50 Kali Linux Jobs

Cyber security instructor, SOC operations, Bug bounty operations, Network Security, Python Scripting, Security Consulting, Training Delivery, Student Mentorship, Assessment and Evaluation

As an IT Security Senior Analyst, you will be responsible for performing penetration testing (PT), SAST, and articulating findings in an easily comprehensible manner to asset owners. Collaborative skills are essential for this role. Your key responsibilities will include building a Secure Development Lifecycle (SDLC) by embedding SAST, SCA, DAST, and penetration testing into the development pipeline. You will conduct penetration testing of various component types such as web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Additionally, you will run SAST & DAST scans, analyze tool results, provide remediation support, and review open-source components. It will be your responsibility to assess, report, and close identified vulnerabilities and validate issues as part of the responsible disclosure program. You will be required to provide status reports to the PT Service owner and other stakeholders related to key metrics, risk indicators, trending, and compliance. Furthermore, you will analyze security assessment results and threat feeds to appropriately react to security weaknesses or vulnerabilities. Supporting the Automation of Vulnerability Management program to achieve efficiency and effectiveness, as well as configuring and maintaining regular and ad-hoc vulnerability scans using SAST & DAST tools against internal and external applications are also part of your role. To be successful in this position, you should have a minimum of 1.5 years of experience in performing penetration testing of web applications, APIs, mobile applications (iOS + Android), and infrastructure (server + network). Experience working with SAST & DAST programs, developing and communicating SDLC processes, and performing manual source code reviews is required. Proficiency in using tools like Burp Suite and exposure to platforms such as Veracode, Acunetix, Kali Linux, and Android Studio (AVD) are preferred. A good understanding of Windows, Linux, Active Directory, and networking protocols is also necessary.,

Responsibility The position, inter alia, be responsible for the following: Assist in planning and implementation of organization-wide Business Continuity Management System (BCMS) in accordance with ISO 22301 Standard, and other relevant security standards, Evaluate compliance with respect to legal and regulatory requirement for information security. Ensure security controls on Cloud infrastructure by developing, rolling out and implementing Cloud Security policy and procedures. Ensuring implementation of security controls on the cloud infrastructure. Regularly monitor security controls on the cloud infrastructure Conduct thorough offensive testing on Android applications, web platforms, and network infrastructure to identify and mitigate vulnerabilities. Review and update information security polices, standards, procedures, guidelines and processes. Assis in employee awareness by imparting induction training, rolling out monthly mailers and awareness handbooks. Drive phishing and spear phishing simulation campaign across the organization. Ensure necessary reporting of these campaigns and employee awareness based on the campaign. Ensure regular security testing and monitoring of PNB Housing infrastructure. Ensure all vulnerabilities are promptly reported, adequately managed and timely closed for any new and existing infrastructure of PNB Housing Ensure evaluation of any new security products and ensure that PNB Housing data is securely managed. Suggest controls to manage and mitigate information security risks. Continuous monitoring of security incidents. Take remedial action to reduce the same. Conduct threat modelling to access overall security posture, document & report the findings and recommend remediation strategies Competencies: 1. Good communication and writing skills. 2. High energy professional. 3. Technical & functional expertise 4. Attitude to learn 5. Knowledge of relevant legislative or regulatory requirements such as IT Act and associated Rules 6. Strong understanding of network protocols & security concepts. 7. Familiarity with VAPT tools ( Burp Suite, Kali Linux, Metasploit, Wireshark etc.) 8. Analytical skills

Job Title: Application Security Expert - Red Team / Ethical Hacker Department: Information Security / Cybersecurity Reports To: Group CISO Job Summary: The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in our software applications throughout the entire Software Development Life Cycle (SDLC). Operating as a key member of the in-house Red Team, this role will focus on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen our overall security posture. Responsibilities: Red Teaming & Attack Simulation: Plan and execute realistic attack simulations against our web, mobile, and desktop applications to identify weaknesses and bypass security controls. Develop and utilize custom exploits, tools, and techniques to mimic the tactics, techniques, and procedures (TTPs) of advanced threat actors. Conduct social engineering campaigns to assess employee awareness and identify potential vulnerabilities. Advanced Penetration Testing: Perform in-depth penetration tests of applications, networks, and systems, using both automated tools and manual techniques. Identify and exploit complex vulnerabilities, including those related to application logic, authentication, authorization, and data handling. Develop detailed penetration test reports with clear and actionable recommendations for remediation. Secure Code Review (Offensive Perspective): Conduct code reviews from an offensive perspective, identifying potential vulnerabilities that could be exploited by attackers. Provide developers with guidance on secure coding practices and vulnerability remediation techniques. Develop and maintain secure coding guidelines and checklists. Vulnerability Research & Exploit Development: Stay up-to-date on the latest security threats, vulnerabilities, and exploit techniques. Conduct vulnerability research to identify new and emerging threats. Develop custom exploits and tools to test and demonstrate the impact of vulnerabilities. SDLC Integration & Security Advocacy: Collaborate with development teams to integrate security testing and red teaming activities into the SDLC. Participate in design reviews and provide security guidance on application architecture and design. Promote a security-conscious culture within the development organization. Vulnerability Management (Validation & Verification): Validate and verify the effectiveness of vulnerability remediation efforts. Retest remediated vulnerabilities to ensure they have been properly addressed. Security Tooling & Automation (Offensive Tools): Evaluate, recommend, and customize offensive security tools and technologies. Automate red teaming and penetration testing processes to improve efficiency and coverage. Required Skills and Qualifications: Education: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Experience: 8+ years of experience in application security, penetration testing, red teaming, or a related field. Demonstrable experience conducting advanced penetration tests and red team engagements. Strong understanding of web application vulnerabilities (e.g., OWASP Top 10, SANS Top 25). Experience with various penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Kali Linux). Experience with exploit development and reverse engineering. Technical Skills: Expert proficiency in one or more programming languages (e.g., Python, Java, C, C++). Strong understanding of web application architectures and technologies. Deep understanding of network protocols and security concepts. Familiarity with cloud security principles and practices (e.g., AWS, Azure, GCP). Understanding of authentication and authorization mechanisms. Certifications (Required/Preferred): Offensive Security Certified Professional (OSCP) - Required Certified Ethical Hacker (CEH) - Preferred GIAC Web Application Penetration Tester (GWAPT) - Preferred Offensive Security Certified Expert (OSCE) - Highly Preferred Offensive Security Web Expert (OSWE) - Highly Preferred

