229 Vapt Jobs - Page 8

Role & Responsibilities Proficiency in conducting Web Application VAPT (Black/Gray/White box) activities to identify and mitigate security vulnerabilities. Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security vulnerabilities. Proficiency in Conducting external and internal infra-Penetration testing. Assessing and scoping application security penetration test requirements Proficient in writing end to end penetration testing report including management and technical sections. Hands on experience on penetration testing tools such as Burp Suite, Qualys, Kali Linux, POSTMAN, SOAPUI, HCL AppScan Experience Required: Candidate must have 2+ years of relevant experience in VAPT. Certification: Must have CEH. Certification: Desired - eWAPT, ECSA, OSCP, GWAPT, eWPTX. Proficient in handling the Nexus vulnerability Management tool Should have working experience on configuring the Qualys Authentications, asset tags, asset groups, option profiles, reporting templates, policy compliance templates, scanning schedules etc. Should have experience in creating and providing vulnerability remediation updates to customer. Must have excellent customer handing and communication skills Experience Required: Candidate must have 2+ years of relevant experience in vulnerability management using Qualys

Perform security testing on applications using Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools to identify vulnerabilities and recommend mitigations.

Project Planning, Delivery Oversight, InfoSec Governance, Client Handling,b) Firewalls - CISCO ASA, Palo Alto, WAF : F5 and Barracuda, SSL loaders and load balancers,F5, Radware, DDOS, IPS, IDS, APT, SIEM, VAPT, OS Hardening,SIEM, VAPT,OS Hardening

Role & responsibilities Responsibilities: • Escalate validated and confirmed incidents to designated SOC Lead/ Incidents response team. • Security Event Correlation as received from L2 SOC or Incident Response staff or relevant sources to determine increased risk to the business. • Indepth knowledge on multiple SIEM platforms like Securonix, IBM QRadar, LogRhythm, Arcsight, FortiSIEM , Microsoft Sentinel, and others • Support the SOC Manager in his duties (e.g. extension of SOC services) • Update Security Operations reporting • Triage security events and incidents, detect anomalies, and report/direct remediation actions. • Development and execution of SOC procedures • Should have indepth knowledge of Firewall, EDR, IDS/ IPS, VPN, Cloud Security • Should have hands on Experience in Threat Hunting. • Should have good hands-on experience in VAPT. • Should have good knowledge in integrating TI feeds and Third-Party tools. • Should have knowledge in Building SIEM platform with SOAR, NBAD, UEBA Integration. • Should have hands on experience in developing Use case and Parser Creation. • Should have knowledge in Breach simulation attack. • Sound knowledge in Unix, Linux, Windows, and security devices like firewall, etc. • Preparation of RCA, Preparation of runbook and Training to L2 and L1 team. Qualification: B.E./B.Tech/MCA Certification CEH, ECIH, CISSP, CISM, GCIH, GCFA, Certified Threat Hunter, SIEM certifications for platforms like (Qradar, LogRhythm etc) Work experience: 8 + Years NOTE : Work location will be Mumbai Andheri Seepz, and this is permanent Work from Office role NO HYBRID Option

(DDoS), Network next-generation Firewall, SSL Offloader, (NIPS), (APT), (WAF), Antivirus tools, (EDR), Server security solution, Vulnerability Assessment tools, Incident Handling, Forensic Analysis, (VAPT), SIEM, Patch Management etc.

- Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization - The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. - The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: - Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security - Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level - Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness -Tracking and reporting key risk indicators defined for IT processes - Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements - Create Review ISMS policy and process - Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL.

Position- System security Analyst Location- Mohali Key Responsibilities: • Conduct Vulnerability Assessment and Penetration Testing (VAPT). • Perform Application Security (AppSec) reviews. • Conduct Source Code Reviews to identify and remediate security flaws. Preferred Certifications: • CEH (Certified Ethical Hacker) • OSCP (Offensive Security Certified Professional) Hands-on Experience With: • VAPT Tools: Burp Suite, Nessus, Metasploit • AppSec Tools: Acunetix, Checkmarx • Source Code Analysis Tools: Fortify, Veracode • Familiarity with scripting (Python, Bash) and DevSecOps principles is a plus.

