29 Threat Modelling Jobs

As a Security Testing professional with 3-10 years of experience in SAST, DAST, API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, you will be an integral part of the Infosys delivery team. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities, aiming to meet and exceed client expectations in the technology domain. Your role will involve gathering requirements and specifications to deeply understand client needs, subsequently translating them into system requirements. You will also play a crucial part in estimating work requirements accurately to provide project estimations to Technology Leads and Project Managers. Your contribution will be significant in the development of efficient programs and systems. If you believe you possess the necessary skills and expertise to assist our clients in navigating their digital transformation journey, then this opportunity is tailored for you! This job opening is available at multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

About the role As a Senior Cyber Security Partner; you will transform the security maturity of key product areas and teams. You will be the face of security group for them. Everything you do is in the context of the product; roadmap; its risk acceptance level; the technology stack; and its architecture. You build a comprehensive understanding of the threat landscape and its potential risks to the business. Through effective partnership; you engage the leadership to make well-informed decisions about security and privacy. You will be responsible for Following our Business Code of Conduct and always acting with integrity and due diligence and have these specific risk responsibilities: Provide product and engineering teams with direction and guidance on all security matters. There is a whole security group to back you up; so it is not as scary as it sounds. Engage engineering leadership on security roadmap and oversee security posture of what they build. Co-own the security roadmap; discuss; prioritise; and co-develop plans for remediation for the product areas. Empower security champions to succeed and creating a strong feedback loop for improvements. Represent security in all product and architecture meet-ups. Be part of critical decisions about security. Oversee product security activities; from the early development of security requirements; architecture reviews; and threat modelling; to strengthening application security; mitigating supply-chain risks; securing secrets; pipelines; reviewing vulnerabilities; and infrastructure security. Perform security architecture reviews of third-party services. Identify acceptable risk levels and assist with action plan; policy; and procedural changes for risk mitigation. Adopt a risk-based approach and guide management in identifying business risks and potential impact to Tesco. Continuously seek both tactical and strategic solutions to enhance security. As the security expert for the product area; engage across the security group to strengthen controls across identification; protection; detection; response; and recovery. Oversee assurance activities like security testing; purple testing; assurance; auditing. Reduce security fatigue for engineering and provide faster feedback within existing developer workflows; not adding another tool for them to check. Empower the teams you work with; but also challenge the status-quo. As a senior member of the team; engage across the security group on new ideas and initiatives. Contribute to strengthen organisation standards and policies; develop cookbooks; secure patterns; take part in security research and tool evaluations. You are committed to continuous improvement; seizing opportunities; and inspire change for the team. Mentor others in the team and take part in enhancing their skills and career development. You will need To excel in this position, we expect you to have the following: Possess experience across multiple sectors and have undertaken diverse roles in engineering and security. Demonstratable accomplishments of collaborating with leadership and management on security programmes and initiatives. Good knowledge of various security domains, and solid experience in architecture practices and design patterns the technology might have changed but most of the security challenges have not. Experience in designing security and privacy controls with sound understanding of standards and regulation. Experience in threat modelling, attack trees, vulnerability chaining, applying MITRE ATT&CK framework. Good understanding of web applications, REST APIs, micro services, eventing, modern application frameworks, and mobile apps. Good understanding of software architecture, network topologies, SaaS, PaaS, IaaS (infrastructure as a service). Proficient in applying industry standards such as OWASP ASVS (Application Security Verification Standard), OWASP Top 10, CIS (Centre of Internet Security) controls and benchmarks. Experience with cloud native and hybrid architectures with an emphasis on containerised workloads and Kubernetes. Some development experience is always a plus - Java, cloud, Golang, python. You do not need to be a developer but we need you to understand the implications of security on engineering velocity. Degree in computer science / information systems or engineering field, or equivalent experience. Experience with regulations like GDPR (General Data Protection Regulation), PCI-DSS is desirable. Azure or AWS (Amazon Web Services) cloud security certifications is desirable. Excellent interpersonal skills and leadership skills. Whats in it for you At Tesco, we are committed to providing the best for you. As a result, our colleagues enjoy a unique, differentiated, market- competitive reward package, based on the current industry practices, for all the work they put into serving our customers, communities and planet a little better every day. Our Tesco Rewards framework consists of pillars - Fixed Pay, Incentives, and Benefits. Total Rewards offered at Tesco is determined by four principles -simple, fair, competitive, and sustainable. Salary - Your fixed pay is the guaranteed pay as per your contract of employment. Leave & Time-off - Colleagues are entitled to 30 days of leave (18 days of Earned Leave, 12 days of Casual/Sick Leave) and 10 national and festival holidays, as per the companys policy. Making Retirement Tension-FreeSalary - In addition to Statutory retirement beneets, Tesco enables colleagues to participate in voluntary programmes like NPS and VPF. Health is Wealth - Tesco promotes programmes that support a culture of health and wellness including insurance for colleagues and their family. Our medical insurance provides coverage for dependents including parents or in-laws. Mental Wellbeing - We offer mental health support through self-help tools, community groups, ally networks, face-to-face counselling, and more for both colleagues and dependents. Financial Wellbeing - Through our financial literacy partner, we offer one-to-one financial coaching at discounted rates, as well as salary advances on earned wages upon request. Save As You Earn (SAYE) - Our SAYE programme allows colleagues to transition from being employees to Tesco shareholders through a structured 3-year savings plan. Our green campus promotes physical wellbeing with facilities that include a cricket pitch, football field, badminton and volleyball courts, along with indoor games, encouraging a healthier lifestyle. About Us Tesco in Bengaluru is a multi-disciplinary team serving our customers, communities, and planet a little better every day across markets. Our goal is to create a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility through technological solutions, and empowering our colleagues to do even more for our customers. With cross-functional expertise, a wide network of teams, and strong governance, we reduce complexity, thereby offering high-quality services for our customers. Tesco in Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 3,30,000 colleagues Tesco Technology Today, our Technology team consists of over 5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and India. In India, our Technology division includes teams dedicated to Engineering, Product, Programme, Service Desk and Operations, Systems Engineering, Security & Capability, Data Science, and other roles. At Tesco, our retail platform comprises a wide array of capabilities, value propositions, and products, essential for crafting exceptional retail experiences for our customers and colleagues across all channels and markets. This platform encompasses all aspects of our operations from identifying and authenticating customers, managing products, pricing, promoting, enabling customers to discover products, facilitating payment, and ensuring delivery. By developing a comprehensive Retail Platform, we ensure that as customer touchpoints and devices evolve, we can consistently deliver seamless experiences. This adaptability allows us to respond flexibly without the need to overhaul our technology, thanks to the creation of capabilities we have built. Show more Show less

