464 Vulnerability Management Jobs - Page 4

Conduct security assessments, vulnerability assessments, and penetration tests on systems and applications to identify weaknesses and recommend remediation actions. • Monitor and analyze security alerts, events, and incidents to promptly detect. Required Candidate profile Manage and maintain security tools and technologies, such as firewalls, intrusion detection/prevention systems, and security information and event management (SIEM) systems.

Analysing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translating these into actionable intelligence Develop, maintain, and update a repository of cyber threat information that is used in conducting risk assessments and reports on cyber risk trends. Conducts research and evaluates intelligence data, with emphasis on TTP's. Good Experience in Development and documenting of threat Intelligence procedures into playbooks. Experience on Threat Research Reports for Strategic, Tactical, and Operational intelligence Focusing on intent, objectives, and activity of cyber threat actors and then acting accordingly. Perform ad-hoc intelligence gathering using OSINT tools and techniques Able to apply creative and critical thinking when approaching issues and in resolving them. Able to communicate effectively with technical, operational, and senior client staff. Required education Bachelor's Degree Required technical and professional expertise Analysing cyber-IOCs, APTs, MITRE ATT&CK TTPs, attack vectors, adversary TTPs, and cyber threat intelligence topics and translating these into actionable intelligence Develop, maintain, and update a repository of cyber threat information that is used in conducting risk assessments and reports on cyber risk trends. Conducts research and evaluates intelligence data, with emphasis on TTP's. Good Experience in Development and documenting of threat Intelligence procedures into playbooks. Experience on Threat Research Reports for Strategic, Tactical, and Operational intelligence Focusing on intent, objectives, and activity of cyber threat actors and then acting accordingly. Perform ad-hoc intelligence gathering using OSINT tools and techniques Preferred technical and professional experience Able to apply creative and critical thinking when approaching issues and in resolving them. Able to communicate effectively with technical, operational, and senior client staff.

Vulnerability Identification & Assessment: Manage and oversee vulnerability scanning tools (Qualys, Tenable, Rapid7, etc.). Analyze vulnerability data from multiple sources and assess the impact on business operations. Perform risk assessments and categorize vulnerabilities based on severity and exploitability. Remediation & Risk Mitigation: Collaborate with IT and development teams to ensure timely remediation of identified vulnerabilities. Prioritize vulnerabilities based on risk to the business and potential exploitability. Track remediation efforts and ensure proper closure of security gaps. Process & Policy Development: Define and maintain vulnerability management policies, standards, and procedures. Establish workflows for vulnerability detection, reporting, remediation, and validation. Ensure compliance with security frameworks such as NIST, CIS, ISO 27001, and regulatory standards like GDPR, HIPAA, and PCI-DSS. Security Monitoring & Threat Intelligence Integration: Work with threat intelligence teams to understand emerging threats and vulnerabilities. Ensure vulnerability management aligns with incident response and threat-hunting processes. Continuously enhance detection mechanisms to improve vulnerability discovery and response. Compliance & Audit Readiness: Ensure that vulnerability management practices align with regulatory and compliance requirements. Maintain records of assessments, remediation efforts, and compliance reports for audits. Support internal and external audits related to vulnerability management. Reporting & Metrics: Develop and present vulnerability status reports to security leadership and executive teams. Track key performance indicators (KPIs) related to vulnerability remediation SLAs and risk reduction Provide insights on security posture improvements based on trend analysis. Security Awareness & Collaboration: Conduct training sessions to educate teams on vulnerability risks and remediation best practices. Work closely with DevSecOps, SOC, and infrastructure teams to integrate security best practices into the development lifecycle Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Vulnerability Management Preferred technical and professional experience Qualys

Required Skills Technology | Cybersecurity | SIEM-SOAR Technology | Cybersecurity | SOC Alert Management Technology | Cybersecurity | Vulnerability Management Behavioral | Aptitude | Communication Technology | Cybersecurity | End Point Security Education Qualification : Any Graduate Certification Mandatory / Desirable : Technology | IT Security Certifications | EC-Council Certifications | EC-Council Certified Ethical Hacker (CEH) Details: 1) Responsible for high level design, implementation and support of Enterprise Backup and Storage Infrastructure support. 2) Maintain an operational infrastructure focused on the extremely critical need for 100% availability. 3) Participate in capacity planning and Technical review meeting to understand the complex data storage requirements of the other stakeholders before the implementation 4) Adhere to the business goals by achieving the business Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). 5) Responsible for Patch management on data storage systems and backup systems with minimal business impact. 6) Migrate the existing data from legacy data storage systems to new flash storage systems without any downtime. 7) Responsible to retire legacy data storage and backup systems 8) Migrate Home shares data to Microsoft Azure Cloud, Group share data to AWS and install AWS connectors to integrate backup systems to AWS. 9) Provide technical analysis for the critical project implementation on QA and DEV before moving it to Prod environments. 10) Provide proactive support as an On-call Engineer for all the Storage alerting systems. 11) Administrating and managing over 1PB of storage data for all types of Tiered applications by maintaining a minimal downtime. 12) Establish and maintain a clear value proposition plan as well as competitive benchmarking and overall differentiation summary. 13) Plan and Implement the solutions for performance in the Backup and Storage services

