492 Metasploit Jobs - Page 12

Job Title: Senior SOC Analyst (L2/L3) – Threat Detection | SIEM Experience: 8+ Years Key Skills / Keywords: SOC Analyst | Threat Detection | SIEM (ArcSight, Splunk) | Incident Response | EDR (CrowdStrike, SentinelOne) SOAR Automation | Malware Analysis | RCA | CHFI | MITRE ATTCCK | VAPT | Cybersecurity Operations | Red/Blue Team | L3/L4 Security Support | GovTech Cybersecurity | ISO 27001 | NIST CSF Roles and Responsibilities Security Monitoring & Threat Detection: Operate SIEM platforms (ArcSight, Splunk, ELK) for real-time threat visibility Build and tune custom correlation rules, use cases, and threat detection dashboards Perform IOC analysis, log correlation, and malware behavior inspection Incident Response & RCA Ownership: Lead incident triage, containment, and recovery processes Conduct deep forensic investigations using CHFI methodologies (host, network, memory) Document RCA reports, incident timelines, and post-mortem summaries Act as L2/L3 escalation point within the SOC Threat Hunting & Vulnerability Management: Execute threat hunts using MITRE ATTCCK, anomaly baselines, and behavioral analytics Collaborate with VAPT teams on identifying and closing security gaps Analyze exploits and simulated attacks using Metasploit, Burp Suite, OpenVAS, Nessus Automation & Knowledge Sharing: Use or contribute to SOAR platforms and response playbook development Mentor junior analysts and lead security awareness initiatives (KnowBe4) Contribute to internal cyber threat intelligence practices and secure configurations Candidate Profile Experience: 8–12 years in SOC, Threat Detection, and Cybersecurity Operations Role Type: Individual Contributor, L2 Hands-On Specialist Strong communication skills: Able to document, articulate, and coordinate effectively with technical and non-technical stakeholders. Location: Onsite – Manesar, Haryana (Government Sector Deployment) Availability: Immediate or within 1 month Engagement: Full-time via VVNT SEQUOR LLP Preferred Qualifications Bachelor’s in Cybersecurity, Information Security, or IT Certifications preferred: CHFI, CEH, Security+, GCIA, GCFA Splunk Certified Analyst, PCNSE, AWS Security Essentials Experience with: Tripwire, KnowBe4, or Azure Sentinel / AWS GuardDuty

About Workafy: Join Workafy, a freelance marketplace connecting 500,000+ professionals with global opportunities. Work on projects that match your skills, anytime, anywhere. Job Description: Seeking expert Cyber Security Engineers to help clients protect digital assets, perform audits, and strengthen security frameworks. Responsibilities: Identify vulnerabilities and perform penetration testing. Implement firewalls, encryption, and secure protocols. Monitor threats and respond to incidents. Requirements: Proven experience in cybersecurity and network protection. Familiarity with tools like Wireshark, Metasploit, or Splunk. Understanding of compliance standards (ISO, GDPR, etc.). Why Join Us? Work on mission-critical security projects. Flexible freelance opportunities. Be part of a thriving professional network. Apply now at workafy.com and grow your freelance career as a Cyber Security Engineer!

We are seeking an experienced and passionate Cybersecurity Trainer to join our team. The ideal candidate will have strong technical expertise in cybersecurity domains and a passion for teaching and mentoring. You will be responsible for delivering engaging, practical training sessions to students or professionals, preparing them for industry-recognized certifications and real-world challenges. Key Responsibilities: Design and deliver cybersecurity training programs (online/offline) Create course content, labs, quizzes, and study materials Provide guidance on certification paths like CEH, CompTIA Security+, CISSP, etc. Conduct assessments and provide feedback to learners Stay updated with the latest cybersecurity trends and tools Support learners in resolving queries and understanding concepts Assist in curriculum updates and improvements Required Skills & Qualifications: Minimum 5 years of experience in cybersecurity or related fields In-depth knowledge of cybersecurity fundamentals, network security, ethical hacking, vulnerability assessment, and risk management Hands-on experience with tools like Wireshark, Nmap, Metasploit, Burp Suite, etc. Familiarity with common cyber threats and mitigation strategies Strong communication and presentation skills Experience in mentoring or training others (formal or informal) Industry certifications preferred: CEH, CompTIA Security+, CISSP, CISA, etc. Job Type: Full-time Pay: ₹30,000.00 - ₹60,000.00 per month Application Question(s): Have you previously worked as a trainer or delivered technical workshops? Are you fluent in English and comfortable conducting technical sessions? Experience: teaching: 5 years (Preferred)

Job requisition ID :: 81577 Date: Jun 21, 2025 Location: Chennai Designation: Consultant Entity: Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Position: Cybersecurity Intern Company: INLIGHN TECH Location: Remote (100% Virtual) Duration: 3 months Top Interns Stipend: 15,000 Potential for Full-Time Employment: Based on performance; Certificate of Internship provided About INLIGHN TECH: INLIGHN TECH provides hands-on experience to students and recent graduates. Our unpaid Cybersecurity Internship offers practical exposure to threat analysis, vulnerability assessment, and security operations. Responsibilities: Assist in identifying and mitigating security vulnerabilities. Conduct penetration testing and ethical hacking assessments. Monitor and analyze security incidents and threats. Support in developing security policies and best practices. Qualifications: Enrolled in/recent graduate of Cybersecurity, Computer Science, or a related field. Basic knowledge of cybersecurity concepts, network security, and threat analysis. Familiarity with ethical hacking tools (Metasploit, Burp Suite, Wireshark, etc.) (preferred). Strong analytical and problem-solving skills. Benefits: ✅ Hands-on experience with real cybersecurity projects. ✅ Internship Certificate & Letter of Recommendation. ✅ Build your cybersecurity portfolio and gain industry exposure. 🚀 Apply now and start your journey in Cybersecurity!

