199 Threat Modeling Jobs - Page 7

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Product Security Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :Product Security Testing Specialist - IoT, Embedded Devices, Hardware, Medical Instruments and automotive connected cars securityWe are seeking a highly skilled and motivated Product Security Testing Engineer with 7-11 years of proven expertise in IoT, embedded devices, hardware medical instruments and automotive/connected car security. The ideal candidate will have a strong background in security testing methodologies, risk assessment, and a deep understanding of the unique challenges posed by IoT, medical devices and software defined vehicle. This role requires a practical approach to identifying, assessing, and mitigate security flaws in our products as well as expertise in leading and mentoring a group of product security experts. Roles & Responsibilities:Conduct and lead thorough security assessments of IoT devices, embedded systems, hardware components, and medical instruments.Conduct security assessments of connected car systems, including in-vehicle networks, infotainment systems, telematics, and communication interfaces.Identify vulnerabilities and weaknesses in the design, implementation, and configurations of automotive software and hardware components.Assess the security of in-vehicle communication networks, including CAN bus, Ethernet, and wireless protocols.Perform penetration testing, vulnerability assessments, and code reviews to identify security weaknesses.Evaluate the security of IoT ecosystems, including communication protocols, cloud interfaces, and firmware.Assess the security of embedded systems and identify potential vulnerabilities in both software and hardware.Perform hardware penetration testing to identify vulnerabilities in electronic systems.Assess the security of medical devices, ensuring compliance with industry regulations and standards.Identify and address security risks associated with healthcare information systems and connected medical instruments.Evaluate and prioritize security risks based on potential impact and likelihood.Provide recommendations and collaborate with cross-functional teams to implement effective security controls.Stay current with emerging security threats, vulnerabilities, and testing methodologies.Implement best practices for security testing and collaborate with development teams to integrate security into the development lifecycle.Document security testing processes, findings, and remediation recommendations.Generate comprehensive reports for stakeholders, including technical details and actionable insights. Professional & Technical Skills: Excellent communication skills, including the ability to convey complex security concepts to technical and non-technical stakeholders.Demonstrated proficiency in autonomously managing client relationships with a high level of independence and accountability.Experience of effectively leading teams of various sizes, ranging from small to large, and actively contributing to their skill development and upskilling.Ability to manage multiple tasks and deadlines.Hands on experience with penetration testing tools and methodologies.Proven experience in security testing with a focus on IoT, embedded systems, hardware, and medical instruments.Knowledge of secure coding practices and the ability to review code for security vulnerabilities.Familiarity with industry standards and regulations related to product security, such as ISO 27001, ISO/SAE 21434, UNECE WP.29, IEC 62443, UNR-155 and FDA cybersecurity guidelines.Experience with threat modeling and risk assessment frameworks.Familiarity with secure development practices for embedded systems.Understanding of regulatory requirements for medical device security.Strong understanding of networking protocols, encryption, and authentication mechanisms.- Additional Information:Bachelors or masters degree in engineering or computer science, Information Security, or a related field.Certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP).- 5 or more years experience require in cyber security field including penetration testing, thread modeling, hardware security.- This position is based at our Bengaluru office- A 15 years full time education is required. Qualification 15 years full time education

General Tasks: You will consult and hands-on assist multiple teams in creating risk analyses (e.g. TARA) and performing Threat Modeling ( STRIDE) You will guide, teach, and train teams on how to create secure software architectures Actively adapting the software development process to benefit from modern tools to enhance security (e.g., Static Code Analysis, Fuzzing, Security Testing Frameworks) You will drive project decisions to roll out security measures You will actively check source code and configurations for potential security issues and guide/train development teams on how to prevent identified issues General required knowledge/Skills/Background: University degree in Computer Science or a similar field of study Professional experience in Threat Modeling (STRIDE), TARA and ISO 21434 Experience in security source code reviews and active vulnerability hunting Deep technical understanding of best-practice security features and internals of Linux and Android Strong understanding of Linux Kernel Security features (SELinux, Secure Boot, Namespaces, cgroups, seccomp, KASLR, Stack protector, dm-verity / IMA-EVM, ...) A background in modern software development in C++ / Java / Kotlin on Linux / Android The ability to motivate, influence and convince multiple worldwide teams; ideally with experience creating and performing security trainings

Application & product security, including threat modeling and secure SDLC Cloud security (AWS/GCP/Azure), container security (Docker, Kubernetes & API protection DevSecOps- automation in IaC & CI/CD pipelines Scripting (Python/Shell), Linux security Required Candidate profile Sr Security Egr - 7+ yrs exp. to lead & enhance security across the SDLC. expertise in application security, threat modeling, cloud security (AWS/GCP/Azure), DevSecOps practices & strong communication