We are seeking an experienced and dynamic Cybersecurity Trainer to join our team. The ideal candidate will be responsible for delivering high-quality cybersecurity training to individuals and groups, ensuring they gain the knowledge and skills necessary to thrive in a fast-paced and ever evolving digital landscape. You will be responsible for creating and delivering engaging training materials, hands-on labs, and real-world scenarios to effectively educate participants on essential cybersecurity principles and practices. Diam massa vulputate ut tempus viverra sed ac. Amet faucibus non nulla id adipiscing. Aliquam sit parturient amet, sagittis. Urna, dictum volutpat dapibus pharetra massa felis. Convallis duis suspendisse luctus amet ultricies at leo, nulla. Consectetur porta cras etiam bibendum sed lobortis aenean lectus. Key Responsibilities Conduct engaging, informative, and hands-on cybersecurity training sessions for individuals or groups, either in-person or remotely. Curriculum Development Develop and update comprehensive training materials, including presentations, guides, lab exercises, and assessments on various cybersecurity topics such as threat analysis, network security, ethical hacking, encryption, risk management, etc. Skill Development Teach and assess participants' knowledge and practical skills in areas like network security, cybersecurity fundamentals, penetration testing, firewalls, vulnerability management, and incident response. Real-World Application Integrate real-world scenarios and case studies into training sessions to enhance learning and provide practical understanding. Performance Tracking Evaluate participant progress through assessments and feedback, and track learning outcomes. Continuous Improvement Stay updated with the latest cybersecurity trends, tools, and technologies and incorporate them into the training programs. Technical Support Provide ongoing technical support and guidance to participants as they apply learned concepts in real-world situations. Certification Preparation Assist participants in preparing for leading cybersecurity certifications (e.g., CompTIA Security+, CISSP, CEH, etc.). Training Customization Customize training sessions for different levels of experience, from beginners to advanced professionals. Educational Qualifications Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience). Relevant cybersecurity certifications (CISSP, CISM, CEH, CompTIA Security+, etc.) preferred. Experience Training Delivery Minimum of 3 years of experience in cybersecurity roles such as network security, ethical hacking, or information security. Proven experience in delivering cybersecurity training or workshops is a strong plus. Technical Skills Training Delivery In-depth knowledge of cybersecurity concepts, tools, and technologies (e.g., firewalls, IDS/IPS, encryption, VPNs, vulnerability scanning). Hands-on experience with cybersecurity platforms and tools like Wireshark, Kali Linux, Metasploit, Splunk, etc. Familiarity with cybersecurity frameworks (e.g., NIST, ISO 27001). Teaching & Communication Skills Training Delivery Strong presentation and communication skills, with the ability to explain complex topics clearly and effectively to diverse audiences. Patience and the ability to simplify difficult concepts for beginners. Ability to adapt training delivery to different learning styles (visual, auditory, kinesthetic). Personal Skills Training Delivery Analytical and problem-solving abilities. Strong organizational skills with the ability to manage multiple training programs simultaneously. Continuous learner, committed to staying ahead in the ever-changing cybersecurity field. Travel Requirements Training Delivery Travel to training locations across cities/states as per schedule (sometimes on short notice). Travel and accommodation expenses will be covered or reimbursed as per company policies. Training duration at client sites may range from 1 day to 2 weeks. Travel Requirements Training Delivery Travel to training locations across cities/states as per schedule (sometimes on short notice). Travel and accommodation expenses will be covered or reimbursed as per company policies. Training duration at client sites may range from 1 day to 2 weeks. What We Offer Training Delivery Competitive salary + travel allowance + performance incentives A dynamic and growth-focused work environment Opportunities to work with reputed academic and corporate partners Ongoing learning & upskilling support

Apply on company website- https://zrec.in/hIRJh?source=CareerSite

You will be joining CDI for the role of Cyber Security Trainer and Consultant, where you will be responsible for conducting both onsite and offsite training programs for clients. Your main tasks will include conducting Vulnerability Assessments, Network Penetration Testing, Internal & External as well as Web Application scanning, and Penetration Testing using both manual methods and automated tools. To succeed in this role, you must have a solid understanding and practical experience with tools such as Metasploit, OWASP top ten attacks, Burpsuite, Kali Linux, Acunetix, Nessus, Nmap, and other relevant tools. Additionally, a good grasp of Threat Intelligence and domain tools is essential. Effective communication skills in English are crucial for this position, as you will be interacting with clients regularly. The job offers a full-time position in the morning shift at CDI, located near VR mall in Mohali, Punjab. Ideally, you should have at least 1 year of work experience in the field of Cyber Security. If you meet these requirements and are willing to relocate if necessary, we encourage you to apply for this exciting opportunity.,

Urgent Hiring ... Information Security Analyst Chennai 5-8 yrs Immediate to 30 days Skills- VAPT, Application Security, Vulnerability assessment, penetration Testing, web application testing, Mobile Testing, API Testing, Kali Linux, Burp suite.

As a Web Application Security Tester at Lennox, you will be responsible for performing Dynamic Application Security Testing (DAST) on APIs and web applications using both manual and automated methods. Your role will involve analyzing DAST scan results, identifying and prioritizing vulnerabilities based on risk, and participating in triage sessions with application teams to explain and document vulnerabilities. You will also conduct deep API security testing to uncover issues like BOLA, logic flaws, and abuse scenarios, as well as perform red teaming, adversary emulation, and use offensive security tools as needed. In addition to DAST, you may also be required to conduct Static Application Security Testing (SAST) and understand the differences between the two. Utilizing and maintaining various security tools such as Burp Suite, NetSparker, Checkmarx, Veracode, and Fortify will be part of your responsibilities. Collaboration with developers, DevOps, and security teams to address identified vulnerabilities and effectively communicating security findings to both technical and non-technical audiences are crucial aspects of the role. Your qualifications for this position include a minimum of 5-7 years of experience in Web Application Security Testing, including DAST, SAST, and API Security. You should have a strong knowledge of API security principles and common vulnerabilities, along with proficiency in Kali Linux penetration testing tools and a working knowledge of HTML and JavaScript. Additional expertise in front-end and back-end technologies is advantageous, as well as exposure to common web vulnerabilities and bug bounty programs. Experience in security testing of mobile apps and IoT applications, familiarity with DAST and SAST tools, strong analytical and problem-solving skills, and excellent written and verbal communication abilities are essential for success in this role. Possessing security certifications focused on web application security, such as Offensive Security, SANS, CREST, etc., will be considered a strong plus. Join Lennox and contribute to improving security testing processes and strategies while growing your career in a supportive and innovative environment.,

