229 Vapt Jobs - Page 6

Role & responsibilities Responsibilities: • Escalate validated and confirmed incidents to designated SOC Lead/ Incidents response team. • Security Event Correlation as received from L2 SOC or Incident Response staff or relevant sources to determine increased risk to the business. • Indepth knowledge on multiple SIEM platforms like Securonix, IBM QRadar, LogRhythm, Arcsight, FortiSIEM , Microsoft Sentinel, and others • Support the SOC Manager in his duties (e.g. extension of SOC services) • Update Security Operations reporting • Triage security events and incidents, detect anomalies, and report/direct remediation actions. • Development and execution of SOC procedures • Should have indepth knowledge of Firewall, EDR, IDS/ IPS, VPN, Cloud Security • Should have hands on Experience in Threat Hunting. • Should have good hands-on experience in VAPT. • Should have good knowledge in integrating TI feeds and Third-Party tools. • Should have knowledge in Building SIEM platform with SOAR, NBAD, UEBA Integration. • Should have hands on experience in developing Use case and Parser Creation. • Should have knowledge in Breach simulation attack. • Sound knowledge in Unix, Linux, Windows, and security devices like firewall, etc. • Preparation of RCA, Preparation of runbook and Training to L2 and L1 team. Qualification: B.E./B.Tech/MCA Certification CEH, ECIH, CISSP, CISM, GCIH, GCFA, Certified Threat Hunter, SIEM certifications for platforms like (Qradar, LogRhythm etc) Work experience: 8 + Years NOTE : Work location will be Mumbai Andheri Seepz, and this is permanent Work from Office role NO HYBRID Option

What Youll Do Drive international B2B sales across North America, Europe, and APAC marketsSell a wide suite of cybersecurity services, including: Information Security Compliance (ISO 27001, ISO 13485) Data Protection (GDPR, HIPAA, HITRUST) Vulnerability Assessments & Penetration Testing (VAPT)Threat Detection & ResponseCloud Infrastructure & Security Services Manage the entire sales cycle: prospecting, solutioning, pitching, negotiation, and closureBuild and maintain CXO-level relationships with decision-makersCollaborate with technical consultants to tailor solutions for client pain pointsMonitor emerging cyber threats and evolving compliance mandates to create relevant value propositions Who You Are 8–12 years of proven experience in international sales for IT or cybersecurity servicesHands-on experience in end-to-end solution selling with high-value deal closuresDeep understanding of cybersecurity frameworks, data protection regulations, and compliance standardsStrong communication, negotiation, and consultative selling skillsBased in or willing to relocate to Ahmedabad for a full-time office roleSelf-driven, strategic, and performance-focused with a flair for storytelling Why Join Us? Niche focus on cybersecurity for regulated industries Agile, innovation-driven work culture backed by Communication Crafts Direct access to leadership and opportunity to shape global growth Attractive performance incentives & career growth roadmap Apply for this job sharer with someone awesome VI

Who we think will be a great fit. A passion for information security with a hacker mindset! Self-motivation and Proactiveness Communication skills What we need... We want people with preferably two or more, of the following: 1. Web Application Security Testing. Knowledge about BURP Suite, manual and automated SQLi Bypass filters that detect SQLi, XSS, etc. People who don't think Injection means only SQLi but SSTI, SSJI, ORMi [HQLi], LDAPi, Eli, XMLi etc. 2. Network Infrastructure Testing. Ability to write custom scripts and wrappers. Knowledge of tools like Responder, Ettercap, tcpdump, Empire, etc.not just Nmap and Nessus Have good knowledge about PowerShell scripting and AD/DC infrastructure. 3. Mobile App Testing. Root/jailbreak and Certificate pinning bypass without any automated tool Dynamic instrumentation using Frida De-obfuscation of APK/IPA file 4. IoT Testing. MQTT attacks Fuzzing of IoT devices Firmware extraction 5. Cloud Testing. A good understanding of the cloud infrastructure that includes AWS, Azure and Google cloud. Have a good understanding of microservices architecture. 6. Secure Code Review. Ability to visualize and compile applications without any compiler (in your mind). Has the ability to learn a new programming language on-the-go. Preferred candidate profile : Candidates with relevant professional experience will be given preference.

