Job Title: Sr. BA Data Governance About Us “Capco, a Wipro company, is a global technology and management consulting firm. Awarded with Consultancy of the year in the British Bank Award and has been ranked Top 100 Best Companies for Women in India 2022 by Avtar & Seramount. With our presence across 32 cities across globe, we support 100+ clients across banking, financial and Energy sectors. We are recognized for our deep transformation execution and delivery. WHY JOIN CAPCO? You will work on engaging projects with the largest international and local banks, insurance companies, payment service providers and other key players in the industry. The projects that will transform the financial services industry. MAKE AN IMPACT Innovative thinking, delivery excellence and thought leadership to help our clients transform their business. Together with our clients and industry partners, we deliver disruptive work that is changing energy and financial services. #BE YOURSELF AT WORK Capco has a tolerant, open culture that values diversity, inclusivity, and creativity. CAREER ADVANCEMENT With no forced hierarchy at Capco, everyone has the opportunity to grow as we grow, taking their career into their own hands. DIVERSITY & INCLUSION We believe that diversity of people and perspective gives us a competitive advantage. Role Description Location - Bangalore Experience – 7+ years We are seeking an experienced Senior Consultant with deep expertise in Data Governance and Data Management to support enterprise-wide data initiatives within the banking sector. The ideal candidate will help strengthen data quality, ensure regulatory compliance, and drive governance practices that align with banking industry standards. Key Responsibilities - Data Governance & Regulatory Alignment • Interpret and apply data governance policies, frameworks, and regulatory requirements (e.g., Basel, BCBS 239) across banking programs. • Review and challenge data element definitions to ensure compliance, accuracy, and consistency with risk and reporting needs. • Serve as a critical voice in governance discussions, ensuring alignment with organizational and regulatory objectives. Cross-functional Collaboration • Partner with risk, compliance, finance, operations, and IT teams to ensure clarity and alignment on data governance expectations. • Act as a liaison between business and technology teams to translate banking data requirements into actionable solutions. • Engage senior domain owners to manage global/regional stakeholder relationships. Documentation & Communication • Document and communicate data governance issues and recommendations clearly for stakeholders at all levels. • Translate complex data governance and regulatory concepts into clear, actionable insights. • Develop materials for senior leader communication, steering committees, and regulatory reviews. Data Cataloging & Data Quality Management • Catalog data elements and lineage using enterprise metadata tools. • Support classification of data aligned with risk and compliance taxonomies. • Manage data quality rules, controls, and remediation initiatives relevant to banking operations. • Monitor data quality issues impacting reporting, regulatory submissions, and customer information. Required Skills & Experience • 7+ years of experience in Data Governance or Data Management, preferably within the banking or financial services industry. • Strong ability to interpret and challenge governance policies and regulatory requirements. • Exceptional verbal and written communication skills with the ability to influence stakeholders. • Analytical thinker able to review and analyze complex data definitions and business rules. • Experience managing stakeholders in matrixed environments. • Proficiency in Microsoft Excel, Project, and PowerPoint. • Experience with Data Governance tools such as Collibra or Informatica is a plus. If you are keen to join us, you will be part of an organization that values your contributions, recognizes your potential, and provides ample opportunities for growth. For more information, visit www.capco.com. Follow us on Twitter, Facebook, LinkedIn, and YouTube.

