384 Vulnerability Jobs - Page 7

The key job responsibilities include the following: Security monitoring Sentinel One Incidence response Security analytics Proactive threat hunting Threat Intelligence platform - consisting of Indicators of Compromise (IOC) and other threat intel (vulnerabilities strategic tactical etc.) User & entity behavioral Anomaly detection Vulnerability scanning and threat detection. Monitoring contemporary threats and plans to respond to those. Assessment for the Application security /Monitoring and post assessment if feasible Service provider to perform application security monitoring. Preferable (Nice to have) skill Relevant professional certifications, such as CISSP, CISM, CEH, or other security certifications. The Key Skills Required. Hands-on experience with security technologies, such as firewalls, IDS/IPS, SIEM, EDR, antivirus, and vulnerability scanning tools. Must have 2 to 5 years of experience with Sentinel One. Threat Modelling, Firm IT security mind-set. Advanced knowledge about Windows Server, Windows Clients, Linux Server. In-depth understanding of different types of security vulnerabilities (e.g. SQL injection, XSS, buffer overflow). Understanding of attack vectors, Familiarity with different network topologies and protocols such as TCP/IP, DNS, HTTP(S), SMTP, VLANs, VPNs, and routing/switching. Firm knowledge of technical details of SMTP / e-mail in general and therefore to analyse e-mail headers in order to determine additional data such as real origin etc. Expert regarding the operation of Outlook & Exchange from a user s perspective Firm grasp of phishing techniques and e-mail based attack patterns Commitment to continuous learning. Familiarity with security-related regulations, such as GDPR, HIPAA, and PCI-DSS. Excellent verbal, written, and interpersonal communication skills, especially ability to break down complex technical information to non-technical stakeholders and articulate the impact of security design flaws, attack surfaces and vulnerabilities.

Scientific Games: Scientific Games is the global leader in lottery games, sports betting and technology, and the partner of choice for government lotteries. From cutting-edge backend systems to exciting entertainment experiences and trailblazing retail and digital solutions, we elevate play every day. We push game designs to the next level and are pioneers in data analytics and iLottery. Built on a foundation of trusted partnerships, Scientific Games combines relentless innovation, legendary performance, and unwavering security to responsibly propel the global lottery industry ever forward. Position Summary Job Description Information Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Maintains hardware, software and network firewalls and encryption protocols. Administers cybersecurity policies to control physical and virtual access to systems. Performs network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. Conducts penetration testing and vulnerability assessments of applications, operating systems and/or networks. Responds to cybersecurity breaches, identifies intrusions and isolates, blocks and removes unauthorized access. Researches and evaluates cybersecurity threats and performs root cause analysis. Assists in the creation and implementation of security solutions. Provides information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Supervisory Responsibilities This position has no supervisory responsibilities. Job Level Description Works on short-term assignments that often require the application of independent judgment. Fully competent, career-level individual contributor. Qualifications Education Bachelors degree in related field. Years of Related Experience Years of experience 5 to 8 years Physical Requirements The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit, stand, walk, bend, use hands, operate a computer, and have specific vision abilities to include close and distance vision, and ability to adjust focus working with computer and business equipment. Work Conditions Scientific Games, LLC and its affiliates (collectively, SG ) are engaged in highly regulated gaming and lottery businesses. As a result, certain SG employees may, among other things, be required to obtain a gaming or other license(s), undergo background investigations or security checks, or meet certain standards dictated by law, regulation or contracts. In order to ensure SG complies with its regulatory and contractual commitments, as a condition to hiring and continuing to employ its employees, SG requires all of its employees to meet those requirements that are necessary to fulfill their individual roles. As a prerequisite to employment with SG (to the extent permitted by law), you shall be asked to consent to SG conducting a due diligence/background investigation on you. This job description should not be interpreted as all-inclusive; it is intended to identify major responsibilities and requirements of the job. The employee in this position may be requested to perform other job-related tasks and responsibilities than those stated above. SG is an Equal Opportunity Employer and does not discriminate against applicants due to race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class. If you d like more information about your equal employment opportunity rights as an applicant under the law, please click here for EEOC Poster .

Scientific Games: Scientific Games is the global leader in lottery games, sports betting and technology, and the partner of choice for government lotteries. From cutting-edge backend systems to exciting entertainment experiences and trailblazing retail and digital solutions, we elevate play every day. We push game designs to the next level and are pioneers in data analytics and iLottery. Built on a foundation of trusted partnerships, Scientific Games combines relentless innovation, legendary performance, and unwavering security to responsibly propel the global lottery industry ever forward. Position Summary Job Description Information Security Analyst: Develops and executes security controls, defenses and countermeasures to intercept and prevent internal or external attacks or attempts to infiltrate company email, data, e-commerce and web-based systems. Maintains hardware, software and network firewalls and encryption protocols. Administers cybersecurity policies to control physical and virtual access to systems. Performs network security audits and testing and evaluates system security configurations to ensure efficacy and compliance with policies and procedures. Conducts penetration testing and vulnerability assessments of applications, operating systems and/or networks. Responds to cybersecurity breaches, identifies intrusions and isolates, blocks and removes unauthorized access. Researches and evaluates cybersecurity threats and performs root cause analysis. Assists in the creation and implementation of security solutions. Provides information to management regarding impact on the business caused by theft, destruction, alteration or denial of access to information and systems. Supervisory Responsibilities This position has no supervisory responsibilities. Job Level Description Works on defined tasks that sometimes require the application of independent judgment. Developing individual contributor. Qualifications Education Bachelors degree in related field. Years of Related Experience Years of experience 2 to 5 years Physical Requirements The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit, stand, walk, bend, use hands, operate a computer, and have specific vision abilities to include close and distance vision, and ability to adjust focus working with computer and business equipment. Work Conditions Scientific Games, LLC and its affiliates (collectively, SG ) are engaged in highly regulated gaming and lottery businesses. As a result, certain SG employees may, among other things, be required to obtain a gaming or other license(s), undergo background investigations or security checks, or meet certain standards dictated by law, regulation or contracts. In order to ensure SG complies with its regulatory and contractual commitments, as a condition to hiring and continuing to employ its employees, SG requires all of its employees to meet those requirements that are necessary to fulfill their individual roles. As a prerequisite to employment with SG (to the extent permitted by law), you shall be asked to consent to SG conducting a due diligence/background investigation on you. This job description should not be interpreted as all-inclusive; it is intended to identify major responsibilities and requirements of the job. The employee in this position may be requested to perform other job-related tasks and responsibilities than those stated above. SG is an Equal Opportunity Employer and does not discriminate against applicants due to race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class. If you d like more information about your equal employment opportunity rights as an applicant under the law, please click here for EEOC Poster .

About Atos Atos is a global leader in digital transformation with c. 78,000 employees and annual revenue of c. 10 billion. European number one in cybersecurity, cloud and high-performance computing, the Group provides tailored end-to-end solutions for all industries in 68 countries. A pioneer in decarbonization services and products, Atos is committed to a secure and decarbonized digital for its clients. Atos is a SE (Societas Europaea) and listed on Euronext Paris. . Key Responsibilities: Configuration, Monitoring & Management: Primarily focusing on Web Application Firewalls (WAF) such as F5, AWS WAF, Cloudflare, and Imperva. Installation & Troubleshooting: Hands-on experience with the installation, configuration, monitoring, and management of WAFs. Ticketing Tools: Independent handling and managing of ticketing tools like Symphony, CDC and Google Soar Daily Tasks: WAF Management: Configuration, updates, upgrades, and troubleshooting of WAFs. Health Checks: Conducting daily, weekly, and monthly health checks of WAFs and other network security devices. Interactions: Communicating with OEMs, vendors, partners, end users, and clients regarding WAF-related issues. Activity Updates: Keeping track of activities and updating tickets for incidents and service requests related to WAFs. Analysis & Improvement: Analysing WAF-related tickets and participating in continuous improvement activities. Technical Skills: WAF Configuration and Management: Proficiency in configuring, managing, and optimizing WAF solutions. Web Security Protocols: Strong understanding of HTTP/HTTPS protocols and web application communication. OWASP Top Ten: Familiarity with common web application vulnerabilities such as SQL injection and cross-site scripting (XSS). Security Policies and Rulesets: Ability to develop and enforce security policies and rulesets tailored to specific web applications. Vulnerability Testing: Experience with vulnerability testing tools and techniques to identify and mitigate security weaknesses. Analytical Skills: Traffic Analysis: Monitoring and analysing network traffic to detect and respond to suspicious activities. Incident Response: Conducting incident response and forensic analysis in the event of a security breach. Continuous Monitoring: Regularly monitoring WAF security logs and s to stay ahead of potential threats. Skills Web Application Firewall/WAF Here at Atos, diversity and inclusion are embedded in our DNA. Read more about our commitment to a fair work environment for all.