https://zrec.in/ai3DV?source=CareerSite

Job Title: Cyber Security Engineer Location: Hyderabad Industry: Payment Card Processing / Fintech About the Role: We are looking skilled Cyber Security Engineers , you will be part of a global security landscape, helping enhance threat detection capabilities and ensure compliance readiness through active management and fine-tuning of SIEM systems and security tools. Key Responsibilities: Manage and fine-tune SIEM tools primarily Microsoft Sentinel and Wazuh Ingest, analyze, and correlate logs from tools such as CyberArk , JumpCloud , Encore , and other core platforms Update and optimize alert rules and detection logic to reduce false positives and improve threat visibility Assist in maintaining and managing the CyberArk PAM environment Collaborate with internal security teams and interface with audit teams to fulfill compliance obligations Support threat monitoring, detection, and initial incident triage activities across regions Provide technical input on security configurations and enhancements based on evolving threat and compliance needs Contribute to documentation and compliance reporting as required Help with Pen testing of all applications, coordinate with stakeholders to remediate the gaps. Key Requirements: 5–6 years of experience in Cybersecurity Engineering, SOC, or SIEM operations Hands-on experience with Microsoft Sentinel and/or Wazuh SIEM Familiarity with CyberArk or similar PAM solutions Proficiency in managing log ingestion pipelines and rule configuration Strong understanding of threat detection, incident response, and log correlation techniques Ability to work across teams and communicate effectively with audit/compliance stakeholders Experience working in a regulated environment (e.g., fintech, payment systems, banking) is a strong plus Nice to Have: Experience with compliance frameworks like PCI DSS, ISO 27001, or SOC 2 Familiarity with scripting or automation for security rule tuning Exposure to cloud-native security tools (Azure, GCP, etc.)

Desired Candidate The ideal candidate is a proactive and detail-oriented professional with strong leadership skills and a passion for cybersecurity. They should have excellent communication abilities to convey technical concepts to diverse audiences and a proven track record of managing teams and fostering a culture of security awareness. Adaptable and ethical, the candidate thrives in dynamic environments and collaborates effectively to address evolving cyber threats while maintaining the highest standards of confidentiality and integrity. Responsibilities: Strategic Planning: Develop, implement, and maintain a comprehensive cybersecurity strategy aligned with organizational goals. Risk Management: Identify, assess, and mitigate potential cybersecurity risks and vulnerabilities across systems, applications, and networks. Incident Response: Lead and coordinate incident response activities, ensuring quick containment, recovery, and root-cause analysis of security breaches. Compliance and Standards: Ensure adherence to relevant regulatory standards (e.g., GDPR, ISO 27001) and internal security policies. Team Collaboration: Lead and mentor the cybersecurity team, fostering skill development and ensuring alignment with security objectives. Stakeholder Communication: Act as a liaison between technical teams and senior management, translating technical risks into business terms. Continuous Improvement: Monitor and evaluate the effectiveness of security measures, and recommend enhancements to maintain a robust security posture. Tool and Technology Management: Oversee the deployment and management of security tools (e.g., SIEM, firewalls, endpoint protection, etc.) to ensure system integrity and confidentiality. Training and Awareness: Develop and conduct security training programs to promote awareness and compliance across the organization. Requirements: Education: Bachelors or Masters degree in Cybersecurity, Information Technology, Computer Science, or a related field. Experience: 6-10 years of experience in cybersecurity roles with progressive leadership responsibilities. Certifications: CISSP (Certified Information Systems Security Professional)[Ongoing is acceptable]. Additional certifications (e.g., CISM, CEH) are a plus. Technical Expertise: Strong understanding of security architecture, protocols, and best practices. Experience with tools like SIEM, IDS/IPS, endpoint security, firewalls, and vulnerability management systems. Knowledge of cloud security (AWS, Azure, GCP) and securing hybrid environments. Soft Skills: Excellent verbal and written communication skills for technical and non-technical audiences. Strong leadership, project management, and team collaboration abilities. Analytical and problem-solving mindset with attention to detail.

