10 Vulnerabilities Jobs

As a VP in the Technology and Cloud risk team at Barclays, you will be instrumental in shaping the future of Technology and Security Chief Control Office (CCO) Controls Management. Your primary focus will be on governance and execution support for technology, cloud, and AI risk. You will play a proactive role in identifying, assessing, and remediating risks to ensure compliance with regulations and respond to audit requests. Additionally, you will evaluate security risks associated with new cloud and AI deployments, offer advisory services, and engage with stakeholders from various functions. Collaboration with cross-functional teams, staying updated on security threats, and promoting best practices and policies will be key responsibilities. You will also be involved in developing metrics and scorecards to facilitate decision-making and ensuring the implementation of robust security policies. Furthermore, you will assess technology and information security risks related to new application deployments to public cloud and AI use cases, provide advisory services, and review/sign-off on new deployments and ad hoc requests. Regulatory and compliance reviews, as well as responding to audit and regulatory-related internal/external requests, will also be part of your role. To excel in this position, you should possess extensive experience in cloud and AI risk management. Practical experience with commercial cloud offerings such as AWS and Azure, a strong understanding of AWS services, CI/CD pipelines, infrastructure deployment through code, automation technologies, and industry standards related to Cloud will be advantageous. A bachelor's or master's degree with relevant experience is required. Highly valued skills may include industry certifications like CCSP and CCSK, awareness of AI risk industry frameworks/regulations, and knowledge of cyber threats and vulnerabilities for AI use cases. Your success in this role will be evaluated based on your risk and controls expertise, change and transformation capabilities, business acumen, strategic thinking, digital and technology proficiency, as well as job-specific technical skills. The location of this role is in Pune/Noida, IN. As a VP in this role, your primary purpose will be to design, develop, and consult on the bank's internal controls framework and supporting policies and standards across the organization. You will ensure that the framework is robust, effective, and aligned with the bank's overall strategy and risk appetite. Your accountabilities will include identifying and analyzing emerging and evolving risks, communicating the purpose and structure of the control framework to relevant stakeholders, supporting the development and implementation of the bank's internal controls framework, monitoring and maintaining the framework for compliance, and embedding the control framework across the bank through collaboration, training sessions, and awareness campaigns. In fulfilling the expectations of a Vice President, you will advise key stakeholders, manage and mitigate risks, demonstrate leadership and accountability, show a comprehensive understanding of the organization's functions, collaborate with other areas of work, and create solutions based on analytical thought. Building and maintaining trusting relationships with internal and external stakeholders will be crucial for accomplishing key business objectives. All colleagues at Barclays are expected to embody the Barclays Values of Respect, Integrity, Service, Excellence, and Stewardship, as well as demonstrate the Barclays Mindset of Empower, Challenge, and Drive in their behavior.,

As a leading provider of professional services to the middle market globally, our purpose at RSM is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional team is the key to our unrivaled, inclusive culture and talent experience, enabling us to be compelling to our clients. At RSM, you will find an environment that inspires and empowers you to thrive both personally and professionally. Your uniqueness is valued, and that is why there's nowhere like RSM. We are currently looking for an experienced application penetration tester to join our Security and Privacy Risk Consulting group. The ideal candidate will have expertise in both manual and automated testing, a strong understanding of various testing methodologies and tools, and a passion for uncovering vulnerabilities and identifying potential security risks. In this role, you will play a critical part in helping our clients prevent, detect, and respond to security threats affecting their critical systems and data. As a member of the Security, Privacy, and Risk Consulting team, your responsibilities will include providing application security testing for our clients. Your goal will be to empower both development and security teams with accurate security findings at the highest standards of quality to identify and eliminate risks across our clients" application portfolios. Join our team of over 150 professionals dedicated to serving the cybersecurity needs of our diverse client base across various industries. Qualifications: - B.Tech in Computer Science, Engineering, or related field or equivalent work experience - Expertise in web security, including extensive knowledge of vulnerabilities and the ability to identify and exploit them effectively - 5+ years of experience in code review, application security testing, or web application development - Excellent written and verbal communication skills - Strong scripting skills (e.g., Python, Ruby, Perl) - Experience with cloud platforms like AWS and knowledge of cloud security best practices - Familiarity with development technologies such as Docker, CDK, Terraform, Java, Python, React, GraphQL, Javascript, JSON, REST, etc. - High degree of integrity, confidentiality, and adherence to company policies and best practices - Technical background in application development, networking/system administration, security testing, or related fields - Experience with both static application security testing (SAST) and dynamic application security testing (DAST) using various tools and techniques - Preferred certifications: Offensive Security Web Assessor (OSWA), Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP), Burp Suite Certified Practitioner, or AWS Certified Security Specialist (not mandatory). Responsibilities: - Perform security assessments, including static and dynamic application security testing - Conduct manual penetration testing on web applications, network devices, and other systems - Collaborate with clients across various technology stacks and services, including cloud platforms and development technologies - Develop, enhance, and interpret security standards and guidance - Demonstrate and promote security best practices, including secure development and cloud security - Assist with remediation recommendations for identified findings - Articulate findings to senior management and clients clearly - Identify improvement opportunities for clients - Stay updated with the latest security trends, technologies, and best practices - Work effectively within a team to deliver successful outcomes - Supervise and provide engagement management for other staff working on assigned engagements The standard work hours for this role are from 3:30 PM to 11:00 PM IST to support client requirements and deliverables. Candidates should be comfortable with this fixed shift timing. At RSM, we offer a competitive benefits and compensation package, providing flexibility in your schedule to balance life's demands while serving clients. Learn more about our total rewards at [RSM Careers Page](https://rsmus.com/careers/india.html). Accommodation for applicants with disabilities is available upon request during the recruitment process and employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application or interview, please email us at [careers@rsmus.com](mailto:careers@rsmus.com).,

