489 Threat Modeling Jobs - Page 9

As a Penetration Tester, you will be responsible for conducting and coordinating comprehensive Attack Surface Discovery, Penetration tests, and Cloud on system and network levels using advanced ethical hacking techniques. Your role will involve Application Penetration Testing (Browser-based, API, Mobile, IoT), Threat Modeling, and Source Code Review. You will perform penetration testing on web applications and APIs to identify, assess, and report vulnerabilities. Additionally, you will conduct red team exercises to identify weaknesses in clients" infrastructure and provide remediation solutions. You will be required to organize and deliver technical security operational briefings for both technical and non-technical audiences. Setting scope, objectives, and timelines for penetration testing engagements, leveraging data to create useful metrics, and performing dynamic application security testing (DAST) scans are also part of your responsibilities. Furthermore, you will play a critical role in building an AppSec program with a wide scope and impact by researching open-source emerging technologies and developing required frameworks for red team exercises. To qualify for this role, you should have a Bachelor's degree in Engineering or a closely related field with certifications like OSCP, CEH, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN being desirable. A total of 4+ years of experience is required, along with knowledge and experience in offensive security certifications, secure development life cycle, common vulnerabilities, application attack vectors, security testing processes, and network security protocols. You should have familiarity with common threat tactics and tools such as Nmap, Metasploit, Kali Linux, Burp Suite Pro, CobaltStrike, App Detective, and Web Inspect. Experience in cloud service penetration testing, mobile platform penetration testing, and microservices testing will be beneficial. Additionally, you should possess the ability to find and exploit bugs in various programming languages and cloud platforms. Personal attributes required for this role include being a self-starter, quick learner, excellent analytical and communication skills, self-motivated, detail-oriented, and able to effectively prioritize tasks in a high-pressure environment. Strong interpersonal skills to collaborate cross-functionally across the organization are essential. This is a full-time contractual/temporary position with a duration of 6 months, requiring work to be conducted in person at the Hyderabad location. If you meet the qualifications and are interested in this opportunity, please contact the employer at +91 9966773665.,

As a Principal Security Architect at Kshema General Insurance, you will be a vital part of our security organization, reporting directly to the Chief Technology Officer. Your primary responsibility will be to shape and implement the cloud security strategy for Kshema across a wide range of evolving technologies. Your role will involve collaborating closely with development teams, product teams, and various departments within the organization to seamlessly integrate security into the entire application delivery lifecycle from initial design to deployment. You will be instrumental in defining security requirements, conducting application security assessments, and providing developers with guidance on security remediation. Your key duties and responsibilities will include working independently with different teams to ensure secure design, development, and implementation of applications and networks. You will actively participate in engineering projects to identify and address threats and vulnerabilities within our cloud infrastructure. Additionally, you will play a crucial role in defining cybersecurity requirements, conducting security design reviews, and providing recommendations for remediation to system administrators. To excel in this role, you must demonstrate deep expertise in cloud platforms such as Azure, AWS, or Google Cloud Platform (GCP) and possess a strong understanding of native security services. Your responsibilities will also include designing secure cloud architectures, implementing encryption and key management practices, and integrating security into CI/CD pipelines and infrastructure as code. Furthermore, you will be required to conduct threat modeling, risk assessments, and security reviews for cloud workloads, as well as develop and drive the cloud security strategy aligned with business objectives. Your role will involve creating architecture diagrams, security design documents, and collaborating with the Chief Information Security Officer (CISO) on evaluating technology initiatives and projects. Minimum Requirements: - Bachelor's degree in computer science or related field - 10+ years of cybersecurity experience, with at least 4 years focused on cloud security architecture - Proven experience in Azure and/or AWS - Strong knowledge of DevSecOps practices, container security, and serverless architectures - Familiarity with compliance frameworks such as NIST, ISO 27001, SOC 2, HIPAA, and PCI-DSS - Relevant certifications (e.g., AWS Certified Security Specialty, Azure Security Engineer Associate, CISSP) - Hands-on experience with threat modeling and knowledge of common security vulnerabilities and attack vectors Preferred Experience: - Experience in regulated industries - Strong communication and leadership skills - Experience leading security architecture programs at the enterprise level - Experience with container security platforms and Infrastructure as Code As a Principal Security Architect at Kshema General Insurance, you will have the opportunity to make a significant impact on our cloud security strategy and drive the implementation of cutting-edge security solutions across the organization.,

Choosing Capgemini means choosing a company where you will be empowered to shape your career in the way you'd like, where you'll be supported and inspired by a collaborative community of colleagues around the world, and where you'll be able to reimagine what's possible. Join us and help the world's leading organizations unlock the value of technology and build a more sustainable, more inclusive world. We are hiring Product Security Architects Medical across PAN India for experienced professionals with 6 to 15 years of experience. Your role will involve evaluating software/product architecture to ensure security is embedded at the design phase, developing cybersecurity artifacts such as threat models, and leading mitigation discussions. You will support engineering teams in triaging and resolving identified product vulnerabilities, coordinate internal and external security and privacy assessments including VAPT, and assist in formulating and implementing product security and privacy policies, standards, and procedures. In addition, you will ensure compliance with defined security and privacy requirements, verify the effectiveness of protection measures, guide the resolution of security audit findings, and ensure timely closure. Providing strategic security risk management and advisory support for product and information security, participating in incident response, and assessing the risk and impact of security breaches will also be part of your responsibilities. You will review engineering changes, new services, and feature requests for security implications and collaborate with tech leads and architects to ensure secure product development. Your profile should include strong experience in application, mobile, network, OS, and cloud security, proficiency in AWS security including AWS Solution Architect Associate and Security Specialty certifications, hands-on expertise in static/dynamic code analysis, container security, and Kubernetes. Familiarity with security frameworks and standards like NIST 800-53, CIS/STIG, HI-TRUST, and SOC2 is required, along with knowledge of cryptography, PKI, OAUTH, 2FA, and secure software development lifecycle (SDLC). Joining Capgemini will offer you the opportunity to shape cutting-edge projects in tech and engineering with industry leaders.,

