489 Threat Modeling Jobs - Page 7

As SIEM Analyst, you will be responsible for handling the daily monitoring of Information security events on the SIEM tools. Come join our team of IBM experts, who are leaders with vision, distinguished engineers and IT architects who have worked with thousands of clients to transform enterprise IT, migrate to cloud, apply automation and ensure business continuity. We help client run their IT better, accelerate innovation and deliver unmatched performance with the power automation. If you thrive in a dynamic, reciprocal workplace, IBM provides an environment to explore new opportunities every single day. And if you relish the freedom to bring creative, thoughtful solutions to the table, there's no limit to what you can accomplish here. * Responsible for security researcher to provide insight and understanding of new and existing information security threats * Responsible to participate in recommending improvements to SOC security process, procedures, policies, security incident management and vulnerability management processes * You will be involved in evaluating, recommending, implementing, and solving problems related to security solutions and evaluating IT security of the new IT Infrastructure systems * Keep yourself up-to-date with emerging security threats including applicable regulatory security requirements * Work in a 24x7 Security Operation Centre (SOC) environment Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise * Minimum 2+ years’ experience in SIEM. * Proven expertise in handling the daily monitoring of Information Security events on the QRadar / ArcSight / Splunk console platform * Proficient in monitoring security events from various SOC channels (SIEM, Tickets, Email and Phone), based on the security event severity to handle the service support teams, tier2 information security specialists * Expertise in threat modelling and Use case development and ability to review policies of security monitoring tools based on security concepts and logical approach. Preferred technical and professional experience * Preferred OEM Certified SOAR specialist + CEH * Ambitious individual who can work under their own direction towards agreed targets/goals and with creative approach to work * Intuitive individual with an ability to manage change and proven time management * Proven interpersonal skills while contributing to team effort by accomplishing related results as needed * Up-to-date technical knowledge by attending educational workshops, reviewing publications

Your role We are seeking an experienced and highly motivated Cloud Security Engineer for 4 to 6 years for Pan India to manage the implementation and optimization of security solutions across our public and hybrid cloud infrastructure. This role requires hands-on expertise in Microsoft Defender for Cloud, Cloud Access Security Broker (CASB), Cloud Workload Protection Platforms (CWPP), and Cloud Security Posture Management (CSPM) tools. The ideal candidate will be responsible for ensuring robust visibility, security, and compliance across all cloud-native assets, workloads, and applications. Design, deploy, and manage cloud-native security architectures across Azure, AWS, and GCP environments. Implement and optimize Microsoft Defender for Cloud, CASB solutions, and CWPP/CSPM tools to secure cloud workloads and assets. Monitor cloud environments for anomalies, vulnerabilities, and potential threats. Ensure compliance with regulatory standards (e.g., ISO, NIST, GDPR, HIPAA) and internal security policies. Conduct risk assessments and threat modeling of cloud services and applications. Collaborate with DevOps and Cloud Engineering teams to embed security into CI/CD pipelines. Develop automated security alerts, incident responses, and logging mechanisms. Provide recommendations for cloud architecture adjustments to strengthen security posture. Create and maintain documentation for cloud security strategies, policies, and procedures. Your profile Hands-on experience with Microsoft Defender for Cloud and CASB solutions (e.g., Microsoft Defender for Cloud Apps). Expertise in CWPP and CSPM platforms such as Prisma Cloud, Wiz, or Microsoft Defender CSPM. Strong knowledge of cloud platforms including Azure, AWS, and GCP. Proficiency in scripting (e.g., PowerShell, Python) and infrastructure-as-code tools (e.g., Terraform, ARM templates). Familiarity with cloud security frameworks, SIEM solutions, and cloud-native logging tools (e.g., Azure Monitor, AWS CloudWatch). What you'll love about working here You can shape yourcareerwith us. We offer a range of career paths and internal opportunities within Capgemini group. You will also get personalized career guidance from our leaders. You will get comprehensive wellness benefits including health checks, telemedicine, insurance with top-ups, elder care, partner coverage or new parent support via flexible work. At Capgemini, you can work oncutting-edge projectsin tech and engineering with industry leaders or createsolutionsto overcome societal and environmental challenges.