We are looking for an experienced application penetration tester to join our team at RSM. Your role will involve conducting both manual and automated testing to identify vulnerabilities and security risks for our clients" critical systems and data. As part of the Security, Privacy, and Risk Consulting team, you will play a crucial role in helping clients prevent, detect, and respond to security threats. To be successful in this role, you should have a Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent work experience. You should also have at least 5 years of experience in code review, application security testing, or web application development. Strong communication skills, scripting abilities (e.g. Python, Ruby, Perl), and familiarity with cloud platforms like AWS are essential for this position. Your responsibilities will include performing security assessments, conducting manual penetration testing, collaborating with clients on various technology stacks, and developing security standards and guidance. You will also be required to provide remediation recommendations, communicate findings to senior management and clients, and stay updated on the latest security trends and technologies. The standard work hours for this role are from 3:30 PM to 11:00 PM IST to support client requirements. At RSM, we offer a competitive benefits and compensation package, flexibility in your schedule, and a supportive work environment. If you are passionate about cybersecurity and enjoy working in a fast-paced, collaborative team, we encourage you to apply. For more information about our total rewards and to apply for this position, please visit https://rsmus.com/careers/india.html. If you require any accommodations during the recruitment process, please contact us at careers@rsmus.com.,

As a Lead Security Research Engineer at SecPod, you will play a crucial role in the security research and development team. Your primary responsibility will be to conduct in-depth research on the latest vulnerabilities, exploits, and frameworks, with a focus on developing security content and signatures. You will provide technical leadership to security research engineers and collaborate with cross-functional teams to enhance the security posture of enterprise IT infrastructure. Your key duties will include researching and developing vulnerability detection scripts, understanding the correlation between vulnerabilities and malware, devising proof of concepts for detecting new vulnerabilities, and identifying strategies to mitigate these security risks. Additionally, you will be involved in peer testing and quality assurance for the developed content, automating tasks using scripting languages like Python, and contributing to the development of security tools. To excel in this role, you should possess 5-8 years of experience in security research within Security/Cloud/SaaS-based organizations, along with a strong grasp of security, vulnerabilities, and exploits. Proficiency in at least one programming language (e.g., Python, C, C++, LUA) is essential, as well as a solid understanding of IT infrastructure management, information security, and various security technologies. Knowledge of system and network security, experience across Unix/Linux, Windows, Mac systems, and virtualization will be advantageous. Furthermore, you are expected to have expertise in creating, reproducing, and demonstrating proof of concepts for the latest vulnerabilities, with additional skills in exploit development and IDS/IPS signature development considered a plus. Strong analytical capabilities, effective interpersonal skills, and the ability to multitask and prioritize efficiently are essential qualities for success in this role. Excellent verbal and written communication skills in English, coupled with a Bachelor's or Master's degree in Computer Science Engineering, are prerequisites for this position. If you are passionate about cybersecurity research and possess a solid foundation in computer science, we invite you to join our dynamic team at SecPod and contribute to our mission of preventing cyberattacks through innovative security solutions.,