Responsibilities: * Ensure compliance with PCI DSS, NIST, HIPAA & ISO standards. * Design, implement & maintain secure systems using Infosec principles. * Conduct regular security audits & risk assessments. * Experience in SOC and SIEM tools-Qradar

Date 7 Jun 2025 Location: Bangalore, KA, IN Company Alstom Req ID:478631 Could you be the full-time Cybersecurity Engineer Cyber Applications in Bangalore were looking for Your future role Take on a new challenge and apply your cybersecurity and system/network administration expertise in a new cutting-edge field. Youll work alongside innovative, dedicated, and supportive teammates. You'll maintain and enhance the security of Alstoms products and solutions, ensuring the integrity and resilience of our transport networks. Day-to-day, youll work closely with teams across the business (such as V&V, platform validation, and regional cybersecurity), execute design and deployment activities, and much more. Youll specifically take care of the maintenance of cybersecurity tools and applications, but also prepare and execute design & deployment activities for various projects and programs. Well look to you for: Maintaining cybersecurity tools and applications Preparing and executing design & deployment activities Executing specific testing activities and preparing reports Supporting validation and verification teams Acting as the administrator for cybersecurity applications Identifying cybersecurity tools and practices and providing guidance All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Degree in Computer Science, Information Technology, or equivalent Experience or understanding of cybersecurity in the context of industrial control systems or network administration Knowledge of design & deployment of NIDS such as Fortinet, Nozomi, Dragos, etc. Familiarity with system administration of Windows or Linux servers/systems A certification like MCSE, RHCE, LPIC, CCNA, or Network+ Preferably a cybersecurity certification like ECSA, Security+ Strong communication skills and the ability to work in a matrix organization Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges and a long-term career free from boring daily routines Work with new security standards for rail signalling Collaborate with transverse teams and helpful colleagues Contribute to innovative projects Utilise our flexible working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development, through award-winning learning Progress towards roles of greater responsibility and leadership Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, youll be proud. If youre up for the challenge, wed love to hear from you! Important to note As a global business, were an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Assistant Manager in our Cyber Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Threat Modelling: Conduct threat modelling sessions to identify potential security risks to applications, networks, and infrastructure. Utilize various threat modelling frameworks (e.g., STRIDE, PASTA) to evaluate the risk associated with business processes and IT systems. Vulnerability Assessment & Penetration Testing: Perform regular vulnerability assessments and penetration testing on applications, systems, and networks to identify weaknesses and misconfigurations. Security Risk Analysis: Analyse vulnerabilities identified in VAPT engagements and prioritize them based on risk to the business. Provide recommendations for remediation and mitigation. Incident Response: Assist in responding to security incidents by analysing threat patterns, supporting forensic investigations, and recommending preventative measures. Collaboration with Teams: Work closely with developers, DevOps, and other stakeholders to design and implement secure development practices and advise on secure code development practices. Reporting: Document findings from threat modelling, vulnerability assessments, and penetration tests, and present them to management and other key stakeholders. Security Awareness: Promote awareness of cybersecurity risks within the organization and provide guidance on secure coding and risk mitigation strategies. Required Skills and Qualifications: Strong knowledge of Threat Modelling methodologies and tools (e.g., Microsoft Threat Modelling Tool, OWASP Threat Dragon). Hands-on experience in performing Vulnerability Assessment and Penetration Testing (VAPT) using tools like Nmap, Burp Suite, OWASP ZAP, Nessus, and Metasploit. Solid understanding of common vulnerabilities (e.g., SQL injection, Cross-Site Scripting, Buffer overflows) and security protocols (e.g., TLS/SSL, OAuth, OpenID). Familiarity with network security (firewalls, IDS/IPS, VPNs, etc.) and web application security. Experience in performing risk analysis, writing security reports, and presenting findings to both technical and non-technical audiences. Knowledge of OWASP Top 10, CVE, and vulnerability databases. Proficiency in one or more programming languages (e.g., Python, Java, C, or scripting languages) is a plus. Understanding of security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, SOC 2) is desirable. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. Strong problem-solving skills and the ability to work independently and in a team. Prior experience in BFSI would be preferred. Preferred Qualifications: Certification: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar penetration testing certifications. Certified Information Systems Security Professional (CISSP) or similar information security certifications. Previous experience in threat hunting, incident response, or application security. Understanding of security in Agile/Scrum development processes. Location and way of working Base location: Pune Professional is required to work from office. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

As a Cyber Security Analyst you will be responsible for the administration, endpoint protection, vulnerability management, intrusion detection system, security information & event management, Active Directory, Domain Controller and Email Security.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modeling: Ability to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

