6+ Vulnerability management Jobs in India

🔹 Role: Third Party Cyber Risk Services Operations – Lead Analyst

📍 Location: Bellandur, Bangalore

🕐 Work Timings: 01:30 PM – 10:30 PM

🕐 Type: Contract to hire

🏢 Work Mode: Monday (WFH), Tuesday–Friday (WFO)

📅 Experience: 10–12 Years

Job Summary:

Role Summary

The Lead Analyst will support Third-Party Cyber Risk Services operations by managing daily intake, executing workflows, and delivering data-driven risk assessments. This role is responsible for making defensible third-party risk decisions (including accept/reject), partnering with cross-functional stakeholders, and strengthening organizational cyber resilience.

Key Responsibilities

Third-Party Risk Management

• Manage and maintain the third-party risk management framework
• Perform inherent and residual risk assessments using data-driven methodologies
• Identify cyber risks associated with third-party vendors

Risk Analysis & Mitigation

• Define, implement, and track mitigation and risk treatment plans
• Analyse trade-offs to manage residual risk effectively
• Support defensible risk decisions aligned with business objectives

Stakeholder Collaboration

• Partner with:
• Procurement (contract advisors, category managers)
• Legal teams
• Business/Product owners
• Risk managers & analysts
• Security engineers & threat intelligence teams
• Communicate risk insights, impacts, and recommendations clearly

Operations & Delivery

• Manage intake and prioritize work based on risk
• Meet SLAs without compromising quality
• Handle escalations and resolve high-risk issues promptly

Process Improvement & Automation

• Define and enhance processes, procedures, and tools
• Identify efficiency opportunities and leverage automation/AI
• Drive continuous improvement initiatives

Metrics & Reporting

• Develop and analyse risk metrics and dashboards
• Track trends, risk posture, and control effectiveness

Required Qualifications

Core Expertise

• Strong experience in Third-Party Risk Management (TPRM)
• Knowledge of information security concepts: threat, vulnerability, impact
• Ability to apply risk concepts to policies, standards, and controls

Framework Knowledge

• Hands-on experience with NIST Cybersecurity Framework (CSF)
• Understanding of control effectiveness and compliance assurance

Analytical & Problem-Solving Skills

• Strong critical thinking and risk analysis capability
• Ability to break down complex problems and work in ambiguous environments
• Experience in designing and maturing processes

Communication & Leadership

• Excellent written and verbal communication skills
• Ability to influence stakeholders across levels
• Strong cross-functional collaboration skills

Agile & Execution Skills

• Experience working in agile environments
• Ability to prioritize tasks, remove blockers, and adapt quickly

Key Competencies

• Risk Assessment & Decision-Making
• Cybersecurity & Compliance
• Stakeholder Management
• Process Optimization
• Data-Driven Insights
• Automation & Innovation 

Notice period - Immediate Joiners

Work Mode - Remote

About the Role

We are seeking a Senior Cybersecurity Engineer to design, implement, and govern enterprise-grade security architectures across cloud-based healthcare platforms. The role involves working closely with Data, Software, ML, and Cloud Architects to secure complex systems such as AI platforms, digital diagnosis solutions, and software-as-a-medical-device offerings.

Key Responsibilities

• Design, implement, and maintain robust security architectures for applications, infrastructure, and cloud platforms
• Conduct threat modeling, security reviews, vulnerability assessments, and penetration testing
• Identify security gaps in existing and proposed architectures and recommend remediation
• Implement and support DevSecOps practices, including code and infrastructure security
• Define and enforce security policies, standards, and procedures
• Respond to security incidents with root-cause analysis and corrective actions
• Mentor development and security teams on secure design and best practices
• Evaluate and integrate third-party security tools and technologies

Mandatory Skills (Top 3)

1. Cloud Security Expertise
2. Hands-on experience with cloud security (AWS / GCP / Azure), including secure architecture design and cloud risk assessments.
3. DevSecOps & Container Security
4. Strong experience in DevSecOps/SecOps environments with tools and technologies such as Docker, Kubernetes, IDS, SIEM, SAST/DAST, and EDR.
5. Threat Modeling & Vulnerability Management
6. Proven expertise in threat modeling, penetration testing, vulnerability assessment, and risk management, including automation-driven security testing.