Project Role : Security Architect Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations. Must have skills : DevSecOps Good to have skills : NAMinimum 7.5 year(s) of experience is required Educational Qualification : 15 years full time education Summary :To play a key role in enabling successful project delivery across multiple projects. This role expects you to specialize in a range of security domains, including penetration testing, dynamic and static application security testing, software composition analysis, security architecture review and container security. Additionally, you provide comprehensive support in vulnerability management, service monitoring, and DevSecOps practices. Roles & Responsibilities:-Should have hands-on experience and knowledge of manual and automated penetration testing on the web, mobile and cloud-based applications.-Should have hands-on experience and knowledge of DAST (Dynamic Application Security Testing) to identify runtime vulnerabilities in staging and production environments.-Should have hands-on experience and knowledge of SAST (Static Application Security Testing) for early-stage source code and binary analysis.-Should have hands-on experience and knowledge of SCA (Software Composition Analysis) to detect open-source risks and license compliance issues.-Should have hands-on experience and knowledge of executing SAR (Security Architecture Review) of complex and cloud-based application and should be able to strategize risk remediation with the stakeholders or Security Architect.-Should have hands-on experience and knowledge of integrating security tools into CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab CI).-Should have hands-on experience and knowledge of enforcing policy-as-code, shift-left security testing, and secure code delivery practices and automate security checks for container images and Kubernetes workloads.-Should be able to scan and harden docker containers using industry-standard tools.-Should be able to monitor vulnerabilities in container registries and orchestrators (e.g., Kubernetes, ECS).-Skilled in communicating security findings to technical and non-technical stakeholders.-Contribute to secure architecture reviews, risk assessments, and compliance initiatives.-Should be able to manage clients and various stakeholders.Should be a good people manager and should have experience of people and project management. Professional & Technical Skills: Tools & Technologies:Pentest Tools:Burp Suite Pro, OWASP ZAP, Nmap, Postman, Kali Linux,DAST/SAST/SCA:Fortify, Checkmarx, Veracode, Coverity, AppScan, Black Duck, Snyk,DevSecOps:GitHub Actions, Jenkins, GitLab, Docker, Kubernetes,VM Tools:Qualys, Tenable, ThreadFix,Monitoring:ServiceNow, Jira, Confluence-Should be able to collaborate with infrastructure and DevOps teams to secure cloud-native deployments.-Should be able to identify, triage, and manage vulnerabilities using centralized platforms (e.g., ThreadFix).-Should track vulnerability lifecycle from detection through remediation and reporting.-Should support real-time service monitoring to maintain system integrity and threat detection coverage. Additional Information:- The candidate should have minimum 7.5 years of experience in DevSecOps.- This position is based at our Gurugram office.- A 15 years full time education is required. Qualification 15 years full time education

Job Description: As a part of SKYNET SECURE, you will play a crucial role in promoting cyber crime and internet security awareness across all sections of society. Your primary responsibility will involve providing training in Ethical Hacking, IT Security, and Cyber Forensics. Additionally, you will be involved in working on IT Security projects including Vulnerability Assessment and Penetration Testing (VAPT) projects. Your role will require the following skills: - Proficiency in tools such as Metasploit, OWASP top ten attacks, Burpsuite, Kali Linux, Acunetix, Nessus, and Nmap. - Ability to conduct Vulnerability Assessment and Network Penetration Testing. - Hands-on experience in Internal & External, Web App scanning, and Penetration testing (both Manual and Automated). - Strong understanding of Threat Intelligence and familiarity with domain tools. - Effective communication skills in English. - Experience in Application testing, especially with OWASP top 10. This position is based in Mumbai and requires candidates to hold a minimum qualification of Any Graduate. Possessing a CEH or any Equivalent Certification will be considered a bonus. Join us at SKYNET SECURE and contribute to creating a safer cyber environment while enhancing your skills in the field of IT security.,

vulnerability assessments using Nessus , Tenable , Qualys ,Develop and maintain vulnerability management processes and procedures ,Coordinate vulnerability remediation activities, penetration testing, scripting languages KALI ,Linux Parrot

Your Role and Responsibilities ConductVulnerability Assessment & Penetration Testing (VAPT) for web applications, APIs, and networks. Analyze and identify security vulnerabilities, ensuring alignment withOWASP Top 10 andsecure coding best practices. Provide security requirement analysis for applications. Offerrisk mitigation planning, vulnerability remediation recommendations, compliance guidance, and metrics reporting. Plan and coordinateNetwork & Application Security testing. Utilize security testing tools such asBurp Suite, Kali-Linux, AppScan, Nessus. Generate and share reports with customers usingMS Office tools. Collaborate with teams to enhance security implementations and provide best practice recommendations. Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise 3-4 years of demonstrating experience in planning and executing VA & penetration tests exercises against web applications, APIs, Network. Minimum 3+ years of experience in Network and Application Security Proficient in Secure coding best practices and OWASP TOP 10 vulnerabilities Experience in security requirements analysis for application Experience in security requirement implementation recommendations & guidance Prior experience in Network & Application Security Test planning & coordination Experience in Application risk mitigation planning, Vulnerabilities remediation recommendation & guidance, Compliance & Metrics reporting Preferred technical and professional experience Industry certifications such asCEH/OSCP or equivalent preferred. Familiarity withsecurity standards (OWASP, SANS, ISO).

You will be responsible for providing onsite and offsite training programs to clients in the role of Cyber Security Trainer and consultant. Your duties will include pre-requisites in Metasploit, OWASP top ten attacks, Burpsuite, Kali Linux, Acunetix, Nessus, Nmap tools, among others. You will be involved in Vulnerability Assessment, Network Penetration Testing, Internal & External as well as Web App scanning, and Penetration testing using both manual techniques and Automated tools. A good understanding of Threat Intelligence and familiarity with domain tools is essential. Effective communication skills in English will be required for this role. This is a Full-time position suitable for both Freshers and experienced candidates. The work schedule is in the Morning shift. The location is near VR mall, Mohali - 160055, Punjab. Candidates must be able to reliably commute or plan to relocate before starting work. Preferred candidates will have a total work experience of 1 year.,

