Vulnerability Assessment Specialist Jobs in Bengaluru

Position: Security Engineer-2 Location: Bengaluru Employment Type: Full-Time Department: Engineering Job Description: We are seeking a proactive and skilled Security Engineer-2 to identify vulnerabilities, collaborate with development teams on mitigation strategies, and promote secure coding practices within the organization. You will play a critical role in ensuring the security and resilience of our products against emerging threats. Key Responsibilities: Conduct in-depth security assessments of products to discover vulnerabilities and demonstrate their exploitability and risk impact. Stay updated on emerging vulnerabilities and threats relevant to our products through independent research. Collaborate with developers to develop and implement mitigation and workaround plans according to security policies. Lead threat modeling and secure design review sessions with development teams to identify threats and define mitigation strategies. Conduct workshops to educate developers on threat modeling and secure coding principles. Prioritize and ensure mitigation of critical security defects during development sprints. Integrate and automate Static Application Security Testing (SAST) within the DevOps pipeline. Advocate and propagate secure coding principles across the development community. Serve as the primary point of contact for developers on critical secure development issues. Develop and deliver security training programs and technical workshops for developers and QA teams. Promote security awareness through tech talks and other knowledge-sharing activities. Required Qualifications and Skills: Strong knowledge of common vulnerabilities such as Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), cryptographic weaknesses, and code injection. Proficiency in programming/scripting languages like Java, Ruby, and Python. Experience with cloud technologies and services. Ability to automate security testing processes and improve assessment productivity. Excellent communication skills to articulate security risks to both technical and non-technical audiences. Familiarity with industry-standard threat modeling, risk assessment, and vulnerability classification methodologies. Experience conducting white-box and grey-box security assessments, including architectural and API analysis. Knowledge of Secure Software Development Lifecycle (S-SDLC) and CI/CD integration. Bachelor s degree in Computer Science, Electrical Engineering, Computer Engineering, or equivalent experience in software engineering or security. Minimum 3 years of experience in application security or related security assessment roles. Deep understanding of attack vectors, exploits, and mitigation techniques, including chained attacks. Experience with languages such as Java, Go, Python, or Node.js (knowledge of multiple is a plus). Experience assessing cloud-native services, service meshes, and Kubernetes-based microservices. Strong problem-solving skills, able to think both offensively (like a hacker) and defensively (product security evaluation). Ability to learn new technologies and apply unconventional thinking to complex security challenges. Qualification : Bachelors degree in Computer Science, Electrical Engineering, Computer Engineering, or equivalent experience in software engineering or security

Red Team Hacker / Pen Tester (Onsite, Bangalore) Who We Are ColorTokens We re on a mission to keep businesses running safe and sound even when cyber attackers try to mess things up. Our next-gen platform, ColorTokens Xshield , stops ransomware and malware from spreading sideways inside companies, so critical stuff stays locked down and working. We ve got mad skills in spotting and controlling traffic between all kinds of devices and users from your typical laptops to IoT and medical gadgets. That means we can slice and dice security zones to keep bad actors contained. Forrester calls us a Leader in Microsegmentation (Q3 2024), and we help global companies avoid big $$$ downtime. Our Vibe We re all about hustling with heart. You ll get to own your projects, work with smart teammates, and solve tough problems that actually protect people from kids in hospitals to entire cities. If you re driven, curious, and ready to make a real impact, you ll fit right in. The Gig What You ll Do Run epic red team ops that mimic real-world hackers trying to break in. Hack (ethically!) into networks, apps (web, mobile, APIs), and cloud setups to find weaknesses. Build your own scripts and tools to level up your tests and dodge detection. Team up with defenders (blue team) to boost how we spot and stop attacks. Write clear, no-fluff reports with proof-of-concept hacks and smart fixes. Keep your finger on the pulse of the latest threats and hacker tricks. Jump into purple teaming and adversary simulations to sharpen our edge. Bachelor s in Cybersecurity, CS, or you ve got real-world chops that match. 6+ years deep in red teaming, pentesting across web, APIs, infrastructure, and cloud. Pro with tools like Cobalt Strike, Metasploit, Nessus, Burp Suite, Nmap, and scripting (Python/PowerShell/Bash). Solid grasp of MITRE ATT&CK, threat modeling, and adversary emulation. Know Windows & Linux inside out, Active Directory, plus cloud platforms (AWS, Azure, GCP). Bonus points if you re into social engineering, phishing, or physical security. Skilled at writing docs that actually make sense. Must-have certifications: OSCP is a must; CRTP, OSCE, OSEP, CRTE, GPEN, GXPN are pluses. Qualification : Bachelor's degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

Senior SOC Analyst Location: Bangalore (Hybrid, work from office) Experience: 4 to 7 years Shifts: Rotational 24/7 shifts gotta keep the cyber world safe around the clock! About ColorTokens We re on a mission to help businesses stay secure and running smoothly, even when cyber threats hit hard. Our ColorTokens Xshield platform stops ransomware and malware from spreading sideways, so companies can keep their critical assets locked down and business uninterrupted. We bring unmatched visibility into traffic flows whether it s servers, IoT devices, or users helping teams isolate threats fast and respond smartly. Forrester named us a Leader in Microsegmentation (Q3 2024), and we protect global enterprises from costly cyber disasters. Our Culture If you re a self-starter who loves solving complex problems and making an impact, you ll fit right in. Work alongside passionate teammates who protect hospitals, cities, and even national defense. We value innovation, respect, and letting you own your work. What You ll Be Doing Lead as a senior SOC analyst, mentoring juniors and shaping SOC playbooks and processes. Dive deep into escalated incidents analyze, manage end-to-end, and nail root cause analysis. Monitor alerts and events across SIEM tools (Splunk, QRadar, Stellar Cyber, LogRhythm), firewalls, IDS/IPS, VPNs, and more. Hunt proactively for threats and vulnerabilities using threat intel feeds and frameworks like MITRE ATT&CK and Cyber Kill Chain. Perform forensic and malware analysis from logs to memory and disk images to track down attackers and gather evidence. Collaborate closely with SecOps, IT, Platform, and Engineering teams to creatively solve security challenges. Automate SOC workflows with PowerShell, regex, and APIs to level up efficiency. Lead detection tuning and gap analysis to sharpen SOC s ability to spot threats early and accurately. What You Bring 4+ years experience in cyber incident response, SOC operations, and investigations. Solid knowledge of SIEM platforms, network and endpoint security, malware analysis, and threat intel. Certifications like CISSP, GCIH, GSOC, OSCP, or GCIA (or working toward them). Strong communication skills you can explain complex security issues clearly to any audience. Integrity, professionalism, and eagle-eye attention to detail. Ability to work well under pressure and collaborate with diverse teams. Qualifications Bachelor s degree in IT, Computer Science, Engineering, or related field (or equivalent experience). Protect critical digital assets, learn cutting-edge cyber defense tech, and grow your career at a company recognized as a market leader. Plus, work with passionate people who genuinely care about making the world safer. Qualification : Bachelors degree in IT, Computer Science, Engineering, or related field (or equivalent experience).

