11+ Vulnerability scanning Jobs in Bangalore (Bengaluru) | Vulnerability scanning Job openings in Bangalore (Bengaluru)

Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption 
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting

About Shipsy

At Shipsy, we aim to revolutionize the logistics and supply chain industry through our innovative SaaS platform. We leverage cutting-edge technology to deliver solutions that enhance efficiency, improve sustainability, and create positive impacts across global supply chains.

Position Overview

We are seeking a skilled Security Operations Engineer to join our security operations team. This role is crucial for protecting our company’s assets, data, and IT infrastructure. The ideal candidate will possess a solid foundation in cybersecurity, experience with incident response, full stack development experience and a proven ability to work effectively within a team environment.

Key Responsibilities:

• Work with the product, devops, and development teams to identify the right security architecture for implementing new solutions, products, and features. Help develop, implement, and support product security strategy.
• Work closely with product management, engineering, and DevOps teams to implement, identify, and embed cybersecurity in a secure connected architecture. Deliver general security concepts in the software development lifecycle (Identity and Access Management, encryption, web application security, security logging, pen-testing processes, etc. ).
• Support security initiatives and serve as a point of contact to build and securely scale cloud platforms (EX. AWS, GCP & AZURE).
• Manage program risks through effective identification, mitigation, tracking, and reporting of the identified risks.
• Present strategies, project plans, and more to cross-functional teams delivering risk management solutions that add value.
• Experience in introducing security testing into software delivery pipelines (CI/CD)
• Understanding of secure and defensive coding principles, especially OWASP top 10 or similar guidance frameworks
• Understanding of cloud-native applications and how to deploy them securely
• Create design specifications and prepare technical documentation and run-books.
• Support the development of standards by creating templates and patterns for ease of use and increase the productivity of the security program

Requirements:

• 8 years of industry experience with at least 4 years experience in DevSecOps automation and tooling. 
• Proven experience with Amazon Web Services (AWS), including IAM, AWS Shield, AWS WAF (Web Application Firewall), and Amazon Inspector to enhance security measures and compliance within the cloud environment.
• Expertise in security tools and technologies, such as vulnerability scanners, penetration testing tools, and security information and event management (SIEM) systems. 
• Strong understanding of DevSecOps principles and practices. 
• Excellent communication, collaboration, and problem-solving skills. 
• Ability to work independently and as part of a team. 
• Experience collecting metrics, measuring systems, and interpreting data to make decisions. 

Qualifications

• Bachelor's degree in Computer Science, a related technical field, certifications, or equivalent practical experience

Good to have:

1. Experience in JavaScript, Node, React , Python & Database administration.
2. AWS Management, Security, Scalability, Reliability, Cost Optimization Education and Certifications
3. AWS Certified Security – Specialty or equivalent practical experience

As an Enterprise Security Architect you will join a growing organization to lead a modern enterprise security program. In this role the Architect will have responsibility for identifying, defining, developing, leading security technology strategy across a broad portfolio of IAM, Cloud, End Point, Network, Web security and related technology systems, and the assessment of new and emerging identity technologies at the very large enterprise scale.

As a senior member of the team you will engage and partner with senior leaders across the organization leveraging your extensive background in (managing / delivering / implementing / architecting) security technology combined with expertise in organizational and cross-functional communication to develop strategy, influence roadmaps, solution adoption, champion strategic opportunities / execution plans with the aim to improve security capabilities, reduce risk and position forward looking identity governance and security enhancements

• Responsible for defining an architectural vision and architecture for large complex solutions, which aligns with the enterprise architecture strategy, technology and platform choices

• Describes the solution intent and the associated operating environment, determining the primary systems/subsystems and their interfaces, defining non-functional requirements and architectural runway to support new epics/features and expand into new opportunities

• Ensures the solution is fit for purpose and use by working with stakeholders, vendors/service providers, and evaluating the impact of strategic design decisions

• Contributes to best practices, standard templates, and the architecture roadmap for defined domains.

• Creates endpoint/host, workplace productivity security reference architecture and design patterns for reusability.

• Contributes in the creation of the architecture roadmap of defined domains (Business, Application, Data and Technology) in support of the product roadmap

• Contributes to the development of best practices including standardized templates

• Works across business and technology to create the solution intent and architectural vision for large complex solutions and evolves it based on an emerging backlog

• Works with Product Manager/Owner to plan and prioritize technology focused backlog items for the architecture runway to enable business epics/features and expand into new opportunities

• Clarifies the architecture for the development teams to support implementation, and provides solution options to resolve any architectural impediments

• Performs design and code reviews to ensure all non-functional requirements for a solution are sufficiently met (e.g. security, performance, maintainability, scalability, usability, and reliability)

• The platform security architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers.

