464 Vulnerability Management Jobs - Page 3

Job Summary The Director, TSG Information Security, Cyber Threat Management is a position within Bain's Cyber Security Department, whose mission is to define and enable strategies to safeguard the digital assets and integrity of the organization In this role, the Director understands how security measures align with the overall organizational strategy and will begin to organize and lead in the development and implementation of security controls that adhere to regulatory requirements and best practices The Director combines a strong level of technical and managerial skills and business alignment to build and guide a growing team and resources across a spectrum of capabilities The position primarily focuses on the efficient, effective and reliable resolution of Bain's defensive strategy as well as focuses on improving our offensive strategy to help the company meet its overall business objectives The position therefore must have the technical skills to troubleshoot and resolve complex issues as well as excellent communication and upward management These measures require taking a leadership position in coordinating activities across the team working with Technical, IT and Cybersecurity leadership The Director role has expertise and experience in multiple disciplines, including Threat Intelligence programs, Detection and Deterrence systems, Threat Exposure Management, Incident Response, Forensics and Evidence gather and Pro-Active Security probing capabilities (Red/Blue/Purple teaming & Penetration Testing), Principal Accountabilities Monitoring & Detection Oversee and strategize on developing advanced security monitoring, analysis, and correlation platforms to detect cybersecurity events, Direct cross-functional efforts in the identification and in-depth analysis of sophisticated security threats, including malware, APTs (Advanced Persistent Threats), and targeted attacks, Enable a wide range of security tools and technologies, including SIEM, IDS/IPS, or next gen/advanced threat detection solutions, Partner with organizations and vendors to identify and integrate new data sources, Incident Response & Analysis Oversee the ongoing management and evolution of security runbooks and champion for ongoing automation or AI/ML based technologies to increase speed/efficiency, Strengthen Bains capability in-depth log analysis, data correlation, and forensic investigations to identify root causes of incidents and improve security measures, Provide strong and clear communications on cyber events and situations with sr leadership, Ensure alignment in security policies and practices adhere to industry standards and compliance requirements and oversee the validation of the controls, Serve as a subject matter expert in security discussions and decision-making and enable and grow team members skills and experience, Work with the primary goal of building efficiencies in Cyber Threat Management responses and driving down MTTR and reducing overall risk, Threat Intelligence Enable a threat intelligence capability, including open-source intelligences (OSINT), dark web forums, and industry reports to drive awareness and improvement in our defensive posture, Utilize threat intelligence platforms and tools to aggregate and correlate threat data, Drive coordination with intelligence and incident response teams to investigate and analyze security incidents, Develop and refine threat intelligence methodologies and tools, Stay current with industry best practices and new methodologies to enhance the teams capabilities, Vulnerability Management & Threat Exposure Management Work cross-functionally across IT teams and provide leadership and guidance in mitigating threats to Bain Serve as a subject matter expert in security discussions and decision-making, Build processes to enable regular vulnerability scans on the organization's network, applications, and systems using industry-standard tools ProActive Security Testing Experience implementing and operationalizing vulnerability management tools, processes, and best practices, Oversee the classification and prioritization of vulnerabilities based on risk and potential impact, Stay informed about emerging trends and technologies in cybersecurity, Work collaboratively with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture, ProActive/Enhanced Security Testing Partner with colleagues to expand controlled penetration testing technologies and capabilities on networks, applications, and systems to identify security vulnerabilities, Investigate and keep up to date with changes in tooling and advanced attacks in network, cloud and application testing, Analyze and interpret results to identify potential risk as well as evaluate potential impact, Red Team, Blue Team, Purple team exercise leadership experience, Professional Development and Innovation Stay informed about emerging trends and technologies in cybersecurity, Drive collaboration and defensive standards/expertise across Bain, working with other security team members, IT departments, and relevant business units to address security concerns and enhance overall security posture, Explore Professional Certifications and work with leadership to plan trainings, Knowledge, Skills, and Abilities Security Monitoring & Incident Detection and Response Strong knowledge of Splunk (or other SIEM tools),CrowdStrike or equivalent EDR/MDR platforms, Windows Defender, Palo Alto Networks, Other AV/EDR tool configuration, Cyberhaven (or other DLP tools) Knowledge of Vulnerability & Attack Surface Management toolsets, Threat Intelligence and Analysis tools, Vendor technical Risk Scoring tools, Deception technologies Knowledge of ticketing, triage and forensics capabilities and toolsets General Skills Great communication skills, with the ability to document and explain technical information clearly, Analytical mindset, with a focus on learning and problem-solving, Ability to work independently and well in a team, showing strong interpersonal skills, Eagerness to learn and adapt to new challenges in cybersecurity, Entrepreneurial spirit, open to trying new approaches and learning from them, Team Management Drive and expand the training and professional development of Security Operations staff, Qualification and Experience Bachelor's degree in a related field (e-g , Computer Science, Cybersecurity, Information Technology) or an equivalent combination of education, training, and experience 10-15 years of relevant experience Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc ) Experience with common information security controls frameworks (i-e ISO, NIST, CIS, or CSA) Global company or equivalent Experience deploying systems or applications Ability to work independently and with teams on complex problems Complex problem solving Ability to work in a fast paced, dynamic environment,

Role summary Embed security into every stage of the SDLC. You will assess vulnerabilities, review code, automate security tests, and coach the engineering team on rapid, effective fixes. Key responsibilities Run regular vulnerability assessments and secure-code reviews Configure and maintain SAST, DAST, SCA, and other security tools Automate security testing and reporting pipelines Analyse scan results, prioritise risks, and guide developers on remediation Evaluate and integrate cost-effective security solutions Keep security policies, procedures, and runbooks up to date Requirements 2 + years in software development with hands-on security work B.S. in Computer Science (or similar) Practical experience with Git-based workflows and full-stack development (Java, Python, etc.) Proven use of static/dynamic analysis tools and web-app vulnerability management Solid knowledge of AWS services and related security tooling Understanding of common attack vectors (XSS, injections, session hijacking, social engineering) Familiarity with RBAC/SSO, OS and database hardening Strong problem-solving skills and composure in a fast-paced environment Nice to have: CSSLP, AWS Security Specialty, CEH, ISO 27001 or similar certifications

Strong understanding of VM principles, methodologies, Microsoft Defender for Endpoint(MDE). scripting languages (e.g., PowerShell, Python) & ServiceNow Intune/Microsoft Endpoint Manager (MEM)