Dear Candidate, We are looking for an Application Security Engineer to identify, mitigate, and prevent security risks in software applications across the SDLC. Key Responsibilities: Conduct static and dynamic application security testing (SAST/DAST). Collaborate with development teams to integrate secure coding practices. Perform threat modeling, code reviews, and security assessments. Respond to security vulnerabilities and guide remediation efforts. Develop automated tools and CI/CD security checks. Required Skills & Qualifications: Strong understanding of OWASP Top 10 and secure software development. Experience with security tools (Burp Suite, Fortify, SonarQube, Checkmarx). Proficiency in at least one programming language (e.g., Java, Python, C#). Familiarity with DevSecOps and container security. Security certifications are a plus (e.g., CSSLP, OSWE, CEH). Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Role & responsibilities Application & product security, including threat modeling and secure SDLC Cloud security (AWS/GCP/Azure), container security (Docker, Kubernetes & API protection DevSecOps- automation in IaC & CI/CD pipelines Scripting (Python/Shell), Linux security Preferred candidate profile With more than 7+ years of Total industry experience Advanced experience in securing applications and application settings Advanced experience in app and product security Advanced understanding in securing cloud technologies Experience with technologies from at least one public cloud (AWS, GCP, Azure) Experience in securing containerization (Docker, K8s, etc) and API Experience with modern DevSecOps practices including implementing automated security in IaC and CI/CD pipelines Strong scripting skills Python/Shell Scripting experience Mid to advanced level Linux knowledge in a physical, virtual, or public cloud environment. Exceptional verbal and written communication skills are necessary to effectively collaborate with peers, and to present and explain highly technical information to stakeholders who may have limited technical knowledge. Bonus Points: CISSP, CASP+, GSLC, CISM certified. Qualifications Bachelor's or Master's degree in Computer Science, Engineering, or a related field.

About The Role Role Purpose The purpose of this role is to analyse, identify, rectify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information ? Do Ensuring customer centricity by providing apt cybersecurity Monitoring and safeguarding the log sources and security access Planning for disaster recovery in the event of any security breaches Monitor for attacks, intrusions and unusual, unauthorized or illegal activity Performs moderately complex log reviews and forensic analysis to identify unauthorized or unacceptable access to data or systems Conduct security assessments, risk analysis and root cause analysis of security incidents Handling incidents escalated by the L1 team in 24x7 rotational shifts Use advanced analytics tools to determine emerging threat patterns and vulnerabilities Completing all tactical security operations tasks associated with this engagement. Analyses all the attacks and come up with remedial attack analysis Conduct detailed analysis of incidents and create reports and dashboards Stakeholder coordination & audit assistance Liaise with stakeholders in relation to cyber security issues and provide future recommendations Maintain an information security risk register and assist with internal and external audits relating to information security Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues Advice and guidance to employees on issues such as spam and unwanted or malicious emails ? Deliver No. Performance Parameter Measure 1. Customer centricity Timely security breach solutioning to end users, Internal stakeholders & external customers experience 2. Process Adherence Adherence to SLA’s (90-95%), response time and resolution time TAT ? ? Mandatory Skills: Threat Modeling. Experience3-5 Years. Reinvent your world. We are building a modern Wipro. We are an end-to-end digital transformation partner with the boldest ambitions. To realize them, we need people inspired by reinvention. Of yourself, your career, and your skills. We want to see the constant evolution of our business and our industry. It has always been in our DNA - as the world around us changes, so do we. Join a business powered by purpose and a place that empowers you to design your own reinvention. Come to Wipro. Realize your ambitions. Applications from people with disabilities are explicitly welcome.

Project Role : Software Development Lead Project Role Description : Develop and configure software systems either end-to-end or for a specific stage of product lifecycle. Apply knowledge of technologies, applications, methodologies, processes and tools to support a client, project or entity. Must have skills : Automotive ECU Software Good to have skills : NAMinimum 5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As an Automotive Cybersecurity Engineer, you will play a critical role in ensuring the security and safety of the client's software. Roles & Responsibilities:1.Performing threat analyses and conduct risk assessments to identify potential vulnerabilities in automotive systems, software, and communication networks.2.Reviewing code and software designs to ensure compliance with security best practices and industry standards like ISO 21434 and UNECE R155/R156.3.Conducting penetration testing and vulnerability assessments to proactively identify and mitigate weaknesses in automotive embedded systems before they can be exploited.4.Developing and implementing incident response plans to effectively handle cybersecurity breaches or incidents and minimize potential damage. Professional & Technical Skills: 1.In-depth knowledge and practical experience with various vehicle systems, including telematics, CAN bus, remote entry/start, OTA, EV charging are highly desired.2.Familiarity with relevant security standards and regulations, such as ISO/SAE 21434, ISO 27001, NIST Cybersecurity Framework, and UNECE R155.3.Experience with security testing tools and techniques, such as penetration testing, vulnerability assessments, and threat modelling. Additional Information:- The candidate should have a minimum of 5 years of experience in Automotive ECU Software- This position is based at our Hyderabad office- A 15 years full-time education is required Qualification 15 years full time education

