492 Metasploit Jobs - Page 2

As an Analyst in Cyber Security, you will be responsible for applying your hands-on expert knowledge of tools such as Burp, Nessus, Nmap, Nipper, Metasploit, and other latest tools in the field. Your expertise will be crucial in conducting Vulnerability Assessment and Penetration Testing (VAPT) across various domains including Cloud Security, Web, and Mobile Applications. You should possess a solid understanding of OWASP top 10 and other application/network security frameworks to effectively discover and analyze security vulnerabilities. Your experience in Web Application and Internal/External Network Testing will be key in identifying and mitigating security risks. Moreover, your skills in Configuration Review, policy review, system and network hardening, as well as endpoint review will play a vital role in enhancing the overall security posture. Experience in Application Code Review and Testing tools will be an added advantage in this role. Your ability to create comprehensive reports and communicate effectively, both in writing and verbally, will be essential as you directly engage with clients during projects. You will also be expected to review cyber-attack surfaces, recommend security measures, and conduct cyber investigations when necessary. A minimum of 1 year of post-qualification experience in Security Testing Projects is required for this position. Holding certifications such as CEH/CHFI, OSCP/eWPTX, or any other industry-recognized security certification will be advantageous. If you have a basic scripting knowledge in any language, it will be considered a plus. Additionally, your willingness to travel as needed will be appreciated in this role.,

At BMC, trust is not just a word - it's a way of life! We are an award-winning, equal opportunity, culturally diverse, and fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, as we believe that you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! BMC Software is currently seeking a motivated and skilled individual to join the Product Security Group in a senior technical position. The successful candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, and penetration testing. As a penetration tester, you will play a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. **Roles And Responsibilities:** - Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. - Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. - Provide expert guidance on application security best practices. - Research and develop new penetration testing methodologies, tools, and techniques. **Qualifications & Skills:** - 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. - Penetration testing experience is essential; prior participation in bug bounty programs is a plus. - Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). - Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. - Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. - Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. - Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. - Ability to think creatively and analytically to identify and exploit vulnerabilities. - Strong problem-solving skills when encountering unexpected challenges during testing. - Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. - Meticulous attention to detail in documenting findings and creating reports. - Effective time management skills to meet project deadlines and testing schedules. - High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. **Preferred Skills:** - Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). - Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks. BMC's culture is built around its people. With over 6000 brilliant minds working together across the globe, you won't be known just by your employee number, but for your true authentic self. If you are unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experiences to ensure we face the world together with the best ideas.,

Key Responsibilities Update Mechanism & Distribution Testing Assess update delivery pipeline for unauthorized access, misconfigurations, or delivery flaws. Simulate HMAC token forge/replay attacks to test authentication robustness. Test code-signing integrity by attempting to modify signed update bundles. Simulate rollback scenarios, downgrade attack vectors, and patch bypass attempts. Backend & Infrastructure Security Perform RBAC abuse tests to detect privilege escalation opportunities. Verify audit logging and forensic traceability of system actions. Check backend service configurations for policy compliance and data protection. Availability & Threat Resilience Conduct DoS resilience testing by simulating excessive/malformed requests. Perform mobile reverse engineering to detect information leakage or insecure storage. Reporting & Retesting Provide a detailed vulnerability report with CVSS scores and POC evidence. Collaborate with DevSecOps for remediation validation and re-testing. Required Skills & Qualifications 7+ years of penetration testing experience in enterprise environments. Deep knowledge of OWASP Top 10 (Web, API, Mobile). Hands-on experience testing mobile hybrid apps (Capacitor/Ionic). Expertise in code signing, HMAC validation, and secure OTA update mechanisms. Familiarity with Azure-hosted services, WebAPI, and SQL Server. Proficient with tools such as Burp Suite, MobSF, Frida, Drozer, OWASP ZAP, Metasploit, Postman, Wireshark. Strong scripting/debugging knowledge (Python, JavaScript, Bash). Understanding of regulatory/compliance frameworks: ISO 27001, GDPR, NIST. Certifications preferred: OSCP, CEH, GMOB, GWAPT. Additional Context App Architecture: Hybrid (Ionic + Capacitor) Backend: .NET Core, WebAPI, Azure Blob Storage CI/CD: Azure DevOps, App Center Governance: Scoped under Qatar Airways IT & Cyber Security policies

