827 Vulnerability Assessment Jobs - Page 8

About ColorTokens: At ColorTokens, we empower businesses to stay operational and resilient in an increasingly complex cybersecurity landscape. Breaches happen but with our cutting-edge ColorTokens Xshield platform, companies can minimize the impact of breaches by preventing the lateral spread of ransomware and advanced malware. We enable organizations to continue operating while breaches are contained, ensuring critical assets remain protected.Our innovative platform provides unparalleled visibility into traffic patterns between workloads, OT/IoT/IoMT devices, and users, allowing businesses to enforce granular micro-perimeters, swiftly isolate key assets, and respond to breaches with agility. Recognized as a Leader in the Forrester Wave : Microsegmentation Solutions (Q3 2024), ColorTokens safeguards global enterprises and delivers significant savings by preventing costly disruptions. Join us in transforming cybersecurity. Learn more at www.colortokens.com. Our Culture We foster an environment that values customer focus, innovation, collaboration, mutual respect, and informed decision-making. We believe in alignment and empowerment so you can own and drive initiatives autonomously.Self-starters and high-motivated individuals will enjoy the rewarding experience of solving complex challenges that protect some of world s impactful organizations be it a children s hospital, or a city, or the D fense department of an entire country. Job Description: Skills Required: Red Team Operations Certified, Red Team Ops Certified, OSCP, Offensive Security Certified Professional, MITRE ATT&CK, OPSEC, Operational Security Experience Range : 6-8 years Location: Bangalore Work mode: Work from Office (hybrid Key Responsibilities: Plan and execute red team exercises simulating real-world threat actor behaviors. Conduct comprehensive penetration tests on internal and external networks, applications (web, mobile, APIs), and cloud environments. Identify and exploit security flaws to assess the effectiveness of preventive and detective controls. Develop custom tools, scripts, and techniques to aid in assessments and evade detection. Collaborate with blue teams to improve detection and response capabilities. Prepare detailed reports outlining findings, proof-of-concepts, and recommended mitigations. Stay current on emerging threats, offensive tactics, tools, and vulnerabilities. Assist with purple teaming and adversary emulation exercises. Requirements: Bachelors degree in Cybersecurity, Computer Science, or related field (or equivalent experience). 6+ years of hands-on experience in red teaming, offensive security, Infrastructure web application, API, Cloud Pentesting. Proficient in tools such as Cobalt Strike, Metasploit, Nessus, Burp Suite, Nmap, Active directory assessment, and custom scripting (Python, PowerShell, Bash). Strong understanding of MITRE ATT&CK framework, threat and adversary emulation. Knowledge of Windows and Linux internals, Active Directory, and cloud platforms (AWS/Azure/GCP). Familiarity with social engineering tactics and phishing and physically security (a plus). Having experience in creating documentations for services. Certifications (Preferred): OSCP (mandatory)CRTP , OSCE, OSEP, CRTE, GPEN, GXPN, or equivalent.

Work with Us. Change the Word. At AECOM, we're deivering a better word. Whether improving your commute, keeping the ights on, providing access to cean water, or transforming skyines, our work heps peope and communities thrive. We are the word's trusted infrastructure consuting firm, partnering with cients to sove the word’s most compex chaenges and buid egacies for future generations. There has never been a better time to be at AECOM. With acceerating infrastructure investment wordwide, our services are in great demand. We invite you to bring your bod ideas and big dreams and become part of a goba team of over 50,000 panners, designers, engineers, scientists, digita innovators, program and construction managers and other professionas deivering projects that create a positive and tangibe impact around the word. We're one goba team driven by our common purpose to deiver a better word. Join us. Fow & quaity data anaysis Preparing process fow diagrams, P&IDs Producing mass baances/process sizing cacuations Preparing process & performance specifications Process Modeing and simuation using software ike BioWin Providing mentoring and support for junior engineers and CAD technicians Contribute to the production and deivery of concise high-quaity technica documentation in Engish. Quaifications B.E./M.Tech. (preferred) in Chemica or Environmenta Engineering fied from a recognized university. Professiona registration or icensure in their designated home office country or be inactive pursuit of such registration. Awareness of pipe network design codes. Experience in designing Water Treatment systems incuding conventiona and advance system. Experience in designing Wastewater Treatment systems ike – ASP, MBBR, SBR, MBR, Digesters, Soids Handing system, Desaination system, etc. Awareness of Quaity aspects (i.e., registers, design issues ogs, QC process and design transmittas etc.). Abe to independenty work efficienty and meet required deadines by foowing reevant design manuas/standards and practices. 8 - 10 Years of experience in water/wastewater industry. Having hands-on experience in process simuation modeing. Experience in Detaied Design of Wastewater Water, Water, Biosoids and Desaination Systems. Good Engish communication skis. Good team payer Additiona Information AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our empoyees and their famiies. We aso provide a robust goba we-being program. We’re the word’s trusted goba infrastructure firm, and we’re in this together – your growth and success are ours too. As an Equa Opportunity Empoyer, we beieve in each person’s potentia, and we’ hep you reach yours. #LI-FS1

As a PC@IBM Windows Engineer, you wi be responsibe for designing, managing, configuring, and maintaining PC@IBM’s M365 tenant for managing IBM empoyee devices. You wi ensure the avaiabiity, security, and reiabiity of PC@IBM services whie coaborating with various teams to meet their technica requirements. Your responsibiities wi incude: Impement and manage poicies required for IBM security compiance. Monitor Microsoft Intune service heath, swifty addressing issues to maintain system integrity. Impement stringent security measures such as muti-factor authentication. Conduct reguar security assessments to strengthen data protection and ensure compiance with reguations. Deveop detaied user documentation to faciitate system navigation and troubeshooting. Design and impement backup strategies and disaster recovery pans to safeguard M365 data. Empoy PowerShe for monitoring system performance and service metrics, proactivey identifying potentia issues. Required education Master's Degree Required technica and professiona expertise Required Professiona and Technica Expertise: Overa 10+ years of experience in security and compiance roes. In-depth knowedge of compiance frameworks such as NIST, CMMC, ITAR/EAR, GDPR, HIPAA, and PCI. Expertise in Intune MDM for device security and management. Strong understanding of Microsoft 365 security and compiance capabiities. Exceent anaytica and probem-soving skis. Abiity to work in a fast-paced, high-stakes environment. Preferred technica and professiona experience Preferred Professiona and Technica Expertise: Mastery in PowerShe for automation and system management. Exceptiona probem-soving skis and the abiity to communicate compex technica concepts ceary.

