464 Vulnerability Management Jobs - Page 19

Need exp in Vulnerability Remediation, Patch, Active Directory, Incident response, Endpoint security, DLP, Device encryption, Security monitoring Exp- 6+ years Loc- Pune- Akrudi Immediate - 15 days serving needed Apply/share preethi.kumar@harjai.com

Role & responsibilities Minimum 3 years of overall experience 1+ years in Incident Management, Vulnerability Management, Bug Bounty & Cyber security analysis Assess and support severity assignment on reported vulnerabilities in line with the Common Vulnerability Scoring System (CVSS) Effectively communicating vulnerability findings to stakeholders, including technical and non-technical audiences Developing strategies to address identified vulnerabilities, including mitigation plans and timelines Coordinate the remediation of findings from the organizations Bug Bounty & Vulnerability Disclosure Programs working directly with whitehat researchers. Analyze findings to understand if our vulnerability scanners failed to identify them and work with the relevant to address any visibility gaps Identify missing security controls that could have mitigated the Bug Bounty finding and ensure correction is tracked to completion Mature the program through the onboarding of new assets Works closely with Risk Management teams to document identified risks and issues highlighted through Bug Bounty Program Maintains a working knowledge of key data security frameworks and regulations such as PCI (Payment Card Industry)/Logical Security guidelines and models, HIPPA (Health Insurance Portability and Accountability Act), (GDPR) General Data Protection Regulation, PII (Personally Identifiable Information), NIST CSF (Cyber Security Framework). Collaborates with Legal and Privacy Offices when critical data is at risk as a result of a Bug Bounty finding Maintain and follow runbooks for day-to-day activities

Job Description Principal Security Software Engineer Are you interested in building large-scale distributed software for the cloud? Oracles Service Cloud team is building Software-as-a-Service technologies that operate at high scale in a broadly distributed multi-tenant cloud environment. Our customers run their businesses on our cloud, and our mission is to provide them with best in class compute, storage, networking, database, security, and an ever expanding set of foundational cloud-based services. Were looking for hands-on engineers with expertise and passion in identifying and resolving difficult security problems in distributed systems, virtualized infrastructure, and highly available services. If this is you, at Oracle you can design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, still at an early stage, and working on ambitious new initiatives. An engineer at any level can have significant technical and business impact. As a Principal Security Software Engineer you will review the software design and development for all components of Oracles Service Cloud team. Develops and execute programs and processes to reduce information security risk and strengthen Oracles security posture. You should value simplicity and scale, work comfortably in a collaborative, agile environment, and be excited to learn. Things you'll do:* Penetration testing* Hardening of network, software and firmware* Security tool development (e.g. scanning tools)* Security metrics definition and delivery* Consult across different software development teams* Attack vector modeling* Champion secure coding practices Minimum Qualifications: Bachelors or Masters degree in Computer Science or related field 7+ years of experience in software engineering or related field Experience working in a large cloud or Internet software company preferred Strong application/product/software security background Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff Excellent organizational, verbal and written communication skills Ability to succeed through collaboration and working through internal and external organizations and individuals Prior DevOps or continuous delivery and deployment experience preferred Strong security testing experience with Fortify, Burp, Zap or Webinspect. Thorough understanding of latest security principles, techniques, and protocols. Security certifications is a plus. Skills Required: Application architecture and design reviews; Penetration Testing and Vulnerability assessments; Web Services and API security assessments; Product Security Assessments and Threat Modeling; Dynamic Vulnerability Scanning using automated application scanners; Execute Secure Code Audits using manual and automated methods to review product codes; Secure SDLC Processes including DevOps and Agile; Knowledge of languages, including Java, .Net, PHP, C++, and XML; Security Testing tools, including Nmap, Nessus, Web Inspect, BurpSuite, ZAP Scanner, Fortify Secure code scanner, SOAP UI, Kali Linux, and Metasploit; Operating Systems including Windows and Linux; Cryptographic algorithms, hashing algorithms, encryption; and Network and web related protocols, including TCP/IP, TLS/SSL, HTTP, and FTP. Detailed Description and Job Requirements As a member of the software security team, you will assist in defining and developing software for tasks associated with the security testing of software applications. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs. Develop, implement, and enforce Oracles security policies. Develop, implement, and manage Oracles compliance with operational security procedures. Develop Security Review threat model and operationalization standards for cloud services to be built and deployed into Oracles Service cloud. Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law. Career Level - IC4 Career Level - IC4 Responsibilities Supports the strengthening of Oracles security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance.Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required.Incident Management and response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents.Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required.Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In Security role, may manage the creation, review and approval of corporate information security policies.Mentors and trains other team members. Compiles information and reports for management.