Cyber Security Analyst Bangalore, India Location: Bangalore (Bengaluru) Experience: 4 to 12 Years Industry: IT Security / Cybersecurity Job Summary: We are seeking a highly skilled Cyber Security Analyst with advanced knowledge in cybersecurity principles, risk assessment, and threat prevention. The ideal candidate will have hands-on experience with security tools, network defense, vulnerability assessments, and malware analysis to safeguard our organization s digital assets. Key Responsibilities: Analyze and mitigate cyber and IT security risks using advanced techniques and best practices Conduct vulnerability assessments and penetration testing across networks, platforms, and applications Utilize scripting and programming languages such as Python, PowerShell, Perl, HTML, and JavaScript for automation and security analysis Monitor network security devices including firewalls, proxies, NIDS/NIPS, and respond to security incidents Perform dynamic and static malware analysis and memory forensics to identify and counter threats Conduct reverse engineering of malware and apply countermeasures based on adversary tactics and protocols Apply in-depth knowledge of network protocols, network security monitoring, and incident response Ensure compliance with security standards and frameworks Collaborate with cross-functional teams to implement security improvements and ensure robust defense mechanisms Required Skills & Qualifications: Minimum 4+ years of professional experience in cybersecurity or related IT security roles Advanced understanding of cyber threats, risk management, and prevention techniques Proficiency in security system analysis, network security, and vulnerability assessment tools Experience with malware analysis, penetration testing, and reverse engineering Strong programming/scripting skills in Python, PowerShell, Perl, or similar languages In-depth knowledge of security standards, protocols, and industry best practices Hands-on experience with network security monitoring and defense technologies Preferred Certifications: Technical cybersecurity certifications from recognized bodies such as SANS, ISACA (CISA, CISM), (ISC) (CISSP), CompTIA Security+, Cisco (CCNA Security), CERT, or equivalent Work in a challenging role protecting critical digital infrastructure Collaborate with a talented cybersecurity team to combat evolving threats Access to continuous learning, professional development, and certification opportunities

Architect - Cyber Security | Bengaluru, India Location: Bangalore (Bengaluru) Experience: 12 to 20 Years Industry: IT Security / Cybersecurity Architecture Job Summary: We are looking for a seasoned Cyber Security Architect with over 12 years of experience designing and managing security architectures across multiple industries. The ideal candidate will bring strong expertise in secure design principles, SSDLC implementation, and cloud security especially within Azure environments. Key Responsibilities: Lead the development and management of enterprise-wide security architectures for global, multinational organizations Participate in Security Architecture Review Boards and drive secure coding practices along with Software Security Development Life Cycle (SSDLC) implementation Develop and enforce secure design principles and security standards across platforms Create and maintain current and future state architecture diagrams, supporting the technical roadmap with a comprehensive understanding of the technology market Deliver security solution architectures aligned with the enterprise architecture framework Provide expert guidance on securing multi-tenant cloud environments, with a focus on Microsoft Azure Collaborate with cross-functional teams to align security strategies with business goals and compliance requirements Required Skills & Qualifications: Minimum 12+ years of experience in security architecture across at least two different industries, preferably including cloud service providers Proven track record with security architecture development and governance in large-scale multinational companies Experience with secure coding, SSDLC, and security architecture review processes Strong proficiency in cloud security architecture, especially Azure multi-tenant environments Bachelor s or Master s degree in Information Security, Computer Science, or related field Must hold CISSP certification (Certified Information Systems Security Professional) Experience with architecture certification such as CISSP-ISSAP is highly preferred Additional certifications or memberships in SANS, ISACA, or similar cybersecurity organizations are a plus Azure Architecture or Azure Security certifications highly desirable Lead cybersecurity architecture in a global, dynamic enterprise environment Work with cutting-edge cloud technologies and secure multi-cloud ecosystems Grow professionally with access to industry-leading certifications and training Influence enterprise security strategy at the highest level Qualification : Bachelors or Masters degree in Information Security, Computer Science, or related field

Senior Security Specialist Location: Bengaluru, Karnataka, India Employment Type: Full-time About Serko: Serko is a leading tech platform revolutionizing global business travel and expense technology. Joining Serko means becoming part of a passionate team of travelers and technologists dedicated to transforming the business travel marketplace. With offices worldwide and a new hub in Bengaluru, we embrace diversity and authenticity to create meaningful impact. Our fast-growing India team seeks motivated professionals to help build world-class products and experiences. Role Overview: We are looking for a highly skilled Senior Security Specialist with a strong software engineering and DevSecOps background. This role will lead security initiatives, manage risks, oversee security operations, ensure compliance, and report to senior management. You will work closely with agile development teams to embed security throughout the software development lifecycle, driving robust, scalable security solutions. Key Responsibilities: Lead integration of security practices into the DevOps lifecycle, embedding security into software development and deployment pipelines. Collaborate with development and operations teams to identify and mitigate security risks across applications, infrastructure, and pipelines. Implement and maintain security automation and orchestration tools to improve security posture and operational efficiency. Identify, assess, and manage security risks; develop and implement mitigation strategies. Oversee daily security operations, including monitoring, incident response, and threat intelligence. Ensure compliance with security policies and external standards such as PCI-DSS and SOC2. Prepare and present detailed security reports to senior management, highlighting risks and mitigation plans. Lead security awareness campaigns to educate employees on emerging threats and best practices. Stay current on emerging security technologies and trends, particularly in Azure security and DevSecOps. Evaluate and recommend security tools and solutions to enhance the organization's security posture. Qualifications & Experience: 5+ years in a senior security role focused on Security Operations, Risk Management, and Compliance within software engineering environments. Deep understanding of security attack and defense methods; hands-on experience with ethical hacking tools preferred. Proven experience with DevSecOps tools such as SAST and DAST. Expertise in Microsoft security products including Azure Security Center, Defender, Azure AD, and Sentinel. Relevant certifications such as CISSP or equivalent highly preferred. Excellent communication, presentation, and documentation skills. Strong team collaboration and leadership skills. Bachelor s degree in Computer Science, Cybersecurity, or related field; certifications may substitute for degree. What We Offer: Competitive base salary and discretionary incentive plan based on individual and company performance. Access to learning and development platforms to own your career growth. Comprehensive family medical coverage, meal coupons, transport allowances, and mobile & internet reimbursement. Flexible work policies supporting work-life balance. An engaging environment with great tools, support, and opportunities to innovate and deliver high-quality results. Qualification : Bachelors degree in Computer Science, Cybersecurity, or related field; certifications may substitute for degree.