As an L2 SOC Analyst specializing in LogRhythm SIEM, your role will involve strengthening the Security Operations Center in Mumbai. With 2 to 5 years of hands-on experience in security monitoring and incident analysis, particularly focusing on LogRhythm SIEM, you will play a crucial part in the in-depth analysis, incident investigation, escalation, and coordination with response teams. Your key responsibilities will include monitoring, analyzing, and triaging security alerts from LogRhythm SIEM and other security platforms. You will be responsible for investigating and validating security incidents with detailed analysis and impact assessment, conducting threat hunting, and advanced log correlation as per SOC playbooks. Additionally, you will respond to incidents following defined escalation matrices, perform root cause analysis, recommend containment and mitigation actions, and provide guidance and mentorship to L1 SOC Analysts for escalated incidents. Moreover, you will prepare incident reports, analysis summaries, and dashboards for management, monitor and report SIEM health, log source integration issues, and tuning requirements. Your role will also involve participating in the continuous improvement of detection rules and SOC processes. Being ready to work in 24x7 rotational shifts with a constant readiness for critical incident handling is essential for this position. To excel in this role, you should possess 2 to 5 years of SOC operations experience, with a specific focus on SIEM monitoring and incident handling. Strong hands-on experience with LogRhythm SIEM is mandatory, in addition to a good understanding of security threats, attack vectors, malware behavior, and common vulnerabilities. Practical experience in analyzing logs from firewalls, IDS/IPS, endpoint security, and cloud platforms is required, along with familiarity with the MITRE ATT&CK framework and the usage of threat intelligence. Furthermore, you should exhibit strong analytical thinking, incident response capabilities, and problem-solving skills. Effective communication skills for incident reporting and escalation are essential for this role. Preferred certifications include LogRhythm Certified Deployment Engineer (LCDE) or LogRhythm Certified SOC Analyst (LCSA), while certifications such as CompTIA Security+, CEH, CySA+, or equivalent security certifications are optional. Any threat hunting or incident response certification would be considered a plus. This is a full-time role based at the Mumbai SOC facility, requiring you to work in 24x7 rotational shifts, including nights and weekends.,

You will consult with the Capability Lead to deliver Web Application and API Protection for critical applications primarily on the Akamai platform. This includes monitoring and reviewing all tuning requests, conducting detailed log analysis to identify false positives, and optimizing WAF rules for improved accuracy and performance. Additionally, you will create and maintain comprehensive documentation for WAF tuning procedures, policies, and configurations. Your responsibilities will also involve developing, testing, and recommending WAF policies and rules tailored to specific applications and environments. You will proactively assist in identifying false positives and collaborate with cross-functional teams to ensure the seamless integration of WAF solutions into existing security infrastructure. Furthermore, you will work with Application teams to enable web application protection and deliver anti-bypass protection for on-premise applications currently using Akamai. You are expected to provide recommendations for WAF configuration based on best practices and security requirements, perform regular assessments and audits of WAF configurations to ensure optimal security posture, and compliance with industry standards. This includes maintaining evidence for audit and regulatory purposes and delivering monthly and quarterly business reviews for application owners to demonstrate the effectiveness of WAF control. To stay effective in this role, you must stay updated with the latest web security threats, vulnerabilities, and trends to continually enhance WAF effectiveness. You will evaluate, design, and deliver new and alternative WAAP features and solutions to ensure the best possible protection. Your key accountabilities include ensuring alignment with the capability lead and control owner to deliver consistent WAAP policies across multiple infrastructures. You will also ensure timely and accurate review and action on all WAF tuning requests, conduct thorough log analyses to effectively identify and mitigate false positives, and maintain comprehensive and up-to-date documentation for all WAF tuning procedures, policies, and configurations. Collaboration with cross-functional teams and application teams is essential for integrating WAF solutions seamlessly into existing security infrastructure and enabling WAF protection. You will also ensure connectivity to origin servers on-premise only comes through Akamai to prevent direct-to-origin attacks. Providing expert recommendations for WAF configurations based on best practices and current security requirements, performing service reviews with accountable service application owners, and staying informed about the latest web security threats, vulnerabilities, and trends are crucial aspects of this role. Additionally, you will review existing and new solutions to deliver best-in-class protections.,

As a skilled professional in the field, you will be responsible for various tasks related to implementing technical solutions and ensuring the smooth operation of network devices. Your role will involve differentiating bug types, performing code upgrades, and improving the technical competence of the GCS implementation in a global environment. Additionally, you will support large and complex contracts during the implementation and delivery phase. Your expertise with Cisco Platforms, including routers like ISR 2900/3900/4400, switches like Cisco 2900, 3600, 3750, and 3650, as well as Nexus platforms such as Nexus 9k, 7K, and 5k, will be essential for this role. You must also have hands-on experience with routing protocols like EIGRP, OSPF, BGP, and various technologies like VSS, VPC, and HSRP. Furthermore, your responsibilities will include understanding the Change Implementation process following ITIL standards, performing vulnerability scans on network devices, and providing recommendations to customers for bug remediation. You will also be required to produce High Level & Low-Level Implementation Documents, establish good relationships with suppliers, and assess technical risks effectively. Your skills in LAN/WAN, TCP/IP, Load balancing, DNS, ACL, Routing, VLAN, VPN, as well as experience with Cisco SDWAN, Wireless Cisco/ARUBA/WLC AP, and network design tools like MS Visio, will be highly valuable in this role. An understanding of security technologies such as Juniper SRX, Checkpoint, ASA, and Riverbed devices will also be beneficial. In addition to your technical expertise, effective communication, leadership, and presentation skills, along with the ability to work in a global 24/7 environment, will be crucial for success in this position. By joining BT Group, you will be part of a transformative journey to revolutionize connectivity for millions and help create the UK's best telco. If you are excited about this opportunity but do not meet every single requirement listed, we encourage you to apply anyway. We are committed to building a diverse and inclusive workplace where everyone can thrive, and your unique skills and experiences may make you the ideal candidate for this role.,