What You will Do: 1. Identify the affected resources that the vulnerability applies to 2. Identify the validity of vulnerability 3. Communicate the vulnerability to affected stakeholders 4. We work closely with stakeholders to ensure closure/resolution based on SLA 5. We execute necessary retesting to audit/confirm actual closure 6. Monitoring alerts and tickets including generated through multiple security tools 7. Responding to tickets and emails within SLA 8. Delegating tickets to appropriate team members 9. Focus on quality control within the IT security team 10. Co-ordinate with teammates and end users for updates 11. Follow up with stakeholders and team members for ticket closure 12. Feedback or customer satisfaction 13. Complies with the policies and procedures of the organization 14. Communication of security vulnerability process. What You will Need: Minimum 1+ years of experience as IT Security Analyst Graduation is mandatory Ticketing tool knowledge -familiar with ITIL process of closing actions in tickets Understanding of IT security framework like ISO 27001& NIST800sp Knowledge of AWS, Email gateway (Proofpoint)& Antivirus Must be familiar with Windows & application patching process Good team player Excellent communication abilities (verbal & writing). Willing to work in rotation shifts(24x7) Experience from IT audit field will be added advantage Technical requirement Familiar with alerts generated by technologies like AWS Guard Duty, Proofpoint, Sophos AV, OpenVAS, etc.

We are looking for a Senior Linux Support Specialist to take full ownership of hybrid infrastructure environments hosted across AWS, Azure, and On-Premises setups. The ideal candidate will play a critical role in ensuring system stability, security, and performance while driving automation and standardization across 100s of Linux servers. This is a hands-on technical role requiring deep expertise in Linux, security hardening (CIS benchmarks), vulnerability remediation, and automation of infrastructure tasks. Key Responsibilities: Linux Server Management & Operations Manage, monitor, and support large-scale Linux environments (RHEL, CentOS, Ubuntu, etc.) Perform OS upgrades, patching, and package management across hundreds of servers Troubleshoot and resolve advanced Linux system issues (performance, kernel, services, etc.) Security Hardening & Compliance Implement and maintain CIS hardening standards across all Linux servers Remediate VAPT (Vulnerability Assessment and Penetration Testing) and CIS benchmark findings Develop automation scripts/tools to roll out security configurations across the fleet Work closely with the security team to ensure system compliance with industry best practices Automation & Configuration Management Automate OS hardening, patch management, and system provisioning using tools like Ansible, Bash, Python, or Terraform Create and maintain playbooks and scripts for repeatable tasks Streamline deployments and configuration drifts across cloud and on-prem environments Cloud & On-Premise Support Support hybrid environments on AWS, Azure, and On-Prem Assist in provisioning, scaling, and securing cloud-based Linux workloads Monitor platform uptime, availability, and performance metrics Cost & Resource Optimization Collaborate with DevOps/cloud teams to optimize cloud usage and reduce infrastructure costs Implement monitoring and alerting to proactively identify performance or cost anomalies Skills & Qualifications: Must-Have Skills: 3+ years of hands-on experience with Linux system administration Deep understanding of CIS benchmarks and security hardening techniques Strong scripting skills (Bash, Python, etc.) Proven experience with Ansible or similar configuration management tools Solid knowledge of AWS and Azure Linux instances and best practices Experience in managing vulnerability remediation and patch management Familiarity with VAPT assessments , security tools, and remediation workflows Good to Have: Experience with container technologies (Docker, Kubernetes) Infrastructure as Code (Terraform, CloudFormation) Monitoring tools (Prometheus, Nagios, CloudWatch, etc.) Certification in RHCE, AWS SysOps, Azure Administrator, or related areas

Warm Greetings from SP Staffing!! Role :SOC Analyst Experience Required :3 to 8 yrs Work Location :Bangalore Required Skills, Security operations SOC1, SOC2 , FFIEC , GDPR Interested candidates can send resumes to nandhini.spstaffing@gmail.com

The Application Security Analyst reports directly to the team lead of Vulnerability Management and Applications Security. The role is responsible for identifying vulnerabilities and weaknesses in applications before they go live to reduce company's attack surface and supports the operational teams in the understanding of vulnerabilities. This position is responsible of the proper maintenance, configuration and governance of the solution used for scanning the target applications. This role requires constant communication with the operational teams and other stakeholders, supervision of the processes and making sure that the service quality is delivered with the highest standards. Basic Qualification: Education: Bachelors in information technology, Computer Science or similar Field. Experience: Minimum 3 years of experience in Applications Security scans, Vulnerability Management or related cyber security experience. Excellent verbal and written communication skills Excellent team player that demonstrates proactiveness Strong analytical and interpersonal communication skills, including the ability to communicate effectively Mandate Skills: Service-related expert knowledge Experienced in designing and implementing secure tests Secure configuration management techniques Knowledge of software quality assurance process Knowledge of secure software deployment methodologies and tools Ability to document technical concise and understandably Experience in the use of Application Security Testing tools Understanding of the attack surface and company security posture Knowledge in log analysis and troubleshooting of issues Advanced knowledge of application related vulnerabilities Cyber security and technical knowledge Experienced in discerning the protection needs (i.e., security controls) of information systems and networks Experienced in estimating specific operational impacts of cybersecurity incidents caused in applications Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, etc.) Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) Knowledge of cybersecurity principles and methods that apply to software development Consideration of laws, regulations, policies, and ethics (GDPR, etc.)

Join our Team About this opportunity: Ericsson invites applications for the role of Software Developer. In this challenging and fulfilled position, you will be tasked with constructing customers solutions during the building phase of the Software Development Life Cycle (SDLC). As a Software Developer, you will be responsible for performing the detailed design of application and technical architecture components and classes according to the specification provided by the System Architect. The role also involves coding Software components and contributing to the early testing phases, as well as extending your support towards system testing. What you will do: - Design and develop detailed software solutions. - Develop and integrate various software components. - Actively participate in software component and system testing. - Support in pre-sales and delivery of software. - Ensure compliance with organizations best practices for software development. - Contribute to asset creation and reuse in software design and development. The skills you bring: - Cloud Technologies (Kubernetes, Docker, AWS, Container, Microservices, spring boot). - Security. - DevSecOps. - Front End Development. - Security Reliability Model (SRM). - Application and Product security. - IT security and compliance. - Agile methodology. - Vulnerability Management. - CI/CD. - Back End Development. - Java Spring Boot Framework. - Tools for CI/CD (Git, Gerrit, Jenkins, Sonar, Helm).

