3,432 Vulnerability Management jobs in India

Join us as a Vulnerability Management (VM) Governance Lead at Barclays, responsible for supporting the successful delivery of Location Strategy projects to plan, budget, agreed quality and governance standards. You'll spearhead the evolution of our digital landscape, driving innovation and excellence. You will harness cutting-edge technology to revolutionise our digital offerings, ensuring unparalleled customer experiences.

To be successful as a VM Governance Lead, you should have experience with:

• Developing and implementing governance frameworks, policies, and procedures within a global financial institution.
• Clear and influential communication, capability of engaging technical teams, business units, and senior stakeholders.
• Guiding, influencing, and inspiring cross-functional teams, with a focus on strategic direction and collaboration.

Some other highly valued skills may include:

• Proficiency in defining and tracking Key Performance and Risk Indicators for vulnerability remediation, Service Level Agreement adherence, and risk reduction.
• Experience chairing governance forums, steering committees, and audit reviews, with a focus on audit readiness and evidence-based reporting.
• Effective project delivery skills with a consistent record of producing high-quality outputs on time.

You may be assessed on the key critical skills relevant for success in role, such as risk and controls, change and transformation, business acumen strategic thinking and digital and technology, as well as job-specific technical skills.

This role will be based in Pune.

Purpose of the role

To keep our customers, clients, and colleagues safe by identifying cyber-vulnerabilities across the Bank, using a risk-based approach to prioritise them, and to drive effective remediation activity.

Accountabilities

• Allocation of the correct risk rating and remediation prioritisation to a vulnerability based on industry standards for assessment, available threat intelligence concerning exploitation, the reachability of the host (or asset) and the value of the service(s) running on the impacted host.
• Development of vulnerability management operating model, policies and procedures to ensure consistency in vulnerability identification, remediation and reporting. Element owner of the Vulnerability Management Standard including Issues Management and Regulatory alignment.
• Communication of vulnerabilities to relevant parties including senior stakeholders, vendors, external security partners and affect business units using reports and dashboards and provide recommendations for improvement in vulnerability management practices.
• Collaboration with Threat intelligence and Cyber Operations teams to assess and contextualise exposure to latest threat trends and exploits and set appropriate remediation timescales.
• Definition of requirements and acceptance criteria for the implementation and maintenance of automation tools to streamline vulnerability management processes within operating systems and applications.
• Reporting of remediation status of Security Assurance Specialist team findings against Key Risk Indicators.

Assistant Vice President Expectations

• To advise and influence decision making, contribute to policy development and take responsibility for operational effectiveness. Collaborate closely with other functions/ business divisions.
• Lead a team performing complex tasks, using well developed professional knowledge and skills to deliver on work that impacts the whole business function. Set objectives and coach employees in pursuit of those objectives, appraisal of performance relative to objectives and determination of reward outcomes
• If the position has leadership responsibilities, People Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L – Listen and be authentic, E – Energise and inspire, A – Align across the enterprise, D – Develop others.
• OR for an individual contributor, they will lead collaborative assignments and guide team members through structured assignments, identify the need for the inclusion of other areas of specialisation to complete assignments. They will identify new directions for assignments and/ or projects, identifying a combination of cross functional methodologies or practices to meet required outcomes.
• Consult on complex issues; providing advice to People Leaders to support the resolution of escalated issues.
• Identify ways to mitigate risk and developing new policies/procedures in support of the control and governance agenda.
• Take ownership for managing risk and strengthening controls in relation to the work done.
• Perform work that is closely related to that of other areas, which requires understanding of how areas coordinate and contribute to the achievement of the objectives of the organisation sub-function.
• Collaborate with other areas of work, for business aligned support areas to keep up to speed with business activity and the business strategy.
• Engage in complex analysis of data from multiple sources of information, internal and external sources such as procedures and practises (in other areas, teams, companies, solve problems creatively and effectively.
• Communicate complex information. 'Complex' information could include sensitive information or information that is difficult to communicate because of its content or its audience.
• Influence or convince stakeholders to achieve outcomes.

All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship – our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset – to Empower, Challenge and Drive – the operating manual for how we behave.