Responsibilities Cardinal Technology Systems Corp. is a government IT solutions provider servicing commercial and government initiative in various parts of the United States. We are currently seeking a Cybersecurity SME to work for our company. Summary - Must possess IT-II security clearance or have a current National Agency Check with Local Agency Check and Credit Check (NACLC). (Basic Federal Clearance requirements are U.S. Citizenship, clear criminal history check, no recent or pending bankruptcies) - Provides expert support, research and analysis of exceptionally complex problems, and processes relating to them. - Serves as technical expert to the Cybersecurity Assessment Program providing technical direction, interpretation, and alternatives to complex problems. - Thinks independently and demonstrates exceptional written and oral communications skills. - Applies advanced technical principles, theories, and concepts. Contributes to the development of new principles, concepts, and methodologies. - Works on unusually complex technical problems and provides highly innovative and ingenious solutions. - Recommends cybersecurity software tools and assists in the development of software tool requirements and selection criteria to include the development of product specific STIGs from applicable DISA SRGs. - Works under consultative direction toward predetermined long-range goals and objectives. - Assignments are often self-initiated. Determines and pursues courses of action necessary to obtain desired results. - Develops advanced technological ideas and guides their development into a final product. Requirements - Must possess IT-II security clearance or have a current National Agency Check with Local Agency Check and Credit Check (NACLC). (Basic Federal Clearance requirements are U.S. Citizenship, clear criminal history check, no recent or pending bankruptcies) - Required Training /Certifications In: ICS300 or relevant Operational Technology “OT” or Industrial Control System “ICS” Cybersecurity Certifications, ACAS and Tanium Training Module /Course Completion. - Must possess an active DoD 8570 IAT Level III certification (e.g., CISSP, CASP+ CE, CISSP-ISSAP, or CISSP-ISSEP). - 10+ years of IT experience. - 10+ years of DOD Cybersecurity experience. - 10+ years of Risk Management Framework (RMF) and NIST A&A experience. - Demonstrated expertise in leading and mentoring teams, providing clear guidance, quality oversight, and technical direction to ensure all cybersecurity artifacts meet DoD standards, organizational expectations, and inspection-ready quality levels. - Proven real world hands-on experience preparing enterprise environments for DoD cybersecurity inspections (CCRI, CORA, Blue Team assessments). - SME level experience in assessing security controls and conducting authorization reviews for large, complex organizations. - SME level understanding of DoD cybersecurity requirements, including documenting and developing artifacts for STIGs, TCG configuration guides, IAVMs, and Task Orders. - Oversees end to end POA&M lifecycle management, ensuring accurate documentation, status tracking, and closure of all remediation actions. - Exceptional ability to develop, maintain, and validate RMF artifacts and cybersecurity documentation. - Expert ability to interpret new and evolving DoD cybersecurity documentation, templates, and compliance requirements to develop high-quality cyber security artifacts even when guidance is incomplete, ambiguous, or inconsistently applied. - Skilled in analyzing and interpreting cybersecurity guidance from the ISSM/ISSO to produce authoritative system documents such as the SSP, CONOPS, Incident Response Plan, and Contingency. - Plan, Configuration Management Plan, and other required artifacts. - Proven ability to work independently and collaboratively with minimal oversight. - Strong research, analytical, and problem-solving skills. - Proficiency with analytical tools such as Microsoft Excel, Access, Power BI, and Power Platforms. - Ability to generate clear, accurate, and audit-ready cybersecurity reports, including vulnerability summaries, compliance status updates, and risk findings for technical and leadership audiences. - Ability to generate detailed analytics and trend reports using data from vulnerability scanners, configuration tools, and security platforms to support decision-making and inspection readiness. - Excellent written and verbal communication skills, including the ability to brief leadership and produce clear documentation. Benefits • Medical, Dental, Vision Benefits • Paid Life • Paid Vacation, Holidays, Sick Leave, Floating Holidays, Bereavement Leave • Semi-monthly pay cycle Work With Us Cardinal Technology Systems, Corp (“CTech-Sys”), www.ctech-sys.com, is an SBA Certified 8(a) and HUBZone company located in the National Capital Region (NCR) and serves both government and commercial clients such clients as US CBP, US CIS, DLA, DFuse Technologies, and American Environmental Engineering Consultants. Cardinal Technology Systems, Corp is an Equal Employment Opportunity employer and it’s our policy to consider applicants for employment without regard to sex, race, color, creed, religion, national origin, sexual orientation, marital status, age, disability, veteran status, alienage, ancestry, or any other factors prohibited by law. Employment selections are based on company and client requirements and the qualifications and skills of the candidate. CTech-Sys is committed to actively capitalizing on the diversity of skills, talents and perspectives of our employees.

