52 Threat Modelling Jobs

While technology is the heart of our business, a global and diverse culture is the heart of our success. We love our people and we take pride in catering them to a culture built on transparency, diversity, integrity, learning and growth. If working in an environment that encourages you to innovate and excel, not just in professional but personal life, interests you- you would enjoy your career with Quantiphi! Role: Senior Cyber Security Engineer Experience Level: 3+ Years Work location: Mumbai, Bangalore & Trivandrum Role & Responsibilities: Develop a complete understanding of a company's technology and information systems. Design, build, implement and support enterprise-class security systems. Identify and communicate current and emerging security threats Plan, research and design robust security architectures for any IT project. Perform or supervise vulnerability testing, risk analyses and security assessments. Create solutions that balance business requirements with information and cybersecurity requirements. Identify security design gaps in existing and proposed architectures and recommend changes or enhancements. Set up and support code security and infrastructure security activities of DevSecOps Pipeline. Must have experience in cloud concepts and perform assessment and implementation of new technologies within the cloud. Use current programming language and technologies to write code, complete programming and perform testing and debugging of applications. Provide supervision and guidance to development and security teams. Define, implement and maintain corporate security policies and procedures. Respond immediately to security-related incidents and provide thorough remedial solutions and analysis. Required Skills: Experience in automating security tools and processes ensuring innovation and advancement strategies that keep pace in the areas of access control, security-in-depth, secure transaction processing, secure coding practices. Experience in working in a high paced DevSecOps or SecOps environment with hands-on experience in Docker, Kubernetes and Cybersecurity tools like IDS, SIEM, SAST/DAST Scanners, EDR Experience in conducting and facilitating security reviews, threat modelling including deep design reviews throughout the development lifecycle to identify all the threats the systems are exposed to and recommended mitigations controls to address those threats. Hands-on knowledge in Cloud Security and AWS / GCP / Azure (good hands-on experience in at least one of them preferably GCP) Experience in performing penetration testing activities on Internal and large scale cloud infrastructure Hands-on experience in performing threat modelling and web application security assessments Experience in evaluating and implementing industry leading third party security tools and software Hands-on experience in performing vulnerability assessment and management via automation Effective communication skills with all the stakeholders involved. Skills to communicate clearly about complex subjects and technical plans with technical and non-technical audiences. Ability to identify risks associated with business processes, operations, technology projects and information security programs

As a Senior Security and Compliance Lead at our company located in Pune (Hybrid), you will have the opportunity to work closely with the CTO, CEO, and Engineering Team. With 5-7 years of experience in the Security & Compliance department, you will play a crucial role in ensuring the integrity and protection of our systems and data. To be successful in this role, you should hold a Bachelor's degree in computer science, Information Security, Data Science, or a related field. Additionally, you should have at least 5 years of experience working with Audit/compliance, application security assessments, preferably in the BFSI domain. A minimum of 2 years of experience in AWS cloud security and risk assessments is required. Your responsibilities will include having a strong exposure to AWS cloud infrastructure components such as Guard Duty, Security Hub, Inspector, Firewall, IAM, EC2, VPC, S3, Security Groups, among others. You should also be familiar with secure coding practices, vulnerability management, and threat modeling. Experience with VRA templates, cloud security checklists, and assessment responses for enterprise or regulated clients would be beneficial. Moreover, you should have a good understanding of information security standards like ISO 27001, SOC 2, and RBI cybersecurity framework. Your communication skills should enable you to effectively liaise with both technical and non-technical stakeholders. You should be able to interpret and explain security configurations and policies in simple terms and be knowledgeable in security controls, vulnerability scanning tools (e.g., Nessus, Wireshark), and SIEM. Your personality and attitude traits will play a significant role in this position. A security-first mindset, commitment to data protection, proactive risk assessment, mentorship and leadership skills, sharp problem-solving abilities, bias for action, an owner mentality, quick learning capabilities, and high discipline are essential attributes for this role. This is a full-time job that requires in-person work at our Pune location. If you are a highly skilled and experienced professional with a passion for security and compliance, we encourage you to apply for this role and be a part of our dynamic team.,

Genpact is a global professional services and solutions firm dedicated to delivering outcomes that shape the future. With over 125,000 professionals in more than 30 countries, we are fueled by curiosity, entrepreneurial agility, and a commitment to creating enduring value for our clients. Our purpose, the relentless pursuit of a world that works better for people, drives us to serve and transform leading enterprises worldwide, including the Fortune Global 500. Our deep expertise in business and industry knowledge, digital operations services, and proficiency in data, technology, and AI enables us to meet our clients" needs effectively. We are currently seeking applications for the role of Consultant - Cybersecurity. Responsibilities: - Possess good IT SOX experience as a SOX Tester. - Collaborate with application teams and solution architects to identify and resolve issues. - Document security gaps or non-compliant patterns/components and oversee their resolution with the application teams. - Recommend designs and platform services aligned with best practices and provide security recommendations based on a security review checklist. - Demonstrate expertise in Securing AWS & Azure Cloud, Infrastructure Security, and Operations. - Required knowledge of foundational AWS & Azure Cloud Services Compute, threat modeling of applications, TOE, TOD, RFT & External Audit Assistance, and testing of General IT Controls (GITCs) and NIST controls. - Review control evidence for adherence and precision, conduct data sampling, testing of controls, and support the assessment, design, and implementation of ITGC requirements. - Validate and update documentation to ensure accuracy and completeness of scope, testing, and remediation activities. - Identify control failures, report deficiencies, remediate failed controls, and escalate critical issues to Senior management within IT. - Assist in the review of IT tools, control designs, and control remediation planning efforts. - Collaborate with key stakeholders in a fast-paced, matrixed work environment, fostering an innovative, inclusive team-oriented environment. - Ensure compliance reviews for SOX, Tools, and critical applications for ITGC and NIST controls. - Improve the process for managing system authorizations and prepare project scorecards with detailed status updates. - Maintain central documentation repositories and demonstrate flexibility to work in a 24x7 process. - Possess excellent communication and interpersonal skills, work independently, prepare Dashboards and Reports, and demonstrate proactive thinking. Qualifications: Minimum qualifications / Skills: - Bachelor's Degree in Computer Science, Information Systems, or related field. - Good IT experience. Preferred qualifications / Skills: - Strong written and verbal communication skills with customer interfacing experience. - Proficiency in requirement understanding, analytical and problem-solving ability, interpersonal efficiency, and positive attitude. If you are looking for an opportunity to contribute to a dynamic team in a challenging and rewarding environment, we invite you to apply for the Consultant - Cybersecurity role at Genpact. Location: India-Hyderabad Schedule: Full-time Education Level: Bachelor's / Graduation / Equivalent Job Posting: May 9, 2025, 12:36:33 PM Unposting Date: Jun 8, 2025, 1:29:00 PM Master Skills List: Consulting Job Category: Full Time,