As an Application Security Specialist,youll play a vital role in building secure systems from the ground up. Workingclosely with engineering, compliance, and DevOps teams, you will ensure ourapplications meet rigorous security and regulatory standards across globaljurisdictions. Your Impact on the Mission: Integrate security into the Software Development Lifecycle (SDLC) , embedding security controls at every phase. Conduct threat modeling , secure code reviews , and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR , NIS2 , PCI-DSS , and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain , improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience ofcloud-native and third-party platforms. What Youll Bring to The Table About You: 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10 , SAST/DAST , threat modeling , and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite , OWASP ZAP , SonarQube , Checkmarx , or similar. Preferred Certifications Industry-recognized certifications are a plus, including: OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks Compliance Working knowledge of: OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation

You are responsible for adhering to the defined operating procedures and guidelines in operating the application security services in the Managed Services model, which includes the following: o Understand and be compliant with the Service Level Agreements defined for the DevSecOps services; o Understand and deep knowledge of application security engineering principles, and helping clients development team and function to follow secure development practices which includes primarily monitoring and performing the security design review, architecture review, threat modeling, security testing, secure code review, secure build processes; o Well versed with the application deployment and configuration baselines, and understanding of how the application environment operates in a secure environment and how exceptions are handled during operations; o Facilitate use of technology-based tools or methodologies to continuously improve the monitoring, management and reliability of the service; o Perform manual and automated security assessment of the applications; o Involved in triaging and defect tracking process with the development team and helping the team to fix issues at the code level based on the priority of the tickets; o Be a liaison between the Application development and infrastructure team, and integrate the processes between infrastructure monitoring and operations processes with the secure development/testing and management processes; o Identifying, researching and analyzing application security events which may include emerging and existing persistent threats to the client's environment; and o Performing active monitoring and tracking of application related threat actors and tactics, techniques and procedures (TTPs), that could likely cause an impact to client organization

Primary Skill Roles and responsibilities Work within the Cyber security domain, focusing on the Automated security testing part of our services and improving overall security posture of products and systems for assigned business domain. You will be part of an agile team, constantly improving and automating the security posture of the cloud infrastructure at IKEA. You will partner with and support the IKEA engineering community to build secure infrastructure at scale. You will perform threat modeling and security risk assessments. Understanding of security compliance requirements such as GDPR, NIS2, ISO27000. You will build and operate reliable tooling to increase the visibility of cloud environments and remediate security misconfigurations. You will be a valued member of the team, providing sound perspectives on infrastructure security as well as secure software development. You will be part of the IKEA Cyber Security organization, with a lot of room to grow and develop your skills, knowledge, and experience. Experience utilizing CI/CD practices to Automate security testing tools like SAST (Static Application Security Testing), SCA (Software Composition Analysis), IaC scanning or Container scanning tools in GitHub, Azure DevOps etc. Secondary Skill Experience in cloud native environments and preferably Google Cloud Platform or Azure. Experience in working with REST APIs and API security. You have good infrastructure security experience and are passionate about reducing security risks in the cloud. You have experience with threat modeling, security design reviews, and security architecture. Experience with CI/CD pipelines (preferably Github actions), Kubernetes and infrastructure Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders.

Overview Omnicom Global Solutions is an integral part of Omnicom Group, a leading global marketing and corporate communications company. Omnicom’s branded networks and numerous specialty firms provide advertising, strategic media planning and buying, digital and interactive marketing, direct and promotional marketing, public relations, and other specialty communications services to over 5,000 clients in more than 70 countries. OGS India plays a critical role for our group companies and global agencies by providing stellar products, solutions, and services across Creative Services, Technology, Marketing Science (Data & Analytics), Advanced Analytics, Market Research, Business Support Services, Media Services, and Project Management. With over 4000 talented colleagues in India, we are growing rapidly and are looking for professionals like you to help build the next chapter of our journey. Responsibilities Conduct cybersecurity and privacy risk assessments in alignment with internal frameworks and regulatory requirements. Engage with risk owners and business stakeholders to manage and mitigate identified risks. Develop and present risk reports to senior leaders and governance forums. Advise on cybersecurity architecture and leading practices to strengthen the enterprise risk posture. Assist global agency teams and networks with compliance to cybersecurity regulations and requirements. Monitor the global threat landscape and identify emerging risks; implement proactive control measures. Contribute to the maintenance and effectiveness of the Information Security Management System (ISMS). Participate in risk governance, compliance programs, and strategic risk reduction initiatives. Qualifications 3–5 years of experience in information risk management, cybersecurity, or GRC domains. Proficiency in risk assessment methodologies, threat modelling, and risk mitigation practices. Strong knowledge of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, CIS, GDPR). Experience preparing risk reports and dashboards for leadership audiences. Excellent collaboration and stakeholder engagement skills across global teams. Analytical mindset with the ability to evaluate and prioritize risks effectively. Preferred Qualifications Industry certifications such as CRISC, CISM, CISSP, ISO 27001 Lead Implementer, or similar. Exposure to cloud security risk and compliance monitoring tools. Experience working within enterprise ISMS or regulatory compliance programs .