Cyber security instructor, SOC operations, Bug bounty operations, Network Security, Python Scripting, Security Consulting, Training Delivery, Student Mentorship, Assessment and Evaluation

This role has been designed as ‘Hybrid’ with an expectation that you will work on average 2 days per week from an HPE office. Who We Are Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE. Job Description Job Family Definition: Designs, develops, troubleshoots and debugs software programs for software enhancements and new products. Develops software including operating systems, compilers, routers, networks, utilities, databases and Internet-related tools. Determines hardware compatibility and/or influences hardware design. Management Level Definition Contributes to assignments of limited scope by applying technical concepts and theoretical knowledge acquired through specialized training, education, or previous experience. Acts as team member by providing information, analysis and recommendations in support of team efforts. Exercises independent judgment within defined parameters. What You'll Do Juniper Networks is hiring Security Research Engineers/IDS-IPS Signature Developer for their Next Generation Firewalls. You will be part of Juniper Networks L4-L7 Next General Firewall Team responsible for providing protection against latest network vulnerabilities and threats. You will be part of a highly dynamic and engaging team that protects customers network against malicious actors. What You Need To Bring Knowledge in network vulnerabilities, detection tools and technologies Knowledge in exploitation and mitigation techniques. Hands on experience using wireshark/tcpdump or a similar network analysis tool on a daily basis Experience with any open source or commercial IDS/IPS Signature writing/validation. Experience in scripting languages like Python/Shell scripting. Understanding of IP/TCP/UDP and ICMP protocols including header contents and protocol flow concepts. Solid understanding at the packet level of common internet protocols such as HTTP, DNS, SMTP, POP3, IMAP, SSL, Telnet, SSH, SNMP, etc. Experience in penetration testing tools like metasploit and coreimpact desirable. The candidate must possess excellent communication skills, both verbal and written. Additional Skills Cloud Architectures, Cross Domain Knowledge, Design Thinking, Development Fundamentals, DevOps, Distributed Computing, Microservices Fluency, Full Stack Development, Security-First Mindset, Solutions Design, Testing & Automation, User Experience (UX) What We Can Offer You Health & Wellbeing We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing. Personal & Professional Development We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division. Unconditional Inclusion We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. Let's Stay Connected Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE. #india #networking Job Engineering Job Level TCP_01 HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity. Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities. HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

JOB LOCATION: Pune, Maharashtra ​ MINIMUM QUALIFICATION: Minimum 2 years of professional experience in cybersecurity or a related domain Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field Hands-on coding experience in at least one of the following: Python, Go, or JavaScript Strong proficiency with common vulnerability assessment and penetration testing tools such as Nessus, Metasploit, Nmap, Burp Suite , etc. Experience working with operating systems such as Kali Linux, Linux, and Windows Solid understanding of networking concepts and security engineering principles Relevant certifications such as CRTP (Certified Red Team Professional) or equivalent DESIRED QUALIFICATION: Master’s degree in Cybersecurity or a related field Industry-recognized certifications such as OSCP (Offensive Security Certified Professional) or GPEN (GIAC Penetration Tester) Strong technical writing and reporting skills Familiarity with secure development practices and security automation is a plus ​ RESPONSIBILITIES AND JOB DESCRIPTION: Lead and perform in-depth vulnerability assessments to identify security weaknesses in client systems and infrastructure Conduct and oversee penetration tests to simulate real-world cyber threats and uncover exploitable vulnerabilities Deliver expert recommendations and help implement effective mitigation strategies for identified risks Innovate and contribute to the development of new security testing tools, scripts, and methodologies Participate in corporate security triage and incident response processes — including vulnerability analysis, remediation planning, and stakeholder communication Actively mentor junior analysts , sharing knowledge on testing techniques, tools, and industry best practices Stay up-to-date with emerging threats, vulnerabilities, and attack techniques Prepare detailed and well-structured reports outlining findings, impact assessments, and actionable remediation steps