You should have a minimum of 5 years of experience and be located in New Delhi. We are seeking someone who has successfully launched their own Ethereum based project, dAPP, or blockchain related project. Your primary responsibility will be to assist us in developing our blockchain ecosystem based on Bitcoin. If you have experience writing smart contracts using Solidity or possess general blockchain knowledge, we encourage you to apply now! As a full stack polyglot developer, you should be proficient in cryptographic programming languages such as C/C++, Java, Go, Rust, Python, Bootstrap, JavaScript, AngularJS, Node.JS, and JSON. An interest in applied research in Blockchain technologies and a technical understanding of Ethereum, Bitcoin, MultiChain, and other Blockchain technologies are essential. You must have a strong ability to acquire new knowledge and skills through independent research. Your role will involve designing and implementing Blockchain solutions that may operate on Blockchain platforms like HyperLedger. You will be responsible for creating the technical solution architecture for various business problems. Hands-on experience in WebSphere Application Server, J2EE, XML, HTML, Dojo, jQuery, JavaScript, JSON, and PHP is required, along with a good awareness of emerging technologies and industry standards. Furthermore, you should have experience working on Linux, Windows, Solaris, and Mobile Platforms. Prior experience in the financial sector would be advantageous, along with proven experience in Agile delivery methodology. Familiarity with Big Data technologies such as NoSQL, Hadoop, RDBMS, NoSQL, or distributed databases is preferred. Additionally, proficiency in Solidity, ERC20 token development, ICO (initial coin offering) experience, smart contract development, peer-to-peer networking, and security assessments of infrastructure, network, web applications, and databases is essential. You should be capable of performing threat modeling, vulnerability assessments, penetration testing, and security bug classification utilizing frameworks like CVSS and DREAD. Knowledge of common code review methods, current information security threats, and experience in generating and submitting security assessment reports are required. In summary, we are looking for a highly skilled individual with a strong background in blockchain development, programming languages, security assessments, and a passion for emerging technologies. If you meet these criteria, we encourage you to apply for this exciting opportunity.,

You will be expected to have hands-on project experience with GCP core products and services, including GCP Networking, VPCs, VPCSC, and Google Artefact Registry. It is essential to have extensive experience in Infrastructure as Code, including TF custom Modules and TF module Registry. Moreover, you should possess hands-on experience with GCP Data products such as Bigquery, Dataproc, Dataflow, and Vertex AI. Familiarity with Kubernetes and managing container Infrastructure, specifically GKE, is also required for this role. The role involves automation using programming languages like Python, Groovy, etc. Additionally, having an understanding of Infrastructure security, threat modeling, and Guardrails would be beneficial for this position.,

As a Senior Security Architect in the Banking & Financial Services sector, your primary responsibility will be to develop and maintain a comprehensive security architecture roadmap that is in alignment with business objectives and regulatory requirements. This includes conducting thorough security risk assessments for business applications (both on-premises and cloud-hosted) and APIs to identify potential threats, weaknesses, and recommending appropriate mitigation measures. You will be required to conduct threat modeling for applications at their inception and during major changes to ensure compliance with existing regulations. Additionally, you will review architecture designs, suggest security controls, and countermeasures to safeguard systems, applications, and data effectively. In this role, you will define and enforce security policies, standards, and guidelines to ensure compliance with industry best practices and regulations. Collaborating with development teams will be crucial to integrate security-by-design principles into the software development lifecycle. Creating dashboards and reports to track the progress of ongoing security reviews and driving automation and process improvement initiatives for streamlining security reviews will also be part of your responsibilities. Keeping abreast of emerging security threats and trends and recommending and implementing appropriate countermeasures is essential. Mentoring and guiding junior security team members to foster a culture of continuous learning and development will also be expected from you. To qualify for this role, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field, along with 6-8 years of hands-on experience in security architecture, design, review, and implementation. Strong knowledge of security frameworks and methodologies, such as RBI guidelines, NIST Cybersecurity Framework, and OWASP ASVS, is required. An excellent understanding of cloud security principles and practices, especially AWS, is essential. Additionally, a minimum of 2 years of experience in the banking and financial services sector, with a deep understanding of industry-specific security regulations, would be preferred. Strong analytical and problem-solving skills, the ability to work independently, and manage multiple projects simultaneously are also necessary. Preferred qualifications for this role include advanced security certifications (e.g., CISSP, CISM), knowledge of DevOps and CI/CD practices, and experience with security automation and orchestration tools.,

About GoKwik GoKwik is a growth operating system designed to power D2C and eCommerce brands from checkout optimisation and reducing return-to-origin (RTO), to payments, retention, and post-purchase engagement. Today, GoKwik enables over 12,000 merchants worldwide, processes around $2 billion in GMV, and is strengthening its AI-powered infrastructure. Backed by RTP Global, Z47, Peak XV, and Think Investments and bolstered by a $13 million growth round in June 2025 (total funding: $68 million), GoKwik is scaling aggressively across India and the UK. Why This Role Matters At GoKwik, security isnt a bolt-on, its a core part of how we build, ship, and scale. As a Senior DevSecOps Engineer, youll ensure every layer of our infrastructure and development lifecycle is secure, compliant, and resilient. Youll work end-to-end with engineering teams, from design and deployment to operations and optimisation, embedding security guardrails into CI/CD pipelines, automating IAM and compliance checks, and reducing human error to near zero. Youll also shape a culture where security is a shared responsibility, not a last-minute review, while staying battle-ready to lead incident response and drive blameless learning. In short, youll own the frameworks and practices that let GoKwik grow fast without ever compromising trust, directly protecting $2B+ GMV and thousands of merchants who rely on us every day. What You&aposll Own Build secure CI/CD pipelines by embedding vulnerability scanning, SAST, and DAST, ensuring every release ships fast and safe Partner with engineering and security teams to design cloud-native architectures that are secure by default and resilient at scale Automate the boring stuff, from secrets management and IAM policy enforcement to compliance validation checks, cutting down human error and accelerating delivery Integrate best-in-class security tools (Vault, Prisma, Aqua, Trivy, etc.) into every layer of our infrastructure Take the lead during security incidents, coordinating response across teams and ensuring issues are remediated quickly and effectively Drive a proactive DevSecOps culture by running training, awareness programs, and blameless postmortems that turn incidents into learnings Own compliance readiness (SOC2, ISO 27001, PCI-DSS), working closely with governance and legal to keep us always audit-prepared without slowing down engineering Who You Are 3 - 7 years of hands-on experience in DevSecOps or Cloud Security Engineering within fast-scaling SaaS or eCommerce environments Strong grasp of AppSec and Cloud Security fundamentals, from IAM, WAF, and KMS to CSPM best practices Practical experience with Kubernetes security (RBAC, PodSecurity, NetworkPolicies) and keeping clusters production-hardened Comfortable with threat modelling, incident response, and security compliance frameworks (ISO, SOC2, PCI-DSS) Solid coding/scripting skills (Python, Go, Bash, etc.) to automate controls and eliminate repetitive manual work Someone who doesnt just know the theory but has battle-tested experience in securing systems at scale How You&aposll Thrive At GoKwik You embed security into velocity, helping teams move fast without cutting corners You believe in a blameless, learning-first culture, where issues are fixed, not hidden You take uptime and compliance seriously, 99.99999% is the bar, and you love building guardrails that make it possible You stay proactive, spotting and solving risks before they become incidents You thrive in a high-trust environment, where ownership is real and security is an enabler, not a blocker Why GoKwik At GoKwik, we arent just building tools, were rewriting the playbook for eCommerce in India. We exist to solve some of the most complex challenges faced by digital-first brands: low conversion rates, high RTO, and poor post-purchase experience. Our checkout and conversion stack powers 500+ leading D2C brands and marketplaces and were just getting started. Show more Show less

As a Cyber Architect / Firmware Architect, you will be leading the Cyber-related deliverables for the BA SAS India product line. Your responsibilities will encompass various key areas, including: - Demonstrating working knowledge and experience in the secure lifecycle development process. - Applying secure design principles for Hardware, firmware, and software. - Understanding end-to-end solutions architectures involving IoT devices, firmware, software, REST API cloud, etc. - Collaborating with cross-functional teams, including development, pen testing, and marketing teams. - Conducting product cybersecurity risk assessments and implementing threat modeling and threat mitigation. - Utilizing security requirements using SD elements and coordinating with the development team. - Ensuring compliance with data privacy rules and regulations by working closely with data privacy and legal teams. - Familiarity with cybersecurity frameworks like NIST, MITRE, and tools used in pen testing. - Knowledge of open-source scanning tools like Blackduck, static code analysis tools, and reverse engineering tools. - Understanding STQC compliance requirements, IEC62443, GDPR, and experience with CCTV Camera products and building automation. - Proficiency in programming languages like C, C#, Java, Python, Angular, React, Linux OS, and REST API. - Hands-on experience with IoT-based Embedded firmware development, and understanding of hardware devices, physical networks, and network protocols. - Designing and developing Firmware/Software using C/C++/Python in a real-time embedded environment. This role requires a proactive approach to cybersecurity, strong collaboration skills, and a deep understanding of firmware development and cybersecurity principles.,