Key Responsibilities: Monitor security events and alerts from SIEM tools (e.g., Splunk, IBM QRadar, Azure Sentinel). Analyze logs, network traffic, and endpoint data to identify malicious activity ,

This role involves the development and application of engineering practice and knowledge in designing, managing and improving the processes for Industrial operations, including procurement, supply chain and facilities engineering and maintenance of the facilities. Project and change management of industrial transformations are also included in this role. Job Description - Grade Specific Focus on Industrial Operations Engineering. Develops competency in own area of expertise. Shares expertise and provides guidance and support to others. Interprets clients needs. Completes own role independently or with minimum supervision. Identifies problems and relevant issues in straight forward situations and generates solutions. Contributes in teamwork and interacts with customers. Skills (competencies)

Key Skills: Patch Management Back up management Asset management Process documentation skill System Hardening management Security Tools Vulnerability management Job Description: * Work closely with project teams to understand network requirements and objectives, ensuring seamless integration of network infrastructure within the integrated resort. * Provide comprehensive support and administration for the entire project, including network and security devices. * Implement and manage network solutions to support project initiatives, prioritizing scalability, performance, and robust security. * Configure and optimize network devices, including routers and switches. * Implement and maintain Check Point and Palo Alto firewalls, including configuration, monitoring, troubleshooting, and ensuring optimal network security. Perform regular updates, security assessments, and issue resolution. * Advanced networking troubleshooting and knowledge of web connectivity and protocols. * Conduct network and firewall log analysis, troubleshooting network connectivity problems using packet capture technologies. * Conduct thorough network assessments, identifying potential improvements and upgrades to align with project goals. * Collaborate effectively with cross-functional teams to ensure seamless integration of network infrastructure within overall project deliverables. * Maintain adherence to industry best practices, security standards, and compliance requirements throughout the network design and implementation stages. * Continuously monitor network performance, proactively resolving any network-related issues or bottlenecks to minimize project disruptions. * Undertake any other tasks or responsibilities as requested and assigned by the Company

The Cybersecurity Operations Manager will act as the primary point of contact and liaison for coordinating all cybersecurity-related operations within the Organisation. This role bridges the gap between business partners, country-level stakeholders, information technology team and the broader security teams within the organization. The individual will ensure the effective implementation, monitoring, and enhancement of security measures, aligning industry best practices with the organizations overarching cybersecurity strategy. Is responsible for managing and optimizing the technology portfolio of enterprise data protection infrastructure, ensuring the reliability and efficiency of associated systems/services, and managing operations team. This role involves planning, partner management, project management, and collaboration with various departments to support business objectives. Is accountable for the cybersecurity objectives and deliverables within the business unit. Adapts business unit, department, site or sub-function plans and priorities to address resource and operational challenges. Decisions are guided by policies, procedures and business unit, department or sub-function plan; receives guidance from manager. Provides technical guidance to employees, colleagues, and/or customers The Cybersecurity Operations Manager will work closely with the SOC (Security Operations Centre) & Managed Security Services team to detect, analyse, respond and mitigate cybersecurity incidents. Stakeholder Coordination Serve as the primary liaison between business units, IT & functional leadership, and group cyber security teams. Facilitate communication and alignment of cybersecurity initiatives across various stakeholders. Stakeholder engagement & relationship building. Collaborate with IT & business project team to incorporate security by design principle in all the digital projects. Operational Oversight Manage and maintain the technology portfolio of enterprise information protection services. Ensure regular maintenance and timely upgrades of security systems & services to prevent downtime and enhance performance. Collaborate, lead and mentor the IT operations team, providing guidance and support to ensure high performance in delivering security services. Plan and execute Cybersecurity projects, ensuring they are completed on time and within budget. Work with business, internal IT and 3rd party vendor teams to promote and adopt security best practices. Implement and monitor security measures to protect data and ensure compliance Monitor security system performance and troubleshoot issues to maintain optimal operation. Responsible for managing all service and change requests relating to security Manage relationships with Security/ IT vendors and service providers to ensure quality and cost-effective services. Work with Security partners to conduct and review regular security assessments (Pen tests, Vulnerability scans etc) of vendors and solutions (SaaS, IaaS providers, Managed Security Service Provider) Incident Detection & Response Accountable for Security Incident Management. Maintain and improve security incident response procedures and playbooks. Oversee the daily monitoring and review of security event activities and cyber threat landscape to ensure ongoing and continued maturity of the organizations security controls in close coordination with SOC & MSS team Manage resolution of cyber security incidents and coordinate with engineering support for security systems. Identify and diagnose potential threats, including root cause analysis and after-action reviews to ensure security controls defend the enterprise against potential cyber threats Collect and analyses cybersecurity threats to develop a deep understanding and awareness of cyber threats and actors tactics, techniques and procedures (TTP) to derive and report indicators that help organisations detect and predict cyber incidents and protect systems and network from cyber threats. Proactively searches for undetected threats in networks and systems, identifies their indicators of compromise (IOCs), and recommend mitigation plan Reporting and Documentation Develop & streamline process and procedures for efficient security operations. Provide regular reports & metrics on service operations Perform routine audits on security of the infrastructure and present findings. Governance & Compliance Conduct periodic service review meetings with relevant stakeholders – both internal & external. Ensure adherence to security controls and policies Facilitate & drive Information Security Management System (ISMS) process across the organisation. Develop and manage the IT operations budget, ensuring efficient allocation of resources. Knowledge and experience At least 10+ years of experience in Cybersecurity with hands-on capability is network & other security technologies. Knowledge & skills in managing security policies & standards in Microsoft Azure, Active Directory, Office 365, SharePoint platforms Comprehensive understanding of Information Security Frameworks (e.g., ISO 27001, NISTCSF and Cyber Essentials) and Privacy regulations, including DPDPA & GDPR Experience working with 3rd party partners including upstream service providers. Working knowledge of SIEM, Identity and Access Management and Data Loss Prevention tools Experience in managing vulnerability and patch management process Working knowledge of different security architectures (SOA, Microservices etc) and potential security issues related to them PaaS, IaaS, SaaS and Hybrid cloud solutions. Knowledge of security technologies such as IDS/IPS and Firewalls Strong experience in delivering IT and OT risk assessment, developing control frameworks and implementation of security controls & process specific to OT/ IoT Key competencies/behaviours Strong written and oral communication skills Demonstrates a high level of flexibility. Proactive; Influencer; Collaborative Ability to prioritise effectively and see the big picture. Ability to adapt to new technologies and learn quickly. Problem identification, analysis and evaluation Detail oriented, organised, and able to handle multiple priorities and timelines simultaneously. Qualifications Bachelor’s degree in computer science or equivalent CISSP, CSSP, CISM, Cybersecurity or similar certifications desirable but not essential Leading Security Framework understanding (NIST, ISO etc) Equal Opportunity Employer Biocon Biologics is committed to equal opportunity in the terms and conditions of employment for all employees and job applicants without regard to race, colour, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, disability or veteran status. Biocon Biologics also complies with all applicable national, state and local laws governing non-discrimination in employment as well as work authorisation and employment eligibility verification requirements of the Immigration and Nationality Act.