Information Security Manager shall be primarily responsible to : - Run and manage the BAU security infosec operations - Create and maintain ISMS Policy and Process documents - Ensure Infosec compliance with RBI and other regulatory agencies - Participate in IT Infosec Audits and ensure closure of observations within given timeliness - Conduct regular VAPT (Vulnerability Assessments) and track closure of open observations - Identifying and evaluating new IT security technologies and services and implementing it - Ensure cyber security related polices and technologies are in place - Conducting regular Inforsec Awareness within users in the organization The person needs to work closely with the CISO and other stakeholders Risk, IT and Audit teams. The position will based at CreditAccess Grameen HQ in Bangalore, and may require short term travel on need basis to other CAGL offices. Key Accountability: Ensuring adequate security controls are in place & working effectively within the organization for information & cyber security Ensuring effectiveness of all IT controls to prevent any unauthorized access or activities at a system administration level Identify potential security weaknesses through vulnerability assessments and track them to closure within the timeliness Tracking and reporting key risk indicators defined for IT processes Create and maintain the documentation for information system audits in accordance with regulatory and compliance requirements Create Review ISMS policy and process Implement Strategic IT Infosec projects to strengthen the overall IT Security posture at CAGL Mandatory Key Skills BAU,ISMS Policy,IT Infosec Audits,VAPT,cyber security,CISO,Risk,IT Audit,key risk indicators,Information Security*

Position Summary We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies, ? Key Roles & Responsibilities Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises, Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews, Perform manual security assessments for web applications, APIs, and client-server applications, Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration, Develop and execute custom attack payloads using tools and scripts, Assess physical security controls and implement social engineering assessments when required, Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell, Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit, Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements, Preferred Qualification Preferred Certifications (Not Mandatory): OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO, Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API), 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains, Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM, Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc Basic ability to write automation scripts (Bash or Python), Understanding of threat modeling and secure coding practices, Strong understanding of TTPs, threat modeling, and secure coding practices, Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques, Basic Qualifications Education: BE/MCA or University degree/Equivalent Experience: Required: 2 5 years, Excellent communication and collaboration skills,

Must Have: Experience in handling Clients and Stakeholder interactions. Well versed with CSV and GxP process and ability to adopt to client Process, systems and documentation needs like Test Protocol, Test Plan, Test Strategy, IQ/OQ/PQ scripts, RTM, Test Summary Report etc., Understanding of various SDLC methodologies(Agile, Waterfall, V) Flexibility to Work as per Customer timings Generate Automation Test Strategy for applications deployed on Cloud. ( Public and Private cloud) Automate scripts using a given Selenium-based framework, Serenity based BDD framework or any open-source tools. Working experience in testing Restful Webservices and APIs using frameworks or tools like POSTMAN, Rest API, etc. Analyze requirements, perform impact analysis, and regression analysis, and communicate with stakeholders on the need for changes in requirements. Perform Risk Analysis of Project & automation deliverables and work towards mitigation plans. Good experience with various testing types like Functional, Regression, UI/ Usability, Integration testing, etc., Hands-on experience using ADO or any test management tools. Good to Have: Experience in Programming or scripting languages (Java/JS etc.,). Experience in designing automation frameworks (POM, Cucumber BDD, etc.,.). Experience working on CAPAS, Incident Management, FMEA Risk Assessment, Functional Risk Assessment etc., Experience with Vulnerability testing (VAPT). Knowledge of Performance testing using Jmeter or any open-source tools. Idea on Generative AI for testing. An idea of estimation techniques for Automation testing efforts (Design and Execution). Experience in testing and test planning of CI/CD-based solutions through tools like Azure DevOps.

Apply on company website- https://zrec.in/hIRJh?source=CareerSite

Role & responsibilities - Perform Application Security Testing - Perform Network Penetration Testing - Perform Vulnerability Assessment of Servers - Verify Scan results through manual testing - Co-ordinate with the clients for Project related queries - Undertake meeting with the client teams for discussing security issues and recommendations - Create detailed security reports - Keep track of project progress & send regular updates - Research on security tools - Create Security Knowledge base for the team - Participate in quality initiatives. Location: Pune-On Site Required Knowledge Areas: Web Application Security OWASP Top 10 Mobile Application Security – Mobile OWASP Top 10 NMAP/Port Scanning Vulnerability Scanning & Verification Web Traffic Interception (For Web/Mobile apps) SSL Security Tools Experience: Working knowledge of following tools is needed: Web Proxy Editors Network Sniffers Nessus Scanner Reverse Engineering Tools Mobile Application security tools – Either Android/IOS Any one Web Application Security Scanner. Certification Requirement: The candidate must possess any one of the following certifications: CEH/ ECSA/ OSCP Other Skills: The candidate should be good in: Documentation Communication Skills. Interested candidate can share their resume on hr@synradar.com or can connect on 8655620119 Immediate joiners are preferred

Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a clients needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a proven, high energy, results oriented GRC professional, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established GRC Professional, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security and compliance posture For attending the walk-in, please fill the form https://forms.gle/wLS8HtPyFZQKA4jf8 (Copy and paste in a browser) 1. SOC L3 Experience: 6+ years Skills: SIEM, IDS/IPS, EDR tools, log/packet analysis, TCP/IP, Linux/Windows, threat intelligence Tools: Splunk, QRadar, Crowdstrike, NetWitness Certifications (preferred): CISSP, CEH, CISM, GCIH 2. Offensive Security Specialist / Penetration Tester-L3 Experience: 6+ Skills: Web/API/Mobile Pentesting, Threat Modeling, Code Review, DAST, Cloud & Microservices security Tools: Burp Suite, Metasploit, Cobalt Strike, Nmap Languages: Python, Go, Java, JavaScript, C++ Certifications (preferred): OSCP, OSCE, OSWE, GPEN, CEH 3. GRC Security Consultant-L3 Experience: 8+ years Skills: Risk assessments, audits, ISO/NIST/PCI/GDPR frameworks, GRC tools, TPRM, vendor/client management Certifications: ISO 27001 LA/LI, CISSP, CISA, CIPP, CCSP, CCSK Note: Immediate to 30 days' notice preferred.

(DDoS), Network next-generation Firewall, SSL Offloader, (NIPS), Anti Advanced Persistent Threat (APT), (WAF), (EDR), Server security solution, Incident Handling, Forensic Analysis, (VAPT), SIEM, Patch Management etc

Senior Cybersecurity Engineer/Remote IC role with team handle of 1,2 member 6 + Years Mandatory -Sim and vapt /azure and aws Application security , network security , Infrastructure security Okay to use own laptop Apply -nidhi@intersourcesinc.com Required Qualifications: Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field. 68 years of experience in cybersecurity engineering, SOC operations, or IT security roles. Proficiency in tools and technologies such as: SIEM: Splunk, ELK, Sentinel Endpoint & Network Security: CrowdStrike, Palo Alto, Cisco, Fortinet Cloud Security: AWS/GCP/Azure security tools, CSPM, IAM Vulnerability Management: Nessus, Qualys, Rapid7 DevSecOps: GitLab CI, Jenkins, Terraform, Kubernetes security Strong knowledge of network protocols, secure coding practices, encryption, and threat modeling. Preferred Certifications (any of the following): CISSP Certified Information Systems Security Professional CEH Certified Ethical Hacker OSCP Offensive Security Certified Professional CISM, Security+, GCIA, GCIH, CCSP, or vendor-specific cloud security Job Summary: We are seeking a highly skilled and experienced Senior Cyber Security Engineer to lead advanced security engineering efforts across our enterprise. This role involves designing,implementing, and maintaining secure infrastructure, detecting and responding to security incidents, and ensuring compliance with security policies, standards, and frameworks. Theideal candidate will have strong technical depth in network, application, cloud, and endpoint security, along with the ability to lead security initiatives and mentor junior team members. Key Responsibilities: Security Architecture & Implementation Design and implement enterprise-wide security solutions (e.g., firewalls, IDS/IPS, SIEM, DLP, endpoint protection). Work closely with IT and DevOps teams to ensure security is embedded across infrastructure and applications. Review and enhance security configurations of networks, systems, and cloud environments (AWS, Azure, GCP). Threat Detection & Incident Response Lead investigations of security incidents, root cause analysis, and remediation planning. Monitor and analyze logs, alerts, and vulnerabilities using tools like Splunk, Sentinel, QRadar, etc. Develop incident response plans and participate in tabletop and red team/blue team exercises. Compliance & Risk Management Ensure compliance with regulatory frameworks such as NIST, ISO 27001, HIPAA, PCI-DSS, GDPR, or FedRAMP. Conduct regular risk assessments and vulnerability scans using tools like Nessus, Qualys, or OpenVAS. Collaborate with audit and compliance teams on security control testing and reporting. Security Engineering & Automation Automate security tasks and workflows using scripting (Python, PowerShell, Bash). Integrate security tools and APIs with existing systems and CI/CD pipelines (DevSecOps). Develop and maintain documentation for systems, processes, and policies. Mentorship & Leadership Provide technical guidance and mentorship to junior engineers and security analysts. Stay current with the threat landscape and share knowledge across teams. Recommend and implement improvements in security posture, policies, and tools. Certifications Key Competencies: Analytical thinking and problem-solving Clear and concise communication (verbal and written) Proactive, self-motivated, and detail-oriented Ability to work independently and in cross-functional teams Strong project management and documentation skills