As a Security Testing professional with 3-10 years of experience in SAST/DAST/API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, your role as a part of the Infosys delivery team will encompass various responsibilities. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities to meet and exceed client expectations in the technology domain. This will involve gathering requirements and specifications to deeply understand client needs and translating them into system requirements. Additionally, you will be pivotal in estimating work requirements accurately to provide vital input on project estimations to Technology Leads and Project Managers. Your contribution will be essential in the creation of efficient programs and systems that align with client requirements and industry best practices. If you are passionate about aiding clients in their digital transformation journey and possess the required expertise, then this opportunity is tailored for you! This job opening is available in multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

Organization: At CommBank, we never lose sight of the role we play in other peoples financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things. Job Title: : Staff Security Engineer Location: Bangalore Business & Team: We&aposre building tomorrows bank today, which means we need creative and diverse engineers to help us redefine what customers expect from a bank. Envisioning new technologies that are still waiting to be invented and reimagining products that support our customers and help build Australias future economy. CommBank is recognised as leading the industry in IT and operations with its world-class platforms and processes, agile IT infrastructure, and innovation in everything from payments to internet banking and mobile apps. Cyber Security protects the bank and our customers from theft, losses and risk events, through effective and proactive management of cyber security, privacy and operational risk. The CBA technology unit delivers the best digital banking services to Commonwealth Bank customers and to do so is responsible for digital delivery, group data and analytics, technology and technology infrastructure, cyber, fraud, physical security and business resilience for all divisions across CBA. It is also dedicated to delivering the best workplace technology experience for our over 53.000 people across CBA and focused on providing the latest tools, technology, and resources to enhance the way we work together and empower our people to achieve more for our customers. The Security Engineering team protects the group and our customers from theft, loss and risk events, through effective and proactive management of cyber security, privacy and operational risk. Impact & Contribution: Designing and implementing secure solutions that align with group security policies, standards, and reference architecture. Work on threat modelling and can interpret and understand key cyber controls across the Group. Identify security requirements, qualify threats to design the IT systems and build countermeasures to minimise cyber risks. Collaborating with cross-functional teams to drive security outcomes throughout the design, build, and run phases of product development Supporting the adoption of modern scalable and high-velocity security practices, including Secure By Design, DevSecOps, and Automation Contributing to the continuous innovation and re-engineering of existing security engineering practices, including the development of practice strategies, patterns, and processes Staying up-to-date with the evolving technology landscape and providing expert guidance on security engineering best practices Supporting the response to high-profile security incidents, technology strategy and selection, and automation of security services Roles & Responsibilities: Provide deep technical hands-on Experience in security engineering, with a focus on design, strategy and implementation of secure solutions. Have strong understanding of security policies, standards, and reference architecture, and expertise in threat modelling, threat detection, control mapping, vulnerability analysis and control engineering risk identification. Are experienced in designing and building reusable security patterns and or solutions. Essential Skills: 8-12 years of experience in security engineering. Have experience with secure by design, DevSecOps, and Security automation (SAST, DAST, IAST) practices. Are experienced in designing and implementing enterprise Security Guidelines and Practices should have hands on experience in developing code , doing secure code Review , Threat modelling. Should have hands on experience securing Docker , Container and kubernitess. Experience with penetration testing and vulnerability assessment , and tool like OWASP ZAP or Burp Suite Familiarity with compliance frameworks, such as PCI-DSS or HIPAA Experience with AI/ML frameworks, libraries, and tools, such as TensorFlow, PyTorch, or Keras . Familiarity with Australian financial industry regulations and standards, such as the Australian Prudential Regulation Authority (APRA) and the Australian Securities and Investments Commission (ASIC) Education Qualification: Bachelors degree or masters degree in engineering in Computer Science/Information Technology If you&aposre already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you&aposll need to apply through Sidekick to submit a valid application. Were keen to support you with the next step in your career. We&aposre aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696. Advertising End Date: 30/08/2025 Show more Show less

As the Product Security Leader at Observe.AI, you will play a crucial role in securing our application platform, cloud infrastructure, and IT systems to ensure compliance with various standards and regulations. Working in a dynamic high-tech environment focused on enhancing customer experience through innovative Voice AI solutions, your responsibilities will include shifting security left in the Software Development Life Cycle (SDLC) for cutting-edge Agentic AI and ML-based products. You will lead the product security program, mentor other engineers, define and drive the secure SDLC, conduct threat modeling, and participate in product requirement discussions to influence designs. Your expertise in traditional application security and emerging AI safety practices will be essential in creating AI-specific security controls, addressing unique challenges, and embedding security by design across the entire development lifecycle. Key Responsibilities: - Lead the product security program and mentor other engineers - Define and implement the secure SDLC, including threat modeling and security testing - Participate in product requirement discussions and influence designs - Create scalable application security using secure coding standards and procedures - Integrate dev-sec-ops tooling and shift security left in the development process - Build relationships with Product and Engineering teams to enhance security culture - Ensure products adhere to security standards and incorporate security controls into the SDLC - Develop custom tools and automation for DevSecOps and SecOps - Manage penetration testing program and bug bounty programs - Evaluate and integrate security tools to improve application security posture Qualifications: - 8+ years of hands-on experience in managing application security programs - Strong foundation in security architecture, protocols, and vulnerabilities - Familiarity with secure coding standards, cryptography, and programming languages - Experience with AWS or cloud environments - Strong attention to detail and ability to prioritize automation - Growth mindset and accountability under minimal supervision In addition to a challenging and rewarding role, Observe.AI offers excellent medical insurance, flexible benefit plans, generous leave policies, learning & development opportunities, and a commitment to fostering an inclusive and diverse work culture. If you are passionate about making an impact and shaping the future of AI-driven customer experience, we encourage you to apply and join our team at Observe.AI.,