Role & responsibilities This position is responsible for supervising all aspects of IT security, which includes: * Designing and developing security measures * Implementing security protocols * Managing incident response * Overseeing product selection * Ensuring adherence to relevant regulations This role is a mandatory work-from-office position based in our Gurgaon location, and the person in this role must be willing to work in 24/7 rotational shifts. Key responsibilities include: 1. Cybersecurity defense for endpoints and servers. 2. Investigation of alerts through SIEM, EPP, and XDR. 3. Vulnerability assessment and patch management. 4. Authorization of third-party software. 5. Collaboration with various departments to reduce risk. 6. Awareness of potential harm from new threats to network infrastructure and existing security procedures. 7. Providing security training to employees. 8. Facilitation of system and software configuration through Endpoint Management. 9. Willingness to work in a 24/7 SOC environment. Preferred candidate profile

Design and implement global private networking solutions, including AWS Transit Gateway, Private Link, Endpoints, Site-to-site VPN, Route 53, and Network Load Balancers. AWS Organizations Management: Assist in implementing and managing AWS Organizations, including restructuring accounts into Dev/Test/Production/Shared Services and migrating existing resources accordingly. Support and Maintenance: Provide on-call support for P1 incidents, particularly for security remediation. Manage AWS IAM, infrastructure logs, and stack monitoring. Address and manage vulnerability fixes. Monitor infrastructure and integration. Conduct operating system upgrades and patch management. Ensure infrastructure availability and management (including NG, RAM). Oversee business-as-usual (BAU) activities following recent re-architecture implementations. Networking and Firewall Management: Manage networking configurations and firewall settings. Increase platform automation using Infrastructure as Code (IaC) and Platform as a Service (PaaS) solutions. Skills and Qualifications: Extensive experience in managing and implementing AWS infrastructure. Strong knowledge of AWS networking components and services. Proficiency in AWS IAM and security management. Experience in infrastructure and integration monitoring. Ability to manage operating system upgrades and patch management. Skilled in vulnerability management and remediation. Strong analytical skills and attention to detail. Excellent communication and teamwork abilities. Ability to provide on-call support and manage critical incidents.

Our story At Alight, we believe a company s success starts with its people. At our core, we Champion People, help our colleagues Grow with Purpose and true to our name we encourage colleagues to Be Alight. Our Values: Champion People - be empathetic and help create a place where everyone belongs. Grow with purpose - Be inspired by our higher calling of improving lives. Be Alight - act with integrity, be real and empower others. It s why we re so driven to connect passion with purpose. Alight helps clients gain a benefits advantage while building a healthy and financially secure workforce by unifying the benefits ecosystem across health, wealth, wellbeing, absence management and navigation. With a comprehensive total rewards package, continuing education and training, and tremendous potential with a growing global organization, Alight is the perfect place to put your passion to work. Join our team if you Champion People, want to Grow with Purpose through acting with integrity and if you embody the meaning of Be Alight. Learn more at careers.alight.com . As a Senior Cloud Security Analyst , you will play a critical role in ensuring the security and compliance of our cloud infrastructure. You ll collaborate with cross-functional teams to design, implement, and maintain robust security measures across our cloud platforms. Your expertise will be instrumental in safeguarding our systems, data, and applications. You will assist in the wider operational activities including but not limited to validating and addressing identified security risks, Data Security, SOC1/SOC2 Audits, Client Audits, security certifications, vulnerability testing and support management teams during security incident events. You should be confident and capable of explaining the risk and remediation positions for threats as part of the global security incident management process related to cloud security. Duties & Responsibilities Cloud Security Posture Management (CSPM): Drive remediation of open security risks. Collaborate with the Information Security and compliance team to develop global cloud security architecture and maturity standards. Evaluate and respond to alerts and events from security tools, fine-tuning configurations to minimize false positives. Develop event response documentation and processes for the Security Operations Center. Work closely with Cloud Operations teams to define and implement security standards and best practices. Maintain documentation and diagrams for security tools, system environments, and cloud operations. Host Configuration Management: Conduct regular scans of host configurations to identify configuration violations and ensure compliance with security policies and CIS Benchmarks. Develop and implement remediation plans for identified violations. Collaborate with IT and DevOps teams to ensure secure configurations are maintained. Cloud Workload Protection: Perform vulnerability assessment on container images and containerized environments using industry standard tools. Identify, assess, assign, and report vulnerabilities throughout the container lifecycle. Work with development teams to ensure vulnerabilities are addressed in a timely manner. Implement security controls and best practices for container orchestration platforms. Combine security assessment tools with automation to proactively identify and remediate vulnerabilities. Collaborate with functional-area architects and security specialists to ensure adequate controls are in place. Incident Response Monitoring: Monitor and analyze security logs and events. Respond promptly to security incidents, investigating and containing threats. Work within a DevOps security model to automate incident response. Serve as a subject matter expert (SME) for security tools and processes. Position Requirements: Bachelor s or Master s degree in Computer Science, Engineering, Information Security, or similar boot camp certifications. Relevant certifications (e.g., AWS, CISSP, CCSP, CISM, GSEC) are highly desirable. Proven experience in cloud security, vulnerability management, and/or incident response. Strong knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud-optional). Familiarity with security assessment tools (e.g. Host Configuration Management, Cloud Security Posture Management (CSPM), cloud native tools, Vulnerability scanners, etc). Experience with developing and managing software application(s), APIs, or cloud infrastructure Familiarity with one to many programing languages and infrastructure as Code (IAC) Ability to collaborate effectively with cross-functional global teams. Alight requires all virtual interviews to be conducted on video. Flexible Working So that you can be your best at work and home, we consider flexible working arrangements wherever possible. Alight has been a leader in the flexible workspace and Top 100 Company for Remote Jobs 5 years in a row. Benefits We offer programs and plans for a healthy mind, body, wallet and life because it s important our benefits care for the whole person. Options include a variety of health coverage options, wellbeing and support programs, retirement, vacation and sick leave, maternity, paternity & adoption leave, continuing education and training as well as several voluntary benefit options. By applying for a position with Alight, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Alight s employment policies. Background checks may include some or all the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position. Our commitment to Inclusion We celebrate differences and believe in fostering an environment where everyone feels valued, respected, and supported. We know that diverse teams are stronger, more innovative, and more successful. At Alight, we welcome and embrace all individuals, regardless of their background, and are dedicated to creating a culture that enables every employee to thrive. Join us in building a brighter, more inclusive future. As part of this commitment, Alight will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If reasonable accommodation is needed, please contact alightcareers@alight.com . Equal Opportunity Policy Statement Alight is an Equal Employment Opportunity employer and does not discriminate against anyone based on sex, race, color, religion, creed, national origin, ancestry, age, physical or mental disability, medical condition, pregnancy, marital or domestic partner status, citizenship, military or veteran status, sexual orientation, gender, gender identity or expression, genetic information, or any other legally protected characteristics or conduct covered by federal, state, or local law. In addition, we take affirmative action to employ, disabled persons, disabled veterans and other covered veterans. Alight provides reasonable accommodations to the known limitations of otherwise qualified employees and applicants for employment with disabilities and sincerely held religious beliefs, practices and observances, unless doing so would result in undue hardship. Applicants for employment may request a reasonable accommodation/modification by contacting their recruiter. Authorization to work in the Employing Country Applicants for employment in the country in which they are applying (Employing Country) must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the Employing Country and with Alight. Note, this job description does not restrict managements right to assign or reassign duties and responsibilities of this job to other entities; including but not limited to subsidiaries, partners, or purchasers of Alight business units. We offer you a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization. ."