SENIOR INFORMATION SECURITY ENGINEER (DEVSECOPS)

Key Skills: Software Development Life Cycle (SDLC), CI/CD

About Company: Consumer Internet / E-Commerce

Company Size: Mid-Sized

Experience Required: 6 - 10 years

Working Days: 5 days/week

Office Location: Bengaluru [Karnataka]

Review Criteria:

Mandatory:

• Strong DevSecOps profile
• Must have 5+ years of hands-on experience in Information Security, with a primary focus on cloud security across AWS, Azure, and GCP environments.
• Must have strong practical experience working with Cloud Security Posture Management (CSPM) tools such as Prisma Cloud, Wiz, or Orca along with SIEM / IDS / IPS platforms
• Must have proven experience in securing Kubernetes and containerized environments including image security,runtime protection, RBAC, and network policies.
• Must have hands-on experience integrating security within CI/CD pipelines using tools such as Snyk, GitHub Advanced Security,or equivalent security scanning solutions.
• Must have solid understanding of core security domains including network security, encryption, identity and access management key management, and security governance including cloud-native security services like GuardDuty, Azure Security Center etc
• Must have practical experience with Application Security Testing tools including SAST, DAST, and SCA in real production environments
• Must have hands-on experience with security monitoring, incident response, alert investigation, root-cause analysis (RCA), and managing VAPT / penetration testing activities
• Must have experience securing infrastructure-as-code and cloud deployments using Terraform, CloudFormation, ARM, Docker, and Kubernetes
• B2B SaaS Product companies
• Must have working knowledge of globally recognized security frameworks and standards such as ISO 27001, NIST, and CIS with exposure to SOC2, GDPR, or HIPAA compliance environments

Preferred:

• Experience with DevSecOps automation, security-as-code, and policy-as-code implementations
• Exposure to threat intelligence platforms, cloud security monitoring, and proactive threat detection methodologies, including EDR / DLP or vulnerability management tools
• Must demonstrate strong ownership mindset, proactive security-first thinking, and ability to communicate risks in clear business language

Roles & Responsibilities:

We are looking for a Senior Information Security Engineer who can help protect our cloud infrastructure, applications, and data while enabling teams to move fast and build securely.

This role sits deep within our engineering ecosystem. You’ll embed security into how we design, build, deploy, and operate systems—working closely with Cloud, Platform, and Application Engineering teams. You’ll balance proactive security design with hands-on incident response, and help shape a strong, security-first culture across the organization.

If you enjoy solving real-world security problems, working close to systems and code, and influencing how teams build securely at scale, this role is for you.

What You’ll Do-

Cloud & Infrastructure Security:

• Design, implement, and operate cloud-native security controls across AWS, Azure, GCP, and Oracle.
• Strengthen IAM, network security, and cloud posture using services like GuardDuty, Azure Security Center and others.
• Partner with platform teams to secure VPCs, security groups, and cloud access patterns.

Application & DevSecOps Security:

• Embed security into the SDLC through threat modeling, secure code reviews, and security-by-design practices.
• Integrate SAST, DAST, and SCA tools into CI/CD pipelines.
• Secure infrastructure-as-code and containerized workloads using Terraform, CloudFormation, ARM, Docker, and Kubernetes.

Security Monitoring & Incident Response:

• Monitor security alerts and investigate potential threats across cloud and application layers.
• Lead or support incident response efforts, root-cause analysis, and corrective actions.
• Plan and execute VAPT and penetration testing engagements (internal and external), track remediation, and validate fixes.
• Conduct red teaming activities and tabletop exercises to test detection, response readiness, and cross-team coordination.
• Continuously improve detection, response, and testing maturity.

Security Tools & Platforms:

• Manage and optimize security tooling including firewalls, SIEM, EDR, DLP, IDS/IPS, CSPM, and vulnerability management platforms.
• Ensure tools are well-integrated, actionable, and aligned with operational needs.

Compliance, Governance & Awareness:

• Support compliance with industry standards and frameworks such as SOC2, HIPAA, ISO 27001, NIST, CIS, and GDPR.
• Promote secure engineering practices through training, documentation, and ongoing awareness programs.
• Act as a trusted security advisor to engineering and product teams.

Continuous Improvement:

• Stay ahead of emerging threats, cloud vulnerabilities, and evolving security best practices.
• Continuously raise the bar on a company's security posture through automation and process improvement.

