465 Vulnerability Management Jobs - Page 15

Introduction: - Harman Tech Solutions (HTS) We re a global, multi-disciplinary team that s putting the innovative power of technology to work and transforming tomorrow. At HARMAN HTS, you solve challenges by creating innovative solutions. About the Role As a Cybersecurity Delivery Head, your primary responsibility is to utilize your knowledge of cybersecurity and help grow the business within HARMAN. What You Will Do Combine physical and digital, making technology a more dynamic force to solve challenges and serve humanity s needs. Empower the company to create new digital business models, enter new markets, and improve customer experience. Influence consult with and build collaborative working relationships with senior business and IT leadership at the VP/Officer and C levels to help meet long term security objectives. Conduct risk assessments, evaluate alternative strategies, develop recommendations and ensure responsive communication with business representatives, security management, and third-party vendors. Participate in the design review process and support the overall Security Architecture process. Influence and drive change to security architecture processes, strategies and standards, as needed in areas such as: information security, Data Loss Prevention, Intrusion Prevention, Threat and Vulnerability Management, and Identity and Access Management. Partner with management in defining and setting appropriate, implementable information security policy and ensuring alignment to standard operating procedures, instructions and standards. What You Need Develop, maintain and implement security policies, processes, tools and methodologies that support security architecture standards and ensure effective evolution of security architecture within the organization. Research, evaluate, recommend, plan implementation of, and test new or improved information security software or devices Coordinate analysis of new or enhanced software application or tool implementations for impacts to existing security software and devices. Participate in and/or lead forensic investigations and eDiscovery of suspected information security issues or in compliance reviews as requested by auditors, HR, Ethics, or Legal. Utilize security expertise and knowledge of new and emerging cyber-attacks threats to make recommendations to management regarding implementation of best practices and/or process improvements to proactively protect the company s systems and networks. Provide informal work coordination and leadership/coaching to less experienced information security staff. What Makes You Eligible Be willing to travel up to 25%, domestic and international travel if required. Successfully complete a background investigation as a condition of employment What We Offer Access to employee discounts on world class HARMAN/Samsung products (JBL, Harman Kardon, AKG etc.) Professional development opportunities through HARMAN University s business and leadership academies. Flexible work schedule with a culture encouraging work life integration and collaboration in a global environment. An inclusive and diverse work environment that fosters and encourages professional and personal development. Tuition reimbursement. Be Brilliant employee recognition and rewards program.

”’ We're HiringNetwork Security Engineer! ”’ We are seeking a skilled and detail-oriented Network Security Engineer to join in Mumbai Suburban The ideal candidate will have extensive experience in network security protocols, risk assessment, and vulnerability management to safeguard our organization's data and infrastructure. “ LocationMumbai Suburban, India Work ModeWork From Office ’ RoleNetwork Security Engineer What You'll Do: Experience in Palo Alto firewall is mandatory. Key Responsibilities: Global Network Security Operations with managing Incidents and Requests on Palo Alto Firewall, DNS, DHCP, Proxy (Zscaler and Netskope ) Key Performance Indicators: Firewall Implementation, Resolution of Palo Alto Firewall, DNS, DHCP, Proxy (Zscaler and Netskope ) Incidents and Requests to maintain high Network Availability for end users/ businesses QualificationB.E (EXTC) Functional Skills/Competencies: Perfect communication in English, End-user service oriented, Good Interpersonal skills, Ability to work under pressure,Rigour and synthesis, Advanced level of troubleshooting skills Behavioural Skills/Competencies: Autonomy, Able to demonstrate rigour and a willingness to adhere to the defined processes and procedures, Strong understanding and knowledge of Internet infrastructures, Experience in IT infrastructure support. Ready to secure our futureš" Apply now and be part of our mission! Show more Show less

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by diversity and inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health equity on a global scale. Join us to start Caring. Connecting. Growing together. We are seeking a skilled and detail-oriented Endpoint Patching Administrator to join our IT team. The successful candidate will be responsible for managing and maintaining the endpoint patching process using Tanium. This role is critical in ensuring that all endpoints within the organization are up-to-date with the latest security patches and software updates to protect against vulnerabilities. This role may require occasional after-hours work or on-call duties in response to critical vulnerabilities or emergencies. The position can be based either onsite or remote depending on company policies. Primary Responsibilities Patching ManagementUtilize Tanium to deploy, manage, and monitor patches across all endpoints including desktops, laptops, servers, and other networked devices Assessment & ReportingRegularly assess the patch status of endpoints and generate detailed reports on patch compliance, vulnerabilities, and remediation progress Incident ResponseAct as a primary point of contact for patch-related incidents and vulnerabilities. Investigate issues arising from patch deployments and work towards their resolution promptly Configuration ManagementCreate, maintain, and update endpoint configuration baselines in line with organizational security policies Automation & ScriptingDevelop scripts to automate repetitive tasks related to patch management and endpoint maintenance CollaborationWork closely with IT security teams, system administrators, and other stakeholders to ensure coordinated efforts in maintaining secure systems DocumentationMaintain comprehensive documentation of all patching activities, configurations, procedures, and changes applied to endpoints ComplianceEnsure compliance with industry standards and regulatory requirements regarding system security updates Training & SupportProvide training sessions for team members on Tanium functionalities related to endpoint management. Offer support for troubleshooting issues related to endpoint patches Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so Required Qualifications Undergraduate degree or equivalent experience 6+ years in Tanium and 2+ years of experience in SCCM Experience with other endpoint management tools besides Tanium like SCCM or BigFix Knowledge of ITIL practices Solid understanding of operating systems (Windows/Linux/Mac) internals including system registry settings, file systems, processes/services management Familiarity with cybersecurity principles and practices including vulnerability management and threat mitigation strategies Proficiency in scripting languages such as PowerShell or Python for automation purposes Proven excellent problem-solving skills with the ability to troubleshoot complex technical issues effectively Proven solid communication skills both written and verbal; capable of explaining technical concepts clearly to non-technical stakeholders Preferred Qualification Proven experience working with Tanium for endpoint management At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. Today, however, there are still far too many barriers to good health which are disproportionately experienced by people of color, historically marginalized groups and those with lower incomes. We are committed to mitigating our impact on the environment and enabling and delivering equitable care that addresses health disparities and improves health outcomes — an enterprise priority reflected in our mission.