Senior Information Security Analyst Data Governance Location: Bangalore, India About the Team The Information Security (InfoSec) team at Rubrik strengthens company-wide security through initiatives, tools, and processes that protect data and systems. They also oversee security monitoring, incident response, and educate employees on best practices to secure Rubrik s information assets. Role Overview This role focuses on data governance and security review throughout the Software Development Lifecycle (SDLC) to ensure sensitive data is properly protected. You will collaborate cross-functionally with Legal, Engineering, Product, and IT teams, while also supporting the Security Operations Center (SOC) with expert guidance on data governance during incident response. Key Responsibilities Perform data governance and security reviews during SDLC for new products and features. Manage and document metadata, including data lineage, ownership, and definitions. Conduct audits and assessments to ensure compliance with data governance standards. Maintain strong relationships and communication with internal stakeholders to facilitate governance adherence. Act as a subject matter expert for SOC, supporting incident response from a data security perspective. Support training and awareness programs on data governance policies and best practices. Develop and maintain governance documentation, policies, and procedures. Identify and escalate data governance risks with actionable recommendations. Experience & Qualifications Required: Bachelor s or Master s degree in Information Security, Data Analytics, or related field. 3 5 years in information security, data security, or data governance roles. Strong understanding of data security principles and frameworks (e.g., NIST). Excellent communication, presentation, and documentation skills. Project management skills to lead governance projects. Ability to adapt quickly and maintain professionalism in dynamic environments. Preferred: Certifications: CISSP, CISM, CDPSE, Security+ (or similar). Experience with data governance tools and metadata management. Knowledge of data privacy regulations: GDPR, CCPA, HIPAA. Experience supporting or collaborating with SOC/incident response teams. Strong analytical and problem-solving skills, especially with complex data. Familiarity with cloud-based data security solutions. Rubrik leads in Zero Trust Data Security , providing cutting-edge data protection across enterprise, cloud, and SaaS environments. This role offers an impactful chance to enhance data governance and security in a mission-critical, rapidly evolving tech company. Qualification : Bachelors or Masters degree in Information Security, Data Analytics, or related field.

Senior Software Engineer Cloud Native Protection Location: Bangalore, India About the Team Rubrik s Cloud Native Protection team safeguards customer data on public cloud platforms. With cloud data growing rapidly and cyber threats increasing, the team builds scalable, secure solutions to protect, search, and analyze cloud data efficiently. Operating like a startup within a startup, the team tackles complex engineering challenges in a culture driven by strong engineering values and collaboration. About the Role As a Senior Software Engineer, you will be a key technical leader responsible for driving complex projects, designing scalable cloud-native software, and mentoring team members. You ll work closely with other engineers and cross-functional partners, bringing technical expertise, initiative, and leadership to deliver impactful solutions. What You ll Do Design, develop, test, deploy, maintain, and improve cloud native protection software. Tackle open-ended, complex problems, leading investigation and scoping efforts. Own project execution and ensure successful delivery of assigned work. Mentor and guide junior engineers, fostering their growth. Collaborate with product management, QA, UI/UX, documentation, and support teams. Experience & Qualifications Education & Experience: Bachelor s or Master s degree in Computer Science or related field. 4+ years of professional experience in software development. Technical Skills: Proficient in one or more programming languages: Go, Java, C/C++, Scala, Python. Experience with public cloud platforms (AWS, Azure, GCP) is a plus. Familiarity with Docker, containers, Kubernetes, and microservices architectures is a bonus. Strong understanding of SDLC, design patterns, and software engineering best practices. Leadership & Collaboration: Proven problem-solving skills and attention to detail. Experience reviewing and designing software artifacts with high quality. Strong leadership and communication skills with a track record of mentoring others. Ability to work independently and deliver impactful results on complex projects. Rubrik is committed to securing the world s data through Zero Trust Data Security . Our platform combines machine learning and cloud-native technology to protect enterprises against cyberattacks, insider threats, and operational disruptions, ensuring data availability and integrity even under adverse conditions. Qualification : Bachelors or Masters degree in Computer Science or related field.

Join Our Team as a Security Engineer Location: Bengaluru, India (On-site) Department: Global Information Security Reports to: Director of Information Security APAC At Cytiva, we are dedicated to advancing future therapeutics from discovery to delivery. As part of our Global Information Security Team, you ll work at the forefront of securing the systems, applications, and infrastructure that power critical healthcare solutions. Join us and play a key role in designing and implementing secure, resilient systems that ensure business continuity and safeguard our digital assets. What You Will Do Secure Architecture Design: Assist in developing and implementing secure architecture solutions for systems, applications, and infrastructure. Threat Modeling & Risk Assessment: Perform threat modeling and support security risk assessments to proactively identify vulnerabilities and mitigate potential threats. Design Reviews: Participate in security design reviews for applications and infrastructure across various environments, ensuring security best practices are followed. Security Technology Implementation: Deploy and manage enterprise security technologies, including Identity and Access Management (IAM), Data Loss Prevention (DLP), and Mobile Device Management (MDM). Regulatory Compliance: Ensure alignment with regulatory compliance and audit requirements, supporting the organization in maintaining secure, compliant systems. Who You Are Education: Bachelor s degree in Computer Science, Information Security, Cyber Security, or a related discipline. Experience: At least 5+ years of experience in security engineering or architecture, including expertise in threat modeling, risk assessment, and security architecture principles. Security Technologies: Hands-on experience with security technologies such as IAM, SIEM, EDR, DLP, and MDM. Cloud Security: Familiarity with cloud technologies (e.g., AWS, Azure, GCP) and cloud security best practices. Regulatory Compliance: Experience with frameworks and regulatory standards such as ISO 27001, NIST, and CIS Controls. Travel, Motor Vehicle Record & Physical/Environmental Requirements Travel: Ability to travel globally up to 10% of the time to support regional and global security initiatives. It Would Be a Plus If You Also Have: Experience conducting security design reviews for infrastructure, applications, and cloud environments. Expertise in implementing security standards and secure design patterns in alignment with frameworks like ISO 27001, NIST, and CIS Controls. Experience providing technical security advisory support to project teams, ensuring compliance with security and regulatory standards. Impactful Work: Your role directly influences the security and reliability of life-saving healthcare solutions used around the globe. Global Collaboration: Work with a diverse, dynamic, and global team of security experts dedicated to making a real difference. Career Development: Take advantage of opportunities for professional growth and continuous learning in a rapidly evolving industry. Apply now and join a global leader in advancing therapeutics and securing tomorrow s healthcare technologies. Qualification : Bachelors degree in Computer Science, Information Security, Cyber Security, or a related discipline.