Endpoint Security Engineer Core Responsibilities Implement and manage endpoint security strategies to defend against malware , ransomware , and advanced persistent threats (APTs) . Deploy, configure, and maintain Endpoint Detection & Response (EDR) , antivirus (AV) , Mobile Device Management (MDM) , and Data Loss Prevention (DLP) tools. Monitor endpoint telemetry using SIEM platforms ; respond to security alerts and collaborate with incident response teams . Perform regular vulnerability assessments and ensure timely patching of endpoint systems. Conduct endpoint audits and enforce hardening standards across Windows , macOS , and Linux . Create, maintain, and enforce endpoint security policies and procedures . Coordinate with IT , cloud , and network teams to ensure end-to-end device security . Generate reports on endpoint posture , incidents , compliance gaps , and security trends . Mandatory Technical Skills & Tools Endpoint Protection & EDR Hands-on experience with at least two EDR platforms : Trellix , CrowdStrike , TrendMicro , SentinelOne Proficiency in endpoint protection suites : Trellix , Sophos , Kaspersky , TrendMicro Vulnerability & Patch Management Practical experience with vulnerability scanning and patching tools : Qualys , Tenable , SCCM , WSUS , BigFix Deep understanding of endpoint hardening techniques : Group Policy (GPO) , PowerShell , OS configuration lockdown Endpoint Monitoring & Incident Response SIEM experience for endpoint telemetry: Splunk , ELK Stack Proficient in root cause analysis and log interpretation : Event Viewer , Sysinternals , auditd Mobile Device & Data Protection MDM configuration and policy management: Microsoft Intune , AirWatch , MobileIron DLP deployment and monitoring: Symantec DLP , Microsoft Purview , Forcepoint Operating System Security In-depth knowledge of Windows endpoint internals and security configurations Experience with macOS and Linux hardening : Jamf , auditd , iptables , SELinux Endpoint Forensics & Malware Analysis Ability to investigate threats using forensic tools : FTK Imager , Volatility , Sysinternals Basic understanding of static and dynamic malware analysis Soft Skills Strong written and verbal communication to explain complex security concepts Ability to collaborate across infrastructure, cloud, and application teams Self-driven and detail-oriented , with strong independent execution capabilities

The Opportunity "This is an opportunity to define, build, and shape the future of FICOs Cybersecurity and Risk Posture. As part of the Threat & Vulnerability Management team, you will collaborate across the business, IT, and client environments to secure our cloud and data center infrastructure. Your contributions will be key to strengthening FICO's defense mechanisms and enhancing our compliance posture. We're looking for a cybersecurity expert passionate about continuous improvement, cloud security, and vulnerability risk reduction. If you're someone who thrives in a fast-paced environment and wants to work on high-impact global security initiatives, this role is for you" - VP, Software Engineering. What Youll Contribute Collaborate with the Cyber Security Team, business stakeholders, IT partners, and clients to manage and reduce cybersecurity risk. Act as a subject matter expert in vulnerability scanning, compliance monitoring, and risk reporting. Operate and optimize tools such as Wiz, Qualys, or similar for vulnerability scanning across cloud and on-prem environments. Validate, triage, and risk-rank vulnerabilities based on severity, exposure, and potential business impact. Drive remediation planning with Product and IT teams, and oversee patch management cycles. Contribute to threat & vulnerability management strategy, policy, and continuous process improvement. Conduct periodic risk assessments and develop mitigation strategies in line with compliance requirements. Monitor the evolving threat landscapeincluding zero-day exploits, vendor patches, EOL systemsand proactively update mitigation plans. Lead initiatives to improve configuration, cloud asset management, vulnerability and patch management practices. Provide documentation, reporting, and cross-functional collaboration support. What Were Seeking Bachelors degree in Computer Science, Information Security, or a related field (or equivalent work experience). 36 years of hands-on experience with cloud security tools such as Wiz, Qualys, or similar vulnerability scanning platforms. Strong understanding of AWS infrastructure and cloud security principles. Working knowledge of operating system and application-level vulnerabilities and how they relate. Familiarity with risk-based vulnerability management and compliance frameworks. CISSP, CISM or equivalent certifications preferred (or willingness to obtain). Ability to multitask, manage complex data sets, and collaborate with diverse teams. Knowledge of scripting languages (e.g., Python, Bash) is a plus. Demonstrated experience in cloud (especially AWS) patch and configuration management. Familiarity with malware behavior, indicators of compromise, and modern threat vectors. Strong documentation, analytical, and communication skills. Our Offer to You An inclusive culture strongly reflecting our core valuesAct Like an Owner, Delight Our Customers and Earn the Respect of Others. The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences. Highly competitive compensation, benefits and rewards programs that encourage you to bring your best every day and be recognized for doing so. An engaging, people-first work environment offering work/life balance, employee resource groups, and social events to promote interaction and camaraderie. Why Make a Move to FICO At FICO, you can develop your career with a leading organization in one of the fastest-growing fields in technology today Big Data analytics. Youll play a part in our commitment to help businesses use data to improve every choice they make, using advances in artificial intelligence, machine learning, optimization, and much more. FICO makes a real difference in the way businesses operate worldwide Credit Scoring FICO Scores are used by 90 of the top 100 US lenders. Fraud Detection and Security 4 billion payment cards globally are protected by FICO fraud systems. Lending 3/4 of US mortgages are approved using the FICO Score. Learn more about how you can fulfil your potential at