About Atos Atos is a global leader in digital transformation with c. 78,000 employees and annual revenue of c. 10 billion. European number one in cybersecurity, cloud and high-performance computing, the Group provides tailored end-to-end solutions for all industries in 68 countries. A pioneer in decarbonization services and products, Atos is committed to a secure and decarbonized digital for its clients. Atos is a SE (Societas Europaea) and listed on Euronext Paris. The purpose of Atos is to help design the future of the information space. Its expertise and services support the development of knowledge, education and research in a multicultural approach and contribute to the development of scientific and technological excellence. Across the world, the Group enables its customers and employees, and members of societies at large to live, work and develop sustainably, in a safe and secure information space. Key Responsibilities: Configuration, Monitoring & Management: Primarily focusing on Web Application Firewalls (WAF) such as F5, AWS WAF, Cloudflare, and Imperva. Installation & Troubleshooting: Hands-on experience with the installation, configuration, monitoring, and management of WAFs. Ticketing Tools: Independent handling and managing of ticketing tools like Symphony, CDC and Google Soar Daily Tasks: WAF Management: Configuration, updates, upgrades, and troubleshooting of WAFs. Health Checks: Conducting daily, weekly, and monthly health checks of WAFs and other network security devices. Interactions: Communicating with OEMs, vendors, partners, end users, and clients regarding WAF-related issues. Activity Updates: Keeping track of activities and updating tickets for incidents and service requests related to WAFs. Analysis & Improvement: Analysing WAF-related tickets and participating in continuous improvement activities. Technical Skills: WAF Configuration and Management: Proficiency in configuring, managing, and optimizing WAF solutions. Web Security Protocols: Strong understanding of HTTP/HTTPS protocols and web application communication. OWASP Top Ten: Familiarity with common web application vulnerabilities such as SQL injection and cross-site scripting (XSS). Security Policies and Rulesets: Ability to develop and enforce security policies and rulesets tailored to specific web applications. Vulnerability Testing: Experience with vulnerability testing tools and techniques to identify and mitigate security weaknesses. Analytical Skills: Traffic Analysis: Monitoring and analysing network traffic to detect and respond to suspicious activities. Incident Response: Conducting incident response and forensic analysis in the event of a security breach. Continuous Monitoring: Regularly monitoring WAF security logs and s to stay ahead of potential threats. Skills Web Application Firewall/WAF #Eviden Here at Atos, diversity and inclusion are embedded in our DNA. Read more about our commitment to a fair work environment for all. Atos is a recognized leader in its industry across Environment, Social and Governance (ESG) criteria. Find out more on our CSR commitment. Choose your future. Choose Atos.

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Consultant Specialist. In this role, you will: Build strong relationships with CET s ITSO community Work closely with ITSOs, Developers, Architects, and other Technical Leads to understand the end-to-end service and identify where there are any control gaps. Engage with Cybersecurity teams, senior management and members of the Business when confronted with potential security issues. Contribute to process, procedures, and tool identification Ensure PODs/ITSOs adopt best practices of Software Life Cycle Management to mitigate Cyber risk being introduced to the bank. Design and implement vulnerability reporting and monitoring solutions to be consumed by several key stakeholders ranging from CIO to engineer Working with technology product owners to provide remediation assistance to the impacted PODs Working closely with cybersecurity teams and understand critical, high and medium rated patching requirements and then liaise with ITSO s to ensure vulnerabilities are remediated within the Due Date. Maintaining and updating process guides and assisting with controls remediation activities Creating reports for senior stakeholders including presentations for Delivery Assurance and Risk & Control Governance forums Stay up to date with industry new trends and best practices and conduct knowledge sharing sessions for the wider team. Requirements To be successful in this role, you should meet the following requirements: Knowledge and exposure of Risk and Control Management Excellent data analytical skills to analyse various patching & vulnerability reports Ability to understand and assess both threats, controls, and vulnerabilities, articulating these to both technical and business stakeholders Great written and spoken communication skills Proven experience in general security concepts and principles; Knowledge and experience with network, host, and application security practices. Working Knowledge on tools like Cyberport, Cyberflows, Power BI, Kenna, Splunk is desirable.

[{"Salary":null , "Posting_Title":"Trainer - Cyber Security" , "Is_Locked":false , "City":"Gadchiroli" , "Industry":"NGO / Social Services","Job_Description":" Handling students virtually and training and developing skills to be job ready for cybersecurity space. Provide cyber training at an intermediate level for software Engineering/Software development personnel. Preparing Study materials for training students via a variety of training methods for improving training deliveries. Handling student queries effectively and efficiently. Maintain training related to MIS (attendance, feedback forms evaluation scores and certificate issued). Conduct training sessions on cybersecurity fundamentals, ethical hacking, network security, malware analysis, and related topics. Stay updated with the latest cybersecurity trends, threats, and best practices. Conduct workshops and awareness sessions on cybersecurity Requirements Bachelor/Master degree in Cyber Security, Information Technology Computer Science, or a related field. Strong understanding of cybersecurity principles, network security, ethical hacking, firewalls, and intrusion detection systems. Hands-on experience with security tools, penetration testing, and vulnerability assessments. Good communication, presentation, and training skills. Prior experience in training, mentoring, or teaching is an added advantage.

Assist in maintaining the health and performance of Windows and Linux server infrastructure across AWS and Azure environments. Provide day-to-day support for client-managed systems and infrastructure. Monitor systems to identify and respond to issues or anomalies, escalating when necessary. Respond to incidents to ensure timely restoration of services, documenting actions in the ticketing system. Support routine tasks such as patching, system checks, backups, and log reviews. Contribute to change management by assisting with documentation, implementation steps, and rollback procedures. Participate in working sessions to understand and resolve recurring issues. Collaborate with senior engineers to learn and support automation for infrastructure provisioning and deployments. Gain exposure to various platforms including eCommerce, Content Management Systems, and data integration systems. Assist in maintaining infrastructure-as-code (IaC) templates using tools such as Terraform or CloudFormation under the guidance of senior engineers. Assist in setting up and managing monitoring and alerting tools (e.g., CloudWatch, Azure Monitor, Sumo Logic) to improve visibility and reduce response times. Participate in vulnerability scanning and remediation efforts to maintain system security and compliance. Work closely with development teams to resolve infrastructure-related issues. Contribute to monitoring and reporting improvements under guidance. Participate in a team on-call rotation for 24/7 support coverage. Preferred Skills: Foundational knowledge of cloud platforms such as AWS and/or Azure . Basic experience with Linux and Windows system administration. Familiarity with ITIL processes (incident, change, problem management) and ITSM ticketing tools is a plus. Good problem-solving skills and eagerness to learn and grow in cloud and infrastructure technologies. Willingness to work in a team environment and provide support during off-hours as needed. Develop the ability to query and analyse logs using CloudWatch Logs Insights to troubleshoot issues, identify patterns, and support incident response. Willingness to continuously learn to enhance their technical skills

In this role you will be responsible for Penetration Testing and Manual Code Review across Atlassians vast products and systems. You will lead and support others in technically validating the state of Atlassian s technical security, working closely with our security teams and engineering groups. Day-to-day this person will be: Highly experienced in offensive security, penetration testing and application security Providing SME knowledge and guidance to engineering teams Skilled with common exploitation frameworks such as Metasploit, Core Impact Canvas Working knowledge of KALI Linux or other testing distributions and most of the tools within Able to automate pen testing/code review testing workflows and tasks Analysing vulnerability data for trends, gaps Assessing Atlassian s estate and products for potential pen testing scope items On your first day, well expect you to have: The ability to complete a penetration test and code review of a modern cloud application Worked in a senior penetration testing/application security role Experience in automating a testing workflow Experience leading security projects or complex penetration tests Strong, practical understanding of security testing methodologies, supporting infrastructure requirements and awareness of legal considerations Strong collaboration and communication skills when working with closely with deeply technical development and infrastructure teams Experience working with security operations teams to develop detection logic Comfortable operating in and reviewing modern cloud technologies from providers such as AWS, Azure and GCP Its great, but not required, if you have: CVE s to Contributions to open source security software or penetration testing tools Delivered industry presentations Certifications: OSCP, OSCE, OSWE, CREST CRT, GPEN