Hello Visionary! We know that the only way a business thrive is if our people are growing. That’s why we always put our people first. Our global, diverse team would be happy to support you and challenge you to grow in new ways. Who knows where our shared journey will take you We are looking for Product and Solution Security Expert (PSSE) How do you craft the future Smart BuildingsWe’re looking for the makers of tomorrow, the hardworking individuals ready to help Siemens transform entire industries, cities and even countries. Get to know us from the inside, develop your skills on the job. You’ll make a difference by: 1. Integration with SDLC: Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Perform security code reviews and analyze vulnerabilities during different SDLC phases. Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. 2. Security Activities: Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. 3. Stakeholder Interaction: Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization. 4. Security Tools and Technologies: Implement and manage security tools such as static and dynamic analysis tools, intrusion detection systems, and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance the organization's security posture. 5. Incident Response: Assist in the development and implementation of incident response plans and procedures. Participate in security incident investigations and provide expertise in resolving security breaches. 6. Training and Awareness: Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security. You’ll win us over by: 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred: Certified Secure Software Lifecycle Professional (CSSLP). Experience: Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. You’ll win us over by: Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. Minimum 5 years of experience in cybersecurity, with a focus on application security. We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Create a better #TomorrowWithUs! This role, based in Pune, is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow Find out more about the Digital world of Siemens here[1] www.siemens.com/careers/digitalminds Find out more about Siemens careers at[2] www.siemens.com/careers

Hello Visionary ! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. We are looking for a highly skilled and motivated Product & Solution Security Professional to join our team. The ideal candidate will be responsible for defining secure design principles and supporting cross-functional teams to ensure secure architecture, implementation, and testing of products and solutions. Key Responsibilities Integration with SDLC Collaborate with software development teams to integrate security practices throughout the Software Development Life Cycle (SDLC). Ensure security requirements are included in the design, development, testing, and deployment stages of software projects. Perform security code reviews and analyze vulnerabilities during different SDLC phases. 2. Security Activities Develop and implement security protocols, guidelines, and best practices for software development. Conduct threat modelling and risk assessments to identify potential security issues early in the development process. Provide guidance on secure coding practices and remediation of identified vulnerabilities. Stakeholder Interaction Work closely with key stakeholders, including product managers, project managers, and business analysts, to support and promote security activities within products. Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical stakeholders. Foster a security-aware culture within the development teams and across the organization . 4. Security Tools and Technologies Implement and manage security tools such as static and dynamic analysis tools and vulnerability scanners. Stay updated with the latest security tools, trends, and best practices to enhance product’s security posture. 5. Training and Awareness Conduct security training and awareness programs for development teams. Promote continuous improvement and knowledge sharing related to application security . Skills and Qualifications 1. Technical Skills: In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten). Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners. Proficiency in programming languages such as Java, C#, Python. Understanding of DevSecOps practices and integration of security into CI/CD pipelines. Promote continuous improvement and knowledge sharing related to application security. 2. Soft Skills: Strong communication and interpersonal skills. Ability to explain complex security concepts to non-technical stakeholders. Strong analytical and problem-solving skills. Collaborative mindset and ability to work effectively with cross-functional teams. 3. Certification Preferred CEH, Certified Secure Software Lifecycle Professional (CSSLP) or equivalent. Experience Proven experience working with software development teams and integrating security practices into the SDLC. Experience interacting with key stakeholders and supporting security activities within software products. Having An engineering degree B.E/B.Tech/MCA/M.Tech/M.Sc with good academic record. 7 - 10 years of experience in cybersecurity, with a focus on application security. Make your mark in our exciting world at Siemens . This role, based in Bangalore , is an individual contributor position. You may be required to visit other locations within India and internationally. In return, you'll have the opportunity to work with teams shaping the future. At Siemens, we are a collection of over 312,000 minds building the future, one day at a time, worldwide. We are dedicated to equality and welcome applications that reflect the diversity of the communities we serve. All employment decisions at Siemens are based on qualifications, merit, and business need. Bring your curiosity and imagination, and help us shape tomorrow We’ll support you with Hybrid working opportunities. Diverse and inclusive culture. Variety of learning & development opportunities. Attractive compensation package. Find out more about Siemens careers at www.siemens.com/careers

