurity and software systems. Advanced cybersecurity certifications such as CISSP, CISA, or OSCP are highly desirable. Your communication and collaboration skills will be crucial as you work effectively with cross-functional teams to achieve cybersecurity objectives. At Boston Scientific, we are dedicated to advancing science for life and transforming lives through innovative medical solutions. If you are a natural problem-solver with a strong commitment to patient safety and product quality, we invite you to join us in making a meaningful difference in global healthcare. Apply now and be part of a team that values diversity, innovation, caring, and high performance.,

As a Senior Security Engineer specializing in Medical Device Cybersecurity & Compliance, you will play a crucial role in driving end-to-end cybersecurity integration throughout the product development life cycle. Your primary responsibility will be to ensure that security measures are seamlessly integrated from the initial concept phase to the final product release. You will be tasked with developing and maintaining cybersecurity protocols for medical products, which will involve creating security requirements specifications, conducting risk assessments, building threat models, and documenting product security architecture. Additionally, you will be responsible for performing gap assessments to evaluate compliance with standards such as IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97, and implementing necessary remediation measures. A key aspect of your role will involve conducting hands-on vulnerability assessments, penetration testing, and secure code reviews for embedded devices, components of the Internet of Medical Things (IoMT), and connected systems. Collaboration will be essential, as you work closely with development, compliance, and regulatory teams to ensure that product security measures align with internal policies and external regulatory expectations. You will also be involved in activities such as SBOM management, software supply chain risk evaluations, and third-party component analysis to enhance software transparency and mitigate potential risks. Your expertise will be crucial in advising on secure communication protocols, encryption standards, data protection for both at-rest and in-transit data, and the cloud-based connectivity of medical systems. Furthermore, you will contribute to the development of incident response strategies and leverage your knowledge of regulations like HIPAA, GDPR, and HL7 to address data privacy and healthcare-specific concerns. Your role will also involve enhancing internal secure development processes, tools, and methodologies, while promoting security best practices within product teams. To excel in this position, you should have a minimum of 6 years of cybersecurity experience, with at least 3 years dedicated to medical devices, embedded systems, or IoT security. Your ability to author security designs, define technical requirements, and document security architectures aligned with regulatory requirements will be critical. Hands-on experience in embedded system security, familiarity with relevant standards, and expertise in vulnerability management and penetration testing are essential for success in this role. Your problem-solving skills, critical thinking abilities, and aptitude for leading gap analysis and remediation activities in regulated environments will be invaluable. Strong collaboration skills and the capacity to influence cross-functional teams, including R&D, compliance, and product management, will also be key to your success in this challenging and rewarding role.,

Skills: Web, Mobile, Network & Cloud Security Assessments, Vulnerability Assessment, Pen Testing, Threat Modelling, OWASP Top 10, ASVS, Source Code Reviews. Tools: Burp Suite, Kali Linux, Metasploit, NMAP, Nessus, Nexpose, Wireshark, sqlmap. Languages: Java, Python, Golang. Threat Detection and Analysis: Monitor network traffic, system logs, and security alerts to detect and analyze potential security threats, such as malware, intrusions, and unauthorized access.Incident Response: Develop and execute incident response plans to address and mitigate security incidents and breaches.Vulnerability Assessment: Identify vulnerabilities in software, hardware, and network configurations, and recommend patches and security updates.Security Monitoring: Continuously monitor and analyze security events, assess system vulnerabilities, and recommend security enhancements.Security Policies and Procedures: Develop and enforce security policies, standards, and procedures to ensure a consistent and secure computing environment.Access Control: Implement and manage access control systems, including user authentication, authorization, and password policies.Security Tools: Utilize a range of security tools, such as intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, antivirus software, and data encryption.