About the Company Softcell Global Technologies Pvt. Ltd. is a leading IT services provider with over 30 years of experience in infrastructure solutions, cybersecurity, cloud, and engineering. Trusted by top banks, enterprises, and government institutions, Softcell is a CERT-In empaneled organization at the forefront of cybersecurity service delivery. About the Role Softcell Global Technologies Pvt. Ltd. is seeking a highly skilled Senior Security Analyst with strong offensive security capabilities across the Web, Network, Mobile, Active Directory, OT environments and at least 4-5 years of experience in vulnerability assessment, penetration testing and code review. The ideal candidate must demonstrate proven hands-on experience, leadership ability, and excellent communication skills to manage project delivery, lead a technical team, and coordinate directly with enterprise clients. Practical skills are mandatory, and all shortlisted candidates will undergo a practical assessment. Responsibilities Conduct in-depth penetration tests on web apps, APIs, networks, cloud, and OT environments. Execute internal infrastructure and Active Directory exploitation using BloodHound, CrackMapExec, Impacket, etc. Perform OT/ICS/SCADA security testing, including assessments of protocols and firmware. Conduct comprehensive manual reviews to identify security flaws, insecure patterns, and logical vulnerabilities – SAST and DAST. Chain vulnerabilities to simulate end-to-end real-world attack scenarios and provide POCs. Team Leadership & Client Coordination Lead and mentor junior security analysts during engagements. Act as the technical lead for VAPT projects, ensuring timely delivery and quality assurance. Interface directly with clients to understand requirements, present findings, and suggest remediation strategies. Manage testing schedules, reporting timelines, and escalation workflows. Draft detailed vulnerability reports with actionable remediation. Qualifications Bachelor’s degree in Computer Science, Cybersecurity, or related field. Required Skills 4–5 years of hands-on experience in penetration testing and red teaming. Strong grasp of OWASP Top 10, MITRE ATT&CK, and real-world threat simulation. Expertise in AD security, internal lateral movement, and domain privilege escalation. Familiarity with OT security controls, risk frameworks (NIST, IEC 62443), and protocol fuzzing. Scripting proficiency in Python, PowerShell, or Bash. Exposure to tools like Nmap, Wireshark, Burp Suite, Metasploit, BloodHound, SonarQube, Checkmarx, etc. Leadership experience in managing client-facing pentest projects. Excellent communication, documentation, and collaboration skills. Preferred Skills Preferred Certifications: OSCP – Offensive Security Certified Professional OSWE – Offensive Security Web Expert CRTP – Certified Red Team Professional CRTE – Certified Red Team Expert CPENT – Certified Penetration Testing Professional CEH – Certified Ethical Hacker eJPT, eCPTX, CBBH, PNPT – or equivalent certifications in advanced adversarial simulation. Immediate Joiners Preferred Practical Skills are a Must Location: Delhi and Bangalore (Onsite Only) Equal Opportunity Statement Be part of a CERT-In empaneled cybersecurity team delivering critical security services. Get exposure to real-world attack simulations, internal security assessments, and VAPT projects. Learn and grow under certified red teamers and penetration testers. Access lab environments, tools, and mentoring to grow your skills. Regards HR Team