This is a new requirement for Security engineers with the following qualifications and responsibilities: You should have at least 5 years of experience in product security areas, preferably with experience in medical device security. Your expertise should cover managing the product security lifecycle from design, development, testing to maintenance. You should be skilled in threat modeling of medical devices, applications, and cloud environments, as well as have experience in security requirement analysis and creating threat mitigation plans. Hands-on experience in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), hardware, and application penetration testing is required. Location: Hebbal, Bengaluru Responsibilities include: - Demonstrating good experience in product security areas, with preference given to those with experience in medical device security - Managing the product security lifecycle covering design, development, testing, and maintenance - Expertise in threat modeling of medical devices, applications, and cloud environments - Analyzing security requirements and developing threat mitigation plans - Hands-on experience in SAST, DAST, hardware, and application penetration testing What we offer: GlobalLogic prioritizes a culture of caring and inclusivity, where you can build connections with collaborative teammates, supportive managers, and compassionate leaders. We are committed to your continuous learning and development through various programs, training curricula, and hands-on opportunities. You will have the chance to work on interesting and meaningful projects that impact clients worldwide. We believe in providing balance and flexibility to achieve work-life integration. GlobalLogic is a high-trust organization that values integrity and trust in all aspects of our operations. About GlobalLogic: GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world's largest companies. Since 2000, we have been creating innovative digital products and experiences and collaborating with clients to transform businesses through intelligent solutions.,

As a SecOps Engineer at BerryBytes, you will play a crucial role in achieving cyber resiliency within our infrastructure. Reporting to the Director of Cloud Infrastructure, your primary responsibility will be to establish and enforce security standards to ensure operational excellence in areas such as availability, productivity, capacity, and efficiency. Your key responsibilities will include defining and executing the company's strategy for a secure infrastructure, applications, and third-party vendors. You will need to have a deep understanding of security tooling, analyze and remediate security weaknesses in cloud infrastructure, and build cyber resiliency. Additionally, you will be involved in internal infrastructure network testing, vulnerability assessment, container runtime security, and web application security testing. To excel in this role, you should have experience with Application Security Tools (SAST, DAST, SCA), knowledge of threat modeling and security design review methodologies, and the ability to promote security knowledge sharing within technical organizations. It would be beneficial if you have experience in manual code security review, knowledge of various programming languages, and experience in helping organizations meet compliance standards such as PCI DSS and SOC-2. Ideally, you should hold a Bachelor's or Master's degree in Computer Science, Information Technology, or a related field, or have practical Information Security professional experience. You should have at least 1 year of Information Technology experience with a focus on security, along with experience in Cloud Administration, Networking, or other operations-related fields. Strong troubleshooting and problem-solving skills, as well as knowledge of integrating security tasks into CI/CD pipelines, are essential for this role. If you are passionate about cybersecurity, have a strong technical background, and are eager to contribute to the security of cloud infrastructure, we encourage you to apply for this position. Join BerryBytes and be part of a dynamic team that is dedicated to providing scalable solutions and ensuring robust growth without compromise. To apply for this position, please fill out the application form below with your details, cover letter, and resume. We look forward to reviewing your application and potentially welcoming you to our team at BerryBytes.,

As a Software Developer, you will have the opportunity to work on challenging projects that require curiosity, ambition, and determination to excel. Your main responsibility will be to design, build, and maintain cutting-edge software solutions that drive our benchmarking and analytics capabilities. You will play a key role in fostering innovation through analytics, design thinking, and digital transformation, with a focus on developing new products and integrating them into our client work. This approach is integral to our shift towards digital asset-based consulting and contributes to our entrepreneurial culture. Within the Corporate & Business Functions (CBF) CBFLab asset, you will be part of a benchmarking and analytics solution that aims to optimize our clients" General and Administrative functions, such as Finance, HR, IT, Procurement, and Legal. Your work will involve addressing complex challenges, driving efficiency, and implementing best practices in operating models, process improvements, and digital transformation. In this high-performance environment, your growth and development are paramount. You will be encouraged to drive lasting impact and build long-term capabilities with clients. With the support of resources, mentorship, and opportunities provided, you can accelerate your leadership development and thrive in this dynamic setting. Continuous learning is a cornerstone of our culture, where structured programs and feedback mechanisms help you grow and evolve. Your ideas and contributions will be valued from day one, allowing you to make a tangible impact through innovative solutions. Diverse perspectives are not only encouraged but essential for achieving the best outcomes. Joining our global community offers exposure to colleagues from over 65 countries and diverse backgrounds, fostering creativity and collaboration. Additionally, a comprehensive benefits package, including medical, dental, mental health, and vision coverage, complements a competitive salary. Your qualifications and skills should include a deep understanding of architectural concepts for highly scalable data-driven applications in cloud environments, as well as expertise in engineering best practices, cloud computing, and Agile software development processes. Strong command of languages like JavaScript and Python, experience with RESTful APIs and databases, and familiarity with cloud platforms like AWS are also essential. An entrepreneurial mindset, excellent communication skills, and a self-starter attitude will further enhance your effectiveness in this role.,

Job Title: Penetration Tester Position: Senior Systems Engineer Experience:6+Years Category: Senior Systems Engineer Main location: Bangalore/Chennai/Pune/Chennai Position ID: J0625-0184 Employment Type: Full Time 6-8 years of Experience Strong understanding of OWASP and other penetration testing methodologies Conduct comprehensive penetration tests on external assets, networks, applications, and systems to identify vulnerabilities. Perform threat modelling and risk assessments to prioritize testing efforts. Develop and execute test cases, scripts, and plans to assess the security posture of IT assets. Collaborate with cross-functional teams to remediate identified vulnerabilities. Provide detailed reports outlining vulnerabilities, their impact, scores and actionable remediation recommendations. Experience in exploiting and mitigating vulnerabilities in web applications, APIs, and cloud environments. Familiarity with scripting languages (Python, Bash, PowerShell, etc.) for automation and testing. Excellent spoken and written communication skills with strong attention-to-detail and accuracy. Provide vulnerability as well as penetration threat risk assessment findings to stakeholders Implement retesting and continuous monitoring to maintain long-term security Review backup, recovery, and incident response plans for comprehensive protection Document all processes and findings Provide knowledge transfer to operational teams Your future duties and responsibilities Required Qualifications To Be Successful In This Role Together, as owners, lets turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, youll reach your full potential because You are invited to be an owner from day 1 as we work together to bring our Dream to life. Thats why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our companys strategy and direction. Your work creates value. Youll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. Youll shape your career by joining a company built to grow and last. Youll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our teamone of the largest IT and business consulting services firms in the world. Show more Show less