At Medtronic, you can embark on a life-long career focused on exploration and innovation, all while advocating for healthcare access and equity for everyone. You will play a vital role in fostering a more connected and compassionate world through purpose-driven leadership. As a key member and technical leader in the field of medical device cybersecurity, you will be at the forefront of creating, deploying, and monitoring cybersecurity and information security solutions for Medtronic's medical devices and supporting IT infrastructure. Your responsibilities will include collaborating with external and internal cybersecurity researchers to identify and address vulnerabilities in Medtronic products and systems. Additionally, you will work closely with R&D teams to ensure comprehensive security risk assessments are conducted and appropriate solutions are implemented. You will also be responsible for developing project security management deliverables to comply with regulatory standards and effectively communicate cybersecurity technology to various stakeholders. Your duties may involve, but are not limited to: - Leading and executing cybersecurity-related activities related to products and devices, such as incident response, vulnerability assessments, and mitigation implementation. - Conducting product-level intrusion detection activities. - Performing product risk assessments in coordination with R&D teams and recommending specific security controls. - Participating in the development and testing of product security-related requirements and processes. - Managing security-related deliverables for regulatory bodies to ensure compliance with standards. - Evaluating and testing security risks throughout the development lifecycle. - Supporting emerging cybersecurity certification initiatives. - Maintaining and updating security documentation. - Creating and managing threat models using STRIDE. Requirements: - Bachelor's or graduate degree in computer science, computer engineering, electrical engineering, or a related field. - CISSP or similar certification, or equivalent demonstrated experience. - Experience in embedded devices vulnerability assessment, threat modeling, and risk scoring. - Formal education in cybersecurity and information assurance. - Minimum of 12 years of experience with at least 4 years in technical, cybersecurity-related roles. - Proficiency in security posture analysis, vulnerability assessment, penetration testing, and static code analysis. - Software product development experience and programming skills in languages such as C, C++, Python, Java, .NET, Go, Ruby, or Scala. - Understanding of national and international laws, regulations, and policies related to regulated medical device cybersecurity. - Familiarity with information security practices, risk management processes, cybersecurity principles, and incident response methodologies. In addition to a competitive salary, Medtronic offers a flexible benefits package that supports employees at every stage of their career and life. The company is committed to recognizing and rewarding employee contributions while providing a wide range of resources and compensation plans. Medtronic is a global leader in healthcare technology dedicated to addressing the most pressing health challenges worldwide. The company's mission of alleviating pain, restoring health, and extending life unites a diverse team of over 90,000 passionate individuals. Medtronic's commitment to diversity and innovation drives the team to engineer real solutions for real people, from the R&D lab to the factory floor and beyond.,

At EY, you'll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we're counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. As an Associate Director in the EY-Cyber Risk Compliance and Resilience team, you will contribute technically to Cyber Security client engagements and internal projects. Your role will involve actively establishing, maintaining, and strengthening internal and external relationships. Your key responsibilities include reporting to the competency leader for Cyber Risk, Compliance, Resilience, and Emerging Technology. You will be responsible for defining, developing, and implementing strategic go-to-market plans in collaboration with local EY member firms in the region. Additionally, you will own end-to-end sales opportunity qualification and pursuit, support the overall growth strategy for the Cybersecurity practice, identify market differentiators, drive development of new products and solutions, pursue strategic partnerships and acquisitions, and manage engagements across clients to deliver value and ensure growth. To succeed in this role, you must have deep knowledge of services and service delivery approach for Cyber Risk, Compliance, and resilience, a proven track record in collaborative sales, the ability to build and maintain trusted relationships, technical understanding of risk and compliance solutioning, willingness to travel and adapt, and be a self-starter and strategic thinker. Other skills required include expertise in Cyber Strategy & Governance, Compliance Management, Cyber Risk management, Cyber Resilience, Business Continuity & Disaster Recovery, Application security, Threat Modelling, and Vendor Risk Management. To qualify for this role, you need at least 18 years of overall experience, with 15 years in architecture and solutioning for enterprise and cloud security. A Bachelor's or college degree in a related field or equivalent work experience is required, while an MBA is considered a plus. Additionally, having project management skills and certifications like CISSP/CISA/CISM or ITIL would be beneficial. We are looking for individuals with commercial acumen, technical experience, and a willingness to learn in a fast-moving environment. Join our market-leading team of professionals and collaborate with EY Consulting practices globally to work with leading businesses across various industries. At EY, we exist to build a better working world, creating long-term value for clients, people, and society, and building trust in the capital markets. Our diverse teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate across various service areas. Join us in asking better questions to find new answers for the complex issues facing our world today.,