Some careers shine brighter than others. If you re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further. HSBC is one of the largest banking and financial services organisations in the world, with operations in 64 countries and territories. We aim to be where the growth is, enabling businesses to thrive and economies to prosper, and, ultimately, helping people to fulfil their hopes and realise their ambitions. We are currently seeking an experienced professional to join our team in the role of Vulnerability Remediation Engineer The roles are Vulnerability Remediation Engineer roles with significant focus on technology vulnerabilities and patching. Successful candidates must therefore have strong analyst skills, experience of gathering and managing requirements and technical knowledge as a significant part of the role is working with technical/IAM specialists. In this role, you will: Prioritize remediation of open vulnerabilities Provide vulnerability remediation activity monthly reports Work closely with product owners on Application architecture Discovered vulnerabilities Application and infrastructure dependencies Vulnerabilities categorized under Exception/False positives Interaction with multiple global teams (IT, Product owners, risk teams ) Review deferred item status and revise or implement fixes. Assessment of open vulnerabilities identified by vulnerability scanners (Nessus, Tanium etc. . ) Collaborate and interact with global infrastructure and applications teams Perform remediation of the application and OS vulnerabilities through SSP (Self-service portals), Puppet, SCCM, Jenkins, Tanium and other available tools in the company. Perform on-demand scanning for open vulnerabilities Automate vulnerability remediation and processes through Ansible, Puppet and Jenkins. Requirements To be successful in this role, you should meet the following requirements: Microsoft SQL administration experience Oracle administration experience Windows Server administration experience Linux Server administration experience PowerShell Python Bash ServiceNow Change Management Candidate User Guide - India HTC - IND HSDI : IJP candidate user guide (service-now. com) .

Overview Job Title : Lead and Audit Compliance Specialist Location : Bangalore Aptean is changing. Our bespoke ERP solutions are transforming a huge range of global businesses, from food producers to manufacturers. In a world of generic enterprise software, we provide targeted solutions that bring together the very best technology and drive greater results. With over 3000 employees, 50 different products and a global client base, there s no better time to advance your career at Aptean. APTEAN JOB LEVEL: D APTEAN JOB TITLE:Lead Audit and Compliance Specialist 2. GENERAL JOB SUMMARY About the Role: We are seeking a highly motivated and experienced Audit and Compliance Specialist to join our growing team in Bangalore, India. Identified SME will play a key role in maintaining our compliance posture with industry standards like SOC 2 and ISO 27001, focusing on cloud infrastructure from a Governance, Risk, and Compliance (GRC) perspective. 5. PRINCIPAL DUTIES AND RESPONSIBILITIES Conduct internal audits of security controls and processes related to SOC 2 and ISO 27001 compliance. Assist with the development, implementation, and maintenance of security policies and procedures. Analyze and evaluate the effectiveness of existing security controls and identify areas for improvement. Participate in the design and execution of penetration testing and vulnerability assessments. Work collaboratively with various teams (Security, IT Operations, Cloud Engineering) to remediate identified security risks and control gaps. Maintain and update GRC documentation related to security controls and compliance requirements. Stay up-to-date on industry best practices and regulatory changes related to cloud security and compliance. Assist with the preparation and execution of SOC 2 and ISO 27001 audits. Support the development and implementation of a cloud security GRC program. 6. JOB SPECIFICATIONS Education (Indicate the minimum level of education necessary for this position. Check all that apply and indicate specific degree as applicable to the side (e.g., Bachelor s in Computer Science) Required Preferred Degree/Certification Bachelor s degree Master s degree Ph.D. J.D. (law) Certification: Registration: Licensure: Other: Work Experience 4-6 years of experience in a similar role within a security-conscious organization. Knowledge, Skills and Abilities Experience conducting internal audits of security controls and processes. Strong understanding of SOC 2 and ISO 27001 compliance requirements. Working knowledge of cloud security concepts and best practices (e.g., AWS Security, Azure Security, GCP Security). Proficiency in GRC frameworks and methodologies (e.g., COBIT, COSO). Excellent analytical and problem-solving skills. Strong communication and interpersonal skills, with the ability to collaborate effectively across different teams. Ability to prioritize tasks, manage multiple deadlines, and work independently. Experience with GRC tools (e.g., MetricStream, RSA Archer) is a plus. Strong understanding of internal security audit and policy review processes. CISA, CRISC, or other relevant security certifications are a plus. Shift details: UK Shift Required to work in shift:Yes If Yes Shift Timing- UK DISCLAIMER The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. If you share our mindset, you can share in our success. To find out more about joining Aptean, get in touch today. Learn from our differences. Celebrate our diversity. Grow and succeed together. Aptean pledges to promote a company culture where diversity, equity and inclusion are central. We are committed to applying this principle as we interact with our customers, build our teams, cultivate our leaders and shape a company in which any employee can succeed, regardless of race, color, sex, national origin, sexuality and gender identity, religion, disability or age. Celebrating our diverse experiences, opinions and beliefs allows us to embrace what makes us unique and to use this as an asset in bringing innovative solutions to our customer base. At Aptean, our global and diverse employee base is our greatest asset. It is through embracing and understanding our differences that we are able to harness our individual power to maximize the success of our customers, our employees and our company. - TVN Reddy

About Us . Role Summary We are seeking a detail-oriented and technically skilled Detection Engineer to join our X-OPS team. In this role, you will be responsible for analyzing advanced security threats ranging from malware to complex web attacks and translating threat intelligence into high-fidelity detections across our platform. Your work will help ensure our analysts and clients receive highly accurate, actionable alerts with minimal noise. You will leverage data from over 40 third-party and internal sources, partner with our CTU Threat Intelligence team, and use a range of scripting and automation tools to strengthen detection capabilities. The ideal candidate is a hands-on security practitioner with a deep understanding of endpoint behavior, malware analysis, and detection development who thrives in fast-paced, technical environments. What you will do Develop countermeasures to detect advanced threats based on research and intelligence from the CTU team. Analyze endpoint behaviors and logs to design detections using multi-source telemetry. Continuously refine and monitor detection rules to optimize the signal-to-noise ratio for alerts. Research and implement alert handling for new device ingestions, ensuring high-value signal delivery. Leverage internal tooling to distinguish native from standard integrations for detection accuracy. Collaborate on the development of internal tools, automation, and detection infrastructure. Act as a subject matter expert across departments including Product Management, Marketing, and Labs Research. What you will bring Strong passion for cybersecurity research and the ability to quickly learn emerging technologies. 10+ yrs of relevant experience in threat research, 5+ yrs in detection writing Hands-on experience in scripting languages (PowerShell, Bash, Python) and use of Python data science libraries (e.g., NumPy, Pandas, Matplotlib). Knowledge of CI/CD pipelines, testing frameworks, and automation principles. Proficiency in analyzing logs from firewalls, proxies, and security infrastructure to identify anomalies. Experience in malware analysis, including static/dynamic techniques and reverse engineering (IA32/64, ARM binaries). Forensic analysis of memory and disk images across various OS and file system types. Familiarity with event logs, traffic pattern anomalies, and threat hunting methodologies. Strong understanding of endpoint detection, Linux/Unix and Windows OS internals, vulnerability identification, and workflow automation. Experience with event correlation and incident reconstruction using log data is a plus, Network traffic analysis skills, including identification of anomalous or malicious traits is a plus. Solid grasp of database querying, systems architecture, and process automation for operational improvements is a nice to have. #LI-Remote #B2 Ready to Join Us? At Sophos, we believe in the power of diverse perspectives to fuel innovation. Research shows that candidates sometimes hesitate to apply if they dont check every box in a job description. We challenge that notion. Your unique experiences and skills might be exactly what we need to enhance our team. Dont let a checklist hold you back we encourage you to apply. Whats Great About Sophos? Sophos operates a remote-first working model, making remote work the primary option for most employees. However, some roles may necessitate a hybrid approach. Please refer to the location details in our job postings for further information. Our people we innovate and create, all of which are accompanied by a great sense of fun and team spirit Employee-led diversity and inclusion networks that build community and provide education and advocacy Annual charity and fundraising initiatives and volunteer days for employees to support local communities Global employee sustainability initiatives to reduce our environmental footprint Global fitness and trivia competitions to keep our bodies and minds sharp Global wellbeing days for employees to relax and recharge Monthly wellbeing webinars and training to support employee health and wellbeing Our Commitment To You We re proud of the diverse and inclusive environment we have at Sophos, and we re committed to ensuring equality of opportunity. We believe that diversity, combined with excellence, builds a better Sophos, so we encourage applicants who can contribute to the diversity of our team. All applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, sex, gender reassignment, marital status, race, religion or belief, color, age, military veteran status, disability, pregnancy, maternity or sexual orientation. We want to give you every opportunity to show us your best self, so if there are any adjustments we could make to the recruitment and selection process to support you, please let us know. Data Protection If you choose to explore an opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos. If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights. For more information on Sophos data protection practices, please consult our Privacy Policy Cybersecurity as a Service Delivered | Sophos