DESCRIPTION In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from Innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment. As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers. The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions. Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history! Our team puts a high value on work-life balance. Striking a healthy balance between your personal and professional life is crucial to your happiness and success here, which is why we aren't focused on how many hours you spend at work or online. Instead, we're happy to offer a flexible schedule so you can have a more productive and well-balanced life-both in and outside of work. Key job responsibilities . Creating, updating, and maintaining threat models for a wide variety of software projects . Security architecture and design guidance . Manual and Automated Secure Code Review, primarily in Java, Python and Javascript . Development of security automation tools . Adversarial security analysis using innovative tools to augment manual effort . Security training and outreach for internal development teams . Independently solve security problems that require novel methods or approaches . Influence your team's and partners process, priorities, and choices to improve outcomes About the team Diverse Experiences Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying. Why Amazon Security At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve. Inclusive Team Culture In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. Mentorship and Career growth We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. #Joinstoresappsec BASIC QUALIFICATIONS - BS in Computer Science, Information Security, 3+ years of demonstrated experience of comprehensive application security assessments, including both automated and manual assessment. - Hands on experience in threat modelling, architecture review, manual source code review, attacker exploit techniques, and methods for their remediation. - Have good understanding of network architecture, enterprise IT systems and cloud such as AWS and programming or Scripting skills (E.g: Java, Python, Perl, Bash, Ruby, PowerShell, etc.) and can explain complex technical risks in simple, clear language that non-technical stakeholders can easily understand and act upon. PREFERRED QUALIFICATIONS - You demonstrate excellent judgement in assessing and prioritizing technical risk and You have a strong application security background with a focus on scalable solutions - You have experience building and securing cloud infrastructure such as AWS and work to identify and remove bottlenecks for your teammates, both in process and technology - You create and maintain security documentation, including architecture designs, implementation guides, and best practices to promote secure development practices - Identify security risks and drive continuous improvement in security controls and practices and collaborate with security stakeholders to develop security strategies Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

Ready to shape the future of work At Genpact, we don&rsquot just adapt to change&mdashwe drive it. AI and digital innovation are redefining industries, and we&rsquore leading the charge. Genpact&rsquos AI Gigafactory, our industry-first accelerator, is an example of how we&rsquore scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to agentic AI, our breakthrough solutions tackle companies most complex challenges. If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that&rsquos shaping the future, this is your moment. Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions - we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation, our teams implement data, technology, and AI to create tomorrow, today. Get to know us at genpact.com and on LinkedIn, X, YouTube, and Facebook. Inviting applications for the role of Manager, Information & Cyber Security! In this role, you should have exposure on GRC platform Implementation , Cyber Security Framework, BOT / AI Management Framework, Cyber Regulatory Management and TPRM platform Implementation Responsibilities . Develop and implement security solutions: Develop and implement security solutions, including security monitoring, incident response, vulnerability management, and access control. . Conduct security assessments: Conduct security assessments for clients to identify potential security risks, vulnerabilities, and threats. . Develop security strategies: Develop security strategies for clients based on their risk profile and business requirements. . Manage security operations: Manage security operations for clients, including incident response, threat hunting, and security incident management. . Provide technical guidance: Provide technical guidance and support to clients on security-related issues. . Stay up-to-date with the latest security trends and technologies: Stay up-to-date with the latest security trends and technologies, and apply this knowledge to the development of new security solutions and strategies. . Collaborate with other teams: Collaborate with other teams, including the risk management team and the IT team, to ensure that security solutions are integrated with the client%27s overall business strategy. . Experience with security monitoring tools, such as SIEM, IDS/IPS, and vulnerability scanners. . Knowledge of security frameworks, such as NIST, ISO, and CIS. Qualifications we seek in you! Minimum Qualifications . CA / MBA / Engg / Bachelors in Information Technology . Additional qualifications like Post Graduate Diploma in Cyber Security, Certified Information Security Manager (CISM), Certified in Cyber Security (CC), Diploma in Computer Forensics, Certified Cyber Crime Investigator. Preferred Qualifications . Experience in Cyber Security, Information Security, Data Privacy and IT Risk Management. . Carried out Cyber Security Risk Assessment , Vulnerability Management, Managing Incident Response, Data Privacy framework and Implementation, Cyber Security Operations (SIEM, IDS/IPS, WAF, DLP, PT), Threat Modelling, Creating Cyber and Information Policies and Procedures, NIST CSF framework implementation, Cyber Fraud Investigation and Technology Audit . Performed engagements or projects with the companies or clients focussed on VA/PT Analysis, SIEM, IDS/IPS monitoring, DLP, WAF implementation, NIST CSF Implementation, Threat Modelling (OWASP), Cyber Fraud Investigation . Evaluated applications, tools and networks for cyber risk management, assisted organizations to identify right security posture, designed threat models to identify existing threats for the organization, created remediation plan to mitigate cyber risk . Implemented DLP tools, EDR tools, SIEM solutions, WAF, IDS / IPS and performed Application Security Testing . Understanding of cloud security principles and experience with cloud security platforms. . Strong analytical and problem-solving skills. . Excellent communication and presentation skills. . Ability to work effectively in a team and collaborate with clients and other stakeholders. Why join Genpact . Be a transformation leader - Work at the cutting edge of AI, automation, and digital innovation . Make an impact - Drive change for global enterprises and solve business challenges that matter . Accelerate your career - Get hands-on experience, mentorship, and continuous learning opportunities . Work with the best - Join 140,000+ bold thinkers and problem-solvers who push boundaries every day . Thrive in a values-driven culture - Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up. Let&rsquos build tomorrow together. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a %27starter kit,%27 paying to apply, or purchasing equipment or training.

Ready to shape the future of work At Genpact, we don&rsquot just adapt to change&mdashwe drive it. AI and digital innovation are redefining industries, and we&rsquore leading the charge. Genpact&rsquos AI Gigafactory, our industry-first accelerator, is an example of how we&rsquore scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to agentic AI, our breakthrough solutions tackle companies most complex challenges. If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that&rsquos shaping the future, this is your moment. Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions - we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation, our teams implement data, technology, and AI to create tomorrow, today. Get to know us at genpact.com and on LinkedIn, X, YouTube, and Facebook. Inviting applications for the role of Manager, Information & Cyber Security! In this role, you should have exposure on GRC platform Implementation , Cyber Security Framework, BOT / AI Management Framework, Cyber Regulatory Management and TPRM platform Implementation Responsibilities . Develop and implement security solutions: Develop and implement security solutions, including security monitoring, incident response, vulnerability management, and access control. . Conduct security assessments: Conduct security assessments for clients to identify potential security risks, vulnerabilities, and threats. . Develop security strategies: Develop security strategies for clients based on their risk profile and business requirements. . Manage security operations: Manage security operations for clients, including incident response, threat hunting, and security incident management. . Provide technical guidance: Provide technical guidance and support to clients on security-related issues. . Stay up-to-date with the latest security trends and technologies: Stay up-to-date with the latest security trends and technologies, and apply this knowledge to the development of new security solutions and strategies. . Collaborate with other teams: Collaborate with other teams, including the risk management team and the IT team, to ensure that security solutions are integrated with the client%27s overall business strategy. . Experience with security monitoring tools, such as SIEM, IDS/IPS, and vulnerability scanners. . Knowledge of security frameworks, such as NIST, ISO, and CIS. Qualifications we seek in you! Minimum Qualifications . CA / MBA / Engg / Bachelors in Information Technology . Additional qualifications like Post Graduate Diploma in Cyber Security, Certified Information Security Manager (CISM), Certified in Cyber Security (CC), Diploma in Computer Forensics, Certified Cyber Crime Investigator. Preferred Qualifications . Experience in Cyber Security, Information Security, Data Privacy and IT Risk Management. . Carried out Cyber Security Risk Assessment , Vulnerability Management, Managing Incident Response, Data Privacy framework and Implementation, Cyber Security Operations (SIEM, IDS/IPS, WAF, DLP, PT), Threat Modelling, Creating Cyber and Information Policies and Procedures, NIST CSF framework implementation, Cyber Fraud Investigation and Technology Audit . Performed engagements or projects with the companies or clients focussed on VA/PT Analysis, SIEM, IDS/IPS monitoring, DLP, WAF implementation, NIST CSF Implementation, Threat Modelling (OWASP), Cyber Fraud Investigation . Evaluated applications, tools and networks for cyber risk management, assisted organizations to identify right security posture, designed threat models to identify existing threats for the organization, created remediation plan to mitigate cyber risk . Implemented DLP tools, EDR tools, SIEM solutions, WAF, IDS / IPS and performed Application Security Testing . Understanding of cloud security principles and experience with cloud security platforms. . Strong analytical and problem-solving skills. . Excellent communication and presentation skills. . Ability to work effectively in a team and collaborate with clients and other stakeholders. Why join Genpact . Be a transformation leader - Work at the cutting edge of AI, automation, and digital innovation . Make an impact - Drive change for global enterprises and solve business challenges that matter . Accelerate your career - Get hands-on experience, mentorship, and continuous learning opportunities . Work with the best - Join 140,000+ bold thinkers and problem-solvers who push boundaries every day . Thrive in a values-driven culture - Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up. Let&rsquos build tomorrow together. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a %27starter kit,%27 paying to apply, or purchasing equipment or training.