Responsibilities Deliver engaging and informative cybersecurity courses to college students covering topics such as network security, ethical hacking, cybersecurity fundamentals, and more. Facilitate hands-on lab exercises, simulations, and practical projects to enhance students' practical skills. Provide timely feedback to students on their performance and offer support to those who may be struggling with the course material. Foster a positive and inclusive learning environment that promotes student participation and discussion. Collaborate with colleagues and cybersecurity professionals to stay aligned with industry standards and share best practices. Qualification: Minimum 1 year of experience Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field. Industry certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), Ejpt etc Experience with various security tools and technologies such as Metasploit, Kali Linux, Wireshark, and more Strong passion for cybersecurity and educating others. Excellent communication and presentation skills Ability to adapt to various teaching methodologies. Patience and a commitment to student success.

Job Title: Faculty – Cyber Security & Machine Learning Location: Mira Road, Thane Position Type: Visiting Faculty Job Summary: We are seeking an experienced and passionate faculty member to teach and mentor undergraduate students in the field of Cyber Security and Machine Learning. The selected candidate will be responsible for delivering course content, designing assessments, mentoring students on practical implementations, and driving academic excellence in the subjects Ethical Hacking and Machine Learning I, as outlined by the University of Mumbai syllabus. Key Responsibilities: Academic Delivery ● Conduct theory and practical sessions for: ○ Ethical Hacking (including network security, cryptography, web security, hardware security) ○ Machine Learning I (including supervised & unsupervised learning, ensemble techniques, SVM, dimensionality reduction) ● Create lesson plans, lecture notes, and assessment tools aligned with syllabus ● Use tools such as Cisco Packet Tracer, Kali Linux, Metasploit, SQLMap, Wireshark, Jupyter Notebooks, Scikit-learn, and others during practical sessions ● Assign and evaluate laboratory work, tutorials, and case studies ● Encourage students to use digital tools and platforms (e.g., DVWA, OWASP, Kaggle, UCI datasets) Assessment & Evaluation ● Conduct internal assessments as per academic guidelines ● Prepare, administer, and grade exams, assignments, and projects ● Maintain timely and accurate records of grades and student progress Qualifications & Experience: Minimum Qualifications: ● Master’s degree in Computer Science / Cyber Security / Information Technology / Data Science / Artificial Intelligence or equivalent Experience: ● Minimum 2–5 years of teaching or industry experience in ethical hacking, information security, or applied machine learning Preferred Skills: ● Hands-on with penetration testing tools (e.g., Wireshark, John the Ripper, Metasploit) ● Familiarity with ML libraries: Scikit-learn, TensorFlow, etc. ● Experience with classroom and lab-based instruction ● Strong communication and mentoring skills Desirable Certifications: ● CEH (Certified Ethical Hacker) ● CompTIA Security+ ● Offensive Security Certified Professional (OSCP) ● Machine Learning or AI certifications (Coursera, edX, etc.) Remuneration: Rs. 2000 per hour (Negotiable)

Company - Our client is a global leader in business services and customer experience solutions, ranked among the Fortune 500 and recognized for its culture-first approach and commitment to innovation and velocity. With a rapidly growing security division following recent acquisitions, this company offers a dynamic and fast-paced environment for tech professionals. Job Title - Application Security Analyst Location - Remote in India Role Type - Contract, 6 months with potential 6-month extension Must Have Skills: Application security testing experience, including penetration testing Web application testing expertise Proficiency with static code analysis (SAST) Proficiency with dynamic application security testing (DAST) Ability to communicate effectively in English Responsibilities and Job Details: Perform vulnerability assessments and penetration testing on web applications, APIs, databases, mobile, and cloud environments. Conduct secure code reviews to identify critical flaws and ensure secure coding practices. Utilize tools such as Burp Suite, Fortify, Checkmarx, WebInspect, Acunetix, and Metasploit for assessments and exploitation. Schedule and prioritize security assessments using SAST/DAST methodologies. Implement and maintain CI/CD pipelines with integrated security testing. Collaborate with governance teams to align security tools with organizational policies. Monitor and evaluate Generative AI risks in application security contexts. Ensure compliance with internal security policies and industry standards. Provide feedback to developers and report vulnerabilities and mitigations to management. Reproduce, document, and retest identified vulnerabilities. Drive continuous improvements in security assessment processes and tooling. Analyze scan results and recommend remediation plans to stakeholders.

Responsibilities Cybersecurity Analyst – Job Description Monitor and respond to security incidents across networks and systems. Conduct vulnerability assessments and penetration testing. Implement and manage security tools like firewalls, IDS/IPS, and antivirus. Ensure compliance with security standards (e.g., ISO 27001, NIST). Prepare reports and recommend mitigation strategies. Tools Often Used Nessus for vulnerability scanning. Metasploit for exploit development and testing. Burp Suite and OWASP ZAP for web application security testing. Skills:- Cyber Security, cloud Security, Nessus, Burp suite, Metasploit, OWASP ZAP, GDPR and CCPA