Terms of Reference Trainer for Gender Equality and Mainstreaming in Low-Carbon Transition in Automobile Sector in Tamil Nadu and Textiles sector in Gujarat About the Organization WRI India, an independent charity legally registered as the India Resources Trust, provides objective information and practical proposals to foster environmentally sound and socially equitable development. WRI India s mission is to move human society to live in ways that protect Earth s environment and its capacity to provide for the needs and aspirations of current and future generations. Through research, analysis, and recommendations, WRI India puts ideas into action to build transformative solutions to protect the earth, promote livelihoods, and enhance human well-being. We are inspired by and associated with the World Resources Institute, a global research organization. Currently over 400 researchers are working with WRI India in our offices at Delhi, Mumbai and Bengaluru. About Resilient, Inclusive and Sustainable Enterprises (RISE) Resilient, Inclusive and Sustainable Enterprises (RISE) aims to help build the resilience and competitiveness of MSMEs in Chennai and Coimbatore automotive clusters in Tamil Nadu and the Surat textile cluster in Gujarat, while enabling an inclusive and just transition to a low carbon future. By 2026, under RISE, WRI India will engage with MSMEs and local communities, industry associations and experts, skilling and financing agencies and local and national governments to support at least 1000 workers in 100 MSMEs to help them manage climate impacts, implement climate actions and acquire skills for better livelihoods. Refer for more information on RISE. Project background and objectives e. Women constitute only about 24% of the tota MSMEs and their workers are the backbone of our economy wherein women play an integral role. Despite this, women often face systemic barriers and challenges to entering and continuing the MSME workforc l workers and own approximately 20% of the total enterprises. Moreover, majority of women-owned enterprises are concentrated in rural areas (22.24%) and are likely to be micro units that are informal in nature. Almost 70% of the 15 million women-owned MSMEs in India are engaged in manufacturing. However, women entrepreneurs and workers in MSMEs tend to be unregistered in nature and engaged in home-based activities. This increases their vulnerability to market and climate risks due to limited understanding of their roles in MSMEs, lack of accounting in national level statistics and missing out on available government support for the MSME sector (International Centre for Research on Women, 2014). Even within the manufacturing sector, women are not equitably distributed among all forms of manufacturing activities. Women are mostly concentrated in textiles, garments, handicrafts and food processing sectors. They also have a significant presence in service-based occupations, such as care work, and in beauty parlors and hospitality sectors. Women in Indian MSMEs face multiple forms of gender-based discrimination. They undertake triple roles in production related activities, reproduction such as childbearing, taking care of tasks required to support household wellbeing like cleaning, cooking, caring for the sick and the elderly, and community affairs such as providing support for community related development activities and volunteering (Moser, 1993). They face systemic and social barriers, such as higher burden of illiteracy and poorer health outcomes. In order to ensure that low carbon transitions are just and inclusive, India s MSMEs need to address existing social and gender barriers for fostering inclusive workplace practices along with moving towards more sustainable and cleaner production processes to benefits all stakeholders. Awareness, sensitization and capacity building of women in the MSME ecosystem have been identified as some of the main ways to improve women s participation. Based on this, the RISE team at WRI India will engage with a trainer/consultant to provide the following scope of work. Scope of Work: Conduct desk research and consultations to identify awareness building and sensitization needs of different stakeholders within the MSME ecosystem in Surat (textiles processing cluster), Coimbatore and Chennai (automotive cluster) Design and deliver modules to sensitize MSME owners and other key stakeholders to increase participation of women in MSMEs and build awareness about the different types of eco-system support required to enable this (at least one-two in each cluster location). Engage and deliver sensitization and training programs for male supervisors, contractors, hiring managers, and male colleagues in MSMEs (at least three to five in each cluster location). Design and deliver modules to improve women s participation in MSMEs, improve social security through digital and financial literacy modules with women workers and women in leadership and managerial roles (at least three to five in each cluster location). Collaborate with the WRI India s project team on a regular basis Submit sensitization modules and materials tailored for the WRI India team/ video documentation and photos Collaborate on designing the information, education and communication (IEC) materials on inclusive workplaces and digital and financial literacy Collaborate with other trainers/experts that the WRI India identifies and exchange knowledge and conduct sessions together Provide MEL support in terms of designing indictors and metrics to measure effectiveness of the sessions P.S. Training materials may need to be delivered in local languages Hindi in Surat and Tamil/Hindi in Tamil Nadu based on the comfort of the participants. WRI India team can provide some language support for Tamil Expected Period of Engagement The consultant /Expert will be engaged for a period of four months from June-October 2025 to design and deliver the awareness training modules The dates of the meetings, field visits and sensitization/awareness sessions will be mutually decided at a convenient time WRI India will reimburse costs of travel, lodging and food as per actuals on the submission of bills and invoices M1 M2 M3 M4 M5 Initial desk research and virtual consultations to gather ground level data Designing modules, feedback and revisions, IEC Material Surat Sessions Tamil Nadu (Chennai and Coimbatore) sessions Submission of materials to WRI India and end of project processes Terms of Payment Payment will be based on deliverables: 40% on the submission of designed modules for both clusters 30% on the completion of workshops at atleast one site 30% at end of engagement with all workshops completed and submission of materials to WRI India team Please submit your proposals (See Appendix 1) and tentative budget by 8th July , 2025 to [email protected] APPENDIX 1 The Details on experience, proposed methodology, and work plan shall be described as follows: 1-2 page note on the proposed methodology and work plan The applicant is required to submit the methodology and plan, outlining its approach for conducting this survey as laid down in the Terms of Reference. The following areas should be included while explaining the approach: Methodology for design of awareness session Intended sample sizes Any other relevant information. Details on Gender and Social Security expertise of the trainer/team The applicant is required to provide a brief write-up explaining their expertise in this topic along with previous work experience of 2-3 relevant projects Proposed Budget The applicant is required to submit a proposed budget which includes trainer fees. All travel and stay will be reimbursed on actual bill submission.