Key Responsibilities: • Design and review secure systems and application architectures. • Lead threat modeling, risk assessment, and attack surface analysis. • Advise project teams on security best practices throughout SDLC. • Use SD Elements to capture risks, track remediation, and ensure traceability. • Contribute to architecture boards and governance processes. • Validate secure design for cloud, hybrid, and on-premises environments. Required Skills & Experience: • 7- 9 years in Information Security or related architecture roles. • Experience in VAPT (execution & remediation). • Strong knowledge of application security, secure SDLC. • Hands-on with SD Elements (mandatory). • Expertise in TOGAF, SABSA, or NIST architecture frameworks. • Cloud Security (preferably Azure), DevSecOps knowledge. Certifications (Mandatory/Preferred): • Mandatory: CISSP • Preferred: AZ-500, CCSP Tools/Frameworks Knowledge: • SD Elements, ThreatModeler, Microsoft Defender • TOGAF, SABSA, NIST CSF, OWASP Top 10, MITRE ATT&CK Email ID: akila.s@acesoftlabs.com

Preferred Candidate Profile:- Bachelors degree in Computer Science, Information Security, or related field. 3-6 years of experience in DevOps or Security Engineering roles. Relevant certifications such as CISSP, CEH, Security+ (preferred). Hands-on experience with cloud security across AWS, Azure, or GCP . Proficiency in scripting languages such as Python, Java, or Bash . Strong understanding of DevSecOps practices , threat modeling, and risk assessment. Excellent problem-solving skills and the ability to work in a fast-paced, collaborative environment.

Conduct threat modeling, enforce Secure SDLC, embed security in CI/CD pipelines, and collaborate with teams to identify risks and drive remediation early in the development lifecycle. Required Candidate profile Candidate should have a Bachelor's in CS or related field with strong knowledge of AppSec, DevSecOps, and secure coding practices.

We are seeking an experienced Product Security professional with a background in Manufacturing or Electronics Manufacturing industries (candidates from IT industry will not be considered). The role involves ensuring the safety and security of personnel, property, and assets within our manufacturing facilities by enforcing stringent security protocols and managing security personnel effectively. Key Responsibilities: Manage checkpoint operations and building access control to maintain a secure facility environment. Enforce security protocols and standard operating procedures across the manufacturing premises. Coordinate security for public safety involving customers, VIPs, government officials, and vendors. Conduct shift-wise inspection of emergency exit doors and checkpoint doors for compliance and safety. Perform regular perimeter and internal patrolling to prevent security breaches. Lead investigations related to security violations, unauthorized entry, theft, process violations, and suspicious materials found on-site. Maintain guard profiles and ensure accurate documentation. Oversee guard recruitment, retention strategies, training, and deployment plans to maintain an effective security workforce. Liaise with guard vendors for service quality and contract management. Address guard welfare concerns and resolve grievances. Design and implement guard incentive programs to motivate the security team. Conduct regular guard assessments to ensure performance standards and compliance. Required Profile: 6 to 13 years of relevant experience in security management within Manufacturing or Electronics Manufacturing industries. Strong understanding of physical security, access control, and emergency protocols specific to manufacturing environments. Proven experience in managing security personnel and vendor relationships. Ability to conduct investigations and enforce compliance effectively. Excellent communication and stakeholder management skills. Strong organizational and documentation skills. Proactive and detail-oriented approach to security challenges.