• Develop blueprints and procedures to effectively secure company data against accidental or unauthorized modification, destruction or disclosure.

• Create and define the security architectures and roadmaps encompassing cloud architecture, access management, and monitoring.

• Design and develop data security architectures for cloud and cloud/hybrid-based systems.

• Align architectural design technical controls and solutions to industry best practices and guidelines (e.g., NIST CSF, CSA, CIS, OWASP)

What are we looking for?

We want strong collaborators who can deliver a world-class client experience. We are looking for people who thrive in a fast-paced environment, are client-focused, team oriented, and are able to execute in a way that encourages creativity and continuous improvement.

Requirements:

• 10+ years of hands-on experience with scoping, sizing, designing, architecting & building IAM solutions across various technologies, or demonstrated ability to meet job requirements through comparable work experience.

• Expert level knowledge of authentication/authorization standards, protocols, and frameworks such as FIDO, OpenID, SAML, OAuth, JWT, CA, X.509, MTLS, etc.

• Technical expertise and experience with Microsoft MFA, SailPoint, CyberArk, ForgeRock, Okta, Ping, Active Directory, Azure Active Directory, AWS, Google Cloud Platform, Microsoft Azure, and IDM integration across domains

• Solid understanding of Cloud concepts and hands on knowledge on Azure/AD or other cloud identity environments.

• Experience designing and implementing security services and tools applied to GCP, Azure and AWS

• Expertise with Data Loss Prevention and CASB strategies and solutions supporting security of critical SaaS solutions such as Office 365, etc.

• Experience with Hybrid cloud architectures and designs

• Must have experience with Internet Application Hosting architectures, best practices and related technologies to effectively protect externally facing applications

• Experience with DevSecOps process, Container technologies (Docker, Kubernetes), API Gateways, and other common web application technologies is preferred

• Strong knowledge of enterprise security concepts/frameworks and products, secure design principles and best practices

• Strong verbal and writing skills to develop technical documentation and presentations

• Experience in leading technical architecture and security design discussions

• Experience managing multiple multi-level stakeholder relationships

• Bachelors in Computer Science, Computer Engineering or related field

“Such other task that Company may assign you time to time”.

Position Title: Manager – Security Operations Organization /Function: Manager is responsible for day to day operational and project delivery for a set of customers Relevant Experience: 10+ years of experience in security area and at least 2 years as Security manager Educational Qualification: BE/B.Tech/ME/M.Tech/Graduate/Master in any stream with excellent academic record

Must-have Skills: • Must know common security policy frameworks and possess knowledge of how security programs are run at mid to large scale companies • Must have managed a team to deliver “Managed Security Service” or “Security Operations Center” • Prior working Background in either SIEM tools (Splunk, ArcSight, QRadar, DNIF etc.) or Vulnerability assessment and Management tool (Qualys/Rapid7) and process • Has broader context and understanding of managed security services • Must have service mindset and empathy. Must deal with a level of ambiguity, chaos and apparent stubbornness from customers, and manage around it by thinking through the issue or request from the customer’s perspective to drive to a reasonable conclusion • Must have prior experience on Project Management • Must have prior experience of onsite-offshore delivery model and should have directly worked with US/European customers or colleagues • Must have ITIL process knowledge

1.Triage of security alerts that includes but not limited to malware, denial of service, unauthorized access, etc.

2. Conduct incident investigations on SIEM tools.

3. Perform threat hunting on networks to detect and isolate threats.

4. Knowledge of various security methodologies and processes, and technical security solutions (firewall, packet analysis, SIEM and intrusion detection systems)

5. Continuous optimization, tuning and monitoring of SIEM solution

6. Hands on experience around administrating and threat hunting on EDR, XDR, DLP and SIEM tools.

7. Ability to analyze endpoint, network, and application logs

8. Identify false positives, analyse reported spam, phishing, and suspicious emails and understanding of email security concepts: SPF, DMARC, DKIM

9. Immediate Joiners

Senior Netskope Technology Stack Expert (SWG/CASB/ZTNA)

Duties and Responsibilities:

• Hands on experience configuring rules and policies across the SWG/CASB/ZTNA platforms.
• Lead the Deployment and Operationalization of the Netskope Technology stack
• Defining and implementing procedures and policies to ensure proper maintenance of the environment
• Implement the process, systems, and technology required to fully maximize the platforms security capabilities
• Develop strategy, execution roadmap, priorities, and investment plans
• Partner with the leadership team to define strategic objectives
• Work closely with IT, Engineering and Security teams to ensure appropriate protections are in place while maintaining a continuity of service
• Engage Netskope’s technical teams in troubleshooting issues with current or new integrations

Required Experience and Skills:

• 5 - 7 years of leadership experience leading a team
• 3 - 5 years of experience hands-on technical design, implementation, and leadership of enterprise deployments
• Excellent knowledge and prior experience supporting network security technologies including but not limited to Proxies, NG Firewalls, SSL/IPSec, VPN’s, SSO, DLP and Encryption gateways
• Strategic capability to lead and innovate while thriving in a fast-moving environment
• A bias for action, results and delivery, with a high quality bar
• Proven track record of developing people, leading and managing high-performing teams
• An innate ability to create a sense of loyalty, trust, and positive culture. Ability to energize people and teams and establish cross functional cooperation
• Forward-thinking and problem-solving mindset; drawn to building off ambiguous and unsolved problems and “making it happen”
• Demonstrated ability to interface and maintain effective relationships with all levels of employees in a team-oriented environment

Information Security Specialist

Notice Period: 45 days / Immediate Joining

Banyan Data Services (BDS) is a US-based data-focused Company that specializes in comprehensive data solutions and services, headquartered in San Jose, California, USA. 

We are looking Information Security Specialist who has the expertise and deep knowledge of Information security regulations, compliance, and SIEM tools, and the ability to develop, describe and implement Security Baselines and Policies.

It's a once-in-a-lifetime opportunity to join our rocket ship startup run by a world-class executive team. We are looking for candidates that aspire to be a part of the cutting-edge solutions and services we offer that address next-gen data evolution challenges. 

Key Qualifications

· Design, deploy, and support Information Security Solutions provided by BDS

· Assist clients to carry out the IT Risk Management assessment on both on-prem and cloud platforms

· Provide subject matter expertise on IT security compliances during the security audits to meet various security governances.

· Research and strategic analysis of existing, and evolving all IT and data security technologies

· Establish baselines to define required security controls for all infrastructure components and application stack

· Follow latest vulnerabilities and threats intelligence updates across a wide range of technologies and make recommendations for improvements in the security baselines.

· Overseeing security event monitoring, understand the impact, and coordinate remediation efforts

· Create and optimize the SIEM rules to adjust the specification of alerts in responding to incident follow up

· Must be able to work a flexible schedule during off-hours

Key Skills & Qualification

· Minimum of 4 years relevant work experience in information/cyber security, audit, and compliance

· Certifications in any of technical security specialty (e.g., CISA, CISSP, CISM)

· Experience in managing SIEM products like Arcsight, Qradar, Sumo Logic, RSA NetWitness Suite, ELK, Splunk

· Exposure of the security audit tools on public cloud platforms

· Solid understanding of the underlying LINUX/UNIX and Windows OS security architecture

· Certified Ethical Hacker would be a plus

· Handling of Security audits is a must

· Proven interpersonal skills while contributing to team effort by accomplishing related results

· Passion for learning new technologies and the ability to do so quickly.

http://www.banyandata.com" target="_blank">www.banyandata.com 

Requirements:

• Overall experience in the field of Information risk and security related initiatives/ projects.
• Experience in the areas of Infrastructure Security Audit, IT Security, Vulnerability Assessment, Risk Assessment, Web Application Security, Network Security Review, Network Architecture Review, Mobile Application Security Testing, Configuration Review, Source Code Review, Wireless Pentest, Process Review etc.
• Ability to understand business concepts and integrate business risk elements into security operations.
• Experience in conducting VAPT.
• Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Web inspect, Acunetix, NTO Spider, BurpSuite Pro).
• Strong ethics and understanding of ethics in business and information security.
• Should have exposure to Code review, Network VA/PT and App VA/PT work.
• Understanding and familiarity with common code review methods and standards.
• Experience with code scanning toolsets such as Fortify and Ounce.
• Understanding of HTTP and web programming.
• Knowledge of OWASP tools and methodologies, common security requirements within ASP.NET application, standard SDLC practices.
• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering).
• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database.