Job Title: Lead SME Cybersecurity and Infosec Location: Pune About Zygal - Zygal is built on a decade of product development and manufacturing expertise, where innovation is at our core. From the outset, we recognized the limitations of conventional cameras in securing premises. Our relentless pursuit of an unparalleled security and surveillance ecosystem has positioned us at the forefront of AIoT innovation, driven by AI and Robotic Process Automation (RPA). We aspire to establish Zygal as a global brand in B2B security surveillance, leveraging our SaaS model to power our solutions. We have earned the trust of industry giants in critical sectors such as BFSI, retail, logistics, and supply chain management, serving over 25,000 locations nationwide. Our cloud- based AIoT ecosystem currently manages a vast network of over 3.5 million connected devices, processing more than 1.2 billion alerts annually to meet the ever-evolving demands of security and surveillance. Duties and Responsibilities 1. Discover and Mitigate Cyber Risks and exploitable vulnerabilities on the internet facing apps/assets 2. Conduct Regular Vulnerability Assessment and Penetration Testing of the applications 3. Experience with latest technologies and security standards such as OWASP, CVSS, Mitre etc. 4. Mobile App Reversing and pen testing as Android and iOS applications security standards 5. Familiarity with malicious code identification and common hacker attack techniques 6. Conduct regular Secure Code and Architecture Review, SAST and DAST 7. Latest technology security- API, Microservices, RPA, IOT etc. 8. Ethical Hacking and Red Teaming Activity (Addon preferred) 9. Assess Third Party Partner vulnerabilities and security risk 10. Remediations, Closures Tracking, Reporting and Management of all Cyber Risks 11. Engage with technology Teams and partners and business units to resolve identified vulnerabilities within acceptable timelines 12. Design and deliver actionable Information Security dashboards and scorecards 13. Work with partners in carrying out comprehensive VAPT assessment 14. Advanced understanding with working experience collecting and tracking threat intelligence 15. Experience working with tracking, communicating, and prioritizing vulnerabilities and cyber threats to an enterprise-wide organization Required Qualifications and Experience 1. Engineering / Computer Graduate with 3-5 years of Information / Cyber Security Experience 2. Relevant Security Certifications like CEH, CPENT, PNPT, EJPT, EWPT, OSCP etc. preferred 3. Prior experience of Security Testing, OWASP Top 10 and application security 4. Prior experience of Penetration Testing Web Application, Mobile Applications and API Security testing 5. Sound in latest application technologies and network attacks execution 6. Good Written and Verbal Communication with Presentation Skills Good Team Player and sound in stakeholder management 8. Threat Modelling, Cloud Security and WAF basics clarity 9. DevOps / DevSecOps and Source Code security review experience is added boon 10. Well versed with related tools and techniques of all the above Role: Lead SME - Cyber Security Department: IT & Information Security Employment Type: Full Time, Permanent Role Category: IT Security Experience: 5 to 8 Years Education

We are looking for a Senior Linux Support Specialist to take full ownership of hybrid infrastructure environments hosted across AWS, Azure, and On-Premises setups. The ideal candidate will play a critical role in ensuring system stability, security, and performance while driving automation and standardization across 100s of Linux servers. This is a hands-on technical role requiring deep expertise in Linux, security hardening (CIS benchmarks), vulnerability remediation, and automation of infrastructure tasks. Key Responsibilities: Linux Server Management & Operations Manage, monitor, and support large-scale Linux environments (RHEL, CentOS, Ubuntu, etc.) Perform OS upgrades, patching, and package management across hundreds of servers Troubleshoot and resolve advanced Linux system issues (performance, kernel, services, etc.) Security Hardening & Compliance Implement and maintain CIS hardening standards across all Linux servers Remediate VAPT (Vulnerability Assessment and Penetration Testing) and CIS benchmark findings Develop automation scripts/tools to roll out security configurations across the fleet Work closely with the security team to ensure system compliance with industry best practices Automation & Configuration Management Automate OS hardening, patch management, and system provisioning using tools like Ansible, Bash, Python, or Terraform Create and maintain playbooks and scripts for repeatable tasks Streamline deployments and configuration drifts across cloud and on-prem environments Cloud & On-Premise Support Support hybrid environments on AWS, Azure, and On-Prem Assist in provisioning, scaling, and securing cloud-based Linux workloads Monitor platform uptime, availability, and performance metrics Cost & Resource Optimization Collaborate with DevOps/cloud teams to optimize cloud usage and reduce infrastructure costs Implement monitoring and alerting to proactively identify performance or cost anomalies Skills & Qualifications: Must-Have Skills: 3+ years of hands-on experience with Linux system administration Deep understanding of CIS benchmarks and security hardening techniques Strong scripting skills (Bash, Python, etc.) Proven experience with Ansible or similar configuration management tools Solid knowledge of AWS and Azure Linux instances and best practices Experience in managing vulnerability remediation and patch management Familiarity with VAPT assessments , security tools, and remediation workflows Good to Have: Experience with container technologies (Docker, Kubernetes) Infrastructure as Code (Terraform, CloudFormation) Monitoring tools (Prometheus, Nagios, CloudWatch, etc.) Certification in RHCE, AWS SysOps, Azure Administrator, or related areas