You will be joining STL Digital, a global IT Services and Consulting company focused on enabling enterprises to embrace digital transformation. As part of our team, you will play a crucial role in engineering experiences that deliver value, combining the agility of a startup with the stability of an established enterprise. Our culture is deeply rooted in four core values: 1. Respect for Individuals: We highly value the unique perspectives and contributions of every team member. 2. Hunger to Learn: We foster an environment that promotes continuous growth and development. 3. Promises Delivered: We are dedicated to fulfilling our commitments and ensuring trust among our clients. 4. Keep it Simple: We aim for clarity and efficiency in all aspects of our work. In this role as a Product Security Analyst, you will work remotely with a minimum of 3 years of experience in performing security design reviews and threat modeling of products and features. Your expertise should encompass web and network security, along with proficiency in at least one of the following languages: Ruby, Go, or Python. Additionally, exposure to blockchain security will be beneficial for this position. Join us in this exciting journey as we collaborate with our 25+ Global Customers to shape the future of technology together.,

As a Product Manager at Qualys, you will play a pivotal role in driving the strategy and execution of our Connectors to unlock new use cases by integrating Qualys with 3rd Party Application Security Solutions. Your expertise in application security and proactive approach will enable global enterprise customers to seamlessly integrate their app security data with Qualys ecosystem. You will collaborate closely with cross-functional teams including engineering, product design, product marketing, sales, and solution engineering teams, while interfacing with product leadership in a globally distributed environment. Key Responsibilities: - Define and execute the product strategy and roadmap for Qualys connectors based on company goals, customer feedback, industry trends, competitive analysis, and market research. - Collaborate with engineering, UX/UI, and program management teams to prioritize, iterate, and refine product plans for on-time delivery. - Attend and drive engineering grooming sessions and regular scrum meetings to provide PM input and track progress. - Engage with customers to gather feedback, run beta programs, and validate product features before general availability. - Support the Sales team with product pitches, demos, and enablement for key accounts and strategic opportunities. Requirements: - Background in solution engineering, product development, business analysis, Integration architect, and Implementation consultant. - Deep understanding of application security, secure coding standards, threat modeling, static and dynamic analysis, and software composition analysis. - Hands-on experience or strong understanding of AppSec tools and platforms such as Veracode, Checkmarx, Fortify, SonarQube, GitHub Advanced Security. - Knowledge of API security, integration protocols, and integration security best practices. - Proven experience in leading AppSec product initiatives in a cybersecurity or developer tools company. - Excellent written and verbal communication skills to align diverse stakeholders. Education and Experience: - Bachelors degree in Computer Science, Engineering, Cybersecurity, or related technical field (MBA or equivalent experience preferred). - 3+ years of experience in product management or 5+ years in a technical leadership role in cybersecurity, application security, or developer security products. - Relevant certifications such as CISSP, CSSLP, OSWE, or GWAPT are a plus. Join us at Qualys, a company known for innovation and trusted by the world's leading enterprises, where you will have a high-impact role in shaping the future of application security integration.,

eInfochips, an Arrow company, is a global leader in providing product engineering and semiconductor design services. With over 25 years of experience and a team of 2500+ engineers, we have developed 500+ products deployed in 140 countries. Our services cover Silicon Engineering, Embedded Engineering, Hardware Engineering, and Digital Engineering, catering to 7 of the top 10 semiconductor companies globally. We are currently looking for a Senior IoT/Cyber Security Specialist with 5 to 12 years of experience, including a minimum of 5 years in secure software engineering. The position is based in Pune or Ahmedabad and requires a BE or MS in Electronics/Computer Engineering, with Cyber Security certifications preferred. As a Cyber Security Specialist at eInfochips, you will be responsible for serving as a subject matter expert in product security. Your role will involve leading secure software development practices, threat modeling, penetration testing, security incident response, and coaching engineering teams on cybersecurity best practices. Key Responsibilities: - Act as an SME for Cyber/Product Security, guiding software and firmware teams on secure development lifecycle practices. - Develop security architecture, threat models, and cybersecurity requirements for connected devices. - Lead security verification, penetration testing, and validation efforts. - Manage security compliance for engineering projects and third-party audits. - Drive the implementation of security policies, standards, and procedures organization-wide. - Provide technical leadership in security design, risk assessments, and mitigation strategies. - Stay updated on emerging threats, industry standards, and regulatory requirements. - Deliver training and knowledge sharing on security best practices. Required Technical Skills: - Experience with threat intelligence analysis. - Expertise in SCA, SAST, DAST tools, vulnerability classification, and secure coding principles. - Implementing PKI, cryptographic keys, secure boot, secure communications, identity management, and firmware security. - Proficiency in penetration testing tools, threat modeling, and security standards. - Programming skills in C/C++, Java, Python, or similar languages. - Familiarity with encryption protocols. - Preferred certifications: CISSP-ISSEP, CISSP-ISSAP, CEH, OSCP, CSSLP, GIAC. Desired Experience: - Security analysis for Industrial, Automotive, Medical, and IoT systems. - Knowledge of UNECE security standards. - Experience in leading security tool adoption in regulated environments. Soft Skills: - Self-driven, motivated, and proactive. - Excellent communication skills. - Eager to learn new technologies. - Positive attitude with strong problem-solving abilities. Join us at eInfochips for the opportunity to work on cutting-edge technologies and lead a high-performing team in a fast-paced, dynamic environment. If you meet the requirements and are enthusiastic about this role, please share your resume at arti.bhimani1@einfochips.com,