Ready to shape the future of work At Genpact, we don&rsquot just adapt to change&mdashwe drive it. AI and digital innovation are redefining industries, and we&rsquore leading the charge. Genpact&rsquos , our industry-first accelerator, is an example of how we&rsquore scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to , our breakthrough solutions tackle companies most complex challenges. If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that&rsquos shaping the future, this is your moment. Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions - we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation , our teams implement data, technology, and AI to create tomorrow, today. Get to know us at and on , , , and . Inviting applications for the role of Senior Consultant , Information & Cyber Security ! In this role, you should have exposure on GRC platform Implementation , Cyber Security Framework, BOT / AI Management Framework, Cyber Regulatory Management and TPRM platform Implementation Responsibilities Conduct security assessments: Conduct security assessments for clients to identify potential security risks, vulnerabilities, and threats. Manage security operations: Manage security operations for clients, including incident response, threat hunting, and security incident management. Provide technical guidance: Provide technical guidance and support to clients on security-related issues. Stay up-to-date with the latest security trends and technologies: Stay up-to-date with the latest security trends and technologies, and apply this knowledge to the development of new security solutions and strategies. Collaborate with other teams: Collaborate with other teams, including the risk management team and the IT team, to ensure that security solutions are integrated with the client%27s overall business strategy. Experience with security monitoring tools, such as SIEM, IDS/IPS, and vulnerability scanners. Knowledge of security frameworks, such as NIST, ISO, and CIS. Qualifications we seek in you! Minimum Q ualifications CA / MBA / Engg / Bachelors in Information Technology Additional qualifications like Post Graduate Diploma in Cyber Security, Certified Information Security Manager (CISM), Certified in Cyber Security (CC), Diploma in Computer Forensics, Certified Cyber Crime Investigator. Preferred Q ualifications Experience in Cyber Security, Information Security, Data Privacy and IT Risk Management. Carried out Cyber Security Risk Assessment , Vulnerability Management, Managing Incident Response, Data Privacy framework and Implementation, Cyber Security Operations (SIEM, IDS/IPS, WAF, DLP, PT), Threat Modelling, Creating Cyber and Information Policies and Procedures, NIST CSF framework implementation, Cyber Fraud Investigation and Technology Audit Performed engagements or projects with the companies or clients focussed on VA/PT Analysis, SIEM, IDS/IPS monitoring, DLP, WAF implementation, NIST CSF Implementation, Threat Modelling (OWASP), Cyber Fraud Investigation Evaluated applications, tools and networks for cyber risk management, assisted organizations to identify right security posture, designed threat models to identify existing threats for the organization, created remediation plan to mitigate cyber risk Implemented DLP tools, EDR tools, SIEM solutions, WAF, IDS / IPS and performed Application Security Testing Understanding of cloud security principles and experience with cloud security platforms. Strong analytical and problem-solving skills. Excellent communication and presentation skills. Ability to work effectively in a team and collaborate with clients and other stakeholders. Why join Genpact Be a transformation leader - Work at the cutting edge of AI, automation, and digital innovation Make an impact - Drive change for global enterprises and solve business challenges that matter Accelerate your career - Get hands-on experience, mentorship, and continuous learning opportunities Work with the best - Join 140,000+ bold thinkers and problem-solvers who push boundaries every day Thrive in a values-driven culture - Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up. Let&rsquos build tomorrow together. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color , religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a %27starter kit,%27 paying to apply, or purchasing equipment or training.

Ready to shape the future of work At Genpact, we don&rsquot just adapt to change&mdashwe drive it. AI and digital innovation are redefining industries, and we&rsquore leading the charge. Genpact&rsquos , our industry-first accelerator, is an example of how we&rsquore scaling advanced technology solutions to help global enterprises work smarter, grow faster, and transform at scale. From large-scale models to , our breakthrough solutions tackle companies most complex challenges. If you thrive in a fast-moving, tech-driven environment, love solving real-world problems, and want to be part of a team that&rsquos shaping the future, this is your moment. Genpact (NYSE: G) is an advanced technology services and solutions company that delivers lasting value for leading enterprises globally. Through our deep business knowledge, operational excellence, and cutting-edge solutions - we help companies across industries get ahead and stay ahead. Powered by curiosity, courage, and innovation , our teams implement data, technology, and AI to create tomorrow, today. Get to know us at and on , , , and . Inviting applications for the role of Senior Consultant , Information & Cyber Security ! In this role, you should have exposure on GRC platform Implementation , Cyber Security Framework, BOT / AI Management Framework, Cyber Regulatory Management and TPRM platform Implementation Responsibilities Conduct security assessments: Conduct security assessments for clients to identify potential security risks, vulnerabilities, and threats. Manage security operations: Manage security operations for clients, including incident response, threat hunting, and security incident management. Provide technical guidance: Provide technical guidance and support to clients on security-related issues. Stay up-to-date with the latest security trends and technologies: Stay up-to-date with the latest security trends and technologies, and apply this knowledge to the development of new security solutions and strategies. Collaborate with other teams: Collaborate with other teams, including the risk management team and the IT team, to ensure that security solutions are integrated with the client%27s overall business strategy. Experience with security monitoring tools, such as SIEM, IDS/IPS, and vulnerability scanners. Knowledge of security frameworks, such as NIST, ISO, and CIS. Qualifications we seek in you! Minimum Q ualifications CA / MBA / Engg / Bachelors in Information Technology Additional qualifications like Post Graduate Diploma in Cyber Security, Certified Information Security Manager (CISM), Certified in Cyber Security (CC), Diploma in Computer Forensics, Certified Cyber Crime Investigator. Preferred Q ualifications Experience in Cyber Security, Information Security, Data Privacy and IT Risk Management. Carried out Cyber Security Risk Assessment , Vulnerability Management, Managing Incident Response, Data Privacy framework and Implementation, Cyber Security Operations (SIEM, IDS/IPS, WAF, DLP, PT), Threat Modelling, Creating Cyber and Information Policies and Procedures, NIST CSF framework implementation, Cyber Fraud Investigation and Technology Audit Performed engagements or projects with the companies or clients focussed on VA/PT Analysis, SIEM, IDS/IPS monitoring, DLP, WAF implementation, NIST CSF Implementation, Threat Modelling (OWASP), Cyber Fraud Investigation Evaluated applications, tools and networks for cyber risk management, assisted organizations to identify right security posture, designed threat models to identify existing threats for the organization, created remediation plan to mitigate cyber risk Implemented DLP tools, EDR tools, SIEM solutions, WAF, IDS / IPS and performed Application Security Testing Understanding of cloud security principles and experience with cloud security platforms. Strong analytical and problem-solving skills. Excellent communication and presentation skills. Ability to work effectively in a team and collaborate with clients and other stakeholders. Why join Genpact Be a transformation leader - Work at the cutting edge of AI, automation, and digital innovation Make an impact - Drive change for global enterprises and solve business challenges that matter Accelerate your career - Get hands-on experience, mentorship, and continuous learning opportunities Work with the best - Join 140,000+ bold thinkers and problem-solvers who push boundaries every day Thrive in a values-driven culture - Our courage, curiosity, and incisiveness - built on a foundation of integrity and inclusion - allow your ideas to fuel progress Come join the tech shapers and growth makers at Genpact and take your career in the only direction that matters: Up. Let&rsquos build tomorrow together. Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color , religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation. Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a %27starter kit,%27 paying to apply, or purchasing equipment or training.