Job Description Principal Security Software Engineer Are you interested in building large-scale distributed software for the cloud? Oracles Service Cloud team is building Software-as-a-Service technologies that operate at high scale in a broadly distributed multi-tenant cloud environment. Our customers run their businesses on our cloud, and our mission is to provide them with best in class compute, storage, networking, database, security, and an ever expanding set of foundational cloud-based services. Were looking for hands-on engineers with expertise and passion in identifying and resolving difficult security problems in distributed systems, virtualized infrastructure, and highly available services. If this is you, at Oracle you can design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, still at an early stage, and working on ambitious new initiatives. An engineer at any level can have significant technical and business impact. As a Principal Security Software Engineer you will review the software design and development for all components of Oracles Service Cloud team. Develops and execute programs and processes to reduce information security risk and strengthen Oracles security posture. You should value simplicity and scale, work comfortably in a collaborative, agile environment, and be excited to learn. Things you'll do:* Penetration testing* Hardening of network, software and firmware* Security tool development (e.g. scanning tools)* Security metrics definition and delivery* Consult across different software development teams* Attack vector modeling* Champion secure coding practices Minimum Qualifications: Bachelors or Masters degree in Computer Science or related field 7+ years of experience in software engineering or related field Experience working in a large cloud or Internet software company preferred Strong application/product/software security background Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff Excellent organizational, verbal and written communication skills Ability to succeed through collaboration and working through internal and external organizations and individuals Prior DevOps or continuous delivery and deployment experience preferred Strong security testing experience with Fortify, Burp, Zap or Webinspect. Thorough understanding of latest security principles, techniques, and protocols. Security certifications is a plus. Skills Required: Application architecture and design reviews; Penetration Testing and Vulnerability assessments; Web Services and API security assessments; Product Security Assessments and Threat Modeling; Dynamic Vulnerability Scanning using automated application scanners; Execute Secure Code Audits using manual and automated methods to review product codes; Secure SDLC Processes including DevOps and Agile; Knowledge of languages, including Java, .Net, PHP, C++, and XML; Security Testing tools, including Nmap, Nessus, Web Inspect, BurpSuite, ZAP Scanner, Fortify Secure code scanner, SOAP UI, Kali Linux, and Metasploit; Operating Systems including Windows and Linux; Cryptographic algorithms, hashing algorithms, encryption; and Network and web related protocols, including TCP/IP, TLS/SSL, HTTP, and FTP. Detailed Description and Job Requirements As a member of the software security team, you will assist in defining and developing software for tasks associated with the security testing of software applications. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs. Develop, implement, and enforce Oracles security policies. Develop, implement, and manage Oracles compliance with operational security procedures. Develop Security Review threat model and operationalization standards for cloud services to be built and deployed into Oracles Service cloud. Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law. Career Level - IC4 Responsibilities Supports the strengthening of Oracles security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance.Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required.Incident Management and response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents.Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required.Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In Security role, may manage the creation, review and approval of corporate information security policies.Mentors and trains other team members. Compiles information and reports for management.