The Application Security Analyst reports directly to the team lead of Vulnerability Management and Applications Security. The role is responsible for identifying vulnerabilities and weaknesses in applications before they go live to reduce company's attack surface and supports the operational teams in the understanding of vulnerabilities. This position is responsible of the proper maintenance, configuration and governance of the solution used for scanning the target applications. This role requires constant communication with the operational teams and other stakeholders, supervision of the processes and making sure that the service quality is delivered with the highest standards. Basic Qualification: Education: Bachelors in information technology, Computer Science or similar Field. Experience: Minimum 3 years of experience in Applications Security scans, Vulnerability Management or related cyber security experience. Excellent verbal and written communication skills Excellent team player that demonstrates proactiveness Strong analytical and interpersonal communication skills, including the ability to communicate effectively Mandate Skills: Service-related expert knowledge Experienced in designing and implementing secure tests Secure configuration management techniques Knowledge of software quality assurance process Knowledge of secure software deployment methodologies and tools Ability to document technical concise and understandably Experience in the use of Application Security Testing tools Understanding of the attack surface and company security posture Knowledge in log analysis and troubleshooting of issues Advanced knowledge of application related vulnerabilities Cyber security and technical knowledge Experienced in discerning the protection needs (i.e., security controls) of information systems and networks Experienced in estimating specific operational impacts of cybersecurity incidents caused in applications Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, etc.) Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) Knowledge of cybersecurity principles and methods that apply to software development Consideration of laws, regulations, policies, and ethics (GDPR, etc.)

You will co-ordinate and direct the QA teams on daily activities and handle QA and automation for the Adobe Web platform hosting ~400 Healthcare and Corporate websites You will work with vendors, strategic partners, and internal resources to define and implement QA and Automation processes and ensure delivery of projects on-quality, on-budget, and on-time, and establish strong, effective, working relationships with the Business and App Tech team across the organization You will maintain a high degree of technical competence with the latest web technologies for penetration testing, platform security testing and vulnerability testing, Automation and QA processes Automation and QA Strategy Development: Designing and implementing automation and QA strategies that align with project goals and organizational standards. Team Leadership: Leading and mentoring a team of automation & QA engineers, providing guidance on best practices and technical solutions. Test Automation Framework Design: Developing and maintaining robust test automation frameworks to support various applications and ensure scalability. Collaboration with Stakeholders: Working closely with product owners, developers, and QA teams to identify automation opportunities and define testing requirements. Test Case Development: Creating, reviewing, and optimizing automated test cases to ensure comprehensive test coverage. Continuous Improvement: Analyzing automation processes and results to identify areas for improvement and implementing enhancements. Tool Evaluation and Selection: Researching and evaluating automation tools and technologies to ensure the right tools are used for specific projects. Reporting and Metrics: Generating reports on automation progress, defects, and test coverage to provide insights to stakeholders. Troubleshooting and Support: Assisting in troubleshooting issues related to automation scripts and providing support to team members as needed. Who you are: Overall 8 to 10 years of hands-on testing experience. 4-6 years of experience in using Selenium for web application testing, including writing and maintaining automated test scripts. 1 - 2 years of experience with Robot Framework for keyword-driven testing, creating test cases and maintaining automated test scripts Proficiency in scripting languages such as Java or Python to develop and enhance automation scripts. Experience in designing Automation(Selenium and TestNG) frameworks from the scratch Experience with Extent Reports for generating detailed and customizable test execution reports, enhancing test visibility.Hands-on experience in Jenkins for automating the build and deployment process, integrating automated tests into the CI/CD pipeline Experience with version control tools like bitbucket for managing code repositories and collaborating with team members. Experience in testing AEM-based applications, including content management workflows and component testing Specific information related to the position: Flexibility to attend critical meetings remotely across different time zones (Europe, North America, Latam)

Role & responsibilities Main Priorities: Plan and execute VA/PT projects across digital assets. Identify, assess, and report vulnerabilities and risks. Collaborate with IT and development teams for remediation. Ensure compliance with cybersecurity standards (ISO 27001, NIST, GDPR). Provide regular updates and final reports to stakeholders. Drive continuous improvement in VA/PT processes. Preferred candidate profile Strong understanding of VA/PT methodologies and tools (e.g., Nessus, Metasploit, Burp Suite). Familiarity with operating systems, network protocols, and security frameworks. Knowledge of ISO 27001, NIST, GDPR compliance. Strong project management and documentation skills. Excellent communication, leadership, and problem-solving abilities.

You will be responsible to assist with the efficient running of the department in line with Hyatt International's Corporate Strategies and brand standards, whilst meeting employee, guest and owner expectations. The Team Leader - Security is responsible to assist in the smooth operations of the security operations of the Security team Qualifications Ideally with a professional diploma or certificate in Safety and Security. Minimum 2 years work experience as Assistant Security Manager, or Senior Security Officer in larger operation. Good practical, operational and adequate administrative skills are an asset.

You will be responsible to assist with the efficient running of the department in line with Hyatt International's Corporate Strategies and brand standards, whilst meeting employee, guest and owner expectations. The Team Leader - Security is responsible to assist in the smooth operations of the security operations of the Security team Qualifications Ideally with a professional diploma or certificate in Safety and Security. Minimum 2 years work experience as Senior Security Officer in larger operation. Good practical, operational and adequate administrative skills are an asset.

Responsibilities: * Conduct penetration tests, vulnerability assessments & ethical hacking. * Implement OWASP top 10 principles & network NPT methodologies. * Monitor cybersecurity risks & respond to incidents.