KPMG entities in India are professional services firm(s) affiliated with KPMG International Limited, established in August 1993. Our professionals leverage the global network of firms, understanding local laws, regulations, markets, and competition. With offices across India, in cities like Ahmedabad, Bengaluru, Mumbai, and more, we offer services to national and international clients across various sectors. Our focus is on delivering rapid, performance-based, industry-focused, and technology-enabled services, showcasing our understanding of global and local industries and the Indian business environment. As a Security Code Reviewer at KPMG in India, your primary responsibilities will include performing manual security code reviews for common programming languages such as Java and .NET. You will also be tasked with conducting automated testing of running applications and static code using tools like SAST and DAST. Additionally, you will be required to perform manual application penetration tests on various platforms like web applications, internal applications, APIs, and networks to identify and exploit vulnerabilities. The ideal candidate should have at least 6 months of formal programming experience in Java or C#, and possess 4 to 8 years of overall experience in the field. It would be advantageous to have one or more major ethical hacking certifications such as GWAPT, CREST, OSCP, OSWE, or OSWA. Providing technical leadership and guidance to team members, communicating effectively with both technical and non-technical audiences, and collaborating with Cyber teams to develop new testing techniques are also key aspects of this role. Moreover, having a minimum of three years of recent experience working with security testing tools like AppScan, NetsSparker, Acunetix, Checkmarx, BurpSuite, and others will be beneficial. This position offers equal employment opportunities and encourages individuals with a passion for cybersecurity to apply and contribute to our dynamic team at KPMG in India.,

As an InfoSec Analyst - Information Security II with 6-9 years of experience, you will be responsible for ensuring the security of our systems and applications. Your role includes conducting application security assessments, penetration testing, research activities, and contributing to the Security Operations Center (SOC) team. To excel in this position, you should possess a Bachelor's degree in Computer Science or a related technical field. You must have a minimum of 2 years of experience in application security, penetration testing, red team activities, or working in a SOC environment. Familiarity with CI/CD processes and tools such as Git, Docker, Jenkins, and release pipelines is essential for this role. Proficiency in using penetration testing tools like Metasploit, Kali Linux, BURP Suite, nmap, and sqlmap is required. Holding certifications such as GCPN, GWEB, GMOB, GWAT, GPEN, CEH, C|ASE .NET, C|ASE Java, or OSCP would be advantageous. In addition, you should have at least 2 years of experience in object-oriented design and full-stack development using languages like Go, Java, C#, or Python. Knowledge of CI/CD processes and tools is a must-have skill for this position. This role is based in Bengaluru and requires immediate availability with a notice period. If you are a proactive and skilled InfoSec Analyst who is passionate about information security, we encourage you to apply for this exciting opportunity.,

Experience with Network Architecture Review and Firewall Rule-base Audit. Strong understanding of OWASP top 10 and SANS top 25 programming errors.Threat Hunting, attack identification, investigation, correlation and suggesting mitigation measures. Required Candidate profile Experience on Vulnerability Assessment and Penetration Testing for Infrastructure / network / web application / databases.Propose, plan, & execute Red Team operations based on threats to organization.

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like youThen it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development - Stay updated on the latest security trends, vulnerabilities, and technology advancements. - Provide training and guidance to the team and other departments on security best practices. Strategy and Planning - Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. - Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: - Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) - Internal/external network penetration, privilege escalation, and lateral movement - Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) - Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels - Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing - Working knowledge of Kali Linux and frameworks like MITRE ATT&CK - Basic understanding of AI/ML securityadversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: - OffensiveBurp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver - ReconnaissanceNmap, Amass, Shodan, OSINT frameworks/tools - Vulnerability ScannersNessus, Qualys, Nexpose Programming/Scripting: - Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills - Excellent written and verbal communication skills - Strong analytical and problem-solving capabilities - Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): - Highly DesirableOSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE - Other ConsideredEWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at

Roles & responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Experience in one or more of the following is a plus: mobile application testing, Web application pen testing, application architecture, and business logic analysis. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Mandatorytechnical & functional skills Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix,Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in the development of web applications and/or APIs. should be able to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred: GWAPT, CREST, OSCP, OSWE, OSWA