Vapt, Security Analyst, Web applications, API, Mobile Application

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. This Senior Information Security Engineer is a member of the UHC A&I Tech Infra, Cloud and Data Services team that supports US Health Group and Student Resources,. This engineer will work with 4000+ agents as level 2 support for security incidents and investigation. Their primary function will be to monitor and respond to all vulnerabilities in Tanium, Tenable, and Security Platform. In addition the engineer will have primary responsibility of all updates throughout the infrastructure for the UHC lines of business that ingests over 200,000 MB of logs for Windows and RHEL Servers. This engineer will also work in Service Now to monitor queues and work incidents to resolution. This engineer will be working in both on-premise and azure cloud monitoring security and compliance. This engineer will work throughout the organization to quickly remediate any daily findings of new vulnerabilities that arise and create daily reports to show updated findings and tasks for remediation. Primary Responsibilities Core Tasks: Tanium, Security Platform, TVM remediate all vulnerabilities, patching Maintain cadence of monthly patching schedule for updates to all environments Operate and maintain security systems to protect data and systems and ensure auditability and compliance Respond, analyze, and resolve outages, incidents and/or threats Fulfill service requests Deploy new, update existing, replace or decommission solutions Work in Microsoft Endpoint Configuration Manager (MECM) for patching and Vulnerability remediation Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualification Full time graduate Core Tasks: Tanium, Security Platform, TVM remediate all vulnerabilities, patching Maintain cadence of monthly patching schedule for updates to all environments Operate and maintain security systems to protect data and systems and ensure auditability and compliance Respond, analyze, and resolve outages, incidents and/or threats Fulfill service requests Deploy new, update existing, replace or decommission solutions Work in Microsoft Endpoint Configuration Manager (MECM) for patching and Vulnerability remediation Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission. #Nic #Nic

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 5 plus years of experience. Application Security TestingExperience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding PracticesKnowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat ModelingAbility to conduct threat modeling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability AssessmentExperience in conducting vulnerability assessments and penetration testing Application Security TestingExperience with static and dynamic application security testing (SAST/DAST) tools Security ToolsProficiency in using security tools like Burp Suite, Nessus, or Fortify