Cybersecurity Consultant - VAPT Location : Bhopal, Madhya Pradesh, India Job Type : Full-time, Permanent Experience Level : 1 - 5 Years Salary : ₹2,50,000 - ₹5,00,000 per annum (based on experience and certifications) Position Overview We are seeking a skilled and motivated Cybersecurity Consultant specializing in Vulnerability Assessment and Penetration Testing (VAPT). The ideal candidate will have a passion for ethical hacking and a strong desire to identify and remediate security weaknesses. In this hands-on role, you will be responsible for performing security assessments on our clients' web applications, mobile applications, and network infrastructure to help them strengthen their security posture. Key Responsibilities & Duties Perform comprehensive Vulnerability Assessments and Penetration Testing (VAPT) on web applications, mobile applications (iOS/Android), network infrastructure, and APIs. Utilize a combination of automated scanning tools (e.g., Nessus, Burp Suite Pro, Acunetix) and manual testing techniques to identify vulnerabilities. Apply standard testing methodologies such as OWASP Top 10, SANS Top 25, and NIST frameworks. Analyze findings, perform root cause analysis, and assess the level of risk associated with each vulnerability. Prepare detailed, high-quality VAPT reports that clearly outline findings, identified risks, and provide actionable remediation recommendations for both technical and non-technical audiences. Collaborate with client development and IT teams to explain vulnerabilities and advise on effective mitigation strategies. Perform re-testing to validate the successful closure of reported vulnerabilities. Stay updated with the latest cybersecurity threats, attack vectors, vulnerabilities, and ethical hacking techniques. Required Skills & Qualifications Education: Bachelor's degree (B.Tech/B.E.) in Computer Science, Information Technology, or a related field. Experience: 1 to 5 years of hands-on experience in Vulnerability Assessment and Penetration Testing (VAPT). Technical Skills: o Strong understanding of network protocols (TCP/IP), system architecture, and fundamental security concepts. o Proficiency with VAPT tools such as Burp Suite, Metasploit, Nmap, Nessus, Wireshark, etc. o Solid knowledge of OWASP Top 10 vulnerabilities and other common security flaws. o Experience in manual penetration testing of web and mobile applications. o Excellent report writing, documentation, and communication skills. Preferred Certifications & Skills Holding one or more of the following certifications is highly desirable: o Certified Ethical Hacker (CEH) o Offensive Security Certified Professional (OSCP) o Offensive Security Certified Expert (OSCE) Experience with scripting languages (e.g., Python, Bash, PowerShell) for automation and testing. Familiarity with cloud security concepts and testing in environments like AWS, Azure, or GCP. Basic knowledge of secure code review. What We Offer A competitive salary package and benefits. The opportunity to work on challenging and diverse security projects. A culture of continuous learning with support for professional development, training, and certifications. A collaborative and supportive team environment where your contributions are valued. Job Types: Full-time, Permanent Pay: ₹250,000.00 - ₹500,000.00 per year Benefits: Cell phone reimbursement Health insurance Paid sick time Provident Fund Schedule: Day shift Fixed shift Work Location: In person

Role Description Job Description We are seeking a skilled and passionate Penetration Tester with hands-on experience in identifying vulnerabilities across mobile applications (iOS/Android) , web applications , infrastructure , and thick client environments . The ideal candidate will have a strong background in assessing the security posture of applications, systems, and networks, especially in a fast-paced fintech environment . Key Responsibilities Conduct penetration tests on web and mobile applications, networks, thick clients, and systems to identify vulnerabilities. Perform manual and automated testing to simulate cyberattacks and exploit potential security flaws. Create detailed reports of vulnerabilities including descriptions, proof of concepts, business impact, and actionable remediation steps. Perform retesting to validate fixes and confirm mitigations. Analyze security issues related to web apps, network protocols, OSs, and cloud platforms. Stay updated with the latest cybersecurity threats, vulnerabilities, and attack techniques. Coordinate with application and infrastructure teams during the assessment lifecycle and deliver clear, comprehensive reports. Requirements Proven experience as a Penetration Tester or in a cybersecurity role. Strong understanding of: OWASP Mobile Top 10 OWASP Web Top 10 MITRE ATT&CK framework Proficiency in tools such as: Burp Suite, Frida, MobSF, Nmap, Wireshark, Metasploit Hands-on experience with: SSL pinning bypass Jailbreak/root detection bypass Certificate validation flaws Mobile app reverse engineering Familiarity with operating systems like Windows, Kali Linux, and macOS Exposure to cloud platforms such as AWS, Azure, or GCP Knowledge of scripting/programming languages such as Python, Bash, or PowerShell (preferred) Relevant certifications are a strong advantage: CEH, OSCP, or similar Preferred Skills Prior experience in mobile application penetration testing Ability to work independently and manage time effectively Excellent communication skills, especially in conveying technical findings to non-technical stakeholders Skills Information Security,Data Analysis,Penetration Testing

Job Description 4: Sr. Information Security Consultant/ Information Security ConsultantOverview: eSec Forte Technologies is a distinguished cybersecurity service provider specializing in client-side infrastructure security. We are looking for a skilled Senior Infrastructure Security Engineer to join our client-side security team. The ideal candidate will have advanced experience in network vulnerability assessment and penetration testing (VAPT) and using Qualys for vulnerability management. Key Responsibilities: · Conduct advanced network vulnerability assessments and penetration tests on client-side infrastructure. · Utilize Qualys for comprehensive vulnerability scanning and management. · Identify and remediate security vulnerabilities in client environments. · Perform detailed security configuration reviews of network devices, servers, and other infrastructure components. · Collaborate with client IT teams to enhance their security posture. · Provide detailed reports and recommendations based on assessment findings. · Stay up-to-date with the latest security threats and best practices. Qualifications: · Bachelor's degree in Information Security, Computer Science, or related field. · 2+ years of experience in infrastructure security. · Proficiency in using Qualys and other vulnerability scanning tools. · Strong understanding of network security principles and advanced penetration testing techniques. · Experience with security tools such as Metasploit, Nmap. · Excellent communication and interpersonal skills. · Relevant certifications such as OSCP, CEH or equivalent are a plus. Skills: · Network Vulnerability Assessment and Penetration Testing (VAPT) · Qualys · Vulnerability Management · Security Configuration Review · Metasploit, Nmap