Optum is a global organization that delivers care, aided by technology to help millions of people live healthier lives. The work you do with our team will directly improve health outcomes by connecting people with the care, pharmacy benefits, data and resources they need to feel their best. Here, you will find a culture guided by inclusion, talented peers, comprehensive benefits and career development opportunities. Come make an impact on the communities we serve as you help us advance health optimization on a global scale. Join us to start Caring. Connecting. Growing together. We are seeking a skilled and detail-oriented Endpoint Patching Administrator to join our IT team. The successful candidate will be responsible for managing and maintaining the endpoint patching process using Tanium. This role is critical in ensuring that all endpoints within the organization are up-to-date with the latest security patches and software updates to protect against vulnerabilities. Primary Responsibilities Patching ManagementUtilize Tanium to deploy, manage, and monitor patches across all endpoints including desktops, laptops, servers, and other networked devices Assessment & ReportingRegularly assess the patch status of endpoints and generate detailed reports on patch compliance, vulnerabilities, and remediation progress Incident ResponseAct as a primary point of contact for patch-related incidents and vulnerabilities. Investigate issues arising from patch deployments and work towards their resolution promptly Configuration ManagementCreate, maintain, and update endpoint configuration baselines in line with organizational security policies Automation & ScriptingDevelop scripts to automate repetitive tasks related to patch management and endpoint maintenance CollaborationWork closely with IT security teams, system administrators, and other stakeholders to ensure coordinated efforts in maintaining secure systems DocumentationMaintain comprehensive documentation of all patching activities, configurations, procedures, and changes applied to endpoints ComplianceEnsure compliance with industry standards and regulatory requirements regarding system security updates Training & SupportProvide training sessions for team members on Tanium functionalities related to endpoint management. Offer support for troubleshooting issues related to endpoint patches Comply with the terms and conditions of the employment contract, company policies and procedures, and any and all directives (such as, but not limited to, transfer and/or re-assignment to different work locations, change in teams and/or work shifts, policies in regards to flexibility of work benefits and/or work environment, alternative work arrangements, and other decisions that may arise due to the changing business environment). The Company may adopt, vary or rescind these policies and directives in its absolute discretion and without any limitation (implied or otherwise) on its ability to do so This role may require occasional after-hours work or on-call duties in response to critical vulnerabilities or emergencies. The position can be based either onsite or remote depending on company policies. Required Qualifications Undergraduate degree or equivalent experience 6+ years in Tanium and 2+ years in SCCM Experience with other endpoint management tools besides Tanium like SCCM or BigFix Knowledge of ITIL practices Solid understanding of operating systems (Windows/Linux/Mac) internals including system registry settings, file systems, processes/services management Familiarity with cybersecurity principles and practices including vulnerability management and threat mitigation strategies Proficiency in scripting languages such as PowerShell or Python for automation purposes Proven excellent problem-solving skills with the ability to troubleshoot complex technical issues effectively Proven solid communication skills both written and verbal; capable of explaining technical concepts clearly to non-technical stakeholders Preferred Qualification Experience working with Tanium for endpoint management

We Have opening on both L2/L3 SOC Analyst Experienced SOC L3 Analyst is needed to expand our group. You will oversee managing and resolving complicated cybersecurity events that have been escalated from L1 and L2 Analysts as an L3 Analyst. To find the underlying cause of security events and offer suggestions for correction, you will be expected to conduct extensive investigations and forensic analyses. Key Responsibilities for this job: Represent the highest level of escalation for cybersecurity issues. To identify the underlying causes of occurrences, carry out comprehensive investigations and forensic analysis. Provide remediation advice and collaborate with L1 and L2 analysts to implement it into practice. Create and maintain playbooks and incident response plans. Conduct penetration tests and vulnerability assessments. Analyze and evaluate the organization's cybersecurity threats. Take part in security audits and assessments. Create and uphold security standards, rules, and procedures. Instruct and guide young analysts in incident response best practices. Knowledge and experience required: Bachelor's degree in computer science, Cybersecurity, or a related field. 5+ years of experience in a SOC environment, with a focus on incident response and forensic analysis. Strong knowledge of cybersecurity frameworks, such as NIST and ISO. Experience working with security tools such as SIEM, IDS/IPS, endpoint detection and response, and firewalls. Excellent analytical and problem-solving skills. Strong communication and collaboration skills. Relevant certifications, such as CISSP, GCIA, GCIH, and/or CISA are highly preferred. Preferred Tool: Rapid7, LogRhythm, Sentinel, Fortinet SOAR, etc Shift flexibility, including weekends and holidays (24*7) Jumping on the call with Vendors and other teams to discuss issues with partners/ to get their requirements and deliver the same in the form of projects Tuning of rules, filters, and policies for detection-related security technologies to improve accuracy and visibility. Providing weekly/monthly reports to the Upper Management.

Designation: EndPoint Security Engineer Experience: 2-10 Years years Education: Any Graduate Location: Bengaluru Description: Trend Micro Antivirus, EDR (Endpoint Detection & Response)MDM (Mobile Device Management), DLP (Data Loss Prevention)Anti-Spam, Anti-APT (Advanced Persistent Threats)Vulnerability Management & PatchingKnowledge of ITIL Processes If you're passionate about securing endpoints and making a difference in cybersecurity, were looking for YOU!

Patch Management team will be responsible for regular BAU Patching, VA (Vulnerability Assessment) and for all infrastructure components Operating Systems ,Database Patching ,Middleware Patching ,Network Support

We are looking for a Cyber Defense Vulnerability Incident Response Senior Analyst to join our growing Cyber Defense Operations (CDO) Centre. This role provides an outstanding opportunity to lead the response to critical vulnerabilities while also contributing to security incident handling and response. The ideal candidate will have a solid background in vulnerability management, with additional expertise in incident response. This is a great opportunity for someone who wants to deepen their understanding of the overlap between vulnerability management (VM) and incident response (IR). We are at an exciting moment in our transformation! Arm has a bold vision to develop technology that invisibly enables opportunity for a globally connected population. To achieve this, Arm is growing rapidly and developing new products. With new business capabilities, Arm is encountering new security challenges that require a thoughtful, adaptable approach to strengthen its cyber defences and detect respond strategy. Responsibilities: Vulnerability Management (Main Focus) Lead operational vulnerability management activities across infrastructure, applications, cloud, and third-party platforms. Validate findings and prioritize remediation based on business risk and threat intelligence. Collaborate with global IT, Engineering, and Security teams to drive vulnerability remediation efforts. Optimize and manage ServiceNow Vulnerability Management workflows. Act as technical lead in remediation planning, providing guidance and support to stakeholders. Collaborate with Red Team, Threat Intelligence, and Product Security to identify high-risk vulnerabilities. Lead Major vulnerability Incident response efforts in accordance with the response plan and policies. Incident Response (Secondary Focus) Support team in incident triage and response efforts as needed, particularly those involving vulnerability exploitation. Assist in forensic investigations and log analysis for potential Security Incidents. Contribute to the development of playbooks for vulnerability incident response. Deliver training and mentorship to junior analysts. Required Skills Experience: Demonstrable experience in vulnerability management, including implementation of scanning tools like Tenable, Qualys, or similar platforms. Hands-on experience with ServiceNow Vulnerability Management workflows and integrations. Experience with remediation coordination, risk-based prioritization, and vulnerability lifecycle management. Exposure to incident handling, including forensic and malware analysis basics. Solid understanding of cloud and container security vulnerabilities (AWS, Azure, GCP). Sufficient understanding of web technologies to manage Web vulnerabilities. Ability to articulate risk and technical topics clearly to non-technical stakeholders. Scripting and automation skills (eg, Python, PowerShell) to streamline workflows. Deep understanding of the cyber threat landscape and emerging exploitation trends. Nice-to-Have Skills Certifications: BSc or higher in Cybersecurity, Computer Science, or related field! Professional certifications: GIAC (GCIH, GCFA, GPEN), OSCP, or CISSP. Exposure to penetration testing or Red Teaming methodologies. Understanding of ITIL processes and project management principles