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations. You will engage in discussions to align security strategies with organizational objectives, ensuring that all security measures are effectively integrated into the cloud environment. Your role will also require you to stay updated on the latest security trends and technologies to enhance the overall security posture of the organization. Roles & Responsibilities:-Advise clients on securing AWS, Azure, and GCP environments by assessing risks, implementing security controls, and ensuring regulatory compliance. Conduct security architecture reviews, threat modeling, and provide remediation strategies for cloud workloads.-Experience in developing security standards for services and reviewing Architecture. -Should have hands-on experience with Wiz CSPM or similar Cloud Security Posture Management tools (e.g., Prisma Cloud) for monitoring misconfigurations, compliance violations, and cloud threats. Must be able to analyze findings, recommend remediation, and integrate CSPM into security operations. -Strong understanding of securing Amazon Machine Images, including hardening operating systems, removing unnecessary services, applying latest patches, embedding security baselines, and ensuring AMIs are free from vulnerabilities or sensitive data before deployment. -Expertise in establishing and managing governance frameworks, risk assessments, and compliance programs for AWS, Azure, or GCP. Ensure adherence to standards such as ISO 27001, SOC 2, PCI-DSS, and CIS benchmarks, while aligning cloud operations with organizational policies and regulatory requirements. - Skills: Cloud Security, Architecture Assessment, Develop Security Standards for native cloud services, CSPM and Should be familiar with NIST SP 800-53 -Cloud Technology/DB/Tools :AWS Native security services,Wiz.io,Jira,Confluence Professional & Technical Skills: - Must To Have Skills: Proficiency in Managed Cloud Security Services.- Strong understanding of cloud security frameworks and best practices.- Experience with risk assessment and management in cloud environments.- Knowledge of compliance standards related to cloud security.- Ability to design and implement security controls in cloud architectures. Additional Information:- The candidate should have minimum 5 years of experience in Managed Cloud Security Services.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Data Engineer Project Role Description : Design, develop and maintain data solutions for data generation, collection, and processing. Create data pipelines, ensure data quality, and implement ETL (extract, transform and load) processes to migrate and deploy data across systems. Must have skills : Google Cloud Platform Architecture Good to have skills : Google Cloud Security ServicesMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a skilled Google Cloud Security Architect to drive secure adoption of GCP services across enterprise workloads. The ideal candidate will have deep expertise in Google Cloud Platform (GCP), strong knowledge of Infrastructure as Code (IaC), and experience collaborating with cross-functional teams to define security policies, assess risks, and implement mitigation strategies. Roles & Responsibilities:- Conduct in-depth risk assessments and threat modeling for GCP services to identify gaps and recommend robust security controls.Provide security recommendations, guidance, and policy definitions for GCP workloads, aligning with compliance and IaC practices.Collaborate with product owners and engineering teams to design secure cloud architectures.Perform POCs and technical evaluations of a wide range of GCP services.Drive cloud security strategy and architecture for new and existing applications by working closely with product, platform, and compliance teams.Monitor changes in GCP services and industry standards to ensure ongoing compliance and security posture. Professional & Technical Skills: Strong hands-on experience with Google Cloud Platform security architecture and services.Solid understanding of network security, IAM, data protection, encryption, and logging/monitoring.Proven experience in designing secure cloud migration strategies and conducting technical risk assessments.Familiarity with Cloud-native security tools, Infrastructure as Code (Terraform), and security automation practices.Experience working with cross-functional stakeholders including product owners, developers, and cloud product team.Ability to define security standards, frameworks, and templates for scalable risk assessment. Additional Information:GCP Professional Cloud Security Engineer certification (or equivalent).Experience in regulated industries like banking or finance.Knowledge of CIS benchmarks, NIST, ISO 27001, or other regulatory frameworks.Excellent written and verbal communication skills for creating documentation and engaging with leadership.Strong aptitude for continuous learning and openness to exploring new technologies and GCP services in a fast-evolving cloud landscape. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Risk Assessment Good to have skills : Security Risk and Audit Operations, Integrated Security Risk ManagementMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to assess security risks, implementing protective measures, and ensuring that all systems are safeguarded against potential cyber threats. You will engage in proactive monitoring and response to security incidents, while also contributing to the development of security policies and procedures that align with organizational goals. Your role will be pivotal in maintaining the integrity and confidentiality of sensitive information and ensuring compliance with industry standards. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and implement security policies and procedures to enhance the organization's security posture.- Conduct quality assurance reviews of information security compliance and risk assessments.- Validate assessment content for accuracy, completeness, and policy alignment.- Review and process change request tickets related to risks steaming out of the assessments.- Identify inconsistencies and provide feedback or recommendations.- Track and document review outcomes and ticket status.- Collaborate with client teams for clarification and issue resolution.- Ensure adherence to service level agreements (SLAs) and key performance indicators (KPI)- Support process improvements and standardization efforts.- Escalate significant risk issues or trends as needed.- Participate in team meetings and client reporting activities. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Risk Assessment & GRC.- Good To Have Skills: Experience with Integrated Security Risk Management, Security Risk and Audit Operations.- Understanding of information security frameworks (e.g., NIST CSF/RMF, ISO 27001).- Strong analytical and detail-oriented approach to reviewing documentation.- Proficiency with risk management or ticketing systems (e.g., JIRA).- Strong understanding of threat modeling and risk analysis techniques.- Familiarity with security tools for vulnerability scanning and penetration testing. Additional Information:- The candidate should have minimum 5 years of experience in Security Risk Assessment.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Risk Assessment Good to have skills : Security Risk and Audit Operations, Integrated Security Risk ManagementMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to assess security risks, implementing protective measures, and ensuring that all systems are safeguarded against potential cyber threats. You will engage in proactive monitoring and response to security incidents, while also contributing to the development of security policies and procedures that align with organizational goals. Your role will be pivotal in maintaining the integrity and confidentiality of sensitive information and ensuring compliance with industry standards. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and implement security policies and procedures to enhance the organization's security posture.- Conduct quality assurance reviews of information security compliance and risk assessments.- Validate assessment content for accuracy, completeness, and policy alignment.- Review and process change request tickets related to risks steaming out of the assessments.- Identify inconsistencies and provide feedback or recommendations.- Track and document review outcomes and ticket status.- Collaborate with client teams for clarification and issue resolution.- Ensure adherence to service level agreements (SLAs) and key performance indicators (KPI)- Support process improvements and standardization efforts.- Escalate significant risk issues or trends as needed.- Participate in team meetings and client reporting activities. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Risk Assessment & GRC.- Good To Have Skills: Experience with Integrated Security Risk Management, Security Risk and Audit Operations.- Understanding of information security frameworks (e.g., NIST CSF/RMF, ISO 27001).- Strong analytical and detail-oriented approach to reviewing documentation.- Proficiency with risk management or ticketing systems (e.g., JIRA).- Strong understanding of threat modeling and risk analysis techniques.- Familiarity with security tools for vulnerability scanning and penetration testing. Additional Information:- The candidate should have minimum 5 years of experience in Security Risk Assessment.