As the Head of Application Security Engineering, you will lead, mentor, and manage a high-performing team of 20+ Application Security Engineers, fostering a culture of continuous improvement and collaboration. Your responsibilities include developing and implementing a comprehensive application security strategy to identify, assess, and mitigate risks throughout the software development lifecycle. You will oversee security testing, vulnerability assessments, code reviews, and penetration testing efforts to ensure adherence to best practices. Collaboration with cross-functional teams like Engineering, DevOps, and Product Management is essential to seamlessly integrate security into the product development lifecycle. You will lead response efforts to security incidents, ensuring effective detection, containment, and resolution. Staying updated with the latest security threats, trends, and best practices will be crucial to enhancing the team's capabilities. Establishing and enforcing application security policies, standards, and guidelines to ensure consistency across applications is a key part of your role. You will drive training programs to enhance the security awareness of development and engineering teams. Regularly providing security performance reports and risk mitigation updates to senior leadership is also a part of your responsibilities. The ideal candidate will hold a Bachelor's degree in Computer Science, Information Security, or a related field, with a preference for a Master's degree. You should have over 15 years of experience in application security, including at least 5 years in a leadership role. A proven track record of managing and scaling security engineering teams is required. Deep expertise in secure coding practices, vulnerability assessments, penetration testing, and threat modeling is essential. Extensive hands-on experience with modern application security tools, strong knowledge of web application technologies, cloud platforms, and secure development practices are necessary. In-depth understanding of compliance requirements and experience with secure SDLC, CI/CD pipeline integration, and DevSecOps practices are critical. Excellent communication skills, both technical and non-technical, are vital. Strong leadership and team-building abilities with a focus on fostering a culture of security excellence are key. Desired skills include certifications in application security, experience with vulnerability management, threat intelligence, and familiarity with container security, microservices, and serverless architecture. Join us in creating wealth and democratizing credit for consumers and merchants. Embrace the opportunity to be a part of India's largest digital lending story.,

As a Cloud Security Expert, you will be responsible for designing and implementing secure cloud security solutions using tools such as Microsoft Sentinel. You will lead the development of security strategies, policies, and procedures to safeguard client data in the cloud. Your role will involve collaborating with DevOps teams to integrate security into the continuous delivery pipeline using automation tools like Terraform and AKS. Additionally, you will conduct risk assessments, threat modeling, and security testing to identify and address security vulnerabilities. Your expertise will be crucial in providing guidance on cloud security best practices and technologies to clients and team members. To excel in this role, you are required to stay updated with industry trends and advancements in cloud security. You will mentor and train junior security personnel to ensure adherence to security best practices. Building strong relationships with cross-functional teams is vital to ensure the security of cloud-based systems and applications. You will be expected to communicate security risks and potential impacts to stakeholders and provide guidance on risk mitigation. Your leadership will be pivotal in leading client engagements, providing technical support, and ensuring successful delivery of cloud security solutions. Key Responsibilities: - Design and implement secure and scalable cloud security solutions that meet client needs and requirements - Develop and implement security strategies, policies, and procedures to protect client data in the cloud - Conduct risk assessments, threat modeling, and security testing to identify and address vulnerabilities - Provide technical leadership and guidance to team members and lead client engagements - Build strong relationships with cross-functional teams, stakeholders, and clients to communicate security risks and potential impacts - Continuously improve security strategies, practices, and technologies to protect clients from evolving threats - Stay updated with industry trends in cloud security and provide expertise to clients and team members Required Skills: - Proficiency in Microsoft Sentinel for configuration, deployment, and management - Knowledge of Terraform for automating infrastructure deployment and management in the cloud - Proficiency in AKS (Azure Kubernetes Service) for deploying, managing, and securing Kubernetes clusters - Strong understanding of DevOps practices and tools for continuous integration and delivery pipelines - Expertise in risk assessments, threat modeling, and security testing techniques - Strong leadership skills Qualifications: - Bachelor's degree in computer science, Information Security, or a related field - Minimum 8 years of expertise in application security with proficiency in development - Advanced degree or relevant certifications (e.g., CISSP, CISM) would be advantageous - Familiarity with cloud security concepts, cloud services, and cloud security controls - Strong analytical and prioritization skills with the ability to manage multiple projects simultaneously If you are a seasoned professional with a robust background in cloud security and a passion for protecting client data, we invite you to apply for this challenging role.,

As a Software Architect at our Noida location, you will be responsible for architecting, designing, and implementing scalable HSM components to meet performance and security objectives. This includes developing APIs for secure integration of IDEMIA HSM functionality into enterprise and cloud applications using various protocols. You will also be tasked with implementing and optimizing cryptographic algorithms, leading root-cause analysis for complex HSM-related issues, and ensuring security compliance with global standards and regulations. Your role will involve performing architectural risk assessments, security reviews, and supporting internal and external security audits. Collaboration with cross-functional teams to promote secure coding practices and cryptographic best practices will be crucial. Additionally, you will contribute to technical documentation, design specifications, API references, compliance reports, and operational guides. To qualify for this role, you should hold a Bachelors or Masters degree in Computer Science, Software Engineering, Electrical Engineering, or a related field. With a minimum of 10 years of overall experience, including at least 5 years in HSM firmware, SDK, or secure embedded systems, you should be proficient in programming languages such as C, C++, C#, Java, and Python. Knowledge and experience in cryptographic libraries, protocols, and secure data transmission practices are essential. Expertise in Linux and Windows OS, networking protocols, system-level debugging, and secure software development lifecycles is required. You should also demonstrate strong leadership skills, the ability to mentor engineers, and align development with long-term architectural vision. Excellent verbal and written communication skills in English are necessary for authoring high-quality technical documentation. If you are passionate about software architecture, cryptographic algorithms, and security compliance, and possess the required qualifications and skills, we invite you to apply for this challenging and rewarding role as a Software Architect.,

