30 Vulnerability Analysis Jobs - Page 2

Transport is at the core of modern society. Imagine using your expertise to shape sustainable transport and infrastructure solutions for the future If you seek to make a difference on a global scale, working with next-gen technologies and the sharpest collaborative teams, then we could be a perfect match. As a Product Cybersecurity Officer (PCS officer), you will be responsible for contributing towards the overall security and compliance of our organization's automotive systems and connected vehicles in collaboration with various internal & external stakeholders. This role plays a critical supporting part in safeguarding our vehicles from cyber threats, managing risks, and ensuring compliance with industry regulations and standards. A PCS Officer is a role filled by resources in the Product Cybersecurity Management System (PCSMS) in GTT cybersecurity and functional safety central team. A PCS Officer could take on various responsibilities during the deployment of PCSMS, including Product Regulation Compliance Owner (PRCO), Product Cybersecurity Leader, Vehicle Cybersecurity Coordinator, and Vehicle Cybersecurity Engineer. Primary Responsibilities: - Develop and maintain PCSMS in accordance with applicable product cybersecurity standards and procedures for the organization's automotive systems. - Establish a governance framework to oversee cybersecurity initiatives and ensure alignment with business objectives. - Collaborate with senior management to promote a culture of cybersecurity awareness and compliance throughout the organization. - Support in evaluating new global cybersecurity regulations and setting up/improving processes, instructions, and templates in coordination with the internal GTT team. - Create guidelines for Product Development teams to maintain clear traceability of Cybersecurity changes on product levels to facilitate vehicle type approval certifications. - Stay up to date with evolving regulations and coordinate necessary adjustments to policies and procedures. - Support Vehicle & Technology Streams in identifying, assessing, and managing cybersecurity risks related to vehicle systems and connected technologies. - Provide consolidated reports of product cybersecurity risks to relevant stakeholders. When acting as R155 Product Regulation Compliance Owner (R155 PRCO), responsibilities include: - Responsible for certifications such as R155 Regulation and GB/T 40863 Chinese CS Regulation. - Ensure compliance of Volvo Group Trucks with regional Vehicle Cybersecurity regulations. - Generate and own needed cybersecurity agreements and guidelines related to PCS. - Prepare necessary documents for R155 new and extension vehicle type approval and PCSMS Audit Events. - Summarize product-related cybersecurity changes and create vehicle-level documentation for regulatory audits. - Lead efforts to secure compliance with external regulatory authorities and work with regulatory specialists and certification engineers. - Ensure all technical solutions comply with relevant regulations. Secondary Skills: - Develop and deliver cybersecurity training programs for employees and partners. - Promote a culture of cybersecurity awareness by organizing workshops and awareness campaigns. - Maintain and drive CoP and Supporting Forums related to various PCSMS processes. - Act as an expert advisor to product development teams for screening and planning their CS activities. - Provide necessary guidance and infrastructure to enable the consolidation of individual assurance cases. Further details and qualifications can be found in the job description.,

Position Summary The Network Security Engineer plays a critical role in safeguarding our organization's sensitive data and maintaining the integrity of our network infrastructure. This role focuses on implementing, managing, and monitoring network security solutions to ensure compliance with industry standards such as PCI-DSS, NIST, ISO 27001, HIPAA and some others. Will conduct regular security assessments, including firewall reviews and vulnerability analysis, and provide recommendations for enhancing our security posture, additionally will be required to conducting regular WIFI security reviews. This position requires a strong understanding of network security principles, hands-on experience with technologies such as: FIREMON, Palo Alto firewalls, Cisco switches, and other network security technologies. Job Description Manage and optimize security tools including FIREMON, Palo Alto firewalls, and Cisco infrastructure Identify and respond to security incidents, compromised assets, and potential threats Monitor network traffic patterns and analyze security events using IDS/IPS systems Perform real-time security monitoring and incident response Handle security request related but not limited to troubleshootings, enrollment, reports, investigations, etc. Technical analysis of network activity; monitors and evaluates network flow data and signature-based IDS events. Recommend new IDS signatures and detection strategies. Monitor and report on trends and activity on network sensor platforms. Review daily Firewall logs. Review Firewall rules. Conduct monthly audit on WIFI SSID and users. Conduct quarterly WIFI scan and analysis. Note: The candidate should have exp in Security Audit & Compliance Shift: Rotational (Including Night Shfit)