Following are the details: ANZEN Technologies Private Limited stands as an unparalleled powerhouse, empowering organizations across industries with our visionary services, cutting-edge solutions, and ground-breaking services in the realm of Cyber Security, IT Governance, Risk Management, and Compliance. As your trusted partner, we offer a comprehensive suite of End-to-End security services and consultancy, tailored to safeguard critical infrastructure installations, elevate the standards of BFSI, eCommerce, IT/ITES, Pharmaceuticals, and an array of other sectors. Job Summary: We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies. Key Responsibilities: Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Execute full-scope Red Team engagements, including phishing, social engineering, and network penetration. Simulate advanced hacking techniques and replicate adversary tactics to uncover security weaknesses. Develop, extend, or modify exploits, shellcode, or tools to simulate sophisticated attacks. Perform reverse engineering of malware (advantageous but not mandatory). Write clear and actionable reports outlining vulnerabilities, exploitation techniques, and remediation strategies. Stay updated on the latest cyber threats, attack methods, and emerging technologies. Qualification: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Skills : Excellent communication and collaboration skills. Red Teaming, VAPT, Application Security (Web/Mobile/API), Red Teaming and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as Burp Suite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modelling and secure coding practices. Strong understanding of TTPs, threat modelling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques. Preferred Certificates : OSCP, CRTP, eWPTX, Security+, CREST, CRTO Job Location : Mumbai/Navi Mumbai Job Mode : Work from Office Need an immediate Joiner who may join by 15th June, 2025

We are seeking an experienced, strategic, and hands-on Manager - Product Security to lead a growing team of penetration testers supporting BMCs IZOT product line. This team focuses on offensive security assessments across mainframe-based solutions and modern application ecosystems. Leadership & Management Lead and mentor a team of penetration testers with diverse skill sets (mainframe, distributed, web, and cloud security). Define and execute the teams roadmap, goals, and priorities in alignment with product and organizational objectives. Foster a culture of innovation, continuous learning, and technical excellence in security testing. Manage staffing, performance, and career development of team members. REQUIRED SKILLS: Bachelor's or master's degree in computer science, Information Security, or related field. 8+ years in cybersecurity roles, with 3+ years in technical leadership or management capacity. Proven experience leading or performing penetration testing on both mainframe and modern platforms. Demonstrated experience conducting red team-style assessments or advanced threat emulation on mainframe and modern systems. Proficient in tools such as: Mainframe utilities: REXX, ISPF, JCL Security tools: Nmap, Burp Suite, Wireshark, custom scripts Proficient in scripting and automation skills (Python, REXX, Bash, or similar). Experience delivering technical and executive-level security reports. Strong communication and leadership skills, with a proven ability to lead technical teams or projects. Experience producing board-level reports and presenting findings to senior stakeholders. Exposure to hybrid environments (mainframe to cloud integrations, modernization efforts). Familiarity with modern enterprise integration methods (REST, SOAP, MQ, FTP) that interface with mainframe services.

Job Title: Senior Security Engineer Medical Device Cybersecurity & Compliance Experience Level: 5 to 10 years Location- Ahmedabad/Pune Key Responsibilities: Drive end-to-end cybersecurity integration across the medical device product development life cycle, ensuring security is embedded from concept to release. Develop and maintain cybersecurity for medical products, including security requirements specifications, risk assessments, threat models, and product security architecture documentation. Conduct thorough gap assessments to evaluate compliance with IEC 81001-5-1, IEC 60601-4-5, AAMI TIR 57, and AAMI TIR 97 standards, and implement remediation measures. Perform hands-on vulnerability assessments, penetration testing, and secure code reviews of embedded devices, IoMT (Internet of Medical Things) components, and connected systems. Collaborate closely with development, compliance, and regulatory teams to ensure product security measures meet both internal security policies and external regulatory expectations. Support SBOM management, software supply chain risk evaluations, and third-party component analysis to maintain software transparency and mitigate risks. Provide expert input on secure communication protocols, encryption standards, data protection for both at-rest and in-transit data, and cloud-based connectivity of medical systems. Assist in developing incident response strategies and bring working knowledge of HIPAA, GDPR, and HL7 to address data privacy and healthcare-specific regulatory concerns. Contribute to the continuous enhancement of internal secure development processes, tools, and methodologies, while championing security best practices within product teams. We are inviting applications from candidates who can join 15 to 30 days notice. Interested candidates please email your latest updated resume to: ravindra.m@creenosolutions.com For more details please free to reach out to RAVINDRA @ 6305363701