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Risk Assessment Good to have skills : Security Risk and Audit Operations, Integrated Security Risk ManagementMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to assess security risks, implementing protective measures, and ensuring that all systems are safeguarded against potential cyber threats. You will engage in proactive monitoring and response to security incidents, while also contributing to the development of security policies and procedures that align with organizational goals. Your role will be pivotal in maintaining the integrity and confidentiality of sensitive information and ensuring compliance with industry standards. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and implement security policies and procedures to enhance the organization's security posture.- Conduct quality assurance reviews of information security compliance and risk assessments.- Validate assessment content for accuracy, completeness, and policy alignment.- Review and process change request tickets related to risks steaming out of the assessments.- Identify inconsistencies and provide feedback or recommendations.- Track and document review outcomes and ticket status.- Collaborate with client teams for clarification and issue resolution.- Ensure adherence to service level agreements (SLAs) and key performance indicators (KPI)- Support process improvements and standardization efforts.- Escalate significant risk issues or trends as needed.- Participate in team meetings and client reporting activities. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Risk Assessment & GRC.- Good To Have Skills: Experience with Integrated Security Risk Management, Security Risk and Audit Operations.- Understanding of information security frameworks (e.g., NIST CSF/RMF, ISO 27001).- Strong analytical and detail-oriented approach to reviewing documentation.- Proficiency with risk management or ticketing systems (e.g., JIRA).- Strong understanding of threat modeling and risk analysis techniques.- Familiarity with security tools for vulnerability scanning and penetration testing. Additional Information:- The candidate should have minimum 5 years of experience in Security Risk Assessment.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Risk Assessment Good to have skills : Security Risk and Audit Operations, Integrated Security Risk ManagementMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to assess security risks, implementing protective measures, and ensuring that all systems are safeguarded against potential cyber threats. You will engage in proactive monitoring and response to security incidents, while also contributing to the development of security policies and procedures that align with organizational goals. Your role will be pivotal in maintaining the integrity and confidentiality of sensitive information and ensuring compliance with industry standards. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and implement security policies and procedures to enhance the organization's security posture.- Conduct quality assurance reviews of information security compliance and risk assessments.- Validate assessment content for accuracy, completeness, and policy alignment.- Review and process change request tickets related to risks steaming out of the assessments.- Identify inconsistencies and provide feedback or recommendations.- Track and document review outcomes and ticket status.- Collaborate with client teams for clarification and issue resolution.- Ensure adherence to service level agreements (SLAs) and key performance indicators (KPI)- Support process improvements and standardization efforts.- Escalate significant risk issues or trends as needed.- Participate in team meetings and client reporting activities. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Risk Assessment & GRC.- Good To Have Skills: Experience with Integrated Security Risk Management, Security Risk and Audit Operations.- Understanding of information security frameworks (e.g., NIST CSF/RMF, ISO 27001).- Strong analytical and detail-oriented approach to reviewing documentation.- Proficiency with risk management or ticketing systems (e.g., JIRA).- Strong understanding of threat modeling and risk analysis techniques.- Familiarity with security tools for vulnerability scanning and penetration testing. Additional Information:- The candidate should have minimum 5 years of experience in Security Risk Assessment.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Managed Cloud Security Services Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security expertise to design, build, and protect enterprise systems, applications, data, assets, and people. Your typical day will involve collaborating with various teams to implement security measures, conducting risk assessments, and ensuring compliance with security policies. You will also engage in proactive monitoring of systems to identify vulnerabilities and respond to potential threats, all while maintaining a focus on safeguarding information and business processes against cyber threats. Roles & Responsibilities:-Advise clients on securing AWS, Azure, and GCP environments by assessing risks, implementing security controls, and ensuring regulatory compliance. Conduct security architecture reviews, threat modeling, and provide remediation strategies for cloud workloads.-Experience in developing security standards for services and reviewing Architecture. -Should have hands-on experience with Wiz CSPM or similar Cloud Security Posture Management tools (e.g., Prisma Cloud) for monitoring misconfigurations, compliance violations, and cloud threats. Must be able to analyze findings, recommend remediation, and integrate CSPM into security operations. -Strong understanding of securing Amazon Machine Images, including hardening operating systems, removing unnecessary services, applying latest patches, embedding security baselines, and ensuring AMIs are free from vulnerabilities or sensitive data before deployment. -Expertise in establishing and managing governance frameworks, risk assessments, and compliance programs for AWS, Azure, or GCP. Ensure adherence to standards such as ISO 27001, SOC 2, PCI-DSS, and CIS benchmarks, while aligning cloud operations with organizational policies and regulatory requirements Professional & Technical Skills: -Cloud Security, Architecture Assessment, Develop Security Standards for native cloud services, CSPM-Should be familiar with NIST SP 800-53 -Cloud Technology/DB/Tools :AWS Native security services.,Wiz.io,Jira,Confluence Additional Information:- The candidate should have minimum 3 years of experience in Managed Cloud Security Services.- This position is based at our Kolkata office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Risk Assessment Good to have skills : Security Risk and Audit Operations, Integrated Security Risk ManagementMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Engineer, you will apply your security skills to design, build, and protect enterprise systems, applications, data, assets, and people. A typical day involves collaborating with various teams to assess security risks, implementing protective measures, and ensuring that all systems are safeguarded against potential cyber threats. You will engage in proactive monitoring and response to security incidents, while also contributing to the development of security policies and procedures that align with organizational goals. Your role will be pivotal in maintaining the integrity and confidentiality of sensitive information and ensuring compliance with industry standards. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.- Develop and implement security policies and procedures to enhance the organization's security posture.- Conduct quality assurance reviews of information security compliance and risk assessments.- Validate assessment content for accuracy, completeness, and policy alignment.- Review and process change request tickets related to risks steaming out of the assessments.- Identify inconsistencies and provide feedback or recommendations.- Track and document review outcomes and ticket status.- Collaborate with client teams for clarification and issue resolution.- Ensure adherence to service level agreements (SLAs) and key performance indicators (KPI)- Support process improvements and standardization efforts.- Escalate significant risk issues or trends as needed.- Participate in team meetings and client reporting activities. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Risk Assessment & GRC.- Good To Have Skills: Experience with Integrated Security Risk Management, Security Risk and Audit Operations.- Understanding of information security frameworks (e.g., NIST CSF/RMF, ISO 27001).- Strong analytical and detail-oriented approach to reviewing documentation.- Proficiency with risk management or ticketing systems (e.g., JIRA).- Strong understanding of threat modeling and risk analysis techniques.- Familiarity with security tools for vulnerability scanning and penetration testing. Additional Information:- The candidate should have minimum 5 years of experience in Security Risk Assessment.- This position is based at our Hyderabad office.- A 15 years full time education is required. Qualification 15 years full time education