Job Title: Senior Incident Response Manager Location: Bengaluru, Karnataka, India About This Team: The Critical Situation Management team plays a pivotal role in maintaining customer trust and satisfaction in CSG Citrix BU products. We ensure swift resolution of production-impacting issues, collaborating closely with Technical Support and Product teams to maintain high uptime Service Level Targets (SLTs). Our team is dedicated to delivering rapid, effective solutions, making us essential to the continued success and reputation of the Citrix platform. Job Description / Responsibilities: Primary Duties / Responsibilities: Incident Management: Lead and manage timely, professional communication with internal and external stakeholders during critical incidents. Utilize your deep technical knowledge and strong communication skills to drive effective resolutions. Customer Sentiment Management: Assess and manage customer sentiments, and ensure appropriate resources are mobilized to mitigate production-impacting situations. Lead discussions with Citrix Customers and internal stakeholders with confidence and clarity. Collaboration: Facilitate cross-departmental collaboration to resolve customer issues, and coordinate the end-to-end customer experience, owning internal and, when necessary, external communications. Escalation Management: Act as the primary contact for Citrix Customers and Account teams during critical situations, collaborating with technical specialists (SMEs) to manage escalations and resolve incidents quickly. 24x7 Coverage: Provide 24x7 support, including weekends and holidays, on a rostered shift basis. Continuous Improvement: Actively participate in feedback processes, leading continuous improvement initiatives and ensuring the team adapts quickly to feedback. Lead and participate in projects aimed at improving incident response and service efficiency. Technical Knowledge: Utilize your technical know-how to manage the escalation process, lead calls, and effectively assess the situation to provide timely solutions. Qualifications (Knowledge, Skills, Abilities): Experience: 6 - 10 years of relevant experience in Incident Response, preferably in a Technical Support environment. Demonstrated ability to manage customer escalations in high-pressure scenarios. Communication Skills: Exceptional verbal and written communication skills. Ability to engage with customers and internal leadership clearly and professionally. Proficiency in creating concise incident reports and Root Cause Analysis (RCA) documents. Customer Advocacy: Strong customer advocacy skills, with the ability to understand, articulate, and manage customer expectations effectively. Technical Expertise: Broad knowledge in technologies such as Cloud, Virtualization, Networking, Operating Systems, and Remoting, with a focus on Virtualization, Networking, and Storage. Experience with Microsoft OS and End-User Computing is a plus. Collaboration Skills: Ability to manage and facilitate cross-team collaboration to solve complex customer issues. Comfortable leading critical calls and guiding teams through escalations. Process Knowledge: Knowledge of ITIL, Project Management, and Six Sigma methodologies is a plus. Familiarity with the Software Development Lifecycle (SDLC) and defect tracking processes is beneficial. Education: B.E. / B.Tech. or a Bachelor s degree in a related field with at least 5+ years of relevant experience. Additional Skills: Scripting, automation, and programming skills are an advantage. Experience in leading formal customer meetings, including those with C-level or Senior Management. About Us: Cloud Software Group is one of the largest cloud solution providers globally, serving over 100 million users. Joining us means making a tangible difference for people around the world who rely on our cloud-based products to perform their work efficiently, from anywhere. We foster a culture of innovation, learning, and growth. As we prepare for an exciting new phase of growth, we need your skills and expertise to continue evolving and building the future of work. Qualification : B.E. / B.Tech. or a Bachelors degree in a related field with at least 5+ years of relevant experience.

Location: Bengaluru Designation: Assistant Manager Entity: Deloitte Unleash Your Potential with Deloitte India's impact on the global economy has skyrocketed, and at Deloitte, we offer you an opportunity to unlock your potential by working alongside leaders and organizations that are shaping the future, both in the region and beyond. At Deloitte, we celebrate the whole you. Join us, and you ll be part of a team driven to make an impact that matters by collaborating, innovating, and growing together. About the Team The Technology & Transformation team is about more than just numbers. It s about building upon past achievements, addressing current challenges, and laying the foundation for future success. At Deloitte, we help organizations navigate change, ensuring they stay ahead of the curve. Learn more about the Technology & Transformation Practice. Your Role and Responsibilities As an Assistant Manager (AM) in our Cyber Team, you'll play a key role in building and maintaining positive relationships with both internal teams and clients. Your main goal will be to exceed client expectations and ensure their security and privacy needs are met. Key responsibilities include: Security and Privacy Expertise: Apply knowledge in security and privacy domains such as governance, risk management, compliance, access control, security architecture, incident response, disaster recovery, business continuity, data protection, etc. Industry Standards: Leverage frameworks and standards such as PCI-DSS, ISO/IEC 27001, ISO/IEC 17799, COBIT, ITIL, and others. Risk Management: Demonstrate a deep understanding of security controls and risk management processes. Certifications: Preferably hold certifications like CEH, CISSP, CISA, ISO 27001, ISO 22301, or equivalent. Information Security Management: Assist in ISO 27001-based Information Security Management System (ISMS) implementation and maintenance. Assessing and Improving Security Posture: Evaluate client information security posture, identify risks, and develop solutions to close gaps. Information Security Controls: Review and implement security controls across various areas such as change management, incident management, access management, antivirus management, physical security, etc. Data Privacy: Advise clients on data privacy and information security topics like data leakage prevention and identity management. Client Guidance: Serve as a subject matter expert in security and privacy, supporting clients in developing frameworks and implementing solutions. Audits & Reviews: Conduct information systems audits covering IT infrastructure and advise on best practices for data protection. Desired Qualifications Educational Background: Degree in IT, Computer Science, or related fields. Certifications: PCI-DSS, ISO 27001, ISO 31000, ISO 22301, CISA, ITIL, or equivalent certifications preferred. Other Certifications: CISSP, CEH, GSEC, GCIH, LPT, CCSK, etc. are a plus. Location and Work Style Base Location: Bengaluru Travel: This role involves occasional or frequent travel to client locations. Hybrid Work: Deloitte s default work style is hybrid, tailored to the needs of each domain. Key Expectations for the AM Role As an Assistant Manager at Deloitte, you ll be expected to embrace and live our purpose. You should challenge yourself to identify key issues that matter to clients, your team, and society. Specifically, we expect our AMs to: Inspire and Lead: Lead with integrity, inclusivity, and motivation. Create Purpose: Help shape a vision and purpose that drives positive change. Be Agile: Deliver high-quality results through collaboration and teamwork. Build Diverse Capabilities: Develop and support future capabilities within the team. Influence & Persuade: Ability to influence stakeholders and drive decisions. Collaborate for Solutions: Work together to create new solutions for clients. Drive Value: Leverage business acumen to deliver client value. Expand Business: Spot and leverage new business opportunities. Analytical Thinking: Use data and analytics to inform decisions and recommend impactful solutions. Communication: Effectively communicate and structure ideas for win-win outcomes. Engagement Management: Manage engagements to ensure timely execution and quality results. Adapt to Change: Respond resiliently to changing environments and needs. Manage Quality & Risk: Ensure high-quality results while mitigating risks. Strategic Problem Solving: Apply strategic thinking to solve complex business challenges. Tech Savvy: Use ethical technology practices to create high-impact solutions. Empathy & Inclusion: Foster a safe, inclusive environment where everyone is valued. Growth at Deloitte Connect for Impact: Work alongside exceptional professionals solving complex global issues and making a positive impact on the community, society, and the planet. Empower to Lead: Regardless of your career level, you ll have opportunities to inspire, support, and grow both professionally and personally. Inclusion for All: We value diversity and inclusivity in everything we do. At Deloitte, we are committed to creating a culture where everyone feels respected, valued, and empowered. Drive Your Career: You have the autonomy to shape your career path. With global mobility, cross-business opportunities, and continuous upskilling, you can chart a fulfilling career journey. A Culture of Wellbeing At Deloitte, we prioritize your 360-degree wellbeing. Our workspaces and initiatives cater to your unique needs, including flexibility, accessibility, safety, and support for caregiving. Join us for a workplace where you can thrive. Your Next Step: Unleash Your Potential at Deloitte! Qualification : Degree in IT, Computer Science, or related fields.