Location: Gurgaon Sector 58 Preference: Candidates with experience in NBFCs Compensation: Up to 00 LPA Requirements: Strong communication skills, a compelling personality, and relevant profile exposure -----JOB DESCRIPTION--- For a role that encompasses IT GRC (Governance, Risk, and Compliance) along with IT Security Audit responsibilities, especially in the context of NIST, ISO 27001, SOC2, ITGC audit, RBI (Reserve Bank of India) regulatory compliance, IT Security Compliance, Business Continuity Management (BCM), Disaster Recovery (DR), and Vulnerability Assessment (VA), the roles and responsibilities would typically include: Governance, Risk, and Compliance (GRC): Develop and maintain IT governance frameworks aligned with industry standards and regulatory requirements. Establish and enforce policies, procedures, and controls to ensure compliance with applicable laws, regulations, and standards. Coordinate risk assessment and management activities across the organization. Monitor and report on compliance status to senior management and stakeholders. Facilitate audits and assessments to verify adherence to compliance requirements. Implement continuous improvement initiatives to enhance the effectiveness of GRC processes. IT Security Audit: Plan, coordinate, and conduct IT security audits based on regulatory requirements and industry best practices. Perform risk-based assessments of IT systems, networks, and applications to identify security vulnerabilities and weaknesses. Review and evaluate controls related to access management, change management, data protection, and incident response. Document audit findings, including recommendations for remediation and improvement. Collaborate with internal and external auditors to facilitate audit engagements and address audit findings. Track and monitor the implementation of audit recommendations to ensure timely resolution. Regulatory Compliance: Interpret and apply relevant regulatory requirements, including NIST Cybersecurity Framework, ISO 27001, and RBI guidelines. Conduct gap assessments against regulatory requirements to identify areas of non-compliance and develop remediation plans. Coordinate with business units and stakeholders to implement controls and measures to achieve compliance objectives. Prepare documentation and evidence to demonstrate compliance with regulatory requirements. Stay informed about changes in regulations and standards and assess their impact on the organization's compliance posture. IT Security Compliance: Establish and maintain IT security policies, standards, and guidelines in accordance with regulatory requirements and industry best practices. Conduct periodic reviews and assessments to ensure adherence to security policies and standards. Implement controls and measures to mitigate security risks and vulnerabilities. Monitor and analyse security events and incidents to detect and respond to security breaches. Provide guidance and support to business units on security compliance matters. Business Continuity Management (BCM) and Disaster Recovery (DR): Develop and maintain business continuity and disaster recovery plans aligned with organizational objectives and regulatory requirements. Run BCP/DR frameworks Conduct business impact analyses and risk assessments to identify critical business functions and dependencies. Coordinate the development, testing, and maintenance of BCM and DR plans. Ensure alignment between BCM/DR plans and IT systems, applications, and infrastructure. Provide training and awareness programs to ensure effective response and recovery during emergencies. Vulnerability Assessment (VA): Plan and execute vulnerability assessment activities to identify security weaknesses and vulnerabilities in IT infrastructure and applications. Utilize automated scanning tools and manual techniques to identify and prioritize vulnerabilities based on risk. Analyse and interpret scan results to provide actionable recommendations for remediation. Coordinate remediation efforts with IT teams to address identified vulnerabilities in a timely manner. Monitor and track the status of vulnerability remediation efforts and report on progress to stakeholders. In summary, this role involves a comprehensive approach to managing IT governance, risk, and compliance, along with conducting IT security audits, ensuring compliance with regulatory requirements such as NIST, ISO 27001, and RBI guidelines, and overseeing BCM, DR, and VA activities. Effective communication, collaboration, and coordination with various stakeholders are essential for success in this role. Digital Personal Data Protection Act (DPDPA) and GDPR Compliance: Interpret and ensure compliance with the provisions of the Digital Personal Data Protection Act (DPDPA) and the General Data Protection Regulation (GDPR), as applicable. Conduct data protection impact assessments (DPIAs) to identify and mitigate risks associated with the processing of personal data. Develop and maintain data protection policies, procedures, and controls to safeguard the privacy and confidentiality of personal data. Implement measures such as data encryption, pseudonymization, and access controls to protect personal data from unauthorized access and disclosure. Establish mechanisms for obtaining and managing consent for the processing of personal data in accordance with regulatory requirements. Monitor and respond to data subject requests (e.g., access requests, erasure requests) in compliance with GDPR and DPDPA requirements. Facilitate training and awareness programs to ensure compliance with data protection regulations and promote a culture of privacy within the organization. Collaborate with legal and compliance teams to address data protection issues and ensure alignment with regulatory requirements. Maintain records of processing activities and data protection measures to demonstrate compliance with GDPR and DPDPA obligations. Conduct regular audits and assessments to evaluate the effectiveness of data protection controls and identify areas for improvement. Competencies: Proactively contribute to leadership & handle work stress & people skills Strong analytical skills, problem solving skills, and project/program management skills Excellent communication skills working with all levels of management across the entire organization Ability to handle team strength and work cohesively Ability to act in Leadership position Work and stretch as required in corporate scenario Extrovert and Outspoken Experience Needed: 8+ years' demonstrable experience in IT security GRC management, IT security project management, IT & Data security policy management, and other security practices w.r.t Cloud Infra , Basic IT infra design and architecture Hands-on experience with designing, implementing and managing security IT GRC programs Past experience managing a small to mid-sized team Educational Requirements: Bachelor's degree or equivalent business experience in Computer Science, Business Management. Certified training in IT & Data security management, risk and compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, ISO 27K LA or related certification will be added advantage