T o ensure youre set up for success, you will bring the following skillset & experience: 3+ years of experience in penetration testing, SAST, DAST, VAPT, Threat Modelling , OWASP. Deep knowledge of mainframe communication protocols and security mechanisms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF panels, NetView Security tools: Nmap, Burp Suite, Wireshark, custom scripts Strong scripting and automation skills (Python, REXX, Bash, or similar). Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services

Responsibilities: Application Security Conduct regular security assessments to identify vulnerabilities in applications and work with development teams to design secure software systems, resolve vulnerabilities and issues, and implement robust security measures. Additional responsibilities include security audits and penetration testing as required. Technical Skills: Proficient in multiple programming languages. Advanced understanding of the intricacies and potential security flaws inherent in different languages. Working experience in languages like Java, JavaScript, C++, Python, and Ruby. Experience in API development/testing and API security Established experience with Agile (including Scrum and Kanban) and software development lifecycle (SDLC) practices. Experience with GCP, Containers and Serverless technologies Tools and Integration: Hands on experience with SAST, DAST, Jira, and Confluence tools, experience integrating security incidence workflows. Knowledge of security technologies like firewalls, intrusion detection systems, and encryption and practical application is Security Reviews and Threat Modeling: Conduct regular security assessments to identify vulnerabilities in applications and work with development teams to remediate them. Work with the development teams on threat modeling to identify potential threats and vulnerabilities in an application. Requires understanding of software architecture, identifying potential attack vectors, and devising strategies to mitigate these threats. Work closely with software developers, systems administrators, and other IT professionals to ensure security is integrated into the application development process from the start. Familiarity with Security Frameworks and Standards Develop and maintain documentation of application security policies and procedures, ensuring compliance with industry standards. Knowledge and practical application of OWASP, CISSP or other well-known security frameworks. Security Incidence Response: In the event of a security alert, the candidate will react quickly to analyze the issue, contain the issue if needed and protect sensitive data. Responsible for proactively working with third party vendors on updating security rules and alerting processes Soft Skills: Strong verbal and written communication skills. Strong ability to articulate complex security concepts to developers and other stakeholders in an understandable way. Ability to write clear and concise security reports and present findings to both technical and non-technical audiences. Problem-solving Skills: Ability to analyze a problem, determine its root cause, and devise a plan to resolve it. Ability to navigate a rapidly changing landscape, while handling multiple responsibilities Curious about new technology and always looking to acquire new knowledge Education: Bachelors Degree in Cybersecurity, Computer Science or Information assurance A Masters degree is a plus. Certified Secure Software Lifecycle Professional (CSSLP), Certified Application Security Engineer (CASE), or Secure Software Practitioner (SSP) certifications are an advantage.