We are hiring a Vulnerability Engineer to join our Managed Security Services team. You will be responsible for identifying, analyzing, and tracking security vulnerabilities across enterprise environments. The role involves working with scanning tools, coordinating with stakeholders, and ensuring timely remediation to minimize security risk. Key Responsibilities: Perform vulnerability scans using tools like Tenable Nessus, Qualys, IBM AppScan , etc. Analyze scan results, identify false positives, and prioritize risks Track and support remediation efforts with technical teams Register and manage assets in scanning platforms and maintain scan schedules Prepare reports and metrics for leadership and stakeholders Coordinate with customers on scan schedules and mitigation plans Contribute to automation and process optimization Required Skills: Strong knowledge of vulnerability management processes and tools like Tenable Nessus, Qualys, IBM AppScan etc Solid understanding of network, system, and application-level security Experience in report writing and communicating technical findings Familiarity with enterprise IT environments and TCP/IP networking Excellent problem-solving, collaboration, and communication skills Willingness to participate in on-call support rotation Preferred: Experience with scripting/automation for scanning and reporting Security certifications (e.g., CEH, CompTIA Security+, OSCP)

About the Role: We are hiring a Vulnerability Engineer to join our Managed Security Services team. You will be responsible for identifying, analyzing, and tracking security vulnerabilities across enterprise environments. The role involves working with scanning tools, coordinating with stakeholders, and ensuring timely remediation to minimize security risk. Key Responsibilities: Perform vulnerability scans using tools like Tenable Nessus, Qualys, IBM AppScan , etc. Analyze scan results, identify false positives, and prioritize risks Track and support remediation efforts with technical teams Register and manage assets in scanning platforms and maintain scan schedules Prepare reports and metrics for leadership and stakeholders Coordinate with customers on scan schedules and mitigation plans Contribute to automation and process optimization Required Skills: Strong knowledge of vulnerability management processes and tools like Tenable Nessus, Qualys, IBM AppScan etc Solid understanding of network, system, and application-level security Experience in report writing and communicating technical findings Familiarity with enterprise IT environments and TCP/IP networking Excellent problem-solving, collaboration, and communication skills Willingness to participate in on-call support rotation Preferred: Experience with scripting/automation for scanning and reporting Security certifications (e.g., CEH, CompTIA Security+, OSCP)

We are looking for an experienced Cybersecurity Manager to lead security assessments, develop security strategies, and drive cybersecurity initiatives for our clients. The ideal candidate should have extensive experience in cybersecurity consulting, risk assessment, and compliance frameworks. Key Responsibilities: Lead security and privacy program assessments using industry-standard frameworks (NIST CSF, ISO, CIS, HIPAA, GDPR) and drive risk mitigation strategies. Develop and implement cybersecurity solutions to address security gaps and enhance maturity in privacy capabilities. Provide expert consulting on security strategy, risk management, and compliance requirements . Oversee security documentation, policy development, and compliance adherence. Conduct in-depth assessments of client environments, analyzing security posture and potential vulnerabilities. Lead client engagement meetings, manage project timelines, and ensure high-quality deliverables. Mentor and guide junior team members, fostering a strong security-focused culture. Ideal Candidate Profile: Bachelors degree in information technology , Security, Systems, Assurance, or a related field. 5+ years of cybersecurity consulting experience , with proven leadership in managing client engagements. Deep understanding of regulatory frameworks (NIST, GDPR, ISO 27001/27002, NIST 800 series) and security best practices. Strong expertise in IAM, PAM, Logging & Monitoring, Vulnerability & Patch Management, Incident Response, Asset Management, and Vendor Risk Management . Excellent stakeholder management, communication, and leadership skills. Ability to manage multiple projects and deliver within tight deadlines.

The opportunity: Join our dynamic Threat Intelligence and Detection Engineering (TIDE) team within Cyber Operations, dedicated to safeguarding critical infrastructure. Work alongside motivated professionals in a collaborative environment, leveraging cutting-edge technologies, automation, and innovative GenAI solutions. Youll have opportunities to expand your professional network across various cybersecurity disciplines, including Cyber Defense Center (CDC), Vulnerability Management (VMAD), and Architecture Engineering (AE). We prioritize enthusiasm, creativity, and passion for continuous learning over extensive experience. You should be curious, innovative, and excited to explore emerging cybersecurity approaches. How you ll make an impact: Develop and implement detection engineering content, automation, and integrations across IT/OT environments. Enhance our Security Orchestration, Automation, and Response (SOAR) platform by developing additional integrations and response automations. Incorporate cutting-edge GenAI technologies into operational processes. Build and maintain detection baselines tailored to evolving threats and business-specific use cases. Collaborate closely with Incident Response and Threat Intelligence teams to continuously refine detection capabilities. Conduct proactive technical analyses post-incident to improve operational effectiveness and response efficiency. Monitor cybersecurity trends, emerging threats, and innovative technologies, applying insights to enhance detection and response strategies. Support evaluations and integration of new cybersecurity tools and platforms. Foster continuous improvement initiatives in tooling, automation, and operational processes. Responsible to ensure compliance with applicable external and internal regulations, procedures, and guidelines. Living Hitachi Energy s core values of safety and integrity, which means taking responsibility for your own actions while caring for your colleagues and the business. Your background: Bachelors or master s degree in relevant field. A minimum of 2-3 years in cybersecurity (OT/IT), emphasizing operational procedures in threat monitoring and incident management. A grasp of the IT/OT Threat Landscape. Proficiency in threat detection engineering automation, including the entire Use Case lifecycle. Hands-on experience or strong interest in Microsoft Azure security solutions, particularly Azure Sentinel, including developing detection rules and automations using Kusto Query Language (KQL). Familiarity with Azure cloud infrastructure and enthusiasm for leveraging cloud-native technologies in detection engineering and security monitoring. Hands-on experience with security tech, like firewalls, anomaly detection tools, EDR, and IDS. A foundational understanding of security standards and frameworks such as NIST, CIS, MITRE ATTCK, and the Cyber Kill Chain. Experience in roles such as SOC, CSIRT, or CSOC would be advantageous. Effective communication skills, allowing you to articulate security issues to peers, stakeholders, and clients. Proficiency in both spoken written English language is required and German language skills would be a significant asset. Qualified individuals with a disability may request a reasonable accommodation if you are unable or limited in your ability to use or access the Hitachi Energy career site as a result of your disability. You may request reasonable accommodations by completing a general inquiry form on our website. Please include your contact information and specific details about your required accommodation to support you during the job application process. .