Cybersecurity Consultant - VAPT Location : Bhopal, Madhya Pradesh, India Job Type : Full-time, Permanent Experience Level : 1 - 5 Years Salary : ₹2,50,000 - ₹5,00,000 per annum (based on experience and certifications) Position Overview We are seeking a skilled and motivated Cybersecurity Consultant specializing in Vulnerability Assessment and Penetration Testing (VAPT). The ideal candidate will have a passion for ethical hacking and a strong desire to identify and remediate security weaknesses. In this hands-on role, you will be responsible for performing security assessments on our clients' web applications, mobile applications, and network infrastructure to help them strengthen their security posture. Key Responsibilities & Duties Perform comprehensive Vulnerability Assessments and Penetration Testing (VAPT) on web applications, mobile applications (iOS/Android), network infrastructure, and APIs. Utilize a combination of automated scanning tools (e.g., Nessus, Burp Suite Pro, Acunetix) and manual testing techniques to identify vulnerabilities. Apply standard testing methodologies such as OWASP Top 10, SANS Top 25, and NIST frameworks. Analyze findings, perform root cause analysis, and assess the level of risk associated with each vulnerability. Prepare detailed, high-quality VAPT reports that clearly outline findings, identified risks, and provide actionable remediation recommendations for both technical and non-technical audiences. Collaborate with client development and IT teams to explain vulnerabilities and advise on effective mitigation strategies. Perform re-testing to validate the successful closure of reported vulnerabilities. Stay updated with the latest cybersecurity threats, attack vectors, vulnerabilities, and ethical hacking techniques. Required Skills & Qualifications Education: Bachelor's degree (B.Tech/B.E.) in Computer Science, Information Technology, or a related field. Experience: 1 to 5 years of hands-on experience in Vulnerability Assessment and Penetration Testing (VAPT). Technical Skills: o Strong understanding of network protocols (TCP/IP), system architecture, and fundamental security concepts. o Proficiency with VAPT tools such as Burp Suite, Metasploit, Nmap, Nessus, Wireshark, etc. o Solid knowledge of OWASP Top 10 vulnerabilities and other common security flaws. o Experience in manual penetration testing of web and mobile applications. o Excellent report writing, documentation, and communication skills. Preferred Certifications & Skills Holding one or more of the following certifications is highly desirable: o Certified Ethical Hacker (CEH) o Offensive Security Certified Professional (OSCP) o Offensive Security Certified Expert (OSCE) Experience with scripting languages (e.g., Python, Bash, PowerShell) for automation and testing. Familiarity with cloud security concepts and testing in environments like AWS, Azure, or GCP. Basic knowledge of secure code review. What We Offer A competitive salary package and benefits. The opportunity to work on challenging and diverse security projects. A culture of continuous learning with support for professional development, training, and certifications. A collaborative and supportive team environment where your contributions are valued. Job Types: Full-time, Permanent Pay: ₹250,000.00 - ₹500,000.00 per year Benefits: Cell phone reimbursement Health insurance Paid sick time Provident Fund Schedule: Day shift Fixed shift Work Location: In person

Job Description We are seeking a skilled and experienced Cybersecurity Specialist to join our dynamic team. The ideal candidate will have 3-7 years of experience in cybersecurity roles and a strong technical background in information security. If you're passionate about protecting data, identifying vulnerabilities, and implementing robust security Responsibilities : Develop, implement, and maintain cybersecurity policies, firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security solutions, and data encryption. Conduct regular security assessments, risk analyses, and vulnerability assessments to identify potential weaknesses and mitigate risks. Experience in Web/Mobile/Network Penetration Testing and/or Vulnerability Assessment. Experience with web application vulnerability scanner (BurpSuite, AppScan, Acunetix, Web Inspect, etc). Deep knowledge of common software vulnerabilities, such as OWASP Top 10 and CWE/SANS Top 25. Deep knowledge of HTTP protocol and the ability to construct/manipulate HTTP requests. Ability to suggest/recommend remediation to fix vulnerability. Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. Knowledge on Tools : Nmap, Kali Linux, Metasploit, Maltego, Burp Suite, Nessus, nexpose, Wireshark, sqlmap etc. Proficiency in Conducting API (REST, SOAP, XML, JSON) Security testing activities to identify and mitigate security 3-7 years of experience in cyber security or a related field. Bachelor's degree in Computer Science, Information Security, Cyber Operations, or a related field (or equivalent experience). Strong understanding of networking concepts, security principles, and cyber threats. Proven experience with vulnerability scanning and penetration testing tools. Knowledge of regulatory requirements and compliance frameworks (eg, PCI DSS, NIST, CIS Controls). Experience in Information security controls, and doing IT audits, ISO certifications is preferred. (ref:hirist.tech)

Job Description The major focus will be on Application Penetration testing followed by Network Penetration Testing and Mobile Security assessments, Red Team Assessment, Phishing, IoT, Cloud Pen testing (Azure and AWS, Google Cloud), Cloud Configuration Audit, Architecture Review. The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with operation and construction of tools to assist in these tasks. Well versed with OWASP Top Ten and WASC Threat Classifications. Expertise in Vulnerability Assessment and Penetration Testing of Web Applications. Business‐Logic based application testing. Penetration testing of Mobile applications and websites. Exploitation of the issues found and presenting the impact occurred. Source Code Reviews Well versed in Java Secure Code Review. Well versed in OWASP Code Review concepts & identifiers. Familiar With Popular Tools Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark, Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider. Exploit Toolkits: Metasploit, Exploit DB etc Understanding of the nature and sources of security vulnerabilities, how to identify and exploit Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks. Skills Mandatory Application Security Testing/Penetration Testing (Web-based, Thick client, web services, Mobile. Network Security Testing/Penetration Testing (Network, OS, Databases etc). Static Code Analysis/ Secure Code Review.