Project Role : Tech Delivery&Op Excellence Practitioner Project Role Description : Understand how to deliver value to clients, and use that commercial competency to apply methods or certifications appropriately. Attention to detail and deep expertise allow them to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Must have skills : Governance Risk Compliance (GRC) Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Tech Delivery & Op Excellence Practitioner, you will understand how to deliver value to clients and apply methods or certifications appropriately. Attention to detail and deep expertise allow you to see inherent risks or improvement opportunities that others may not. Work directly with client teams to ensure a high standard of delivery and operational excellence are met. Key responsibility:- Risk and Compliance senior Analyst works with the Application service delivery organization and other compliance related functions to help:- Perform audits/reviews to assess risks in Application development and maintenance service environment- Manage risk in Application development and maintenance service to an acceptable level - Increase the level of awareness of and compliance with policy and process related matters - Support successful completion of various external compliance certification programs and internal compliance assessments- Introduce continual improvement including lessons learned from matters requiring intervention- This successful candidate for this role will be a member of a dedicated team operating a Controls and Compliance function, which will perform audit style reviews of Application Development & Maintenance Services outsourcing engagements covering compliance matters and operational service management and service delivery good practice.Must-Have Skills/ Qualifications:- Minimum of 1-year experience in Auditing principles and practices (sample qualifications*:CISA, ISO 27001 Lead Auditor)- Minimum of 1-year experience in Application security/audit roles in Application development & maintenance service industry(sample qualifications*:EC-Councils CASE (Certified Application Security Engineer), CEH(Certified Ethical Hacker), - Agile Methodology( Certified Scrum Master), DevOps Certification, CMMI for Development- Knowledge of secure SDLC models, secure coding standards, OWASP Top 10, threat modeling, SAST(Static Application security testing), DAST (Dynamic Application security testing), single sign on, Encryption - Minimum of 1-year experience in Operational compliance requirements)- Contract Management / Service Reporting(including Service Level Agreements and Operational Level Agreements)- Risk management or assessment (sample qualification*:CRISC)- Knowledge of cloud environment and services (sample qualification*:Microsoft Azure/AWS/Google Certifications)- Team and stakeholder managementNice-to-Have Skills/ Qualifications:- Data privacy and protection (sample qualifications*:CIPM, CIPT, CIPP)- CISSP*, CISM*, CISA*, CCSK*, CCSP*- SOC1 and SOC2 (SSAE16 / ISAE3402) awareness- Business Continuity and Disaster Recovery awareness (ISO 22301) Professional Attributes:1:Good communication2:Teamwork3:Problem Solving Capabilities4:Work Planning and Management 5:Quick Learner6:Eager to take on responsible task7:Dedicated and Focused Educational Qualification:1:MBA-Information Security/ IT2:BE/B-Tech with CS/IT/related domain3:BSc- IT Additional Information:(i.e., travel, overtime %)1:Occasional within country travel 2:Flexibility in working hours Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Cyber Threat Intelligence Good to have skills : NAMinimum 3 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting security controls, and transitioning to cloud security-managed operations, all while ensuring compliance with industry standards and best practices. You will engage in discussions to refine security strategies and provide insights that enhance the overall security posture of the organization. Roles & Responsibilities:- Expected to perform independently and become an SME.- Required active participation/contribution in team discussions.- Contribute in providing solutions to work related problems.- Conduct regular assessments of cloud security measures to identify potential vulnerabilities and recommend improvements.- Collaborate with cross-functional teams to ensure alignment of security practices with business objectives. Professional & Technical Skills: - Must To Have Skills: Proficiency in Cyber Threat Intelligence.- Strong understanding of cloud security principles and frameworks.- Experience with threat modeling and risk assessment methodologies.- Familiarity with security compliance standards such as ISO 27001, NIST, and GDPR.- Ability to analyze and respond to security incidents effectively. Additional Information:- The candidate should have minimum 3 years of experience in Cyber Threat Intelligence.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Security Threat Hunting Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Your typical day will involve collaborating with various teams to assess security needs, documenting the implementation of cloud security controls, and overseeing the transition to cloud security-managed operations. You will engage in strategic discussions to align security measures with organizational objectives, ensuring a robust security posture in the cloud environment. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills in security practices.- Evaluate emerging security technologies and recommend improvements to existing security frameworks. Professional & Technical Skills: - Must To Have Skills: Proficiency in Security Threat Hunting.- Good To Have Skills: Experience with cloud security tools and frameworks.- Strong understanding of risk assessment methodologies and threat modeling.- Familiarity with compliance standards such as ISO 27001, NIST, and GDPR.- Experience in incident response and security operations. Additional Information:- The candidate should have minimum 7.5 years of experience in Security Threat Hunting.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : Red Teaming Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :As a Security Architect, you will oversee the strategic planning and execution of red team operations to emulate real-world threats and uncover security weaknesses across the organization. Your typical day will involve planning, scoping and conducting red team operations, including social engineering, network exploitation, and post-exploitation activities along with leading a team of offensive security experts, and aligning red team efforts with business risk priorities. You will work closely with incident response, and threat intelligence teams to identify detection gaps and provide actionable insights, ensuring the organization remains prepared against evolving threats, while fostering a culture of continuous learning and adversary-aware defense. Roles & Responsibilities:- Expected to be an SME.- Collaborate and manage the team to perform.- Responsible for team decisions.- Engage with multiple teams and contribute on key decisions.- Plan, scope, and execute red team exercises simulating real-world attack scenarios.- Perform threat modeling and adversary emulation exercises based on MITRE ATT&CK framework.- Conduct internal and external penetration tests, including physical security and social engineering engagements.- Design and deliver phishing campaigns and other social engineering attacks to test human security posture.- Establish and manage command-and-control (C2) infrastructures using tools like Cobalt Strike.- Perform post-exploitation tasks including lateral movement, Active Directory (AD) exploitation, privilege escalation, and data exfiltration.- Identify gaps in detection and response capabilities and provide detailed reports and remediation recommendations.- Collaborate with Blue Team and Incident Response to enhance organizational defense.- Continuously research emerging threats, TTPs, and contribute to the development of new testing methodologies.- Provide solutions to problems for their immediate team and across multiple teams.- Facilitate training sessions to enhance team knowledge and skills.- Monitor and evaluate the effectiveness of security measures and recommend improvements. Professional & Technical Skills: - Deep understanding of red team tactics, techniques, and procedures (TTPs) align with MITRE ATT&CK framework.- Proven experience in conducting end-to-end red team engagements across different environments (on-prem, cloud, hybrid).- Proficient with red team tools such as Cobalt Strike, Mythic, Metasploit, Bloodhound, Sharp hound, PowerShell Empire, Impacket- Expertise in EDR/AV evasion techniques, custom payload development, and OPSEC-aware operations.- Skilled in Active Directory attacks, Kerberoasting, Pass-the-Hash/Ticket, and Golden/Silver ticket attacks.- Proficient in hardware-based and physical attack techniques including Rubber Ducky payload deployment, planting rogue devices such as LAN Turtle, Raspberry Pi, NAC bypass. Executing Wi-Fi attacks like Evil Twin attacks, and RFID cloning for physical access simulation and red team engagements.- Strong knowledge of data exfiltration methods and covert communication channels.- Experience with phishing toolkits and infrastructure for social engineering campaigns.- Familiarity with scripting and automation using PowerShell, Python, or Bash.- Comfortable working under strict ethical and legal boundaries, with a strong focus on operational safety. Additional Information:- The candidate should have minimum 7.5 years of experience in Red Teaming.- Certifications- OSCP, OSEP, CRTP, CRTE, CRTO.- This position is based at our Bengaluru office.- A 15 years full time education is required. Qualification 15 years full time education