Endpoint Security (Secondary Scope):

• Provide guidance on endpoint security tooling such as SentinelOne and Microsoft Defender when required.

Ideal Candidate:

• Strong hands-on experience in cloud security across AWS and Azure.
• Practical exposure to CSPM tools (e.g., Prisma Cloud, Wiz, Orca) and SIEM / IDS / IPS platforms.
• Experience securing containerized and Kubernetes-based environments.
• Familiarity with CI/CD security integrations (e.g., Snyk, GitHub Advanced Security, or similar).
• Solid understanding of network security, encryption, identity, and access management.
• Experience with application security testing tools (SAST, DAST, SCA).
• Working knowledge of security frameworks and standards such as ISO 27001, NIST, and CIS.
• Strong analytical, troubleshooting, and problem-solving skills.

Nice to Have:

• Experience with DevSecOps automation and security-as-code practices.
• Exposure to threat intelligence and cloud security monitoring solutions.
• Familiarity with incident response frameworks and forensic analysis.
• Security certifications such as CISSP, CISM, CCSP, or CompTIA Security+.

Perks, Benefits and Work Culture:

A wholesome opportunity in a fast-paced environment that will enable you to juggle between concepts, yet maintain the quality of content, interact and share your ideas and have loads of learning while at work. Work with a team of highly talented young professionals and enjoy the comprehensive benefits that company offers.

Company: A cyber security company, helping leaders continuously improve their security posture.

Team Size: 200 +

Responsibilities

• Analyze, plan, and develop requirements (and standards) for scheduled projects.
• Assign and oversee the daily tasks of technical personnel while ensuring the team is working toward established milestones.
• Hold regular team meetings to determine the progress and address any questions or challenges regarding projects.
• Determine and define clear deliverables, roles, and responsibilities for security engineers required for specific projects or initiatives.
• Research and evaluate different trends and technology in the cyber space and articulate the same to the team.
• Hands-on experience with vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identifying weaknesses in multiple operating system platforms, database, and application servers.
• Strong written and verbal communication skills with the ability to collaborate through all parts of the business.
• High performance skillset which not only understands the threat spaces as it relates to risks, but also is able to meet the technical challenge of communicating this out to our teams/customers.
• Leadership skills which bring out the best in the team. This includes both direct leadership but also cross-functional capabilities.
• 5+ years in a vulnerability management program. Knowing not only how to assess vulnerabilities, but prioritize and drive remediation of the same.
• Ability to communicate at the executive leadership levels. Understanding how to translate technical gaps to business risk is critical for communication in this role.
• Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.
• Experience in interacting with auditors and regulators.
• Travel to client location (within India and abroad) as and when required.
• Conduct exit briefing and presentation to clients and relevant stakeholders.
• Work with pre-sales on technical proposals and RFP responses.
• Certification in Project Management or related technical field will be an added advantage.
• Experience in working in a high-level collaborative environment and promoting teamwork
• Ability to predict challenges and seek to proactively head-off obstacles.

Education : Bachelor’s degree in Computer Science, Information Systems, or equivalent education or work experience

Experience : 12 -16 years

Location : Chennai (Hybrid)

Compensation: Best in Industry

Why should we talk?

We are a bunch of passionate cybersecurity professionals who are building a culture of security. Today, cybersecurity is no more a luxury but a necessity with a global market value of $150 Billion. Our vision is to make cybersecurity available for all, not just the Fortune 500 companies.

We live by a people-first approach. We firmly believe that our employees should enjoy what they do. For our employees, we provide a hybrid work environment with a competitive best in industry pay, while providing them with an environment to learn, thrive, and grow. Our hybrid working environment allows employees to work from the comfort of their homes or the office if they choose to. For the right candidate, this will feel like your second home.

If you are passionate about cybersecurity just as we are, we would love to pick your brains.

Security Monitoring and Operations (SIEM)
Security Solutions design and deployment
IDAM - Identity and Access Management Experience
Network Monitoring and Management Experience
VAPT - Vulnerability Assessment and Penetration Assessment
Experience on DLP and Endpoint Security
Knowledge on Encryption 
Experience in performing Maturity Assessment for identifying the security gaps and recommending measures to fix the gaps
Experience in Audit controls and applying security measures (ISO, PCI etc..)
Knowledge in automation and scripting