Required Experience: At least 15 years of experience in working in a fast-paced IT team. Work Location/Travel: Bangalore and must be available during weekends or extended hours if required for critical emergencies. Work in the office during the general shift/work from home during other shifts. Job Summary: Infra Ops Management Manage IT Ops Vendors and hardware Vendors for delivering M365 L1 Support, Network (Internet Leased Line, Firewall, Apps gateway, IDS, IPS) and Onsite desktop support. Manage IT Network Ops vendors including L0 and L1 support. Handle escalation L2/L3 support including developing policies and qualifying exceptions etc. for IIC and US teams. Manage escalation of hardware Issues with OEM vendors like Dell and HP, ensuring they deliver as per SLAs. Built and develop L0/L1 support (including availability, monitoring and change management activities) Architect and manage Infra programs, support technology requirements for delivery projects Own security reviews, vendor security questionnaires, and responses to support Presales Security management and administration of M365, Cloudflare, Proofpoint, N-Able, Fortinet alerts Development support queries on Application installation and client connectivity issues Design and implementation of policies on the Apps managed by IT. Monthly reports and exception management Hardware and software procurement and license management including development requirements on a needy basis. Supports ISO 27001 activities and development of new policies, evidence gathering, and addressing gaps. Readiness for New security compliances Fed Ramp etc., and other compliance required by our customers PCI-DSS. Assisting the development teams in adopting these during application deployment. Nable Patch Management Review Bitdefender Review Dashboards and follow up on exceptions. Review Assets registered and ensuring time and again stale assets are removed. Extract and configure customized reports as required. Review Bitdefender automated reports for exceptions Address escalated issues that cannot be resolved by IT Tech Liaise with All covered for resolution. Audit reviews for Users and devices AZURE AD Risky User Investigation Conditional access policies review and troubleshooting MFA configuration and Troubleshooting Secure score recommendations AZURE AD policies troubleshooting and investigations. AZURE AD Access Reviews and Cleanup AZURE AD Admin Audit logs review Self-service password reset flow activity progress. Reset password (self-service) Update Sts Refresh Token Valid from Timestamp Reset user password. Update user Add app role assignment grant to user When an Enterprise Application is assigned to a user. Add delegated permission grant. Change password (self-service) Change user password Security info saved for self-service password reset. User completed security info registration for self-service password reset. User started security info registration for self-service password reset. Add service principal. Add application. Delete application. Remove service principal. Update service principal Update application Certificates and secrets management Update application Add and remove the owner from application. Create an application password for the user. Redmine Access Reviews Backup Reviews Software updates Assist team with queries on Vulnerability Analysis Gather evidence required for ISO 27001 Escalated Issues on Redmine Address Backup Issues Prepare and coordinate DR and BCP Ad hoc requests from Dev teams and PMO FortiGate and Network Design as per compliance requirements say FedRAMP, PCI-DSS Vendor Liaison (basically L1) on exceptions like IDS, IPS, VPN, Firewall Issues Manage change and problem management activities. Review monthly reports and exceptions. Root cause analysis and remediations SLA reports and corrective actions Policy design and address VPN compliance Handle Escalated Issues on the Network - VPN, IDS, IPS, Security Violations and investigations regarding access to customers and/or impersonation etc. M365 Intune Import and register new laptops during onboarding. Support on shore team for Onboarding Issues Review Assets registered in Intune, and generate asset reports, compare these with asset files. Escalated support on Intune Issues and follow up with vendor and Microsoft. Escalated support on Non-Delivery of Apps during deployment Registering BYOD devices Validating policies and resolving issues that users face due to policy failures. Create and troubleshoot policies. Exchange Online Review Quarantined email and release as appropriate reactively as alerted by Users. Escalate issues of non-delivery reports and/or any emails quarantined or not delivered to users. Review and clear blocked messages from EOL Create and troubleshoot policies. Teams Troubleshoot team issues Jitter, call drops, high utilization. Review usage reports and dashboards for exceptions Review and investigate Teams logs for security issues. Change ownership of Team files as required by Managers or new owners. Resolve file-sharing queries and best practices for sharing files. Procurement Vendor Management Review and monitor SLA with HP, Dell, and hardware Partners Address escalations due to delays in service Address clarifications on warranty claims Procure New hardware or upgrade as required - Memory, SSD etc., Co-ordinate with Insurance firms and support Admin teams Hardware Planning as per business needs Review and procure software requirements. Review asset inventory and ensure asset register is updated. Assist onshore with laptop hardware procurement and configurations for 3-year support. Warranty renewal and Maintenance contracts Competency (Knowledge, Skills, and Abilities): At least 15 years of experience in working in a fast-paced IT team. Responsible for delivery of end-to-end IT requirements for internal stake holders Should have experience of managing internal and external resources working to deliver IT services. Should have hands on experience in managing vendors, negotiating deliverables and keeping costs within pre-determined budgets. Position Type: Full Time/Permanent Required Education: Bachelors degree. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology. Other Duties: This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required. Duties, responsibilities, and activities may change, or new ones may be assigned at any time, with or without notice.