About the Role: Grade Level (for internal use): 10 Key Responsibilities: Participate in planning, execution, and reporting phases of technical cyber based audits in line with industry standards and best practices. Ensure the timely and effective execution of all planned cyber and tech risk audits. Majorly drive the execution of audits fieldwork to ensure thorough and effective assessments of IT and cybersecurity controls by utilizing appropriate audit methodologies and tools (e.g., risk-based auditing, data analytics). Follow up on Management Action Plans (MAPs) / audit findings to ensure timely and effective remediation of identified issues. Assist the leadership in Risk Assessment activities and collaborate with stakeholders to help identify and prioritize key IT and cyber risks. Use of Data Analytics to analyse artifacts and derive the audit findings. Stay updated on emerging IT risks and controls, including cloud computing, cybersecurity threats, and data privacy regulations. Help document audit findings, audit reports, and participate in stakeholder meetings. Required Technical Skills: Proficiency in Networking, DLP, Endpoint and Cloud technologies (AWS, Azure, Google Cloud). Knowledge of cybersecurity principles and practices as well as sound understanding of Artificial Intelligence and its applications. Proficiency in Vulnerability Assessment and Penetration Testing (VAPT) and Red-teaming exercises. Extensive experience with IT Infrastructure technologies as well as sound understanding of Disaster Recovery and Resiliency. Proficiency in using audit tools and techniques (e.g., data analytics, risk assessment software). Soft Skills: Excellent interpersonal and communication skills. Strong report writing and documentation abilities. Ability to multi-task and work collaboratively with cross-functional teams. Strong project management and organizational skills. Qualifications: Bachelor's or Master's degree in Computer Science, Engineering, Information Technology, or a related field. Relevant certifications such as CISA, CISSP, or equivalent are preferred. Minimum of 6 years of experience in a similar role. Experience in technology audits, added advantage with a background in Big4 audit firms. Proven track record of leading technology audit projects and teams. What we offer: High visibility to leadership and the opportunity to make a significant impact. A collaborative and innovative environment. The chance to work on state-of-the-art technologies and solutions. A role that combines strategic thinking with hands-on execution. Whats In It For You Our Purpose: Progress is not a self-starter. It requires a catalyst to be set in motion. Information, imagination, people, technologythe right combination can unlock possibility and change the world. Our world is in transition and getting more complex by the day. We push past expected observations and seek out new levels of understanding so that we can help companies, governments and individuals make an impact on tomorrow. At S&P Global we transform data into Essential Intelligence, pinpointing risks and opening possibilities. We Accelerate Progress. Our People: We're more than 35,000 strong worldwideso we're able to understand nuances while having a broad perspective. Our team is driven by curiosity and a shared belief that Essential Intelligence can help build a more prosperous future for us all. Our Values: Integrity, Discovery, Partnership At S&P Global, we focus on Powering Global Markets. Throughout our history, the world's leading organizations have relied on us for the Essential Intelligence they need to make confident decisions about the road ahead. We start with a foundation of integrity in all we do, bring a spirit of discovery to our work, and collaborate in close partnership with each other and our customers to achieve shared goals. Benefits: We take care of you, so you cantake care of business. We care about our people. Thats why we provide everything youand your careerneed to thrive at S&P Global. Our benefits include: Health & WellnessHealth care coverage designed for the mind and body. Flexible DowntimeGenerous time off helps keep you energized for your time on. Continuous LearningAccess a wealth of resources to grow your career and learn valuable new skills. Invest in Your FutureSecure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs. Family Friendly PerksIts not just about you. S&P Global has perks for your partners and little ones, too, with some best-in class benefits for families. Beyond the BasicsFrom retail discounts to referral incentive awardssmall perks can make a big difference. For more information on benefits by country visithttps://spgbenefits.com/benefit-summaries Global Hiring and Opportunity at S&P Global: At S&P Global, we are committed to fostering a connected andengaged workplace where all individuals have access to opportunities based on their skills, experience, and contributions. Our hiring practices emphasize fairness, transparency, and merit, ensuring that we attract and retain top talent. By valuing different perspectives and promoting a culture of respect and collaboration, we drive innovation and power global markets. ----------------------------------------------------------- Equal Opportunity Employer S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. Only electronic job submissions will be considered for employment. If you need an accommodation during the application process due to a disability, please send an email to EEO.Compliance@spglobal.com and your request will be forwarded to the appropriate person. US Candidates Only The EEO is the Law Poster http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf describes discrimination protections under federal law. Pay Transparency Nondiscrimination Provision - https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf ----------------------------------------------------------- 202 - Middle Professional (EEO Job Group) (inactive), 20 - Professional (EEO-2 Job Categories-United States of America), FINANC202.1 - Middle Professional Tier I (EEO Job Group)

