21 Identity And Access Management jobs in Pakistan

Contour Software has grown from a dozen people to over 2,000 staff across 3 cities, in less than 14 years.

As a subsidiary of Constellation Software Inc., we are proud to be part of a global enterprise software conglomerate that has grown to become one of the top 10 software companies in the world, with employees and customers in 100+ countries. With a broad-based and ever-growing portfolio of market-leading, vertical-market enterprise solutions covering more than 100 industry domains in predominantly mature markets, CSI's recipe creates the perfect environment for professionals to build fulfilling, long-term careers.

What started as an R&D & Accounting back-office, has progressed into a full-service Global Centre serving all functions and departments, at the divisional as well as operating group/corporate level. Today Contour employees, located in Karachi, Lahore & Islamabad, are serving CSI divisions located in time zones spanning the globe, from Sydney to Vancouver. With the global growth of Constellation as the wind in our sails, we are only just getting started!

Job Overview

The IT Security Engineer is responsible for proactively maintaining our information security systems, processes, and procedures to protect and preserve the confidentiality, integrity, and availability of all data and systems. This position will also drive company-wide support for security programs through the operationalization and documentation of all security-related tasks, working very closely with development & operations teams, product owners, and other groups.

Essential Responsibilities and Duties:

• Reviews current corporate policies and helps redefine policies and procedures

• Stays current on IT security trends and news

• Manages security monitoring and threat detection systems for cloud environments

• Proactively updates and maintains tools for monitoring and support

• Supports cloud compliance/certification activities and participates in security audits/reviews.

• Provides consulting and influences other teams to mature cloud/DevOps security.

• Serves as a security expert and provides technical leadership to other staff members.

• Conducts security reviews of web applications, services, integrations, and APIs

• Pinpoints methods and attack surfaces attackers use to exploit weaknesses and logic flaws

• Conducts Cloud & Network infrastructure reviews, Systems infrastructure, Application configurations, and Software Code reviews.

• Reviews maintain and enhance current scanning and testing tools

• Verifies security vulnerabilities identified by automated tools

• Performs manual testing to supplement results of automated scanning and testing tools

• Documents identified security vulnerabilities and related matters in a clear, concise, and timely manner

• Meet with the operations and application teams to review and explain identified security vulnerabilities and possible remediation

• Resolves issues and provides statuses that may impact testing

• Applies fixes and remediation for detected vulnerabilities to maintain a high-security standard

• Organizes/facilitates retest of infrastructure, system, and application updates or deployed remediation logic to verify resolution of security vulnerabilities

• Maintains electronic or trail of testing activity for audit purposes

• Maintains confidentiality of authentication credentials, sensitive application information, and test results before, during, and after completing testing and/or retesting

• Investigates potential security breaches and other cybersecurity incidents

• Works with R&D, Cloud, Support, and QA Teams to perform tests and uncover potential network/systems/application vulnerabilities

Qualifications for Security Engineer

• At least 2 years of experience in the cybersecurity industry

• Strong understanding of security controls/services in public cloud environments (Azure)

• Ability to prioritize projects and Comfortable working in a fast-paced environment

• Experience with other security solutions, such as EDR, SASE, firewalls, DLP, NAC, IDS/IPS, and vulnerability assessment tools

• Certifications such as CISSP, GSEC, CEH, or CISM desired

• Strong understanding of web application security assessment techniques.

• Knowledge of static and dynamic security analysis tools.

• Knowledge of the Security Development Lifecycle (SDLC).