3-5 yrs of experience in IS GRC focusing on regulatory compliance. Understanding of security standards and frameworks (E.g. ISO 27001, NIST CSF, PCI DSS, SOX 404, SOC2, NIS2 and PCI DSS. Knowledge of Python PySpark or SparkSQL is an added advantage.

Project Role : Risk and Compliance Representative Project Role Description : Support service delivery through quality and risk management. Increase awareness of compliance policies and processes. Must have skills : Risk Management Good to have skills : Security Compliance ManagementMinimum 15 year(s) of experience is required Educational Qualification : Minimum BE BTech from a reputed university Summary :As a Risk and Compliance Representative, you will support service delivery through quality and risk management. Increase awareness of compliance policies and processes. A typical day involves ensuring adherence to risk management protocols and enhancing compliance awareness. To design and deploy IT Risk Management, Security Governance, and Operational excellence to meet regulatory for large scale technology projects such as data lake, digital platform, and other core business and supporting applications IT GRC Consultant Roles & Responsibilities:-Primary contact for Security governance, risk, and compliance -Take full accountability of GRC domain including compliance related to clients third-party risk management and supply chain risk management -Take ownership of security compliance related issues and challenges and drive for solutions working with various internal teams and third-party solution providers such as OEMs and technology partners-Define and develop high level operating procedures for seamless operations of the project-Support transition of projects from deployment to operations-Anchor design and implementation of governance processes for risk and compliance-Be a SPOC for all security governance initiatives in existing project and able to navigate through the clients landscape to upsell new initiatives in security space or able to pave ways for upselling value-driven initiatives for the client in other related domains -Lead the teams across various security governance towers such as vulnerability management, security incident management, and thrive for upskilling and cross skilling to rationalize the resources across the towers and across the clients.-Introduce innovative solutions such as automation to increase productivity and improve service delivery quality -Participate in architecture and design review and approval forums to ensure the security design principles are adhered to for any changes in the existing landscape or any new initiatives being rolled out in the existing landscape-Participate in client account planning and discussions to ensure security level initiatives are accounted for and issues are escalated to the right leaders for resolution-Build strong relationships with all client stakeholders and Accenture project teams for effective collaboration and outcomes Professional & Technical Skills: -Must have:-Strong experience in design and deployment of security controls and processes for FS regulatory mandates, guidelines, and standards such as RBI Cyber Security Framework and NIST Framework-Certified Information Security Auditor -Strong Leadership skills-Strong Communication skills-Ability to drive discussions and ideas with clients senior leadership forums-Problem solving skills-Good to have-Certification in enterprise security architecture framework Additional Information:-Total IT experience of minimum 18 years; and-Minimum 10 years of experience in designing and deploying security controls and processes for financial institutions governed by regulators such as RBI, SEBI, and IRDA.- This position is based at our Mumbai office.- A Minimum BE BTech from a reputed university is required. Qualification Minimum BE BTech from a reputed university

Person should be responsible for administration & management of three or more technologies listed Firewall, F5 WAF, F5 SSLO, Ant-DDoS, Packet Broker, Anti-Apt, IPS, etc. Managing complete administration including but not limited of creation, modification of rules and configuration, system upgrades. Handling escalated calls and providing SME support on above technologies. On-boarding of new applications in F5 SSLO, F5 WAF, Packet Broker and handle critical issues for the same. Single point of contact for above mentioned technologies. Incident management & timely escalation of incident. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Overall 4+ years of experience in the field of network security Person should be able to manage the team. Person should have good understanding on SIEM IR & should be able to guide the team. Require advance level of network security devices troubleshooting knowledge, tcpdump, log analysis etc. B. E. / B.Tech in Computer Science or Electronics & Telecommunications Preferred technical and professional experience Person should have good understanding on SIEM IR & should be able to guide the team. Require advance level of network security devices troubleshooting knowledge, tcpdump, log analysis etc.

Key Responsibilities: Design, install, monitor, integrate, and fine-tune cybersecurity tools and systems, including but not limited to, SIEM, SOAR, EDR, E-mail Security Gateways, and network Proactively monitor the environment to detect and implement steps to mitigate cyber-attacks before they occur. Provides technical expertise regarding security-related concepts to operational teams within the Information Technology Department and the business. Review, investigate, and respond to real-time alerts within the environment. Review real-time and historical reports for security and/or compliance violations. Monitor online security-related resources for new and emerging cyber threats. Assesses new security technologies to determine potential value for the enterprise. Conducts vulnerability assessments of firm systems and networks. Manage systems owned by the Information Security Team. Required Skills and Qualifications: Technical Skills & Experience: At least 5-7 years of experience in Cybersecurity with an emphasis on data and security event correlation, incident response, and the installation, configuration, administration, and management of cybersecurity tools such as SIEM, SOAR, firewalls, and hardening of IT infrastructure in compliance with cybersecurity frameworks. Works in a highly collaborative and fast-paced work environment with other SOC and Network Operations Center (NOC), Technical Support, Telecom, Project Management and Product Development staff. Strong writing skills, as well as the ability to articulate security-related concepts to a broad range of technical and non-technical staff. Working experience with creating, implementing, and managing a threat-hunting program within a corporate environment. Education Bachelors degree in computer science, information systems, Cybersecurity or Cloud Computing UG: B.Sc in Any Specialization, B.Tech/B.E. in Any Specialization