Job Description: Cloud Segment Information Security Officer (SISO GL28) Location- Gurgaon Position Overview: The Cloud Segment Information Security Officer (SISO) is responsible for overseeing and implementing security measures to protect the organizations cloud-based data and infrastructure. This role involves developing cloud-specific security strategies, managing risks, ensuring compliance, and leading incident response efforts. A key aspect of this role is fostering strong relationships and partnerships with business leaders and stakeholders to ensure security measures align with business objectives. Key Responsibilities: Cloud Security Strategy: Develop and implement security strategies tailored to the cloud segment to ensure the protection of cloud-based data and infrastructure. Risk Management: Identify, assess, and mitigate security risks associated with cloud operations and technologies. Incident Response: Lead incident response efforts for security breaches within the cloud segment, including investigation, containment, and remediation. Compliance: Ensure compliance with relevant cloud-specific regulations and standards. Collaboration: Work closely with other IT teams and cloud segment leaders to integrate security measures into cloud services and applications. Training and Awareness: Support security training and awareness programs for employees within the cloud segment to promote a security-conscious culture. Policy Development: Develop and enforce security policies and procedures specific to cloud operations. Audit and Assessment: Support security audits and assessments to ensure the effectiveness of security measures within the cloud segment. Business Partnership: Foster strong relationships with business leaders and stakeholders to ensure security measures support and enhance business objectives. Collaborate with business units to understand their needs and provide tailored cloud security solutions. Qualifications: Proven experience in developing and implementing cloud security strategies. Strong knowledge of cloud risk management and security architecture. Experience in leading cloud incident response efforts. Familiarity with cloud compliance regulations and security monitoring tools. Excellent collaboration and communication skills. Ability to conduct training and develop cloud security policies. Experience in conducting cloud security audits and assessments. Demonstrated ability to build and maintain relationships with business leaders and stakeholders. At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyoneof every race, gender, sexuality, age, location and incomedeserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes an enterprise priority reflected in our mission. njp

Job Description: Cloud Segment Information Security Officer (SISO GL28) Location Gurgaon Position Overview: The Cloud Segment Information Security Officer (SISO) is responsible for overseeing and implementing security measures to protect the organizations cloud-based data and infrastructure. This role involves developing cloud-specific security strategies, managing risks, ensuring compliance, and leading incident response efforts. A key aspect of this role is fostering strong relationships and partnerships with business leaders and stakeholders to ensure security measures align with business objectives. Primary Responsibilities: Cloud Security Strategy: Develop and implement security strategies tailored to the cloud segment to ensure the protection of cloud-based data and infrastructure Risk Management: Identify, assess, and mitigate security risks associated with cloud operations and technologies Incident Response: Lead incident response efforts for security breaches within the cloud segment, including investigation, containment, and remediation Compliance: Ensure compliance with relevant cloud-specific regulations and standards Collaboration: Work closely with other IT teams and cloud segment leaders to integrate security measures into cloud services and applications Training and Awareness: Support security training and awareness programs for employees within the cloud segment to promote a security-conscious culture Policy Development: Develop and enforce security policies and procedures specific to cloud operations Audit and Assessment: Support security audits and assessments to ensure the effectiveness of security measures within the cloud segment Business Partnership: Foster strong relationships with business leaders and stakeholders to ensure security measures support and enhance business objectives. Collaborate with business units to understand their needs and provide tailored cloud security solutions Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Proven experience in developing and implementing cloud security strategies Experience in leading cloud incident response efforts Experience in conducting cloud security audits and assessments Solid knowledge of cloud risk management and security architecture Familiarity with cloud compliance regulations and security monitoring tools Proven excellent collaboration and communication skills Demonstrated ability to conduct training and develop cloud security policies Demonstrated ability to build and maintain relationships with business leaders and stakeholders At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyoneof every race, gender, sexuality, age, location and incomedeserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes an enterprise priority reflected in our mission.

Primary Responsibilities: Writing clean, maintainable and testable code to develop software features Reproduce bugs, investigate root cause and develop fix Review code and offer technical support to fellow team members as needed Communicate effectively with technical and non-technical stakeholders Work closely with various teams that own Systems of Records or Sources of Truth to query, analyze, sanitize, and ingest their data into our knowledge graph Think critically to analyze data and gather insights that lead to high-value decisions that improve the security posture across the enterprise Stay updated with the latest technologies and industry trends to continuously improve the teams capabilities. Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Undergraduate degree in Computer Science, Engineering, or a related field, or equivalent experience Hands-on experience authoring highly performance SQL queries, working with a wide variety of databases including RDBMS as well as NoSQL databases Hands-on experience authoring scalable, high-performance APIs (REST) Hands-on experience with automated testing Experience with engineering projects hosted in public cloud AWS, Azure or GCP Solid proficiency in TypeScript Good understanding of CI/CD pipelines Ability to deal with ambiguity, changing and often conflicting priorities, to plan and execute while balancing timeliness, quality of deliverables Proven excellent problem-solving skills and a proactive, go-getter attitude Ability to work collaboratively with globally distributed teams in a fast-paced agile development environment and manage time effectively Preferred Qualifications: Experience with Apollo Server, GraphQL Experience with graph databases and Meilisearch or Elasticsearch Experience with Containers and Kubernetes Understanding of Network Security in cloud and on-prem hosting environments Points to note: Flexible to work in and overlap with teams in India as well as teams based on US (between 7 AM Central Time 11 AM Central Time) At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone of every race, gender, sexuality, age, location and income deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes an enterprise priority reflected in our mission. #njp ##SSTech

Primary Responsibilities: Perform audits to identify control gaps and implement corrective action plans Ensure alignment of security policies/standards with IT infrastructure frameworks (e.g., ISO 2700x, NIST, ITIL) Monitor compliance with corrective action plans, and address non-compliance issues appropriately Demonstrate understanding of discovery technologies to identify system vulnerabilities (e.g. scanning tools) Establish appropriate security controls based on defined data classifications to align with applicable laws/regulations/standards Facilitate/lead security incident investigation Analyze business requirements and ensure that solutions meet established security policies and controls Maintain metrics and ensure reporting as appropriate Maintain current knowledge on information security topics and their applicability program requirements Communicate professionally with stakeholders/end users through multiple communication Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications: Bachelors degree or higher level of education 6+ years of Information security experience Experience with ISO27001 (ISMS), ISO31000 (Risk management), HITRUST CSF, NIST Cybersecurity Framework, SOC Type1/2 Demonstrated auditing skills and the ability to manage risk assessments / projects independently Demonstrated excellent communication skills both verbal and written Demonstrated good presentation skills particularly ability to present technology elements in manner personnel can follow and act Preferred Qualification: CISSP, CISA or ISO27001 Lead Implementer or Lead Auditor certification At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyoneof every race, gender, sexuality, age, location and incomedeserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes an enterprise priority reflected in our mission.