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Position Overview: F5 is seeking a highly experienced and results-driven Technical Program Manager (TPM) to lead and manage critical programs focused on software security. This is a senior level role that will drive initiatives that enhance F5s security posture by implementing best practices for vulnerability management, security scanners, CVE tracking, Security Software Development Life Cycle (SDLC), and more. The ideal candidate will have a deep understanding of security programs, a strong technical background in software development, and a proven track record of successfully delivering cross-functional initiatives in complex environments. As a trusted leader, you will collaborate closely with engineering, security, product, and operations teams to ensure F5s products and processes meet the highest security standards while enabling business objectives. Key Responsibilities: Program Management: Strategically plan and deliver programs and initiatives across key security and vulnerability management areas, including implementation of security tools (scanners, CI/CD integrations), tracking and addressing vulnerabilities (e.g., CVEs), and enforcing best practices throughout the software development lifecycle. Own program roadmaps, timelines, deliverables, and reporting, ensuring execution aligns with business goals, security requirements, and resource capacity. Drive key metrics and outcomes for security, tracking improvements in vulnerability remediation, compliance, and overall risk reduction. Security SDLC and Vulnerability Management: Partner with engineering and security teams to integrate Security SDLC (Secure Software Development Lifecycle) best practices into the development process, ensuring security is considered and implemented at every stage. Manage programs for vulnerability detection, assessment, and remediation to ensure timely resolution of security risks identified across F5 products and environments. Develop and implement governance processes for tracking and addressing externally reported vulnerabilities, such as Common Vulnerabilities and Exposures (CVEs) , ensuring effective prioritization and swift resolution. Cross-Functional Collaboration: Build strong relationships with software engineering, product management, cybersecurity, IT, and operations teams to foster alignment across security-related goals and projects. Act as the central point of coordination for security initiatives, driving progress and ensuring accountability across stakeholders. Facilitate efficient communication between technical and non-technical teams to ensure clarity around priorities, goals, and timelines. Risk and Compliance Management: Drive alignment on security requirements, risk tolerance, and compliance needs, partnering with internal and external security auditors where required. Ensure teams are meeting corporate and industry security standards, including regulatory and policy compliance, while achieving development velocity. Proactively identify and manage security risks through effective mitigation planning and ongoing tracking. Process Improvement and Tooling: Evaluate current security program practices, tools, and workflows, identifying gaps and opportunities for improvement in efficiency and effectiveness. Lead the implementation of automated tools for static and dynamic code analysis, dependency scanning, and configuration management to identify and address vulnerabilities earlier in the development process. Metrics and Reporting: Define, track, and report on KPIs and success metrics for security efforts, including vulnerability remediation rates, defect density reduction, and SLAs for incident response. Provide clear and actionable updates to executive leadership and key stakeholders on the status of security programs, progress, risks, and outcomes. Qualifications: Education: Bachelors degree in Computer Science, Software Engineering, Cybersecurity, or a related technical discipline (Masters preferred). Experience: 8+ years of experience in program management, with at least 3 years focused on security programs, vulnerability management, or security operations (senior level); 10+ years for principal level. Proven experience implementing Security SDLC processes and collaborating with software teams to deliver secure, production-grade solutions. Solid understanding of security domains, particularly vulnerability scanning tools (e.g., Tenable Nessus, Snyk, Qualys), CVE tracking, dependency management, and secure coding practices. Technical Expertise: In-depth knowledge of software development methodologies, including Agile and DevSecOps principles. Familiarity with CI/CD pipelines, source code repositories, and tools for static/dynamic application security testing (e.g., SonarQube, Checkmarx, Veracode). Understanding of vulnerability databases (e.g., NVD), common exploitation techniques, and secure design principles. Basic understanding of threat modeling and risk assessment techniques (stronger expertise is a plus). Leadership and Collaboration: Experience working in highly cross-functional, multi-team environments, with the ability to motivate, guide, and align diverse stakeholders. Exceptional interpersonal, written, and verbal communication skills, with the ability to convey complex security requirements and issues to non-technical audiences, executives, and engineering teams alike. Demonstrated ability to influence without authority and lead by example. Problem Solving and Decision Making: Ability to analyze complex problems, evaluate trade-offs, and make sound decisions in a fast-paced environment. Strong risk management skills, with the ability to balance security needs with engineering velocity and business priorities. Preferred Qualifications: Project management certification (e.g., PMP, PgMP, or PMI-ACP) or security-related certifications (e.g., CISSP, CISM, or CISA). Experience with cloud security and platform-oriented vulnerability management tools like Bugzilla or similar. Familiarity with emerging cybersecurity trends and zero-day vulnerability exploitation techniques. Knowledge of networking and application delivery technologies (F5 experience is a plus!). The is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change. Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com ) . Equal Employment Opportunity It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates . Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. About the position F5 is looking for a hands-on Security Engineer III with experience owning vulnerability management and codesecurity program. F5s Edge 2.0 platform provides global, scalable, and secure way to deploy applications! In this position, you will have responsibility for vulnerability management of open-source components in the software components that make up the platform.You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities. Responsibilities We collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirementsaround vulnerability management, static and dynamic code analysis depending on the components structure and place in the platform. We write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives. We integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output. We work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is a significant code reuse. We work with other members of the DevOps team to introduce tooling to increase clarity and better quantify the vulnerability remediation. We work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC. We work with other team members to safely introduce dynamic code analysis tools. We participate in Incident Response when appropriate. Minimum qualifications BS degree in Computer Science or equivalent with 4+ years of secure software development experience. Good understanding of Docker container building process. Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy etc. Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc. Familiarity with microservices architecture, Docker and Kubernetes. Good understanding of complexities and security challenges in large-scale distributed systems. The is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change. Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com ) . Equal Employment Opportunity It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates . Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.

Date 31 May 2025 Location: Bangalore, IN Company Alstom At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars. Could you be the full-time Security into Project Specialist in Bangalore were looking for Your future role Take on a new challenge and apply your cybersecurity and project management expertise in a new cutting-edge field. Youll work alongside innovative, dedicated teammates. You'll ensure the robust integration of security within our IS&T projects, safeguarding our digital initiatives. Day-to-day, youll work closely with teams across the business (Security Architecture, GRC and ISMS team, Architects, Project Managers and PMO, Business teams), review and approve security deliverables and much more. Youll specifically take care of validating Security Inquiry for Partners (SIP) and ensuring secure configurations are applied, but also make informed decisions about security acceptance based on residual risk and asset value. Well look to you for: Reviewing and approving security deliverables Ensuring the application of the "Security into Project" policy Validating and signing off on Security Inquiry for Partners Applying secure configurations for projects or business initiatives Making decisions on security acceptance Implementing design patterns and standards All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Degree in Engineering/Technology Experience or understanding of cybersecurity, architecture and design Knowledge of security architecture and infrastructure Familiarity with cloud solutions (Microsoft Azure/O365) A CISSP or CISM certification Ability to analyze technical risks and vulnerabilities Fluency in English Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges and a long-term career free from boring daily routines Work with cutting-edge security standards for rail signalling Collaborate with transverse teams and supportive colleagues Contribute to innovative projects that shape the future of transportation Utilise our dynamic working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development, through award-winning learning Progress towards leadership roles within the cybersecurity domain Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, youll be proud. If youre up for the challenge, wed love to hear from you! Important to note As a global business, were an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.