As a Hardware/Firmware Product Security Engineer at Sandisk, you will play a crucial role in the Product Security Assurance team focusing on security considerations for Client and Enterprise storage products, specifically Solid State Drives (SSDs) incorporating hardware and firmware components. Your responsibilities will include providing clear technical guidance and risk mitigation advice to engineering and business leaders across various levels. You will contribute to evolving secure development practices at Sandisk to align with dynamic market trends, standards, and regulatory requirements. Throughout the product development lifecycle, you will offer expert advice on secure development practices, assess security risks, conduct threat modeling activities, and validate security requirements at both component and system levels. Your role will involve leading security risk assessments, guiding threat modeling activities, and participating in the validation of security requirements. The ideal candidate for this position has a strong background in architecting and developing hardware/firmware solutions that adhere to the highest cybersecurity standards. If you are highly motivated, passionate about technology, and committed to staying abreast of the latest industry trends and technologies, we invite you to join our collaborative team to innovate the next big thing in data! Qualifications: Basic Qualifications (Required Skills & Experience): - Bachelor's degree or higher in Computer Science, Engineering, or a relevant field from an accredited college/university - Designing and engineering security requirements and controls for HW/FW (storage experience is a plus!) - Familiarity with cybersecurity standards and best practices - Security architecture design and integration for hardware and firmware - Understanding of low-level hardware-software interactions, such as storage in flash, RAM, or cache - Proficiency in security threats, risk assessments, threat modeling, risk mitigation, and incident reporting - Experience working with cryptographic protocols/libraries Typical Minimum Experience Preferred (Desired Skills/Experience): - 5-7 years of related experience preferred - 3+ years of embedded hardware/software design and development - Knowledge of FIPS 140 - Experience in real-time software development, vehicle electronics and controls, embedded systems design, application security, penetration testing, or incident response - Experience with embedded software development is an added advantage Sandisk values diversity and is committed to maintaining confidentiality in accordance with EEO guidelines.,

As a Lead Product Security Analyst expert, you will join the Product Security team at the forefront of the digital transformation within the global organization. Your role will involve leading security architecture reviews, threat modeling, and risk assessments for complex systems and products. You will define and drive the adoption of secure development practices across engineering teams, collaborate with various stakeholders to embed security into product roadmaps and design decisions, and develop scalable security frameworks, standards, and automation tools. In addition, you will be responsible for conducting advanced security testing, overseeing remediation efforts, evaluating and integrating security tools into CI/CD pipelines, and serving as a mentor and technical leader for junior analysts and engineers. Your expertise will be crucial in collaborating with incident response and vulnerability management teams to address product-related security issues and staying ahead of emerging threats and technologies to translate them into actionable strategies. To excel in this role, you should possess a Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field, along with at least 6 years of experience in application/product security. A deep understanding of secure coding, software architecture, common vulnerabilities, proficiency in multiple programming languages, experience with cloud-native security and containers, as well as strong communication and leadership skills are essential for success. Desired characteristics include industry certifications such as OSCP, CISSP, CSSLP, or GIAC, experience in threat modeling methodologies, familiarity with compliance and regulatory standards, and contributions to open-source security tools or research. By working with Baker Hughes, an energy technology company known for revolutionizing the energy industry, you will have the opportunity to innovate, grow, and contribute to a safer, cleaner, and more efficient future.,

You should have a Bachelor's degree in Computer Science, a related technical field, or equivalent practical experience. Additionally, a minimum of 5 years of experience with security assessments, security design reviews, or threat modeling is required. Previous experience in Malware, Reverse Engineering, and Software Development is also essential. Preferred qualifications include expertise in Android reverse engineering (DEX, ARM), malware analysis, threat modeling, incident/emergency response, OS hardening, vulnerability management, pen testing, or cryptographic concepts. Experience in Android application development using C++, Java, or Kotlin is highly valued. A solid technical foundation in security engineering, computer and network security, authentication, security protocols, and applied cryptography is preferred. As a Security Engineer, you will be part of the team responsible for maintaining a secure operating environment for Google's users and developers. Your responsibilities will include working with network equipment, monitoring systems for attacks and intrusions, and collaborating with software engineers to identify and address security vulnerabilities. The Platforms and Devices team focuses on Google's computing software platforms (desktop, mobile, applications) and first-party devices and services. This team works on developing new technologies to enhance user experiences and interactions with computing devices. Key responsibilities of this role include performing reverse engineering to detect malware at scale, promoting security best practices within the Google Play and Android ecosystem, researching potential attack vectors against Android, and collaborating with team members to enhance Android Security and Privacy's understanding of malware detection and mitigation techniques. Proficiency in Python, SQL, and Code Analysis is also desired.,

We are looking for a highly motivated candidate to take ownership and assess the technology risks associated with SaaS/PaaS applications across the Banking business. Your responsibilities will include adhering to IS risk, ensuring controls and compliance guidance across Banking Tech in-house/vendor SaaS/PaaS platforms, and ensuring compliance with Citi IS standards, policies, and procedures. You must have a strong technical acumen and domain knowledge for secure application deployment in Cloud (SaaS, IaaS, PaaS) and associated controls. Joining an elite team of technology and business experts, you will be responsible for designing and securing the deployment and adoption of public Cloud to ensure resilience from Internet-borne threats. Working with key stakeholders such as Citi Cloud security domain architects, application development teams, external vendor technology teams, Citi internal vulnerability assessment teams, and the Citi IS organization, you will collaborate with colleagues globally to operate successfully as a global team using a follow-the-sun service model. As a Technology Senior Security Analyst in Banking Technology, you will: - Work closely with Business and Vendor(3rd Party) Senior Management to drive product adoption and Citi onboarding of SaaS/PaaS platform(s) - Collaborate effectively with colleagues globally, sharing information and knowledge efficiently - Demonstrate strong leadership skills to mobilize and influence internal and external teams that are not in your direct reporting line - Conduct security assessments of Cloud deployment projects, identify security gaps, and recommend remediation actions - Engage with Citi IS teams to understand IS guidelines for internal and public Cloud usage/adoption - Collaborate with SaaS vendors to assess security guardrails for secure application deployment in private and public Cloud - Plan the resolution of identified vulnerabilities/issues during Citi onboarding and yearly compliance by tracking them towards closure - Analyze the root cause of issues, their impact, and necessary corrective actions to reduce risk - Act as a subject matter expert on Application Information Security and Architecture best practices across BCMA tech and IS partner forums - Streamline Technology support and adoption of the SaaS/PaaS platform Qualifications: - 12+ years of experience in the Information Security domain, with at least 5+ years focusing on assessing secure deployment of SaaS applications - 4-6 years of Software development experience - 4-6 years of Technology Architect experience - 2-4 years of Technology Project Management experience - SME-level knowledge of security guardrails for deploying applications in SaaS and public Cloud environments - In-depth understanding of public Cloud and application architectures and technologies - Strong understanding of information security and risk analysis processes, including threat modeling - Ability to identify opportunities for process improvement - Advanced knowledge of the software development lifecycle - Demonstrated ability to manage multiple projects simultaneously under pressure - Excellent communication and presentation skills for interaction with senior leaders in Technology and business - Proficiency in interpreting and applying policies, standards, and procedures - Strong interpersonal skills and ability to work effectively with clients and co-workers with different work styles and levels of technical knowledge - Ability to build and manage a team Education: - Bachelor's degree or equivalent experience - Experience and/or knowledge of the financial and banking industry is a plus - Industry certifications such as CISSP, CCSP, and other vendor certifications are highly preferred If you are a person with a disability and require a reasonable accommodation to use our search tools or apply for a career opportunity, please review Accessibility at Citi.,