Skill Description Experience in working with Bluetooth profiles and ability to do analyze air traces to root cause issues Experience in Automotive Infotainment Domain Experience in Modern C++14/17, OOPs, Design patterns . Knowhow with coding guidelines/standards (e.g. MISRA C/C++, CERT C/C++) Experience in Multi-Threading, IPC, RPCThrift, DBUS, gRPC , Sockets. Experience in Build tools like Make, CMake and Git workflow. Experience in Linux, GDB, Valgrind, System Debugging skills. Experience with Test-Driven Development, Google-Test, Robot Framework, Python. Shell Understanding Infotainment System Architecture, Design Principles. Know how on Agile Frameworks and toolsScrum/Kanban, JIRA, Confluence, TMX, R4J Nice to have Experience with Embedded Linux / Yocto/ QNX Knowledge of ASPICE V-Model Processes. Understanding/Experience in containers, hyper visor, virtualization. Experience in Media player, Bluetooth, IAP, Android auto, Device manager , Remote UI. Experience with DevOps-CI/CD. Experience with AppArmour, Threat Modeling, TrustZone, Ability to understand and address Bluetooth security vulnerabilities reported by various research organizations. Works in the area of Software Engineering, which encompasses the development, maintenance and optimization of software solutions/applications.1. Applies scientific methods to analyse and solve software engineering problems.2. He/she is responsible for the development and application of software engineering practice and knowledge, in research, design, development and maintenance.3. His/her work requires the exercise of original thought and judgement and the ability to supervise the technical and administrative work of other software engineers.4. The software engineer builds skills and expertise of his/her software engineering discipline to reach standard software engineer skills expectations for the applicable role, as defined in Professional Communities.5. The software engineer collaborates and acts as team player with other software engineers and stakeholders. Skills (competencies) Verbal Communication