Job description Job Title: Senior Staff Security Researcher About Role : Develop cutting-edge IPS signatures that shield against emerging threats and Review signatures for other junior team members. Have sense of urgency for critical vulnerabilities and release it to customers. Analyze and reverse engineer cyber-attacks and new vulnerabilities (CVEs) and effectively implement preventive measures to stay ahead of evolving threats. Align with Engineering stakeholders and identify Research topics for IPS roadmap, build POCs for them and mentor junior team members for various research topics. Identify areas of process improvement, prioritize them with senior leaders, look at new Attack Frameworks, like Empire, MSF. Drive Competitive Analysis strategy along with senior leaders to stay ahead of the competition. Publish technical blogs to spread awareness and help defenders with the necessary resources to protect their organizations. Research various MITRE attack TTPs, replicate them in lab, build signatures and be represent IPS research team in MITRE evaluation process. Vulnerability RCA, reverse engineering and POC verification and signature development for MAPP program Capable of working with no supervision, represent IPS research team in various forums and come-up with new Research ideas. Company Benefits and Perks: We work hard to embrace diversity and inclusion and encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees. Retirement Plans Medical, Dental and Vision Coverage Paid Time Off Paid Parental Leave Support for Community Involvement

About Barry Wehmiller: - Barry Wehmiller Companies is a global supplier of manufacturing technology and services based in St. Louis Missouri. Although it was founded in 1885 as a maker of machinery for the brewing industry, since 1987 Barry-Wehmiller has acquired more than 80 companies that provide equipment and services for a variety of industries: packaging, paper converting, sheeting, corrugating, engineering, and IT consulting. In 2016 it was ranked no. 10 on the St. Louis Business Journal's list of the city's Top 150 Privately Held Companies. We believe our culture differentiates us from other firms. In India, Barry-Wehmiller operates as a hub of innovation and collaboration, housing our Global Competency Center (GCC) and other strategic functions. The GCC, based in Chennai, is an Engineering Center of Excellence that supports all Barry-Wehmiller divisions globally. The center focuses on areas such as design and development in mechanical, electrical, and controls engineering, software development, and additive manufacturing. We believe in: Ownership Youll drive features end-to-end, from design to deployment. Flexibility A friendly, results-oriented culture that respects your time. Empowerment Your insights are valued, and your work makes a visible difference. Learning & Growth Youll work on complex challenges with smart, passionate peersand have the support to level up continually. If youre ready to bring your best thinking to the table and grow in a high-impact, future-focused environment, wed love to hear from you. Job Description: The Enterprise IT Service Desk Workstation Vulnerability Analysts role is to help secure the company’s workstations against vulnerabilities. This will be done through analyzing scan data, researching vulnerabilities, and providing mitigation for said vulnerabilities within SLA timelines. Additionally, deployment of mitigations may be required. The Workstation Vulnerability Analyst will also need to present findings to IT leadership. Job Specifications: Proven analytical and problem-solving abilities. Ability to effectively prioritize and execute tasks in a fast-paced environment. Ability to shift between tasks as priorities change Strong written and oral communication skills. Strong troubleshooting skills and knowledge of IT hardware and software. Ability to conduct research into software issues and products as required. Strong organizational skills with keen attention to detail. Basic understanding of security principles, protocols, and technologies. Familiarity with vulnerability assessment tools (e.g., Nessus/Tenable, Qualys, OpenVAS) is a plus. Principal Duties and Responsibilities (Essential Functions): Analyze the results of vulnerability scans Understand business criticality of various systems Prioritize work based on risk Complete work within deadlines Assist in identifying and assessing vulnerabilities in the organization's systems, networks, and applications. Support the development and implementation of remediation plans to address identified vulnerabilities. Participate in regular vulnerability assessments and penetration tests to identify new security risks. Monitor security alerts and incidents and assist in determining the impact and necessary response. Assist with rollback if necessary Document and report on remediation activities, including progress and outcomes. Investigate and remediate malfunctioning security agents Function and communicate in a global support team. Analyze root cause and implement corrective solutions. Collaborate with IT, security, and development teams to ensure timely and effective remediation. When necessary, contact third-party software and PC equipment vendors. Maintain knowledge of current IT trends and advancements. Stay informed about the latest security threats, vulnerabilities, and mitigation techniques. Provide support to other teams on vulnerability management best practices. Required Education and Experience: An associate degree in the field of computer science or management information systems, and/or 3-5 years of related work experience is preferred. 3-5 years of vulnerability remediation preferred; experience with patch management and scripting is a plus. Experience working in a team-oriented, collaborative environment. Relevant certifications (e.g., CompTIA Security+, CEH) are a plus but not required. Travel: Travel could be up to 15% (in the country) as needed for remote support. What is it for you? This role is more than just a job. It’s an opportunity to be part of a global team that values people excellence, innovative solutions, and operational excellence. Barry-Wehmiller provides a unique environment where you can grow your skills, work on impactful projects, and collaborate with some of the brightest minds in the industry. In addition, we are deeply committed to your personal and professional growth, fostering a culture that helps you achieve your full potential. You can also apply to this job using the below Workday link https://bit.ly/4kPFsa7 (if the link doesn't work, simply copy paste the link in your browser) To understand more about our people-first philosophy, you may like to watch this short video by our CEO, Mr. Bob Chapman, on Truly Human Leadership : Watch the video https://bit.ly/4kSLZkE (if the link doesn't work, simply copy paste the link in your browser)