Job Title: GRC Specialist Location: Bangalore (On-site; full-time) About Locus: At Locus, we are redefining logistics decision-making with deep-tech solutions that drive efficiency, consistency, and transparency across industries like retail and FMCG/CPG. Founded in 2015 by Nishith Rastogi and Geet Garg, Locus has evolved from a women s safety geo-tracking app into a globally recognized logistics optimization platform. Our technology has empowered enterprises such as Unilever and Nestl to execute over a billion deliveries across 30+ countries. Guided by our commitment to innovation and sustainable growth, we transform complex supply chains into strategic growth enablers. Join us at Locus and be part of a team shaping the future of global logistics. Job Overview: About the Role Governance Risk and Compliance Specialist (GRC Specialist) We're looking for a candidate with 2-4 years of relevant experience. Key Responsibilities: Define, implement, and maintain the Information Security Management System (ISMS) and Privacy Information Management System (PIMS). Plan and execute periodic risk assessments. Work directly with the business units to facilitate risk assessment and risk management processes. Define, Review and Maintain the organizational information security policies, processes, procedures and control framework to ensure it is adequate to address the emerging risks due to changing environment, technology and legal requirements. Align customer and internal information security objectives to the ISMS and PIMS. Monitor and fulfill client contractual (MSA) information security and privacy obligations. Monitor and fulfill legal obligations related to protection of personal information across different jurisdictions like GDPR, CCPA. Prepare metrics based periodic reports and dashboards with support from the stakeholder functions for management review. Liaise with security vendors, suppliers, service providers and external resources for new security tools for improving security. Lead the Information Security audits / assessments / remediation and present key risks to the management. Perform the Third party Risk Assessment of Critical Vendors. Conduct Information Security and Privacy awareness and training programs for the employees as part of their induction and regular awareness. Oversee information security and privacy incident management process for incident reporting, containment, resolution and root cause analysis. Plan and coordinate BCP and DR tests. Setup guidelines for secure coding practices. Recommend security and privacy controls based on people, process and technology approach and industry best practices. Identifying solutions or writing automation scripts for solving regular tasks or optimizing processes. SOC Monitoring Activities such as. Firewall, Vulnerability, Inspector, Guarduty etc. Log Review, Incident Handling & Compliance adherence. Qualifications: Good understanding of information security compliance requirements like ISO27001, SOC2, CSA STAR and Privacy requirements like BS10012 & ISO27701. Good understanding of legal obligations towards protection of personal information across different jurisdictions like GDPR, CCPA, etc. Experience in creating and auditing security and privacy best practices and implementation of security and privacy principles across organization, to meet business goals along with customer and regulatory requirements. Experience implementing security and privacy controls for cloud platforms like AWS, Azure. Experienced in solving Audit and Regulatory Issues. Experience in auditing MDM, SSO solutions, AWS (Cloud Infra), Firewall, WAF, DLP etc. Good at solving information security compliance challenges by recommending solutions and best practices. Join Locus and become part of a visionary team that is redefining logistics through innovation and smart distribution. We provide competitive compensation, comprehensive benefits, and a collaborative environment where your expertise will drive both your growth and that of the organization. Locus is an equal opportunity employer dedicated to creating a diverse and inclusive workplace.

Job Title: IMPO UAM Authorization Analyst Location: Bengaluru, India Unit: Johnson & Johnson Innovative Medicine Principal Operations (IMPO) Job Type: Full-Time Employment Type: Permanent About Johnson & Johnson: At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, profoundly impacting health for humanity. Role Purpose: The IMPO UAM Authorization Analyst role at Johnson & Johnson is responsible for enhancing user access security and compliance within global SAP S/4 systems, while driving key User Access Management (UAM) initiatives. This role supports business adaptation through SAP S/4 HANA implementation, focusing on core SAP Manufacturing, Order to Cash, Procure to Pay, and Finance processes. The position is part of the IMUAM team, ensuring security requirements are designed and implemented compliantly within the Transcend Program, a global initiative for business transformation. Key Responsibilities: Security Workshops & Role Design: Lead security workshops to gather business and compliance requirements for role design, ensuring validation post-build for S/4 HANA Roles and Authorization requirements. UAM Strategy Development: Develop UAM strategies involving composite roles, Fiori tiles, business roles/user personas, and data security/UI masking concepts for S/4HANA. Data Validation & Compliance Documentation: Perform data validation, conduct health checks, and provide compliance documentation to ensure proper security implementation. Role Design & Testing: Design, test, and implement rule sets for SAP S/4HANA role design, ensuring they align with security protocols. User Account Setup & Support: Support role data and user account setup. Provide advice on role design testing and coordinate business UAT activities. Authorization Defects Management: Manage authorization defects and provide support for user cutover and Hypercare activities during and post-implementation. Collaboration & Training: Work closely with the Business Adaptation team to facilitate training, communication, and readiness across regions. Assist in transitioning between project phases and operational support teams. Compliance & Security Audits: Ensure compliance with internal and external standards through regular SAP security assessments and audits. Issue Troubleshooting & Resolution: Troubleshoot and resolve complex SAP security issues to maintain a secure environment. Documentation Management: Develop and maintain comprehensive documentation for SAP security policies, procedures, and configurations. Mentorship & Team Development: Train and mentor junior team members, promoting the implementation of SAP security standard processes. Qualifications: Required: Educational Background: Bachelor s degree in a relevant field (preferably Risk Management, Compliance, Audit). Experience: 6-8 years of experience in UAM within an enterprise risk management framework. Demonstrated expertise in SAP GRC Access Control and Identity Management tools. Hands-on experience with end-to-end SAP S/4HANA implementation, including Fiori. Deep knowledge of SAP authorization concepts, Segregation of Duties (SoD) mitigation, and remediation strategies. Proficiency in risk matrix/rule set maintenance, data analysis, conversion, and migration. Tools & Platforms: Experience with teamwork platforms (e.g., Confluence, Jira, MS Teams). Project Management: Strong project management and collaboration skills with experience in remote and virtual environments. Language Skills: Fluent in English with outstanding oral and written communication skills. Additional Experience: Experience in the pharmaceutical domain is a plus. Preferred: Industry Experience: Experience in Life Sciences, Pharmaceuticals, or similar industries. Leadership & Innovation: Demonstrated leadership skills with the ability to embrace innovation and promote a culture of continuous improvement. Project Management: Previous experience in a PMO role managing large-scale SAP implementation projects. Cross-Cultural Team Collaboration: Ability to work effectively with team members from different cultural and technical backgrounds. Other Requirements: Hybrid Work: Ability to work on-site a minimum of three days per week, with up to two remote workdays based on the flexible work policy. Travel: May require up to 10% domestic and/or international travel. Diversity & Inclusion: Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. We are committed to fostering an inclusive and diverse work environment, and we encourage applicants from all backgrounds to apply. We value diversity and do not discriminate based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, or veteran status. Qualification : Bachelors degree in a relevant field, with a preference for studies in Risk Management, Compliance, and Audit.