Roles and Responsibilities

• Design, implement, and maintain vulnerability management solutions using various tools such as Qualys, Tenable, and Nessus.
• Conduct regular vulnerability assessments to identify potential risks and develop remediation plans to mitigate them.
• Collaborate with cross-functional teams to integrate vulnerability management into existing security frameworks and processes.
• Develop and maintain relationships with clients to understand their specific needs and provide tailored consulting services.

Desired Candidate Profile

• 15-20 years of experience in IT services & consulting industry.
• Strong expertise in Vulnerability Assessment, Penetration Testing, Vulnerability Management, Remediation, Integration with SIEM/SOAR systems like Qualys, Tenable etc. .
• Experience working on managed services projects for Fortune 500 companies or large enterprises.

Vulnerability Management - L3

Location : Bangalore

Mode : Hybrid

• On the portal where vulnerabilities are listed, each vulnerability must be analyzed;
• Within each record of each vulnerability, analyze the required fixes and the vendor involved
• Contact the vendor to discuss the vulnerability fix (usually the vendor applies the fix in a test environment)
• If there is any impact or downtime required, it will be necessary to align with Miguel Marçal on the intervention window;
• Contact T-Systems to schedule the intervention;
• T-Systems will have to ensure a virtual machine snapshot is performed to enable rollback protection;
• Support the vendor during the application of the fixes in the production environment Security Operations Lead Roles and Responsibilities ( Grade IS3 / IS4) Vulnerability Analysis & Tracking
• Review and analyze vulnerabilities listed on the security portal & Servicenow
• Assess each vulnerability record to identify required fixes and determine the responsible vendor.
• Maintain a centralized tracking system for all open vulnerabilities and remediation status. Vendor Coordination
• Contact vendors to discuss and plan the application of fixes, typically in a test environment first.
• Support vendors during the fix deployment in production environments.
• Ensure rollback protection by coordinating virtual machine snapshots before any intervention. Intervention Planning
• Coordinate with T-Systems to schedule interventions and confirm snapshot creation for rollback capability. Remediation Execution
• Facilitate and monitor the application of fixes in production environments.
• Ensure all remediation activities are completed within agreed timelines and with minimal disruption. Documentation & Reporting to CSO
• Document all remediation steps, communications, and outcomes.
• Provide regular updates and reports to management on vulnerability status and resolution progress to CSO.
• Participate in the weekly and monthly review with CSO.

Experience: 5+ years with experience in SNOW Vulnerability Module.

Key Responsibilities:

• Strong background in ServiceNow Security Operations, a deep understanding of Vulnerability Management (VM),
• Good experience in ServiceNow development on ITSM module
• Excellent experience in Integrating third party tools with ServiceNow using web services and connectors
• Implement and manage the Vulnerability Management module in ServiceNow.
• Integrate vulnerability scanners with ServiceNow.
• Develop and automate workflows using ServiceNow Flow Designer and Orchestration to manage vulnerabilities.
• Perform regular testing and validation of vulnerability data and its accuracy in the system.
• Create reports and dashboards in ServiceNow Performance Analytics to track vulnerabilities, remediation progress, and key metrics.
• Ensure compliance with regulatory standards and internal security policies through effective vulnerability tracking.
• Automate vulnerability response actions and integrate them with existing security incident management processes.
• Maintain proper documentation and provide training to teams on the ServiceNow Vulnerability Management process.

Required Skills & Qualifications:

• Strong knowledge of ServiceNow platform, including its Security Incident Management (SIM) and Vulnerability Management (VM) modules.
• Familiarity with ServiceNow CMDB and how vulnerabilities relate to Configuration Items (CIs).
• Experience in integrating vulnerability scanning tools (e.g., Qualys, Tenable, Nessus) with ServiceNow.
• Experience with risk prioritization and the Common Vulnerability Scoring System (CVSS).
• Knowledge of Security Incident Management, Problem Management, and Change Management best practices in ServiceNow.
• Experience in creating reports and dashboards using ServiceNow Performance Analytics.

Primary & Secondary Skills

Vulneribility Management

Qualys Guard

Qualys Agent

Policy Compliance

Vulneribilty Scanning

RESPONSIBILITIES

Perform vulnerability assessment using leading Vulnerability Scanning solutions like Qualys, Microsoft Defender, etc.