At EY, you will be part of a globally connected powerhouse of diverse teams that are dedicated to shaping your future with confidence. As a Senior Manager in the Cyber Risk Compliance and Resilience team, you will play a crucial role in contributing technically to Cyber Security client engagements and internal projects. Building and maintaining strong internal and external relationships will be a key aspect of your responsibilities. You will have the opportunity to utilize your deep technical understanding of risk and compliance solutioning for enterprises, including knowledge of products, capabilities, competitor landscape, pricing methodologies, and brand management. Ensuring that all work meets EY's quality standards and fostering a positive learning culture within the team will be integral to your role. Key responsibilities include collaborating with local EY member firms to develop strategic go-to-market plans, leading sales opportunities from qualification to pursuit, supporting the growth strategy for the Cybersecurity practice, and identifying market differentiators and strategic partnership opportunities. You will also be responsible for developing branding and marketing strategies, inspiring and motivating team members, and overseeing engagements to deliver value to clients. To excel in this role, you should possess deep knowledge of services and delivery approaches for Cyber Risk, Compliance, and resilience, as well as a proven track record in collaborative sales and relationship-building. Adaptability, strategic thinking, and willingness to travel and work flexibly are essential qualities for success in this position. Qualifications for this role include at least 15 years of overall experience, with a minimum of 10 years in architecture and solutioning for enterprise and cloud security. A bachelor's or college degree in a related field or equivalent work experience is required, and an MBA is considered a plus. Additional skills such as project management, CISSP/CISA/CISM certifications, and ITIL knowledge are advantageous. EY is committed to building a better working world by creating new value for clients, people, society, and the planet. By leveraging data, AI, and advanced technology, EY teams help clients navigate the challenges of today and tomorrow with confidence. Joining EY offers the opportunity to work with a market-leading team of professionals globally and collaborate with leading businesses across various industries.,

As an experienced Application Security Manager, you will play a crucial role in leading our security initiatives to ensure the integrity, confidentiality, and availability of our systems and data. Your responsibilities will involve integrating security tools, standards, and processes into the product life cycle (PLC), training developers and QA personnel on security knowledge, supporting application security tool deployments, and managing periodic penetration testing exercises. You will be tasked with creating, integrating, and managing threat modeling processes/practices, following SSDLC and application framework, as well as managing secure configuration/hardening guidelines and compliance. Additionally, you will need to create and manage application security KPIs, KRIs compliance reports, and dashboards. Your role will also require hands-on experience with tools and processes related to SAST, DAST, API Security, and Threat Modelling. Furthermore, you will oversee Infosec functions by coordinating with various stakeholders such as the App Team, Vendors, Auditors, and Regulators. It is essential to have knowledge of best practices like OWASP, Microsoft SDL, SANS, NIST, as well as experience with cloud environments (AWS) and WAF (Imperva, Akamai). Knowledge of Network and Data Security is considered a plus. In terms of qualifications and experience, we are looking for candidates with 8-10 years of hands-on experience in application security. A strong understanding of application security best practices, frameworks, and security technologies is required. Proven experience in managing VA, PT, Code review, SAST, DAST, SSDLC, Threat Modelling, and Audit processes is essential. Familiarity with regulatory requirements and compliance standards, such as RBI and SEBI, is beneficial. Excellent communication, interpersonal, analytical, and problem-solving skills are important for this role. A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required, while a Master's degree or relevant certifications are preferred.,

The role of an Application (software) Security Engineer is an entry-level, hands-on, engineering-focused position with the responsibility of fostering a Secure SDLC and secure by design approach and practice across all software engineering teams. You must possess a good combination of problem-solving and communication skills to effectively support the Application Security, InfoSec, and Software engineering teams. Your main responsibilities will include configuring and fine-tuning Application Security tests and vulnerability scans, integrating security testing into CI/CD pipelines, and collaborating with Senior Application Security engineers on Penetration tests set up and validation. Additionally, you will be expected to document and update processes and procedures, conduct research and consultations with colleagues, deliver secure software development training such as OWASP Top10, and collaborate with Security Analysts on software vulnerabilities and security issues. This will involve determining scope, severity, and potential impact of security issues, recommending next steps, and following through with risk treatment and mitigation. You will also be required to appropriately escalate issues to various teams and levels of authority within the organization. To qualify for this role, you must have a Bachelor's degree in a relevant business or technical discipline, along with a minimum of 3 years of relevant work experience. Demonstrated knowledge of application security concepts, best practices, and methods is essential, as well as experience with various application security tools including SAST, SCA, and DAST. Experience with Web Application security testing like Web Pentesting, Fuzzing, and Automated tests is also required. Ideally, you will also have experience securing cloud infrastructure and cloud applications, working knowledge of various architectures and design patterns, ability to code in at least one programming language (such as python, javascript, or go), familiarity with AWS native security tools, and knowledge of current and emerging security technologies and threats. Experience with threat analysis methodologies and tools, developer tools, project management, bug tracking systems, and integrating security tools into CI/CD pipelines would be considered advantageous for this role. This is a challenging yet rewarding opportunity for an individual with a passion for application security and a drive to contribute to the implementation of secure software practices within a dynamic organization.,

You are an Analyst, Information Risk Management at Omnicom Global Solutions in Hyderabad. Omnicom Global Solutions, a vital part of Omnicom Group, is a top global marketing and corporate communications company with a worldwide presence. In India, OGS plays a crucial role in providing a wide range of services across various domains to global agencies and group companies. With a large and talented team in India, Omnicom Global Solutions is expanding rapidly and seeking professionals like you to contribute to its growth. As an Analyst, Information Risk Management, your role involves spearheading effective cybersecurity and privacy programs within Omnicom. You will collaborate with regional and global stakeholders to decrease information security and IT risks. The primary responsibilities include conducting risk assessments aligned with internal frameworks and regulations, engaging with stakeholders to manage identified risks, presenting risk reports to senior leaders, advising on cybersecurity architecture, assisting global agencies in complying with cybersecurity regulations, monitoring the threat landscape, contributing to the Information Security Management System (ISMS), and participating in risk governance and compliance initiatives. To excel in this role, you should have at least 3-5 years of experience in information risk management, cybersecurity, or GRC domains. Proficiency in risk assessment methodologies, threat modeling, risk mitigation practices, cybersecurity frameworks and standards, preparing risk reports for leadership, stakeholder engagement, and analytical skills are essential. Preferred qualifications include industry certifications like CRISC, CISM, CISSP, ISO 27001 Lead Implementer, exposure to cloud security tools, and experience in enterprise ISMS or regulatory compliance programs. This position offers an exciting opportunity to lead cybersecurity and privacy initiatives, engage with stakeholders globally, and contribute to enhancing Omnicom's enterprise risk posture. If you are passionate about information risk management and cybersecurity, and possess the required skills and qualifications, we invite you to be part of our dynamic team at Omnicom Global Solutions.,