About Narayana Health: Narayana Health is headquartered in Bengaluru, India, and operates a network of hospitals in India and Overseas. Our mission is to deliver high-quality, affordable healthcare services to the broader population. Narayana Health Group is Indias leading healthcare provider and one of the largest hospital groups in the country with a network of 21 hospitals, 5 heart centers, and 19 primary care facilities. The NH group treats over 2.6 Million patients every year from over 78 countries covering 30+ medical specialties. Our Centers of Excellence help in treating Adult & Pediatric patients and we have one of the largest transplant centers in India. We have a strong presence across 17 locations in India, and an overseas hospital in the Cayman Islands, USA. Two of our hospitals have international accreditation from the Joint Commission International (JCI) and 19 hospitals have domestic accreditation from the National Accreditation Board for Hospitals (NABH). For more details, please refer to our website at: https://www.narayanahealth.org About Athma: Software Development Centre is the technology arm of Narayana Health, a leading healthcare network spanning two countries. We at Athma SDC, are engaged in building next generation products for healthcare with the goal of making healthcare safe and affordable to the patients. Our products are handling more than 10M transactions daily and help 7M patients navigate their health journeys.For more details, please refer to our website at - https://athma.health Why Join ATHMA? Be Part of a Health Tech Revolution: Join ATHMA in transforming healthcare through technology, making it more personalized, accessible, and effective for Indian users. Work-Life Balance: We support a balanced work environment that fosters personal well-being and professional growth. Growth & Learning: Youll have opportunities to learn from the best in health tech and work on products that directly impact millions of users. Impactful Work: Play a key role in improving patient outcomes, driving innovation, and setting new standards for healthcare technology in India. Role: Senior Security Architect As a vital member of our team, the Application Security Architect will play a key role in fortifying our organization's application security. You will be responsible for implementing and enhancing security measures, ensuring compliance, and collaborating with cross-functional teams to safeguard our products. Key Responsibilities: Develop and integrate security measures throughout the software development life cycle. Conduct security testing for mobile/web applications. Work with Cyber Security solutions, including Web/Mobile Application Security and API Management. Oversee and ensure compliance with regulatory standards and security best practices. Provide guidance in code reviews, emphasizing secure coding practices. Collaborate with cross-functional teams for security risk assessments, incident response, and remediation efforts. Communicate security concepts effectively to both internal and external stakeholders. Understand and apply knowledge of enterprise architecture, operations, and security controls. Good to have Relevant certifications in application security and cyber security. Experience - 10 to 15 Years Required Skills: Java-based Technologies & Spring Security: Hands-on experience in securing applications developed using Java, with a strong focus on frameworks like Spring, Spring Boot, and Spring Security. In-depth knowledge of authentication, authorization, and other security functionalities provided by Spring Security. Ability to identify and mitigate Java-specific security vulnerabilities. Secure SDLC and Threat Modelling: Proven experience in implementing security throughout the software development life cycle. Ability to apply threat modeling methodologies for designing secure applications. Security Testing: Proficiency in conducting security testing for mobile applications and APIs. Experience with SCA, SAST, DAST, and other relevant security testing tools. Cyber Security Solutions: Familiarity with Cyber Security solutions, including Web/Mobile Application Security and API Management. Knowledge of Assessment frameworks and compliance obligations. Compliance and Standards: Experience in overseeing and ensuring compliance with security standards. Implementation and maintenance of security controls to meet compliance requirements. Code Reviews and Communication: Ability to provide guidance in code reviews, emphasizing security best practices. Strong communication skills to articulate complex security concepts to diverse stakeholders. Cross-functional Collaboration: Proven collaboration skills with cross-functional teams for security risk assessments and incident response. Enterprise Knowledge: Strong understanding of enterprise architecture, operations, and security controls.

Create secure IT infrastructure, including networks, systems, and databases, to safeguard sensitive data. Assess the effectiveness and efficiency of security systems, such as firewalls, routers, and VPNs. Required Candidate profile Develop and maintain security policies and architecture patterns to ensure compliance and security best practices.Implement security controls and recommend solutions to mitigate evolving cyber threats

Experience: 8+ YearsJob Description Identity & Access Management (IAM) Manage and support identity platforms including Active Directory, Azure AD, and Okta Implement RBAC, least privilege principles, and automated provisioning/deprovisioning Conduct periodic access reviews and support access certification processes Integrate IAM controls into application and cloud environments Security Engineering & Tooling Administer and optimize Mimecast, OKTA, Microsoft Defender, Intune, and other endpoint/cloud security tools Manage SIEM tools including rule tuning, log ingestion, and correlation Implement and automate application code reviews using security scanning tools (eg, SAST, DAST) Perform application security testing and contribute to threat modeling and risk evaluations Lead cloud control monitoring, data protection measures, and compliance reporting