Perform vulnerability assessments on On-prem, Cloud hosted systems, container (like Docker & Kubernetes), databases, web services and other widely deployed infrastructure components.

Perform false positive validation and ensure delivery of quality reports.

Act as a technical SME to analyse the vulnerability results & detection logic.

Provide technical advice and support on remediation to infrastructure application support teams.

Manage & Implement approved scan exclusions based on the request from platform support teams.

Review findings and identify root causes for common issues and provide recommendations for sustainable improvements.

Responsible to maintain vulnerability quality assurance by building VM team technical knowledge base.

Research and report on security vulnerabilities and latest advancements in the vulnerability management lifecycle.

Understand security policies, procedures and guidelines to all levels of management and staff.

Communicate effectively orally and in writing and establish cooperative working relationships.

Provide suggestion to improve vulnerability Management service based on current trends in information technology (Network, system security software and hardware).

Act as line manager in the absence of team lead.

People and Talent

Minimum 6 years of experience in Information security and preferably in Banking and Financial services sector

Good understanding and Implementation experience on Enterprise Network Security Architecture and Enterprise Network Design.

In-depth working experience on Cloud technologies, routers, switches, firewalls, load balancers and proxy will be added advantage for the role.

Bachelor Degree in Engineering, Computer Science/Information Technology or its equivalent.

Industry certifications will be a plus e.g. CISSP, CCNA Security, CCIE, CCNP Security, CISA, CRISC and CISM.

Strong knowledge and subject matter expertise in multiple areas within Information Security.

Hands on skill and expertise in performing risk threat assessments/risk consulting.

Excellent written, oral communication and reporting skills.

Provides technical leadership, expertise and direction working with district and college technical staff for design and implementation of information technology security systems.

Develops strategy for propagating, maintaining, and measuring compliance against security policies, standards, and guidelines district-wide.

Time management and organizational skills

Ability and desire to learn new skills quickly

Performs other related duties as assigned.

Risk Management

Key Stakeholders

Click here to enter text.

Other Responsibilities

Click here to enter text.

COMPETENCIES

SKILLS FRAMEWORK

Grow Self Applicable for all roles.

Action Oriented

Taking on new opportunities and tough challenges with a sense of urgency, energy and enthusiasm.

Collaborates

Building partnerships and working collaboratively with others to meet shared objectives.

Courage

Stepping up to address difficult issues and saying what needs to be said.

Customer Focus

Building strong customer relationships and delivering customer-centric solutions.

Instils Trust

Gaining the confidence and trust of others through honesty, integrity and authenticity.

Nimble Learning

Actively learning through experimentation when tackling new problems. Using both successes and failures as a learning factor

cybersecurity with specially tenable and qualys asset management services experience the role and department comes under

• Vulnerability Management Specialist (AWS & Wiz)
• AWS
• WIZ

At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling, and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.

Could you be the full-time Threat and Vulnerability Management Analyst in Bangalore we're looking for?

Your future role

Take on a new challenge and apply your ethical hacking expertise in a cutting-edge field. You'll work alongside talented, collaborative, and forward-thinking teammates.

You'll play a key role in safeguarding our organization's assets and enhancing our security program. Day-to-day, you'll work closely with teams across the business (such as infrastructure, application owners, and third-party vendors), analyze threat intelligence reports, and develop remediation plans, among other impactful responsibilities.

You'll specifically take care of vulnerability assessments, penetration testing, and implementing Secure SDLC programs, but also contribute to designing and delivering actionable security dashboards.