Role Description NCR Atleos is seeking an experienced manager with 10+ years of experience. As a Scaled-Agile leader, this person will be responsible for empowering individuals and teams to build better software and systems by learning, exhibiting, teaching, and coaching Scaled-Agile mindset, values, principles, and practices. You will be joining the Software Engineering team based in Hyderabad and working on NCR Atleoss Transaction Switching Product (Authentic) which serves several major industries Financial Services, Retail and Digital Banking. In this role, you will be leading a team consisting of Product Owners, SCRUM Masters, Developers and Testers to add and enhance features in this Enterprise level and performance critical application. You need to collaborate with other senior key roles like Architect, Business SMEs, DBA etc. located in London and India. A key focus will be on establishing a high performing team with embedded NCR Atleos culture of innovation and open communication. The role is a domain/technology expert in addition to providing strong leadership, managing internal and external stake holders and collaborating with other teams. You are required to have strong analytical, organizational and interpersonal skills and a commitment to Product quality in addition to grip on various java and database technologies. Should also have a good understanding of CI/CD pipeline including test automation. You will need to prioritize, make tradeoffs, clarify requirements, determine the appropriate functional implementation and drive the team for ideas and results. The Software Engineering team operates under Agile as part of a SAFe release train. The responsibilities include: Must have experience leading a large technology team in a dynamic, high-growth product company with multiple, diverse offerings with specific focus on: Alignment : Communicate the mission. Built-in quality : Demonstrate quality by refusing to accept or ship low-quality work. Support investments in capacity planning for maintenance and reduction of technical debt. Transparency : Visualize all relevant work. Leaders take ownership and responsibility for errors and mistakes. That means they admit their own missteps while supporting others who acknowledge and learn from theirs. And they never punish the messenger. Instead, they celebrate success and learning. Program execution : Participate as an active business owner in execution. Adjust scope as necessary. Celebrate high quality and program increments delivered on schedule. Aggressively remove impediments and de-motivators. Work planning and execution : Monitor/control the product backlog and ensure on scope, on time, on quality and on budget delivery in the Product Increment Technology partnerships : Establish a connect and work with technology partners in the market to ensure reach to right talent pool and access to recent technology trends. Crises management : Own critical projects to form teams, become an interconnect across various groups involved to ensure the project is successful. Customer support : Facilitate critical issue resolution, troubleshoot and help the team understand and resolve blocker issues. Remove impediments : Identify and resolve impediments, Identify and implement process improvements to meet Product Increment commitments and improve productivity of the team. Focus on quality : Identify and drive quality improvement actions and track the results/trends. Drive the roadmap : Own a specific area of functionality and work with Product Management and PO to drive it forward, considering the wider product impacts of the requested requirements and steer them to a better Product solution. Talent and Performance Management : Lead the hiring to get right and bright talent in the organization. Perform performance reviews and ensure career/skills growth for every individual. Culture ambassador : Build and maintain high performing teams with the work culture in line with the corporate shared values. Come up with the employee engagement action plans and make them effective. Provides leadership, coaching, motivation and assistance to team members to ensure teamwork, and to help those team members develop and grow along their career paths with an emphasis on the following qualities: Values diverse opinions Promotes a culture of trust Develops other leaders Encourages Sells instead of tells Thinks you, not me Thinks long-term Acts with humility Qualifications: Bachelors or Masters in Computer Science or related field 10+ years of total experience in the software industry Experience with leading and managing agile (preferably SAFe) commercial software development projects Shall be capable of working with cross-functional teams Proven track record of handling development projects independently is a must Prior experience of working on banking products like Transaction Switching including ISO8583/ISO20022 message protocols, Point of Sale (POS), Automated Teller Machine (ATM), International networks (e.g. Visa International, MasterCard, Amex, JCB, Discover) is a must Shall have expertise in one or more of the following: Software security for financial applications e.g. PA-DSS/PCI SSF, PCI DSS, vulnerability management etc. Test automation of applications with UI and APIs Product upgrade/migration strategies, release impact analysis, and compatibility matrix Cloud development deployment in GCP Azure.

Dear Candidate, We are seeking a Security Operations Engineer to monitor, detect, investigate, and respond to security incidents and threats across systems and networks. Key Responsibilities: Monitor alerts and logs using SIEM tools (Splunk, QRadar, Sentinel). Analyze security incidents, conduct root cause analysis, and coordinate response. Support threat hunting and vulnerability assessments. Maintain and tune security tools (IDS/IPS, endpoint protection, firewalls). Document incident reports and provide remediation recommendations. Required Skills & Qualifications: Experience in a Security Operations Center (SOC) or similar role. Strong knowledge of cybersecurity concepts and incident response. Familiarity with EDR tools (CrowdStrike, Carbon Black) and log analysis. Scripting and automation skills for detection and response tasks. Security certifications such as CEH, CompTIA Security+, or GCIA are beneficial. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Srinivasa Reddy Kandi Delivery Manager Integra Technologies