This role involves the development and application of engineering practice and knowledge in designing, managing and improving the processes for Industrial operations, including procurement, supply chain and facilities engineering and maintenance of the facilities. Project and change management of industrial transformations are also included in this role. Job Description - Grade Specific Focus on Industrial Operations Engineering. Develops competency in own area of expertise. Shares expertise and provides guidance and support to others. Interprets clients needs. Completes own role independently or with minimum supervision. Identifies problems and relevant issues in straight forward situations and generates solutions. Contributes in teamwork and interacts with customers. Skills (competencies)

Who we think will be a great fit. A passion for information security with a hacker mindset! Self-motivation and Proactiveness Communication skills What we need... We want people with preferably two or more, of the following: 1. Web Application Security Testing. Knowledge about BURP Suite, manual and automated SQLi Bypass filters that detect SQLi, XSS, etc. People who don't think Injection means only SQLi but SSTI, SSJI, ORMi [HQLi], LDAPi, Eli, XMLi etc. 2. Network Infrastructure Testing. Ability to write custom scripts and wrappers. Knowledge of tools like Responder, Ettercap, tcpdump, Empire, etc.not just Nmap and Nessus Have good knowledge about PowerShell scripting and AD/DC infrastructure. 3. Mobile App Testing. Root/jailbreak and Certificate pinning bypass without any automated tool Dynamic instrumentation using Frida De-obfuscation of APK/IPA file 4. IoT Testing. MQTT attacks Fuzzing of IoT devices Firmware extraction 5. Cloud Testing. A good understanding of the cloud infrastructure that includes AWS, Azure and Google cloud. Have a good understanding of microservices architecture. 6. Secure Code Review. Ability to visualize and compile applications without any compiler (in your mind). Has the ability to learn a new programming language on-the-go. Preferred candidate profile : Candidates with relevant professional experience will be given preference.

Hiring Security Engineers @ Fintech Product Company in Chennai Experience Range: 4 - 8 years Looking for candidates to join in less than or 30 days notice period. Experience Over 4 years of hands-on experience in designing and implementing robust security systems. Deep expertise in Linux and network security, with a thorough understanding of both at an architectural level. Strong foundational knowledge in security engineering, with proficiency in authentication protocols, security frameworks, and applied cryptography. Expertise in scripting using one or more languages such as Perl, Python, Go, or Shell, with a focus on automation and efficiency. A dedicated security professional, passionate about identifying and mitigating emerging threats, while continuously updating knowledge of evolving security technologies. Excellent interpersonal skills, capable of effectively communicating complex security concepts across various teams and departments. Desirable Skills Experience with leading cloud platforms like AWS, Google Cloud, or Azure. Proven experience in implementing and managing HIDS/NIDS, FIM, and SIEM solutions for enhanced security monitoring. Familiarity with directory services and single sign-on (SSO) solutions, improving organizational access control. Strong knowledge of vulnerability management, patch automation, and VA/PT (Vulnerability Assessment & Penetration Testing) methodologies. Understanding of key security standards such as ISO 27001 and PCI-DSS, providing compliance and best practices.