We'll look to you for:

• Tracking new and emerging threats and vulnerabilities, verifying their applicability, and initiating remediation activities as necessary
• Analyzing assessment reports provided by vendors or third parties and resolving them within defined SLAs
• Developing remediation plans by collaborating with infrastructure and application owners
• Providing guidance on patching, configuration settings, and additional security controls
• Defining the scope of assessment activities across internal and partner organizations
• Designing and delivering actionable information security dashboards and metrics
• Creating awareness about good security practices and the benefits of Secure SDLC programs
• Prioritizing vulnerabilities based on risk and driving them to closure using tools like Qualys, Skybox, and SecOps

All about you

We value passion and attitude over experience. That's why we don't expect you to have every single skill. Instead, we've listed some that we think will help you succeed and grow in this role:

• Bachelor's or Master's degree in Engineering, Technology, or a related field
• 6–8 years of relevant IT experience
• Professional certifications such as CISSP, CEH, GPEN, or OSCP
• Exposure to threat modeling, systems hardening, and Secure SDLC programs
• Experience in application penetration testing and ethical hacking
• Proficiency with tools like Qualys, Veracode, Nessus, AppScan, and Skybox
• Knowledge of TCP/IP stack, OSI layers, application programming interfaces, middleware, and mobile technologies
• Familiarity with penetration testing methodologies (e.g., OWASP, OSSTMM, PCI DSS)
• Strong analytical skills and the ability to drive innovation and process improvement
• Solid understanding of ITIL process frameworks and experience in creating processes in complex multivendor ecosystems

Things you'll enjoy Join us on a life-long transformative journey – the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. You'll also:

• Enjoy stability, challenges, and a long-term career free from boring daily routines
• Work with new security standards for rail signalling
• Collaborate with transverse teams and helpful colleagues
• Contribute to innovative projects
• Utilize our flexible and inclusive working environment
• Steer your career in whatever direction you choose across functions and countries
• Benefit from our investment in your development through award-winning learning
• Progress towards leadership or specialized roles within cybersecurity
• Benefit from a fair and dynamic reward package that recognizes your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension)

You don't need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, you'll be proud. If you're up for the challenge, we'd love to hear from you

Important to note

As a global business, we're an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. We're committed to creating an inclusive workplace for everyone.

Job Segment: Information Security, Middleware, Business Process, Manager, Technology, Management

As the global leader in high-speed connectivity, Ciena is committed to a people-first approach. Our teams enjoy a culture focused on prioritizing a flexible work environment that empowers individual growth, well-being, and belonging. We're a technology company that leads with our humanity—driving our business priorities alongside meaningful social, community, and societal impact.

Are you ready to take your cybersecurity expertise to the next level? Join our team as a Vulnerability and Exposure Management Analyst and play a pivotal role in safeguarding our organization's web applications, cloud infrastructure, and digital assets. Work with cutting-edge tools and collaborate with cross-functional teams to make a real impact in the fight against cyber threats.

How You Will Contribute:

• Conduct vulnerability assessments using tools like Rapid7 InsightVM, Qualys VMDR, Tenable Nessus, and Shodan.
• Perform DAST, SAST, and manual penetration testing to identify critical risks.
• Deploy and manage attack surface management platforms, including CyCognito and Palo Alto Cortex Xpanse.
• Implement cloud security best practices and ensure compliance with frameworks like NIST and ISO 27001.
• Collaborate with development teams to integrate security into the SDLC.
• Automate security workflows with AI-driven tools to enhance efficiency.
• Stay ahead of emerging threats and industry trends.

The Must Haves:

• Bachelor's degree in Computer Science, Cybersecurity, or equivalent professional experience.
• 3-5 years of hands-on experience in vulnerability management and security assessment.
• Expertise in tools such as Rapid7 InsightVM, Qualys, Tenable Nessus, and Shodan.
• Proficiency in ASM platforms and cloud security solutions like Wiz.
• Solid understanding of web application vulnerabilities and compliance frameworks.
• 2-3 years of hands-on experience in Scripting, Python, Regex.

The Assets:
- Certifications like CISSP, CEH, OSCP, or AWS Certified Security Specialty.
- Experience with container security (Docker, Kubernetes) and DevSecOps practices.
- Background in merger and acquisition security assessments.

Not ready to apply? Join our

Talent Community

to get relevant job alerts straight to your inbox.

At Ciena, we are committed to building and fostering an environment in which our employees feel respected, valued, and heard. Ciena values the diversity of its workforce and respects its employees as individuals. We do not tolerate any form of discrimination.

Ciena is an Equal Opportunity Employer, including disability and protected veteran status.

If contacted in relation to a job opportunity, please advise Ciena of any accommodation measures you may require.