Job Description At Oracle Cloud Infrastructure (OCI) we build the future of the cloud for Enterprises. We act with the speed and attitude of a start-up along with the scale and customer focus of the leading enterprise software company in the world. About the team: The Enterprise Engineering SRE team is tasked with ensuring the security and compliance of internal systems by conducting regular audits, identifying potential gaps in existing standards and proactively improving the organization's overall security posture. The team plays a critical role in safeguarding the integrity, confidentiality and availability of all systems while driving risk management initiatives across departments including disaster recovery planning and execution. We are also responsible for liaising with various internal teams during audits, ensuring data sharing is concise, accurate and aligned for successful audit outcomes. Ideally, the candidate will possess several of the following skills: Supports the strengthening of Oracles security posture, focusing on one or more of the following: regulatory compliance; risk management; incident management and response; security policy development and enforcement; Threat and Vulnerability Management; Incident Management and response and similar focus areas. Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, CMMC, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. Conduct and document very complex information security risk assessments and assist in the creation and implementation of security solutions and programs Cloud Security: In-dept knowledge of cloud security principles and best practices, including securing cloud infrastructure, services, and applications in platforms, OCI experience is a plus Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required Incident Management and response: Brings advanced level skills to respond to security events and responding in line with Oracle incident response playbooks to mitigate vulnerabilities Mentors and trains other team members Compiles information and reports for management Qualifications: Bachelors degree in computer science, Information Security, or a related field. Master's degree preferred 8+ years of experience in information systems, business operations, or related fields, 3+ years of experience in security operations, with a focus on incident detection, response, and vulnerability remediation Relevant certifications such as CISSP, CISM, CISA, or GIAC certifications are preferred Solid understanding of networking protocols, operating systems (Linux, Windows), MiddleTier, Database, cloud computing and end point computing management Excellent communication skills with the ability to effectively communicate technical concepts to both technical and non-technical stakeholders Proven leadership abilities with experience leading security projects and initiatives independently Experience with security tools such as SIEM platforms, intrusion detection/prevention systems, and endpoint security solutions Ability to work independently and collaboratively in a fast-paced environment Strong analytical and problem-solving skills with a keen attention to detail Career Level - IC4 Responsibilities Oversee and manage internal audit processes to ensure adherence to security and compliance standards Act as the primary liaison between internal teams, facilitating effective communication and collaboration to ensure audits are completed efficiently and accurately Assess the effectiveness of security controls and ensure auditing requirements are clearly documented, defined and communicated to necessary teams Ensure the timely and accurate sharing of data across departments to support successful audit outcomes Continuously assess and enhance the organizations security posture by addressing any identified weaknesses Lead and manage departmental risk management programs, ensuring alignment with broader organizational risk mitigation strategies Facilitate and drive disaster recovery (DR) planning and preparedness across departments to minimize operational disruptions in case of incidents Collaborate with cross-functional teams to establish and maintain robust security policies and procedures, ensuring alignment with industry best practices Make recommendations and provide guidance/consultation regarding process improvements necessary for remediating internal control gaps. Engage with required teams to close the gap Develop and maintain cybersecurity documentation such as the System Security Plan (SSP), Privacy Impact Assessment (PIA), Configuration Management Plan (CMP), Plan of Action and Milestones (POA&M), and Standard Operating Procedures (SOP) as necessary Develop, implement, and maintain industry best practices and regulatory security policies, procedures, and system standards (servers, databases, endpoints, and application design) Engagement in cloud security technologies and protocols, including cloud security architecture, identity and access management, and data protection Write stakeholder reports to explain the assessment, audit results, and recommendations. Create and provide metrics for cybersecurity leadership. Brief executive leadership on compliance matters