Are you a skilled penetration tester looking for an exciting new opportunity to take your career to the next level? Join our dynamic cybersecurity team, where youll have the chance to work on cutting-edge projects, including cloud security, reverse engineering, threat modelling, and product security . Who we are? Payatu is an ISO certified company where we strive to create a culture of excellence, growth and innovation that empowers our employees to reach new heights in their careers. We are young and passionate folks driven by the power of the latest and innovative technologies in IoT, AI/ML, Blockchain, and many other advanced technologies. We are on the mission of making Cyberworld safe for every organization, product, and individual. What we look for outside work parameters? Your expertise is your primary qualification, not your degree or certification. Strong leadership qualities, plan, monitor and manage activities for self and team. Passion to deliver the promised service. Motivated, self-starter individual with high level of integrity, intensity, and activity with a can-do attitude. Ability to understand Organization objectives and execute them accordingly. Disciplined process-oriented work style and ability to work independently You are a perfect technical fit if: Advanced knowledge of common penetration testing tools (Burp Suite, Metasploit, Wireshark, etc.).Proficient in reverse engineering tools (IDA Pro, Ghidra, Binary Ninja, etc.).Deep understanding of cloud-native security issues and technologies (containers, Kubernetes, serverless, etc.).Strong knowledge of application security principles, including OWASP Top 10, secure coding practices, and common vulnerabilities.Understanding of product security practices and secure software development life cycles. You Have All Our Desired Qualities, if: Minimum 5+ years of hands-on experience in penetration testing, security research, or related fields. Proven track record in performing complex security assessments on cloud environments (AWS, Azure, GCP), thick client applications, and enterprise systems. Experience with reverse engineering (static and dynamic analysis) of software and binaries. Expertise in threat modelling, risk assessment, and security design for software products. Extensive experience in vulnerability analysis and exploitation techniques across diverse platforms. Deep understanding of: Web application and API vulnerabilities (e.g., SQLi, XSS, IDOR) Mobile app security (reverse engineering, instrumentation) Network and infrastructure testing Cloud security misconfigurations and privilege escalation AI/LLM attack vectors (prompt injection, model extraction, data poisoning, etc.) Your everyday work will look like: Lead penetration tests on cloud infrastructures (AWS, Azure, GCP), thick client apps, and enterprise systems. Conduct security research and vulnerability assessments on cloud platforms. Collaborate with product teams and clients to create threat models, identifying risks, vulnerabilities, and attack vectors with clear, actionable insights. Reverse-engineer binaries, software, and applications to uncover vulnerabilities, develop exploits, and improve product security. Assess and advise on security throughout the product lifecycle, from design to deployment, ensuring robust security measures. Develop custom security tools and scripts to improve testing efficiency and address new vulnerabilities. Stay updated on emerging threats, attack techniques, and security trends, sharing insights with the team to maintain cutting-edge expertise. Certifications : Offensive Security Certified Professional (OSCP) or similar certifications such as CEH, CRTP, OSCE, or CISSP.Additional certifications or training in cloud security, reverse engineering, or product security are a plus. Soft Skills: Excellent communication skills to present findings and security concepts clearly to both technical and non-technical stakeholders.Strong problem-solving skills with the ability to think creatively and develop solutions to complex security challenges.Leadership capabilities to mentor and guide junior security consultants and researchers.Ability to work independently and manage multiple projects effectively under tight deadlines. Preferred Qualifications: Experience in developing custom security tools or exploits.Experience with threat hunting or advanced adversarial techniques.Familiarity with advanced attack frameworks like MITRE ATT&CK.

About the Role :We are seeking a highly motivated and skilled Security Firmware Engineer to join our team and contribute to the development of cutting-edge security solutions. In this role, you will be responsible for designing, developing, and maintaining firmware for our security subsystems, ensuring the highest levels of security and reliability.Key Responsibilities :Design, develop, and maintain firmware for security subsystems, including but not limited to : - Root of Trust - Trusted Platform Module (TPM/fTPM) - Widevine DRM - Develop and implement secure boot and attestation mechanisms. - Integrate security features into existing firmware and hardware platforms. - Perform thorough code reviews and unit testing to ensure code quality and security. - Troubleshoot and debug firmware issues. - Collaborate with cross-functional teams (hardware, software, security) to ensure seamless integration and system-level security. - Stay abreast of the latest security threats and vulnerabilities, and implement mitigation strategies. - Contribute to the development and maintenance of security policies and procedures.Required Skills : Mandatory : - Very strong in C language programming and debugging - Working knowledge of git/gerritKey Skillsets : - Good knowledge about silicon security subsystem / policy, root of trust, TPM/fTPM, Widevine - Good knowledge of trusted applications and handshake - Experience with embedded systems development and debugging. - Strong understanding of security principles and best practices. - Experience with security protocols (e.g., TLS, SSL, IPsec). - Excellent problem-solving and analytical skills. - Strong communication and collaboration skills.