The role of a DevSecOps Domain Expert in Mumbai, MH, IN focuses on being well-versed in DevOps processes, Application Security, and automation practices to ensure the security, efficiency, and reliability of DevSecOps processes. As a crucial team member, you will be responsible for integrating security within the CI/CD pipeline, implementing best practices throughout the development life cycle, and enhancing productivity through Process Automation. Key Responsibilities include: - Implementing and managing security automation practices within DevOps pipelines to ensure secure software development and deployment. - Identifying, assessing, and mitigating vulnerabilities in applications while enforcing security policies and guidelines. - Conducting threat modeling, vulnerability assessments, and risk analysis to identify security gaps and propose effective solutions. - Providing security guidance to developers, ensuring adherence to secure coding practices, and conducting security standards reviews. - Incorporating Security best practices in the SDLC life cycle and offering training and mentorship on secure coding principles to developers. - Designing, building, and maintaining automated pipelines with integrated security tools such as SAST, DAST, and vulnerability management. - Establishing monitoring systems for DevSecOps onboarding, deployment, and runtime application security, and collaborating on incident response and investigations. - Documenting and maintaining policies and procedures for secure development and deployment. - Keeping abreast of industry trends and emerging technologies in DevSecOps and Application security to identify opportunities for process enhancement. Qualifications Required: - BE (Comp Sc. / IT), Masters Degree (Comp. Science/IT), MCA Previous Experience: - 8+ years of overall experience with a minimum of 3 years in DevSecOps and Application security. - Proficiency in CI/CD tools like Jenkins, GitLab, and security tools such as F5, Fortify, SonarQube. - In-depth understanding of secure coding practices and application security testing methodologies. This role offers a unique opportunity to contribute to the security, efficiency, and scalability of DevSecOps processes while staying updated on industry best practices and technologies.,

Join our team and help shape the future of connectivity indoors and outdoors. Together, let's push the boundaries of technology and advance sustainable networks worldwide. We are seeking a skilled and experienced Platform and Network Security Expert to lead and enhance security measures across the infrastructure of our DAS and RAN products, while also operationalizing and upholding security measures and policies defined by Andrew's security team. This role focuses on securing 4G/5G components and their management systems, ensuring compliance with telecom security standards, as well as the security requirements from operators and customers. It also involves detecting vulnerabilities and working closely with operators, vendors, and internal SW and HW development teams. As a Principal System Security Engineer, you will be responsible for the security aspects of the RAN and DAS products as part of the ICN business unit of Andrew. This role is hybrid based in Nashua, NH or Richardson, TX. You will make an impact by designing and defining security policies and requirements for RAN and DAS systems, architecting secure environments across Linux/Windows systems, Kubernetes, and container platforms, implementing least privilege access, strong authentication, and patch management. You will also be responsible for performing risk assessments, threat modeling, and vulnerability analysis on RAN elements and AWS cloud hosting. Additionally, you will prepare responses to customer security requirements and questionnaires, collaborate with engineering teams to ensure security is embedded in network design and deployment, monitor for and respond to security incidents involving RAN equipment and interfaces, and validate the security of vendor software/hardware while ensuring adherence to 3GPP, NIST, and GSMA standards. Other responsibilities include defining and enforcing security configurations, engaging in penetration and other security testing, working on compliance audits and regulatory requirements, developing tools/scripts for automation, staying up-to-date with emerging threats, and more. Required qualifications for consideration include a Bachelor's or Master's degree in Telecommunications, Computer Science, Cybersecurity/Information security or related field, 10+ years of experience in the Telecommunications and Cellular industry with at least 5 years of experience in telecom network security, expertise in mobile network security principles, experience with base station software and vendor-specific RAN solutions, knowledge of cloud infrastructure, familiarity with security frameworks, proficiency in security testing tools, knowledge of Linux security, and strong communication and collaboration skills. You will excite us if you have certifications such as CISSP, CEH, GICSP, experience with AI/ML-based threat detection in telecom networks, knowledge of 3GPP standards, especially for 4G/5G RAN architecture, and hands-on experience with telco cloud environments. Why ANDREW Explore exciting career opportunities at ANDREW, part of the Amphenol family. With a legacy of over 85 years in wireless innovation, we empower mobile operators and enterprises with cutting-edge solutions. ANDREW, an Amphenol company, is proud of our reputation as an excellent employer. Our focus is to provide the highest level of support and responsiveness to both our employees and our customers, the world's largest technology companies. ANDREW offers the opportunity for career growth within a global organization. We believe that our company is unique in that every employee, regardless of his or her position, has the ability to positively impact the business. For additional company information, please visit our website at https://www.andrew.com.,