RECRUITMENT OF SPECIALIST CADRE OFFICER ON REGULAR / CONTRACT BASIS (ADVERTISEMENT NO: CRPD/SCO/2025-26/05) ONLINE REGISTRATION OF APPLICATION & PAYMENT OF FEES: FROM 11.07.2025 TO 31.07.2025 State Bank of India invites Online applications from eligible Indian citizens for appointment to the Specialist Cadre Officers Posts on Regular / Contract Basis. Candidates are requested to apply online through the link given on Banks official website https://bank.sbi/web/careers 1. The process of Registration is complete only when fee is deposited with the Bank through online mode on or before the last date for payment of fee / last date of online registrations. 2. Before applying, candidates are requested to ensure that they fulfil the eligibility criteria for the Post(s) as on the date of eligibility. 3. Candidates are required to upload all required documents (resume, ID proof, age proof, PwBD Certificate (if applicable), educational qualification, certifications, experience, Biodata etc.) failing which their application/candidature will not be considered for shortlisting/ interview. 4. The process of Short-listing will be provisional and without verification of documents. Candidature will be subject to verification of all details/ documents with the original when a candidate reports for interview (if called). 5. In case a candidate is called for interview and is found not satisfying the eligibility criteria (Age, Educational Qualification and Experience etc.) he/ she will neither be allowed to appear for the interview nor be entitled for reimbursement of any travelling expenses. 6. Candidates are advised to check Banks official website https://bank.sbi/web/careers/current-openings regularly for details and updates (including the list of shortlisted/ selected candidates). The Call (letter/ advice), where required, will be sent by e-mail only (NO HARD COPY WILL BE SENT ). 7. All Revisions/ Corrigendum (If Any) Will Be Hosted On The Banks Website Only . 8. In case more than one candidate scores same marks as cut-off marks in the final merit list (common marks at cut-off point), such candidates will be ranked in the merit according to their age in descending order. 9 . Hard copy of application & other documents need not to be sent to this office. 10. TEACHING & TRAINING EXPERIENCE WILL NOT BE COUNTED FOR ELIGIBILITY. I) Details Of Post / Vacancy / Age Criteria / Remuneration /Place Of Postings / Nature Of Engagement / Selection Process: Vacancies UR - 9 EWS - 1 OBC - 4 ST - 1 SC - 3 Total - 18 Cut-off date : Age in years (As on 30.06.2025) - Minimum- 25 Maximum-35 PAY SCALE/ CTC Range - 64820-2340/1-67160-2680/10-93960 Selection Procedure - Shortlisting & Interview II) Details Of Educational Qualification, Experience, Skills, Brief Job Profile & Key Responsibility Area: Basic Qualifications (As on 30.06.2025) - B.E. / B.Tech. in Computer Science / Software Engineering / IT / Electronics or equivalent degree in above specified discipline) with minimum 50% score from a University / Institution / Board recognized by Govt. of India / approved by Govt. Regulatory bodies. Other Qualifications: (As on 30.06.2025) Essential: CISA (Certified Information Systems Auditor) by ISACA USA (The certificate is Mandatory & should be Valid as on the date of Interview) Desirable: CEH By EC Council USA. Experience (Post Basic Education qualifications) (As on 30.06.2025) - Essential: Minimum 4 years experience in BFSI / IT / Information Security Consultancy with 2 years experience in IS Audit / Cyber Security Audit / Information Security Consultancy. Training & Teaching experience will not be counted for eligibility. The experience mentioned / claimed should be supported by a suitable certificate issued by the concerned employer Specific Skills (Desired): Experience in VAPT tools like Nessus, Retina, SAINT and Kali Linux C. Details Of Job Profile (Detailed Description Of Role, Responsibilities & Function) And Key Responsibility Area: Job Profile Roles & Responsibilities) Conduct of IS Audit, Cyber Security Audit, IS Concurrent Audit, IT Outsourced Activities Audit as a part of IS Audit team. Conducting Audits to verify compliance to Banks IS, IT and Cyber Security Policy, RBI / other regulatory guidelines and with International best practices. Maintain professional competence. Help in detecting and plugging vulnerabilities to help strengthen security posture of Bank. Conduct Compliance Audit, Migration Audits and Special Audits. Compiling Synopsis of IS Audit Reports Follow-up with audit entities for processing evidence-based compliance and closure of audit reports. Preparation of Value Statements based on IS / IT/ Cyber Security Policies and Regulatory guidelines for Audit requirement. Improving knowledge skills and sharing of knowledge with IS Audit team. KRAs for the Post Timely conduct of all types of audits under Information Systems Audit. Follow up with auditee entities for submission of compliance reports and processing of evidence-based compliance. Timely closure of Audit reports. Timely submission of periodical reports to higher authorities for review. Knowledge sharing with the team in conducting IS Audits and related technology upgrade. Regular review and update of audit value Statements based on IS / IT/ Cyber Security Policies and Regulatory guidelines for Audit requirement. Remarks: KRAs: LEAVE: The proposed Officer engaged on Contract (OEC) shall be entitled to leave of 30 days during the financial year which will be granted by Bank for genuine and appropriate reasons. For the purpose of computation of leave, intervening Sundays/ Holidays shall not be included. Other terms and conditions of leave may be as applicable to other contractual officers. NOTICE PERIOD/ TERMINATION OF CONTRACT: The contract can be terminated without assigning any reasons by giving 03(Three) months notice from either side or on payment / surrender of 03(Three) months compensation amount in lieu thereof. CALL LETTER FOR INTERVIEW: Intimation /call letter for interview will be sent by email or will be uploaded on bank's website. No hard copy will be sent. D. Grade & Remuneration / CTC Range: FOR REGULAR POST: SCALE - II PAY SCALE/ CTC Range - 64820-2340/1-67160-2680/10-93960 Remarks - The official will be eligible for DA, HRA, CCA, Provident Fund, Contributory Pension Fund i.e., NPS, Leave Fare Concession (LFC), Medical Facility, other perquisites etc. as per rules in force from time to time. IMPORTANT POINTS: i. The number of vacancies including reserved vacancies mentioned above are provisional and may vary according to the actual requirement of the Bank. ii. The educational qualification prescribed for the post is minimum. Candidate must possess the qualification and relevant full-time experience as on specified dates. iii. Candidate belonging to reserved category including Person with Benchmark Disabilities for whom no reservation has been mentioned are free to apply for vacancies announced for General category provided they fulfil all the eligibility criteria applicable to General Category. iv. Maximum age indicated is for General category candidates. Relaxation in upper age limit will be available to reserved category candidates as per Govt. of India guidelines (wherever applicable). v. The reservation under various categories will be as per prevailing Government of India Guidelines. vi. Vacancies reserved for OBC Category are available to OBC candidates belonging to Non-creamy Layer. Candidates belonging to OBC category but coming in creamy layer are not entitled to any relaxation/reservation available to OBC category. They should indicate their category as General or General (VI/HI), as the case may be. vii. OBC category candidate should submit the OBC certificate on format prescribed by Govt. of India, having Non-Creamy Layer clause issued during the period 01.04.2025 to the date of interview, if called for. No request for extension of time for production of the Certificate beyond the said date shall be entertained and candidature will be cancelled. viii. Caste certificate issued by Competent Authority on format prescribed by the Government of India will have to be submitted by the SC/ST/ OBC (Non-creamy layer) candidates. ix. Reservation for Economically Weaker section (EWS) in recruitment is governed by Office Memorandum No. 36039/1/2019-Estt (Res) dated 31.01.2019 of Department of Personnel & Training, Ministry of Personnel (DoPT), Public grievances & Pensions, Government of India. Disclaimer: EWS vacancies are tentative and subject to further directives of Government of India and outcome of any litigation. The appointment is provisional and is subject to the Income & Asset certificate being through the proper channel. x. To avail benefits of reservation under EWS category, candidates must produce an Income and Asset Certificate issued by the competent authority in the prescribed format by Government of India for the relevant financial year, as per the extant DoPT guidelines. xi. The EWS candidates please note that without a valid Income & Asset Certificate for the relevant financial year as per the extant DoPT guidelines on or before the closure of online application date, candidates should apply under General Category only. xii. EWS candidates are required to produce for verification, the Income & Assets Certificate for the relevant financial year as per the extant DoPT guidelines, on the date of document verification, which shall be intimated to the provisionally selected candidates by the Bank. Hence, the Income & Assets Certificate for the relevant financial year can be obtained by the candidate on or before the date of document verification. No request for extension of time for production of Income & Assets Certificate beyond the said date shall be entertained and if a candidate fails to produce the Income & Assets Certificate on the date of document verification, he / she will not be considered for appointment in the Bank. xiii. The relevant experience certificate from employer must contain specifically that the candidate had experience in that related field as required. xiv. Bank reserves the right to cancel the recruitment process entirely or for any particular post at any stage without specifying any reasons thereof. xv. Candidate(s) seeking fee exemption must submit valid requisite certificate of the Competent Authority in the prescribed format, when such certificate is sought at the time of document verification. Otherwise, their claim will not be entertained, and their candidature will be liable for cancellation / rejection. xvi. Candidates against whom there is/ are adverse report regarding character & antecedents, moral turpitude are not eligible to apply for the post. If any such adverse orders / reports against the shortlisted/ selected candidates is found/ received by the Bank post their selection/ engagement, their candidature/ service will to be rejected forthwith. xvii. In case more than one application (multiple applications) are submitted by a candidate for the same post, only the last valid (completed) application will be retained, and the application fee, if any, paid for the other registrations will stand forfeited. Further, multiple attendance/ appearance by a candidate at the time of interview / joining will result in rejection/ cancellation of candidature, summarily. xviii. The Candidates applying for the post should ensure that their admission to all the stages of the recruitment will be purely provisional subject to satisfying the prescribed eligibility conditions. Mere issuance of call letter(s) / e-Admit Card(s) to the candidate will not imply that his/her candidature has been finally accepted for the post. The Bank takes up verification of eligibility conditions with reference to original documents only after the candidate has been shortlisted for the Interview. xix. Candidates serving in Govt./ Quasi Govt. offices, Public Sector undertakings including Nationalized Banks and Financial Institutions are advised to submit No Objection Certificate from their employer at the time of interview, failing which their candidature may not be considered and travelling expenses, if any, otherwise admissible, will not be paid. xx. MERIT LIST: MERIT LIST FOR SELECTION WILL BE PREPARED IN DESCENDING ORDER ON THE BASIS OF SCORES OBTAINED IN INTERVIEW ONLY. IN CASE MORE THAN ONE CANDIDATE SCORE THE CUT-OFF MARKS (COMMON MARKS AT CUT-OFF POINT), SUCH CANDIDATES WILL BE RANKED ACCORDING TO THEIR AGE IN DESCENDING ORDER, IN THE MERIT. xxi. MERE FULFILLING MINIMUM QUALIFICATION AND EXPERIENCE WILL NOT VEST ANY RIGHT IN CANDIDATE FOR BEING CALLED FOR INTERVIEW. THE SHORTLISTING COMMITTEE CONSTITUTED BY THE BANK WILL DECIDE THE SHORTLISTING PARAMETERS AND THEREAFTER, ADEQUATE NUMBER OF CANDIDATES, AS DECIDED BY THE BANK WILL BE SHORTLISTED AND CALLED FOR INTERVIEW. THE DECISION OF THE BANK TO CALL THE CANDIDATES FOR THE INTERVIEW SHALL BE FINAL. NO CORRESPONDENCE WILL BE ENTERTAINED IN THIS REGARD. HOW TO APPLY : Candidates should have valid email ID which should be kept active till the declaration of result. It will help him/her in getting call letter/Interview advice etc. by email. GUIDELINES FOR FILLING ONLINE APPLICATION - i. Candidates will be required to register themselves online through the link available on SBI website https://bank.sbi/web/careers/current-openings and pay the application fee using Internet Banking/ Debit Card/ Credit Card etc. ii. Candidates should first scan their latest photograph and signature. Online application will not be registered unless candidate uploads his/ her photo and signature as specified on the online registration page (under How to Upload Documents). iii. Candidates should fill the application carefully. Once application is filled-in completely, candidate should submit the same. In the event of candidate not being able to fill the application in one go, he can save the information already entered. When the information/ application is saved, a provisional registration number and password is generated by the system and displayed on the screen. Candidate should note down the registration number and password. They can re-open the saved application using registration number and password and edit the particulars, if needed. This facility of editing the saved information will be available for three times only. Once the application is filled completely, candidate should submit the same and proceed for online payment of fee. iv. After registering online, the candidates are advised to take a printout of the system generated online application forms. v. Candidates seeking Age relaxation are required to submit copies of necessary certificates at the time of joining. No change in category of any candidate is permitted after registration of online application. GUIDELINES FOR PAYMENT OF FEES i. Application fees and Intimation Charges (Non-refundable) is 750/- (Seven Hundred Fifty only) for General/EWS /OBC candidates and no fees/intimation charges for SC/ ST/ PwBD candidates. ii. After ensuring correctness of the particulars in the application form, candidates are required to pay the fees through payment gateway integrated with the application. No change/ edit in the application will be allowed thereafter. iii. Fee payment will have to be made online through payment gateway available thereat. The payment can be made by using Debit Card/ Credit Card/ Internet Banking etc. by providing information as asked on the screen. Transaction charges for online payment, if any, will be borne by the candidates. iv. On successful completion of the transaction, e-receipt and application form, bearing the date of submission by the candidate, will be generated which should be printed and retained by the candidate. v. If the online payment of fee is not successfully completed in first instance, please make fresh attempts to make online payment. vi. A provision is there to reprint the e-Receipt and Application form containing fee details, at later stage. vii. Application Fee once paid will NOT be refunded on any account NOR can it be adjusted for any other examination or selection in future. B: HOW TO UPLOAD DOCUMENTS: a. Details of Document to be uploaded: Recent Photograph Signature Brief Resume (PDF) ID Proof (PDF) Proof of Date of Birth (PDF) PwBD certification (if applicable) (PDF) Educational Certificates: Relevant Mark-Sheets/ Degree Certificate (PDF) Experience certificates (PDF) Form-16/Offer Letter/Latest Salary slip from current employer (PDF) No Objection Certificate (If applicable) (PDF) CTC Negotiation form (Duly filled, Signed & Scanned in PDF- Available at Bank's career website). Biodata Form (Duly filled, Signed & Scanned in PDF- Available at the bank's career website under the advertisement). Form-16 / ITR / Form 26AS & latest 3 month's Salary Slips along with CTC form. CTC Negotiation form (Duly filled, Signed & Scanned in PDF- Available at Bank's career website). d. Document file type/ size: i. All Documents must be in PDF (except Photograph & Signature) ii. Page size of the document to be A4 iii. Size of the file should not be exceeding 500 kb. iv. In case of Document being scanned, please ensure it is saved as PDF and size not more than 500 kb as PDF. If the size of the file is more than 500 kb, then adjust the setting of the scanner such as the DPI resolution, no. of colors etc., during the process of scanning. Please ensure that Documents uploaded are clear and readable. C: GENERAL INFORMATION: I. Before applying for the post, the applicant should ensure that he/ she fulfils the eligibility and other norms mentioned above for that post as on the specified date and that the particulars furnished by him/ her are correct in all respects. II. Candidates belonging to reserved category including, for whom no reservation has been mentioned, are free to apply for vacancies announced for General category provided they must fulfil all the eligibility conditions applicable to General category. III. IN CASE IT IS DETECTED AT ANY STAGE OF RECRUITMENT THAT AN APPLICANT DOES NOT FULFIL THE ELIGIBILITY NORMS AND/ OR THAT HE/ SHE HAS FURNISHED ANY INCORRECT/ FALSE INFORMATION OR HAS SUPPRESSED ANY MATERIAL FACT(S), HIS/ HER CANDIDATURE WILL STAND CANCELLED. IF ANY OF THESE SHORTCOMINGS IS/ ARE DETECTED EVEN AFTER ENGAGEMENT / APPOINTMENT, HIS/ HER CONTRACTS /SERVICES ARE LIABLE TO BE TERMINATED FORTHWITH. IV. The applicant should ensure that the application is strictly in accordance with the prescribed format and is properly filled. V. Engagement/Appointment of selected candidate is subject to his/ her being declared medically fit as per the requirement of the Bank. Such engagement/appointment will also be subject to the service and conduct rules of the Bank for such post in the Bank, in force at the time of joining the Bank. VI. Candidates are advised to keep their e-mail ID active for receiving communication viz. call letters/ Interview date advice etc. VII. The Bank takes no responsibility for any delay in receipt or loss of any communication whatsoever. VIII. Candidates serving in Govt./ Quasi Govt. offices, Public Sector undertakings including Nationalized Banks and Financial Institutions are advised to submit No Objection Certificate from their employer at the time of interview, failing which their candidature may not be considered and travelling expenses, if any, otherwise admissible, will not be paid. IX. In case of selection, candidates will be required to produce proper discharge certificate from the employer at the time of taking up the engagement. X. Candidates are advised in their own interest to apply online well before the closing date and not to wait till the last date to avoid the possibility of disconnection / inability/ failure to log on to the website on account of heavy load on internet or website jam. SBI does not assume any responsibility for the candidates not being able to submit their applications within the last date on account of aforesaid reasons or for any other reason beyond the control of SBI. XI. DECISION OF BANK IN ALL MATTERS REGARDING ELIGIBILITY, CONDUCT OF INTERVIEW, OTHER TESTS AND SELECTION WOULD BE FINAL AND BINDING ON ALL CANDIDATES. NO REPRESENTATION OR CORRESPONDENCE WILL BE ENTERTAINED BY THE BANK IN THIS REGARD. XII. The applicant shall be liable for civil/ criminal consequences in case the information submitted in his/ her application are found to be false at a later stage. XIII. Merely satisfying the eligibility norms does not entitle a candidate to be called for interview. Bank reserves the right to call only the requisite number of candidates for the interview after preliminary screening/ short-listing with reference to candidates qualification, suitability, experience etc. XIV. In case of multiple application, only the last valid (completed) application will be retained, the application fee/ intimation charge paid for other registration will stand forfeited. XV. Any legal proceedings in respect of any matter of claim or dispute arising out of this advertisement and/ or an application in response thereto can be instituted only in Mumbai and Courts/ Tribunals/ Forums at Mumbai only shall have sole and exclusive jurisdiction to try any cause/ dispute. Outstation candidates, who may be called for interview after short-listing will be reimbursed the cost of travelling by Air fare Economy Class upto Bank approved specified limit for AVP / Dy. Manager Post and Actual fare economy class for GM Post, by shortest route on the basis of actual journey. Local conveyance like taxi/cab/personal vehicle expenses/fares will not be payable. A candidate, if found ineligible for the post will not be permitted to appear for the interview and will not be reimbursed any fare. XVII. Request for change / correction in any particulars (including category in the application form, once submitted will not be entertained under any circumstances. No correspondence/phone/email will be entertained in this regard. Candidates are advised to fill up the online application carefully and furnish the correct information in this application. XVIII. BANK RESERVES RIGHT TO CANCEL THE RECRUITMENT PROCESS ENTIRELY OR FOR ANY PARTICULAR POST AT ANY STAGE WITHOUT ASSIGNING ANY REASONS THEREOF, WHATSOEVER. XIX. At the time of interview, the candidate will be required to provide details regarding criminal cases pending against him/her, if any. Suppression of material facts will result in cancellation/ termination of candidature at any point, even if the candidate is selected, his/her selection will be canceled in such circumstances. The Bank may also conduct independent verification, inter alia, including verification of Police Records, etc. The Bank reserves the right to deny the engagement/appointment depending upon such disclosure and/or independent verification.