Job Title: Lead Application Security/ Sr. Lead Application Security Experience Required: 4-8 years. Job Summary: Seeking for a highly skilled and experienced Application Security Specialist who will play a crucial role in ensuring the security and resilience of our organisations systems, networks, and infrastructure. He will be collaborating closely with development and operations teams to integrate security practices throughout the software development lifecycle. The role will involve identifying vulnerabilities, defining and implementing secure coding practices, conducting security assessments, performing day to day WAF & BOT operations and ensuring compliance with industry standards and regulations. Required Skills: The candidate should have minimum experience of 5 years in vulnerability assessment & penetration testing (VAPT) and WAF solutions. Mandatory: Proven experience in application security, with a focus on web and mobile applications. Proficiency in wide range of security tools and frameworks, such as Metasploit, Burp Suite, Nmap, Wireshark, Kali Linux, PowerShell Empire, Cobalt Strike, and others. Awareness of current cyber threats, attack trends, and threat actor tactics, techniques, and procedures. Familiarity with industry standards (e.g., OWASP Top 10, CWE) and regulatory requirements (e.g., GDPR, PCI-DSS). Experience in managing and optimizing WAF and BOT management systems. (e.g. Akamai, Cloudflare, Imperva etc.) Excellent communication and collaboration skills. Good to have: Experience with cloud security, container security and DevSecOps practices is desirable. Evaluate and implement WAF & BOT management solutions to detect, mitigate, and respond to bot activities. Experience in scripting and automation for WAF & BOT rule deployment and management (e.g., Python, PowerShell). Certification: Mandatory: Certifications such as Certified Red Team Operator (CRT), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or GIAC Penetration Tester (GPEN) are highly desirable. Good to have: Certifications such as CREST Practitioner Security Analyst (CPSA), Certified Expert Penetration Tester (CEPT) etc. Qualifications: 1. Bachelors degree in Computer Science, Information Security, or related field (or equivalent experience). 2. Strong understanding of networking protocols, operating systems, and security technologies. 3. Excellent analytical and problem-solving skills. 4. Proficient in at least one scripting language. Responsibilities: 1. Define and implement secure coding standards and practices. 2. Conduct security assessments, code reviews, and penetration testing. 3. Collaborate with development and operations teams to integrate security into the SDLC. 4. Identify and prioritize application security risks and vulnerabilities. 5. Design and implement security controls and solutions to mitigate risks. 6. Stay updated with emerging threats and industry best practices. 7. Drive compliance with relevant security standards and regulations. 8. Respond to and mitigate security incidents under WAF & BOT operations. 9. Contribute to security awareness and training programs.

Implement security-as-code principles and automate security controls in CI/CD pipelines. Conduct secure code reviews and assist developers in adopting secure coding practices. Deploy and manage security tools such as SAST, DAST, SCA, IAST, and container security solutions.

Happiest Minds Technologies is a Mindful IT Company that focuses on enabling digital transformation for enterprises and technology providers by leveraging disruptive technologies. With a 'Born Digital . Born Agile' approach, we offer digital solutions, infrastructure, product engineering, and security services across various industry sectors. Headquartered in Bangalore, India, Happiest Minds has a global presence in the U.S., UK, Canada, Australia, and the Middle East. Interested professionals can reach out to me ankita.patari@happiestminds.com Experience Details : 7 to 10 Years Location : Bangalore,Pune,Noida,Bhubneswar,Madurai,Coimabatore S kills: Burp suite, Vulnerability Assessment, Static/dynamic testing of mobile applications Job Description: Good written and verbal communication skills Hands on experience in Application security testing: Manual code walkthroughs, using Burp tool, NMap, Radioshark, Checkmarx etc., - Experience in both DAST and SAST - Preparation of detailed testing reports with vulnerabilities with CVSS scoring and remediations - Guiding developers in fixing the vulnerabilities - Knowledge of writing the test cases aligning with OWAP / NIST standards - Knowledge of External PT - Team management - Client management - Tracking and reporting of vulnerabilities - Understanding of Cybersecurity domain Thanks And Regards, Ankita Ghosh