we're looking for a bold, visionary engineering leader to head our Core Infrastructure team in India If you thrive on scaling complex systems, championing security, and building teams that punch above their weight, you'll feel right at home here In this role, you'll shape the technical backbone of Eightfolds AI platform, leading infrastructure, security, and potentially analytics, while partnering cross-functionally to deliver impact at enterprise scale This is a high-leverage, high-autonomy opportunity to build what others depend on About Team: The Core Infrastructure Team is the backbone of Eightfold, responsible for the architecture, maintenance, and enhancement of critical elements of our technology stack This encompasses Search, Databases, Machine Learning Infrastructure, Data Warehouse, Developer Platform, and Application Infrastructure Our work is foundational to every product at Eightfold, underpinning the services our users and customers interact with daily The infrastructure we build and maintain is pivotal to our mission, ensuring scalability, reliability, and security across all our offerings What you'll Own Drive: Lead the vision, roadmap, and execution for Infrastructure, Security, and Analytics platforms Build and scale high-performing engineering teams with strong technical leadership at every level Partner cross-functionally with Product, Data, and DevOps to deliver secure, scalable systems Ensure reliability, availability, and performance across hybrid (cloud + on-prem) environments Define and enforce security strategy, incident response, and compliance frameworks (SOC2, ISO27001, etc) Champion modern engineering practices CI/CD, observability, cost optimization, and operational excellence Build out an end-to-end Analytics Product stack including data warehouse, query engine, and dashboards Hire, mentor, and retain top-tier talent while cultivating a world-class engineering culture Provide hands-on leadership for strategic tech initiatives and major product/platform areas Own the full product/technology lifecycle from vision and architecture to deployment and impact What You Bring: Min of 10+ years of exp in engineering, with at least 3+ years leading teams at scale Deep expertise in cloud-native infrastructure (AWS, GCP, etc) and DevSecOps principles Proven success in building and scaling secure, reliable platforms Experience leading security initiatives threat modeling, vulnerability management, and compliance Strong communicator and stakeholder partner; able to influence across engineering and business Bonus: Experience scaling analytics stacks (Snowflake, dbt, Airflow, Looker, etc) Demonstrated ability to build high-caliber teams and a thriving engineering culture Cross-functional thinker who gets things done end-to-end Eightfold Engineering Values: We are a team of self-starters who excel in our fields We believe in giving you'responsibility, not a task We want you to have ownership and pride in the work you are doing, and see the positive impact of your work on your colleagues, our customers, and people around the world We have a mindset of continuously improving There is no detail that is beneath us, and we can dive into anything needed We focus on executing fast and delivering value to our customers every single day We believe in providing transparency and support, so you can do the best work of your career

Diverse Lynx is looking for SOC Analyst to join our dynamic team and embark on a rewarding career journey. Monitor and analyze security events and incidents, identifying and investigating potential threats Maintain the security of our network and systems by implementing security controls and best practices Work closely with the rest of the security team to ensure that our systems and networks are secure and compliant with industry standards Maintain accurate documentation and reports on security events and incidents Communicate effectively with team members and other stakeholders to ensure that security issues are addressed in a timely and effective manner Stay up to date with the latest security technologies and threats

We are hiring for Technical Delivery Manager: Total Exp : 10 + Years Shift Timing: 24/7 Shift Location : Bangalore : M G Road Notice Period: Immediate Joiners only Interested candidates Please share your updated Resume with : Suneetha.d@truglobal.com Contact No : 9513059942-- Suneetha D Required Min 8 to10 years of hands-on experience as a Technical Delivery Manager: Conduct a comprehensive audit of existing IT infrastructure, network, security, and assets. Identify gaps in current support, monitoring, and IT service capabilities. Define and establish Service Level Agreements (SLAs) tailored to business needs. Lead day-to-day IT operations, ensuring high availability and performance. Ensure IT infrastructure, network, and security align with business objectives. Monitor system health, ensure uptime, and deliver performance reporting aligned with organizational KPIs. Direct incident response, root cause analysis, and the implementation of corrective/preventative actions. Support lifecycle management, patching, compliance (e.g., PCI), and endpoint protection (Defender, Intune). Drive onboarding/offboarding processes, mobile device management, and software license tracking. Plan and execute backup, disaster recovery (DR), and business continuity strategies. Maintain accurate asset inventories, equipment refresh schedules, and warranty management processes. Ensure delivery of regular security awareness training and vulnerability management practices. Facilitate procurement, project execution, break/fix services, and solution designs (hardware/software). Manage third-party vendors and service providers, acting as a single point of contact for coordination. Assess vendor performance and IT operational risks. Facilitate knowledge transfer from existing IT teams, vendors, and service providers. Document all IT assets, including hardware, software, vendor relationships, and licensing. Define incident escalation procedures and response times for various IT issues. Standardize IT documentation practices to ensure consistency and compliance. Set up and manage 24x7x365 IT Help Desk operations. Establish a knowledge base for common IT issues and resolutions. Onboard IT support resources and align them with help desk processes. Ensure continuous service improvement by monitoring help desk performance metrics. Develop IT process documentation, templates, and operational guidelines. Should be able to handle team of 10 -15 People Preference: Certification in ITIL, PMP, or CISSP is a plus. Experience with Managed SOC-as-a-Service and SIEM solutions. Familiarity with German and U.S. IT regulatory requirements. Prior experience in supporting high-tech or manufacturing environments.