Key Responsibilities: Tool Proficiency: Demonstrate expertise in security tools, including: • Qualys Vulnerability Scanner • Qualys Cloud Agent Having knowledge on below tools will be preferrable. • Imperva • Wallix Bastion • Microsoft PKI • Trellix Endpoint • SafeNet • CrowdStrike Operating System Knowledge: • Maintain a good understanding of Linux OS and its security features. Problem Solving & Feedback: • Provide valuable feedback on security tools and processes. • Analyze and solve complex cybersecurity issues. • Suggest and implement improvements to enhance security posture. Scripting & Automation: • Develop scripts for process automation and system integration. • Collaborate on creating efficient workflows to streamline operations. Development Skills: • Possess a solid understanding of Python development for automation and security tasks. • Utilize development tools, such as Git and VSCode, for version control and code management. Containerization Knowledge: • Have a basic understanding of Docker and its application in cybersecurity. Other Skills: • Proven experience with cybersecurity tools and practices. • Strong analytical and problem-solving skills. • Familiarity with scripting and process automation. • Basic knowledge of containerization using Docker is a plus. • Excellent communication and collaboration skills. • Scripting and process automation experience with any mentioned tools • Usage of development tools like Git, VSCode is mandatory. • Knowledge of data analytics library like pandas, will be added advantage Personal skills: • Good Team Player • Posses Positive and Learning attitude • Good Verbal and Witten communication skills • Sense of Ownership, Priorities and Autonomous Qualification: • Bachelors Degree in Computer Engineering, Information Technology or any relevant certifications • Familiar with basic understanding of TCP/UDP packets, security tools such IDS/IPS, Web proxies, DNS security, DDoS protection, firewalls

Seeking a Cybersecurity Risk & Compliance Analyst to manage vulnerabilities, support audits (SOC2, HITRUST, PCI DSS), assess risks, and guide security best practices. Help strengthen our security posture and reduce cyber risk exposure. Required Candidate profile 3+ yrs in cybersecurity with focus on risk & compliance. Skilled in vuln mgmt, NIST RMF, ISO 27001. Hands-on with SOC2, HITRUST, PCI DSS. Strong analytics & cross-team collaboration (IT/DevOps).

Hi All, We are hiring for our MNC client for Pune for Information Security vulnerability. Job requirement : Minimum 3 years relevant experience with Vulnerability Management. Hands on GCIM. Hands on experience with Bug Bounty or Incident Management Cyber security analysis. Preferred Qualifications : ITIL V4 Professional security certifications such as CompTIA Security+/ Cybersecurity Analyst+, or Systems Security Certified Practitioner (SSCP), or CISM(Certified Information Security Manager), or CISA(Certified-Information-Systems-Auditor),or EC-Council Certified Ethical Hacker (CEH) or Certified Secure Software Lifecycle Professional (CCSLP) or GIAC Web Application Defender (GWEB) Knowledge of industry standard security compliance programs PCI (Payment Card Industry), GDPR (General Data Protection Regulation), NIST Cyber Security Framework etc.) Experience working with ticketing systems such as Service Manager, IBM Control Desk and/or JIRA

About Us At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. Responsible Growth is how we run our company and how we deliver for our clients, teammates, communities and shareholders every day. One of the keys to driving Responsible Growth is being a great place to work for our teammates around the world. Were devoted to being a diverse and inclusive workplace for everyone. We hire individuals with a broad range of backgrounds and experiences and invest heavily in our teammates and their families by offering competitive benefits to support their physical, emotional, and financial well-being. Bank of America believes both in the importance of working together and offering flexibility to our employees. We use a multi-faceted approach for flexibility, depending on the various roles in our organization. Working at Bank of America will give you a great career with opportunities to learn, grow and make an impact, along with the power to make a difference. Join us! Global Business Services Global Business Services delivers Technology and Operations capabilities to Lines of Business and Staff Support Functions of Bank of America through a centrally managed, globally integrated delivery model and globally resilient operations. Global Business Services is recognized for flawless execution, sound risk management, operational resiliency, operational excellence and innovation. In India, we are present in five locations and operate as BA Continuum India Private Limited (BACI), a non-banking subsidiary of Bank of America Corporation and the operating company for India operations of Global Business Services. Process Overview The Global Information