About the Role: Duration: 6 months Notice Period: (Immediate Joiner - Only) (General Shift & UK shift), 5days work from the Office, a Cab facility is there. Job responsibilities: Conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests, and Cloud on system and network levels, employing advanced ethical hacking techniques. Application Penetration Testing (Browser-based, API, Mobile, IoT) Threat Modeling Source Code Review Perform penetration testing on web applications and APIs (internal and external) to identify, assess, and report on vulnerabilities in their applications. Perform red team exercises to determine weaknesses in the clients infrastructure and how it should be remediated. Organizing and delivering technical security operational briefings for both technical and non-technical audiences. Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics. Dynamic application security testing (DAST) scans on the identified targets without credentials. Perform credentialed DAST scans on known client URLs. Research to identify new attack vectors. Review and provide feedback for all Security Artifacts. Play a critical role in building an AppSec program that has a wide scope and impact. Researching open-source emerging technologies, developing required frameworks and capabilities to perform red team exercises on new technologies adopted by clients. Preparing and delivering clear, accurate, and concise written and oral technical reports for management. Job specifications: Qualification: Bachelors degree in Engineering or closely related coursework in technology development disciplines Certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN are desirable Experience: Total Experience 4+ years Desired Skills: Knowledge and Experience: Offensive Security Certified Professional (OSCP) and/or Offensive Security Certified Expert (OSCE). A thorough understanding of the Secure Development Life Cycle Have comprehensive knowledge of common vulnerabilities (e.g., OWASP Top 10), diverse application attack vectors, security testing processes, and both wired and wireless network security protocols. Have familiarity with common threat tactics and tools (Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App Detective, Web Inspect, etc.) Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g., AWS, GCP, etc.) Mobile platform penetration testing tradecraft and methodologies across widely-used platforms (iOS and/or Android). Microservices testing Ability to find and exploit bugs in: C++, Java, JavaScript, Go, and Python Kubernetes, AWS, GCP, or Azure Memory management, namespaces, cgroups, etc. Passion for writing code to solve problems, combined with an interest in Offensive Security. Ability to demonstrate a strong background in one of the following languages: Golang, Python, Java, JavaScript, C++, C Personal Attributes: Self-starter and quick learner requiring minimal ramp-up Excellent analytical, written, oral, and interpersonal communication skills Highly self-motivated, self-directed, and attentive to detail Ability to effectively prioritize and execute tasks in a high-pressure environment Strong communications skills to comfortably work cross-functionally across the organization.

Could you be the full-time Threat and Vulnerability Management Analyst in Bangalore were looking for? Your future role Take on a new challenge and apply your ethical hacking expertise in a cutting-edge field. Youll work alongside talented, collaborative, and forward-thinking teammates. You'll play a key role in safeguarding our organization's assets and enhancing our security program. Day-to-day, youll work closely with teams across the business (such as infrastructure, application owners, and third-party vendors), analyze threat intelligence reports, and develop remediation plans, among other impactful responsibilities. Youll specifically take care of vulnerability assessments, penetration testing, and implementing Secure SDLC programs, but also contribute to designing and delivering actionable security dashboards. Well look to you for: Tracking new and emerging threats and vulnerabilities, verifying their applicability, and initiating remediation activities as necessary Analyzing assessment reports provided by vendors or third parties and resolving them within defined SLAs Developing remediation plans by collaborating with infrastructure and application owners Providing guidance on patching, configuration settings, and additional security controls Defining the scope of assessment activities across internal and partner organizations Designing and delivering actionable information security dashboards and metrics Creating awareness about good security practices and the benefits of Secure SDLC programs Prioritizing vulnerabilities based on risk and driving them to closure using tools like Qualys, Skybox, and SecOps All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Bachelors or Masters degree in Engineering, Technology, or a related field 68 years of relevant IT experience Professional certifications such as CISSP, CEH, GPEN, or OSCP Exposure to threat modeling, systems hardening, and Secure SDLC programs Experience in application penetration testing and ethical hacking Proficiency with tools like Qualys, Veracode, Nessus, AppScan, and Skybox Knowledge of TCP/IP stack, OSI layers, application programming interfaces, middleware, and mobile technologies Familiarity with penetration testing methodologies (e.g., OWASP, OSSTMM, PCI DSS) Strong analytical skills and the ability to drive innovation and process improvement Solid understanding of ITIL process frameworks and experience in creating processes in complex multivendor ecosystems Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges, and a long-term career free from boring daily routines Work with new security standards for rail signalling Collaborate with transverse teams and helpful colleagues Contribute to innovative projects Utilize our flexible and inclusive working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development through award-winning learning Progress towards leadership or specialized roles within cybersecurity Benefit from a fair and dynamic reward package that recognizes your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension)

Must have Skills - 7+ years software development experience with emphasis on architecture 2+ years as Product Manager or Product Owner SaaS company experience Customer engagement experience (internal & external) SDLC familiarity Encryption and data protection experience Web product security expertise Ability to manage security-related features Strong stakeholder communication skills Experience with security frameworks (OWASP, NIST) Cross-functional team leadership API security knowledge . Good to Have Skills Knowledge of compliance standards (SOC2, ISO 27001, GDPR) Experience with threat modeling Background in cybersecurity or InfoSec Cloud security experience (AWS, Azure, GCP) Agile/Scrum methodologies Technical writing skills Security certifications (CISSP, CISM, etc.) Shifts in which the candidate will work - Primary: India time zone Secondary: Must be flexible to align with Israel time zone as needed Note : Role requires coordination between India and Israel time zones for stakeholder alignment and collaboration . Years of Experience - 9+ years total (7+ years development/architecture + 2+ years Product Management) .