Dear Candidate, TEKsystems is hiring for the role with IT Risk Control with Infrastructure experience. Exp - 7+ Years NP - Immediate to 15 days Location - Pune (Hybrid) JD - At least 7+ years of relevant IT experience, including exposure to Technology & Operational resiliency, Service management and Risk & Controls (at least 4 of those years to be devoted specifically to Service Management). Appropriate certification is a plus. Understands the technical landscape and supports the BSO with technical knowledge, insights, and expertise regarding the IBS's IT Service Chain Proactively advises and makes timely recommendations aligned to their IBS. Independently provides insights on risks and vulnerabilities aligned to their IBS. Actively research and investigate new Resilience related technologies and stay abreast of latest in the regulatory and tech architecture field. Experience with Resilience Architecture updates, triggers, solutions, and industry best practices. In-depth knowledge of key IT domains particularly computing platforms (Windows, UNIX and Linux) and networking technologies. Proficient in security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies. Methods and delivery - DevOps processes and experience. Strong understanding of lean and agile methods of software delivery including Scrum, Kanban, Lean UX, XP. Comfortable working with ambiguity and conducting research as well as working with third party vendor(s). Must demonstrate, collaboration, open communication and reaching across functional borders. Requires to be able to lead, engaging stakeholders up to GGM level with positive impact. Excellent in verbal and written communication skills. Experience in managing IT/Technology risk and control projects. Strong grasp of tooling, driving automation within the environment. Close collaboration with Project and Portfolio Management teams on operational metric scorecards. Collaborate with the IT Service Governance team to continuously improve and embed Service Management best practices that helps in achieving stability of IBS. Be flexible to work with wide range of people across globe having diverse cultural and professional background. If interested, please drop an email to sswasti@teksystems.com

Job Summary As a Cyber Security Specialist you will play a crucial role in safeguarding our organizations digital assets. With a focus on LDAP Ping Directory and a hybrid work model you will ensure the integrity and confidentiality of sensitive information. Your expertise will contribute to maintaining a secure environment supporting our mission to protect data and enhance trust in our services. Responsibilities Develop and implement security measures to protect the organizations digital infrastructure. Monitor and analyze security alerts to identify potential threats and vulnerabilities. Collaborate with IT teams to integrate security protocols into existing systems. Conduct regular security audits and assessments to ensure compliance with industry standards. Provide guidance and support to staff on security best practices and protocols. Investigate security breaches and incidents to determine root causes and implement corrective actions. Maintain and update security policies and procedures to reflect current threats and technologies. Utilize LDAP expertise to manage and secure directory services effectively. Work closely with stakeholders to address security concerns and implement solutions. Ensure the confidentiality integrity and availability of sensitive information. Stay informed about the latest cybersecurity trends and technologies to enhance security measures. Contribute to the development of security awareness programs for employees. Support the organizations mission by ensuring a secure and trustworthy digital environment. Qualifications Possess strong experience in LDAP and its application in cybersecurity. Have a solid understanding of cybersecurity principles and practices. Demonstrate proficiency in conducting security audits and assessments. Exhibit excellent problem-solving skills to address security challenges. Show ability to work collaboratively with cross-functional teams. Display knowledge of industry standards and compliance requirements. Have experience in developing and implementing security policies. Be familiar with security incident response and investigation techniques. Possess strong communication skills to convey security concepts effectively. Have a proactive approach to identifying and mitigating security risks. Show commitment to continuous learning and staying updated on cybersecurity trends. Demonstrate ability to manage and secure directory services using LDAP.

Job Summary IAM Architect Develop the overarching vision principles and architecture for the workload identity and access management system across all environments like Azure GCP hybrid on premises Responsibilities Define the types of workload identities e.g. Managed Identities Service Accounts SPIFFE identities their attributes and their lifecycle management processes. Design the framework and specific policies for controlling workload access to resources based on the principle of least privilege. Define and design secure methods for workloads to authenticate and communicate with each other. Design the integration points and processes for connecting the workload IAM system with Fords current IAM infrastructure e.g. Entra ID Drive the creation of the long-term workload IAM governance framework ensuring alignment with industry best practices and Fords policies. Serve as the subject matter expert on workload identity concepts technologies e.g. Entra Workload Identity SPIFFE-SPIRE and best practices. Assess and recommend appropriate workload identity features and tools available in Azure GCP and other relevant platforms. Design the system to meet relevant security and compliance requirements