• Understanding the best practices, control frameworks, and applicable existing and new legal/regulatory requirements

• An understanding of best practices and how to implement them at a business-wide level

• Public Trust security clearance, or a willingness to obtain one

• Critical thinking skills and the ability to solve problems as they arise

• Basic coding skills, such as HTML, CSS, and other languages

Exciting Benefits we offer:

Medical Coverage – Self & Dependents

Parents Medical Coverage

Provident Fund

Employee Performance-based bonuses

Home Internet Subsidy

Conveyance Allowance

Profit Sharing Plan (Tenured Employees Only)

Child Care Facility

Company Provided Lunch/Dinner

Professional Development Budget

Recreational area for in-house games

Sporadic On-shore training opportunities

Friendly work environment

Leave Encashment

Disclaimer: At Contour, we attribute our success to the unique contributions of our diverse staff. We’re committed to fostering a culture of respect that thrives on the varied perspectives and experiences of all individuals we recruit, employ, promote, and compensate. Since day one, we’ve adhered to a policy that champions a work environment honoring the worth and dignity of each person while being free from all forms of employment discrimination.

In our continuous effort to promote inclusivity, we extend our commitment to individuals with special needs by providing reasonable accommodations. We actively encourage qualified individuals with special needs to apply for the various openings within our company. Should you require assistance in completing the application process or have any inquiries regarding special facilities, please do not hesitate to contact our HR team. Your unique talents and abilities are welcomed and valued here.

As a subsidiary of CSI, Contour Software serves as a dedicated Global Centre, currently housing employees and teams for more than 150 Divisional and Corporate departments. Contour employees are key players in implementing, supporting, extending, enhancing, and renewing enterprise systems that run thousands of medium and large businesses, as well as public institutions, globally!

About the Role:

We are seeking a motivated Information Security Specialist with a strong foundation in compliance frameworks and offensive security. The ideal candidate will have hands-on experience with ISO 27001, HIPAA, SOC 2, as well as practical skills in penetration testing and security risk assessments. This role requires both a compliance mindset and an attacker’s perspective to ensure a well-rounded approach to organizational security.

Key Responsibilities:

○ Maintain and improve the organization’s Information Security Management System (ISMS) in alignment with ISO 27001.

○ Support compliance efforts for HIPAA and SOC 2 frameworks.

○ Conduct risk assessments, document findings, and recommend remediation strategies.

○ Assist in preparing for internal and external audits.

● Offensive Security & Technical Security Testing

○ Perform internal and external penetration testing, including web, network, and cloud environments.

○ Conduct vulnerability assessments and report exploitable weaknesses.

○ Simulate real-world attack scenarios to test security controls and incident response readiness.

● Security Awareness & Incident Support

○ Work with cross-functional teams to improve security posture.

○ Contribute to security awareness training programs.

○ Assist in security incident investigations and root cause analysis.

Required Qualifications

● Education: Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).

○ Offensive Security Certifications: CPPT, CWPTX or similar

○ 2–3 years in information security roles covering both compliance and offensive security.

○ Hands-on involvement in ISO 27001 implementation/maintenance, HIPAA, and SOC 2 compliance projects.

○ Experience performing penetration tests and vulnerability assessments.

Desired Skills:

● Knowledge of security standards such as NIST, CIS Controls, and GDPR.

● Strong report writing and communication skills for both technical and non-technical audiences.

● Understanding of incident response processes.

We are seeking a skilled Microsoft Defender for Endpoint Specialist to join our team in Islamabad. The ideal candidate will play a key role in deploying and managing Microsoft Defender for Endpoint solutions to ensure robust endpoint security across the organization.

1. Deploy and configure Microsoft Defender for Endpoint solutions across diverse environments.
2. Integrate endpoint security with Active Directory and Microsoft 365 infrastructure.
3. Monitor, analyze, and respond to endpoint security incidents.
4. Optimize endpoint security configurations for performance and protection.
5. Collaborate with IT teams to ensure compliance with security standards and best practices.
6. Document configurations, procedures, and troubleshooting guidelines.

1. Bachelor’s degree in Computer Science, IT, or a related field (mandatory).
2. Proven experience with Active Directory and Microsoft 365 administration .
3. Hands-on experience with deploying and managing Microsoft Defender for Endpoint .
4. Strong understanding of endpoint security concepts and incident response.
5. Excellent troubleshooting and problem-solving skills.
6. Ability to work under tight deadlines and deliver quality results.

We are looking for a Microsoft Defender EDR/XDR Specialist in our Islamabad office. You may apply if you are willing to work in any of the locations and have relevant experience.