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Senior Associate Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary : We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Responsibilities: Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure. Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements, maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall , web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory skill sets: Bachelor’s degree ( minimum requirement). 2 -8 years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite , Mimikatz , Cobalt Strike, PowerSploit , Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NY-DFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred skill sets: Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.). Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years of experience required : 2 - 12 + years Education qualification: B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Technology Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills SoCs Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Azure Data Factory, Communication, Creativity, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Learning Agility, Managed Services, Optimism, Privacy Compliance, Regulatory Response, Security Architecture {+ 8 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date

🔐 Cyber Security Intern 📍 Location: Remote (100% Virtual) 📅 Duration: 3 Months 💸 Stipend for Top Interns: ₹15,000 🎁 Perks: Certificate | Letter of Recommendation | Full-Time Offer (Based on Performance) About INLIGHN TECH INLIGHN TECH is focused on equipping students and graduates with practical, hands-on experience in emerging tech fields through structured virtual internships. Our Cyber Security Internship is designed to build a strong foundation in ethical hacking, threat detection, and system defense , making you industry-ready for a high-demand domain. 🚀 Internship Overview As a Cyber Security Intern , you will work on projects that simulate real-world cyber threats, learn to identify and mitigate vulnerabilities, and explore techniques used by security professionals to protect systems and data. 🔧 Key Responsibilities Conduct vulnerability assessments and basic penetration testing Analyze logs and traffic to identify potential threats or breaches Assist in incident response and threat mitigation activities Learn and work with tools such as Kali Linux, Burp Suite, Nmap, Metasploit, and Wireshark Study and apply the OWASP Top 10 and other security standards Support the development of security protocols and documentation Stay updated on emerging cyber threats and protection mechanisms ✅ Qualifications Currently pursuing or recently completed a degree in Cybersecurity, IT, Computer Science , or a related field Basic knowledge of networking concepts, operating systems, and system vulnerabilities Familiarity with ethical hacking techniques and cybersecurity tools Understanding of firewalls, encryption, and authentication methods Strong problem-solving skills and a desire to learn more about cyber defense Passion for cybersecurity and protecting digital environments 🎓 What You’ll Gain Hands-on experience with real-world cybersecurity tools and challenges Insight into threat analysis, penetration testing, and security compliance Internship Certificate upon successful completion Letter of Recommendation for high performers Opportunity for a Full-Time Offer based on performance A strong foundation for pursuing careers like Ethical Hacker, SOC Analyst, or Penetration Tester

Key Responsibilities: Conduct red team exercises to simulate sophisticated, real-world attacks and evaluate the effectiveness of security controls. Perform targeted penetration tests and vulnerability assessments to uncover and exploit security weaknesses. Develop and execute complex attack scenarios to challenge the organization's defenses. Collaborate with defensive security teams to remediate identified vulnerabilities and enhance security measures. Utilize and integrate advanced offensive security tools, such as Metasploit, Burp Suite, and Kali Linux, into the red team testing framework. Provide expert analysis and interpretation of red team tools and their results. Create and maintain detailed documentation related to red team activities, including test plans, attack scenarios, and incident response procedures. Contribute to the development and delivery of specialized security training and awareness programs focused on red team techniques. Ensure design and implementation of security controls and best practices from a red team perspective. Support the Offensive Security Lead in developing and refining the red team program. Assist with the evaluation and implementation of new red team technologies and improvements to existing processes. Qualifications: Bachelor’s degree in computer science, Information Security, or a related technical field. 4+ years of experience in offensive security, with a focus on penetration testing and red teaming. In-depth understanding of encryption technologies, authentication protocols, and other security mechanisms. Preferred Skills: Relevant security certifications (e.g., OSCP, OSCE, CEH, GPEN). Key Responsibilities: Conduct red team exercises to simulate sophisticated, real-world attacks and evaluate the effectiveness of security controls. Perform targeted penetration tests and vulnerability assessments to uncover and exploit security weaknesses. Develop and execute complex attack scenarios to challenge the organization's defenses. Collaborate with defensive security teams to remediate identified vulnerabilities and enhance security measures. Utilize and integrate advanced offensive security tools, such as Metasploit, Burp Suite, and Kali Linux, into the red team testing framework. Provide expert analysis and interpretation of red team tools and their results. Create and maintain detailed documentation related to red team activities, including test plans, attack scenarios, and incident response procedures. Contribute to the development and delivery of specialized security training and awareness programs focused on red team techniques. Ensure design and implementation of security controls and best practices from a red team perspective. Support the Offensive Security Lead in developing and refining the red team program. Assist with the evaluation and implementation of new red team technologies and improvements to existing processes. Qualifications: Bachelor’s degree in computer science, Information Security, or a related technical field. 4+ years of experience in offensive security, with a focus on penetration testing and red teaming. In-depth understanding of encryption technologies, authentication protocols, and other security mechanisms. Preferred Skills: Relevant security certifications (e.g., OSCP, OSCE, CEH, GPEN).