Security (GIS) is responsible for protecting Bank information systems, confidential and proprietary data, and customer information. The team develops the Banks Information Security strategy and policy, manages the Information Security program, identifies, and addresses vulnerabilities, Develops, deploys and manages a risk-based controls, portfolio, Manages and operates global security operations center that monitor, detect and respond to cybersecurity incidents. Job Description: This role provides daily operational support for the BISO ERP Governance and Strategy team, including the coordination of projects, forum and committee preparation, report generation, metric compliance and quality assurance, and process and procedure documentation. The individual will also help facilitate communication, awareness, and training. A large part of the role is coordinating the various projects and work activities that support the BISO ERP Exceptions Governance activities. Responsibilities include coordinating with cross-functional stakeholders, BISO SLT, and SISOs to support modifications and improvements to the BISO ERP Exception Review Framework and related projects, reports, metrics, documentation, and communication materials. Responsibilities: Creating and QAing Key Risk Review monthly reports, creating dashboards etc. Calculating the BISO Key Risk Review Deliverable Metrics which measure the creation, completeness, and deliverable of the KRRs. Producing and pulling metrics for Monthly Business Reviews Creating incident summaries every month and following along with GIS Incident Response team for better understandings Partners with the Phishing and Vishing metrics program owners monthly for data results delivery Coordinates with DLP, ADSF, BISO Exceptions teams to deliver their content in KRRs Serve as a coordinator for BISO ERP Governance metrics, reports, and supporting documentation. Work with leadership on curation and prioritization of projects and related work activities. Support BISO SLT and SISOs with development, enhancement of BISO ERP Governance materials. Perform QA of finalized content drafted by the BISO ERP Governance team. Closely partner with BISO Engagement Leads to ensure timely presentation, review, and modification of metrics. Facilitate weekly project and pipeline review meetings with BISO ERP Governance leadership. Support BISO teams on developing, implementing, and delivering relevant metrics and reports. Provide support for BISO ERP Exception Strategic planning and updates Pulling Metrics, Preparing Reports, Creating risk dashboards, Stakeholders management etc. Should have good knowledge in MS Office tools including MS Visio and Sharepoint Requirements : Education: Bachelor’s Degree or technology and cybersecurity background Certifications: CEH, CompTIA Security+, CISA, CRISC, CISM, CISSP (Good to have) Experience Range: 5 + years Foundational skills: Producing and pulling metrics for Monthly, Quarterly Business Reviews Creating and QA’ing Key Risk Review monthly reports, creating dashboards etc. Exemplary presentation and communication skills, specifically written communications Extensive knowledge of analyzing vulnerabilities and validation of remedial plans Good experience in performing Quality reviews, identifying gaps and following up with stakeholders on closing the observations Knowledge/Experience in Application security, Risk assessments, Cloud technologies, GRC (Governance, Risk, and Compliance) and/or third-party management with emphasis on security processes and controls Experience evaluating threats/risks posed by new technologies spanning networks, hardware, software, Ability to evaluate technology to ensure cyber-secure development that adheres to internal application policy, standards, and baselines. Bachelor’s degree in information technology, information security or related field Must be flexible to work during hours that needs collaboration with US partners. Desired skills: Highly skilled with all Microsoft tools Comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding Excellent critical thinking skills, attention to detail, thoroughness, diligence Contribute to create a positive team culture within a diverse workforce Strong risk awareness, including operational, compliance, and reputational risk Work independently and as part of a team to achieve team, bank objectives Work Timings: 13:30 – 22:30 IST Job Location: Chennai / Mumbai