As a Principal Engineer in Security & Cloud Engineering at our company, you will be responsible for leading the efforts to enhance security measures and cloud engineering practices for our enterprise Java product. Your role will involve overseeing both On-Prem and SaaS deployments, implementing secure SDLC practices, driving DevSecOps automation, ensuring container security, and strengthening platform integrity. You will collaborate closely with engineering, DevOps, QA, and compliance teams to safeguard our product and infrastructure against vulnerabilities and maintain compliance standards. Your responsibilities will include leading secure coding practices, integrating various security testing tools into the development lifecycle, conducting threat modeling, assessing security risks, guiding teams on secure implementation patterns, and ensuring secure cloud and container deployments. Additionally, you will be involved in automating security checks in CI/CD pipelines, promoting Infrastructure as Code (IaC) security, defining security standards aligned with industry best practices, mentoring engineers on secure practices, and collaborating with product owners and engineering managers to drive secure feature development. To qualify for this role, you should have over 12 years of experience in application security, DevSecOps, or cloud security within enterprise Java environments, a strong understanding of penetration testing and security analysis tools, expertise in secure coding and vulnerability assessment, hands-on experience with Docker, Kubernetes, and cloud-native security tools, familiarity with SaaS security concerns, and experience integrating security into CI/CD pipelines using GitOps principles. Preferred qualifications include certifications such as OSCP, CEH, CISSP, or CKS, prior experience with security automation and container scanning platforms, knowledge of threat modeling frameworks, and exposure to Gen AI tools for secure code analysis. In return, we offer you the opportunity to influence product direction and architecture, work in a collaborative and learning-focused environment, access modern tools and Gen AI platforms, a competitive salary with performance bonuses, health insurance, and a hybrid work model. Join us at Quest, where your passion for technology and dedication to innovation can thrive. Find out more about us and our career opportunities at Quest Careers | Where next meets now.,

As a Senior Technical Lead Mobile at Allegion, you will be part of a dynamic team that focuses on creating safety and security solutions for people globally. Allegion is a leading company with a strong presence in the security industry, specializing in products that secure doorways and more. Allegion India, located in Bangalore, is at the forefront of developing innovative solutions with a talented team of over 600 professionals. You will be involved in product development processes that require collaboration among various engineering groups, from defining product requirements to system testing and validation before products are launched in the market. Your role as a Senior Software Technical Lead Mobile Applications will involve leading and mentoring a team of software engineers, fostering a culture of collaboration, innovation, and continuous learning. You will be responsible for designing, developing, and maintaining scalable and high-performance software applications while ensuring adherence to best practices and coding standards. Collaboration with product management, design, and architecture teams to define technical strategies aligned with business goals will be a key aspect of your role. Key Responsibilities: - Lead and mentor a team of software engineers, promoting collaboration and innovation. - Design, develop, and maintain high-performance software applications following best practices. - Collaborate with cross-functional teams to define technical strategies aligned with business goals. - Conduct code reviews to ensure code quality, performance, and security. - Manage project scope and provide high-level estimates for timely delivery of software solutions. - Identify and mitigate potential risks and issues proactively. - Act as a key point of contact for technical discussions and provide clear communication to stakeholders. - Stay updated with industry trends and technologies to enhance software applications and development processes. - Build relationships with internal customers and product managers to understand business needs and priorities. - Responsible for maintaining and publishing apps to production and managing their life cycle. Requirements: - 12 to 15 years of experience in Mobile Applications development. - Experience in building native applications in iOS and Android. - Expertise in Java, Swift, Objective C, and Kotlin. - Proficiency in using SPM, Gradle, SwiftUI, and Jetpack Compose. - Familiarity with cross-platform mobile frameworks like Flutter and Kotlin Multi-Platform. - Knowledge of CI/CD pipelines using Azure DevOps and GitHub for mobile applications. - Understanding of OWASP Mobile Security Requirements and design principles. - Experience with Scrum, Agile Philosophy, and architectural design patterns. - Strong knowledge of software design, design patterns, and performance tuning. - Ability to learn and adapt to new technologies and business requirements. - Effective communication skills and ability to articulate ideas clearly. Preferred Skills: - IoT Platform, Bluetooth, and WIFI. - GraphQL. Education: - BE, B.Tech, or MTech in Computer Sciences Engineering. Join Allegion to be part of a diverse and inclusive workplace that values personal well-being, professional growth, and making a positive impact on the world.,

You will be responsible for conducting comprehensive penetration testing, vulnerability assessments, and security reviews of applications, infrastructure, and networks. You are expected to identify, exploit, and document security vulnerabilities across systems and provide recommendations for remediation. Additionally, you will simulate advanced attacks to evaluate the effectiveness of security controls and pinpoint potential areas of compromise. Collaboration with development, infrastructure, and DevOps teams is essential to integrate security into the development lifecycle and ensure Infrastructure-as-Code (IaC) security. You will play a key role in developing detailed security test plans, methodologies, and tools to facilitate the assessment of systems effectively. Your work will involve creating detailed reports that highlight vulnerabilities, risks, and proposed mitigations. Furthermore, you will conduct threat modeling and risk assessments to prioritize testing efforts and monitor network traffic for potential threats. In the event of security incidents, you will be responsible for responding promptly. It is crucial to enforce security best practices in Cloud environments, including implementing security controls for cloud workloads, IAM policies, and network security. Your role will also involve monitoring and addressing cloud security incidents using Security Information and Event Management (SIEM) tools and cloud-native security solutions. You will be expected to integrate and automate security testing and compliance checks into Continuous Integration/Continuous Deployment (CI/CD) pipelines utilizing tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST).,