As an Associate Developer at IBM, you'll work with clients to co-create solutions to major real-world challenges by using best practice technologies, tools, techniques, and products to translate system requirements into the design and development of customized systems. In your role, you will be responsible for: Your primary responsibilities include: Working on the end-to-end feature development and solving challenges faced in the implementation. Collaborate with key stakeholders, internal and external, to understand the problems, issues with the product and features and solve the issues as per SLAs defined. Being eager to learn new technologies and implementing the same in feature development Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Hands on extensive experience on RPG language on AS/400 System I and have worked on Production system and Application Development. 3+ years of relevant experience working on mainframes. Should have technical expertise/hands on - Assembler, COBOL, JCL, CICS, VSAM, Inter-test, Fault Analyser, File-Manager, Control-M/Any other Scheduler etc. Should have expertise working on JIRA/Confluence/SharePoint/Any Change management tool (Remedy/Myservice/Service now etc.) Message Types and Transaction flows Preferred technical and professional experience Processing between Acquirers, Issuer & Acquiring gateways etc. Interact with different stake holders, gather and articulate the Requirements. Good communications skills to deal with the clients directly and set up calls to bring the Business and Delivery inline

Role & responsibilities: Act as the SME when eliciting Vulnerability management technology changes and Remediation orchestration business process. Support Product & Service owners to validate technology and process changes to ensure Remediation orchestration platform is meeting standard vulnerability management controls. Assess and understand business impact of Vulnerability lifecycle management security policies; procedures; and guidelines. Consolidate remediation progress on application and infrastructure vulnerabilities into one risk focused view to help guide senior management risk and remediation decisions. Manage and influence stakeholders in understanding risk exposure; remediation prioritisation and importance from vulnerabilities the Bank could be exposed to. To provide timely support on initiatives to improve vulnerability remediation service incrementally including reporting; workflow; data processing enhancements. Research and report on latest advancements in the vulnerability management lifecycle tooling and process. Take personal responsibility for embedding the highest standards of ethics; including regulatory and business conduct. Primary skills: Vulnerability Management CISSP Remediation

Domain Certifications CISSP, CISA, CRISC, ISO 27001 Responsibilities Own and lead the governance program at account level for a large Financial services account with 700 + head count and multi country locations having high security Offshore Delivery Centres & Work from home teams Develop, implement and monitor Account level Information security governance program; meeting client compliance requirements proactively Perform contract reviews, cyber security risk assessments and drive compliance programs to meet contractual and organizational cyber security requirements within the client offshore delivery centres. Experience in Application security and code reviews which can be leveraged to guide and work with delivery teams on covering the cyber security risks associated with Application security, development and maintenance projects. Work closely with different teams internally like IT, business, HR, facilities, cyber security which operate at Organization level to translate client requirements and assess residual risk if required Give directions and monitor the compliance and operations activities within the account through dedicated team and work closely with account team on ensuring the compliance within account team Develop account level procedures, metrics and review programs to maintain and enhance the governance model within the account Be a single point of contact for client interactions during third party audits and liaise within the organization Prepare the account for certification and internal audit requirements based on industry standards like PCI DSS and ISO 27001 requirements Focus and objective driven to demonstrate ongoing improvements; identify early indicators of non compliance and able to draw mitigation actions Hold technical skills to participate in technical discussions for delivery centre setup, connectivity models Excellent communication skills and have demonstrated effective CXO level reviews

Roles & Responsibilities: We are seeking an experienced Vulnerability Management Engineer to join our Security Operations team. The ideal candidate will be responsible for identifying, tracking, and remediating vulnerabilities across cloud and on-premises environments, while also supporting broader security operations initiatives. Vulnerability Remediation & Patch Management: Work with InfoSec and IT teams to coordinate and track the remediation of vulnerabilities across the organization. Provide hands-on support in implementing and verifying patches for critical vulnerabilities on Windows, Linux, and cloud systems. Coordinate with infrastructure and application teams to validate patch readiness, test deployments, and confirm successful remediation. Ensure timely resolution of high and critical vulnerabilities in line with internal SLAs. Reporting & Compliance: Create and maintain weekly remediation reports outlining prioritization, risk classification, remediation status, and compliance metrics. Develop dashboards, trackers, and compliance summaries using internal tools (e.g., Excel, Power BI, or ServiceNow). Track patch management lifecycle from detection to closure with detailed documentation and metrics. Security Operations Support: Continuously monitor security alerts and events via tools like QRadar SIEM, Palo Alto Cortex XDR, and others to identify indicators of compromise. Investigate and respond to security incidents, including endpoint and email threats, escalating as needed. Tune SIEM rules and threat detection logic to reduce false positives and improve response efficiency. Stay updated on emerging threats, vulnerability disclosures, and zero-day advisories to support proactive mitigation. Policy & Documentation: Maintain detailed documentation of vulnerability management procedures, remediation efforts, patch testing results, and lessons learned. Support compliance initiatives (e.g., ISO 27001, HIPAA, GDPR) by ensuring vulnerability data and remediation timelines meet audit requirements. Qualifications: Experience : 6+ years in a Security Operations or Vulnerability Management role. Education : Bachelor's degree in Computer Science, Information Security, or a related field. Certifications (preferred): CISSP, CEH, CISM, CompTIA Security+, or equivalent. Technical Skills : Experience with tools like IBM QRadar, Palo Alto Cortex XDR, Qualys/Tenable/Nessus. Familiarity with cloud security in Azure and Microsoft 365. Strong understanding of patch management, CVSS scoring, and vulnerability lifecycle. Soft Skills : Strong analytical and communication skills. Ability to work cross-functionally with IT and infrastructure teams. Adaptability to changing threat environments and security priorities. Nice to Have: Experience building Power BI dashboards or using reporting tools to visualize patch status. Familiarity with ServiceNow or other ITSM platforms for tracking remediation tasks.