Role & responsibilities Conduct regular security assessments (SAST/SCA/DAST) utilizing both automated and manual methods to identify security vulnerabilities Responsible for assessing the risk of the found vulnerabilities as per Broadridge Security Standards and documenting them with proper proof of concepts, as necessary Perform security design and architectural reviews for new and existing applications to ensure they meet security standards and best practices. Collaborate with technical teams and business stakeholders to provide expert advice on vulnerability remediation strategies and best practices. Assess risks reported in the vulnerability assessment results and other security related data, and prioritize remediation actions Integrate security practices into the CI/CD pipeline to identify and address vulnerabilities early in the development cycle and maintain the tooling in the CICD pipeline Conduct regular security group reviews. Identify and implement automation opportunities within security testing and review processes to enhance efficiency and effectiveness. Awareness of working and adapting to Agile environment Preferred candidate profile A bachelors or higher degree in Computer Science, Computer Engineering, or similar discipline. Minimum 6 years of hands-on experience in application security and 2 years in DevSecOps, and extensive knowledge in any one of the object-oriented programming languages. Strong Information Security technical skills and knowledge to identify, research and understand security control gaps and program compliance issues Strong web application security experience with thorough understanding of web application vulnerabilities and secure coding practices Demonstrated experience in performing threat modeling, security architecture review, and vulnerability assessment on applications and infrastructure Deep understanding of OWASP methodologies for web, API, mobile, CI/CD, and LLM. Knowledge in Cloud(AWS, Azure) Architecture Familiarity with CI/CD tools (e.g., Jenkins, GitLab CI) and their integration with security tools. Understanding of Security Policies, Procedures, Audit, and Compliance requirements Skills in Terraform/Chef/Python/Perl/Ruby is desired Superior ability to effectively communicate security concepts, threats, controls, and mitigation/remediation to application teams and audiences not familiar with such topics Soft Skills: Excellent communication and presentation skills Ability to work collaboratively and build consensus is essential Ability to manage multiple priorities effectively. Strong analytical and problem-solving skills with attention to detail. Willingness and capability to self-learn Good to Have: Experience in conducting infrastructure vulnerability scans, analysis of scan results, and vulnerability triage. Experience in assessing and enhancing security of cloud-based environments and services. Experience in AWS security involving tools and process Experience in container/Kubernetes security Active participation in the security communities and groups Demonstrated commitment to staying up to date with emerging security threats and technologies. Hold at least one applicable industry certification; CEH, CISSP, OSCP, CISM, Cloud Security etc.

Ideally, looking for a combination of Development and Application Security experience. Job Summary: We are seeking a skilled Application Security Engineer to join our Information Security team. The ideal candidate will have a minimum of 8-12 years of experience in application security and a strong background in software development , particularly in .NET, C#, Angular, and React . This role is crucial in ensuring the security of our applications by working closely with development, DevOps, and security teams to identify, remediate, and prevent security vulnerabilities throughout the software development lifecycle (SDLC). Key Responsibilities: Conduct application security assessments, including code reviews, penetration testing, and threat modeling to identify vulnerabilities. Work closely with developers to integrate secure coding practices and provide guidance on remediating security issues. Implement and manage Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Develop and enforce security policies, procedures, and best practices for application security. Assist in the design and review of security architecture for new and existing applications. Collaborate with DevOps teams to integrate security into CI/CD pipelines using DevSecOps principles . Research emerging threats, vulnerabilities, and security trends to proactively mitigate risks. Support incident response efforts related to application security breaches. Provide security training and awareness to development teams. Document security findings, mitigation plans, and security controls. Minimum Requirements (Must-Have) 8-12 years of experience in application security with a focus on secure software development. Strong background in software development , with hands-on experience in .NET, C#, Angular, and React . Hands-on experience with SAST, DAST, Software Composition Analysis (SCA), and penetration testing tools (e.g., Burp Suite, Checkmarx, Veracode, Fortify, SonarQube ). Solid understanding of OWASP Top 10, SANS 25, and secure coding practices . Experience with threat modeling, risk assessment, and vulnerability management . Knowledge of API security, authentication, and authorization mechanisms (OAuth, JWT, SAML, etc.). Familiarity with container security, Kubernetes security, and cloud security best practices (AWS, Azure, GCP). Experience working in Agile and DevSecOps environments , integrating security into CI/CD pipelines. Strong analytical and problem-solving skills. Excellent communication skills, with the ability to work collaboratively across teams.