Job Summary We are seeking a seasoned professional to manage and enhance the operations of the Saviynt platform. The ideal candidate will bring strong technical expertise leadership capabilities and a proactive approach to platform stability process improvement and stakeholder engagement. Responsibilities Key Responsibilities Platform Monitoring & Maintenance Oversee the health and performance of the Saviynt Platform including Saviynt Connect Portal and Connectors. Monitor JML (Joiner-Mover-Leaver) processes aggregation tasks and access requests. Hands on with SOD workflows tasks rules forms custom object access reviews and updates of JML configurations access requests and certification workflows. Guide the team to implement best practices for Access Management & RBAC. Play a key role in identifying areas for implementing Automations. Enhancements & Troubleshooting Implement minor enhancements and workflow changes as needed. Coordinate with the Saviynt product team for resolution of critical issues. Documentation & Compliance Maintain up-to-date SOPs runbooks and procedural documentation. Ensure timely patching of the Saviynt platform and its components. Support DR (Disaster Recovery) testing. Integration & Performance Management Manage and resolve integration issues with systems such as Active Directory and ServiceNow and any custom integrations. Periodically tune performance parameters to ensure optimal system efficiency. Operational Oversight Share service health status report to customer on daily basis validate logs and verify backups. Provide Weekly/monthly reports on incidents changes service requests and problem tickets. Attend Weekly/monthly review calls tracking actions and work towards closure. Process & Stakeholder Engagement Identify process gaps and propose remediation aligned with product and security standards. Present changes in CAB meetings participate in major incident bridges and engage with customers for requirement gathering and escalation handling. Additional Skills Strong understanding of ITIL processes. Working knowledge of NetIQ IDM is a plus. Proficiency in Microsoft Office Suite for documentation and presentations. Excellent communication skills to liaise effectively between internal teams and customers. Basic knowledge on scripting using PowerShell AD & Exchange commands. Knowledge on Active Directory Entra AD Entra AD connect for synchronization

Job Summary IAM Architect Develop the overarching vision principles and architecture for the workload identity and access management system across all environments like Azure GCP hybrid on premises Responsibilities Define the types of workload identities e.g. Managed Identities Service Accounts SPIFFE identities their attributes and their lifecycle management processes. Design the framework and specific policies for controlling workload access to resources based on the principle of least privilege. Define and design secure methods for workloads to authenticate and communicate with each other. Design the integration points and processes for connecting the workload IAM system with Fords current IAM infrastructure e.g. Entra ID Drive the creation of the long-term workload IAM governance framework ensuring alignment with industry best practices and Fords policies. Serve as the subject matter expert on workload identity concepts technologies e.g. Entra Workload Identity SPIFFE-SPIRE and best practices. Assess and recommend appropriate workload identity features and tools available in Azure GCP and other relevant platforms. Design the system to meet relevant security and compliance requirements

Skills: Strong understanding of web application security and OWASP Top 10 Hands-on experience with VAPT and application security tools (e.g., Burp Suite Pro, Nessus, Acunetix) Proficient in writing technical reports and documentation Familiar with secure coding practices and patch management Experience with bug bounty programs and cybersecurity incident response Education: B.Tech / B.E. / BCA / BAC in Computer Science or IT Experience: 0-1 year in Vulnerability Assessment, Penetration Testing (VAPT), and Bug Bounty (professional experience preferred) Certifications: CEH or equivalent (preferred)

Responsibilities Hands-on knowledge of Security testing methodologies like OWASP Top 10, SANS 25 etc., Ability to perform automated and manual hands-on penetration security testing e.g. DAST, SAST and SCA, identifying security risks within applications, cloud infrastructure, security controls and Network systems. Experience with penetration testing tools (e.g. Burp) Extensive knowledge of attack payloads for discovering security vulnerabilities Plan, execute, and report on all testing activities and outcomes Create findings reports and communicate to stakeholders Must possess at least 5 years of experience in delivering VAPT in Web(Thin and Thick Client), Mobile and APIs Should have good and effective communication skills in English. (Oral and written) Additional Responsibilities: The successful candidate must be highly motivated, fast learner, flexible, willing to assume responsibility and deliver quality work on time Constantly identify opportunities for enhancing productivity using automation and process improvements. Exposure to scripting languages(e.g. Shell) Knowledge on DevSecOps Technical and Professional Requirements: Any certifications CEH(Mandatory), OSCP, CCSP Preferred Skills: Technology->Security Testing->Security Testing - ALL Educational Requirements Bachelor of Engineering Service Line Infosys Quality Engineering