Company: MMC Corporate Description: We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon/Noida. This is a hybrid role that has a requirement of working at least three days a week in the office. Senior Manager - Cyber Security Cloud Infrastructure Vulnerability Management What can you expect? To oversee and manage the security posture of the organization s entire cloud environment across all regions globally. This critical role requires a deep understanding of cloud security principles, Cloud Service Provide (CSP) platforms, and the ability to leverage sophisticated cloud tooling to proactively identify, detect, assess, report vulnerabilities and threats. We will count on you to: Cloud Security Management 1. Multi Cloud Expertise: Possess in depth knowledge of leading cloud platforms (AWS, Azure, GCP, etc.) and their security best practices. 2. Develop and implement a comprehensive cloud security strategy aligned with industry standards and the organization s risk tolerance. 3. Proactively access and harden cloud infrastructure configurations to minimize attack surface and potential vulnerabilities. 4. Identity and Access Management (IAM): Enforce and maintain granular IAM policies across all cloud environments to ensure least privilege access. Vulnerability Detection and Threat Response 1. Perform continuous asset discovery to identify and track all cloud resources, including servers, databases, storage, network devices, etc. 2. Conduct regular, continuous, and adhoc vulnerability scanning to identify and prioritize security vulnerabilities and potential threats. 3. Monitor for emerging threats and zero day vulnerabilities utilizing threat detection and response program. 4. Identify and remediate misconfigurations that can lead to security breaches. 5. Container Security. Ensure the security of containerized workloads by scanning images for vulnerabilities and enforcing best practices. 6. Collaborate and lead remediation teams on plans for identified vulnerabilities, leveraging the security cloud vulnerability s automation capabilities where applicable. 7.Prioritization of security patch management to ensure timely patching of security vulnerabilities in cloud infrastructure and applications based on vendor recommendation. 8. Generate regular reports on vulnerabilities, trends, remediation progress, and security cloud posture. Cloud Security VM Operations 1. Standardization: Enforce established security policies and procedures across all cloud environments. 2. Compliance Management: Maintain compliance with industry regulations (e.g., GDPR, NYDFS, Privacy, etc.) and internal security policies. 3. Security Incident Response: Assist in IR investigations and remediation of cloud security incidents, leveraging the security cloud system s vulnerability tool to analyze activities, logs, and identify root causes. Security Cloud System s Vulnerability Tool 1. Advance the tool s configuration: Assessment of configurations policies, rules, and alerts to maximize its effectiveness in identifying and mitigating cloud vulnerabilities and security risks. 2. Analyze data generated by the tool to identify trends, patterns, and potential security issues. 3. Maintain and support custom automation workflows within the tool streamline remediations processes and improve efficiency. 4. Integrate the tool with broader security tools (SIEM, CMDB, SOAR, SOC, etc.) to create a comprehensive security informed program 5. Actively monitor the tool s alerts and notifications, prioritizing critical security vulnerabilities and issues. a. Alert triage and prioritization to accurately assess the severity and potential impact of alerts, assigning appropriate priority levels. b. Ensure remediation management to create and manage remediation tasks to timely resolve identified vulnerabilities and misconfigurations. c. Maintain SLA adherence to monitor and resolve alert response and remediation times. d. Conduct thorough root cause analysis through investigations to determine the root cause of vulnerability remediation failures and implement alternative solutions. e. Generate regular reporting and metrics on vulnerabilities and threats for alert trending and remediation effectiveness. What you need to have: Security Cloud Tools: Assist with the evaluation and selection of vulnerability management tools that integrate seamlessly with various cloud environments and provide fine granular access controls and CMDB attributers such as asset ownership. Integration: Integrate the security cloud tools with other security tools and systems, including the SIEM solutions, change ticketing systems, etc Launch awareness campaigns to promote secure practices and vulnerability management, emphasizing the unique challenges of cloud environments. Collaborate with development, business CISOs, operations, and cloud teams to ensure effective vulnerability management practices throughout the SDLC, cloud, and production environments. What makes you stand out? Experience in Cyber Cloud Infrastructure Vulnerability Management Why join our team: We help you be your best through professional development opportunities, interesting work and supportive leaders. We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities. Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being. Marsh McLennan (NYSE: MMC) is the world s leading professional services firm in the areas of risk, strategy and people. The Company s more than 85,000 colleagues advise clients in over 130 countries. With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh provides data-driven risk advisory services and insurance solutions to commercial and consumer clients. Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com , or follow us on LinkedIn and X . Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person