Job Description Objective LabVantage Solutions is an industry-leading provider of laboratory software products that support scientific innovation and regulatory compliance across industries such as pharmaceuticals, environmental testing, and food and beverage production. Our OLTP-based solution leverages RDBMS platforms, including Oracle, SQL Server, and EDB (Postgres for our SaaS offering). The Penetration Tester plays a critical role in strengthening LabVantages security posture by simulating real-world attack scenarios across applications, systems, APIs, and cloud infrastructure. This includes conducting black-box, white-box, and grey-box assessments, identifying and exploiting vulnerabilities, and collaborating with engineering teams to remediate findings. Additional responsibilities include performing social engineering campaigns, reviewing third-party services, and contributing to secure architecture evaluations. Job Qualifications Necessary: Education: Bachelors degree in Cybersecurity, Computer Science, Information Security, or a related field. Experience: 7+ years of experience in information security, with at least 3 years focused on offensive security, red teaming, or penetration testing roles. Experience with secure coding practices, code reviews, and security testing. Experience with static and dynamic code analysis tools. Experience with CI/CD pipelines and integrating security into DevOps processes. Certifications: OSCP (required) OSEP, CRTP, PNPT, or OSWE (preferred) CEH (less preferred but acceptable) Skills: Strong understanding of security principles, protocols, and best practices. Proficiency in offensive security tools, including but not limited to: Burp Suite Pro Metasploit Nmap Kali Linux, Parrot OS BloodHound / SharpHound Wireshark SQLmap Hydra, John the Ripper Cloud/Saas Testing familiarity with: AWS/Azure/GCP attack surfaces CNAPPs like Wiz, Orca, or Prisma Cloud Programming Language and scripting: Proficient in scripting languages: Python, Bash, PowerShell Java, JavaScript familiarity for code auditing Knowledge of regulatory requirements and industry standards (e.g., GDPR, ISO 27001, SOC2). Familiarity with the OWASP Top 10 vulnerabilities and mitigation strategies Understanding of NIST cybersecurity standards and frameworks (e.g., NIST CSF, NIST SP 800-53) Excellent analytical and problem-solving skills. Strong communication and collaboration skills. Ability to work independently and as part of a team.