Description Terms of Reference Trainer for Gender Equality and Mainstreaming in Low-Carbon Transition in Automobile Sector in Tamil Nadu and Textiles sector in Gujarat About the Organization WRI India, an independent charity legally registered as the India Resources Trust, provides objective information and practical proposals to foster environmentally sound and socially equitable development. WRI India s mission is to move human society to live in ways that protect Earth s environment and its capacity to provide for the needs and aspirations of current and future generations. Through research, analysis, and recommendations, WRI India puts ideas into action to build transformative solutions to protect the earth, promote livelihoods, and enhance human well-being. We are inspired by and associated with the World Resources Institute, a global research organization. Currently over 400 researchers are working with WRI India in our offices at Delhi, Mumbai and Bengaluru. About Resilient, Inclusive and Sustainable Enterprises (RISE) Resilient, Inclusive and Sustainable Enterprises (RISE) aims to help build the resilience and competitiveness of MSMEs in Chennai and Coimbatore automotive clusters in Tamil Nadu and the Surat textile cluster in Gujarat, while enabling an inclusive and just transition to a low carbon future. By 2026, under RISE, WRI India will engage with MSMEs and local communities, industry associations and experts, skilling and financing agencies and local and national governments to support at least 1000 workers in 100 MSMEs to help them manage climate impacts, implement climate actions and acquire skills for better livelihoods. Refer for more information on RISE. Project background and objectives e. Women constitute only about 24% of the tota MSMEs and their workers are the backbone of our economy wherein women play an integral role. Despite this, women often face systemic barriers and challenges to entering and continuing the MSME workforc l workers and own approximately 20% of the total enterprises. Moreover, majority of women-owned enterprises are concentrated in rural areas (22.24%) and are likely to be micro units that are informal in nature. Almost 70% of the 15 million women-owned MSMEs in India are engaged in manufacturing. However, women entrepreneurs and workers in MSMEs tend to be unregistered in nature and engaged in home-based activities. This increases their vulnerability to market and climate risks due to limited understanding of their roles in MSMEs, lack of accounting in national level statistics and missing out on available government support for the MSME sector (International Centre for Research on Women, 2014). Even within the manufacturing sector, women are not equitably distributed among all forms of manufacturing activities. Women are mostly concentrated in textiles, garments, handicrafts and food processing sectors. They also have a significant presence in service-based occupations, such as care work, and in beauty parlors and hospitality sectors. Women in Indian MSMEs face multiple forms of gender-based discrimination. They undertake triple roles in production related activities, reproduction such as childbearing, taking care of tasks required to support household wellbeing like cleaning, cooking, caring for the sick and the elderly, and community affairs such as providing support for community related development activities and volunteering (Moser, 1993). They face systemic and social barriers, such as higher burden of illiteracy and poorer health outcomes. In order to ensure that low carbon transitions are just and inclusive, India s MSMEs need to address existing social and gender barriers for fostering inclusive workplace practices along with moving towards more sustainable and cleaner production processes to benefits all stakeholders. Awareness, sensitization and capacity building of women in the MSME ecosystem have been identified as some of the main ways to improve women s participation. Based on this, the RISE team at WRI India will engage with a trainer/consultant to provide the following scope of work. Scope of Work: Conduct desk research and consultations to identify awareness building and sensitization needs of different stakeholders within the MSME ecosystem in Surat (textiles processing cluster), Coimbatore and Chennai (automotive cluster) Design and deliver modules to sensitize MSME owners and other key stakeholders to increase participation of women in MSMEs and build awareness about the different types of eco-system support required to enable this (at least one-two in each cluster location). Engage and deliver sensitization and training programs for male supervisors, contractors, hiring managers, and male colleagues in MSMEs (at least three to five in each cluster location). Design and deliver modules to improve women s participation in MSMEs, improve social security through digital and financial literacy modules with women workers and women in leadership and managerial roles (at least three to five in each cluster location). Collaborate with the WRI India s project team on a regular basis Submit sensitization modules and materials tailored for the WRI India team/ video documentation and photos Collaborate on designing the information, education and communication (IEC) materials on inclusive workplaces and digital and financial literacy Collaborate with other trainers/experts that the WRI India identifies and exchange knowledge and conduct sessions together Provide MEL support in terms of designing indictors and metrics to measure effectiveness of the sessions P.S. Training materials may need to be delivered in local languages Hindi in Surat and Tamil/Hindi in Tamil Nadu based on the comfort of the participants. WRI India team can provide some language support for Tamil Expected Period of Engagement The consultant /Expert will be engaged for a period of four months from June-October 2025 to design and deliver the awareness training modules The dates of the meetings, field visits and sensitization/awareness sessions will be mutually decided at a convenient time WRI India will reimburse costs of travel, lodging and food as per actuals on the submission of bills and invoices M1 M2 M3 M4 M5 Initial desk research and virtual consultations to gather ground level data Designing modules, feedback and revisions, IEC Material Surat Sessions Tamil Nadu (Chennai and Coimbatore) sessions Submission of materials to WRI India and end of project processes Terms of Payment Payment will be based on deliverables: 40% on the submission of designed modules for both clusters 30% on the completion of workshops at atleast one site 30% at end of engagement with all workshops completed and submission of materials to WRI India team Please submit your proposals (See Appendix 1) and tentative budget by 8th July , 2025 to [email protected] APPENDIX 1 The Details on experience, proposed methodology, and work plan shall be described as follows: 1-2 page note on the proposed methodology and work plan The applicant is required to submit the methodology and plan, outlining its approach for conducting this survey as laid down in the Terms of Reference. The following areas should be included while explaining the approach: Methodology for design of awareness session Intended sample sizes Any other relevant information. Details on Gender and Social Security expertise of the trainer/team The applicant is required to provide a brief write-up explaining their expertise in this topic along with previous work experience of 2-3 relevant projects Proposed Budget The applicant is required to submit a proposed budget which includes trainer fees. All travel and stay will be reimbursed on actual bill submission.

Responsibilities Develop and implement code fixes to remediate security vulnerabilities , deprecated patterns, and compliance issues in Java-based applications Create secure, scalable, and maintainable code in Java Full Stack environments Refactor legacy code to align with modern security and performance standards Ensure all remediation work maintains application functionality and performance Refactor and optimize existing codebases to align with secure coding standards and performance best practices Use GitHub Advanced Security tools (e.g., CodeQL , secret scanning , dependency review ) to identify risks and automate remediation workflows Collaborate with application teams to understand business logic and ensure fixes preserve functionality while enhancing security Perform root cause analysis of vulnerabilities and provide detailed remediation guidance and code samples Contribute to CI/CD pipelines by integrating automated security checks and remediation scripts Work closely with application owners and developers to ensure effective remediation Document remediation efforts and maintain traceability of fixes for audit and compliance purposes Support cloud migration and modernization efforts , ensuring code compatibility with cloud-native environments Ensure all code fixes are compatible with cloud-native environments Qualifications 5+ years of experience in Java Full Stack development (Spring Boot, REST APIs, React/Angular) Strong proficiency in GitHub Advanced Security features and workflows Solid understanding of secure coding principles , OWASP Top 10 , and vulnerability remediation Basic experience with cloud platforms (AWS, Azure, or GCP) Familiarity with CI/CD tools such as GitHub Actions , Jenkins , etc. Excellent debugging , troubleshooting , and code review skills Strong communication and collaboration abilities

JD - Technical Project Manager: 5+ years of experience managing teams and working as a Technical Project Manager. Should, be able to drive a team of Developers, Support & Scrum Master. 10+ years of working experience as a Full Stack Developer. Experience with Object Oriented Programming & Design, Object-relation Mapping (ORM), NodeJS, React JS, AWS, Next.JS, JavaScript, C# .NET Framework 4.8, PL/ SQL. Designs, develops, tests, deploys and supports API-based systems focusing on industry best practices. Experience working on User Story development & enhancements, Incident & Request Management tasks. Good understanding for Agile scrum process Manages individual tasks and timelines under limited supervision. Seeking continuous quality improvements by performing Application Vulnerability remediation for supported systems. Assists in problem analysis and submits recommendations when appropriate. Proficiency in multiple tools of the full stack covering frontend frameworks, databases and deployments Demonstrated ability to quickly learn new technologies Ability to solve moderately complex problems, drawing upon technical experience, precedents, and judgement Strong communication skills, including ability to explain complex information in straightforward situations Support Hours: US - CST Support Hours: 5.30pm to 2.30am IST.