Our story At Alight, we believe a company s success starts with its people. At our core, we Champion People, help our colleagues Grow with Purpose and true to our name we encourage colleagues to Be Alight. Our Values: Champion People - be empathetic and help create a place where everyone belongs. Grow with purpose - Be inspired by our higher calling of improving lives. Be Alight - act with integrity, be real and empower others. It s why we re so driven to connect passion with purpose. Alight helps clients gain a benefits advantage while building a healthy and financially secure workforce by unifying the benefits ecosystem across health, wealth, wellbeing, absence management and navigation. With a comprehensive total rewards package, continuing education and training, and tremendous potential with a growing global organization, Alight is the perfect place to put your passion to work. Join our team if you Champion People, want to Grow with Purpose through acting with integrity and if you embody the meaning of Be Alight. Learn more at careers.alight.com . As a Senior Cloud Security Analyst , you will play a critical role in ensuring the security and compliance of our cloud infrastructure. You ll collaborate with cross-functional teams to design, implement, and maintain robust security measures across our cloud platforms. Your expertise will be instrumental in safeguarding our systems, data, and applications. You will assist in the wider operational activities including but not limited to validating and addressing identified security risks, Data Security, SOC1/SOC2 Audits, Client Audits, security certifications, vulnerability testing and support management teams during security incident events. You should be confident and capable of explaining the risk and remediation positions for threats as part of the global security incident management process related to cloud security. Duties & Responsibilities Cloud Security Posture Management (CSPM): Drive remediation of open security risks. Collaborate with the Information Security and compliance team to develop global cloud security architecture and maturity standards. Evaluate and respond to alerts and events from security tools, fine-tuning configurations to minimize false positives. Develop event response documentation and processes for the Security Operations Center. Work closely with Cloud Operations teams to define and implement security standards and best practices. Maintain documentation and diagrams for security tools, system environments, and cloud operations. Host Configuration Management: Conduct regular scans of host configurations to identify configuration violations and ensure compliance with security policies and CIS Benchmarks. Develop and implement remediation plans for identified violations. Collaborate with IT and DevOps teams to ensure secure configurations are maintained. Cloud Workload Protection: Perform vulnerability assessment on container images and containerized environments using industry standard tools. Identify, assess, assign, and report vulnerabilities throughout the container lifecycle. Work with development teams to ensure vulnerabilities are addressed in a timely manner. Implement security controls and best practices for container orchestration platforms. Combine security assessment tools with automation to proactively identify and remediate vulnerabilities. Collaborate with functional-area architects and security specialists to ensure adequate controls are in place. Incident Response Monitoring: Monitor and analyze security logs and events. Respond promptly to security incidents, investigating and containing threats. Work within a DevOps security model to automate incident response. Serve as a subject matter expert (SME) for security tools and processes. Position Requirements: Bachelor s or Master s degree in Computer Science, Engineering, Information Security, or similar boot camp certifications. Relevant certifications (e.g., AWS, CISSP, CCSP, CISM, GSEC) are highly desirable. Proven experience in cloud security, vulnerability management, and/or incident response. Strong knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud-optional). Familiarity with security assessment tools (e.g. Host Configuration Management, Cloud Security Posture Management (CSPM), cloud native tools, Vulnerability scanners, etc). Experience with developing and managing software application(s), APIs, or cloud infrastructure Familiarity with one to many programing languages and infrastructure as Code (IAC) Ability to collaborate effectively with cross-functional global teams. Alight requires all virtual interviews to be conducted on video. Flexible Working So that you can be your best at work and home, we consider flexible working arrangements wherever possible. Alight has been a leader in the flexible workspace and Top 100 Company for Remote Jobs 5 years in a row. Benefits We offer programs and plans for a healthy mind, body, wallet and life because it s important our benefits care for the whole person. Options include a variety of health coverage options, wellbeing and support programs, retirement, vacation and sick leave, maternity, paternity & adoption leave, continuing education and training as well as several voluntary benefit options. By applying for a position with Alight, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Alight s employment policies. Background checks may include some or all the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position. Our commitment to Inclusion We celebrate differences and believe in fostering an environment where everyone feels valued, respected, and supported. We know that diverse teams are stronger, more innovative, and more successful. At Alight, we welcome and embrace all individuals, regardless of their background, and are dedicated to creating a culture that enables every employee to thrive. Join us in building a brighter, more inclusive future. As part of this commitment, Alight will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If reasonable accommodation is needed, please contact alightcareers@alight.com . Equal Opportunity Policy Statement Alight is an Equal Employment Opportunity employer and does not discriminate against anyone based on sex, race, color, religion, creed, national origin, ancestry, age, physical or mental disability, medical condition, pregnancy, marital or domestic partner status, citizenship, military or veteran status, sexual orientation, gender, gender identity or expression, genetic information, or any other legally protected characteristics or conduct covered by federal, state, or local law. In addition, we take affirmative action to employ, disabled persons, disabled veterans and other covered veterans. Alight provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities and sincerely held religious beliefs, practices and observances, unless doing so would result in undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting their recruiter. Authorization to work in the Employing Country Applicants for employment in the country in which they are applying (Employing Country) must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the Employing Country and with Alight. Note, this job description does not restrict managements right to assign or reassign duties and responsibilities of this job to other entities; including but not limited to subsidiaries, partners, or purchasers of Alight business units. We offer you a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization. ."

Architect, implement, and maintain secure, high-performance network infrastructure. Deploy and manage firewalls, routers, switches, VPNs, IDS/IPS, and secure wireless environments. Lead network security initiatives including segmentation, policy enforcement, and hardening. Conduct network security audits and vulnerability assessments with detailed reporting. Proactively monitor for threats, perform incident response, and mitigate risks. Ensure compliance with cybersecurity best practices, industry frameworks, and client policies. Help deploy, configure, and maintain SIEM platforms (e.g., Splunk, LogRhythm, Sentinel, etc) to aggregate logs and detect anomalies. Perform log analysis, threat hunting, and correlation rule tuning within SIEM systems. Help manage and monitor endpoint protection platforms (e.g., CrowdStrike, SentinelOne, Sophos, EDR/XDR solutions). Collaborate with internal teams and clients to develop tailored network and endpoint security solutions. Act as a subject matter expert (SME) on networking and cybersecurity during sales, planning, and strategy sessions. Document network architectures, policies, configurations, and processes. Manage and lead infrastructure upgrades, migrations, and disaster recovery planning. Stay current with emerging threats, technologies, and compliance regulations. Requirements Degree in Information Systems, Computer Science, Cybersecurity, or equivalent work experience. 8-10 years of enterprise networking and infrastructure experience.

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modelling: Ability to conduct threat modelling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Our technologies are at the heart of modern applications that are enabling digital transformation across the globe! We give the worlds largest businesses, service providers, governments, and consumer brands the ability to securely deliver every app, anywherewith confidence. We do this by working collaboratively in an innovative environment, helping each other succeed. We take extraordinary pride in being trusted advisers to our customers, offering the best solutions for their interests. If our mission and culture excite you, we would love to talk with you! We are seeking a Distributed Cloud Support Engineer II who is hardworking and committed to customer success. You are comfortable in both the Support and Engineering environments, translating technical documentation and conversations into clear, concise directions for customers and partners. You are passionate about helping our customers tackle and solve problems. You will provide support via phone, email, messaging, and web portal. Support requests range in complexity from "how to" questions through involved debugging and forensic efforts when prioritizing operational issues. Visualizing problems remotely is key to being successful in this role along with excellent analytic and troubleshooting skills. You will have a significant career growth opportunity within a fast-paced SaaS company. What will you do Fix reported issues and advocate for the customer. Collaborate with sales and engineering teams to provide support to resellers, service provider and enterprise customers, as well as end users via telephone, e-mail, Slack and the web portal. Issue reproduction and concise documentation of solutions provided through technical notes, case studies and knowledge base articles. Critical issue management and customer assurance when handling reported issues. Coordinate fixes by Engineering or Developers when required and relay appropriate information to our partners and customers. Provide recommendations on how to improve supportability, reliability, availability, and serviceability based on lessons learned through issue resolution. Training and enabling our service partners to ensure that they can sufficiently support customer issues. How do you qualify 2 or more years of experience working in an operations environment. Background in customer service/support and IT, networking, or IT security incident management. Experience driving efficiencies, handling growth, and delivering results. Good understanding of IT, Network, or IT SOC best practices and a real passion for continuous improvement. Strong organizational skills and work well with contacts in various business subject areas. Conversationally and technically fluent in English verbally and written. Advantageous to have: Strong understanding of Networking and Layer 7 Protocols. Familiarity with Container technologies (Docker and Kubernetes). Knowledge of Data Representation types (XML, JSON, YAML). Public cloud experience with Amazon Web Services (AWS), Google Cloud Platform (GCP) and/or Microsoft Azure is preferred. Security product/solutions experience (Firewalls, WAFs, DDoS Mitigation) is preferred. Strong troubleshooting skills, independent and collaborative. Approachable disposition and steadfast in delivering. Ability to prioritize and multitask when leading sophisticated technical issues. Proven understanding of routing and switching technologies. Ability to read different scripting and automation languages (Python, Shell and Ansible). Bachelors degree in technologically relatable field or equivalent practical experience. Physical Demands and Work Environment This role requires availability outside normal business hours to align with the distributed team or to respond to critical security events. Some travel may be required (less than 10%). The is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change. Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com ) . Equal Employment Opportunity It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates . Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.