Job Summary Join our team as an Infra. Technology Specialist where you will leverage your expertise in vulnerability management to enhance our IT infrastructure. With a hybrid work model and day shifts you will collaborate with cross-functional teams to ensure robust security measures. Your contributions will directly impact our companys mission to provide secure and reliable technology solutions. Responsibilities Oversee the implementation of vulnerability management processes to ensure the security of IT infrastructure. Collaborate with cross-functional teams to identify and mitigate potential security threats. Provide expert guidance on best practices for vulnerability assessment and remediation. Develop and maintain documentation for vulnerability management procedures and protocols. Conduct regular security audits and assessments to identify areas for improvement. Implement automated tools and technologies to streamline vulnerability management processes. Monitor and analyze security alerts to proactively address potential risks. Coordinate with IT teams to ensure timely patch management and system updates. Evaluate and recommend security solutions to enhance infrastructure resilience. Train and mentor team members on vulnerability management techniques and tools. Report on security metrics and trends to inform strategic decision-making. Ensure compliance with industry standards and regulations related to IT security. Contribute to the development of security policies and procedures to safeguard company assets. Qualifications Possess a strong background in vulnerability management with at least 8 years of experience. Demonstrate proficiency in using vulnerability assessment tools and technologies. Exhibit excellent problem-solving skills and attention to detail. Have a solid understanding of IT infrastructure and security principles. Show ability to work collaboratively in a hybrid work environment. Display strong communication skills to effectively convey technical information. Hold a relevant certification such as Certified Information Systems Security Professional (CISSP). Certifications Required Certified Information Systems Security Professional (CISSP)

Job Title : Business Continuity Specialist Qualification : Any Graduate /LLB Experience : 3-5 Years Must Have Skills : > Knowledge of global regulations and industry standards, including ISO 22301, ISO/IEC 27001, and ISO 31000 ERM Standard and/or 2017 COSO ERM Framework > Experience on Business Continuity Management. Good to Have Skills : Strong understanding of risk management frameworks, internal controls, and compliance auditing. Experience with risk management software, data analytics tools, and reporting systems. Ability to identify patterns and evaluate complex regulatory risks and propose practical solutions. Excellent communication skills with the ability to present complex information to non-technical stakeholders. Strong attention to detail and a proactive approach to problem-solving. Quick adjustment to new tools, regulations, and client requirements in the fast-paced BPO environment. Ability to work effectively both independently and as part of a global team. Experience working with cross-functional teams in a global environment. Strong analytical and project management skills with the ability to manage multiple priorities simultaneously. Proven organizational planning and management skills; excellent communication skills; and proven emergency and incident management skills. Proficiency on windows applications Roles and Responsibilities : Develop and Maintain Business Continuity Plans: l Design, implement, and regularly maintain/update comprehensive and sustainable business continuity programs through regular review, updating, and development of BCM policies, guidelines, procedures, and plans to ensure critical business functions can continue during and after disruptions. Collaborate with departments to identify critical functions and recovery requirements. Business Continuity Plans per campaign/support group Emergency Preparedness and Response Plan Incident Management Plan Crisis Management Plan Disaster Recovery Plans, etc. Conduct Business Impact Analysis: l Perform regular analyses to assess the potential impact of various disruptions on business operations. l Prioritize essential functions and develop strategies to minimize downtime and ensure recovery. l Create analytics and reports based on these analyses, and provide strategic recommendations to the BCM Lead to enhance organizational resilience. Lead Continuity Testing and Exercises: l Organize and execute testing and simulation exercises of business continuity plans. l Evaluate the effectiveness of plans and make improvements based on test results and feedback. Manage Continuity Resources : l Oversee the acquisition and maintenance of necessary resources and tools for business continuity. l Drive internal awareness and understanding through various training, and engagements to team members and leaders. l Keep abreast of industry best practices and trends, sharing the same to the organization. l Ensure Compliance : l Maintain business continuity plans in accordance with contractual obligations, relevant regulations, industry standards, and organizational policies, with a strong emphasis on adherence to ISO 22301:2019 to ensure we follow global standards. Regularly review and update plans to reflect changes in regulations or organizational needs. In line with this, management reviews and internal audits are included for a complete end-to-end compliance to the standard. l Act as a subject matter expert for BCM related activities. Incident Management and Response: l Develop and implement incident management strategies, including incident identification, response coordination, and stakeholder communication. l Regularly lead training sessions to enhance staff readiness, document incidents, conduct post-incident evaluations, ensure regulatory compliance, prepare reports for senior management, and continuously improve processes based on best practices and emerging threats. l During incidents, provides guidance to identify, manage, and implement appropriate Business Continuity Plans. Identify and Assess Risks: l Provide inputs to the corresponding Risk Registers. l Conduct risk assessments to identify and evaluate potential threats and vulnerabilities. l Analyze the likelihood and impact of identified risks to business operations. Develop Risk Management Strategies: l Assist in formulating and implementing risk management strategies to mitigate identified risks. l Develop and document risk response plans and procedures. Monitor and Report Risks: l Continuously monitor the risk environment and track emerging risks. l Prepare and present risk assessment reports and recommendations to senior management and relevant stakeholders. Compliance Oversight: l Stay up to date with relevant laws, regulations, contractual obligations and industry standards to ensure compliance across the organization. l Develop and implement compliance programs and processes to ensure adherence to legal and regulatory requirements. l Conduct periodic compliance audits and reviews to identify potential compliance issues and recommend corrective actions Promote Risk Awareness: l Foster a culture of risk awareness and management across the organization. l Provide training and guidance to employees on effective risk management practices and procedures. Coordinate with External Partners: l Collaborate with external vendors, consultants, and regulatory bodies to address external risk factors andensure compliance with industry standards and regulations Location : Jaipur CTC Range : 10 lpa (lakh per annum) Notice period : Immediate - 15days Shift Timings : Rotational Shift Mode of Interview : Virtual Mode of Work : WFH (work from home) Mode of Hire : Permanent Note : NA Thanks & Regards, -- Thanks & Regards, HR Deekshitha Staffing Analyst Black and White Business Solutions Pvt Ltd Bangalore,Karnataka,INDIA. Direct Number: 8067432404| deekshitha@blackwhite.in | www.blackwhite.in ************************PLEASE REFER YOUR FRIENDS***********************