WRI India, an independent charity legally registered as the India Resources Trust, provides objective information and practical proposals to foster environmentally sound and socially equitable development. WRI India s mission is to move human society to live in ways that protect Earth s environment and its capacity to provide for the needs and aspirations of current and future generations. Through research, analysis, and recommendations, WRI India puts ideas into action to build transformative solutions to protect the earth, promote livelihoods, and enhance human well-being. We are inspired by and associated with the World Resources Institute, a global research organization. Currently over 400 researchers are working with WRI India in our offices at Delhi, Mumbai and Bengaluru. About Resilient, Inclusive and Sustainable Enterprises (RISE) Resilient, Inclusive and Sustainable Enterprises (RISE) aims to help build the resilience and competitiveness of MSMEs in Chennai and Coimbatore automotive clusters in Tamil Nadu and the Surat textile cluster in Gujarat, while enabling an inclusive and just transition to a low carbon future. By 2026, under RISE, WRI India will engage with MSMEs and local communities, industry associations and experts, skilling and financing agencies and local and national governments to support at least 1000 workers in 100 MSMEs to help them manage climate impacts, implement climate actions and acquire skills for better livelihoods. Refer for more information on RISE. Project background and objectives e. Women constitute only about 24% of the tota MSMEs and their workers are the backbone of our economy wherein women play an integral role. Despite this, women often face systemic barriers and challenges to entering and continuing the MSME workforc l workers and own approximately 20% of the total enterprises. Moreover, majority of women-owned enterprises are concentrated in rural areas (22.24%) and are likely to be micro units that are informal in nature. Almost 70% of the 15 million women-owned MSMEs in India are engaged in manufacturing. However, women entrepreneurs and workers in MSMEs tend to be unregistered in nature and engaged in home-based activities. This increases their vulnerability to market and climate risks due to limited understanding of their roles in MSMEs, lack of accounting in national level statistics and missing out on available government support for the MSME sector (International Centre for Research on Women, 2014). Even within the manufacturing sector, women are not equitably distributed among all forms of manufacturing activities. Women are mostly concentrated in textiles, garments, handicrafts and food processing sectors. They also have a significant presence in service-based occupations, such as care work, and in beauty parlors and hospitality sectors. Women in Indian MSMEs face multiple forms of gender-based discrimination. They undertake triple roles in production related activities, reproduction such as childbearing, taking care of tasks required to support household wellbeing like cleaning, cooking, caring for the sick and the elderly, and community affairs such as providing support for community related development activities and volunteering (Moser, 1993). They face systemic and social barriers, such as higher burden of illiteracy and poorer health outcomes. In order to ensure that low carbon transitions are just and inclusive, India s MSMEs need to address existing social and gender barriers for fostering inclusive workplace practices along with moving towards more sustainable and cleaner production processes to benefits all stakeholders. Awareness, sensitization and capacity building of women in the MSME ecosystem have been identified as some of the main ways to improve women s participation. Based on this, the RISE team at WRI India will engage with a trainer/consultant to provide the following scope of work. Scope of Work: Conduct desk research and consultations to identify awareness building and sensitization needs of different stakeholders within the MSME ecosystem in Surat (textiles processing cluster), Coimbatore and Chennai (automotive cluster) Design and deliver modules to sensitize MSME owners and other key stakeholders to increase participation of women in MSMEs and build awareness about the different types of eco-system support required to enable this (at least one-two in each cluster location). Engage and deliver sensitization and training programs for male supervisors, contractors, hiring managers, and male colleagues in MSMEs (at least three to five in each cluster location). Design and deliver modules to improve women s participation in MSMEs, improve social security through digital and financial literacy modules with women workers and women in leadership and managerial roles (at least three to five in each cluster location). Collaborate with the WRI India s project team on a regular basis Submit sensitization modules and materials tailored for the WRI India team/ video documentation and photos Collaborate on designing the information, education and communication (IEC) materials on inclusive workplaces and digital and financial literacy Collaborate with other trainers/experts that the WRI India identifies and exchange knowledge and conduct sessions together Provide MEL support in terms of designing indictors and metrics to measure effectiveness of the sessions P.S. Training materials may need to be delivered in local languages Hindi in Surat and Tamil/Hindi in Tamil Nadu based on the comfort of the participants. WRI India team can provide some language support for Tamil Expected Period of Engagement The consultant /Expert will be engaged for a period of four months from June-October 2025 to design and deliver the awareness training modules The dates of the meetings, field visits and sensitization/awareness sessions will be mutually decided at a convenient time WRI India will reimburse costs of travel, lodging and food as per actuals on the submission of bills and invoices Initial desk research and virtual consultations to gather ground level data Designing modules, feedback and revisions, IEC Material Surat Sessions Tamil Nadu (Chennai and Coimbatore) sessions Submission of materials to WRI India and end of project processes Terms of Payment Payment will be based on deliverables: 40% on the submission of designed modules for both clusters 30% on the completion of workshops at atleast one site 30% at end of engagement with all workshops completed and submission of materials to WRI India team Please submit your proposals (See Appendix 1) and tentative budget by 8th July , 2025 to [email protected] APPENDIX 1 The Details on experience, proposed methodology, and work plan shall be described as follows: 1-2 page note on the proposed methodology and work plan The applicant is required to submit the methodology and plan, outlining its approach for conducting this survey as laid down in the Terms of Reference. The following areas should be included while explaining the approach: Methodology for design of awareness session Intended sample sizes Any other relevant information. Details on Gender and Social Security expertise of the trainer/team The applicant is required to provide a brief write-up explaining their expertise in this topic along with previous work experience of 2-3 relevant projects Proposed Budget The applicant is required to submit a proposed budget which includes trainer fees. All travel and stay will be reimbursed on actual bill submission.

Location: Bangalore - Indraprastha, India Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure. About the product Advanced Bot Protection defends mission-critical websites, mobile apps, and APIs from automated threats - bad bots - without affecting the flow of business-critical traffic. Bad bots are purpose-built to attack organizations websites and mobile apps through web scraping, account takeover, transaction fraud, denial of service, competitive data mining, unauthorized vulnerability scans, spam, click fraud, and web and mobile API abuse. A unique security concern, the bot problem is focused on abuse of business functionality rather than finding and exploiting vulnerabilities. About the team We are a team of programmers based around Stockholm, responsible for developing real-time bot detection software, data processing pipelines, and customer-facing tools. Our team works according to modern development practices and our main language is Rust. We also have frontends, and browser/mobile SDKs for Android and iOS. We operate a global infrastructure and deploy daily, and we work closely with data scientists and cybersecurity threat researchers. About you We are now looking for a person who wants to help us in strengthening our defences against bad bots. You have an analytical and creative mindset and can approach problems from new angles. Most likely, you enjoy exploring new technologies and use them to your advantage, rather than being heavily specialized in a few areas. Expectations: Minimum of 9 years experience developing and delivering distributed systems Solid experience and understanding of mobile devices and SDKs Experience in Cloud environment, preferably AWS Strong experience and knowledge in JavaScript Advantage: Experience with web browser technologies Experience with cybersecurity Interest or experience in Rust Responsibilities: Develop and maintain bot protection integrations, including mobile SDK for iOS and Android Develop and maintain automated threat mitigation Support customers with integration and related issues Research and implement new capabilities and detections

Location: Noida, India Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billons of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure. Senior Security Engineer The Opportunity As a Senior Security Engineer, you will collaborate with a team of experienced security professionals to safeguard our corporate and production environments, leveraging state-of-the-art security tools and techniques to play a critical role in detecting, preventing, investigating, and responding to security threats and incidents. As a first line of defense, you are expected to bring deep expertise across various security domains, with strong hands-on experience. In addition, you will partner with cross-functional teams to provide security guidance, support, and training to strengthen our organization s overall security posture. This position requires participation in an on-call rotation to support 24/7 security monitoring. Responsibilities Monitor, investigate, and triage security events to support and enhance threat modeling efforts Proactively monitor cloud, network, endpoint to identify suspicious activity and emerging threats Perform cloud security configuration review, and policy enforcement Develop and maintain security alerts, log correlation rules, and dashboards using SIEM solution Configure and manage security tools (e.g., SIEM, CSPM, EDR, DLP, vuln scanners). Strong experience in tuning and leveraging these tools is essential Conduct quarterly security gap analyses and risk assessments Conduct ongoing threat hunts and publish regular threat intelligence reports Manage the InfoSec ticket queue, conduct investigations, and document resolutions Review and evaluate vulnerability scan results and remediation efforts Investigate and respond to data loss prevention (DLP) events Document, analyze, and escalate security incidents as needed Collaborate with other business units to assess system configurations and ensure secure integration Partner with internal stakeholders to define, develop, and implement security standards and best practices Conduct third-party security assessments for new and renewing vendors Qualifications 5+ years of experience in information security or 7+ years in IT operations with significant security exposure 5+ years of hands-on experience with major cloud service providers (e.g., AWS, Azure, GCP) 3+ years of experience working with SIEM tools, including log correlation, alert development, and dashboard creation 3+ years of experience in security alert monitoring and incident investigation Strong understanding of cloud-native security tools and configurations, including identity and access management, logging/monitoring, and workload protection Practical experience with threat hunting techniques and methodologies Familiarity with the MITRE ATT&CK framework and its application to detection engineering and incident analysis Strong ability to interpret and analyze security logs, network traffic, and system behaviors to detect attack patterns and anomalies In-depth knowledge of network, endpoint, and cloud security technologies and principles Demonstrated experience collaborating across global teams and working in cross-functional environments Knowledge of data security architecture, data classification frameworks, and policy development Strong organizational and time management skills with the ability to work independently Up-to-date knowledge of recent vulnerabilities, attack vectors, and remediation strategies Excellent written and verbal communication skills to support collaboration with technical and non-technical stakeholders Experience administering and fine-tuning security infrastructure is a strong plus