Inviting applications for the role of Senior Manager, Information & Cyber Security! In this role, you should have exposure on GRC platform Implementation , Cyber Security Framework, BOT / AI Management Framework, Cyber Regulatory Management and TPRM platform Implementation Responsibilities . Develop and implement security solutions: Develop and implement security solutions, including security monitoring, incident response, vulnerability management, and access control. . Conduct security assessments: Conduct security assessments for clients to identify potential security risks, vulnerabilities, and threats. . Develop security strategies: Develop security strategies for clients based on their risk profile and business requirements. . Manage security operations: Manage security operations for clients, including incident response, threat hunting, and security incident management. . Provide technical guidance: Provide technical guidance and support to clients on security-related issues. . Stay up-to-date with the latest security trends and technologies: Stay up-to-date with the latest security trends and technologies, and apply this knowledge to the development of new security solutions and strategies. . Collaborate with other teams: Collaborate with other teams, including the risk management team and the IT team, to ensure that security solutions are integrated with the client%27s overall business strategy. . Experience with security monitoring tools, such as SIEM, IDS/IPS, and vulnerability scanners. . Knowledge of security frameworks, such as NIST, ISO, and CIS. Qualifications we seek in you! Minimum Qualifications . CA / MBA / Engg / Bachelors in Information Technology . Additional qualifications like Post Graduate Diploma in Cyber Security, Certified Information Security Manager (CISM), Certified in Cyber Security (CC), Diploma in Computer Forensics, Certified Cyber Crime Investigator. Preferred Qualifications . Experience in Cyber Security, Information Security, Data Privacy and IT Risk Management. . Carried out Cyber Security Risk Assessment , Vulnerability Management, Managing Incident Response, Data Privacy framework and Implementation, Cyber Security Operations (SIEM, IDS/IPS, WAF, DLP, PT), Threat Modelling, Creating Cyber and Information Policies and Procedures, NIST CSF framework implementation, Cyber Fraud Investigation and Technology Audit . Performed engagements or projects with the companies or clients focussed on VA/PT Analysis, SIEM, IDS/IPS monitoring, DLP, WAF implementation, NIST CSF Implementation, Threat Modelling (OWASP), Cyber Fraud Investigation . Evaluated applications, tools and networks for cyber risk management, assisted organizations to identify right security posture, designed threat models to identify existing threats for the organization, created remediation plan to mitigate cyber risk . Implemented DLP tools, EDR tools, SIEM solutions, WAF, IDS / IPS and performed Application Security Testing . Understanding of cloud security principles and experience with cloud security platforms. . Strong analytical and problem-solving skills. . Excellent communication and presentation skills. . Ability to work effectively in a team and collaborate with clients and other stakeholders. . . . . .

Inviting applications for the role of Senior Manager, Information & Cyber Security! In this role, you should have exposure on GRC platform Implementation , Cyber Security Framework, BOT / AI Management Framework, Cyber Regulatory Management and TPRM platform Implementation Responsibilities . Develop and implement security solutions: Develop and implement security solutions, including security monitoring, incident response, vulnerability management, and access control. . Conduct security assessments: Conduct security assessments for clients to identify potential security risks, vulnerabilities, and threats. . Develop security strategies: Develop security strategies for clients based on their risk profile and business requirements. . Manage security operations: Manage security operations for clients, including incident response, threat hunting, and security incident management. . Provide technical guidance: Provide technical guidance and support to clients on security-related issues. . Stay up-to-date with the latest security trends and technologies: Stay up-to-date with the latest security trends and technologies, and apply this knowledge to the development of new security solutions and strategies. . Collaborate with other teams: Collaborate with other teams, including the risk management team and the IT team, to ensure that security solutions are integrated with the client%27s overall business strategy. . Experience with security monitoring tools, such as SIEM, IDS/IPS, and vulnerability scanners. . Knowledge of security frameworks, such as NIST, ISO, and CIS. Qualifications we seek in you! Minimum Qualifications . CA / MBA / Engg / Bachelors in Information Technology . Additional qualifications like Post Graduate Diploma in Cyber Security, Certified Information Security Manager (CISM), Certified in Cyber Security (CC), Diploma in Computer Forensics, Certified Cyber Crime Investigator. Preferred Qualifications . Experience in Cyber Security, Information Security, Data Privacy and IT Risk Management. . Carried out Cyber Security Risk Assessment , Vulnerability Management, Managing Incident Response, Data Privacy framework and Implementation, Cyber Security Operations (SIEM, IDS/IPS, WAF, DLP, PT), Threat Modelling, Creating Cyber and Information Policies and Procedures, NIST CSF framework implementation, Cyber Fraud Investigation and Technology Audit . Performed engagements or projects with the companies or clients focussed on VA/PT Analysis, SIEM, IDS/IPS monitoring, DLP, WAF implementation, NIST CSF Implementation, Threat Modelling (OWASP), Cyber Fraud Investigation . Evaluated applications, tools and networks for cyber risk management, assisted organizations to identify right security posture, designed threat models to identify existing threats for the organization, created remediation plan to mitigate cyber risk . Implemented DLP tools, EDR tools, SIEM solutions, WAF, IDS / IPS and performed Application Security Testing . Understanding of cloud security principles and experience with cloud security platforms. . Strong analytical and problem-solving skills. . Excellent communication and presentation skills. . Ability to work effectively in a team and collaborate with clients and other stakeholders. . . . . .

DESCRIPTION In Amazon Stores, we ship some of the widest arrays of technology found at any company. From amazon.com to world class machine learning pipelines, from Innovative digital healthcare to no-checkout retail, we push the boundaries of technology in every direction using the globe's largest AWS deployment. As an AppSec engineer, you will collaborate with software development teams to ensure we keep our customers safe while developing these novel services. In a given day, you might be inspecting an application's code for security issues, building a new framework to help our software developers build faster and more securely, or fine-tuning the design for a new service alongside its software developers. The ideal candidate combines technical acumen with an ability to lead by influence and communicate clearly. Technically, this person will be a security generalist with one or more areas of deep expertise. In their communication, they will clearly articulate risks to technical and non-technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions. Our organization prizes its employees, and we show it through investing in work-life harmony. We have dedicated resources that consistently innovate in reducing on-call time and ensuring the team spend their time on the highest-value tasks. Join the stores AppSec organization to work hard, have fun, and make history! Key job responsibilities . Creating, updating, and maintaining threat models for a wide variety of software projects . Security architecture and design guidance . Manual and Automated Secure Code Review, primarily in Java, Python and Javascript . Development of security automation tools . Adversarial security analysis using innovative tools to augment manual effort . Security training and outreach for internal development teams . Independently solve security problems that require novel methods or approaches . Influence your team's and partners process, priorities, and choices to improve outcomes About the team Diverse Experiences Amazon Security values diverse experiences. Even if you do not meet all of the qualifications and skills listed in the job description, we encourage candidates to apply. If your career is just starting, hasn't followed a traditional path, or includes alternative experiences, don't let it stop you from applying. Why Amazon Security At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We offer talented security professionals the chance to accelerate their careers with opportunities to build experience in a wide variety of areas including cloud, devices, retail, entertainment, healthcare, operations, and physical stores. Work/Life Balance We value work-life harmony. Achieving success at work should never come at the expense of sacrifices at home, which is why flexible work hours and arrangements are part of our culture. When we feel supported in the workplace and at home, there's nothing we can't achieve. Inclusive Team Culture In Amazon Security, it's in our nature to learn and be curious. Ongoing DEI events and learning experiences inspire us to continue learning and to embrace our uniqueness. Addressing the toughest security challenges requires that we seek out and celebrate a diversity of ideas, perspectives, and voices. Mentorship and Career growth We're continuously raising our performance bar as we strive to become Earth's Best Employer. That's why you'll find endless knowledge-sharing, training, and other career-advancing resources here to help you develop into a better-rounded professional. #Joinstoresappsec BASIC QUALIFICATIONS - BS in Computer Science, Information Security, 1+ years of demonstrated experience of comprehensive application security assessments, including both automated and manual assessment. - Experience in threat modelling, architecture review, manual source code review, attacker exploit techniques, and methods for their remediation. - Programming or Scripting skills (E.g: Java, Python, Perl, Bash, Ruby, PowerShell, etc.) PREFERRED QUALIFICATIONS - You demonstrate excellent judgement in assessing and prioritizing technical risk - You have a strong application security background with a focus on scalable solutions - You have experience building and securing cloud infrastructure such as AWS - You have understanding of network architecture and enterprise IT systems - You work to identify and remove bottlenecks for your teammates, both in process and technology Our inclusive culture empowers Amazonians to deliver the best results for our customers. If you have a disability and need a workplace accommodation or adjustment during the application and hiring process, including support for the interview or onboarding process, please visit for more information. If the country/region you're applying in isn't listed, please contact your Recruiting Partner.