You have an exciting opportunity to advance your career as a Cybersecurity Architect III at JPMorgan Chase within the Adversarial Insights team in the Cybersecurity & Control team. In this role, you will be part of a dedicated team focused on addressing cybersecurity challenges and strengthening our security posture. Your responsibilities will include participating in design and implementation review workshops from an adversarial perspective, conducting security reviews, and suggesting technical controls to protect our critical infrastructure from both internal and external threats. You will collaborate with product security and engineering teams to evaluate strategic solutions for various technologies such as on-premises, cloud, Blockchain, and AI/ML. Engaging in architecture reviews will allow you to interact with stakeholders and make valuable contributions to our cybersecurity initiatives. Furthermore, you will be involved in conducting thorough analyses of security and process gaps, offering insights and recommendations to senior leadership. Your role will also entail identifying security vulnerabilities through an adversary-led approach, assessing security controls, and proposing risk mitigation strategies. Building strong relationships with stakeholders and delivering exceptional service during and after architecture reviews are key aspects of this position. You will have the opportunity to work collaboratively towards common objectives and contribute to the development of strategic security solutions that support JPMC businesses. Job Responsibilities: - Conduct security configuration, deployment, design, and architecture reviews to ensure alignment with organizational policies and standards. - Collaborate with product teams across different technology domains to assess architecture and deployment patterns for compliance with security methodologies. - Identify security weaknesses in product attack surfaces, verify security controls, and recommend risk mitigation strategies. - Coordinate remediation efforts with stakeholders to address thematic issues. - Provide outstanding service to stakeholders throughout architecture reviews. - Collaborate effectively to establish meaningful relationships and accomplish shared goals. - Contribute to the creation of strategic security solutions that benefit JPMC businesses. Required Qualifications, Capabilities, and Skills: - Formal training or certification in Cybersecurity concepts with at least 3 years of applied experience. - Proficiency in application, data, and infrastructure architecture disciplines. - Strong analytical skills with the ability to perform root cause analysis. - Hands-on experience in offensive security, including penetration testing and red teaming. - Proficiency in Python or other scripting languages. - Expertise in security design/architecture reviews and code review/threat modeling at an enterprise level for a minimum of 2 years. - Experience in areas such as Data Security, Infrastructure Security, Application Security, Cloud Security, Endpoint/Platform Security, Security Analytics, and security testing or compliance frameworks. - Strategic thinking skills with a keen interest in business strategy and processes. Preferred Qualifications, Capabilities, and Skills: - Familiarity with Microservices Architecture, Multi-Cloud environments (AWS, GCP, Azure), and OAuth.,

Are you passionate about SecOps, automation, and cloud security Do you want to lead cutting-edge security initiatives and drive large-scale security automation As a SecOps Engineering Lead, you will play a pivotal role in defining and executing security automation strategies, driving cloud security initiatives, and leading security operations at scale. You will work at the intersection of Security, DevOps, and Cloud, embedding best-in-class security practices into infrastructure and applications. This role requires a visionary leader who can take ownership, drive innovation, and influence security strategies across teams. You will be responsible for designing and implementing security automation solutions, enhancing cloud security, and optimizing SecOps workflows. We are looking for a self-driven professional who can take end-to-end ownership of security initiatives with minimal guidance. Define and execute the security automation strategy, embedding best-in-class practices across DevSecOps, CI/CD pipelines, and cloud environments. Architect, develop, and implement security solutions using Python to automate threat detection, response, and mitigation at