Primary Responsibilities: Position Overview: We are seeking a highly skilled and motivated Senior Technical Project Manager to join our Information Security team. This role is pivotal in supporting numerous application development teams, with a primary focus on enhancing the security posture of the applications they create and maintain. Key Responsibilities: • Project Management: Lead and manage security-related projects, including security compliance initiatives, vulnerability remediation, and the rollout of security tools and configurations. • Reporting: Prepare and deliver monthly and weekly reports to leadership and application teams, ensuring transparency and accountability. • Tool Proficiency: Utilize project management and reporting tools such as Rally Agile, Smartsheet, and Office 365 to track progress and manage tasks effectively. • Executive Presentations: Develop and present comprehensive reports and presentations for executive stakeholders, highlighting project status, risks, and achievements. • Communication: Maintain clear and effective communication with all stakeholders, ensuring alignment and understanding of project goals and progress. • Follow-Up and Completion: Emphasize follow-up, task completion, and regular status updates to ensure projects stay on track and meet deadlines. Qualifications - External Required Qualifications: Must be a graduate Experience: Proven experience in managing technical projects within an information security context. Skills: Proficiency with Rally Agile, Smartsheet, (or similar tools), and Office 365. Solid ability to create executive-level reports. Communication: Excellent verbal and written communication skills, with a high emphasis on clarity and follow-up. Detail-Oriented: Solid attention to detail and commitment to task completion and regular status reporting. Preferred Qualifications: • Experience: Proven experience in managing technical projects within an information security context. • Skills: Proficiency with data exports, analysis, and presentation. Rally Agile, Smartsheet, and Office 365. Strong ability to create executive-level presentations. • Communication: Excellent verbal and written communication skills, with a high emphasis on clarity and follow-up. • Detail-Oriented: Strong attention to detail and commitment to task completion and regular status reporting. Why Join Us? • Impact: Play a crucial role in improving the security posture of our applications, directly contributing to the safety and integrity of our systems. • Growth: Opportunity to work on challenging projects and grow your career within a dynamic and supportive team environment. • Collaboration: Work closely with various application development teams, fostering a collaborative a

Visa operates the worlds largest retail electronic payments network and is one of the most recognized global financial services brands. Visa facilitates global commerce through the transfer of value and information among financial institutions, merchants, consumers, businesses and government entities. We offer a range of branded payment product platforms, which our financial institution clients use to develop and offer credit, charge, deferred debit, prepaid and cash access programs to cardholders. Visas card platforms provide consumers, businesses, merchants and government entities with a secure, convenient and reliable way to pay and be paid in 200 countries and territories. The objectives of the DevSecOps team are to ensure application development and deployment processes are optimized, incorporate automation, are resilient and integrate security practices throughout the entire application development lifecycle. This individual contributor role, located in India, will help achieve these objectives by conducting day-to-day activities, closely collaborating with various stakeholders, that ensure applications remain impeccably secure, resilient, and all identified risks are addressed timely. For assigned areas, drive coordinated management of findings and exceptions, facilitate triaging, and ensure remediations occur or exceptions are filed, prior to the Required Remediation Date (RRD) to support achieving daily compliance. Serve as a first point of contact for Cybersecurity, Risk, and Operations. Participate in cross-team collaboration with developers, Security Architects, PEN Testers, Security Assessors, Risk and Governance teams. Work closely with Operations Infrastructure teams, developers and other stakeholders for cross-functional development activities. Help ensure Security Assessment compliance for PPD. Help identify security improvements for PPD environments to resolve or mitigate security findings or otherwise enhance security posture to achieve compliance with all security initiatives. Support development and delivery of security metrics (eg, dashboards, reports) which consolidate all finding sources and data. Collaborate with team in different locations to ensure clear and constant communications. Build an extensive network of positive relationships throughout Visa and its technology organizations to be leveraged to accomplish the broad requirements of this position. Basic Qualifications: Bachelors degree, OR 3+ years of relevant work experience Preferred Qualifications: 1 - 2 years of work experience with a bachelor s degree in computer science or related technical discipline. Some experience with vulnerability management such as provision of vulnerability scanners, agent provision and maintenance, interpretation of findings, ranking of finding scores, option assessment, management of superseded patches, false positives, reassignment of findings, remediation actions (i.e., patching), confirmation (i.e., re-scanning to confirm remediation), and management of remediation to a standard. Qualys experience is preferred but not required. Exposure with application development, software delivery lifecycle, and/or infrastructure development and administration. Awareness of DevOps and DevSecOps principles. Familiarity with cybersecurity best practices, principles, security protocols and standards. Understanding of common Cyber Threat terminology, vulnerability and penetration test methodologies, application reliability concepts, terminology. Understands, follows steps for assigned tasks and track the progress of work to completion. Able to communicate and collaborate with appropriate stakeholders to resolve issues. Familiarity with MS Excel, PowerPoint, Word, and SharePoint. Excellent verbal and written communication skills. Team player and passionate for contributing to a culture of innovation and flawless execution. Demonstrated ability to drive technical initiatives and identify improvement opportunities. Able to adapt to work across time zones as per project requirements

Role: The Security Operations (SOC) - Engineer is responsible for monitoring the environment, identifying, reporting, and responding to security threats that put the organization at risk. The primary function of this position is to monitor the security tools and perform alert management and initial incident qualification. Job Description Acknowledge, analyze, and validate incidents triggered from multiple security tools like IDS/IPS, Web Application Firewall, Firewalls, Endpoint Detection & Response tools, and events through SIEM solution Acknowledge, analyze, and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc. Collection of necessary logs that could help in the incident containment and security investigation Escalate validated and confirmed incidents to Security administrators Undertake first stages of false positive and false negative analysis Understand the structure and the meaning of logs from different log sources such as FW, IDS/IPS, WAF, Windows DC, Cloudflare, AV and antimalware software, O365 email security etc. Open incidents in ticketing platform to report the alarms triggered or threats detected. Track and update incidents and requests based on updates and analysis results Report infrastructure issues to the IMS Team Working with vendors to work on security issues. Perform other duties as assigned Skills: Strong security knowledge Should have expertise on TCP/IP network traffic and event log analysis Experience with Linux, Windows and Network Operating Systems required. Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, and other security products Experience in Security Information Event Management (SIEM) tools, creation of basic co-relation rules, and administration of SIEM Knowledge and hands-on experience in Log management & Endpoint detection and response tools Knowledge of ITIL disciplines such as Incident, Problem and Change Management Strong interpersonal skills including excellent written/verbal communication skills Interview Process: Technical Interview HRBP Interview Consent: Consent: we will use your resume for current full-time job openings with us and retain it for future opportunities