Primary Skills - Software Engineer, Full Stack Engineer Job Description: Multi-Cloud Landing Zone Platform Engineer Overview: We are seeking a highly skilled Multi-Cloud Landing Zone Platform Engineer to design, implement, and manage our multi-cloud landing zone platform. This role involves working with Terraform, Terraform Sentinel, Cloud Service Control Policies, HashiCorp Vault, and various automation tools to ensure seamless integration, security, and governance across our cloud environments. Responsibilities: Design and Implementation: Develop and deploy multi-cloud landing zones using Terraform and Terraform Sentinel. Policy Management: Implement and manage Cloud Service Control Policies to ensure compliance and governance. Security: Utilize HashiCorp Vault for secrets management and ensure robust security practices. Automation: Automate account vending and infrastructure provisioning using Infrastructure as Code (IaC) principles. DevOps: Integrate DevOps practices to streamline development and operations workflows. Scripting: Write and maintain Python scripts for automation and integration tasks. IAM: Manage Identity and Access Management (IAM) policies and roles. Monitoring: Implement monitoring solutions to ensure system health and performance. Security and Vulnerability Management: Conduct regular security assessments and vulnerability management. Logging: Set up and manage logging solutions for audit and troubleshooting purposes. Integration: Integrate the platform with ServiceNow for IT service management. Operations and Maintenance: Focus on the operational aspects and maintenance of the platform. Governance: Establish and enforce governance guardrails to ensure compliance and best practices. Required Skillset: Terraform: Proficiency in Terraform for infrastructure provisioning and management. Terraform Sentinel: Experience with Terraform Sentinel for policy as code. Cloud Service Control Policies: Knowledge of implementing and managing cloud service control policies. HashiCorp Vault: Expertise in using HashiCorp Vault for secrets management. Automation: Strong skills in automating infrastructure provisioning and account vending using IaC. DevOps: Familiarity with DevOps practices and tools. Python: Proficiency in Python for scripting and automation. IAM: Experience in managing IAM policies and roles. Monitoring: Knowledge of monitoring tools and practices. Security: Understanding of security best practices and vulnerability management. Logging: Experience in setting up and managing logging solutions. ServiceNow: Ability to integrate with ServiceNow for IT service management. Operations and Maintenance: Focus on operational aspects and maintenance of cloud platforms. Governance: Ability to establish and enforce governance guardrails. Preferred Qualifications: Certifications: Relevant certifications in cloud platforms (e.g., AWS, Azure). Experience: Proven experience in managing multi-cloud environments. Communication: Strong communication skills to collaborate with cross-functional teams. Problem-Solving: Excellent problem-solving skills and attention to detail. Do Drive technical solution support to the team to align on continuous integration (CI) and continuous deployment (CD) of technology in applications Design and define the overall DevOps architecture/ framework to for a project/ module delivery as per the client requirement Decide on the DevOps tool & platform and which needs to be deployed aligned to the customers requirement Create a tool deployment model for validating, testing and monitoring performance and align or provision for resources accordingly Define & manage the IT infrastructure as per the requirement of the supported software code Manage and drive the DevOps pipeline that supports the application life cycle across the DevOps toolchain from planning, coding and building, to testing, to staging, to release, configuration and monitoring Work with the team to tackle the coding and scripting needed to connect elements of the code that are required to run the software release with operating systems and production infrastructure with minimum disruptions Ensure on boarding application configuration from planning to release stage Integrate security in the entire dev-ops lifecycle to ensure no cyber risk and data privacy is maintained Provide customer support/ service on the DevOps tools Timely support internal & external customers escalations on multiple platforms Troubleshoot the various problems that arise in implementation of DevOps tools across the project/ module Perform root cause analysis of major incidents/ critical issues which may hamper project timeliness, quality or cost Develop alternate plans/ solutions to be implemented as per root cause analysis of critical problems Follow escalation matrix/ process as soon as a resolution gets complicated or isnt resolved Provide knowledge transfer, sharing best practices with the team and motivate Team Management Resourcing Forecast talent requirements as per the current and future business needs Hire adequate and right resources for the team Train direct reportees to make right recruitment and selection decisions Talent Management Ensure 100% compliance to Wipros standards of adequate onboarding and training for team members to enhance capability & effectiveness Build an internal talent pool of HiPos and ensure their career progression within the organization Promote diversity in leadership positions Performance Management Set goals for direct reportees, conduct timely performance reviews and appraisals, and give constructive feedback to direct reports. Incase of performance issues, take necessary action with zero tolerance for will based performance issues Ensure that organizational programs like Performance Nxtarewell understood and that the team is taking the opportunities presented by such programs to their and their levels below Employee Satisfaction and Engagement Lead and drive engagement initiatives for the team Track team satisfaction scores and identify initiatives to build engagement within the team Proactively challenge the team with larger and enriching projects/ initiatives for the organization or team Exercise employee recognition and appreciation Deliver No. Performance Parameter Measure 1. Continuous Integration, Deployment & Monitoring 100% error free on boarding & implementation 2. CSAT Manage service tools Troubleshoot queries Customer experience 3. Capability Building & Team Management % trained on new age skills, Team attrition %, Employee satisfaction score Mandatory Skills: DevOps-Terraform.

Transport is at the core of modern society. Imagine using your expertise to shape sustainable transport and infrastructure solutions for the futureIf you seek to make a difference on a global scale, working with next-gen technologies and the sharpest collaborative teams, then we could be a perfect match. Who are you Are you the kind of person who is passionate about cybersecurity both process and product implementationWould you like to use your passion in the automotive industry and be part of the cybersecurity vehicle type approvalWould you like to work in a great team with competent and helpful colleagues As a person, you have a holistic view, out of the box mindset, broad technical know-how combined with very good people skills and a strong belief in agile methods. You have a strong ability to inspire, develop and motivate individuals and teams. You are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis. We value broad and deep technical knowledge, specifically in the fields of forensics, malware analysis, network security, application security, threat hunting, and threat intelligence. Team Overview Our team, Product Cybersecurity Management System (PCSMS) is in the heart of a great transformation. We work with developing and improving our product cybersecurity management system (PCSMS) in a continues manner along with coordinating the Cybersecurity work according to R155 and ISO/SAE 21434 along all teams within Volvo Group Truck Technology (GTT), we also supporting teams to do high level attack vector analysis and vehicle TARA analysis to facilitate releasing work products according to state of the arts. As part of our continuous improvement effort, we are looking for qualified Cybersecurity Incident Response Engineer to join our innovative, high-energy team. In this role you will work in the Incident Response Team to respond to security events, conduct analysis of threats such as malware and intrusion attempts, and provide security services to safeguard highly sensitive data as well as work hands-on with detection systems and vulnerability analysis tools to respond to potential threats to our products. Responsibilities Continuously monitor threats and risks to the vehicle product especially post SOP until End-of-Life Secure early detection of cybersecurity issues through analysis of vehicle security data and CTI through proactive manner Perform open-source investigation (OSINT) Perform cyber threat intelligence and monitoring. SOC and VSOC monitoring Perform controlled simulated attacks on systems to evaluate their security defences and identify areas for improvement. Identify and manage vulnerabilities and provides lessons learned to further development projects Defines thresholds on which a cybersecurity event will be triggered Perform and coordinates investigation of the technical impact, the scale of the technical impact, and other technical analyses Identifies, analyse, and remediates cybersecurity events and incidents Conducts initial technical analysis resulting in a confirmation or rejection of the event as a PCS incident Conducts classification of a confirmed PCS incident to indicate its impact, urgency, and prioritisation. Triggers and follows-up short-term solution development and implementation from the technical side Supports long-term solution decisions and actions from a technical perspective Coordinates communication with internal technical stakeholders Supports the update of the PCS Incident Response Report Drives the post-incident review activities Manages the cybersecurity risk methodology used in the TARA Manages the cybersecurity aspects of tools that can impact the cybersecurity risks on the vehicle Required Qualification MSc. in Computer Science, Cybersecurity, System engineering Extensive experience (5+ years) and best practice understanding in the field of automotive cyber security, including risk management, incident response, and security vulnerability management, CTI, VSOC VV and Hacking knowledge is a plus Experiences in TARA analysis Knowledge of ISO 21434 and R155 is a plus Knowledge of automotive and embedded system engineering Technical depth in conducting penetration testing, vulnerability assessments, and security audits to identify and address potential vulnerabilities, digital forensic, malware analysis, threat hunting, etc Understanding of attacker exploit techniques and their remediation Experiences in tool set up Proficiency in data analysis Ability to work with high degree of autonomy We value your data privacy and therefore do not accept applications via mail. Who we are and what we believe in . Applying to this job offers you the opportunity to join Volvo Group . Every day, across the globe, our trucks, buses, engines, construction equipment, financial services, and solutions make modern life possible. We are almost 100,000 people empowered to shape the future landscape of efficient, safe and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents with sharp minds and passion across the group s leading brands and entities. At Group People Culture , a part of Volvo Group, we create the foundation and frameworks for people growth and organizational development, to drive the people agenda that enables the realization of the Volvo Group aspirations through people strategy and commitment. You will be part of a global and diverse team of highly skilled professionals who work with passion, trust each other and embrace change to stay ahead.