Company: MMC Corporate Description: We are seeking a talented individual to join our GIS Team at MMC Corporate This role will be based in Gurgaon. This is a hybrid role that has a requirement of working at least three days a week in the office. Associate Director - Cyber Security Cloud Infrastructure Vulnerability Management What can you expect? To oversee and manage the security posture of the organization s entire cloud environment across all regions globally. This critical role requires a deep understanding of cloud security principles, Cloud Service Provide (CSP) platforms, and the ability to leverage sophisticated cloud tooling to proactively identify, detect, assess, report vulnerabilities and threats. We will count on you to: Cloud Security Management 1. Multi Cloud Expertise: Possess in depth knowledge of leading cloud platforms (AWS, Azure, GCP, etc.) and their security best practices. 2. Develop and implement a comprehensive cloud security strategy aligned with industry standards and the organization s risk tolerance. 3. Proactively access and harden cloud infrastructure configurations to minimize attack surface and potential vulnerabilities. 4. Identity and Access Management (IAM): Enforce and maintain granular IAM policies across all cloud environments to ensure least privilege access. Vulnerability Detection and Threat Response 1. Perform continuous asset discovery to identify and track all cloud resources, including servers, databases, storage, network devices, etc. 2. Conduct regular, continuous, and adhoc vulnerability scanning to identify and prioritize security vulnerabilities and potential threats. 3. Monitor for emerging threats and zero day vulnerabilities utilizing threat detection and response program. 4. Identify and remediate misconfigurations that can lead to security breaches. 5. Container Security. Ensure the security of containerized workloads by scanning images for vulnerabilities and enforcing best practices. 6. Collaborate and lead remediation teams on plans for identified vulnerabilities, leveraging the security cloud vulnerability s automation capabilities where applicable. 7.Prioritization of security patch management to ensure timely patching of security vulnerabilities in cloud infrastructure and applications based on vendor recommendation. 8. Generate regular reports on vulnerabilities, trends, remediation progress, and security cloud posture. Cloud Security VM Operations 1. Standardization: Enforce established security policies and procedures across all cloud environments. 2. Compliance Management: Maintain compliance with industry regulations (e.g., GDPR, NYDFS, Privacy, etc.) and internal security policies. 3. Security Incident Response: Assist in IR investigations and remediation of cloud security incidents, leveraging the security cloud system s vulnerability tool to analyze activities, logs, and identify root causes. Security Cloud System s Vulnerability Tool 1. Advance the tool s configuration: Assessment of configurations policies, rules, and alerts to maximize its effectiveness in identifying and mitigating cloud vulnerabilities and security risks. 2. Analyze data generated by the tool to identify trends, patterns, and potential security issues. 3. Maintain and support custom automation workflows within the tool streamline remediations processes and improve efficiency. 4. Integrate the tool with broader security tools (SIEM, CMDB, SOAR, SOC, etc.) to create a comprehensive security informed program 5. Actively monitor the tool s alerts and notifications, prioritizing critical security vulnerabilities and issues. a. Alert triage and prioritization to accurately assess the severity and potential impact of alerts, assigning appropriate priority levels. b. Ensure remediation management to create and manage remediation tasks to timely resolve identified vulnerabilities and misconfigurations. c. Maintain SLA adherence to monitor and resolve alert response and remediation times. d. Conduct thorough root cause analysis through investigations to determine the root cause of vulnerability remediation failures and implement alternative solutions. e. Generate regular reporting and metrics on vulnerabilities and threats for alert trending and remediation effectiveness. What you need to have: Security Cloud Tools: Assist with the evaluation and selection of vulnerability management tools that integrate seamlessly with various cloud environments and provide fine granular access controls and CMDB attributers such as asset ownership. Integration: Integrate the security cloud tools with other security tools and systems, including the SIEM solutions, change ticketing systems, etc Launch awareness campaigns to promote secure practices and vulnerability management, emphasizing the unique challenges of cloud environments. Collaborate with development, business CISOs, operations, and cloud teams to ensure effective vulnerability management practices throughout the SDLC, cloud, and production environments. What makes you stand out? Experience in Cyber Cloud Infrastructure Vulnerability Management Why join our team: We help you be your best through professional development opportunities, interesting work and supportive leaders. We foster a vibrant and inclusive culture where you can work with talented colleagues to create new solutions and have impact for colleagues, clients and communities. Our scale enables us to provide a range of career opportunities, as well as benefits and rewards to enhance your well-being. Marsh McLennan (NYSE: MMC) is the world s leading professional services firm in the areas of risk, strategy and people. The Company s more than 85,000 colleagues advise clients in over 130 countries. With annual revenue of $23 billion, Marsh McLennan helps clients navigate an increasingly dynamic and complex environment through four market-leading businesses. Marsh provides data-driven risk advisory services and insurance solutions to commercial and consumer clients. Guy Carpenter develops advanced risk, reinsurance and capital strategies that help clients grow profitably and pursue emerging opportunities. Mercer delivers advice and technology-driven solutions that help organizations redefine the world of work, reshape retirement and investment outcomes, and unlock health and well being for a changing workforce. Oliver Wyman serves as a critical strategic, economic and brand advisor to private sector and governmental clients. For more information, visit marshmclennan.com , or follow us on LinkedIn and X . Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one anchor day per week on which their full team will be together in person Attachments

Responsibilities: * Conduct regular security audits & risk assessments * Monitor network activity & respond to incidents * Collaborate with stakeholders on cybersecurity strategies * Ensure compliance with regulatory standards

What You'll Do Avalara, Inc. is the leading provider of cloud-based software that delivers a broad array of compliance solutions related to sales tax and other transactional taxes. What is it like to work at Avalara? Come find out! We are committed to the following success traits that embody our culture and how we work together to accomplish great things: Fun. Passion. Adaptability. Urgency. Simplicity. Curiosity. Humility. Ownership. Optimism. Avalara is looking for Detection Engineer to join the Detection and Response Team. The ideal candidate will have a track record in incident response, demonstrating advanced technical expertise and leadership capabilities. Your role will be of an Incident Response Analyst, you will help protect Avalara. This includes detecting, investigating, and mitigating security incidents. You will also be a key contributor in improving our incident response capabilities. You will report to Security leadership at Avalara. This is a remote position. #LI-Remote What Your Responsibilities Will Be You will perform incident response activities and workstreams as the Incident Response Senior Analyst. You will monitor security systems, including Intrusion Detection Systems (IDS), Endpoint Detection and Response (EDR) platforms, software firewalls, and Security Information and Event Management (SIEM) platforms. Gather and analyze evidence from affected systems, logs, and network traffic. You will conduct detailed investigations of security incidents to determine the root cause, scope, and impact. Document all aspects of security incidents, including timelines, actions taken, and lessons learned. Perform forensic analysis of compromised systems to identify the techniques and tactics used by attackers, or as directed by Legal. Collaborate with cross-functional teams including Engineering, IT, Security Operations, Legal, HR, and Compliance to manage and mitigate incidents. Strengthen KPIs and metrics for measuring response effectiveness and provide clear and consistent reporting to internal stakeholders. Participate in rotating On Call shifts that utilize a paging system in case a security event requires attention. What You'll Need to be Successful 5+ years experience in Security Incident Response. Experience across the information security domain, including familiarity with endpoint, email, network, cloud security, vulnerability management, incident response, and threat intelligence. Experience with log analysis, network security, digital forensics, and incident response investigations. Ability to script code using Python or an equivalent language. Bachelor's degree in computer science, information security, or relevant experience. Certifications related to digital forensics and incident response