About us We invite you to bring your ideas to ExxonMobil to help create sustainable solutions that improve quality of life and meet society s evolving needs. Learn more about our What and our Why and how we can work together . ExxonMobil s affiliates in India ExxonMobil s affiliates have offices in India in Bengaluru, Mumbai and the National Capital Region. ExxonMobil s affiliates in India supporting the Product Solutions business engage in the marketing, sales and distribution of performance as well as specialty products across chemicals and lubricants businesses. The India planning teams are also embedded with global business units for business planning and analytics. ExxonMobil s LNG affiliate in India supporting the upstream business provides consultant services for other ExxonMobil upstream affiliates and conducts LNG market-development activities. The Global Business Center - Technology Center provides a range of technical and business support services for ExxonMobil s operations around the globe. ExxonMobil strives to make a positive contribution to the communities where we operate and its affiliates support a range of education, health and community-building programs in India. Read more about our Corporate Responsibility Framework. To know more about ExxonMobil in India, visit ExxonMobil India and the Energy Factor India . What role you will play in our team As member of a global SAP Cloud Platform team, SAP Cloud Engineer is responsible for: Implement and maintain strong security and controls practices within the SAP BTP PAAS, SAAS Cloud ecosystems following ExxonMobil standards and best practices. Provide active SAP Cloud project support. Participate and execute SAP BTP Proof of Concepts and tests of new technologies. Evaluate results and steward the project until production. Work with other EM organizations how to evaluate and realize Cloud value for the Business. Work as member of a global Agile team, with a Product Owner, Scrum Master, Solution Architect and engineering team members. Keep the team s processes and documents evergreen. Identify process gaps and implement solution Job location is based out of Bangalore, Karnataka What you will do This role includes, but is not limited to the following: Perform Cloud Platform Administration activities for SAP BTP PAAS & SAAS solution Understand XOM business needs and apply SAP BTP solutions Evaluate, design and implement new SAP BTP solutions Provide regular Cloud system maintenance services Plan and execute system upgrades and enhancements Perform capacity and performance Monitoring Review SAP BTP updates and adjust accordingly Execute proactive health checks and standardize monitoring Maintain system integrity/availability and controls for SAP Cloud instances within ExxonMobil Provide system stakeholder reports and metrics with key performance indicators Execute and remediate vulnerability test and results Provide Problem Management and root cause analysis for incidents Analyze technical requirements for projects/upgrades Build and configure SAP BTP subaccounts according to standard practices, designs and guidelines Coordinate technical execution of large cross-functional activities that require synchronicity and alignment Produce/update reference documentation (guidelines, HowTo s, build Knowledge Base) Design/Build/Execute Proof of Concepts for new SAP BTP and SAAS functionalities Participate and contribute to technical workshops About You Skills and Qualifications Minimum 3 years of hands-on experience working with SAPs Business Technology Platform Bachelor s or master s degree from a recognized university in Computer/IT other relevant engineering disciplines with minimum GPA 7.0 Experience working with cloud platforms (PaaS, SaaS) Knowledge in automation technologies like Terraform Hands on experience in cloud IAAS (Azure, AWS, GCP) Required Technical Skills: General SAP understating Understanding cloud solutions, platforms Modern architecture Modern authentication (OAuth2, OIDC, SAML) Prior programming experience/training Experience with 3-tiered Cloud infrastructure Preferred Qualifications/ Experience ABAP Development. Active Directory. Authorization. API and Integration. C# Communication Protocols (FTPSFTP....); Continuous Integration and Delivery. Crafting Code. Designing service-oriented architecture. Industry network and systems security principles. Infrastructure automation (e.g. container management, orchestration); Web Application Development (e.g. .NET) Soft Skills, Other Requirements or Comments: Has demonstrated the desire and ability to expand technical knowledge/depth Team player Quick learner, methodic and conscience of their role in the team Strong communication skills, fluent in English writing and able to actively participate in English spoken technical conversations Extras (nice to have): Automation skills mainly using Terraform, Python and Bash scripts. Additional skills might be required to understand Git, GitHub and GitHub actions and integration with Service Now. Your benefits An ExxonMobil career is one designed to last. Our commitment to you runs deep: our employees grow personally and professionally, with benefits built on our core categories of health, security, finance and life. We offer you: Competitive compensation Medical plans, maternity leave and benefits, life, accidental death and dismemberment benefits Retirement benefits Global networking & cross-functional opportunities Annual vacations & holidays Day care assistance program Training and development program Tuition assistance program Workplace flexibility policy Relocation program Transportation facility Stay connected with us Learn more about ExxonMobil in India, visit ExxonMobil India and Energy Factor India . Follow us on LinkedIn and Instagram Like us on Facebook Subscribe our channel at YouTube EEO Statement ExxonMobil is an Equal Opportunity Employer: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin or disability status. Business solicitation and recruiting scams ExxonMobil does not use recruiting or placement agencies that charge candidates an advance fee of any kind (e.g., placement fees, immigration processing fees, etc.). Follow the LINK to understand more about recruitment scams in the name of ExxonMobil. Nothing herein is intended to override the corporate separateness of local entities. Working relationships discussed herein do not necessarily represent a reporting connection, but may reflect a functional guidance, stewardship, or service relationship. Nothing herein is intended to override the corporate separateness of local entities. Working relationships discussed herein do not necessarily represent a reporting connection, but may reflect a functional guidance, stewardship, or service relationship.

Description Key Responsibilities: Advanced incident investigation: Conduct deep-dive investigations into complex security alerts and incidents, correlating events across multiple security tools and logs (SIEM, EDR, network logs, cloud logs). Incident response leadership: Lead containment, eradication, and recovery efforts for security incidents, collaborating with IT, engineering, and other teams. Threat hunting: Proactively search for threats within our environment using threat intelligence, hypotheses, and advanced analytical techniques. Root cause analysis: Perform root cause analysis for security incidents and recommend preventative measures to enhance our defenses. Threat Hunting: Exercises and proactive detection activities. Stay updated on emerging threats, vulnerabilities, attack techniques, and security news Vulnerability Management: Conduct regular vulnerability scans and assessments using industry-standard tools and ASPM. Analyze scan results to identify and classify security vulnerabilities, understanding their potential impact and exploitability. Develop playbooks: Contribute to the creation and refinement of incident response playbooks, runbooks, and standard operating procedures, including SOAR. Security tool optimization: Recommend and assist with the configuration, tuning, and optimization of SIEM rules, EDR policies, and other security controls. Threat intelligence integration: Integrate and operationalize threat intelligence (IOCs) and TTPs to improve detection capabilities and inform proactive defense strategies. Reporting: Generate comprehensive incident reports and provide actionable insights to management. Required Qualifications: Minimum of 5 years of experience in a Security Operations Center (SOC) or a similar cybersecurity role Strong understanding of security frameworks (MITRE ATT&CK, NIST, ISO 27001, etc.) Hands-on experience with SIEM tools (e.g., Splunk, QRadar, Sentinel, etc.) Familiarity with EDR solutions (e.g., CrowdStrike, Carbon Black, Defender ATP) Solid knowledge of networking concepts, log analysis, and common attack vectors Experience in the incident response lifecycle, malware analysis, and threat hunting Ability to perform effectively in high-pressure situations and manage multiple incidents simultaneously Bachelor s degree in computer science, Information Security, or a related field (or equivalent experience) Preferred Skills and Certifications: Certifications such as GCIA, GCIH, CEH, CISSP, OSCP , or Security+ Experience with scripting (Python, PowerShell, Bash) for automation and log parsing Knowledge of cloud security monitoring (AWS, Azure, GCP) Experience with SOAR platforms and the automation of incident response workflows

