11+ Threat modeling Jobs in Hyderabad | Threat modeling Job openings in Hyderabad
Apply to 11+ Threat modeling Jobs in Hyderabad on CutShort.io. Explore the latest Threat modeling Job opportunities across top companies like Google, Amazon & Adobe.
Amazon Web Services (AWS)Job Responsibilities:
Experience: 8 Yrs to 12 Yrs
- Hands-on expertise on performing Application pen testing (Mobile(Android, IOS),networking, web application pen testing),
- Should worked on IOT,AWS,Application Penetration Testing, Reverse Engineering, source code review, CI/CD Pipeline
- have done any submission on Bug crowd or Bug Bounty.
- have developed tools or scripts for web pen test on GitHub.
- Certified on OSCP
- Threat Modeling
- Network scan in stealth mode or simple scan using Nmap and Burp suite
Implement security measures which monitor and protect sensitive data and systems from infiltration and cyber-attacks.
Developing different ways to solve the existing threats and security issues.
Configuring and implementing intrusion detection systems and firewalls.
Security product development, testing, and implementation.
Responsible for security technology research, penetration testing, and vulnerability scanning.
Please follow the below inputs.
The shift will starts from 03:00 PM to 12 AM (fixed for few months),
OSCP certification(Not mandatory, preferable)
Below are the primary key skills:
Total Application Security Experience:
Total Security Architecture Experience:
IOT(optional)
MOBILE
WEB
AWS(Mandatory)
NETWORKING
THREAT MODELS
Amazon Web Services (AWS)Experience:8+ Years
AWS Certification must.
Location:Pan india
Job Summary:
The Incident Response (IR) Lead manages a team of experts with diverse skill setsincluding Security Operations Center (SOC), Forensics, and technical Subject Matter Expert (SME) advisory. The IR Lead is specifically tasked with managing all aspects of an Incident Response engagement to include incident validation, monitoring, containment, log analysis, system forensic analysis, and reporting. The Incident Response Lead is also responsible for building the relationship with the client and client’s counsel and ensuring the engagement’s objectives and expectations are met and executed successfully as documented in the statement of work. You will leverage a solid foundation of technical expertise in Cybersecurity, Incident Response, and Digital Forensics to successfully execute your responsibilities.
ROLES AND RESPONSIBILITIES
· Accurately collects information from the client concerning the incident to include but not be limited to the client’s environment, size, technology, and security threats. In addition, the IR Lead is responsible for capturing all client’s expectations and objectives throughout the engagement to ensure successful delivery.
· The main point of contact manages and participates in all communications with the client and the client’s counsel during the engagement. The IR Lead sets the cadence for communications.
· Management and Coordination of all technical efforts for the IR engagement to drive the process forward through; tool deployment, ransomware decryption, restoration, and recovery efforts, system rebuilds, system, application, and network administration tasks.
· Coordinates with the Ransom Specialist when ransom negotiations are needed. Ensures updates regarding ransom status are delivered to the client and counsel in a timely fashion.
· Manages and coordinates the onsite efforts with the Onsite Lead or team ensuring they understand and can execute the objectives for the onsite work. Additional responsibilities with onsite efforts include ensuring communications are frequent and getting the daily onsite update communicating these back to the IR Director and/or IR Ops Associate for their Tiger Team.
· Ensures the Forensic Lead is coordinating the collection of data necessary for the investigation.
· Ensures SentinelOne is deployed on time and adding value.
· Communicates with sales when appropriate for SentinelOne, provide client contact.
· Communicates in tandem with the Forensic Lead pertinent findings to the client during the investigation.
· Follows up with the SOC Lead on SentinelOne alerts and encourages/coordinates client participation with the product.
· Accountable for final report review, ensuring the report is accurate, professional, and meets the objective of client counsel.
· Other duties as assigned.
DISCLAIMER The above statements are intended to describe the general nature and level of work being performed. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required personnel so classified.
Role Description : Skills & Knowledge
1. Experience leading scoping calls
2. Strong background and practical hands-on experience with Windows or Linux System and Network Administration, Security DevOps, Incident Response and Digital Forensics, or Security Engineering
3. Practical experience performing in a functional role including but not limited to one or more of the following disciplines: computer forensics, Incident Response, data analytics, Security Operations, and Engineering, Digital Investigations
4. Possesses strong verbal and written communication skills
JOB REQUIREMENTS
· Bachelor's degree in Computer Science, Computer Engineering, Information Assurance, Forensic Sciences, or related technical field; Graduate degree preferred
· 10+ years experience leading full-cycle incident response investigations and communicating with the client/counsel/carriers
· Must be eligible to work in the US without sponsorship
WORK ENVIRONMENT While performing the responsibilities of this position, the work environment characteristics listed below are representative of the environment the employee will encounter: Usual office working conditions. Reasonable accommodations may be made to enable people with disabilities to perform the essential functions of this job.