Duration : 12 Months Timings : Full Time (As per company timings) Notice Period : Immediate Joiners Only Experience Required: 69 Years (Minimum 5+ Years Relevant in ServiceNow SecOps) Job Role: ServiceNow SecOps - Vulnerability Response SME We are looking for an experienced ServiceNow SecOps professional with deep expertise in Vulnerability Response modules to join our dynamic team. The ideal candidate must have hands-on experience with ServiceNow implementations and integrations in a SecOps environment. Key Responsibilities: - Implement and customize ServiceNow Security Operations modules, especially Vulnerability Response and Configuration Compliance - Develop catalog items, record producers, workflows, and service requests - Configure integrations with vulnerability scanning tools and external systems - Automate processes using scripting and ServiceNow Orchestration - Maintain and manipulate data between ServiceNow and other systems - Monitor application health, compliance, and usage - Perform system/integration testing and lead troubleshooting efforts - Collaborate with clients to analyze their environment and propose optimal solutions Required Skills & Experience : - 5+ years relevant experience in ServiceNow SecOps (Vulnerability Response) - Expertise in ServiceNow ITSM modules (Incident, Problem, Change, CMDB, Asset) - Strong knowledge in CMDB, Discovery, and external integrations - Proficient in Glide, Jelly Scripting, JavaScript, HTML, XML, AJAX - Experience with REST/SOAP integrations, web UI development, and relational databases - Agile methodology experience is a must - Ability to handle client discussions and provide recommendations - ServiceNow Certified Application Developer (preferred) Important Notes : - BGV is Mandatory - No JNTU Candidates.

Duration : 12 Months Timings : Full Time (As per company timings) Notice Period : Immediate Joiners Only Experience Required: 69 Years (Minimum 5+ Years Relevant in ServiceNow SecOps) Job Role: ServiceNow SecOps - Vulnerability Response SME We are looking for an experienced ServiceNow SecOps professional with deep expertise in Vulnerability Response modules to join our dynamic team. The ideal candidate must have hands-on experience with ServiceNow implementations and integrations in a SecOps environment. Key Responsibilities: - Implement and customize ServiceNow Security Operations modules, especially Vulnerability Response and Configuration Compliance - Develop catalog items, record producers, workflows, and service requests - Configure integrations with vulnerability scanning tools and external systems - Automate processes using scripting and ServiceNow Orchestration - Maintain and manipulate data between ServiceNow and other systems - Monitor application health, compliance, and usage - Perform system/integration testing and lead troubleshooting efforts - Collaborate with clients to analyze their environment and propose optimal solutions Required Skills & Experience : - 5+ years relevant experience in ServiceNow SecOps (Vulnerability Response) - Expertise in ServiceNow ITSM modules (Incident, Problem, Change, CMDB, Asset) - Strong knowledge in CMDB, Discovery, and external integrations - Proficient in Glide, Jelly Scripting, JavaScript, HTML, XML, AJAX - Experience with REST/SOAP integrations, web UI development, and relational databases - Agile methodology experience is a must - Ability to handle client discussions and provide recommendations - ServiceNow Certified Application Developer (preferred) Important Notes : - BGV is Mandatory - No JNTU Candidates

Job Description:The candidate will have expertise in penetration testing, cloud security, compliance frameworks (HIPAA, PCI DSS), security documentation, and security tools such as Qualys, Burp Suite, and other industry-standard solutions Strong communication skills and the ability to document security processes effectively are essential for this role Key ResponsibilitiesPenetration Testing & Vulnerability ManagementPerform penetration testing on web applications, networks, and cloud environments to identify security vulnerabilities Utilize tools like Burp Suite, Qualys, Nessus, Metasploit, and other scanning tools to detect threats Work with development and operations teams to remediate vulnerabilities and strengthen security posture Cloud SecurityEnsure cloud security best practices for AWS, Azure, and other cloud platforms Implement security controls for cloud-hosted applications and workloads Conduct security assessments and recommend security enhancements Compliance & Regulatory SecurityEnsure compliance with HIPAA, PCI DSS, ISO 27001, NIST, and other security frameworks Conduct audits, risk assessments, and compliance gap analysis Assist in developing policies, procedures, and security documentation to meet regulatory requirements Security Operations & Incident ResponseMonitor security logs and alerts for threat detection and response Work with security teams to investigate and mitigate security incidents Conduct forensic analysis in the event of security breaches Documentation & CommunicationDevelop and maintain security policies, procedures, and technical documentation Create security reports and communicate findings effectively to stakeholders Provide security training and awareness programs for employees

Project description Security is a global organization within Group Technology Infrastructure and Security Engineering. Our services focus on preventing and detecting cyber threats and securing our IT systems. We provide consolidated and reliable security services that implement secure design principles and create best-fit solutions. You will be working in the Cyber Technology service team, providing security products and services for the Cyber Hygiene space - specifically for Infrastructure Scanning and vulnerability assessment. We provide consolidated and reliable security hygiene controls to our clients using the latest technology. As a Cyber Security Engineer, you will play a vital role in creating Infrastructure Scanning and Security Remediation capabilities, determining required IT business solutions, and assisting in implementing them. We offer flexibility in the workplace and equal opportunities to all our team members. Responsibilities Perform vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, OS, application, databases etc. (to meet scan coverage targets) Stakeholder engagement to recommend appropriate remedial actions to mitigate risks and validate remedial actions and ensure compliance with regulatory requirements. Perform vulnerability management system administration functions, as required Maintain proficiency in vulnerability management best practices Onboarding new attack surface to vulnerability scanning process Documentation management and continuous service improvement Skills Must have - 5-10 years relevant experience Degree in related discipline or qualified by experience Well-developed oral and written English communication skills Team player with ability to work collaboratively with others and aptitude for self-development Experience using commercial vulnerability scanning solutions such as Rapid7, Qualys, Tenable etc. Expertise with administration of networks, windows and or Linux operating systems An understanding of IT Security Risk, attack vector Nice to have N/A Other Languages EnglishC1 Advanced Seniority Regular