The Senior Cyber Security Engineer / Cyber Security Engineer position in Bangalore requires 3 to 6 years of experience in the security domain. As a part of your role, you will be responsible for performing Application, API, and Microservices Pentest, Network Pentest (Internal and External), Mobile App Pentest, Mobile Assessments, Threat Modeling, Legal Reviews, Reporting, Proof of Concepts (PoCs) of vulnerabilities, Documentation, coordinating with various stakeholders, conducting R&Ds, and other security analysis. The mandatory requirements for this role include at least 3 years of relevant experience in the security domain, proven expertise in Web Application Penetration testing (Web, Mobile, API/Web Services on JAVA & .Net) through DAST Manual approach, hands-on experience in DAST tools, API (SOAPUI, PostMan), DAST Manual Assessments, Threat Modeling, and Penetration Testing. You should also possess good Network Pentest skills for external and internal networks, and excellent written and verbal communication skills. Preferred skillsets for this position include hands-on experience of DevSecOps, good knowledge of Java, .NET, SQL queries (Oracle, PostgreSQL, etc.), experience in automating security tasks using Python or Java Frameworks, System/Network Exploitation, Red Teaming, understanding of Security Frameworks, and hands-on experience with MS Tools. If you meet the above requirements and have the necessary skillsets, you will be a valuable addition to our team as a Senior Cyber Security Engineer / Cyber Security Engineer.,

We have an opportunity to impact your career and provide an adventure where you can push the limits of whats possible. As a Lead Software Engineer at JPMorgan Chase within the Commercial and Investment Bank s Credit Technology team, you are an integral part of an agile team that works to enhance, build, and deliver trusted market-leading technology products in a secure, stable, and scalable way. As a core technical contributor, you are responsible for conducting critical technology solutions across multiple technical areas within various business functions in support of the firm s business objectives. Job responsibilities Provide guidance to immediate team of software engineers on daily tasks and activities Set the overall guidance and expectations for team output, practices, and collaboration Anticipate dependencies with other teams to deliver products and applications in line with business requirements Manage stakeholder relationships and the team s work in accordance with compliance standards, service level agreements, and business requirements Create a culture of diversity, equity, inclusion, and respect for the team members and prioritizes diverse representation Required qualifications, capabilities, and skills Formal training or certification on software engineering concepts and 5+ years applied experience Hands-on 10+ years of practical experience in system design, application development, testing and operational stability Strong hands on one or more modern programming languages - python / Java Strong hands-on experience in AWS Experience leading technology projects and managing technologists Proficient in automation and continuous delivery methods Proficient in all aspects of the Software Development Life Cycle Advanced understanding of agile methodologies such as CI/CD, Application Resiliency and Security In-depth knowledge of the financial services industry and their IT system Practical cloud native experience Experience in Computer Science, Engineering, Mathematics or a related field and expertise in technology disciplines Preferred qualifications, capabilities, and skills Experience working at code level

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do. To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical. The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies. What you will do in this role: Define Canonical's security risk management standards and playbooks Analyse and improve Canonical's security risk practices Evaluate, select and implement new security requirements, tools and practices Grow the presence and thought leadership of Canonical security risk management practice Develop Canonical security risk learning and development materials Work with Security leadership to present information and influence change Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others) Participate in risk management, decision-making, and collaborative discussions Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action Develop templates and materials to help with self-service risk management actions Monitor and identify opportunities to improve the effectiveness of risk management processes Launch campaigns to perform security assessments and help mitigate security risks across the company Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities. What we are looking for An exceptional academic track record Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path Drive and a track record of going above-and-beyond expectations Deep personal motivation to be at the forefront of technology security Leadership and management ability Excellent business English writing and presentation skills Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management Expertise in threat modelling and risk management frameworks Broad knowledge of how to operationalize the management of security risk Experience in Secure Development Lifecycle and Security by Design methodology What we offer you We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally. Distributed work environment with twice-yearly team sprints in person Personal learning and development budget of USD 2,000 per year Annual compensation review Recognition rewards Annual holiday leave Maternity and paternity leave Employee Assistance Programme Opportunity to travel to new locations to meet colleagues Priority Pass, and travel upgrades for long haul company events