Area Head IT Security Specialist Analyst Engineer: About Company: CMR Green Technologies Limited is Indias largest producer of Aluminium and Zinc die-casting alloys with a combined annual capacity of over approx 4, 18, 000 MT per annum. Since its inception in 2006, it has maintained its fast-paced growth by leveraging latest technology and continuous improvement. CMR, which recycles aluminium scrap to make alloy, has 28-30 percent market share in India and is nearly three times larger than its nearest competitor. We are having strong presence at PAN India level (North, West & South) with 13 manufacturing units, 5000 strong workforce and supplies to major automotive industry in India including tier one OEMs like Maruti Suzuki , Honda Cars , Bajaj Auto , Hero MotoCorp and Royal Enfield Motors. We are seeking a skilled IT Security Specialist/Analyst/Engineer to join our IT team. In this role, you will be responsible for protecting our organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. You will work closely with IT and other departments to identify and mitigate IT security risks, ensuring that our systems and data remain secure. Position: Area Head IT Security Specialist/Analyst/Engineer Job Band/ Designation: B/ Dy. Manager/ Manager/ Sr. Manager No. of Post: 01 Department: Information Technology Reporting to: Chief Information Officer Qualifications: Essential: B.E./ B Tech / Bachelors degree in Computer Science, Information Technology, or related field . Desirable:- Relevant certifications (e.g., CISSP, CISM, CEH) are a plus. Experience: Proven 7-12 years of experience as an IT Security Specialist/Analyst/Engineer or similar role. Job Responsibilities: 1.Develop and enforce policies and procedures for data security, network access, and backup systems. 2.Identify vulnerabilities within our network and propose and implement security enhancements. 3.Coordinate with internal and external stakeholders to monitor network traffic for suspicious behavior. 4.Conduct regular system audits and manage the response to security incidents. 5.Lead cybersecurity awareness training for all staff. 6.Lead ISO 27001 certification for the organization 7.Stay up to date with the latest security systems, standards, authentication protocols, and products. 8.Create budget for security software and hardware and take buy-in from stakeholders. 9.Ensure compliance with the relevant laws and regulations regarding information security and privacy. functional competencies: Strong understanding of firewalls, VPNs, Data Loss Prevention, IDS/IPS, Web-Proxy, Zero Trust, DPDP Act, VAPT and Security Audits. CISSP certification is preferred. Experience with incident detection, incident response, and forensics. Key Personality Attributes: Effective Communication Knowledge sharing and learning. Execution Excellence General: Age -25-35 years. CTC 10 LPA-15 LPA approx. CTC is not a constraint for suitable candidate. Candidate should not be frequent job changer. Notice Period - Joining period Max 30 Days. We can buy notice period, if required Interested candidate those who are matching with our required, only can apply for the position. Location: Corporate office:-7th Floor, Tower 2, L & T Business Park, 12/4 Delhi Mathura Road (Near Delhi Badarpur Border) Faridabad, Haryana, 121003.

We're Hiring! I am excited to share some amazing career opportunities at Happiest Minds. Take your Security career to the next level with Happiest Minds, ! Join a dynamic team, where Security Meets Innovation, and grow with us. Be recognized in a Great Place to Work Certified environment Interested professionals can directly reach out to me ankita.patari@happiestminds.com or can apply in below post Primary Skills : Manual Penetration Testing using OWASP checklists, Penetration Testing, Cloud Security Assessment, Cybersecurity, Security Configuration Review, Source Code Review Job Description: 4 to 6 years of experience conducting Application Security assessments Experienced in conducting Manual and Automated DAST for Web, API & Thick client covering OWASP Top 10 Experienced in conducting Manual code review Experienced in Mobile VAPT (Both static and Dynamic) Knowledge of Infra VAPT or at least VA and configuration review Knowledge in Container / Docker security / Cloud Audit is a plus Certifications suck as CEH, CRTP, OSCP is preferred Good communication skills, ability to explain vulnerabilities to business users in simple terms. Notice: Immediate to 15 days Location: ENBD Bangalore or ENBD Chennai or Dubai Location: Bangalore/Chennai/Dubai Experience: 4-6 Years Thanks & Regards, Ankita Ghosh