Location: Bengaluru, India Role: Cybersecurity Analyst Company: Wipro Limited In a world where data is power, protecting that data is a mission, not just a job. As a Cybersecurity Analyst at Wipro, you ll be the guardian of sensitive information, spotting threats before they strike and building a resilient security posture for the organization. What You ll Do 1 Keep Customers Safe Deliver customer-centric cybersecurity, ensuring systems are fortified and risks are minimized. Monitor logs, security events, and access patterns to detect unusual, unauthorized, or illegal activity. Safeguard log sources, security configurations, and access controls. 2 Hunt, Analyze & Respond Track, analyze, and respond to security incidents escalated by L1 teams (24x7 rotational shifts). Perform log reviews and forensic analysis to understand unauthorized access or breaches. Use advanced analytics tools to identify emerging threat patterns. Conduct detailed root cause analysis and recommend specific, actionable improvements. 3 Be the Incident Commander Lead incident response efforts, coordinating with internal teams and customers for swift resolution. Plan and refine disaster recovery strategies for potential breaches. Create incident reports, dashboards, and analysis summaries to share insights and learnings. 4 Collaborate & Educate Work closely with internal technical leads, practice teams, and external customers to manage security concerns. Assist with internal and external audits, maintaining the information security risk register. Deliver cybersecurity awareness training for colleagues, turning every employee into a security ally. Provide hands-on advice and guidance on handling malicious emails, phishing attempts, and suspicious activity. Key Relationships Stakeholder Why You ll Work Together Internal Tech & Project Leads Regular updates, security reporting, coordination Security Intelligence Team For threat intelligence sharing and practice alignment Customers Direct support during incidents, ensuring transparency & fast resolutions What You Need to Succeed Technical Mastery Deep knowledge of Network Security devices, Firewalls, Endpoints, SIEM, Application Security, IDS/IPS, Vulnerability Assessments & Penetration Testing (VA/PT). Process Excellence Solid understanding of standards, processes, and automation tools to improve consistency and reduce risk. Communication & Collaboration Clear, effective communication skills you ll be the go-to person for explaining security risks to both techies and non-techies. How Your Success Will Be Measured Performance Area Measure Customer Focus Fast, effective resolution of security incidents for internal & external users Process Adherence 90-95% SLA compliance for response & resolution times Key Competencies Effective Communication Collaborative Working Execution Excellence Analytical Thinking & Problem Solving Reinvent Cybersecurity With Wipro This isn t just a job it s your chance to reinvent how organizations protect themselves in a rapidly evolving threat landscape. Join Wipro. Own the mission. Protect the future. Applications from people with disabilities are explicitly welcome.

Job Title: Application Security Engineer About PhonePe Group PhonePe is India s leading digital payments company with 500 million registered users and 37 million merchants, covering over 99% of India s postal codes. Building on its leadership in digital payments, PhonePe has expanded into financial services, including insurance, mutual funds, stock broking, and lending. It has also ventured into adjacent tech-enabled businesses such as Pincode for hyperlocal shopping and Indus App Store, India s first localized app store. The PhonePe Group is a portfolio of businesses aligned with the company s vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services. Culture At PhonePe, we empower our people and trust them to do the right thing. We create an environment that enables you to give your best every day, from day one. If you are passionate about building technology that impacts millions, ideating with the brightest minds, and executing with purpose and speed, PhonePe is the place for you! Job Description We are looking for a skilled Application Security Engineer to join our team and strengthen our security posture. You will proactively identify and mitigate vulnerabilities across our web applications, APIs, and mobile apps. The ideal candidate will have a strong background in penetration testing, secure code review, and security automation. Roles & Responsibilities (What You Will Do) Penetration Testing: Perform penetration testing on web applications, APIs, and mobile apps, providing in-depth vulnerability analysis and remediation guidance. Secure Code Review: Conduct both manual and automated secure code reviews, primarily in Java, Python, and JavaScript. Security Automation: Develop security automation solutions using Python to streamline testing, improve coverage, and reduce manual effort. Collaborate with Development Teams: Work closely with development teams to ensure timely resolution of security issues within fast-paced release cycles. Threat Modeling: Create and maintain threat models, applying threat modeling techniques to proactively identify and mitigate design-level security risks. Security Education: Foster a security-first mindset by educating developers on secure coding practices, common vulnerabilities, and attack vectors. Effectively communicate security findings to stakeholders. What Makes You a Great Fit Experience: 1-5 years of experience in application security, penetration testing, or related fields. Penetration Testing Expertise: Strong penetration testing expertise with tools like Burp Suite, OWASP ZAP, semgrep, MobSF, Jadx-GUI, and other mobile security testing frameworks. DevSecOps Knowledge: Experience integrating security into the SDLC and familiarity with DevSecOps tools. Secure Coding Knowledge: Proficiency in secure coding principles, OWASP Top 10, CWE, and exploit techniques. Scripting Skills: Strong scripting skills (Python preferred) for security automation. Communication Skills: Excellent communication and stakeholder management abilities. Continuous Learning: Passion for continuous learning and staying updated on security trends. Certifications (Optional): Certifications like OSCP, OSWE, CRTP, or a proven Bug Bounty track record and/or CTF participation are a plus. PhonePe Full-Time Employee Benefits Insurance Benefits: Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance. Wellness Program: Employee Assistance Program, Onsite Medical Center, Emergency Support System. Parental Support: Maternity and Paternity Benefits, Adoption Assistance Program, Day-care Support. Mobility Benefits: Relocation Benefits, Transfer Support Policy, Travel Policy. Retirement Benefits: Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment. Other Benefits: Higher Education Assistance, Car Lease, Salary Advance Policy. Why Work at PhonePe Working at PhonePe is a rewarding experience. With great people, a work environment that thrives on creativity, and the opportunity to take on roles beyond your defined job description, PhonePe offers a chance to grow your career in an innovative, dynamic company.