CMS-TDR Senior As part of our EY-cyber security team, who shall work as SME for Microsoft Sentinel solutions in TDR team The opportunity We're looking for Senior Consultant with expertise in Cloud Security solutions. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your key responsibilities Architecting and implementation of cloud security monitoring platforms MS Sentinel Provide consulting to customers during the testing, evaluation, pilot, production, and training phases to ensure a successful deployment. Perform as the subject matter expert on Cloud Security solutions for the customer, use the capabilities of the solution in the daily operational work for the end customer. Securing overall cloud environments by applying cybersecurity tools and best practices Advise customers on best practices and use cases on how to use this solution to achieve customer end state requirements. Content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems Skills and attributes for success Customer Service oriented - Meets commitments to customers; Seeks feedback from customers to identify improvement opportunities. Expertise in content management in MS Sentinel Good knowledge in threat modelling. Experience in creating use cases under Cyber kill chain and Mitre attack framework Expertise in integrating critical devices/applications including unsupported (in-house built) by creating custom parsers Below mentioned experiences/expertise on Sentinel Develop a migration plan from Splunk/QRadar/LogRhythm to MS Sentinel Deep understanding of how to implement best practices for designing and securing Azure platform Experiencing advising on Microsoft Cloud Security capabilities across Azure platform Configure data digestion types and connectors Analytic design and configuration of the events and logs being digested Develop, automate, and orchestrate tasks(playbooks) with logic apps based on certain events Configure Sentinel Incidents, Workbooks, Hunt queries, Notebooks Experience in other cloud native security platforms like AWS and GCP is a plus Scripting knowledge (Python, Bash, PowerShell) Extensive knowledge of different security threats Good knowledge and experience in Security Monitoring Good knowledge and experience in Cyber Incident Response To qualify for the role, you must have B. Tech./ B.E. with sound technical skills Strong command on verbal and written English language. Demonstrate both technical acumen and critical thinking abilities. Strong interpersonal and presentation skills. Certification in Azure (any other cloud vendor certification is a plus) Ideally, you'll also have People/Project management skills.

As a Senior Information Security Engineer at Mastercard, you will play a crucial role in contributing to and maintaining reusable security requirements for software engineering teams. Your passion for cybersecurity, coupled with a broad knowledge and experience in various security domains, will be essential in ensuring the security and integrity of Mastercard's systems. In this role, you will have the opportunity to collaborate with cross-functional teams, create and maintain documentation, and provide security architecture advice to help design applications and services following industry best practices. Your responsibilities will include developing, delivering, and maintaining reusable security requirements, as well as creating documentation, procedures, and analytics related to these requirements. You will work closely with development and operational teams to ensure that security requirements are understood and incorporated efficiently. Additionally, you will conduct security reviews and threat modeling for Mastercard applications, demonstrating a strong understanding of information security principles, theories, and concepts. The ideal candidate for this position should have knowledge of information security, risk management, and data privacy in the domain of digital commerce. You should possess a good understanding of identity management, user authentication, and authorization principles, along with experience in implementing secure software development lifecycle practices at scale. Experience in designing secure multi-domain Internet-facing applications, providing security architecture advice for web-based network environments, and knowledge of mobile security architecture concepts are highly valued. Furthermore, familiarity with cryptography, experience with enterprise programming languages such as Java, and technical expertise in Linux will be advantageous. Your ability to communicate effectively with diverse audiences, translate security and risk management terminology into business terms, and recommend alternative solutions to stakeholders will be critical in this role. As a Senior Information Security Engineer at Mastercard, you are expected to abide by the company's security policies and practices, ensuring the confidentiality and integrity of the information being accessed. You must report any suspected information security violation or breach and complete all periodic mandatory security trainings in accordance with Mastercard's guidelines. By joining the Business Security Engineering Guild, you will be part of a team dedicated to keeping Mastercard safe and secure from cyber and physical threats, contributing to a sustainable world that unlocks priceless possibilities for all.,

You are a proactive Security & Compliance Lead responsible for overseeing and executing security audits and compliance efforts for applications, infrastructure, and organizational processes. Your role is crucial in ensuring that systems, applications, and business operations are secure, compliant, and in alignment with internal policies and regulatory requirements such as RBI, ISO 27001, and SOC 2 Type II. Your key responsibilities include conducting technical assessments for new BFSI clients, completing cloud infrastructure security and compliance questionnaires, mapping customer security and regulatory requirements to internal controls, maintaining documentation for BFSI assessment artifacts, managing security questionnaires from clients, vendors, and partners, evaluating vendor security and compliance, identifying security risks within the company's IT infrastructure, ensuring compliance with security standards, collaborating with internal teams to maintain compliance with legal and regulatory requirements, developing and maintaining internal security policies and procedures, preparing detailed reports on security assessments and risk analysis, providing recommendations to enhance security measures, educating internal staff and external partners on security best practices, and supporting pre-sales and onboarding teams with assessment documentation. To excel in this role, you should ideally possess a Bachelor's degree in computer science, Information Security, Data Science, or a related field, along with at least 5 years of experience in Audit/compliance, application security assessments, and AWS cloud security, preferably in the BFSI domain. Additionally, having at least 2 years of experience in AWS cloud security and risk assessments, expertise in AWS cloud infrastructure, familiarity with secure coding practices, vulnerability management, and threat modeling, and exposure to information security standards like ISO 27001, SOC 2, and RBI cybersecurity framework are beneficial. Good to have qualifications include familiarity with data protection and encryption methodologies, the ability to explain security configurations and policies in simple terms, experience with security controls, vulnerability scanning tools, and SIEM, as well as exposure to security tools such as network firewall and IPS/IDS. Overall, your role as a Security & Compliance Lead is pivotal in ensuring the security and compliance of the organization's IT infrastructure, applications, and services while staying updated on AWS best practices, shared responsibility model, and evolving cloud security trends.,

As a Cyber Security Specialist with 5+ years of experience, your role will involve testing and operating security controls for various applications to ensure compliance with cybersecurity standards. You will collaborate with software architects to create secure software designs by conducting threat modeling. Your responsibilities will include contributing to all levels of the architecture, performing application design reviews focusing on cybersecurity compliance, and ensuring project compliance with secure design and coding standards. You will need to have a strong attention to detail, analytical mind, outstanding problem-solving skills, and great awareness of cybersecurity trends and exploitation techniques. Familiarity with security frameworks such as IEC 62443 and NIST SSDF is essential. Additionally, you will be responsible for developing an understanding of new tools and best practices, contributing to all stages of the Secure Development Lifecycle, and conducting VAPT (Vulnerability Assessment and Penetration Testing) on target applications to identify vulnerabilities and define mitigation strategies. If you are an interested candidate with expertise in Cyber Security, VAPT, Penetration Testing, application security, OWASP, and Threat modeling, and have an immediate to 15 days notice period, we invite you to share your resume at roshan.rn@utthunga.com. The location for this position is Bangalore.,