Key Responsibilities Penetration Testing (Primary Focus): Perform manual and automated penetration testing on web applications, APIs, infrastructure, and cloud-hosted environments. Conduct red team/purple team exercises to simulate advanced threat actor behavior using frameworks like MITRE ATT&CK. Identify security flaws, misconfigurations, and business logic vulnerabilities across hybrid and cloud environments. Use tools such as Burp Suite, Nmap, Metasploit, Cobalt Strike, and custom scripts to simulate attacks. Provide detailed reports with risk ratings, technical impact, and remediation recommendations. Collaborate with DevOps and application teams to validate, reproduce, and remediate identified issues. Continuously research and adopt emerging offensive techniques, vulnerabilities, and toolsets. Cloud Security (Secondary but Required): Assess cloud environments (Azure, AWS, GCP) for security weaknesses, including exposed services, misconfigured IAM, and insecure storage. Assist in secure design reviews and threat modeling for cloud-native workloads. Use tools like Microsoft Defender for Cloud, Prisma Cloud, Wiz, or ScoutSuite to identify misconfigurations. Automate detection of insecure infrastructure via Infrastructure-as-Code (Terraform, Bicep, etc.). Support incident response activities related to cloud-based threats and unauthorized access. Compliance and Governance Support: Understand and apply security testing methods aligned with: HIPAA (for healthcare application testing), PCI-DSS (for applications storing/processing cardholder data), and NESA (UAE-specific cybersecurity baseline). Participate in security audits and assessments by providing technical evidence and findings. Maintain documentation for vulnerability management, security testing scope, and remediation tracking. Required Skills and Experience 2+ years of hands-on experience in penetration testing and offensive security engagements. Deep understanding of application security testing, OWASP Top 10, and real-world exploit techniques. Experience testing cloud workloads (Azure, AWS, or GCP) from an attacker's perspective. Familiarity with red/purple teaming, lateral movement, privilege escalation, and post-exploitation techniques. Strong proficiency with tools like Burp Suite Pro, Nmap, Metasploit, Cobalt Strike, etc. Scripting experience with Python, PowerShell, or Bash to develop custom tools and automate testing. Exposure to SIEM, CSPM, and EDR platforms for identifying and responding to test detections. Preferred Certifications (Offensive & Cloud Focused) Penetration Testing / Offensive Security: OSCP (Offensive Security Certified Professional) OSEP / OSCE / GPEN / GWAPT / CRTO CEH (Certified Ethical Hacker – practical) Cloud Security (Supplementary): Microsoft Certified: Azure Security Engineer Associate AWS Certified Security – Specialty Google Cloud Professional Security Engineer Compliance (Optional but Useful): CISSP, CCSP, or CISM Certified HIPAA Professional (CHP), PCI ISA Familiarity with UAE’s NESA compliance standards Show more Show less

Role: Infosec Lead Location: Noida, India www.SEW.ai Who We Are SEW, with its innovative and industry-leading cloud platforms, delivers the best Digital Customer Experiences (CX) and Workforce Experiences (WX), powered by AI, ML, and IoT Analytics to the global energy, water, and gas providers. At SEW, the vision is to Engage, Empower, and Educate billions of people to save energy and water . We partner with businesses to deliver platforms that are easy-to-use, integrate seamlessly, and help build a strong technology foundation that allows them to become future- ready. Searching for your dream job? We are a true global company that values building meaningful relationships and maintaining a passionate work environment while fostering innovation and creativity. At SEW, we firmly believe that each individual contributes to our success and in return, we provide opportunities from them to learn new skills and build a rewarding professional career. A Couple of Pointers • We are the fastest growing company with over 420+ clients and 1550+ employees. • Our clientele is based out in the USA, Europe, Canada, Australia, Asia Pacific, Middle East • Our platforms engage millions of global users, and we keep adding millions every month. • We have been awarded 150+ accolades to date. Our clients are continually awarded by industry analysts for implementing our award-winning product. • We have been featured by Forbes, Wall Street Journal, LA Times for our continuous innovation and excellence in the industry. Who we are looking A successful Application Penetration Tester working at SEW should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, operating system functionality, application manipulation, vulnerability discovery, and analysis, as well as exploit development. This job requires strong critical thinking skills and an analytical mindset; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could involve penetration testing of both software and network to breach the security of a target system or reverse-engineering an application and encryption method to gain access to sensitive data. If you have experience performing penetration tests against web applications, mobile applications and can present your findings while demonstrating strong analytical skills, then you’re the type of Penetration Tester we’re looking for. Requirements • Perform penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and exploit vulnerabilities • Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities • Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, etc. • Detect, identify, and exploit vulnerabilities across various operating systems, applications, and hardware • Develop comprehensive and accurate reports and presentations for both technical and executive audiences • Effectively communicate findings and strategy to stakeholders Qualifications • 5-8 years experience in: Web Application Assessments, Mobile Application Assessments • Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, Kali Linux etc. • Possess understanding of various penetration testing and hacking methodologies such as OWASP, PTES, NIST SP800- 115 • Source Code Review & Reverse Engineering • Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification preferred • Demonstrated experience in one or more computer programming and scripting languages such as Python, Bash, PHP, Java, C#, .NET, Swift, Kotlin, JavaScript, Perl, Ruby • Reverse engineering malware, data obfuscators, or ciphers • Experience with methodologies pertaining to both static and dynamic analysis for different application types and platforms • Strong knowledge of tools used for application testing and testing of different platforms, including those used in both static and dynamic analysis • Thorough understanding of network protocols, data on the wire, application desi Show more Show less