Job Role: SIEM Specialist The SIEM Specialist will be responsible for implementing, managing, and optimizing Security Information and Event Management (SIEM) solutions to enhance the organization's security posture. The role involves onboarding new security data sources, collaborating with cross-functional teams, and continuously improving SIEM performance to support proactive threat detection and incident response. Experience and Qualifications: Educational Background: Bachelor s degree in Computer Science, Information Technology, or a related field (preferred). Total Experience: 7 8 years of experience in IT security with a minimum of 3 years in SIEM implementation and security data source onboarding. Experience working in large organizations or global service providers with complex infrastructures. Proficiency in deploying, configuring, and managing SIEM solutions such as Splunk, ArcSight, Chronicle (Google Security Operations), and ELK Stack. Familiarity with Cribl and regex is required. Strong knowledge of log management solutions, log parsing, and normalization techniques. Experience integrating SIEM with various data sources, including firewalls, IDS/IPS, antivirus, and endpoint solutions. Proficiency in scripting languages (e.g., Python, PowerShell) for automating SIEM tasks and data analysis. Understanding of cloud platforms (GCP, AWS, Azure) and cloud databases is desirable. Good grasp of cybersecurity principles, including threat detection, incident response, and vulnerability assessment. Strong knowledge of networking protocols, firewall rules, and network security practices for onboarding and monitoring network traffic. Excellent verbal and written communication skills for collaborating with cross-functional teams and documenting onboarding procedures. Strategic and analytical mindset with outstanding problem-solving skills to navigate complex cybersecurity landscapes. Key Responsibilities: Lead the onboarding process of new data sources into the SIEM platform, ensuring proper data normalization and correlation. Continuously improve SIEM performance, efficiency, and scalability. Maintain detailed documentation of SIEM configurations, onboarding procedures, and incident response playbooks. Collaborate with cross-functional teams to identify security requirements and integrate new security technologies into the SIEM environment. Stay informed about emerging threats, vulnerabilities, and security best practices and incorporate this knowledge into SIEM operations. Ensure that SIEM configurations and operations comply with relevant industry regulations and standards. Qualification : Bachelors degree in Computer Science, Information Technology, or a related field (preferred).

Job Role: Vulnerability Assessment Specialist The Vulnerability Assessment Specialist will be responsible for managing vulnerability scanners, executing security assessments, and proactively identifying vulnerabilities across Vodafone s IT environments. This role requires collaboration with various teams to address and mitigate risks, ensuring a secure infrastructure. Experience and Skills Required Experience: 5+ years of relevant experience in vulnerability management and vulnerability assessment. Proven expertise in vulnerability scanning tools like Qualysguard VMDR, WAS, and cloud scanning management. Industry-recognized security certification such as CEH (Certified Ethical Hacker). Hands-on experience with scanning and penetration testing tools such as Retina, ACUNETIX, Nessus, Open VAS, Metasploit framework, NMAP, and Nagios. Familiarity with operating systems like Linux and Windows, web application security, virtualization platforms (VMware), and network/infrastructure security assessments. Knowledge of OWASP, Sandbox, Kali Linux, Burp Suite, CVE, SSL PKI, 2FA, IAM, Perimeter Security, and SIEM solutions. Experience compiling VAPT (Vulnerability Assessment and Penetration Testing) reports and conducting penetration testing on test environments. (Optional but preferred) Knowledge of advanced penetration testing techniques and tools. Key Responsibilities: Execute security assessments to highlight and articulate risks to the business. Participate in defining the scope of security scanning and vulnerability assessment activities. Act as a technical subject matter expert for security scanning tools and processes. Manage the overall scanning infrastructure and ensure the quality and accuracy of scanning activities and deliverables. Proactively identify vulnerabilities across Vodafone environments and ensure timely mitigation actions. Continuously improve security assessment services and processes. Perform vulnerability research to discover new and previously unknown vulnerabilities. Prepare detailed technical reports on vulnerability scanning results and communicate findings to resolver teams. Respond to technical queries related to reports and findings.