We are seeking an experienced Application Security Specialist to join our team. As an Application Security Specialist, you will be responsible for conducting SSDLC security assessments, integrating security throughout the software development lifecycle, and ensuring that applications meet the highest security standards before deployment. Your key responsibilities will include conducting internal and third-party SSDLC risk assessments on critical assets and processes, coordinating with project teams to enforce security frameworks in all phases of the SSDLC, and preparing security effectiveness reports for management. You will also be tasked with performing SSDLC assessments aligning with security practices, ensuring that new applications undergo SSDLC assessments before induction into data centers, and defining and enhancing application security requirements for agile development and traditional architectures. Additionally, you will assist DevSecOps teams in creating secure CI/CD pipeline processes, follow up on and escalate closure of identified security gaps, and contribute to standardizing application security tools and methodologies. The ideal candidate should have at least 6 years of experience in Information Security with a focus on application and software security, along with 4 years of experience in software development lifecycle security reviews. You should also possess expertise in architecture reviews, software design reviews, threat modelling, and design flaw assessments, as well as hands-on experience with SAST, DAST, SCA, IAST, RASP, and other application analysis tools. Familiarity with OWASP, SANS, ISACA, NIST, IETF best practices is required, and the ability to develop detailed security frameworks for developers to integrate into the SDLC is essential. Preferred certifications include CISSP, CSSLP, Cloud Security Certifications, and DevSecOps Automation Certifications. If you meet these qualifications and are passionate about enhancing application security, we encourage you to apply for this position.,

Inviting applications for the role of Principal Consultant - Solution Architect ASRB Security Engineer An ASRB is a governing organization that examines and confirms compliance for hardware and software projects, both new and updated. The aim of the ASRB is to convey business requirements to interested parties and encourage uniform technology stacks and designs among cloud initiatives. Responsibilities : . Experience in managing the Security Architecture engagement review request. . Work directly with application teams and solution architects to review proposed architectures to ensure alignment with approved design patterns and security control requirements. . Recommend and/or approve designs and/or platform services which align with defined best practices. Provide list of security recommendations to the application team based on the architecture/security review checklist provided. . Prepare Architecture & Security Review Board (ASRB) and/or Architecture Design Review (ADR) artifacts ensuring inclusion of necessary project information and architectural diagrams sufficient to disposition the design proposal, working collaboratively with the application team and solution architect. . Hosting and/or supporting Cyber in these meetings with an intent, to strategically assess project proposals containing network, cloud platform/services and application architecture, with a purpose of identifying and highlighting both cyber risk and compliance control gaps that the project teams will then have to remediate prior to project go-live. . Document security gaps or non-compliant patterns/components (i.e., ports/protocols/services/integrations) and track these to closure with the application teams. . Develop and Maintain Security Standards for Azure/AWS Cloud Services . Cloud Security Configuration and management, rules creation and configuration . Good years of experience in Infrastructure Security and Operations . Good years of experience in Securing AWS Cloud . Mandatory knowledge off foundation Cloud Services Compute, Database, Network, Security Groups, Network Access List (NACL), Firewall rules and Storage. . Understand threat modelling of applications. . Knowledge of AZURE AND AWS products and services: EKS, S3, SQS, SNS, Cloud Watch, Elastic Cache, Kinesis, Cloud Trail, KMS, WAF, Guard Duty, IAM, Lambda, Connect, RDS . Knowledge of AZURE AND AWS products and services: AZURE AND AWS AD, VM, BLOB, Key Vault, Log Analytics, Monitor, AZURE AND AWS Databases (SQL, PostgreSQL, MySQL), Key Vault, Security Center, Activity log . Security certifications from AWS/Azure. . Understand latest trends. . Understand top key risks. . Have Strong Knowledge in Networking in Cloud. . Strong communication and written skills . Experience creating technical documentation. . Hands on experience Securing solutions on Azure/AWS . Knowledge of security controls for the public cloud . Knowledge of Industry Security standards (HIPPA, SOX, PCI-DSS) . Knowledge of Compliance standards (NIST, CIS) . Securing Linux and Windows OS . Experience with Open-Source Cloud and configuration management tools (Terraform Ansible, etc.) . Experience with alternate cloud providers (e.g. AWS) Qualifications we seek in you! Minimum qualifications / Skills Bachelor%27s Degree required. Preferably in Computer Science, Information Systems, or related field Preferred qualifications / Skills Very good written and presentation / verbal communication skills with experience of customer interfacing role. In-depth requirement understanding skills with good analytical and problem-solving ability, interpersonal efficiency, and positive attitude. . . . . . .

As a Cybersecurity Risk Analyst at EQ, you will play a vital role in identifying, assessing, and analyzing potential cybersecurity threats and vulnerabilities across the organization's infrastructure, data, applications, mobile devices, and networks. You will work closely with various teams to conduct comprehensive risk assessments, review cloud architectures, and utilize security tools to evaluate the likelihood and impact of security risks. Your collaboration with DevOps and Cloud Engineering teams will be essential in advising on security controls and risk mitigation strategies in AWS and Azure. In addition to risk identification and analysis, you will be responsible for researching and interpreting cybersecurity requirements and standards such as GDPR, NIST, ISO27001, and other regulatory frameworks. Staying up-to-date with evolving cybersecurity regulations at local, national, and international levels will be a key part of your role. You will assist in compliance assessments, gap analysis, and ensure that relevant cybersecurity regulations are incorporated into the risk process for new and changed IT systems and applications. Furthermore, you will be involved in conducting risk analysis of third parties within the Company's supply chain and monitoring significant risk issues to completion. Your role will also include assisting in collecting and organizing data to identify risks, preparing metrics and reports, and creating regular and ad-hoc reports for executives and senior management teams. Engagement with various stakeholders and developers across the organization will be crucial in selecting tailored security training and knowledge sharing sessions on emerging threats and security risk trends. You will support the Information Security Risk Manager in developing and maintaining the EQ Security Risk Process, implementing risk management strategies, and collaborating with IT and security teams to implement technical measures. Your responsibilities will also include analyzing and improving existing information security policies, guidelines, and procedures, as well as defining best practices in the design and coding of proprietary systems. You will provide advice, education, and support to development teams in adhering to security practices using dynamic and static application security testing tools. In summary, as a Cybersecurity Risk Analyst at EQ, you will be at the forefront of identifying and mitigating cybersecurity risks, ensuring compliance with regulatory requirements, and fostering a culture of security awareness and best practices across the organization.,