PHYSICAL DEMANDS
· No physical exertion is required.
· Travel within or outside of the state.
· Light work: Exerting up to 20 pounds of force occasionally, and/or up-to 10 pounds of force as frequently as needed to move objects.
· Maximum 5 years of Information Technology/Technology Operations/Information Security experience required.
· Minimum 3 years of experience in Cybersecurity, Identity & Access Management, Role Based Access Control, and Identity Governance is mandatory.
· Knowledge on User Life Cycle Management, Access provisioning, Access administration is must.
· Experience with technologies such as Role-Based Active Control (RBAC) and Attribute Based Access Control (ABAC) is required.
· Experience in User Access Re-certification activities is mandatory.
· Working knowledge on Active Directory is must.
· Working experience on any IAM tool (SailPoint/Okta/OneIdentity/Varonis/MIM) would be added advantage.
· Knowledge on Identity and Access Management role/processes/tools is must.
· Prior experience in processing IAM requests (Add/Modify/Delete) is must.
· Experienced in Incident management & Change Management processes.
· Knowledge of and the ability to adhere to SAS and SOX audit requirements pertaining to Identity & Access Management job requirements.
· Experience with work-flow management tools such as ServiceNow.
· Leveraging creative thinking and problem solving skills, individual initiative, and utilizing MS Office (Word, Excel, Access, and PowerPoint).
· Understanding personal and team roles; contributing to a positive working environment by building solid relationships with team members; proactively seeking guidance, clarification and feedback.
· Identifying and addressing business needs: building relationships with Stake Holders; developing an awareness of Firm services; communicating with the business/stake holders in an organized and knowledgeable manner; delivering clear requests for information; demonstrating flexibility in prioritizing and completing tasks; and communicating potential conflicts to a supervisor
· Experience performing user administration tasks for various in-house and third-party applications.
· Analyzing, prioritizing, and resolving faults to resolution. Resolve tickets according to SLAs and escalation procedures.
· Strong analytical, problem solving and organizational skills. Be proactive, dynamic, and flexible.
· Good Communication skills, able to articulate well with business and stakeholders.
· Education Qualification : Any graduate/post graduate with Computer Science background.
Amazon Web Services (AWS)About The Company -
OYO Hotels & Homes is the world’s third largest and fastest-growing chain of leased and franchised hotels, homes & spaces managing over 1 million exclusive rooms across 800 cities and 80 countries. OYO was founded on the mission that everyone deserves a quality living and working space and we are very passionate about this mission. Technology and Innovation plays a critical role in this mission and therefore today we employ World Class engineers, product managers and designers across core markets & geographies. If you are looking for a high pace environment, itching to create a large impact through technology impacting 100s of millions of customers across the globe, we love to hear from you.
Key Responsibilities:
- Conducting application(Web & Mobile) and infrastructure penetration testing assessments.
- Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to detect & prevent security vulnerabilities.
- Work closely with the business, product and Development/engineering teams to provide input and guidance on developing secure products and help teams adopt shift-security-to-left practices.
- Work closely with the DevOps team to secure the cloud environment.
- Developing and maintaining cybersecurity process activities including security requirements engineering, threat modelling, code reviews and cyber risk assessment.
- Improve and automate cybersecurity processes within the CI/CD pipelines.
- Continuously review and identify security improvement opportunities in existing products, processes, services and workflows to ensure the people, products and technology in the organization are protected against current and future cybersecurity threats.
- Deliver awareness sessions on Secure Development to engineering/development teams
- Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security.
- Preparing and launching social engineering campaigns;
Key Skills:
- Expertise in application(Web & Mobile) and infrastructure penetration testing.
- Strong experience with Azure or AWS cloud environments and its security controls.
- Experience with microservices architectures & distributed Platforms
- Strong experience with using Agile software development and securing CI/CD pipeline.
- Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)
- Knowledge of how modern web & mobile apps are designed, developed and deployed across different platforms;
- Knowledge of common exploitation techniques and mitigations.