You are a Principal Engineer responsible for leading Security and Cloud Engineering efforts for an enterprise Java product with On-Prem and SaaS deployments. Your role involves implementing secure SDLC practices, DevSecOps automation, container security, and platform hardening. Collaboration with various teams is essential to protect the product and infrastructure from vulnerabilities while ensuring compliance with industry standards. As the Principal Engineer, your key responsibilities include: - Leading secure coding practices and integrating security testing tools into the development lifecycle. - Performing threat modeling, assessing security risks, and guiding teams on secure implementation patterns. - Harden Docker, Kubernetes, and SaaS infrastructure for secure deployments. - Automating security checks in CI/CD pipelines and promoting Infrastructure as Code (IaC) security. - Defining and enforcing security standards aligned with OWASP, CIS Benchmarks, and industry best practices. - Mentoring engineers on secure design, coding, and deployment practices while collaborating with product owners and engineering managers. To qualify for this role, you must have: - 12+ years of experience in application security, DevSecOps, or cloud security in enterprise Java environments. - Strong knowledge of penetration testing, static/dynamic analysis, and security tools like SpotBugs, Polaris, Acunetix, OWASP ZAP. - Expertise in secure coding, vulnerability assessment, and remediating common issues like SQL injection, XSS, and insecure deserialization. - Hands-on experience with Docker, Kubernetes, Helm, and cloud-native security tooling. - Familiarity with SaaS security concerns such as multi-tenancy, access isolation, data encryption, and secure APIs. - Experience integrating security into CI/CD pipelines and using GitOps principles. Preferred qualifications include certifications such as OSCP, CEH, CISSP, or CKS, prior experience with security automation, and knowledge of threat modeling frameworks and secure architecture principles. In return, you will have the opportunity to influence product direction and architecture, work in a collaborative and learning-focused environment, access modern tools and Gen AI platforms, receive a competitive salary, performance bonus, and health insurance in a hybrid work model. Quest is a company known for managing, modernizing, and securing business software across various environments. At Quest, you will collaborate with dedicated professionals passionate about technology, innovate solutions for improvement, build positive and meaningful relationships, and pursue a fulfilling career with health and wellness as top priorities. Join Quest for a rewarding career where next meets now. Visit Quest Careers for more information and beware of fraudulent job offers from online scammers. Apply only through quest.com/careers using the official applicant system.,

The Cyberwatcher role involves maintaining expert knowledge of Advanced Persistent Threat (APT) Tools, Techniques, and Procedures (TTPs), as well as forensics and incident response best practices. You will be expected to use threat intelligence and threat models to create threat scenarios, conduct threat-hunting campaigns, and analyze various data sets from diverse sources. Proactive research on systems and networks to identify advanced threats is a crucial aspect of this role. Reporting risk analysis and threat findings to stakeholders, providing automated alerts for emerging threats, and collaborating with different teams to enhance security checks and detection performance are also part of your responsibilities. Participation in PTXs (purple team exercises) to monitor new detection capabilities, managing reports, dashboards, and metrics for CyberSOC KPIs, and presenting findings to senior management and stakeholders are essential tasks. Additionally, working closely with key stakeholders in technology, application, and cybersecurity to develop targeted use cases addressing specific APT behaviors is a key part of this role. As a Cyberwatcher, your performance will be evaluated based on your ability to maintain expert knowledge of APT TTPs, utilize threat intelligence effectively, conduct threat-hunting campaigns, analyze data sets, proactively research threats, report findings to stakeholders, provide automated alerts for threats, collaborate with various teams, participate in PTXs, manage reports and metrics, and develop targeted use cases for APT behaviors. Your success in these areas will contribute to the overall security and effectiveness of the organization's cybersecurity measures.,

As a Security QA Engineer, you will play a crucial role in ensuring the security and compliance of our software applications. With 3+ years of experience in software QA, including at least 12 years dedicated to security testing, you will be responsible for designing, implementing, and executing tests to identify security vulnerabilities. Your collaboration with developers, DevOps, and InfoSec teams will be essential in proactively securing applications. Your responsibilities will include designing, developing, and maintaining both automated and manual test cases with a primary focus on security. You will conduct static and dynamic application security testing, identify and track security-related defects, and work with engineering teams on remediation. Additionally, you will perform threat modeling, risk assessments, and validate fixes for known vulnerabilities. You will be expected to assist in integrating security testing tools like OWASP ZAP, Burp Suite, and SonarQube into CI/CD pipelines. Staying updated with security best practices, industry trends, and vulnerability databases will be crucial. Collaboration with QA, DevSecOps, and security analysts to promote secure development practices, participation in code reviews, and aiding in secure coding development will also be part of your role. To qualify for this position, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field. In addition to your experience in software QA and security testing, you should have knowledge of application security principles, common vulnerabilities, and secure SDLC. Proficiency in automated testing tools, scripting or programming languages, CI/CD tools, and DevOps practices is essential. Preferred qualifications include security certifications such as OSCP, CEH, GWAPT, or CISSP, experience in cloud security (AWS, Azure, GCP), knowledge of regulatory standards like GDPR, HIPAA, PCI-DSS, familiarity with container security and IaC security tools. Join us in securing our applications and ensuring compliance with the latest security standards and best practices.,

As a Cybersecurity Application Security Consultant with a focus on DevSecOps in Bhopal, Madhya Pradesh, you will play a crucial role in ensuring the secure design, development, and deployment of applications by integrating security measures across the SDLC. Your responsibilities will include integrating security into CI/CD pipelines, performing various security testing such as SAST, DAST, IAST, and SCA, conducting threat modeling and security architecture reviews, guiding teams on secure coding practices, and automating security testing using tools like Burp Suite, ZAP, Checkmarx, SonarQube, among others. Additionally, you will be involved in supporting incident response activities and maintaining security documentation. To excel in this role, you should have at least 3 years of experience in application security with a strong focus on DevSecOps. Proficiency in OWASP Top 10, secure coding practices, and vulnerability management is essential. You should be familiar with tools such as Jenkins, GitLab, Azure DevOps, Fortify, and have hands-on experience with scripting languages like Python and Bash, as well as container security technologies like Docker and Kubernetes. Excellent communication and problem-solving skills are also required. Preferred qualifications for this position include a degree in Computer Science, Information Technology, or Cybersecurity, along with certifications like CEH or OSCP. Knowledge of compliance standards such as ISO 27001, NIST, and GDPR, as well as familiarity with programming languages like Java, .NET, Python, and Node.js, would be advantageous. This is a full-time permanent position with a day shift schedule. The work location may vary as it involves being on the road for certain assignments.,