1. Health Insurance
2. Provident Fund
3. Compensation Plans
4. Paid Certifications & Training
5. Stars Of the Month Rewards
6. Quarterly Meetups
7. Anniversary & Eid Gifts
8. Employee Loans for Hajj, Umrah and events

We are looking for an experienced Senior Security Engineer to become part of our growing team. The ideal candidate will be dedicated to safeguarding digital assets, with a strong focus on security best practices. You should be highly collaborative and committed to delivering high-caliber protection, always keeping the needs of our clients at the forefront.

As a Senior Security Engineer specializing in Offensive Security, you'll be responsible for performing pentest activities across various domains, including: conducting in-depth penetration testing for Web & APIs, Mobile Applications, Cloud environments (AWS), and Active Directory.

• Demonstrated expert-level knowledge of web application functioning, authentication, and authorization mechanisms.
• Proficiency in identifying and understanding code-level vulnerabilities, including OWASP Top 10, and collaborating with development teams for effective remediation.

• Comprehensive understanding of platform-native vulnerabilities and strategies for remediation.
• Understanding in SSL Pinning and root check implementation, including circumvention of these security measures and improvement suggestions.
• Strong familiarity with major AWS services (IAM, EC2, Lambda, S3, RDS, etc.).
• Ability to identify misconfigurations in IAM policies and hands-on experience in initial access, enumeration, privilege escalation, and data exfiltration in cloud environments.
• Articulate knowledge of prevention and remediation strategies for identified cloud vulnerabilities.

• Certifications such as OSCP, CRTP, CRTO, CREST CRT are advantageous but not mandatory; emphasis is on practical skills and expertise.
• Hands-on experience in performing Active Directory Assessment and familiarity with CI/CD Pipelines.

Join to apply for the Application Security Engineer role at Eon

23 hours ago Be among the first 25 applicants

Join to apply for the Application Security Engineer role at Eon

Get AI-powered advice on this job and more exclusive features.

Work with the industry leader

At Eon, our mission is to make patients healthier and healthcare more affordable. Eon Patient Management ("EPM") identifies patients with disease risk and streamlines clinical decision analysis so clinicians can work at the top of their licenses. With solutions across multiple disease states, we drive adherence to care pathways, increasing patient care and survival. When patients succeed, healthcare systems benefit both clinically and financially.

As a leader in incidental tracking and patient management, Eon pioneers the use of AI to enable healthcare enterprises, from small health systems to large IDNs. We have a dynamic team focused on results, with employment opportunities both in Denver and remote.

The Opportunity

As an Application Security Engineer, you will enhance Eon's application security and ensure platform security throughout the SDLC. You will analyze, test, and triage vulnerabilities, participate in security reviews, and integrate security into development workflows and CI/CD pipelines. Collaboration with Product and Engineering teams, as well as external testers, is essential. This role offers an excellent chance to advance application security practices and address security weaknesses enterprise-wide.

In This Role You Will

1. Advocate for application security within the organization
2. Develop and maintain a risk-based security program based on a security framework
3. Ensure compliance with healthcare security standards like HIPAA and HITRUST
4. Identify patterns in vulnerabilities and work with development teams to address root causes
5. Participate in strategic decisions related to security requirements, design, and operations
6. Conduct security reviews of code, architecture, and integrations
7. Coordinate penetration testing and drive remediation
8. Integrate security testing tools into CI/CD pipelines with DevOps teams
9. Stay updated on security issues and technologies
10. Maintain documentation of processes and procedures
11. Support daily security team activities, including incident response

Skills & Requirements

1. Deep knowledge of cybersecurity frameworks such as NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
2. Understanding of crypto, authentication, and authorization protocols like SSL/TLS, SAML, OAuth, JWT
3. Desire to ethically identify vulnerabilities and communicate mitigation strategies
4. Ability to read Java, JavaScript, and Python
5. Experience automating tasks with scripting languages like Python is a plus
6. Experience in healthcare security standards (HIPAA, HITRUST) is a plus

Nice-to-have

1. 2+ years in web application penetration testing or security-focused development
2. Certifications such as AWS Security, CEH, GWEB, GCIH preferred
3. Ability to work in a fast-paced, diverse environment and collaborate effectively
4. Strong communication skills for technical and non-technical audiences

What’s in it for you?