IT Risk and Governance Selected candidate to support our client, APAC based Investment bank, in IT risk and governance profile. JOB SUMMARY: The client is seeking an experienced and proactive 1st line Risk and Governance candidate. The successful candidate will play a crucial role in Client’s Regional team in driving 1st line IT risk management, and Identity Access Management activities for all business units. KEY RESPONSIBILITIES Drive 1st line IT risk management activities regionally through annual RCSA review, user security awareness campaigns, key risk indicator (KRI) metric reporting, IT issue management, IT dispensation and support management in different steering committee or risk reporting forums. Support client’s compliances to APAC regulatory requirement on Technology Risk Management and Cyber Security through various governance activities. Management and support for Identity Access Management related projects, operations, risk, and compliance activities. Work with Group Information Security team to ensure alignment of local country security controls with regional and group policy/standard/guideline. Manage all internal/external audits and regulatory inspections for Singapore and provide advisory on IT RFIs for Country LBUs. Provide support to third party security risk assessment associated with third party vendors and clients. Work closely with stakeholders from business, IT, 2nd line enterprise/operation risk, and group/external 3rd line auditor to ensure effective security controls in place. EXPERIENCE / QUALIFICATIONS 5-10 years working experiences in information security and/or IT Risk areas, preferably within financial institution, or from consulting firm. Proficiency and in-depth knowledge and experience in identity and access management. Knowledge and experience in IT risk management and an understanding of regulatory requirements particularly in the following domains: security risk management, change management, data leakage prevention, application security, cloud security, vulnerability management, security monitoring, security incident response and 3rd Party Security Risk. A plus to have knowledge on Privacy (PDPA) Ordinance/requirement of APAC countries. Can work independently with ownership and able to work with multiple IT stakeholders/leaders, 2nd line (OPS risk) and 3rd line (IT Audit) stakeholders. Either one or more of below IT security certificates CISSP, CISA, CISM, CCSP OTHER TRAITS Possess excellent communication skills, with the ability to effectively convey messages to diverse stakeholders effectively at all levels in different geographies. Can effectively navigate through a complex environment undergoing change and managing internal and external stakeholders to resolve issues with objectives aligned. Ability to deliver work within tight timescales, to budget and to a high quality. Exhibit proactiveness in identifying, articulating, and remediating gaps and issues.

A career within Cybersecurity and Privacy services, will provide you with the opportunity to help our clients implement an effective cybersecurity programme that protects against threats, propels transformation, and drives growth. As companies pivot toward a digital business model, exponentially more data is generated and shared among organisations, partners and customers. We play an integral role in helping our clients ensure they are protected by developing transformation strategies focused on security, efficiently integrate and manage new or existing technology systems to deliver continuous operational improvements and increase their cybersecurity investment, and detect, respond, and remediate threats. s Strong communication, presentation skills with stakeholder management Good Information Security background both technical and functional. Technical background managing network security, endpoint security, threat intelligence, and risk and incident management. Experience with compliance frameworks and standards, such as PCI DSS, NIST, ISO27001, etc Prior IT risk management experience a must Have experience with ISO 27001 implementation engagements. Experience with NIST CSF NIST CSF 2.0 assessments. Exposure to data privacy assessments Plan, evaluate, and direct complex security programs covering multiple and inparallel projects. Understand key Cyber Security considerations including key Cyber Security Risks and projects and innovations Track projects/remediation activities Work independently and prioritize multiple tasks and adapt to needed changes Handle and track remediation of open findings/action items with relevant teams Prior Big4 experience a plus Certifications such as CISSP, CISM,CISA, ISO 27001, a plus Good to have requirements Prior Big4 experience a plus Certifications such as CISSP, CISM,CISA, ISO 27001, a plus Mandatory Skill Sets Good Information Security background both technical and functional. Technical background managing network security, endpoint security, threat intelligence, and risk and incident management. Experience with compliance frameworks and standards, such as PCI DSS, NIST, ISO27001, etc Have experience with ISO 27001 implementation engagements. Experience with NIST CSF NIST CSF 2.0 assessments. Preferred Skill Sets Prior Big4 experience a plus Certifications such as CISSP, CISM,CISA, ISO 27001, a plus Years of Experience 6+ Years