Role Profile Senior Application Security Engineer Department Information Security/ Cybersecurity Reports ToManager / Lead Security Engineer Location :Hyderabad (WFO) Role Summary: The Security Engineer will play a critical role in strengthening the security posture of applications and infrastructure by implementing secure development practices, performing vulnerability assessments, and integrating security into the SDLC. The ideal candidate will have hands-on experience with OWASP ASVS, security testing tools like ZAP, and a solid understanding of Python-based backend systems. Key Responsibilities: Implement and enforce security policies aligned with OWASP ASVS 4.0.3. Conduct Static and Dynamic Application Security Testing (SAST/DAST) using tools such as ZAP, Fortify, Burp Suite, and GitHub security. Collaborate with DevOps teams to embed security in CI/CD pipelines. Perform threat modelling and risk assessments for applications and APIs. Identify and remediate security vulnerabilities in Python-based services. Prepare and support documentation for STQC audits and other compliance processes. Create and maintain secure coding guidelines for developers. Track and manage vulnerabilities using centralized dashboards or ticketing systems. Collaborate with developers and QA teams during SDLC to ensure secure code deployment. Required Qualifications & Skills: 810 years of Overall experience in IT . 56 years of hands-on experience in Application Security. Strong knowledge of OWASP Top 10 and OWASP ASVS frameworks. Practical experience with ZAP, Fortify, Burp Suite, or similar tools. Good understanding of Python backend services and typical security flaws. Knowledge of CI/CD security integration tools and methodologies. Familiarity with STQC security processes and regulatory compliance documentation. Knowledge of SAST/DAST/IAST methodologies and modern DevSecOps practices. Bachelors degree in computer science, Cybersecurity, or related discipline. Soft Skills: Strong analytical and problem-solving abilities. Excellent written and verbal communication skills. Collaboration and team orientation. High attention to detail and documentation. Strong stakeholder management across development, DevOps, and compliance teams. Preferred Qualifications: Certifications such as OSCP, CISSP, CEH, or GWAPT. Exposure to cloud security (AWS/GCP/Azure). Scripting knowledge for automation using Python or Bash. Experience with container and Kubernetes security tools. Key Relationships: InternalDevelopment Teams, DevOps Teams, QA Teams, Compliance Team, Product Owners ExternalAuditors, Regulatory Authorities (e.g., for STQC), Security Vendors Role Dimensions: Team Size: Individual contributor or small security team lead Scope: Application security coverage across all internal and external apps Impact: High directly impacts risk mitigation, compliance, and secure software delivery Success Measures (KPIs): % of vulnerabilities resolved within SLA Number of applications onboarded to security tools Security issues found in pre-production vs post-deployment Developer adoption rate of secure coding practices STQC and other audit clearance rates Mean time to detect and remediate vulnerabilities Competency Framework Alignment: Technical Expertise Deep understanding of of AppSec tools and practices Results Orientation Works cross-functionally with technical teams Problem Solving Strong in analysing and resolving security issues Communication Explains complex security concepts to non-tech teams Adaptability Takes ownership of vulnerabilities and resolutions

Date 31 May 2025 Location: Bangalore, IN Company Alstom At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars. Could you be the full-time Security into Project Specialist in Bangalore were looking for Your future role Take on a new challenge and apply your cybersecurity and project management expertise in a new cutting-edge field. Youll work alongside innovative, dedicated teammates. You'll ensure the robust integration of security within our IS&T projects, safeguarding our digital initiatives. Day-to-day, youll work closely with teams across the business (Security Architecture, GRC and ISMS team, Architects, Project Managers and PMO, Business teams), review and approve security deliverables and much more. Youll specifically take care of validating Security Inquiry for Partners (SIP) and ensuring secure configurations are applied, but also make informed decisions about security acceptance based on residual risk and asset value. Well look to you for: Reviewing and approving security deliverables Ensuring the application of the "Security into Project" policy Validating and signing off on Security Inquiry for Partners Applying secure configurations for projects or business initiatives Making decisions on security acceptance Implementing design patterns and standards All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Degree in Engineering/Technology Experience or understanding of cybersecurity, architecture and design Knowledge of security architecture and infrastructure Familiarity with cloud solutions (Microsoft Azure/O365) A CISSP or CISM certification Ability to analyze technical risks and vulnerabilities Fluency in English Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges and a long-term career free from boring daily routines Work with cutting-edge security standards for rail signalling Collaborate with transverse teams and supportive colleagues Contribute to innovative projects that shape the future of transportation Utilise our dynamic working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development, through award-winning learning Progress towards leadership roles within the cybersecurity domain Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, youll be proud. If youre up for the challenge, wed love to hear from you! Important to note As a global business, were an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.