Sonatype is the software supply chain security company. We provide the world's best end-to-end software supply chain security solution, combining proactive protection against malicious open source, enterprise-grade SBOM management, and the leading open source dependency management platform. This empowers enterprises to create and maintain secure, quality, and innovative software at scale. As founders of Nexus Repository and stewards of Maven Central, the world's largest repository of Java open-source software, we are software pioneers with unmatched open source expertise. We empower innovation with a commitment to building faster, safer software and leveraging AI and data intelligence to mitigate risks, maximize efficiencies, and drive powerful software development. More than 2,000 organizations, including 70% of the Fortune 100 and 15 million software developers, rely on Sonatype to optimize their software supply chains. About The Role We are seeking a skilled Information Security Engineer to join our team and play a crucial role in securing our digital assets. This role offers an exciting opportunity to work with cutting-edge security tools, collaborate with global teams, and contribute to strengthening our cybersecurity framework. Key Responsibilities - Conduct vulnerability scans, analyze results, and support remediation efforts. - Manage security incidents, including response, resolution, and prevention. - Proactively protect digital assets, mitigating risks before breaches occur. - Implement, configure, and upgrade security tools and systems. - Evaluate, integrate, and configure security technologies to enhance protection. - Collaborate with technical teams, product managers, and third-party vendors on security initiatives. - Respond to cybersecurity alerts, monitor logs, and manage security events. - Perform technical risk assessments on software, tools, and third-party integrations. - Identify vulnerabilities in infrastructure and provide risk-based recommendations. What We're Looking For - 8+ years of experience in software development or security engineering. - 7+ years of experience in DevOps and security operations. - 7+ years handling incident response and escalation. - Strong understanding of vulnerability management and scanning tools. - Familiarity with common security frameworks, protection methods, and DevSecOps. - Experience with SAST, DAST, SCA, or related security testing tools. - Hands-on experience conducting security reviews (architecture, source code, infrastructure). - Experience deploying automated/custom vulnerability scans. - Knowledge of cloud and infrastructure security principles. Bonus Skills (Good To Have) - Knowledge of web application security (e.g., OWASP Top 10). - Understanding of security architecture principles. - Familiarity with threat modeling frameworks and security assessments. - Relevant certifications such as SANS Certifications: GSEC, GCIH, GCLD, GCID, GMON and (ISC) Certifications: CISSP, CC, SSCP, CCSP, CAP, CSSLP. Why Join Us - Work with a global team at the forefront of cybersecurity. - Exciting career growth opportunities with industry-leading experts. - Work-from-home flexibility with a strong work-life balance. - Continuous learning and certification support to advance your skills.,

Dexcom Corporation is a pioneer and global leader in continuous glucose monitoring (CGM), having begun with a dream to revolutionize diabetes management and improve health outcomes. With a mission to empower individuals to take control of their health, Dexcom is dedicated to providing personalized, actionable insights to address significant health challenges. The company is continuously evolving and expanding its vision beyond diabetes to develop solutions for various health conditions, striving to enhance human health globally. As part of the Research and Development Cybersecurity team at Dexcom, you will play a crucial role in designing and implementing new applications and features for the company's medical device platforms. Your responsibilities will include creating, updating, and managing technical documentation related to security and privacy requirements for internal and external development teams, auditors, regulatory bodies, and customers. Collaborating with Cyber architects, product owners, and cross-functional teams, you will develop technical data-flow diagrams and provide system architecture overviews to stakeholders. To excel in this role, you should have proficiency in tools such as MS Word, Excel, and Lucid Chart, along with strong project management skills and the ability to work independently. Your proactive nature, research skills, and attention to detail will be essential in understanding program complexity, identifying risks, and meeting deadlines. Additionally, your collaboration with subject matter experts and familiarity with SDLC model, threat modeling, and risk assessments will contribute to the success of the projects. Working at Dexcom, you will have the opportunity to be part of a dynamic and fast-paced environment, collaborate with passionate professionals, and contribute to innovative health technologies. The company offers a comprehensive benefits program, growth opportunities, career development initiatives, and a supportive work culture committed to employees, customers, and communities. With minimal travel requirements and a bachelor's degree coupled with 5-8 years of related experience, you can embark on a rewarding career journey at Dexcom.,

As a Security Lead, you will be responsible for overseeing the development and implementation of security measures to protect your organization's digital assets, infrastructure, data, and systems from cyber threats. Your role will involve leading security strategy, managing risk, responding to incidents, and ensuring regulatory compliance across IT operations. Certifications such as CISSP, CISM, CEH, CompTIA Security+, or AWS/Azure Security are highly desirable. With a minimum of 5 years of relevant experience in cybersecurity, including at least 2-3 years in a leadership role, you should have proven experience in managing enterprise security for networks, applications, and cloud infrastructure. Your strong knowledge of network security, application security, cloud security, and identity management will be crucial. Hands-on experience with security tools like SIEM (e.g., Splunk, QRadar), firewalls, endpoint protection, vulnerability scanners, etc., is required. Additionally, you should have an understanding of encryption, threat modeling, penetration testing, and incident response, along with familiarity with cloud security frameworks and DevSecOps practices. Your main responsibilities will include defining, implementing, and maintaining the organization's cybersecurity policies, standards, and procedures, as well as developing and managing the overall security roadmap aligned with business goals. You will lead risk assessments and security audits across systems and infrastructure. Monitoring for threats, vulnerabilities, and incidents using SIEM and security tools, leading investigations and responses to security incidents and breaches, and coordinating incident response plans and disaster recovery exercises will also be part of your role. Ensuring adherence to relevant security standards and regulations, identifying security risks, defining mitigation strategies, and working with auditors and regulatory bodies during security assessments are key aspects. You will also be responsible for managing firewall rules, IDS/IPS systems, endpoint protection, VPNs, and IAM solutions, overseeing secure configuration of cloud platforms (AWS, Azure, GCP), and reviewing and approving architecture changes from a security standpoint. Collaboration with IT, DevOps, legal, and compliance teams, leading and mentoring a team of security analysts or engineers, and conducting training and awareness programs for employees on cybersecurity best practices are important components of your role. Ideally, you should have a Bachelors or Masters degree in Computer Science, Information Security, Cybersecurity, or a related field.,