Grade: 13 Role Description NCR Atleos is seeking an experienced manager with 10+ years of experience. As a Scaled-Agile leader, this person will be responsible for empowering individuals and teams to build better software and systems by learning, exhibiting, teaching, and coaching Scaled-Agile mindset, values, principles, and practices. You will be joining the Software Engineering team based in Hyderabad and working on NCR Atleoss Transaction Switching Product (Authentic) which serves several major industries Financial Services, Retail and Digital Banking. In this role, you will be leading a team consisting of Product Owners, SCRUM Masters, Developers and Testers to add and enhance features in this Enterprise level and performance critical application. You need to collaborate with other senior key roles like Architect, Business SMEs, DBA etc. located in London and India. A key focus will be on establishing a high performing team with embedded NCR Atleos culture of innovation and open communication. The role is a domain/technology expert in addition to providing strong leadership, managing internal and external stake holders and collaborating with other teams. You are required to have strong analytical, organizational and interpersonal skills and a commitment to Product quality in addition to grip on various java and database technologies. Should also have a good understanding of CI/CD pipeline including test automation. You will need to prioritize, make tradeoffs, clarify requirements, determine the appropriate functional implementation and drive the team for ideas and results. The Software Engineering team operates under Agile as part of a SAFe release train. The responsibilities include: Must have experience leading a large technology team in a dynamic, high-growth product company with multiple, diverse offerings with specific focus on: Alignment : Communicate the mission. Built-in quality : Demonstrate quality by refusing to accept or ship low-quality work. Support investments in capacity planning for maintenance and reduction of technical debt. Transparency : Visualize all relevant work. Leaders take ownership and responsibility for errors and mistakes. That means they admit their own missteps while supporting others who acknowledge and learn from theirs. And they never punish the messenger. Instead, they celebrate success and learning. Program execution : Participate as an active business owner in execution. Adjust scope as necessary. Celebrate high quality and program increments delivered on schedule. Aggressively remove impediments and de-motivators. Work planning and execution : Monitor/control the product backlog and ensure on scope, on time, on quality and on budget delivery in the Product Increment Technology partnerships : Establish a connect and work with technology partners in the market to ensure reach to right talent pool and access to recent technology trends. Crises management : Own critical projects to form teams, become an interconnect across various groups involved to ensure the project is successful. Customer support : Facilitate critical issue resolution, troubleshoot and help the team understand and resolve blocker issues. Remove impediments : Identify and resolve impediments, Identify and implement process improvements to meet Product Increment commitments and improve productivity of the team. Focus on quality : Identify and drive quality improvement actions and track the results/trends. Drive the roadmap : Own a specific area of functionality and work with Product Management and PO to drive it forward, considering the wider product impacts of the requested requirements and steer them to a better Product solution. Talent and Performance Management : Lead the hiring to get right and bright talent in the organization. Perform performance reviews and ensure career/skills growth for every individual. Culture ambassador : Build and maintain high performing teams with the work culture in line with the corporate shared values. Come up with the employee engagement action plans and make them effective. Provides leadership, coaching, motivation and assistance to team members to ensure teamwork, and to help those team members develop and grow along their career paths with an emphasis on the following qualities: Values diverse opinions Promotes a culture of trust Develops other leaders Encourages Sells instead of tells Thinks you, not me Thinks long-term Acts with humility Qualifications: Bachelors or Masters in Computer Science or related field 10+ years of total experience in the software industry Experience with leading and managing agile (preferably SAFe) commercial software development projects Shall be capable of working with cross-functional teams Proven track record of handling development projects independently is a must Prior experience of working on banking products like Transaction Switching including ISO8583/ISO20022 message protocols, Point of Sale (POS), Automated Teller Machine (ATM), International networks (e.g. Visa International, MasterCard, Amex, JCB, Discover) is a must Shall have expertise in one or more of the following: Software security for financial applications e.g. PA-DSS/PCI SSF, PCI DSS, vulnerability management etc. Test automation of applications with UI and APIs Product upgrade/migration strategies, release impact analysis, and compatibility matrix Cloud development / deployment in GCP / Azure.