Role Description We are actively hiring an Offensive Security Engineer to work on real-world security testing and automation across modern systems. This role is ideal for candidates with a strong foundation in penetration testing who want to expand into automation, tooling, and advanced offensive security practices. You will work on practical security challenges — not just scanning tools — and contribute to improving security at scale. Responsibilities - Perform security testing across web applications, APIs, and infrastructure - Develop scripts and tools (Python, Bash, etc.) to automate testing workflows - Identify, validate, and analyze vulnerabilities - Support internal offensive security initiatives and tooling - Collaborate with engineering teams to improve system security - Contribute to improving detection and response capabilities Qualifications - 2–5 years of experience in penetration testing or security engineering - Basic to intermediate scripting skills (Python, Bash, or similar) - Strong understanding of web security (OWASP Top 10 and beyond) - Familiarity with Linux systems and networking concepts - Strong analytical and problem-solving mindset Requirements - Nice to Have - Experience building security tools or automation - Exposure to cloud security or DevSecOps environments - Experience with real-world testing or bug bounty programs Work Setup - Full-time - Remote (Worldwide) Company Description Join our team at Sentrabyte Digital Solusi and embark on a journey of growth and innovation.

Role Description As an Offensive Security Engineer on the Proactive Threat team, you will simulate the tactics, techniques, and procedures (TTPs) of real-world adversaries to uncover security risks across Stripe's products and infrastructure. You'll conduct hands-on penetration testing, lead red team engagements, and collaborate with blue team counterparts to validate and improve detection and response capabilities. Your work will directly influence how Stripe builds, ships, and secures financial infrastructure used by millions of businesses worldwide. Beyond assessments, you'll design and build offensive tooling and automation that amplifies the team's impact. You'll leverage threat intelligence to prioritize testing efforts, contribute to incident investigations when needed, and act as a subject-matter expert for security initiatives across the company. Responsibilities - Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure. - Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios. - Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams. - Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity. - Contribute adversary tradecraft insights to inform detection rule development, threat hunting hypotheses, and incident response playbooks. - Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required. - Design, develop, and maintain custom offensive tools, scripts, and automation frameworks to enhance assessment efficiency and coverage. - Build internal platforms and workflows that enable scalable, repeatable offensive operations. - Contribute to internal security tooling repositories and champion engineering best practices within the team. - Automate repetitive testing tasks, payload generation, and reporting workflows using modern development practices. - Produce clear, actionable reports that communicate technical findings, business risk, and remediation guidance to both technical and non-technical stakeholders. - Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives. - Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing. - Stay current with emerging threats, vulnerabilities, and attack techniques; share research internally and contribute to the broader security community. Qualifications - 5+ years of experience in offensive security, penetration testing, red teaming, or a related field. - Strong programming skills in Python, Go, or similar languages, with demonstrated experience building tools, automation, or custom exploits. - Deep knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability classes (injection, auth flaws, business logic, etc.). - Hands-on experience with cloud platforms (AWS, Azure, or GCP), including cloud-native attack techniques and misconfigurations. - Proficiency with offensive tooling such as Burp Suite, Cobalt Strike, Mythic, Sliver, BloodHound, or similar frameworks. - Familiarity with adversary tradecraft and frameworks such as MITRE ATT&CK, including TTPs for initial access, privilege escalation, lateral movement, and exfiltration. - Excellent written and verbal communication skills, with the ability to translate complex technical findings into clear, risk-based recommendations. - Ability to think like an adversary — creative, persistent, and able to holistically assess risk in complex environments. Preferred Qualifications - Experience conducting offensive security in fintech, financial services, or other highly regulated environments. - Background in vulnerability research, exploit development, or CVE discovery. - Experience collaborating with threat intelligence, detection engineering, or incident response teams (purple team operations). - Familiarity with big data and log analysis tools (Splunk, Databricks, PySpark, osquery, etc.) for threat hunting or investigative support. - Proficiency with AI/LLM-assisted development tools (e.g., Claude Code, Cursor, GitHub Copilot) and experience applying them to offensive security workflows. - Interest or experience in agentic automation — using LLMs or autonomous agents to augment reconnaissance, vulnerability discovery, or exploitation workflows. - Experience testing AI/ML systems or LLM-based applications for security weaknesses (prompt injection, training data extraction, model manipulation, etc.). - Contributions to open-source security tools, published research, blog posts, or conference presentations. - Relevant certifications such as OSCP, OSWE, OSEP, OSED, CRTO, CPTS, PNPT, GXPN, or cloud security certifications.