As a highly skilled professional in the field of Information Security, you will play a crucial role in ensuring the secure development of software applications. With your University degree in computer science or IT and a minimum of 6 years of experience in Information Security, you will possess the necessary qualifications to excel in this role. Your expertise in Software Development Lifecycle (SDLC) security reviews, control environment evaluation, and design flaw assessments will be key in upholding the highest standards of security. Your responsibilities will include conducting internal and third-party Security Risk Assessments on critical assets, coordinating with project teams to enforce security frameworks throughout the SDLC, and preparing detailed security effectiveness reports for management review. Your hands-on experience in Static and Dynamic Application Security Testing, along with your familiarity with industry best practices such as OWASP, SANS Institute, and NIST, will be invaluable in developing a comprehensive security framework for developers to follow. In this role, you will also be responsible for testing applications/systems against SSDLC frameworks, ensuring compliance with RBI/ReBIT Information Security practices, and facilitating the integration of new applications into the data center post-assessment. Your expertise in application security tools and methodologies, along with your ability to define and enhance security requirements for agile development methods, will be essential in driving continuous improvement in application security standards. Additionally, you will collaborate with the DevSecOps team to establish secure CI/CD pipeline processes and enable application teams to develop new capabilities securely. Your certifications in CISSP, CSSLP, cloud security, or DevSecOps automation will further validate your expertise and commitment to upholding the highest standards of information security in the industry.,

As a skilled Architect & Designer, you will be responsible for developing end-to-end architecture blueprints for large-scale enterprise applications. You will define component-based and service-oriented architectures such as Microservices, SOA, and Event-Driven designs. Your expertise will be crucial in creating API-first designs using REST, GraphQL, and gRPC with clear versioning strategies. Additionally, you will establish integration patterns for internal systems, third-party APIs, and middleware while designing cloud-native architectures leveraging AWS, Azure, or GCP services. Your role will also involve defining coding guidelines, performance benchmarks, and security protocols, and participating in POC projects to evaluate new tools and frameworks. In terms of Performance, Security, & Scalability, you will be tasked with implementing caching strategies like Redis, Memcached, and CDN integrations. Ensuring the horizontal and vertical scalability of applications will be a key responsibility, along with applying security best practices such as OAuth 2.0, JWT, SAML, encryption (TLS/SSL, AES), input validation, and secure API gateways. Setting up application monitoring and logging using ELK, Prometheus, Grafana, or equivalent tools will also fall under your purview. Your expertise in DevOps & Delivery will be vital as you define CI/CD workflows using Jenkins, GitHub Actions, Azure DevOps, or GitLab CI. Collaborating with DevOps teams for container orchestration using Docker and Kubernetes and integrating automated testing pipelines including unit, integration, and load testing will be essential for successful project delivery. Your proficiency in various technical skills and frameworks such as Microservices, Domain-Driven Design (DDD), Event-Driven Architecture (EDA), front-end technologies like Angular and React, and message brokers like Kafka, RabbitMQ, Azure Event Hub, and Azure Service Bus will be highly valued. Knowledge of databases like PostgreSQL, MySQL, MS SQL Server, MongoDB, caching layers like Redis and Memcached, as well as cloud services and infrastructure like Azure App Services, Functions, API Management, and Cosmos DB will be crucial for the role. Ensuring security through OAuth 2.0, SAML, OpenID Connect, JWT, secure coding practices, threat modeling, and penetration testing familiarity will be part of your responsibilities. Proficiency in DevOps tools like Azure DevOps, GitLab CI/CD, Docker, Kubernetes, testing frameworks like JUnit, NUnit, PyTest, Mocha, performance/load testing tools such as JMeter, Locust, and monitoring & observability tools like Azure Monitoring, App Insight, Prometheus, and Grafana will be essential for success in this role. Preferred skills and certifications such as being a Microsoft Certified Azure Solutions Architect Expert, exposure to AI/ML services, and IoT architectures will be advantageous. Key Performance Indicators for success include reducing system downtime through robust architecture designs, improving performance metrics, scalability readiness, successful delivery of complex projects without major architectural rework, and increasing developer productivity through better standards and tools adoption.,

Black Duck Software, Inc. assists organizations in developing secure and high-quality software, reducing risks and enhancing speed and productivity. As a pioneer in application security, Black Duck offers Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST) solutions to help teams swiftly identify and rectify vulnerabilities and defects in proprietary code, open source components, and application behavior. By leveraging industry-leading tools, services, and expertise, Black Duck empowers organizations to optimize security and quality in DevSecOps and across the software development life cycle. At Black Duck, the Software Security and Quality business focuses on accelerating the development of secure software. This involves utilizing static analysis, software composition analysis, and dynamic analysis to infuse security and quality into the core of code at every stage of the software development process and throughout the supply chain. The primary objective is to minimize risks and expedite application development. We are currently seeking a full-time Security Senior Staff Consultant to join our Professional Services Consulting team. In this role, your responsibility will be to proactively address software insecurities, eliminate bugs, and rectify flaws wherever they are detected. Our consultants play a vital role in establishing themselves as indispensable advisors to our clients, fostering relationships that lead to additional assignments. As a subject matter expert (SME) in various domains of application and infrastructure security, you will be tasked with delivering high-quality assessments and recommendations to clients. In this role, you will lead the end-to-end delivery of multiple concurrent security projects, ensuring the timely achievement of milestones and actionable outcomes for clients. You will serve as a trusted advisor to clients, aiding them in comprehending and implementing secure software development practices. Additionally, you will act as an SME in security domains like Web Application & API Penetration Testing, Mobile Application Security Testing, Infrastructure Pentesting, Source Code Review (SAST), Software Composition Analysis (SCA), Cloud Config Reviews, Architecture Security Reviews, Pentest of AI/ML integrated applications, and more. Your responsibilities will include providing technical oversight to project teams, ensuring adherence to defined methodologies, quality standards, and best practices. You will actively engage in client presentations, delivery review meetings, and strategic planning sessions related to application security. Furthermore, you will contribute to the development of internal tools, templates, methodologies, and the technical knowledge base while mentoring and supporting junior consultants in technical skills and client communication. As a Senior Staff Consultant, you are expected to possess practical expertise in various technical skills such as Web/API/Web Services Penetration Testing, Mobile Application Penetration Testing, Infrastructure Pentest and Hardening, Red Team Analysis, Secure Code Analysis, Cloud Security, Architecture Security Analysis, and more. Additionally, you should have hands-on knowledge of tools like Burp Suite, NMAP, Kali Linux, Nessus, and SQLMap. The ability to interface with clients, negotiate effectively, work autonomously, meet deadlines, and possess strong communication skills is essential for this role. Key qualifications include a Bachelor's degree in Computer Science, Engineering, or equivalent (Master's degree preferred) and relevant certifications such as OSCP, CISSP, CEH, CRTP, among others. The ideal candidate will have 8 to 12 years of experience in a similar role and be willing to travel occasionally.,

