**Req ID:** 328714 NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now. We are currently seeking a Systems Integration Specialist Advisor to join our team in Bengaluru, Karnātaka (IN-KA), India (IN). **Job Summary: Senior Vulnerability & DevSecOps Engineer** We seek a highly skilled and technically proficient Senior Vulnerability & DevSecOps Engineer to join our security team. In this pivotal role, he/she will drive our end-to-end vulnerability management program, from comprehensive scanning and deep analysis to effective remediation and reporting. Leveraging expert-level experience with industry-leading tools like Qualys and Burp Suite, he/she will proactively identify, prioritize, and validate critical vulnerabilities across our expansive hybrid infrastructure, encompassing servers, workstations, and cloud environments (GCP, AWS, Azure). A significant focus of this position involves integrating robust security practices and automation into our CI/CD pipelines. He/she will be instrumental in building, maintaining, and improving automated security testing workflows using tools such as Jenkins, GitLab CI, Azure DevOps, SonarQube, Synk, and ZAP, ensuring security is "shifted left." Proficiency in scripting languages (Python, Bash, Terraform) and automation frameworks like Ansible is essential for developing custom tools, automating patching, configuration hardening, and streamlining compliance checks. He/she will collaborate closely with development and operations teams to embed secure coding principles and foster a DevSecOps culture, ultimately enhancing our security posture and reducing organizational risk. This role demands a deep understanding of vulnerability assessment methodologies (OWASP Top 10, NIST), networking concepts, and diverse operating systems (Windows, Linux). Exceptional analytical skills are required to interpret complex scan results, manually validate findings, and generate advanced reports and dashboards using Power BI and Excel for technical and executive audiences. A proactive problem-solver passionate about automation, application security, and continuous improvement in a dynamic technical landscape. **Responsibilities:** + Vulnerability Scanning and Security Analysis: + Perform regular vulnerability scans of servers, workstations, cloud infrastructure, and other assets using Qualys and Burp. + Analyze scan results to identify critical vulnerabilities, misconfigurations, and compliance violations. + Prioritize vulnerabilities based on risk and business impact. + Manually validate and verify vulnerabilities to reduce false positives and refine scan settings. + Basic understanding of OWASP Top 10 standards. + Remediation and Reporting: + Work closely with application teams, system administrators, and other stakeholders to communicate vulnerability findings and guide remediation efforts. + Track remediation progress using Excel and other tracking tools. + Generate detailed reports on vulnerability trends, remediation status, and overall security posture. + Present findings to technical and management audiences. + DevSecOps: + CI/CD Pipelines: Implement, build, and maintain CI/CD pipelines with security integrated throughout the process. Familiarity with tools like Jenkins, GitLab CI, Azure DevOps Cloud, JFrog, SonarQube, Synk, and ZAP. + Some understanding of Google Cloud. + Automate vulnerability remediation tasks using Ansible playbooks. + Collaborate with development teams to implement secure coding practices and improve application security. + Work with DevSecOps engineers to build out automated security testing pipelines. + Automation and Scripting: + Develop and maintain Ansible playbooks to automate vulnerability patching, configuration hardening, and compliance checks. + Use scripting languages (e.g., Python, Bash, Terraform) to create custom tools and scripts for vulnerability analysis and reporting. + Continuous Improvement: + Continuously evaluate and improve our vulnerability management processes and procedures. + Research and recommend new security tools and technologies. + Participate in security incident response activities. **Technical Skills and Qualifications:** + Required: + 3+ years of experience in security vulnerability scanning and analysis. + Expert-level experience with Vulnerability Management + Strong understanding of vulnerability assessment methodologies and tools (e.g., OWASP, NIST). + Proven experience with automation and configuration management. + Understand at least one scripting language (e.g., Python, Bash, PowerShell). + Experience with integrating security tools into CI/CD pipelines. + Excellent working knowledge of Power BI and Excel for data analysis and reporting. Ability to create complex dashboards and reports. + Solid understanding of networking concepts, operating systems (Windows, Linux), and cloud environments (e.g., AWS, Azure, GCP). + Excellent communication, collaboration, and problem-solving skills. + Ability to work independently and as part of a team. + Preferred: + Some experience with other security tools such as Burp Suite, Invicti, SonarQube, Zap, etc. + Experience with container security (e.g., Docker, Kubernetes). + Knowledge of security frameworks such as NIST CSF or ISO 27001. + Experience with security incident response. + Some experience with SIEM tools (e.g., Splunk, QRadar). + Knowledge of application security testing methodologies (SAST, DAST, IAST). + At least one of the following Certifications (a plus): + Qualys Certified Specialist (QCS) + DevSecOps Foundation/Engineer/Professional + Certified Information Systems Security Professional (CISSP) + Certified Ethical Hacker (CEH)Offensive Security Certified Professional (OSCP) + CompTIA Security **Education:** + Bachelor’s degree in computer science, Information Security, or a related field, or equivalent experience. **About NTT DATA** NTT DATA is a $30 billion trusted global innovator of business and technology services. We serve 75% of the Fortune Global 100 and are committed to helping clients innovate, optimize and transform for long term success. As a Global Top Employer, we have diverse experts in more than 50 countries and a robust partner ecosystem of established and start-up companies. Our services include business and technology consulting, data and artificial intelligence, industry solutions, as well as the development, implementation and management of applications, infrastructure and connectivity. We are one of the leading providers of digital and AI infrastructure in the world. NTT DATA is a part of NTT Group, which invests over $3.6 billion each year in R&D to help organizations and society move confidently and sustainably into the digital future. Visit us at us.nttdata.com (http://us.nttdata.com/en) **_NTT DATA endeavors to make_** **_https://us.nttdata.com_** **_accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at_** **_https://us.nttdata.com/en/contact-us_** **_._** **_This contact information is for accommodation requests only and cannot be used to inquire about the status of applications. NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For our EEO Policy Statement, please click here (http://us.nttdata.com/en/compliance#eeos) . If you'd like more information on your EEO rights under the law, please click here (http://us.nttdata.com/en/compliance#know-your-rights) . For Pay Transparency information, please click here (http://us.nttdata.com/en/compliance#ppnp) ._**