scale. Enhance and automate security workflows by integrating SIEM, SOAR, and EDR solutions to improve real-time threat detection and response efficiency. Implement and optimize security controls in cloud environments (AWS, Azure, GCP), enforcing security-as-code principles and compliance automation. Own the design and maintenance of DevSecOps pipelines, ensuring security is embedded into CI/CD processes and infrastructure automation. Lead cross-functional collaboration, working with Security, DevOps, and Engineering teams to drive security-first principles across customer organizations. Mentor engineers and foster a security-driven culture, driving security awareness and best practices across teams. Continuously evaluate emerging security technologies to enhance security automation, optimize detection capabilities, and future-proof security operations. Required Skills & Qualifications 6+ years of hands-on experience in SecOps, Security Engineering, or Security Automation. Expertise in Python programming for security automation and scripting (JavaScript is optional). Deep knowledge of Cybersecurity & Security Operations (SecOps), including threat detection, incident response, and security orchestration. Proven ability to automate and integrate SIEM, SOAR, and EDR tools to improve detection & response. Hands-on experience with DevSecOps pipelines (CI/CD) and Terraform to enforce security automation at scale. Experience securing cloud environments with security-as-code and compliance automation for at least one major cloud provider (AWS, Azure, or GCP). Preferred Skills (Nice-to-Have) Multi-cloud experience across AWS, Azure, and GCP. Strong understanding of infrastructure security, network security, and security-as-code methodologies. Experience with container security (Kubernetes, Docker, etc.) and cloud-native security controls. Familiarity with threat modeling, cloud security compliance frameworks, and risk assessment methodologies. Why Join Us Be a Security Visionary Lead and define the future of security automation, transforming SecOps strategies in cloud and DevOps environments. Work with Cutting-Edge Security Tech Engage in AI-driven security analytics, threat intelligence automation, and next-gen SecOps solutions. Collaborate with Industry Experts Work closely with top security, cloud, and DevOps engineers to drive innovation in security automation. Accelerate Your Career Step into a high-impact leadership role, shape security roadmaps, and gain visibility across leadership teams. Competitive Compensation & Benefits Get a market-leading salary, comprehensive benefits, and access to professional development opportunities. Apply Now! If you're ready to take on this exciting challenge, apply today!,

As a DevOps Security Engineer, you will be responsible for ensuring the security of our DevOps environment. You should hold a Bachelor's degree in Computer Science, Information Security, or a related field, and have 3-6 years of experience in DevOps or Security Engineering roles. Possessing certifications like CISSP, CEH, or Security+ would be advantageous. Your role will involve hands-on experience with cloud security on platforms such as AWS, Azure, or GCP. Proficiency in scripting languages like Python, Java, or Bash is essential. You should have a strong grasp of DevSecOps practices, including threat modeling and risk assessment. Problem-solving skills are crucial in this role, as you will be expected to work efficiently in a fast-paced, collaborative environment. This is a full-time position requiring you to work during day shifts at our office in Hyderabad or Chennai. If you meet these qualifications and are enthusiastic about contributing to a dynamic team, we encourage you to apply for this position.,

Key Result Areas: Effectively lead and manage the application security testing team. Ensure the team meets project deadlines and objectives. Successfully plan and execute security assessments on software applications and Infrastructure devices. Identify and report vulnerabilities accurately and in a timely manner. Monitor and track the resolution of identified vulnerabilities. Stay current with evolving security threats and best practices. Effectively communicate security risks and recommendations to stakeholders. Job Description: The Application Security Testing Manager will be responsible for leading a team of security testers and ensuring the security and integrity of software applications within G&B. This role involves planning, executing, and overseeing security assessments, identifying vulnerabilities, and driving their remediation. Preferred candidate profile Essential: Proven experience (typically 5+ years) in application security testing and vulnerability assessment. Familiarity with security testing tools such as Burp Suite, OWASP ZAP, Nessus, and others. Proficiency in programming and scripting languages (e.g., Python, Java) for security testing and automation. Strong understanding of software development lifecycles and secure coding practices. Experience with security standards, frameworks, such as OWASP SPECIAL SKILLS REQUIRED Essential: Bachelor's or Master's degree in computer science, cybersecurity, or a related field. Excellent communication skills. Strong problem-solving and analytical abilities.