As an Information Security Analyst at R Systems, you will play a crucial role in our Security Operations team, contributing to the overall Global Information Security function. With a focus on Security Operation, Incident Response/Management, DLP, Forensic/Reverse engineering, Cloud Security & IAM, you will bring your expertise to oversee multiple security solutions like XDR, IAM, Firewall, Email Gateway, SIEM, CASB, etc. Your responsibilities will include working as an InfoSec Analyst in our ASOC, performing incident response and threat hunting tasks in collaboration with our Managed Security Services Provider (MSSP). With 9 to 12 years of experience in SOC, Incident Response, IAM, DLP, SIEM, Email Gateway, and Firewall, you will leverage your minimum of 7 - 9 years of practical information security experience to enhance our security posture. You will utilize your expertise in Security Information Event Management (SIEM), Continuous Monitoring, Intrusion Detection/Prevention Systems (ID/PS), Network Traffic Analysis, Incident Response, Endpoint Security Systems, Digital Forensics, WLAN Monitoring, and Threat Modeling to ensure a robust security environment. Your in-depth knowledge of information security technologies, networking, systems, authentication, and directory services will be instrumental in managing complex troubleshooting issues effectively. Moreover, your proven ability to handle competing priorities, work under pressure, and contribute to strategic organizational thinking will be highly valued. Preferred certifications such as CEH, CISM, CHFI, Security+, Network+ will further enhance your profile and demonstrate your commitment to continuous professional development. Join us at R Systems, a Great Place to Work Certified company in multiple countries, and be part of a dynamic global team that fosters continuous learning, collaboration, and innovation. Your contributions will be celebrated, and your growth, development, and well-being will be prioritized in everything we do. If you are an experienced Information Security Analyst looking to make a significant impact in a leading technology company, we invite you to apply and be a part of our exciting journey towards shaping the future of technology.,

We are seeking a highly motivated candidate to take ownership, to assess the technology risks associated with SaaS/PaaS applications across Banking business. You will be responsible for adhering IS risk and ensuring controls and compliance guidance across Banking Tech inhouse/vendor SaaS/PaaS platforms by ensuring compliance with Citi IS standards, policies, and procedures. The individual will have strong technical acumen and domain knowledge for secure application deployment in Cloud (SaaS, IaaS, PaaS), and associated controls. You will join an elite team of some of the smartest minds in the technology and business that have been tasked with design and secure deployment and adoption of public Cloud to ensure that they are highly resilient from Internet-borne threats. You will work on some of the most cutting-edge technologies and provide value by solving real world problems that our industry as a whole is facing. Your key stakeholders will be Citi Cloud security domain architects, application development teams, external vendor technology team, Citi internal vulnerability assessment teams and the Citi IS organization as a whole. The candidate will work closely with colleagues in other regions to ensure successful operation as a global team using a follow the sun service model. Banking Technology is looking for an experienced Technology Senior Security Analyst. We are looking for an avid Tech Sr Security Lead Analyst who - - Work closely with Business, Vendor(3rd Party) Senior Management, collaborate as Tech SME to drive product adoption, Citi onboarding of the SaaS/PaaS platform(s) - Collaborate effectively with colleagues globally, sharing information and knowledge effectively. - Strong leadership skills and ability to mobilize and influence teams, both internal and external that are not in direct reporting line. - Conduct security assessment of Cloud deployment projects, to ensure security gaps are identified and recommend remediation actions. - Engage with Citi IS teams to understand IS guidelines for internal and public Cloud usage/adoption - Work with SaaS vendors to assess the security guardrails for secure deployment of applications in private and public Cloud - Plan the resolution of any identified vulnerabilities/issues during Citi onboarding, yearly compliance by tracking them towards closure. - Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions - Act as subject matter expert on Application Information Security, Architecture best practices across BCMA tech and IS partner forums - Streamlines the Technology support, adoption of the SaaS/PaaS platform. Here is what you bring - - 12+ years of experience in Information Security domain, with at least 5+ years of experience as application security consultant / security architect, with focus on assessing secure deployment of SaaS applications - 4-6 years of Software development experience must have. - 4-6 year of Technology Architect experience must have. - 2-4 year of Technology Project Management must have. - Must have SME level knowledge of security guardrails for deploying applications in SaaS and public Cloud environment. - In-depth understanding of public Cloud and application architectures and technologies - Strong understanding of information security and risk analysis processes, including threat modeling is a huge plus - Identify opportunities for process improvement - Advanced knowledge of software development lifecycle, Software development experience is a plus - Deep understanding of information security and risk analysis processes, including vulnerability tests. - Demonstrated ability to take ownership and work with cross-functional teams to manage multiple projects simultaneously under pressure - Consistently demonstrates clear and concise written and verbal communication as well as presentation skills for interaction with Sr leaders in Technology and business. - Proficient in interpreting and applying policies, standards, and procedures - Good interpersonal skills with a natural ability to work with various teams, ability to adapt to and work effectively with clients and co-workers with different work styles and levels of technical knowledge - Ability to build, manage a team, - Excellent verbal, written, and interpersonal communication skills - Ability to work independently given general guidance - Demonstrated ability to succinctly summarize issues/communicate to senior business stakeholders - Excellent verbal, written and interpersonal communication skills Education: - Bachelors degree or equivalent experience - Experience and/or knowledge of financial & banking industry is a plus - Industry certification such as CISSP, CCSP, and other vendor certification are highly preferred.,