Who are you Are you the kind of person who is passionate about cybersecurity both process and product implementationWould you like to use your passion in the automotive industry and be part of the cybersecurity vehicle type approvalWould you like to work in a great team with competent and helpful colleagues As a person, you have a holistic view, out of the box mindset, broad technical know-how combined with very good people skills and a strong belief in agile methods. You have a strong ability to inspire, develop and motivate individuals and teams. You are unique individuals prepared to relentlessly resolve security issues by gathering and analyzing event data and conducting root-cause analysis. We value broad and deep technical knowledge, specifically in the fields of forensics, malware analysis, network security, application security, threat hunting, and threat intelligence. Team Overview Our team, Product Cybersecurity Management System (PCSMS) is in the heart of a great transformation. We work with developing and improving our product cybersecurity management system (PCSMS) in a continues manner along with coordinating the Cybersecurity work according to R155 and ISO/SAE 21434 along all teams within Volvo Group Truck Technology (GTT), we also supporting teams to do high level attack vector analysis and vehicle TARA analysis to facilitate releasing work products according to state of the arts. As part of our continuous improvement effort, we are looking for qualified Cybersecurity Incident Response Engineer to join our innovative, high-energy team. In this role you will work in the Incident Response Team to respond to security events, conduct analysis of threats such as malware and intrusion attempts, and provide security services to safeguard highly sensitive data as well as work hands-on with detection systems and vulnerability analysis tools to respond to potential threats to our products. Responsibilities Continuously monitor threats and risks to the vehicle product especially post SOP until End-of-Life Secure early detection of cybersecurity issues through analysis of vehicle security data and CTI through proactive manner Perform open-source investigation (OSINT) Perform cyber threat intelligence and monitoring. SOC and VSOC monitoring Perform controlled simulated attacks on systems to evaluate their security defences and identify areas for improvement. Identify and manage vulnerabilities and provides lessons learned to further development projects Defines thresholds on which a cybersecurity event will be triggered Perform and coordinates investigation of the technical impact, the scale of the technical impact, and other technical analyses Identifies, analyse, and remediates cybersecurity events and incidents Conducts initial technical analysis resulting in a confirmation or rejection of the event as a PCS incident Conducts classification of a confirmed PCS incident to indicate its impact, urgency, and prioritisation. Triggers and follows-up short-term solution development and implementation from the technical side Supports long-term solution decisions and actions from a technical perspective Coordinates communication with internal technical stakeholders Supports the update of the PCS Incident Response Report Drives the post-incident review activities Manages the cybersecurity risk methodology used in the TARA Manages the cybersecurity aspects of tools that can impact the cybersecurity risks on the vehicle Required Qualification MSc. in Computer Science, Cybersecurity, System engineering Extensive experience (5+ years) and best practice understanding in the field of automotive cyber security, including risk management, incident response, and security vulnerability management, CTI, VSOC VV and Hacking knowledge is a plus Experiences in TARA analysis Knowledge of ISO 21434 and R155 is a plus Knowledge of automotive and embedded system engineering Technical depth in conducting penetration testing, vulnerability assessments, and security audits to identify and address potential vulnerabilities, digital forensic, malware analysis, threat hunting, etc Understanding of attacker exploit techniques and their remediation Experiences in tool set up Proficiency in data analysis Ability to work with high degree of autonomy Who we are and what we believe in Our focus on Inclusion, Diversity, and Equity allows each of us the opportunity to bring our full authentic self to work and thrive by providing a safe and supportive environment, free of harassment and discrimination. We are committed to removing the barriers to entry, which is why we ask that even if you feel you may not meet every qualification on the job description, please apply and let us decide. Applying to this job offers you the opportunity to join Volvo Group . Every day, across the globe, our trucks, buses, engines, construction equipment, financial services, and solutions make modern life possible. We are almost 100,000 people empowered to shape the future landscape of efficient, safe and sustainable transport solutions. Fulfilling our mission creates countless career opportunities for talents with sharp minds and passion across the group s leading brands and entities. At Group People Culture , a part of Volvo Group, we create the foundation and frameworks for people growth and organizational development, to drive the people agenda that enables the realization of the Volvo Group aspirations through people strategy and commitment. You will be part of a global and diverse team of highly skilled professionals who work with passion, trust each other and embrace change to stay ahead.