As a Security Testing professional with 3-10 years of experience in SAST, DAST, API, Network, Mobile Security, DevSecOps, Cloud Security, Threat Modelling, Vulnerability Management, Logging & Audit, GRC, Security Operations, and IAM, you will be an integral part of the Infosys delivery team. Your main responsibility will be to ensure effective Design, Development, Validation, and Support activities, aiming to meet and exceed client expectations in the technology domain. Your role will involve gathering requirements and specifications to deeply understand client needs, subsequently translating them into system requirements. You will also play a crucial part in estimating work requirements accurately to provide project estimations to Technology Leads and Project Managers. Your contribution will be significant in the development of efficient programs and systems. If you believe you possess the necessary skills and expertise to assist our clients in navigating their digital transformation journey, then this opportunity is tailored for you! This job opening is available at multiple locations including Bangalore, Hyderabad, Trivandrum, Chennai, and Pune.,

About the role As a Senior Cyber Security Partner; you will transform the security maturity of key product areas and teams. You will be the face of security group for them. Everything you do is in the context of the product; roadmap; its risk acceptance level; the technology stack; and its architecture. You build a comprehensive understanding of the threat landscape and its potential risks to the business. Through effective partnership; you engage the leadership to make well-informed decisions about security and privacy. You will be responsible for Following our Business Code of Conduct and always acting with integrity and due diligence and have these specific risk responsibilities: Provide product and engineering teams with direction and guidance on all security matters. There is a whole security group to back you up; so it is not as scary as it sounds. Engage engineering leadership on security roadmap and oversee security posture of what they build. Co-own the security roadmap; discuss; prioritise; and co-develop plans for remediation for the product areas. Empower security champions to succeed and creating a strong feedback loop for improvements. Represent security in all product and architecture meet-ups. Be part of critical decisions about security. Oversee product security activities; from the early development of security requirements; architecture reviews; and threat modelling; to strengthening application security; mitigating supply-chain risks; securing secrets; pipelines; reviewing vulnerabilities; and infrastructure security. Perform security architecture reviews of third-party services. Identify acceptable risk levels and assist with action plan; policy; and procedural changes for risk mitigation. Adopt a risk-based approach and guide management in identifying business risks and potential impact to Tesco. Continuously seek both tactical and strategic solutions to enhance security. As the security expert for the product area; engage across the security group to strengthen controls across identification; protection; detection; response; and recovery. Oversee assurance activities like security testing; purple testing; assurance; auditing. Reduce security fatigue for engineering and provide faster feedback within existing developer workflows; not adding another tool for them to check. Empower the teams you work with; but also challenge the status-quo. As a senior member of the team; engage across the security group on new ideas and initiatives. Contribute to strengthen organisation standards and policies; develop cookbooks; secure patterns; take part in security research and tool evaluations. You are committed to continuous improvement; seizing opportunities; and inspire change for the team. Mentor others in the team and take part in enhancing their skills and career development. You will need To excel in this position, we expect you to have the following: Possess experience across multiple sectors and have undertaken diverse roles in engineering and security. Demonstratable accomplishments of collaborating with leadership and management on security programmes and initiatives. Good knowledge of various security domains, and solid experience in architecture practices and design patterns the technology might have changed but most of the security challenges have not. Experience in designing security and privacy controls with sound understanding of standards and regulation. Experience in threat modelling, attack trees, vulnerability chaining, applying MITRE ATT&CK framework. Good understanding of web applications, REST APIs, micro services, eventing, modern application frameworks, and mobile apps. Good understanding of software architecture, network topologies, SaaS, PaaS, IaaS (infrastructure as a service). Proficient in applying industry standards such as OWASP ASVS (Application Security Verification Standard), OWASP Top 10, CIS (Centre of Internet Security) controls and benchmarks. Experience with cloud native and hybrid architectures with an emphasis on containerised workloads and Kubernetes. Some development experience is always a plus - Java, cloud, Golang, python. You do not need to be a developer but we need you to understand the implications of security on engineering velocity. Degree in computer science / information systems or engineering field, or equivalent experience. Experience with regulations like GDPR (General Data Protection Regulation), PCI-DSS is desirable. Azure or AWS (Amazon Web Services) cloud security certifications is desirable. Excellent interpersonal skills and leadership skills. Whats in it for you At Tesco, we are committed to providing the best for you. As a result, our colleagues enjoy a unique, differentiated, market- competitive reward package, based on the current industry practices, for all the work they put into serving our customers, communities and planet a little better every day. Our Tesco Rewards framework consists of pillars - Fixed Pay, Incentives, and Benefits. Total Rewards offered at Tesco is determined by four principles -simple, fair, competitive, and sustainable. Salary - Your fixed pay is the guaranteed pay as per your contract of employment. Leave & Time-off - Colleagues are entitled to 30 days of leave (18 days of Earned Leave, 12 days of Casual/Sick Leave) and 10 national and festival holidays, as per the companys policy. Making Retirement Tension-FreeSalary - In addition to Statutory retirement beneets, Tesco enables colleagues to participate in voluntary programmes like NPS and VPF. Health is Wealth - Tesco promotes programmes that support a culture of health and wellness including insurance for colleagues and their family. Our medical insurance provides coverage for dependents including parents or in-laws. Mental Wellbeing - We offer mental health support through self-help tools, community groups, ally networks, face-to-face counselling, and more for both colleagues and dependents. Financial Wellbeing - Through our financial literacy partner, we offer one-to-one financial coaching at discounted rates, as well as salary advances on earned wages upon request. Save As You Earn (SAYE) - Our SAYE programme allows colleagues to transition from being employees to Tesco shareholders through a structured 3-year savings plan. Our green campus promotes physical wellbeing with facilities that include a cricket pitch, football field, badminton and volleyball courts, along with indoor games, encouraging a healthier lifestyle. About Us Tesco in Bengaluru is a multi-disciplinary team serving our customers, communities, and planet a little better every day across markets. Our goal is to create a sustainable competitive advantage for Tesco by standardising processes, delivering cost savings, enabling agility through technological solutions, and empowering our colleagues to do even more for our customers. With cross-functional expertise, a wide network of teams, and strong governance, we reduce complexity, thereby offering high-quality services for our customers. Tesco in Bengaluru, established in 2004 to enable standardisation and build centralised capabilities and competencies, makes the experience better for our millions of customers worldwide and simpler for over 3,30,000 colleagues Tesco Technology Today, our Technology team consists of over 5,000 experts spread across the UK, Poland, Hungary, the Czech Republic, and India. In India, our Technology division includes teams dedicated to Engineering, Product, Programme, Service Desk and Operations, Systems Engineering, Security & Capability, Data Science, and other roles. At Tesco, our retail platform comprises a wide array of capabilities, value propositions, and products, essential for crafting exceptional retail experiences for our customers and colleagues across all channels and markets. This platform encompasses all aspects of our operations from identifying and authenticating customers, managing products, pricing, promoting, enabling customers to discover products, facilitating payment, and ensuring delivery. By developing a comprehensive Retail Platform, we ensure that as customer touchpoints and devices evolve, we can consistently deliver seamless experiences. This adaptability allows us to respond flexibly without the need to overhaul our technology, thanks to the creation of capabilities we have built. Show more Show less