Technology Consulting Title: Specialist III, Vulnerability Management Analyst EY is a global leader in assurance, tax, transaction and advisory services. Technology is at the heart of what we do and deliver at EY. Technology solutions are integrated in the client services we deliver and are key to our innovation as an organization. Fueled by strategic investment in technology and innovation, Client Technology seeks to drive growth opportunities and solve complex business problems for our clients through building a robust platform for business and powerful product engine that are vital to innovation at scale. As part of Client Technology, youll work with technologists and business experts, blending EY’s deep industry knowledge and innovative ideas with our platforms, capabilities, and technical expertise. As a catalyst for change and growth, you’ll be at the forefront of integrating emerging technologies from AI to Data Analytics into every corner of what we do at EY. That means more growth for you, exciting learning opportunities, career choices, and the chance to make a real impact. EY Technology: Technology has always been at the heart of what we do and deliver at EY. We need technology to keep an organization the size of ours working efficiently. We have 250,000 people in more than 140 countries, all of whom rely on secure technology to be able to do their job every single day. Everything from the laptops we use, to the ability to work remotely on our mobile devices and connecting our people and our clients, to enabling hundreds of internal tools and external solutions delivered to our clients. Technology solutions are integrated in the client services we deliver and is key to us being more innovative as an organization. EY Technology supports our technology needs through three business units: Client Technology (CT) - focuses on developing new technology services for our clients. It enables EY to identify new technology-based opportunities faster and pursue those opportunities more rapidly. Enterprise Workplace Technology (EWT) – EWT supports our Core Business Services functions and will deliver fit-for-purpose technology infrastructure at the cheapest possible cost for quality services. EWT will also support our internal technology needs by focusing on a better user experience. Information Security (Info Sec) - Info Sec prevents, detects, responds and mitigates cyber-risk, protecting EY and client data, and our information management systems. The opportunity This role provides expert-level technical support for security testing services, including infrastructure, systems, and application vulnerability and penetration testing. This role also performs in-depth vulnerability analysis, investigates intrusions, develops countermeasures, and supports post-incident security improvements. Your key responsibilities Detects internal system attacks and conducts vulnerability assessment of internal infrastructure, malware defense assessments and other information security routines and perimeter. Detects and analyzes effectiveness of attacks in real time on vulnerable systems, understands the attack, prioritize mitigation and remediation on endpoints to determine plausible threat actors that facilitate specific attack models. Compiles and executes emulated malware to validate attack vectors and risk assignments. Investigates and recommends corrective actions for security incidents to clients and project stakeholders. Collaborates with team on research projects that involve event analysis to complex exploit point analysis, define application changes, negotiate priorities and implementation dates, agree on service level standards, and 'partner' for success with regards to predefined remediation mandates. Participates in special projects and performs other duties as assigned. Perform in-depth vulnerability analysis and exploit applications, operating systems, or networks, tracing the path and methods used in intrusions or incidents and effectively isolating, blocking, or eliminating unauthorized access. Analyze complex software systems, determining both their functionality and intent, while resolving advanced malware infections and intrusion-related issues. Contribute to the development and implementation of countermeasures, system integrations and tools aimed at enhancing Cyber and Information Operations security. Actively participate in post-incident analysis, offering recommendations for strengthening system security and preventing future vulnerabilities. Skills and attributes for success A team player with strong analytical, communication and interpersonal skills Constantly updating yourself about new technologies in the market A winning personality and the ability to become a trusted advisor to the stakeholders To qualify for the role, you must have Minimum 8 years of relevant experience in cybersecurity, vulnerability management, or threat analysis with at least 2 years of experience in vulnerability assessment, penetration testing, or threat intelligence preferred. Bachelor’s degree (B.E./B.Tech) in Computer Science or IT, or Bachelor’s in Computer Applications (BCA), or Master’s in Computer Applications (MCA), Information Security, Cybersecurity, or a related field. Excellent communication, problem-solving, and teamwork abilities. Detail-oriented with a proactive approach to security challenges. Adaptable to fast-paced environments and skilled in fostering