The Information Security Analyst will be responsible for the development, implementation, and maintenance of the FA s information security program. The successful candidate will have experience with all the information security domains of ISO 27001:2022 standard. Responsibilities will include: Assist in developing and implementing policies, procedures, and guidelines related to information security Assist in conducting periodic risk assessments and audits to identify potential vulnerabilities, threats, and risks. Assist in developing and implementing Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP). Collaborate with other teams to ensure the security of our systems, applications, and data Work with infosec team in providing guidance and support to the organization on information security-related matters Stay up-to-date with the latest developments in information security and recommend improvements to the Information Security Program as necessary Qualification and experience: Bachelors degree in computer science, information technology, or related field Experience: Minimum 1-2 years (s) of experience in hands-on experience in managing information security Other Knowledge, Skills, Abilities or Certifications: (First list requirements, followed by preferences.) Experience with Business Continuity Planning (BCP). Basic knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS). Understanding about vulnerability management, risk assessments, and audits. Understanding incident response, disaster recovery, and business continuity planning. Basic understanding of network and system architecture. Excellent communication and collaboration skills. Relevant certifications (e.g., ISO 27001:2022) are a plus Work Location : Bangalore (Hybrid Model) (Only Bangalore based employees can apply) Shift timing : India business hours (should be flexible to work as per the modified business hours in case there is a need) Joining time: 2 nd June 2025 United States Equal Opportunity Employment: First Advantage is proud to be a global leader in removing barriers and supporting our community members to ensure the changing demographics of the workforce are reflected in our hiring and employment practices. We value all of our candidates, employees, and clients, and place great emphasis on hiring and supporting qualified individuals in each role. We are an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, genetic information, or any other area protected by applicable law.

Position Description: Vocera, now a part of Stryker is seeking an experienced technical RD manager with a strong background in software engineering and cloud domain, coupled with excellent people management skills. In this role, you will mentor and lead a team, driving innovation and delivering high-quality enterprise-class products. You will oversee software development, support and testing, ensuring the scalability, longevity, and reliability of product releases. What will you do: Technical Management Responsibilities: Experience managing the development, testing, and deployment of a mission-critical Java-based backend platform serving customers. Provide technical leadership and guidance to the team in one or more of the following areas. (Java, Kotlin, Databases, Security, Observability, Infrastructure, Containerization, CI/CD, Cloud) Collaborate with teams in North America, Technical Support, Escalations, and DevOps to anticipate and mitigate project issues as well as troubleshoot issues encountered by customers. Deliver high-quality releases on legacy platform, including bug-fixes, security patches, and features as needed. Determine project staff assignments and schedule work to meet completion dates and RD deliverables. Build and mentor a high-performing team, fostering an environment of trust, psychological safety, and continuous learning. Lead with empathy and inclusion, fostering a culture where team members feel supported, challenged, and valued. Balance technical innovation with practical execution, ensuring high-quality releases at speed. Provide regular coaching and career development opportunities to help engineers grow their skills and advance in their careers. Experience executing a talent and performance management strategy. Promote a culture of collaboration, open communication, and shared ownership. What you will need: Technical Skills: Proficient in building robust back-end applications using Java , Spring Boot / Spring Framework . Knowledge of Kotlin is a strong plus. Hands-on expertise with Kafka Confluent for event streaming and message brokering. Experience with containerization and orchestration of Java applications with tools such as Docker and Kubernetes . Knowledge of microservice architecture , including designing, developing, and deploying scalable services. Knowledge of enterprise-grade observability tools (Datadog, Splunk, Prometheus, or other)is a strong plus. Strong experience with CI/CD pipelines using tools such as Jenkins , Gitlab CI/CD , or similar technologies. Familiarity with cloud platforms such as AWS , GCP , or Azure , and their associated services. A basic understanding of application security, identity management, and vulnerability management strategies is a strong plus. Strong problem-solving skills, with the ability to analyze complex technical issues and develop creative solutions. Good communication skills and the ability to work in Agile development environments. EDUCATION REQUIREMENTS Bachelor s degree in computer science or related field required. Masters in a related field preferred. 12+ years applicable experience, with 4+ years direct people management experience. Strong hands-on development background in Java, Kotlin, or a similar programming language preferred. Travel Percentage: 10%

Role: Senior DevOps Engineer(SSE III) Responsibilities: Design and implement security automation across CI/CD pipelines Own and evolve the organizations DevSecOps strategy and security-as-code practices Collaborate with devs and SREs to embed threat modeling, SAST, DAST, and IaC scanning \ Establish own relevant healthy DevOps processes and practices within the team Define secure cloud architecture standards for GCP-based services Continuously assess risks, vulnerabilities, and compliance gaps through tooling and process Establish and champion secure coding and deployment practices Lead incident response and create playbooks for security incident Required: 6+ years in DevOps using Cloud Native Technologies 2+ years focused on DevSecOps/Security Engineering Strong experience in CI/CD tools (Jenkins, GitLab CI, ArgoCD, etc.) with security integrations Hands-on with infrastructure as code (Terraform, Helm) and security linters Expertise in container security (Docker, Kubernetes, Aqua/Trivy/Anchore) Ability to implement and maintain SAST, IaC, SCA, DAST, IAST, Container Runtime Security Runtime SCA Familiarity with threat modelling, attack surface reduction, and vulnerability management Experience with REST APIs and GraphQL API design and development Proficient in GCP security services Experience with compliance (SOC2, ISO27001) and policy-as-code (OPA, Sentinel) Why us You will be working with a lean team of passionate and talented individuals. We know that working with like-minded people is important. We are on a mission to supercharge brick-and-mortar retail stores in the era of e-commerce. Our customers give us confidence in our journey, and you will have a huge impact with your wor.k You will be free to experiment and can choose to do things differently. Lastly, we deeply care about a culture of being a solver. Come, be one with us! Equal opportunity employer Grey Orange Inc. is an equal employment opportunity employer. The company s policy is not to discriminate against any applicant or employee based on race, color, religion, national origin, gender, age, sexual orientation, gender identity or expression, veteran status, marital status, mental or physical disability, and genetic information, or any other basis protected by applicable law. Grey Orange also prohibits harassment of applicants or employees based on any of these protected categories.