• Competitive salary
• Health insurance
• Referral bonuses
• Generous vacation
• Paid parental leave
• Remote work options
• Office lunch facility
• Travel allowance
• Company equipment
• Career growth opportunities
• Supportive team environment

If interested, send us your resume!

• Entry level

• Full-time

• Information Technology
• Hospitals and Health Care

Work with the industry leader

At Eon, our mission is to make patients healthier and healthcare affordable. Eon Patient Management ("EPM") identifies patients with disease risk and streamlines clinical decision analysis so clinicians can work at the top of their licenses. With unique solutions across multiple disease states, we drive unprecedented adherence to care pathways, so that more patients are seen and more survive. When patients win, healthcare systems win - both clinically and financially.

As a market leader in incidental tracking and patient management, Eon is pioneering the use of Artificial Intelligence to enable healthcare enterprises, ranging from small health systems to large, national-scale IDNs. We have a unique and dynamic team that is focused on results, and employment opportunities both local to our Denver office, and remote based.

This really is the perfect role!

The Opportunity:

As an Application Security Engineer, you will be improving Eon's application security posture and keeping the platform secure throughout the Software Development Life Cycle (SDLC)! We are looking for someone who loves to analyze, test and triage application vulnerabilities, participate in code and product security reviews, and help our Developers bake security into their day-to-day workflows and CICD. You will partner closely with our Product and Engineering teams, and external testers, so solid interpersonal skills are a must. This role is a great opportunity to advance an application security program and drive remediation of security weaknesses with an enterprise-wide impact!

In this role you will:

• Be an advocate for application security within the organization
• Help develop and maintain a risk-based application security program based on a well-defined application security framework
• Ensure the platform complies with healthcare-specific security standards such as HIPAA and HITRUST, and follow best practices for handling sensitive patient data.
• Find common patterns and themes within application vulnerabilities and work with Development teams to address the root causes
• Participates in the strategic decisions related to the requirements, design, implementation, and operations of application security framework, processes, and technology
• Execute security-focused code, architecture and integration reviews
• Coordinate or conduct penetration testing and drive remediation efforts to completion
• Collaborate with DevOps teams to integrate security testing tools (SAST/DAST) into CI/CD pipelines to enable DevSecOps practices.
• Keep abreast of the latest security issues and technologies
• Own and improve process and procedural documentation
• Assist with daily activities and functions of the Security team (including alert & incident response) to maintain security posture as well as policy and compliance commitments
  
  

Skills & Requirements:

• Deep knowledge and familiarity with Cybersecurity Framework, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
• Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens is a must
• Possess a relentless desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework is desired
• Ability to read and understand Java, JavaScript, and Python
• Ability to automate repetitive tasks, using Python or other scripting language, is a plus
• Experience working in regulated industries, with a focus on healthcare security standards (HIPAA, HITRUST) is a plus.
  

Nice-to-have:

• 2+ years of experience in web application penetration testing or a security-focused application development role is a must
• AWS Security, CEH, GWEB, GCIH or equivalent certifications are preferred
• Ability to work in a diverse, fast-paced environment and effectively collaborate across teams
• Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience
  

“So what’s in it for me,” you ask?

We pride ourselves for being a culture-based company buzzing with high-energy. Aside from the enthusiastic environment, you'll enjoy:

• Competitive salary
• Health insurance
• Referral bonuses
• Generous vacation time
• Paid Maternity and Paternity leave
• Work from home days
• Lunch facility within office
• Travel allowance
• Company equipment (laptop, internet device, screens etc)
• Professional development and career growth opportunities
• Awesome team members

If we still have your attention, don't delay, send us your resume!

#LI-Onsite