Role Title: Cyber Defense Specialist – Senior SOC Analyst (L3/L4 | Threat Detection | Incident Response) 📍 Location: Manesar, Haryana (Onsite | Government Sector Engagement) 🏢 Organization: VVNT SEQUOR LLP, Noida 📅 Start Date: Immediate to ≤ 1 Month Preferred About the Role Join VVNT SEQUOR LLP as a Cyber Defense Specialist supporting our prestigious Government Sector client . With 8–10 years of deep expertise in SOC operations, SIEM platforms, and threat intelligence , you’ll be leading high-severity incident response efforts, forensic investigations, and proactive threat hunting. This is not just a monitoring role — it’s a frontline cybersecurity command post where you’ll shape detection strategies, automate response mechanisms, and act as a senior escalation point for L3/L4 security challenges. Your Core Responsibilities 🎯 SIEM & Threat Hunting Lead monitoring of security events using ArcSight , Splunk , ELK , and custom dashboards Develop and fine-tune correlation rules , detection use cases, and threat indicators Conduct proactive threat hunting using the MITRE ATT&CK framework, threat intel, and behavioral analytics 🚨 Incident Response & Digital Forensics Execute the full incident lifecycle —detection, containment, investigation, recovery, and RCA Perform forensic investigations : memory analysis, packet capture review, EDR telemetry (e.g., CrowdStrike , SentinelOne ) Conduct post-incident reviews , document findings, and coordinate RCA sessions with stakeholders 🛠️ Vulnerability Management & Infrastructure Security Conduct VAPT assessments using tools like Nessus , Qualys , OpenVAS , Metasploit , Burp Suite Manage and fine-tune Firewalls (Palo Alto, FortiGate) , WAF , IDS/IPS , and Anti-DDoS appliances Support audits and documentation for ISO 27001 , NIST CSF , and related compliance mandates ⚙️ Automation & Security Enablement Drive integration with SOAR platforms , building automated playbooks using Python , PowerShell , or REST APIs Mentor L1/L2 teams, lead internal security drills, and run awareness campaigns (e.g., KnowBe4 ) Collaborate on blue/purple team exercises to improve detection coverage Ideal Candidate Profile 8–10 years of SOC experience with strong L3/L4 exposure Expert in SIEM/EDR/SOAR tools , threat modeling, forensic analysis, and advanced detection Excellent in handling escalations, drafting RCA reports, and coordinating with InfoSec, Infra, and Audit teams Comfortable with mission-critical response , working in regulated or high-compliance environments Preferred Certifications / Experience Certifications: CEH, CHFI, GCFA, GCIA, Security+, Splunk Certified Analyst Experience with cloud security monitoring tools (AWS GuardDuty, Azure Sentinel, TIPs) Bonus: Exposure to OT/ICS environments , Red/Blue/Purple team operations, or critical infrastructure protection Why VVNT SEQUOR? Work on strategic cybersecurity projects for a Government client Get hands-on with next-gen detection tools and nation-grade threat response protocols Enjoy subsidized cab & lunch while working in a high-impact, innovation-led setup Be recognized as a cyber leader , not just an operator Application Process Send the following to: 📧 chaitali@vvntsequor.in , parveen.arora@vvntsequor.in 📱 WhatsApp: +91-9891810196 / +91-8802801739 Please include: Updated Resume (with certifications) Last Drawn & CTC Earliest Joining Date (Immediate to Max 1 Month only) Optimized Tags / Keywords Senior SOC Analyst | Cybersecurity Specialist | Threat Hunting | SIEM (Splunk, ArcSight) | Incident Response | Forensics | CrowdStrike | EDR | SOAR Automation | MITRE ATT&CK | ISO 27001 | NIST CSF | Python Scripting | VAPT | Firewall Security | L3 L4 Escalation Show more Show less

We are seeking a skilled and proactive Medical Device Cybersecurity Engineer to join our team. This position plays a critical role in ensuring the cybersecurity and regulatory compliance of our connected medical devices throughout the product lifecycle. The ideal candidate has hands-on experience in threat modeling, managing third-party software components, performing vulnerability scans and penetration testing, and collaborating across cross-functional teams to integrate robust cybersecurity controls in accordance with FDA and global regulatory requirements. Key Responsibilities: Perform and maintain comprehensive threat modeling (e.g., STRIDE) for embedded and connected medical devices. Perform regular vulnerability scans, penetration testing , and static/dynamic analysis using tools such as Kali Linux, Metasploit, Wireshark, NMAP, Fortify, Nessus, or similar. Develop and update cybersecurity risk assessments as part of the overall risk management process (including CVSS scoring). Define, implement, and document security controls based on threat model outcomes. Manage and maintain Software Bill of Materials (SBOM) in compliance with FDA premarket and post-market guidance and global standards (e.g., NTIA, NIST). Support secure software development lifecycle (SDLC) practices including secure coding reviews. Conduct cybersecurity surveillance for new threats, advisories, CVEs, and zero-day vulnerabilities that may impact devices post-market. Triage and assess reported vulnerabilities, coordinate remediation and update documentation accordingly. Support preparation of cybersecurity documentation for FDA submissions (e.g., premarket submissions, 510(k), PMA) including security risk management reports and architecture diagrams. Ensure compliance with FDA applicable standards (e.g., ISO 14971, IEC 62304, ANSI/AAMI SW96:2023) Collaborate with Quality, Regulatory, and Engineering to ensure cybersecurity is integrated across the product lifecycle. Collaborate with software, hardware, and systems teams to guide cybersecurity design and testing. Qualifications Required: Bachelors or Masters degree in Computer Engineering, Cybersecurity, Electrical Engineering, or related field. 57 years of experience in embedded systems or medical device cybersecurity. Strong working knowledge of SBOM, SOUP, vulnerability scanning tools, penetration testing, and threat modeling methodologies. Familiarity with relevant regulations and standards (e.g., FDA Cybersecurity Guidance, NIST SP 800-53/30/218, ANSI/AAMI SW96:2023). Experience with secure development tools and CI/CD environments. Preferred: Certified Ethical Hacker (CEH), CISSP, CSSLP, or similar certification. Experience with connected devices (IoMT), wireless protocols (BLE, Wi-Fi), and cloud security principles. Familiarity with DevSecOps practices and security tools integration. Show more Show less