Job_Description":" Key Responsibilities Proactively identify and address issues within Docker containerized applications and infrastructure. Implement and maintain security best practices to ensure the integrity and confidentiality of containerized environments. Optimize the performance of Docker containers to achieve maximum efficiency and reliability. Manage Docker images efficiently, including creation, versioning, and storage. Develop and maintain Terraform configurations to automate infrastructure provisioning and management. Collaborate with cross-functional teams to design, build, and maintain scalable and secure cloud environments in AWS and Azure. Implement and maintain CI/CD pipelines using Azure DevOps. Monitor system performance and troubleshoot issues to ensure high availability and reliability of services. Ensure compliance with industry standards and company policies. Document processes and procedures to ensure knowledge sharing and continuity. Conduct regular, automated vulnerability scans of all Docker images in the CI/CD pipeline and existing deployments. Analyze scan results, prioritize vulnerabilities based on severity and exploitability, and propose effective remediation strategies. Collaborate with development teams to implement security fixes in Dockerfiles and application code. Educate development teams on secure coding practices and container security best practices. Develop and enforce policies for image validation and trusted registries. Participate in security incident response for container-related issues. Stay up-to-date with the latest container security threats, vulnerabilities, and mitigation techniques. Define and implement network policies to isolate containers and restrict unauthorized network access. Regularly review and audit container permissions and access controls. Implement automated processes for image size analysis and reporting in the CI/CD pipeline. Research and recommend new techniques and tools for continuous image size reduction. Scripting and Automation: Highly proficient in scripting languages (e.g., Bash, Python) for automating tasks related to Docker image building, scanning, and deployment. Required Qualifications Bachelors degree in Computer Science, Information Technology, or related field. 8+ years of experience in DevOps or related roles. Extensive experience with Docker containerization and orchestration. Deep understanding of security best practices in containerized environments. Proven ability to optimize performance within Docker environments. Proficient in managing Docker images efficiently. Strong knowledge of Terraform for infrastructure as code. Experience with cloud platforms, including AWS and Azure. Proficient in Azure DevOps and CI/CD pipeline implementation. Excellent problem-solving skills and attention to detail. Strong communication and collaboration skills. A proactive mindset to identify potential issues and continuously seek opportunities for improvement in container security, performance, and efficiency. Monitoring and Logging: Experience with monitoring and logging with Datadog ","

Description Key Responsibilities: Advanced incident investigation: Conduct deep-dive investigations into complex security alerts and incidents, correlating events across multiple security tools and logs (SIEM, EDR, network logs, cloud logs). Incident response leadership: Lead containment, eradication, and recovery efforts for security incidents, collaborating with IT, engineering, and other teams. Threat hunting: Proactively search for threats within our environment using threat intelligence, hypotheses, and advanced analytical techniques. Root cause analysis: Perform root cause analysis for security incidents and recommend preventative measures to enhance our defenses. Threat Hunting: Exercises and proactive detection activities. Stay updated on emerging threats, vulnerabilities, attack techniques, and security news Vulnerability Management: Conduct regular vulnerability scans and assessments using industry-standard tools and ASPM. Analyze scan results to identify and classify security vulnerabilities, understanding their potential impact and exploitability. Develop playbooks: Contribute to the creation and refinement of incident response playbooks, runbooks, and standard operating procedures, including SOAR. Security tool optimization: Recommend and assist with the configuration, tuning, and optimization of SIEM rules, EDR policies, and other security controls. Threat intelligence integration: Integrate and operationalize threat intelligence (IOCs) and TTPs to improve detection capabilities and inform proactive defense strategies. Reporting: Generate comprehensive incident reports and provide actionable insights to management. Required Qualifications: Minimum of 5 years of experience in a Security Operations Center (SOC) or a similar cybersecurity role Strong understanding of security frameworks (MITRE ATT&CK, NIST, ISO 27001, etc.) Hands-on experience with SIEM tools (e.g., Splunk, QRadar, Sentinel, etc.) Familiarity with EDR solutions (e.g., CrowdStrike, Carbon Black, Defender ATP) Solid knowledge of networking concepts, log analysis, and common attack vectors Experience in the incident response lifecycle, malware analysis, and threat hunting Ability to perform effectively in high-pressure situations and manage multiple incidents simultaneously Bachelor s degree in computer science, Information Security, or a related field (or equivalent experience) Preferred Skills and Certifications: Certifications such as GCIA, GCIH, CEH, CISSP, OSCP , or Security+ Experience with scripting (Python, PowerShell, Bash) for automation and log parsing Knowledge of cloud security monitoring (AWS, Azure, GCP) Experience with SOAR platforms and the automation of incident response workflows

Implement vulnerability response module in ServiceNow 3-7 years of relevant ServiceNow Development experience. Have implemented and Developed SecOps Vulnerability Response Application / Now Assist. In-depth understanding of the ITIL framework Experience Enterprise Operational Tools/Processes (Incident management Problem, Change management, Knowledge management etc). Experience working with Business Rules, Client Scripts, UI pages, UI Actions, Script Includes, ACL, UI Script and other major components of ServiceNow Development, which also includes devel-opment of Scoped Application in ServiceNow Platform. Proficient in Java script and hands on technical expertise in ServiceNow Integration with 3rd Party applications. Experience of Test Driven development with knowledge of ServiceNow Automated Testing Framework. Strong Technical background in building scalable, complex solutions in ServiceNow. Alternate JD skills: We need to look for someone good in "NOW Platform" features. 4+ years of ServiceNow experience minimum Should CSA and CAD certified. Should have strong Integration background should have scored well on Integration. Should have good knowledge on Service Portal Should be strong in ServiceNow Scripting Should be good in predictive intelligence or Performance Analytics Should have worked on Integration Hub along with good exposure to CMDB Should have exposure to Data Encryption Service Now, Secops, Vulnerability

Key Skills: Vulnerability, DLP, Crowdstrike, Malware, Cyber Security, Threats, Cyber Threat, SIEM, Siemens Ops center Roles and Responsibilities: Operational Maturity: Create clear documentation for processes, metrics, and outcomes, ensuring adherence to Service Level Agreements (SLAs) and compliance requirements. Promote continuous improvement in threat hunting and DLP management. DLP Leadership: Offer technical leadership in developing and enhancing the DLP program at Fortive. Establish metrics to measure the program's success. Security Tool Operations: Manage and oversee relevant security tools, ensuring comprehensive coverage and effectiveness across the enterprise while continuously enhancing detection and prevention mechanisms. Cloud and DevOps Security: Drive security capabilities by embedding security into DevOps workflows, leveraging cloud-native tools, and advancing automation for detection and response. Continuous Improvement: Stay current and share best practices in both threat hunting and data loss prevention. Leverage artificial intelligence to reduce manual work. DLP Programme: Collaborate with other security teams, legal, IT, and key stakeholders to document and drive a DLP program to protect Fortive data. Change Management: Adhere to change management processes in managing security platforms. Ensure proper lifecycle management of threat hunting artifacts. Collaboration: Work with cross-functional teams in both proactive and reactive security scenarios. Collect and analyze feedback to continuously refine tools, platforms, and support processes. Skills Required: 5+ years of experience in cybersecurity, with a focus on DLP and threat detection. Hands-on experience with CrowdStrike Platform; NG SIEM an advantage. Strong knowledge of IT security principles and compliance standards. Familiarity with at least one DLP solution. Demonstrated ability to balance strategic vision with hands-on implementation. Exceptional communication and problem-solving skills. A driven and self-starting individual who can work independently and take initiative. Experience working across multiple countries and time zones is an advantage. Education: Bachelor's degree in Cyber Security, Information Technology or related field.