You will be responsible for conducting application security reviews for Web, Mobile (Android and iOS), and API technologies. Your role will involve assessing and identifying potential vulnerabilities in the technology being developed before implementation. You should have expertise in application security testing methodologies such as SAST, DAST, and MAST, with experience in web application, API security, and mobile application security testing according to industry standards like OWASP top 10, SANS top 25, etc. It would be beneficial to have knowledge of programming and scripting languages such as Java, JavaScript, Angular, Spring Boot, Kotlin, and Swift. Familiarity with tools like Burp Suite, Postman, SoapUI, Checkmarx, Netsparker, Nexus IQ, Kryptowire for security testing and analyzing scanned reports is essential. Moreover, a strong understanding of application security tooling and experience in driving automation within the delivery environment is required. You must hold industry-recognized Information Security and Cyber Security qualifications such as CISSP, CISA, OSCP, GIAC GPEN, GIAC GMOB. A deep understanding of security industry trends, major vulnerabilities, and security threat landscape is crucial. Knowledge of Zero Trust security principles and practical implementations is necessary. While a degree is desirable, it is not mandatory. Experience in supporting major programs, security architecture, creating security designs, and displaying positive leadership behaviors related to risk management and mitigation is expected. Proficiency in collaboration tools like SharePoint, Teams, Confluence, and JIRA is advantageous. Hands-on experience in working with DevOps and Agile teams to incorporate security in the software development lifecycle is a key requirement. Additionally, experience in application risk assessment, threat modeling, and working closely with delivery teams for security risk remediation is important. About the Company: Purview is a leading Digital Cloud & Data Engineering company with headquarters in Edinburgh, United Kingdom and a presence in 14 countries including India, Poland, Germany, USA, UAE, Singapore, Australia, among others. The company provides services to Captive Clients and top-tier IT organizations, delivering solutions and resources to clients worldwide. Company Information: Purview Services 3rd Floor, Sonthalia Mind Space Near Westin Hotel, Gafoor Nagar, Hitechcity, Hyderabad Phone: +91 40 48549120 / +91 8790177967 Gyleview House, 3 Redheughs Rigg South Gyle, Edinburgh, EH12 9DQ Phone: +44 7590230910 Email: careers@purviewservices.com Login to Apply!,

Key Deliverables: Lead product-specific security strategy, including roadmap definition and implementation Perform architectural security reviews, threat modelling, and vulnerability assessments Drive application security, supply-chain risk mitigation, and secure engineering practices Champion security standards, cookbooks, and continuous improvement initiatives Role Responsibilities: Collaborate with engineering leaders to align security goals with product roadmaps Mentor team members and enable security champions across product teams Reduce friction by embedding security into developer workflows Guide risk-based decision-making aligned with GDPR, OWASP, and CIS benchmarks

Key Deliverables: Lead security integration across product lifecycle from requirements to deployment Conduct architectural and third-party security reviews for risk mitigation Define and drive the security roadmap in collaboration with engineering teams Mentor teams and security champions to strengthen overall cybersecurity posture Role Responsibilities: Represent cybersecurity in product/architecture forums and critical decisions Reduce security fatigue and improve developer feedback loops Oversee assurance activities including testing, auditing, and purple teaming Collaborate across security groups to enhance Tesco's security standards and tools

Your day at NTT DATA The Security Managed Services Engineer (L2) is a developing engineering role, responsible for providing a managed service to clients to ensure that their Security Infrastructures and systems remain operational. Through the proactive monitoring, identifying, investigating, and resolving of technical incidents and problems, this role is able to restore service to clients. The primary objective of this role is to proactively review client requests or tickets and apply technical/process knowledge to resolve them without breaching service level agreement (SLA) and focuses on second-line support for incidents and requests with a medium level of complexity. The Security Managed Services Engineer (L2) may also contribute to / support on project work as and when required. What youll be doing Key Responsibilities: Integrating UEBA with other security systems. Managing and configuring UEBA tools and agents. Conducting threat modelling and risk assessments. Knowledge and Attributes: Ability to communicate and work across different cultures and social groups. Ability to plan activities and projects well in advance, and takes into account possible changing circumstances. Ability to maintain a positive outlook at work. Ability to work well in a pressurized environment. Ability to work hard and put in longer hours when it is necessary. Ability to apply active listening techniques such as paraphrasing the message to confirm understanding, probing for further relevant information, and refraining from interrupting. Ability to adapt to changing circumstances. Ability to place clients at the forefront of all interactions, understanding their requirements, and creating a positive client experience throughout the total client journey. Academic Qualifications and Certifications: Bachelors degree or equivalent qualification in IT/Computing (or demonstrated equivalent work experience). 3+ years of experience CertificationProposed OEM Level Certification is a must. Required Experience: Moderate level of relevant managed services experience handling Security Infrastructure. Moderate level of knowledge in ticketing tools preferably Service Now. Moderate level of working knowledge of ITIL processes. Moderate level of experience working with vendors and/or 3rd parties.