collaboration across technical and non-technical teams. Proficiency in secure coding, threat modeling, vulnerability assessments, penetration testing, application architecture review, and DevSecOps tools integration. Strong knowledge of OWASP standards, compliance, and risk management. Familiarity with compliance standards (e.g., NIST, ISO 27001, CIS benchmarks) and best practices for risk mitigation. CISSP, OSCP, AWS Certified DevOps Engineer, or equivalent certifications preferred CISSP, OSCP, AWS Certified DevOps Engineer Ideally, you’ll also have Strong verbal and written communication, facilitation, relationship-building, presentation and negotiation skills. Be highly flexible, adaptable, and creative. Comfortable interacting with senior executives (within the firm and at the client) What we look for Strong teamwork, work ethic, product mindset, client centricity and a relentless commitment to EY values. What working at EY offers We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer: Support, coaching and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance. About EY As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Role & responsibilities Preferred candidate profile

Skills :- SCA, SAST, Iac tools, SCM, Developers with Devops experience, application development security Shift Timings - 2.00 pm - 11.00 pm Experience :- 5-7 years Engineer, Product Security Omnicom Global Solutions, Hyderabad IN About Omnicom Global Solutions Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicoms branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4500 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Role Overview We have an exciting opportunity for an Engineer, Product Security at our Hyderabad office. This role supports secure software development, risk mitigation, and product security best practices across automated platforms and infrastructure-as-code environments. The Product Security Engineer will perform vulnerability assessments, provide risk analysis, support incident response, and collaborate with development and DevOps teams to embed security into all stages of the product lifecycle. This role plays a vital part in enabling secure, scalable, and compliant services across Omnicoms digital ecosystem. Key Responsibilities - Assist in implementing secure software development standards and practices. - Support integration of security measures into automated service platforms and infrastructure-as-code. - Conduct regular security assessments and vulnerability scans for applications and infrastructure. - Analyse and report on security risks and vulnerabilities; provide mitigation recommendations. - Collaborate with the incident response team on investigations and real-time threat intelligence. - Monitor and manage security tools to detect and respond to application and infrastructure threats. - Continuously monitor cloud environments and SaaS platforms for emerging security threats. - Work closely with development, QA, and IT teams to support secure software delivery. - Prepare and present security metrics, reports, and summaries to Product Security Leads and stakeholders. - Deliver security awareness training on secure software development and SecDevOps practices. - Contribute to the maintenance of security documentation and internal guidelines. Required Qualifications - 3-5 years of experience in cybersecurity, software engineering, or DevOps with a focus on product security. - Familiarity with security assessment tools (e.g., SAST, SCA scanners) and CI/CD environments. - Basic understanding of secure coding, cloud security, and infrastructure-as-code practices. - Hands-on experience with tools such as GitHub, AWS, Terraform, Jenkins, Docker, etc. - Understanding of IT governance frameworks (e.g., SDLC, ITIL) is a plus. - Strong analytical, documentation, and troubleshooting capabilities. - Bachelor's degree in Cybersecurity, Computer Science, IT, or related field. - Strong technical skills relevant to Information Security such as secure coding standards, ethical hacking techniques, network security, SIEM, and risk analysis - Certifications such as Security+ or CEH are a plus. Preferred Qualifications - AppSec depth (CSSLP, eWPT), Cloud specialization (AWS Security), Foundational credibility (Security+), and CEH are a plus. - Experience with cloud security frameworks and zero trust architecture. Note :- Interested Candidates can share their CVs on shalu.singh@omc.com Regards, Shalu Singh

Job Description: Prudent Technologies and Consulting is hiring for a fast-growing Cybersecurity team that supports a customer base including the worlds largest organizations. We have an immediate opening for a Senior Application Security Consultant. The role requires an experienced offensive consultant who understands application security testing methodologies, frameworks, tools and reporting. As a Senior Consultant you will perform and lead technical teams to conduct thorough security assessments as well as perform field related research. Candidates should be familiar with a variety of technologies including web, mobile, API, AI/LM, cloud, desktop, single sign-on and OAuth. Responsibilities: Consult with technical and non-technical client stakeholders Collaborate with Sales teams to assist in scoping efforts Lead projects and mentor less experienced consultants Perform advanced comprehensive penetration tests, adhering to industry-standard best practices Conduct