351 Vulnerability Assessments jobs in Mumbai

Responsibilities:

• Technical documentation about the security breaches and the processes.
• Configuration reviews for implemented solutions like firewalls, WAF, PAM/PIM, DLP, SIEM Etc
• Data encryption programs to safeguard organizations vital data.
• Red teaming, VA-PT, source code reviews, Mobile app reviews
• Work directly with the ISG team and coordination with stakeholders
• Risk assessment and risk management processes
• Understand the processes and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
• Review and Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
• Coordinate, measure and report on the technical aspects of security posture.
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
• Manage and coordinate operational components of incident management, including detection, response, documentation and reporting.
• Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
• Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk.
• Mitigate the compliance requirements as per regulatory guidelines
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements.
• Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.

Requirements:

• Diploma /Degree in a technology-related field required.
• Professional security analyst certification
• Minimum of five to 7 years of hands on experience in VA-PT, configuration reviews and data protection
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Excellent written and verbal communication skills and high level of personal integrity.
• Experience with Cloud computing/Elastic computing across virtualized environments.

Responsible for endpoint security ops, threat hunting & mitigation. Skilled in EDR, DLP, APT, MDM, cloud security, ISO 27001/NIST, ITIL. Strong in troubleshooting, leadership & collaboration, ensuring control effectiveness.

hands on experience in VA-PT, configuration reviews and data protection

Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST

Experience with Cloud computing/Elastic computing across virtualized environments

About the role:

The Information Security Team is a central function governing corporate and product security globally. We have built a strong team of high performing security experts and are seeking an analyst within Information Security here at Morningstar. As a member of our Security Operations Center Team, you will get to be a part of a growing and well supported program protecting Morningstar's Infrastructure, Data, and People.

The Role: As an analyst on our Security Operations Center Team, you will monitor and analyze threats, provide security monitoring, and incident response services. Day to day you will work with the team to understand, mitigate, and respond to threats quickly, restoring operations and limiting impact. You will analyze incidents to determine scope and impact and assist in recovery efforts. You will combine threat intelligence, event data, and assessments from recent events, to identify patterns to understand attackers' goals and stop them from succeeding. This position is based in our Mumbai office

Responsibilities:

• Provide 24x7 monitoring operations for security alerts
• Detect, analyze, report and respond to cyber security events and incidents using a combination of technology solutions and processes
• Review and escalate alerts
• Examine and operationalize new adversary detection methods to defend Morningstar
• Assess the security impact of security alerts and traffic anomalies to identify malicious actions.
• Generate reports for both technical and non-technical staff and stakeholders.

Requirements

• A bachelor's degree and 2-3+ years' experience in Information Security.
• Excellent communication skills and an understanding of cyber security fundamentals.
• Candidate should be interested in keeping up with the latest security trends.
• Experience with security tools ( SIEM , EDR , Proxy)
• Candidate should have knowledge about cloud security preferably AWS.
• Add-on Certification like CEH , Security+, CompTIA+, Splunk.

Morningstar is an equal opportunity employer

Morningstar's hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We've found that we're at our best when we're purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.

I10_MstarIndiaPvtLtd Morningstar India Private Ltd. (Delhi) Legal Entity

Total CollectR , a product of Total AI Systems , is a cutting-edge SaaS platform that helps businesses manage past-due debt collection accounts. We create better consumer experiences, help our customers collect more and empower our employees to succeed through customer success.

We are looking for a Security & Compliance Analyst who will take ownership of our compliance frameworks (SOC 2 Type II, HIPAA and others as needed) and overall security posture. You’ll work with tools like Secureframe and support regular audits, security monitoring and reporting. You will ensure we meet regulatory requirements, proactively identify and mitigate threats and implement best practices to keep our systems, data and employees secure.

Key Responsibilities

• Manage and maintain compliance with SOC 2 Type 2, HIPAA and other relevant security and privacy standards.
• Oversee compliance automation tools such as Secureframe and ensure evidence collection and controls are up-to-date.
• Run regular security reports across all instances and systems to detect and respond to threats.
• Monitor employee device and application usage to ensure up-to-date software and adherence to company security policies.
• Design, implement and monitor security controls across infrastructure, SaaS applications and development processes.
• Stay current on emerging compliance requirements and update internal practices accordingly.
• Lead security awareness training for employees and foster a security-first mindset across the company.
• Support audits, penetration tests and vendor security assessments as needed.
• Create and maintain security documentation, including policies, playbooks and incident response procedures.

Requirements

• 3–5 years of experience in IT security, compliance, or GRC (preferably in SaaS or IT services)
• Hands-on experience managing SOC 2 Type 2 audits
• Exposure to HIPAA, ISO 27001, or other compliance frameworks.
• Familiarity with compliance automation platforms such as Secureframe etc.
• Strong understanding of cloud security (AWS preferred) , SaaS applications and modern IT environments.
• Experience running security audits, reports, and threat assessments .
• Knowledge of endpoint management and employee security hygiene best practices.
• Excellent problem-solving, communication and documentation skills.
• Security certifications (CISSP, CISM, CISA, CCSK, or similar) are a plus.

Total CollectR , a product of Total AI Systems , is a cutting-edge SaaS platform that helps businesses manage past-due debt collection accounts. We create better consumer experiences, help our customers collect more and empower our employees to succeed through customer success.

We are looking for a Security & Compliance Analyst who will take ownership of our compliance frameworks (SOC 2 Type II, HIPAA and others as needed) and overall security posture. You’ll work with tools like Secureframe and support regular audits, security monitoring and reporting. You will ensure we meet regulatory requirements, proactively identify and mitigate threats and implement best practices to keep our systems, data and employees secure.

Key Responsibilities

• Manage and maintain compliance with SOC 2 Type 2, HIPAA and other relevant security and privacy standards.
• Oversee compliance automation tools such as Secureframe and ensure evidence collection and controls are up-to-date.
• Run regular security reports across all instances and systems to detect and respond to threats.
• Monitor employee device and application usage to ensure up-to-date software and adherence to company security policies.
• Design, implement and monitor security controls across infrastructure, SaaS applications and development processes.
• Stay current on emerging compliance requirements and update internal practices accordingly.
• Lead security awareness training for employees and foster a security-first mindset across the company.
• Support audits, penetration tests and vendor security assessments as needed.
• Create and maintain security documentation, including policies, playbooks and incident response procedures.

Requirements

• 3–5 years of experience in IT security, compliance, or GRC (preferably in SaaS or IT services)
• Hands-on experience managing SOC 2 Type 2 audits
• Exposure to HIPAA, ISO 27001, or other compliance frameworks.
• Familiarity with compliance automation platforms such as Secureframe etc.
• Strong understanding of cloud security (AWS preferred) , SaaS applications and modern IT environments.
• Experience running security audits, reports, and threat assessments .
• Knowledge of endpoint management and employee security hygiene best practices.
• Excellent problem-solving, communication and documentation skills.
• Security certifications (CISSP, CISM, CISA, CCSK, or similar) are a plus.