Job Summary:. We are seeking a highly skilled and experienced Information Security Manager to oversee and strengthen our organization's cybersecurity strategies and practices. The ideal candidate will have a strong technical foundation, exceptional problem-solving skills, and excellent communication abilities to lead a team and collaborate effectively with stakeholders. Desired Candidate The ideal candidate is a proactive and detail-oriented professional with strong leadership skills and a passion for cybersecurity. They should have excellent communication abilities to convey technical concepts to diverse audiences and a proven track record of managing teams and fostering a culture of security awareness. Adaptable and ethical, the candidate thrives in dynamic environments and collaborates effectively to address evolving cyber threats while maintaining the highest standards of confidentiality and integrity. Responsibilities: Strategic Planning: Develop, implement, and maintain a comprehensive cybersecurity strategy aligned with organizational goals. Risk Management: Identify, assess, and mitigate potential cybersecurity risks and vulnerabilities across systems, applications, and networks. Incident Response: Lead and coordinate incident response activities, ensuring quick containment, recovery, and root-cause analysis of security breaches. Compliance and Standards: Ensure adherence to relevant regulatory standards (e.g., GDPR, ISO 27001) and internal security policies. Team Collaboration: Lead and mentor the cybersecurity team, fostering skill development and ensuring alignment with security objectives. Stakeholder Communication: Act as a liaison between technical teams and senior management, translating technical risks into business terms. Continuous Improvement: Monitor and evaluate the effectiveness of security measures, and recommend enhancements to maintain a robust security posture. Tool and Technology Management: Oversee the deployment and management of security tools (e.g., SIEM, firewalls, endpoint protection, etc.) to ensure system integrity and confidentiality. Training and Awareness: Develop and conduct security training programs to promote awareness and compliance across the organization. Requirements: Education: Bachelors or Masters degree in Cybersecurity, Information Technology, Computer Science, or a related field. Experience: 6-10 years of experience in cybersecurity roles with progressive leadership responsibilities. Certifications: CISSP (Certified Information Systems Security Professional)[Ongoing is acceptable]. Additional certifications (e.g., CISM, CEH) are a plus. Technical Expertise: Strong understanding of security architecture, protocols, and best practices. Experience with tools like SIEM, IDS/IPS, endpoint security, firewalls, and vulnerability management systems. Knowledge of cloud security (AWS, Azure, GCP) and securing hybrid environments. Soft Skills: Excellent verbal and written communication skills for technical and non-technical audiences. Strong leadership, project management, and team collaboration abilities. Analytical and problem-solving mindset with attention to detail.

Role : Cyber 3rd Party Risk Analyst Job Description : Cyber & Information Security team is seeking a Third-Party Security Analyst. Reporting to the Director of Cyber & Information Security, the analyst will perform third-party security assessments. You will work with a team of professional Security Analysts leveraging Next Gen security tools to perform the full lifecycle of third-party reviews from onboarding to real-time monitoring of vendors and suppliers. Total Experience 4 to 6 years. Responsibilities, Functions and Duties : - Conduct technical security assessments of third-party vendors, suppliers and partners by reviewing their security controls, adherence to regulations, compliance and contracts. - Analyze third-party security assessment findings and document security risks within the management software for tracking of risk reporting. - Coordinate with various stakeholders to verify and remediate security risk findings. - Develop KRIs and KPIs around third-party risk assessments and the remediation of key findings. - Develop, Update, and Publish Policies and Standard Operating Procedures for third-party risk management. - Continuously monitor for active vulnerabilities and cyber events against our vendors and suppliers. - Participate in third-party cyber incident response by reaching out to impacted vendors and tracking remediation. - Be an ambassador for Cyber & Information Security within Crum & Forster. Requirements Knowledge and Requirements : - Previous experience performing technical security audits or third-party assessments. - Understanding of current Cyber Vulnerabilities & threats. - Knowledge of security assessments (SOC reports, ISO/NIST, vulnerability and pen testing assessments). - Fundamental understanding of system and network security principles and technology. - Ability to interface with a wide audience of technical and non-technical personnel. Cyber 3rd Party Risk Analyst - Ability to prioritize and manage workloads and deadlines. - Excellent written and verbal communication skills. - Self-starter who is motivated and driven to learn. - Bachelors degree in a technical discipline or equivalent experience Preferred Qualifications : - Prior experience and/or certifications in AWS, Azure, and/or GCP. - Experience in performing third-party assessments of SaaS providers and vendors operating in cloud environments. - Experience performing risk assessments. - Any Security focused Certifications. - 3-5 year Cybersecurity related experience.

Manual Testing, API Testing, SDLC, VAPT Testing Strong experience in Manual testing concepts. Experience in Mobile application testing. Will be Responsible for the Quality & on time delivery. Test cases writing & execution. Required Candidate profile QA Engineer having good experience in testing various applications