At Tide, we re building a finance platform to help small businesses save time and money. We offer business accounts and banking services alongside a comprehensive set of administrative solutions, from invoicing to accounting. Launched in 2017, Tide is trusted by over 1 million small businesses worldwide and is available to SMEs in the UK, India, and Germany. Headquartered in London, we have offices in Sofia, Hyderabad, Delhi, Berlin, and Belgrade, with a global team of 2,000+ employees. As we expand into new markets, we re constantly seeking passionate individuals to help us empower small businesses. About the Team The Security Engineering Team at Tide is divided into three core areas: Product Security, Threat Detection & Response, and Identity. Product Security (this role) focuses on embedding security throughout our product lifecycle, from secure design reviews and threat modeling to penetration testing, ensuring security is baked into every stage of development. Threat Detection & Response builds a robust detection and automation platform, proactively defending against emerging threats and making Tide resilient. Identity manages Tide s staff identity platform, ensuring secure access with modern strategies like zero trust and multi-factor authentication. Collaboration is central to our work standups, shared channels, and cross-functional projects keep us aligned and cohesive. About the Role We re seeking a Senior Product Security Engineer with a passion for application security and resilient software development. You ll be responsible for hunting vulnerabilities in our web and mobile applications, collaborating with engineering teams to remediate strategically, and ensuring security is seamlessly integrated into our development process. You ll be an advocate for security across the organization, mentoring engineers, and introducing the latest security tools and trends. As a Senior Product Security Engineer, you will: Dive deep into mobile and web technologies to proactively hunt for vulnerabilities. Secure cloud-native applications, ensuring best practices across Tide s AWS cloud environment. Perform threat modeling and guide teams in secure design principles to prevent vulnerabilities. Remediate vulnerabilities through strategic initiatives and hands-on patching. Act as a subject matter expert across a range of security areas, particularly application security. Mentor and coach junior engineers, sharing your expertise to raise the security bar. Integrate security into our CI/CD pipelines, leveraging automation to catch vulnerabilities early. What We re Looking For: Extensive experience in Application Security (AppSec), with a deep understanding of concepts like Secure Enclave, URL Schemes vs. Universal Links, and presigned URLs in S3. Proficiency with tools like Burp Suite (bonus points if you ve built custom extensions). Excellent communication skills able to clearly articulate vulnerabilities and advocate for their remediation. Hands-on experience with cloud-native applications and consistently applying security best practices. Ability to write proof-of-concept (POC) scripts to demonstrate findings and their potential impact. A passion for the security community public speaking, blogging, bug bounties, or sharing your work on GitHub is a plus. Our Tech Stack: Cloud Environment: 100% containerized on AWS EKS. Infrastructure as Code (IaC): Managed via Terraform and Terragrunt. Deployment: GitOps with Argo CD, supported by Helm and Crossplane. CI/CD: GitHub Actions and all source code hosted on GitHub. What You ll Get in Return: Competitive salary Health Insurance (Self & Family) Term & Life Insurance OPD Benefits Mental Well-being Support through Plumm Learning & Development Budget WFH Setup Allowance Leave Benefits: 15 Privilege Leaves, 12 Casual Leaves, 12 Sick Leaves, 3 Paid Days Off for Volunteering or L&D Activities Stock Options Tidean Ways of Working: We support a flexible workplace model, balancing remote and in-person work to meet the needs of different teams. While remote work is encouraged, we believe in face-to-face interactions to foster innovation and strengthen team spirit. Our offices are hubs for collaboration and community-building. Diversity & Inclusion at Tide: At Tide, diversity and inclusion are at the heart of our culture. Our Tideans come from diverse backgrounds, bringing unique perspectives that help us build products that resonate with our members. We are committed to creating an environment where everyone s voice is heard, and all individuals regardless of ethnicity, gender identity, sexual orientation, or disability are welcomed and celebrated. We are One Team, fostering transparency and inclusion in everything we do.

Position Responsibilities: 1. Risk and Threat Assessments: Conduct comprehensive risk and threat assessments for L3 Autonomous Driving (AD) systems. Perform analyses like TARA (Threat Analysis and Risk Assessment) and MORA (Misuse-Oriented Risk Analysis). 2. Security Design and Development: Redesign modules focusing on cybersecurity. Develop and implement security features, including SecOC (Secure Onboard Communication) and CSM (Cybersecurity Management). Drive compliance with cybersecurity regulations and standards. 3. System and Requirements Architecture: Analyze and define security requirements for AD L3 systems. Collaborate with E/E system architects for security improvements. Develop and refine business, system, and architecture requirements. 4. Support and Coordination: Assist with the development of ECU software for L3 autonomous driving. Provide integration support and troubleshooting for ECUs. Coordinate internal and external assessments, including penetration tests and security evaluations. 5. Cybersecurity Analysis and Implementation: Develop security concepts and conduct analyses like FTA (Fault Tree Analysis) and FMEA (Failure Modes and Effects Analysis). Ensure adherence to regulations such as ISO 21434, UNECE R155, and UNECE R156. Required Skills and Competencies: Essential Skills: Strong expertise in automotive cybersecurity and relevant regulations (ISO 21434, UNECE R155/R156). Knowledge of L3 Autonomous Driving (AD) and Advanced Driver Assistance Systems (ADAS). Hands-on experience with Automotive ECUs, secure bootloaders, and gateway modules. Proficiency in C/C++ programming and working knowledge of AUTOSAR and its configuration tools. Familiarity with cybersecurity analysis tools like Medini or equivalent. Expertise in in-vehicle networks (e.g., CAN Protocol, UDS Protocol) and V2X technologies. Understanding of cybersecurity best practices, secure development requirements, and IT security standards. Experience with threat management models, firewalls, and embedded software components. Knowledge of security mechanisms, protocols, cryptography, and authentication systems. Preferred Skills: Strong background in ADAS and autonomous driving technologies. Experience in intrusion detection, incident response, and computer forensics. Familiarity with requirements management tools (e.g., DOORS, codeBeamer, JAMA). Hands-on experience in product development lifecycle and automotive cybersecurity. Educational Qualifications and Experience: Essential: Bachelor s or Master s degree in Information Security, Computer Science, Electrical Engineering, or related fields. Minimum of 4+ years of relevant experience in the automotive industry (AD/ADAS or autonomous driving). Preferred: Expertise in cybersecurity standards, analysis, and threat management tools. Key Competencies and Tools: Cybersecurity Standards: ISO 21434, UNECE R155/R156. Risk Assessment Techniques: TARA, MORA. Analysis Tools: Medini, FTA, FMEA. Software Tools: AUTOSAR, SAP, C/C++ programming, Requirements Management Tools (DOORS, JAMA). Protocols and Technologies: CAN, UDS, V2X. Qualification : Bachelors or Masters degree in Information Security, Computer Science, Electrical Engineering, or related fields.

About this opportunity: The primary responsibility of this role is to assess new and existing security vulnerabilities from internal and external sources, determine applicability, and document the impact and remediation strategy in a customer viewable format. The role will focus on multiple technologies including all of the major cloud hosting environments, Linux based servers and firmware, specialized hardware products, multiple coding languages, and multiple virtualization technologies. The successful candidate will have the ability to understand the technical aspects of security, assess the risk, and translate that into simple to understand language. What Will You Do? Review vulnerability scan reports Monitor and assess external sources for new vulnerabilities Assess the applicability of vulnerabilities in context Determine the real impact of vulnerabilities Document findings and disclosures for each vulnerability and publish them to customers Negotiate with external researchers on disclosure timing Monitor remediations and update documentation Participate in Security Incidents regarding urgent vulnerabilities Provide metrics and statistics Qualifications Minimum Qualifications: Five (5) years of experience required (can include indirectly related experience) A team player Ability to interpret and explain CVEs to technical and non-technical audiences Working knowledge of hacking techniques Working knowledge of programming Working knowledge of risk evaluation Experience with the MS Office suite Excellent written and verbal communication skills Ability to react to changing priorities quickly and effectively High school diploma, GED, and/or equivalent professional experience While there is a primary location listed on this requisition, other locations may be considered Preferred Qualifications: Experience evaluating security risk in context of the production environment Experience with Jira Experience communicating directly to customers Experience with at least one of these languages: Python, Go, Java, or C Experience with scan reports from Snyk, Qualys, Crowdstrike, Inspector, Vdoo, or Binwalk Experience working remotely across many time zones and cultures Security certifications such as CISSP, CRISC, AWS SCS, etc. Ability to work flexible hours