Job Summary: We are hiring an experienced Application Security Engineer specializing in Java ADF and Jasper Reports, with a strong track record of resolving Vulnerability Assessment and Penetration Testing (VAPT) findings. The ideal candidate must have secured complex enterprise applications, including online payments and eCommerce systems, particularly on legacy stacks such as Java 1.7, MySQL 5.5, and JBoss 7.1. This role is hands-on and remediation-focused, requiring deep understanding of secure development and hardening in deprecated environments. Key Responsibilities: Lead remediation of high-priority VAPT findings in large-scale enterprise systems. Secure passwords and PII data at all stages: At view/input: masking, form validation, secure front-end patterns In transit: TLS, secure headers, HTTPS enforcement At rest: encryption, proper salting and hashing (e.g., bcrypt, SHA-256) Fix injection attacks (SQLi, XSS, LDAPi, command injection), CSRF, clickjacking, IDOR, and other OWASP Top 10 issues. Apply secure API integration practices: auth tokens, rate limiting, input validation. Harden session and cookie management (HttpOnly, Secure, SameSite attributes, session fixation prevention). Review and fix insecure code in ADF Faces, Task Flows, Bindings, BC4J, and Jasper Reports. Secure Jasper Reports generation and access (parameter validation, report-level authorization, export sanitization). Work hands-on with legacy platforms: Java 1.7, MySQL 5.5, JBoss 7.1 applying secure remediation without disrupting production. Strengthen security of online payment/eCommerce systems with proven compliance (e.g., PCI-DSS). Maintain detailed remediation logs, documentation, and evidence for audits and compliance (GDPR, DPDPA, STQC, etc.). Technical Skills: Java EE, Oracle ADF (ADF Faces, Task Flows, BC4J), Jasper Reports Studio/XML Strong debugging skills in Java 1.7, MySQL 5.5, JBoss 7.1 Secure development lifecycle practices with a focus on legacy modernization Strong grounding in OWASP Top 10, SANS 25, CVSS, and secure coding principles Experience in PII handling, data masking, salting, and hashing Proficiency in OAuth2, SAML, JWT, and RBAC security models Performance improvement and application profiling Expertise in analyzing application, system, and security logs to identify and fix issues Ability to ensure application stability and high availability Be the champion/lead and guide the team to fix the issues PHP experience is a plus, especially in legacy web app environments Required Experience: 5–10+ years in application development and security Demonstrated experience remediating security vulnerabilities in eCommerce and payment platforms Ability to work independently in production environments with deprecated technologies Preferred Qualifications / Plus: B.E./B.Tech/MCA in Computer Science, IT, or Cybersecurity Use of AI tools for identification and fixing the issues is real plus Any VAPT or Application Security Certification is a plus (e.g., CEH, OSCP, CSSLP, GWAPT, Oracle Certified Expert) Familiarity with compliance standards: PCI-DSS, GDPR, DPDPA, STQC Proficiency with security tools: Fortify, ZAP, SonarQube, Checkmarx, Burp Suite Soft Skills: Strong problem-solving and diagnostic capabilities, especially in large monolithic codebases Good documentation and communication skills for cross-functional collaboration Able to work under pressure, troubleshoot complex issues, and deliver secure code fixes rapidly

Manage Data center Facility, Server Infra, Backups, File Server, DB Admin of server env– HP-Unix, Clustering, Virtual Server env (Hyper-V, VMWare, KVM), Linux (RedHat, SUSE, CentOS) Hands on Clustering, Virtualization, Storage Protocol, DC & DR ops Required Candidate profile Min 5 yrs of hands-on exp as System Administrator Perform root cause analysis for problems and major incidents Candidate with Certification of Unix, Linux, VMware & Storage System will be preferred

Skills Required : Application Security, Web Application Security, Penetration Testing, OWASP, Network Penetration Testing, Vulnerability Assessment, Application Security Testing, security engineering, Vapt