As a Security Incident Response Analyst at our organization, you will play a crucial role in safeguarding our systems and data from potential security threats. Your responsibilities will include: - Incident Assessment and Response: You will be responsible for analyzing and responding to security alerts and incidents promptly. Your focus will be on ensuring efficient containment, eradication, and recovery measures. It will be vital for you to document and report your findings accurately to enhance our overall security posture. - Communication and Coordination: You will act as the primary point of contact during security incidents, providing clear and concise communication to stakeholders. Your role will involve preparing detailed incident reports and coordinating effectively with SOC analysts, IT teams, and third-party vendors. Additionally, you will be involved in continuous improvement efforts by participating in post-incident reviews, developing detections, playbooks, and SOPs. Identifying security control gaps and recommending improvements will also be a part of your responsibilities. Furthermore, you will conduct training sessions for SOC team members and stakeholders to enhance their awareness and skills. - Threat Intelligence and Monitoring: Monitoring threat intelligence feeds to identify emerging threats and vulnerabilities will be a critical aspect of your role. You will be expected to proactively hunt for indicators of compromise (IOCs) to stay ahead of potential security risks. To qualify for this role, you should have: - A Bachelor's degree in Computer Science, Information Security, or a related field. - At least 1 year of experience in cybersecurity and threat intelligence. - Proven experience in a security operations role with strong incident response and threat intelligence skills. - Excellent communication and coordination skills. - Ability to work effectively under pressure and manage multiple incidents simultaneously. Please note that the benefits and perks associated with this position may vary depending on the nature of your employment with our organization and the country where you work.,

The Audit and IT Control Compliance Specialist is responsible for ensuring the organization's adherence to internal controls, IT governance, and industry-specific regulatory requirements. This position involves conducting audits, assessing risk management processes, evaluating IT controls, and ensuring compliance with laws and policies. The specialist will also be required to collaborate with various stakeholders to identify vulnerabilities, recommend improvements, and help maintain a strong compliance environment. The key responsibilities of the role include: Audit and Compliance Review: - Conduct audits of IT systems and processes to assess the effectiveness of controls. - Review IT policies, procedures, and practices to ensure compliance with regulations and best practices. - Prepare audit plans and schedules, ensuring alignment with organizational objectives. - Identify areas of risk, non-compliance, and opportunities for improvement. - Provide recommendations for corrective actions based on audit findings. IT Control Assessments: - Evaluate the design and operating effectiveness of IT controls, including access controls, data integrity, and system security. - Conduct vulnerability assessments to identify and mitigate potential security risks in IT infrastructure. - Work with IT teams to review the deployment of security controls and ensure they meet compliance standards. - Ensure proper segregation of duties and evaluate change management procedures. Regulatory Compliance: - Stay up to date with the latest industry regulations, such as GDPR, HIPAA, SOX, and ISO 27001, and ensure compliance across IT systems and processes. - Ensure the organization follows local, national, and international standards for IT security and data protection. - Prepare and submit compliance reports to management and regulatory bodies as required. - Assist with external audits and regulatory inspections. Risk Management: - Identify IT and business risks related to security, data privacy, and system reliability. - Collaborate with cross-functional teams to develop and implement risk mitigation strategies. - Monitor the effectiveness of risk management practices and recommend improvements where necessary. Training and Awareness: - Provide training to staff on IT control compliance, security policies, and best practices. - Promote a culture of compliance and data security across the organization. Continuous Improvement: - Monitor and evaluate changes in the IT landscape, regulations, and emerging technologies to ensure continuous compliance. - Assist in the development of policies, procedures, and internal controls to enhance the overall compliance environment.,

Key Responsibilities: 8 years experience in security assessing application designs experience in working in a regulated industry Experience in System Architecture Cloud Security and Security Overall Secondary Skills Ability to explain security controls vulnerabilities and control gaps to solution architects Good to Have Skills Very good Communication Skills Positive Attitude towards work and deliverable Technical Requirements: 8 years experience in security assessing application designs experience in working in a regulated industry Experience in System Architecture Cloud Security and Security Overall Secondary Skills Ability to explain security controls vulnerabilities and control gaps to solution architects Good to Have Skills Very good Communication Skills Positive Attitude towards work and deliverable Preferred Skills: Technology->Enterprise Architecture->Digital Architecture,