- Experience in implementing and managing a vulnerability management program (process and technology).
- Experience and knowledge of implementing a DevSecOps ecosystem and strong understanding of Dynamic and Static Application Security Testing (DAST & SAST).
- Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.).
- Strong understanding of OWASP, PTES and other penetration testing methodologies.
- Understanding of global security frameworks and standards like NIST, ISO 27001, GDPR, PCI etc.
- Strong knowledge in preparing and launching social engineering campaigns.
- Ability to program or script in your preferred language
- Good understanding of network and OS principles
- Strong written and spoken English skills and ability to write high-quality reports
- An Information Security qualification e.g CSSLP, CEH, OSCP, or similar certification
Cultural Traits common to all OYO Leaders -
● Dealing with Ambiguity and Adaptability – we are a large, but fast-growing company today with not enough existing process or rules of engagements; and environment changes rapidly due to new businesses, geographies and strategic partnerships etc. You need to be able to create organization out of chaos, operate in an environment with minimal structure and adapt to change quickly while maintaining high velocity
● Ownership – anything between you and your job is also your job
● Bias for Action – speed matters a lot, so does quality. Ideal leader will be pragmatic, action-oriented and know the right balance between competing priorities
● Hunger to change the world – you need to be ambitious and willing to do more. If you believe you have already achieved your best and primarily looking to impart that vast knowledge, we aren’t the right place for you
Job Locations: We have a Pan India presence with Tech centers based out of Gurugram, Bangalore & Hyderabad. However currently we are working from our home.
Amazon Web Services (AWS)Responsibilities:
The Senior Information Security Engineer is responsible for the implementation, execution and maintenance of technology solutions to mitigate risk, to protect the IT and Engineering environments by reducing the probability of, and to minimize the effects of, damage caused by malware, malicious activities and security events.
The individual will help protect the company by deploying, tuning, and managing security tools across the computing environment, as well as provide security incident response cycle support. They should have a passion and skills for identifying the latest cyber threats. The individual will:
Basic Qualifications
- Working knowledge of infrastructure-as-code and CI/CD pipelines tools (i.e. Jenkins, Teamcity, CircleCI etc..)
- Lead and participate in major day-to-day operational aspects of the security engineering team including improvement of current security controls while constantly identifying areas of needed improvement
- Deep hands-on security experience with cloud providers, such as AWS, GCP, Azure
- Understanding of automated security testing approaches and tools
- Experience with proactive integration of security into the development process
- Lead continuous improvement efforts of out security tools and systems (Concertation on SIEM, IDS, EDR Tools)
- Work with our customers (Security Operations, Incident Response, and Product teams) to incorporate high quality security alerting into their operational workflows
- Improve overall security practitioner efficiency through process automation
- Foster and promote collaboration among all members of the IT, Infrastructure, and Risk Management Departments.
Minimum Qualifications/Requirements
- BS or MS in Computer Science or related field
- Minimum 7+ years of cybersecurity experience
- Must have previous experience performing threat hunting and incident response duties using SIEM tools, cybersecurity management consoles, and ticketing systems
- Experience in deployment, development, and maintenance of SIEM
- Experience writing and using Ansible server administration scripts, and create simple Python, BASH, or Powershell scripts to automate cybersecurity functions
- Scripting experience to automate security operations, alerting, and compliance checks, CI/CD design, deployment, and management
- Experience with managing endpoint response and detection infrastructure and endpoints at the enterprise level, including performing upgrades to the back end application and deploying new agent versions to endpoints
- Understanding the investigative process and performing triage for cybersecurity incidents
- Experience maintaining industry leading security technologies or infrastructure systems in complex technical IT operations environment
- Must be detail-oriented and organized with ability to handle competing demands while meeting deadlines
- Experience in authentication protocols and frameworks to include OAuth, and AWS IAM
- Proactive and motivated; team player with a positive can-do attitude
- Strong analytical/problem-solving skills and cross-functional knowledge across multiple IT operational and security disciplines
- Ability to communicate technical concepts to a broad range of technical and non-technical staff
- Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change
Amazon Web Services (AWS)As a Partner Development Solution Architect focused on GSI partners within Aqua Security, you will have the opportunity to deliver on a strategy to build mind share and broad use of Aqua Platform across the partner community. Your broad responsibilities will include: owning the technical engagement with strategic partners, position aqua to be part of partner offerings, and assist with the creation of new technical strategies to help partners build and increase their application security practice business. You will be responsible for providing subject-matter expertise on the security of running cloud native workloads, which are rapidly being adopted in enterprise deployments. You will also drive technical relationships with all stakeholders and support sales opportunities. You will also work closely with the internal sales and partner sales team throughout the sales process to ensure all of the partners’ technical needs are understood and met with the best possible solution.