Role of Wealth Management India IT Risk and Information Systems Security Manager, being understood this role includes delegations from APAC WM CISO for the team located in India territory and fully participates in overall WMIS Cybersecurity and IT Risk objectives. Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. Participate in the Security Operation meetings in APAC, EMEA & CH regions. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production / CSIRT / Production Security teams. The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator. WM IT Risk and Security Manager o Manage the WM IT Risk and Security local team in India by managing the recruitment, performances review as well as training and career-path development. o Coordinate with APAC WM security actors, including India-based resources. o Coordinate with APAC WM IT teams on risk and security topics, while promoting a secure development and deployment culture o Assist for a Risk Treatment for any APAC WM issue, based on the WM GAIM generic process. o Periodic reporting of security status to WM CISO APAC and WM Global CISO o Contribute to the IT Risk and Cybersecurity Governance including procedural framework, Cybersecurity awareness and communication. o Ensure the regular reporting for management follow-up IT Security Compliance (delegation on WM APAC scope) o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets. o Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes. o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA) o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements o Ensure the compliance with the Third-party Technology risks and Cloud security. o Identify the process gaps and provide solutions. Application Security o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices. o Identify and implement the latest security standards for internet facing and internal assets. o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing SAST, Dynamic Acceptance Security Testing DAST and Software Composition Analysis SCA). Perform Security risk assessments and reviews to be presented to respective committees. Ensure the adequate security level for all WM GAIM applications, whatever the IT project managers location and hosting provider. Production Security Oversight (delegation on WM APAC scope) o Identify the production security requirements and ensure a smooth integration of WM assets within APAC IT Production, including network flow opening and Application Zoning compliance. o Identify the compliance level of the production environment and contribute to remediation actions definition while keeping the oversight on actions progress. o Keep an overview and ensure the adequate Vulnerability Management at the server and middleware level leveraging on production scans and liaising with relevant production stakeholders. Contribute to the management of Cybersecurity incidents. CyberSecurity Program (delegation on WM APAC scope) o Contribute to the steering and driving of the security initiatives on the APAC scope expected by the WM Cybersecurity Program. Contributing Responsibilities Coordination with IT Security actors o Reporting line to the WM GAIM Global CISO : alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Wholesale Application Security Dashboard) o Coordination and control of security activities performed by APAC CIB Business Information Security and Production Security teams, including project assessment from production point of view, production security review, user security awareness for the WM scope. o Coordination with the Swiss Security team concerning integration of WM assets within Swiss IT production. o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group. Technical & Behavioral Competencies Cybersecurity / Technical Value-added Competencies Cybersecurity Governance : framework (NIST / CIS framework), Security incident management, Logging & Detection (SIEM ELK products) DevSecOps : CI/CD toolchain knowledge of various tools o Source code management: sonarQuabe, bibucket, github/gitlab o Security application scanning (e.g. Sonatype/NexusIQ, Fortify, AppSpider, Qualys, DTR scan) o Automation/orchestration: Ansible tower, Jenkins Application Security: Threat modeling, Security architecture key concepts, exposure to various development framework and applicative landscape (Java/Web, Mobile applications, containerization/docker, kubernetes, API management, Cloud security) Vulnerability Management o Nexpose, Nessus Ethical Hacking Knowledge o Kali Linux knowledge (metasploit, nmap) Specific Qualifications (if required) Qualifications and Experience 10 years' experience in information security evaluation and design of technical architectures Functional as well as technical knowledge of the applications used within BNP Paribas Knowledge of the Norms and Standards of the BNP Paribas Group, in particular with respect to ITRM & Wholesale IT Security Norms and Policies Team management experience is a must Preferred Master level in Computer science and Information Security Skills Referential Behavioural Skills : Communication skills - oral & written Ability to collaborate / Teamwork Decision Making Ability to deliver / Results driven Transversal Skills: Ability to set up relevant performance indicators Ability to develop and adapt a process Ability to manage a project Ability to develop others & improve their skills Ability to manage / facilitate a meeting, seminar, committee, training Education Level: Master Degree or equivalent