penetration testing across diverse environments, including desktop applications, mobile applications, web applications, cloud environments, on-prem environments, APIs and AI/LM Document and report vulnerabilities, show proof-of-concepts where applicable, and provide detailed explanations to highlight severity, business impact, and tailored remediation steps Manages priorities and tasks to achieve utilization targets Participate in research and development efforts to improve the Cybersecurity practice Qualifications: Required Qualifications: 8+ years of direct experience performing manual penetration testing assessments on desktop applications, mobile applications, web applications, cloud environments, API and AI/LM Proficient at using penetration testing tools such as Burp Suite, DAST scanners, Metasploit and Nessus to identify and exploit vulnerabilities Able to write deliverable reports, including executive summaries and presentations, and status reports for clients Understanding of industry-standard security frameworks (e.g., OWASP and MITRE ATT&CK) Excellent project management, leadership, time management, and client consulting skills Preferred Qualifications: Bachelors degree in computer science, information security, or related field Good to have (preferred) relevant certifications (e.g., OSCP and/or OSWE) Experience with scripting languages such as Python and Bash Experience with application development, systems engineering, or similar Published CVE/CWE contributions, participation in CTF events and independent research projects Education: Direct work experience performing application penetration testing assessments; ability to begin testing immediately with guidance on Prudents specific approach and methodology

As an Information Security Engineer, you will play a critical role in driving secure application development and vulnerability remediation across our AWS and Azure cloud environments. You'll collaborate with cross-functional teams to embed security into systems, tools, and workflows, ensuring the security and integrity of our digital assets. This role is ideal for someone who thrives in a cloud-native, developer-focused environment and is passionate about building scalable security practices, not just identifying issues but helping resolve them through engineering and automation. Your responsibilities will include conducting vulnerability scans and risk assessments in public cloud environments (AWS, Azure) to identify and remediate security risks, supporting the integration and ongoing use of SAST, DAST, and SCA tools within CI/CD pipelines and developer workflows, collaborating with development teams to improve secure application development practices, providing guidance on vulnerability remediation, contributing to application and infrastructure threat modeling, evaluating and advising on the security of AI-enhanced applications and large language models (LLMs), applying Kubernetes and container security best practices, defining and maintaining application security governance, policies, and technical standards, working with external penetration testers to coordinate testing efforts, maintaining and enhancing security logging and monitoring strategies, providing training and knowledge-sharing to development teams on application security tools and best practices, staying up to date on current security trends, threats, and regulatory changes, and partnering with IT, legal, compliance, and other teams to ensure a holistic and aligned approach to security. To be successful in this role, you should have a Bachelor's degree in computer science, Information Security, or a related field, CISSP certification (or equivalent security certification), 7-10 years of Information Security experience with at least 5 years in IT roles, a strong understanding of security architecture design, particularly in Kubernetes, familiarity with industry-standard security frameworks and best practices, proven experience of conducting penetration tests, vulnerability assessments, risk assessments, and threat modeling, knowledge of regulatory standards such as GDPR, PCI_DSS 4.0, and ISO-27001, a solid understanding of the Software Development Life Cycle (SDLC) and its integration with secure development practices, strong communication skills in English, and the ability to work collaboratively in a team environment. In return, you'll be part of a purpose-led company with a Values-focused culture, enjoy competitive PTO plans, holidays, group mediclaim insurance coverage, life insurance, personal accident insurance, fitness perks, a Calm App subscription, support for working women, and a commitment to diversity and inclusion. ABC Fitness is an equal opportunity employer that fosters an inclusive environment and encourages applicants from diverse backgrounds to apply. ABC Fitness is the premier provider of software and related services for the fitness industry, known for excellence in support for clubs and their members. With a commitment to diversity, equality, belonging, and inclusion, ABC Fitness creates an environment where employees, clients, and stakeholders feel valued and inspired to reach their full potential. Established in 1981, ABC helps gyms and health clubs globally perform better and more profitably, offering a comprehensive SaaS club management solution. Join us if you thrive in a growth-oriented environment and enjoy working with enthusiastic over-achievers.,