Who we think will be a great fit. A passion for information security with a hacker mindset! Self-motivation and Proactiveness Communication skills What we need... We want people with preferably two or more, of the following: 1. Web Application Security Testing. Knowledge about BURP Suite, manual and automated SQLi Bypass filters that detect SQLi, XSS, etc. People who don't think Injection means only SQLi but SSTI, SSJI, ORMi [HQLi], LDAPi, Eli, XMLi etc. 2. Network Infrastructure Testing. Ability to write custom scripts and wrappers. Knowledge of tools like Responder, Ettercap, tcpdump, Empire, etc.not just Nmap and Nessus Have good knowledge about PowerShell scripting and AD/DC infrastructure. 3. Mobile App Testing. Root/jailbreak and Certificate pinning bypass without any automated tool Dynamic instrumentation using Frida De-obfuscation of APK/IPA file 4. IoT Testing. MQTT attacks Fuzzing of IoT devices Firmware extraction 5. Cloud Testing. A good understanding of the cloud infrastructure that includes AWS, Azure and Google cloud. Have a good understanding of microservices architecture. 6. Secure Code Review. Ability to visualize and compile applications without any compiler (in your mind). Has the ability to learn a new programming language on-the-go. Preferred candidate profile : Candidates with relevant professional experience will be given preference.

Job Title: Senior VAPT (Vulnerability Assessment & Penetration Testing) Engineer Location: Indore Experience Required: 5+ Years Job Type: Full-Time Job Summary: We are looking for an experienced and highly skilled VAPT Engineer with a strong background in cybersecurity and hands-on expertise in conducting vulnerability assessments and penetration testing of IT infrastructure, applications, and networks. The candidate must have in-depth knowledge of CERT-In guidelines, security best practices, and regulatory compliance requirements. Key Responsibilities: · - Perform Vulnerability Assessment & Penetration Testing (VAPT) on web applications, mobile applications, APIs, networks, cloud infrastructure, servers, and endpoints. · - Prepare and deliver detailed technical reports with findings, risk ratings, and actionable remediation recommendations. · - Simulate real-world cyberattacks to identify potential security flaws and vulnerabilities. · - Collaborate with development and IT teams to validate and fix vulnerabilities. · - Implement and monitor secure coding practices and DevSecOps principles during SDLC. · - Ensure all testing activities are in line with CERT-In guidelines and other applicable standards (ISO 27001, OWASP, NIST, etc.). · - Stay up-to-date with the latest threats, vulnerabilities, and attack vectors. · - Prepare reports and evidence required for CERT-In audits and compliance. · - Assist in developing internal security policies and SOPs for secure infrastructure. · - Guide and mentor junior security analysts, if required. Required Skills & Qualifications: · - Bachelor's degree in Computer Science, Information Security, or a related field. · - Minimum 5 years of hands-on experience in VAPT and cybersecurity. · - Expertise in tools such as Burp Suite, Nessus, Nmap, Metasploit, Acunetix, Wireshark, Nikto, OWASP ZAP, etc. · - Strong knowledge of OWASP Top 10, SANS 25, and other industry security standards. · - Solid understanding of network protocols, web application architecture, firewalls, IDS/IPS, and endpoint security. · - Familiarity with scripting and automation (Python, Bash, PowerShell). · - Experience in writing and reviewing security assessment reports for technical and non-technical stakeholders. · - In-depth knowledge of CERT-In audit requirements, documentation, and compliance process. Certifications (Preferred): · - CEH / OSCP / LPT / CRTP / CompTIA Pentest+ · - Any CERT-In empanelment project experience will be a strong advantage. Additional Information: · - Strong communication, documentation, and interpersonal skills. · - Ability to manage multiple engagements and deliver under tight timelines. · - Should be able to work independently or in a team. Job Type: Full-time Pay: ₹30,000.00 - ₹45,000.00 per month Benefits: Provident Fund Schedule: Day shift Work Location: In person

Job description As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and networks. This position offers an exciting opportunity to work on challenging projects, collaborate with talented professionals, and contribute to the advancement of cybersecurity practices. Key Responsibilities : Perform end-to-end Vulnerability Assessment and Penetration Testing (VAPT) for clients' IT infrastructure, applications, and networks. Conduct thorough security assessments using industry-standard tools and methodologies, including but not limited to, Nmap, Nessus, Metasploit, Burp Suite, and OWASP. Identify and exploit security vulnerabilities to assess the potential impact on clients' systems and data. Prepare detailed assessment reports outlining findings, risk levels, and recommended remediation measures. Collaborate with clients' IT teams to prioritize and address identified security issues in a timely manner. Develop and implement custom scripts or tools to enhance testing capabilities and automate repetitive tasks. Stay abreast of emerging security threats, vulnerabilities, and industry best practices to continually improve testing methodologies. Provide guidance and mentorship to junior security engineers, fostering a culture of knowledge sharing and skill development within the team. Requirements: Bachelor's degree in Computer Science, Information Technology, or related field. 2+ years of experience in cybersecurity, with a focus on Vulnerability Assessment and Penetration Testing. Proficiency in using tools such as Nmap, Nessus, Metasploit, Burp Suite, and OWASP. Hands-on experience with various operating systems, including Windows, Linux, and Unix. Strong understanding of network protocols, web application architecture, and common security vulnerabilities. Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar certifications preferred. Excellent analytical skills and attention to detail, with the ability to prioritize and manage multiple tasks effectively. Effective communication skills, both verbal and written, with the ability to convey technical concepts to non-technical stakeholders. Proven track record of delivering high-quality security assessments and actionable recommendations. Show more Show less