Provide a brief description of the overall purpose of the position, why this position exists and how it will contribute in achieving the teams goal. Responsibilities Direct Responsibilities Direct Responsibilities - To perform Penetration testing (Gray Box and/or Black Box) for Web applications; Thick Client, API, and mobile applications. - To understand the applications security requirements and identify & document the scope of the test - Ensure execution of the documented security scenarios for the application under test. - Document and report all findings - Collaborate with the developers to help them understand the vulnerabilities reported in application - Escalate issues to the local management and onshore stakeholders in case it affects the testing progress - Ensure processes for the project is followed for the assessments Note : - Optional, experience in Source Code Assessment (SCA)/SAST, Mobile Testing Contributing Responsibilities Technical & Behavioral Competencies - Clear understanding of OWASP Top 10 - application security risks - Tools/OS: Burp Suite, OWASP ZAP, Kali Linux - Manual Security Testing & Analysis, Security Test Designing - Excellent Inter personal and presentation skills - Strong in verbal and written communication - Good analytical skills - Strong Time Management - Must be flexible, independent, self-motivated - Team player Specific Qualifications (if required) CSSLP/CEH or equivalent certification preferred Skills Referential Behavioural Skills : (Please select up to 4 skills) Choose an item. Choose an item. Choose an item. Choose an item. Transversal Skills: Choose an item. Choose an item. Choose an item. Choose an item. Choose an item. Education Level: Bachelor Degree or equivalent Experience Level At Least 3 years Other/Specific Qualifications (if required) -

About the Role We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies Key Responsibilities Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Basic Qualifications Education: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Experience: Required: 2 - 5 years. Excellent communication and collaboration skills. Preferred Qualifications Preferred Certifications: OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO. Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API). 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modeling and secure coding practices. Strong understanding of TTPs, threat modeling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.

Job Title: WebPT P1 - Consultant Location: Bangalore & Pune (Hybrid Role) Contract Duration: 6 Months Roles & Responsibilities: Perform automated testing of running applications and static code (SAST, DAST). Conduct manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: Web applications Internal applications APIs Internal and external networks Mobile applications Experience in one or more of the following is a plus: Mobile application testing Web application pen testing Application architecture Business logic analysis Work on application tools to perform security tests, including: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux Able to explain vulnerabilities such as: IDOR (Insecure Direct Object References) Second Order SQL Injection CSRF (Cross-Site Request Forgery) Provide root cause analysis and remediation guidance for identified vulnerabilities. Mandatory Technical & Functional Skills: Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan NetsSparker Acunetix Checkmarx Veracode BurpSuite OWASP ZAP Kali Linux (or equivalent) Minimum three (3) years of performing manual penetration testing and code review against: Web applications Mobile apps APIs Minimum three (3) years of experience working with both technical and non-technical audiences in reporting results and leading remediation conversations. Preferred: One year of experience in the development of web applications and/or APIs. Ability to identify and work with new tools/technologies to plug and play on client projects as needed to solve the problem at hand. Certifications (Preferred but not required): GWAPT (GIAC Web Application Penetration Tester) CREST (Certified Testing Professional) OSCP (Offensive Security Certified Professional) OSWE (Offensive Security Web Expert) OSWA (Offensive Security Web Application) This is a 6-month contract role with hybrid work arrangements in Bangalore and Pune .