Job Description: Sr. Security Engineer - VAPT & Compliance Position: Sr. Security Engineer - VAPT & Compliance Working Days: 5 days (Rotational Shifts)Experience : 6+ yearsLocation: Noida Sector-62 ( Work from office) Role Overview : We are seeking a skilled and driven Sr. Security Engineer with a strong background in penetration testing (web, mobile, and network) and an understanding of security compliance standards such as SOC 2, ISO 27001, and GDPR. The ideal candidate will have hands-on experience identifying and exploiting vulnerabilities, preparing technical and compliance reports, and guiding clients or internal teams on remediation and governance. Key Responsibilities : • Conduct penetration testing of web applications, mobile apps (iOS/Android), and internal/external networks. • Perform vulnerability assessments and risk evaluations across client environments. • Create detailed technical and executive reports with prioritized remediation strategies. • Assist in SOC 2 readiness assessments, ISO 27001 implementation, and GDPR compliance checks. • Collaborate with cross-functional teams for remedial activities to improve the security posture. • Stay updated with the latest exploits, tools, and compliance updates. Required Qualifications : • 6+ years of experience in cybersecurity with a focus on penetration testing and compliance. • Proficiency in tools like Burp Suite, Nmap, Metasploit, Nessus, MobSF, and manual testing techniques. • Strong knowledge of OWASP Top 10, secure coding practices, network protocols, and common attack vectors. • Understanding of SOC 2, ISO 27001, GDPR, and associated implementation or audit processes. Certifications (Preferred) • CEH (Certified Ethical Hacker) • ISO/IEC 27001 Lead Auditor / Lead Implementer • Other relevant certs: e.g., CompTIA Security+, eWPT, eCPPT, GPEN Nice-to-Have Skills : • Familiarity with DevSecOps pipelines, source code reviews, or CI/CD security integration. • Client-facing consulting experience or report presentation skills. • Cyber Security vibe is a must. If interested then share your updated CV on agarwal.saumya@thinksys.com

Hi , As per response to your profile which is uploaded in Job portals. We have an excellent job openings for Application Security-Techno Manager -Mumbai Location in IT MNC If your already received email or not looking for job change/ irrelevant - please ignore it. Note: Apply for only Relevant & interested candidates.(Apply for only Immediate to 30 days joiners) Job Description: Please find the Key skills for AppSec Lead - 10-18 years of experience in Application Security, Network Security, and IT Risk & Compliance, with hands-on expertise in security assessments, process audits, and application reviews. Experience in BFSI is preferred. skill: Vulnerability Assessment,Manual Penetration Testing using OWASP checklists,Penetration Testing,OWASP Top 10,OWASP ZAP,Ethical Hacking,Static/dynamic testing of mobile applications,Vulnerability Mitigation, any Certificates like CISSP, CISA, CISM, CRISC. Educational criteria: B.Sc (IT/CS/Security) / B.Tech/BE in Computer Science,BCA/MCA/MS/MSC/M TECH,ME Those who have relevant experience and Skills, as mentioned above please revert back soon. It"s a kind request, Please provide the below mentioned details in Ur CV/mail before u send it to us. Total Exp: Relevant Exp:- Current Company: Current CTC: Expected CTC: Current Location: Preferred location: Mumbai Only Notice Period: Apply only for Immediate to 30 days NP. DOB: Degree: Many Thanks Regards Sreenivas Sreenivasa.k@happiestminds.com

HCL Tech uses Qualys tools for various roles, including those in security, infrastructure management, and penetration testing. Job descriptions often specify experience with Qualys tools, such as vulnerability scanning and configuration management , and may also require proficiency in other security technologies and certifications like CEH. 1. Security Roles: Vulnerability Assessment and Penetration Testing (VAPT): HCL Tech uses Qualys tools for identifying vulnerabilities in systems and applications. VAPT Testers need experience with Qualys and other penetration testing tools. Security Operations Engineer: This role involves implementing and managing security measures, including those related to vulnerability management and cloud security posture management (CSPM) using Qualys. Tools/Qualys: This role involves administering and operating Qualys, potentially alongside other PKI solutions like ADCS or AppViewX. 2. Infrastructure Management: Administration and Operations of PKI: Qualys is sometimes used in conjunction with PKI solutions to manage certificates and related configurations, including CSR creation, certificate push, and secure connections. 3. General Requirements: Security Domain Experience: Many roles require experience in managing security infrastructure, including vulnerability management and configuration management, where Qualys is often utilized. In summary, HCL Tech utilizes Qualys tools for various security-related tasks, including vulnerability assessment, infrastructure management, and cloud security posture management. Specific requirements vary depending on the role, but experience with Qualys is often a valuable asset