Responsibilities:
The ideal person will have excellent communications skills and be able to translate technical requirements for a non-technical audience. This person can multi-task, is self-motivated, while still interacting well with a team; is highly organized with high energy level and can-do attitude. Required skills include:
- Experience as a sales engineer or solution architect, working with enterprise software products or services.
- Ability to assess partner and customer requirements, identify business problems, and demonstrate proposed solutions.
- Ability to present at technical meetups.
- Ability to work with partners and conduct technical workshops
- Recent familiarity or hands-on experience with:
- Linux distributions, Windows Server
- Networking configurations, routing, firewalling
- DevOps eco-system: CI/CD tools, datacenter automation, open source tools like Jenkins
- Cloud computing environments (AWS, Azure, and Google Compute)
- Container technologies like Docker, Kubernetes, OpenShift and Mesos
-Knowledge of general security practices & DevSecOps
- Up to 25% travel is expected. The ideal candidate will be located in Hyderabad, India
Requirements:
- 7+ years of hands on implementation or consulting experience
- 3+ years in a customer and or partner facing roles
- Experience working with end users or developer communities
- Experience working effectively across internal and external organizations
- Knowledge of the software development lifecycle
- Strong verbal and written communications
- BS degree or equivalent experience required
- 8+ years of experience in software development
- 4+ years of recent hands-on experience in architecting and building complex solutions that run in SaaS/PaaS environments, especially on AWS cloud leveraging SaaS based Microservices development coupled with Distributed Caching & Message Queuing.
- Should have experience in developing solution architecture and/or evaluate architectural alternatives for private, public and hybrid cloud models, including IaaS, PaaS, and other cloud services
- Should have excellent knowledge of cloud architecture and implementation features (OS, multi-tenancy, virtualization, orchestration, elastic scalability)
- Should have experience with Full Stack development with experience in technology stacks/frameworks like JAVA, Springboot, Python, Redis, SQL, NoSQL and Graph DBs
- Good to have Architected solutions that handle Big Data and should be proficient in data analytics
- Must have Expert level proficiency in Design / Architectural patterns, data structures and algorithms
- Must demonstrate knowledge of DevOps tool chains and processes
- Experience in web-based application migration from on-premise to SaaS model is a big plus.
- Experience of Integration patterns and associated best practice(e.g. Web Services, REST API's, Pub/Sub, MOM)
- Excellent knowledge and hands-on experience in Web services related, functionally decomposed architecture, Load Balancing of Web Services and applications, designing multi-tenant systems, Clustering and sharding of data, microservices architecture / design patterns, and throttling and performance management of such services
PHP
PythonJOB DESCRIPTION
(NOTE- we are looking for those candidates who join immediately or notice period of within 15-20days)
• Job Scope
o Conduct penetration testing on internal website/system owned by EC-Council
o Produce a report and presentation to the system owner explaining the security
structure and the vulnerabilities of the system
o Conduct scoping for any new projects
o Research and recommend fixes for issues/vulnerabilities identified during the
penetration testing
o Create and update security test plan regularly according to the nature of the website
assigned
o Conduct research on new vulnerabilities and threats regularly to improve oneself
capabilities
• Minimum Requirements
o At least 3 year experience in conducting any three of the following
▪ Network Penetration Testing
▪ Mobile Application Penetration Testing
▪ Web Application Penetration Testing
▪ Source Code Review
▪ Writing, extending and modifying exploits, shellcode
▪ Reverse engineering malware, data obfuscation and ciphers
o Bachelor’s degree in IT security related field or equivalent
o Any (2) of the following certification ; OSCP, OSCE, OSEP, OSWE, CRT, LPT or
equivalent
o Proficiency in at least 1 programming language such as PHP, ruby, Python, Perl
o Strong understanding of encryption (SSL/TLS, PKI) and other authentication methods
o Good experience with tools used for penetration testing such as Metasploit,
BurpSuite, w3af, Kali Linux, SQLMap, Skipfish
o Excellent written and verbal communication skills, especially when dealing with
large reports and datasets with a high standard of documentation
o Mastery in linux/unix operating system and bash/Powershell
Amazon Web Services (AWS)Are you the one? Quick self-discovery test:
- Love for the cloud: When was the last time your dinner entailed an act on “How would ‘Jerry Seinfeld’ pitch Cloud platform & products to this prospect” and your friend did the ‘Sheldon’ version of the same thing.