Diversity hiring for Cyber Security Engineer - 5 to 10 Years at Bangalore. Position Cyber Security Engineer Experience – 5 to 10 Years Location – Bangalore Job Description: 5-8 years of experience in cybersecurity engineering, preferably in the manufacturing or industrial control systems (ICS) sectors. Strong knowledge of cybersecurity principles, risk management, and threat analysis. Proficiency with cybersecurity tools and technologies used for monitoring, detection, and incident response. Familiarity with cybersecurity standards and regulations such as IEC 62443, ISO 27001, NIST, etc. Relevant certifications such as CISSP, CISM, CEH, or GIAC are preferred. If interested, please share cv on omkar@hrworksindia.com Regards, Omkar 8208497043

What you'll do We are seeking a highly skilled and motivated Information Security Executive to join our team. The ideal candidate will have in-depth knowledge of ISO 27001, ISO 27701, ISO 27002, ISO 27005, GDPR 2016, and DPDP Act 2023. This role involves preparing and maintaining security policies, processes, and procedures, conducting internal audits, and leading monthly review meetings to ensure our organization remains compliant and secure. - Key Responsibilities Develop and Maintain Security Policies and Procedures: Create, update, and enforce information security policies, processes, and procedures in line with ISO 27001, ISO 27701, ISO 27002, and ISO 27005 standards. Ensure compliance with GDPR 2016 and DPDP Act 2023 regulations. Communicate and train staff on security policies and procedures. - Internal Audits: Plan, conduct, and document internal audits to ensure compliance with established security standards and regulations. Identify and address vulnerabilities and non-compliance issues. Work with relevant departments to implement corrective actions and continuous improvements. - Monthly Review Meetings: Organize and lead monthly security review meetings. Present audit findings, security incidents, and risk assessments to senior management. Monitor and report on the effectiveness of the security measures implemented. - Compliance and Governance: Ensure ongoing compliance with relevant data protection laws and regulations. Stay updated on changes in legislation and standards affecting information security. Liaise with regulatory bodies as needed. Qualifications Bachelor's degree in Information Security, Computer Science, or a related field. Professional certifications will be an added advantage. Proven experience in information security management, particularly in ISO 27001, ISO 27701, ISO 27002, and ISO 27005. Strong understanding of GDPR 2016 and DPDP Act 2023. Excellent communication and interpersonal skills. Strong analytical and problem-solving abilities. Ability to work independently and as part of a team. Skills and Competencies Technical Expertise: Deep knowledge of information security principles, standards, and frameworks. Policy Development: Proficiency in developing and implementing security policies, processes, and procedures. Audit and Compliance: Experience conducting internal audits and ensuring compliance with security standards and regulations. Risk Management: Ability to conduct risk assessments and develop risk mitigation strategies. Communication: Strong ability to communicate complex security concepts to non-technical stakeholders.

At Iron Mountain we know that work, when done well, makes a positive impact for our customers, our employees, and our planet Thats why we need smart, committed people to join us Whether youre looking to start your career or make a change, talk to us and see how you can elevate the power of your work at Iron Mountain, We provide expert, sustainable solutions in records and information management, digital transformation services, data centers, asset lifecycle management, and fine art storage, handling, and logistics We proudly partner every day with our 225,000 customers around the world to preserve their invaluable artifacts, extract more from their inventory, and protect their data privacy in innovative and socially responsible ways, Are you curious about being part of our growth stor y while evolving your skills in a culture that will welcome your unique contributionsIf so, let's start the conversation, Security Operations Specialist Vulnerability Management Location: Remote (India) Job Type: Full-Time Department: Information Security / Security Operations Job Summary We are seeking a Security Operations Specialist to manage and oversee the vulnerability management lifecycle , ensuring the security of cloud, application, and endpoint environments This role involves daily operations of Tenable, Prisma Cloud, Twistlock, AppOmni (SaaS Security Posture Management), and GitLab , focusing on identifying, prioritizing, and remediating critical, high, and medium vulnerabilities The ideal candidate will collaborate with IT teams to drive remediation efforts and provide actionable security insights to executive leadership , Key Responsibilities 1 Vulnerability Management & Monitoring Manage the configuration, operation, and optimization of vulnerability management tools ( Tenable, Prisma Cloud, Twistlock, AppOmni, GitLab ), Continuously scan, assess, and track vulnerabilities across cloud, application, and infrastructure environments, Prioritize critical, high, and medium vulnerabilities based on business risk, Remediation & Collaboration with IT Work closely with IT and DevOps teams to remediate vulnerabilities efficiently, Provide clear remediation steps and verify fixes after patching, Ensure compliance with security policies and industry best practices , Security Analysis & Reporting Analyze vulnerability trends and risk exposure to proactively mitigate threats , Develop dashboards, reports, and insights to communicate security risks to executives, Track and report on remediation progress and security posture improvements , Continuous Improvement & Process Automation Automate security workflows for vulnerability detection, triage, and reporting , Enhance vulnerability management processes and integrate security tools with SIEM and ITSM platforms, Stay updated on emerging threats, zero-day vulnerabilities, and evolving security technologies , Qualifications & Skills Required: 3+ years of experience in vulnerability management or security operations , Hands-on experience with Tenable, Prisma Cloud, Twistlock, AppOmni, GitLab , Strong understanding of cloud security (AWS, Azure, GCP), container security, and application vulnerabilities , Ability to analyze and prioritize vulnerabilities based on risk impact, Experience working with IT teams for remediation and patch management, Strong analytical and reporting skills to provide executive-level insights , Preferred: Certifications like CISSP, CEH, OSCP, or AWS Security Specialty , Experience integrating vulnerability management tools with SIEM/ITSM platforms, Familiarity with security frameworks (NIST, ISO 27001, CIS Controls) , Category: Information Technology Iron Mountain is a global leader in storage and information management services trusted by more than 225,000 organizations in 60 countries We safeguard billions of our customersassets, including critical business information, highly sensitive data, and invaluable cultural and historic artifacts

We are seeking a Security Specialist to join our team. The role involves identifying, researching, prioritizing, remediating, and mitigating vulnerabilities as part of our vulnerability management practice. you'll work with a diverse and skilled team to ensure the security of our information assets. What you will do: Align with units and stakeholders on PT test requirements and schedules. Conduct manual penetration testing with hands-on experience. Create scripts for payloads and simulate security breaches. Perform web, API, mobile, and infrastructure pen testing. Set up test labs for zero-day attacks and plan penetration methods. Execute periodic testing based on threat intelligence and data review. Report findings and suggest risk mitigation strategies. Present conclusions to stakeholders. Manage PT tools, licenses, and infrastructure. Drive automation and innovation for improved efficiency and quality. Document designs and configurations. Resolve reported vulnerabilities and propose solutions for gaps. Analyze critical exploits and mentor security engineers. Provide after-hours support for IT security incidents. The skills you bring: bachelors Degree in Computer Science or related field. 8-10 years of experience. Strong knowledge of security controls (eg, access control, encryption, and application security). Proficiency with PT tools like Kali Linux, Metasploit, and Burp Suite. Deep understanding of security issues in enterprise, network, API, and mobile systems. Familiarity with enterprise computing, distributed applications, and TCP/IP network security. Experience in writing technical reports and summaries. Ability to provide after-hours support and work under pressure. Effective in both team and independent work settings. Participate in on-call rotation for critical incidents. Strong collaboration and knowledge-sharing skills. Results-driven with excellent communication skills; fluency in English is essential. Preferred certifications: OSCP, OSWP, OSEP, OWSA, OWSE.