This Position reports to: Head of Engineering In this role, you will have the opportunity to manage or coordinate cybersecurity aspects in development projects and activities. Each day, you will support strategic cybersecurity direction and future technologies, designs, architecture, and implementations. You will also showcase your expertise by acting as a primary contact in Research and Development, software development, and product engineering for cybersecurity-related matters. The work model for the role is: Hybrid #LI Hybrid This role is contributing to the Process Automation Business of Process Control Platform Division in Bangalore. You will be mainly accountable for: Oversee Cyber Security initiatives for the DCS development stream, covering the product portfolio and projects. Work with Cyber Security engineers across different development streams to implement the Cyber Security roadmap. Assist product development and project teams in meeting Cyber Security directives and requirements. Define and clarify product and system requirements related to Cyber Security. Ensure projects adhere to Cyber Security practices, including security assessments, threat modeling, static code analysis, system validation, security assurance tests, and handling of third-party software. Qualifications for the role: Senior Cyber Security professional with 8-12 years of hands-on technical expertise and excellent communication and collaboration skills. Bachelor's degree in Engineering (BE) or Technology (B.Tech). Security Development Lifecycle (SDL): In-depth knowledge of SDL for Control Systems, Network Security, and Industrial Automation Systems. Software Development: Hands-on experience in developing application/web software with encryption/decryption. Certificate Handling: Knowledge of certificate handling technologies and concepts. Architecture Development: Expertise in developing robust and secure architectures for products, risk assessment, and familiarity with product development processes (V-model and agile methodology). Relevant Technologies: Understanding of TCP/IP, OPC, Windows security concepts, cryptography, firewall technology, secure design, and development. Web Protocols: Good knowledge of HTTP/HTTPS protocols and other web-related technologies. Security Tools and Standards: Familiarity with tools like threat modeling, static code analysis, and relevant security standards (e.g., IEC62443).

You will consult and hands-on assist multiple teams in creating risk analyses (e.g. TARA) and performing Threat Modeling (STRIDE) You will guide, teach, and train teams on how to create secure software architectures Actively adapting the software development process to benefit from modern tools to enhance security (e.g., Static Code Analysis, Fuzzing, Security Testing Frameworks) You will drive project decisions to roll out security measures You will actively check source code and configurations for potential security issues and guide/train development teams on how to prevent identified issues Qualifications Basic requirements and Education University degree in computer science or a comparable field of study, ideally with a security focus Business fluent English Required Experience and Skills Deep technical understanding of best-practice security features and internals of Linux (SELinux, dm-verity, Secure Boot, ...) and Android (Application Sandboxing, Permission Model, Encryption, Debugging, Secure Coding Practices, Authentication and Authorization, ) Knowledge of isolation techniques and containerization mechanisms Experience in security source code reviews and active vulnerability hunting Professional experience in Threat Modeling (STRIDE), TARA and ISO 21434 A background in modern software development in C++ / Java / Kotlin on Linux / Android Keywords Automotive Security, Cyber Security, Android, Linux, Secure Coding, Threat Modeling,

About this Role: Wells Fargo is seeking a Senior Information Security Analyst. Responsibilities : This position is a Senior Information Security Analyst performing the role of an Application Security Champion who will be responsible for reviewing security requirements and security design submissions by application teams. Reviewing security requirements and security design submissions by application teams. Submissions will either be approved or rejected based on evaluation and comparison to systems of record. Provide information security consultation to improve awareness and compliance with Enterprise Application Security Program (EASP) policy, processes, and standards. Perform remediation of security assessment review issues and reporting to support EASP risk management. Provide guidance and direction in reviewing assessment findings and mitigating controls to optimize application security. Validate SAST, DAST and SCA scans and recommend the fix for application teams. Collaborate and consult with peers, colleagues, and managers to resolve issues and achieve goals. Interact with teammates across all Lines of Business. Required Qualifications: 4+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Skills: 2+ years of experience as application security champion 2+ years of experience in at least one of the following practices like Security Requirements, Application Threat Modeling, Static Analysis, Application Security Risk Assessments, Security Design requirements. Knowledge and experience in identifying and suggesting mitigations to OWASP top 10, CWE/SANS top 25 to development teams. Ability to manage multiple priorities in a fast-paced dynamic environment. Advanced problem solving skills, ability to develop effective long-term solutions to problems. Excellent verbal and written communication skills Excellent inter-personal skills contributing to cordial team environment Knowledge and understanding of secure SDLC (System Development Life Cycle) methodologies. Experience in drafting application security coding standards. Ability to manage highly complex issues and negotiate solutions. Knowledge and understanding of Application security threat management and mitigation domain. Application security experience with banking/financial services applications. Certified in Industry renowned certifications like CISSP, CSSLP, CEH etc. Job Expectations: This position will also be responsible to work with software development partners, business system consultants and LOB leads to perform security assessments on variety of applications to identify security defects and provide remediation recommendation by following the processes and policies. Submissions will either be approved or rejected based on evaluation and comparison to systems of record.