- Passion: When was the last time you went to a remote gas station while on vacation and ended up helping the gas station owner saasify his 7 gas stations across other geographies.
- Compassion for customers: You listen more than you speak. When you do speak, people feel the need to listen.
- Humor for life: When was the last time you told a concerned CEO, ‘If Elon Musk can attempt to take humanity to Mars, why can’t we take your business to run on the cloud?
So what are we looking for?
- Experience in On-premises to AWS cloud Migration.
- Linux and Windows servers knowledge .
- Application knowledge like Java, .net, Python, Ruby.
- On-premises to Cloud migration assessment experience as a must .
- Able to provide a detailed migration analysis report and present it to the customer.
- Creative problem-solving skills and superb communication skills.
- Respond to technical queries / requests from team members and customers.
- Ambitious individuals who can work under their own direction towards agreed targets/goals.
- Ability to handle change and be open to it along with good time management and being able to work under stress.
- Proven interpersonal skills while contributing to team effort by accomplishing related results as needed.
- Maintain technical knowledge by attending educational workshops, reviewing publications.
Job Responsibilities:
- Managing initiatives for migration and modernization in AWS cloud environment
- Leads and builds Modernization architecture solution from (on-prem or VMWare) into modern platform (Cloud AWS) through modular design by understanding application components
- Leads and SME in Modernization methodology and can lead the Design thinking workshop, method tailoring as Client environment and Client industry
- The 6 most common application migration strategies below required
- Re-host (Referred to as a “lift and shift.”)
- Re-platform (Referred to as “lift, tinker, and shift.”)
- Re-factor / Re-architect
- Re-purchase
- Retire
- Retain ( Referred to as re-visit.)
- Application migration analysis experience like application compatibility on the cloud, Network, security support on cloud.
Qualifications:
- Is Education overrated? Yes. We believe so. But there is no way to locate you otherwise. So we might look for at least a Bachelor’s or Master's degree in engineering from a reputed institute or you should be programming from 12.
- And the latter is better. We will find you faster if you specify the latter in some manner. Not just a degree, but we are not too thrilled by tech certifications too :)
- Architects with 10+ total and 6+ years of experience on Modernization applications and led Architecture initiatives on AWS Modernization.
- Managed and implemented at least 5 engagement modernizing client applications to AWS Cloud and on WebSphere and Java/J2EE or .NET.
- Experience on using DevOps tools during Modernization.
- Complete in-depth experience and knowledge of AWS as a product and its components.
- AWS certification would be preferred.
- Experience in Agile fundamentals and methodology.
PythonAbout the Role
Dremio’s SREs ensure that our internal and externally visible services have reliability and uptime appropriate to users' needs and a fast rate of improvement. You will be joining a newly formed team that will spearhead our efforts to launch a cloud service. This is an opportunity to join a very fast growth startup and help build a cloud service from the ground up.
Responsibilities and Ownership
- Ability to debug and optimize code and automate routine tasks.
- Evangelize and advocate for reliability practices across our organization.
- Collaborate with other Engineering teams to support services before they go live through activities such as system design consulting, developing software platforms and frameworks, monitoring/alerting, capacity planning and launch reviews.
- Analyze and optimize our core product by developing and implementing reliability and performance practices.
- Scale systems sustainably through automation and evolve systems by pushing for changes that improve reliability and velocity.
- Be on-call for services that the SRE team owns.
- Practice sustainable incident response and blameless postmortems.
Qualifications
- 6+ years of relevant experience in the following areas: SRE, DevOps, Cloud Operations, Systems Engineering, or Software Engineering.
- Excellent command of cloud services on AWS/GCP/Azure, Kubernetes and CI/CD pipelines.
- Have moderate-advanced experience in Java, C, C++, Python, Go or other object-oriented programming languages.
- You are Interested in designing, analyzing and troubleshooting large-scale distributed systems.
- You have a systematic problem-solving approach, coupled with strong communication skills and a sense of ownership and drive.
- You have a great ability to debug and optimize code and automate routine tasks.
- You have a solid background in software development and architecting resilient and reliable applications.
Follow Cutshort