About The Role Project Role : Security Advisor Project Role Description : Provide enterprise-level advice to make organizations cyber resilient. Assist in navigating the complex landscape of cyber threats, ensuring robust digital asset protection while maintaining trust with stakeholders. Must have skills : Identity and Access Management (IAM) Operations Good to have skills : NAMinimum 2 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Advisor, you will provide enterprise-level advice to make organizations cyber resilient. Your typical day will involve engaging with various stakeholders to assess their security posture, identifying potential vulnerabilities, and recommending strategies to enhance their defenses against cyber threats. You will also collaborate with cross-functional teams to ensure that digital assets are protected while fostering trust and transparency within the organization. Your role will require you to stay updated on the latest cyber threats and trends, enabling you to offer informed guidance and support to your clients. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of security measures and recommend improvements.- Develop and deliver training sessions to enhance awareness of cyber security best practices. Professional & Technical Skills: - Must To Have Skills: Proficiency in Identity and Access Management (IAM) Operations.- Strong understanding of security frameworks and compliance standards.- Experience with identity governance and administration tools.- Knowledge of risk assessment methodologies and threat modeling.- Familiarity with incident response processes and procedures. Additional Information:- The candidate should have minimum 2 years of experience in Identity and Access Management (IAM) Operations.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :We are seeking a highly skilled and experienced Senior Threat Hunter with deep expertise in Microsoft Sentinel and Microsoft Defender for Endpoint (MDE). The ideal candidate will excel in advanced KQL query writing, hypothesis-driven hunting, detection engineering, and data visualization using Sentinel Notebooks and Workbooks. This role plays a critical part in proactively identifying threats, tuning detection logic, and enhancing our overall threat hunting capabilities.Key Responsibilities:- Write and optimize advanced KQL queries to detect malicious activities in Sentinel and MDE logs.- Conduct proactive threat hunting by forming hypotheses and correlating data across M365 Defender, Sentinel, and other sources.- Use Sentinel Notebooks (Azure ML/Log Analytics) and Workbooks to visualize hunt data and share findings with stakeholders.- Leverage MDE Advanced Hunting for in-depth endpoint telemetry analysis.- Integrate threat hunting with the MITRE ATT&CK framework, mapping TTPs and identifying gaps in coverage.- Collaborate with L3 analysts and detection engineers to fine-tune existing analytics rules and hunting queries.- Create and manage Sentinel Playbooks (Logic Apps) to automate threat response and investigation workflows.- Support continuous improvement of the threat detection lifecycle by contributing to new detection use cases and threat models.- Assist in Purple Team exercises and post-incident retrospectives by contributing hunt-driven insights. Professional & Technical Skills: - 5+ years of experience in cyber threat hunting, SOC operations, or detection engineering.- Strong proficiency in Kusto Query Language (KQL) with hands-on experience in Microsoft Sentinel and MDE.- In-depth knowledge of endpoint, network, and cloud telemetry (especially Microsoft ecosystem).- Experience using Sentinel Workbooks, Notebooks, and custom analytics rule creation.- Practical experience in hypothesis-driven threat hunting and developing custom detection rules.- Familiarity with MITRE ATT&CK framework and its use in mapping attacker TTPs.- Hands-on experience with Sentinel automation workflows using Logic Apps.- Microsoft SC-200:Microsoft Security Operations Analyst- Microsoft SC-100:Microsoft Cybersecurity Architect- GIAC GCFA/GCIA/GCED (or equivalent)- AZ-500:Microsoft Azure Security Technologies- OSCP (for offensive knowledge is a plus) Additional Information:- The candidate should have minimum 5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Information and Event Management (SIEM) Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to document the implementation of cloud security controls and facilitating the transition to cloud security-managed operations, ensuring that all security measures align with organizational objectives and compliance standards. You will engage in discussions to refine security strategies and provide guidance on best practices, contributing to a secure cloud environment that supports the organization's growth and innovation. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in cloud security.- Evaluate and recommend security tools and technologies to improve the overall security posture. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Information and Event Management (SIEM).- Strong understanding of cloud security principles and best practices.- Experience with security compliance frameworks such as ISO 27001, NIST, or CIS.- Ability to analyze security incidents and provide actionable insights.- Familiarity with threat modeling and risk assessment methodologies. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Information and Event Management (SIEM).- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

About The Role Project Role : Security Delivery Lead Project Role Description : Leads the implementation and delivery of Security Services projects, leveraging our global delivery capability (method, tools, training, assets). Must have skills : Security Penetration Testing Good to have skills : NAMinimum 12 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Delivery Lead, you will be at the forefront of implementing and delivering Security Services projects. Your typical day will involve coordinating with various teams to ensure the successful execution of security initiatives, utilizing global delivery capabilities, and ensuring that projects meet the highest standards of security and compliance. You will engage with stakeholders to understand their needs and provide tailored solutions, while also mentoring team members to enhance their skills and knowledge in security practices. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Expected to provide solutions to problems that apply across multiple teams.- Facilitate training sessions to enhance team capabilities in security practices.- Monitor project progress and implement necessary adjustments to meet objectives. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Penetration Testing.- Strong understanding of vulnerability assessment tools and techniques.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security frameworks and compliance standards.- Ability to analyze and interpret security logs and reports. Additional Information:- The candidate should have minimum 12 years of experience in Security Penetration Testing.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education