About the Company Softcell Global Technologies Pvt. Ltd. is a leading IT services provider with over 30 years of experience in infrastructure solutions, cybersecurity, cloud, and engineering. Trusted by top banks, enterprises, and government institutions, Softcell is a CERT-In empaneled organization at the forefront of cybersecurity service delivery. About the Role Softcell Global Technologies Pvt. Ltd. is looking for a passionate and skilled Security Analyst with at least 2-3 years of experience in vulnerability assessment, penetration testing and code review. The ideal candidate should have a foundational understanding of cybersecurity, good hands-on skills with security tools, and hold certifications such as OSCP, CRTP, eJPT, CPENT, CEH or equivalents. The role involves supporting offensive security operations, assisting in analysis and reporting, and collaborating with senior analysts during engagements. Responsibilities Conduct in-depth penetration tests on web apps, APIs, networks, cloud, AD and OT environments. Conduct comprehensive manual reviews to identify security flaws, insecure patterns, and logical vulnerabilities – SAST and DAST. Chain vulnerabilities to simulate end-to-end real-world attack scenarios and provide POCs. Act as a collaborator for VAPT projects, ensuring timely delivery and quality assurance. Interface directly with clients to present findings and suggest remediation strategies. Collaborate to manage testing schedules, reporting timelines, and workflows to ensure on-time delivery. Draft detailed vulnerability reports with actionable remediation. Qualifications Bachelor’s degree in Computer Science, Cybersecurity, or related field. Required Skills Minimum 2-3 years of experience in vulnerability assessment and penetration testing support. Strong grasp of OWASP Top 10, MITRE ATT&CK, and real-world threat simulation. Scripting proficiency in Python, PowerShell, or Bash. Exposure to tools like Nmap, Wireshark, Burp Suite, Metasploit, BloodHound, SonarQube, Checkmarx, etc. Excellent communication, documentation, and collaboration skills. Preferred Skills Preferred Certifications: OSCP – Offensive Security Certified Professional OSWE – Offensive Security Web Expert CRTP – Certified Red Team Professional CRTE – Certified Red Team Expert CPENT – Certified Penetration Testing Professional CEH – Certified Ethical Hacker eJPT, eCPTX, CBBH, PNPT – or equivalent certifications in advanced adversarial simulation. Immediate Joiners Preferred. Practical Skills are a Must. Location: Delhi and Bangalore (Onsite Only). Equal Opportunity Statement We must fill this position urgently. Can you start immediately? Ideal answer: Yes. Why Join Softcell? Be part of a CERT-In empaneled cybersecurity team delivering critical security services. Get exposure to real-world attack simulations, internal security assessments, and VAPT projects. Learn and grow under certified red teamers and penetration testers. Access lab environments, tools, and mentoring to grow your skills. Regards HR Team

Apply here: https://forms.gle/9fBrbzuUM86A4pmc6 About Us AppSecure.Security is a premier cybersecurity firm dedicated to helping organizations identify and address vulnerabilities in their systems. We’re seeking a highly skilled Senior Penetration Tester to lead impactful security assessments across diverse platforms. If you’re passionate about cybersecurity and excel in dynamic, challenging environments, we’d love to hear from you! Key Responsibilities: Conduct comprehensive penetration tests on web applications, mobile apps, APIs, and networks. Lead red teaming engagements to simulate real-world attack scenarios and evaluate security defenses. Perform vulnerability assessments and deliver actionable remediation guidance. Research and exploit vulnerabilities to demonstrate risks and potential impacts. Prepare detailed technical reports and executive summaries outlining findings and recommendations. Collaborate with clients and internal teams to enhance overall security posture. Stay up to date on the latest security trends, vulnerabilities, and tools. Contribute to improving internal methodologies and toolsets. Mentor junior team members and provide guidance on complex projects. Required Qualifications: Experience: At least 3 years in penetration testing, covering web, mobile, API, and network environments. Certifications: Hold at least one of the following: OSCP (Offensive Security Certified Professional) OSWE (Offensive Security Web Expert) CREST CRT (Certified Registered Tester) Other relevant certifications are a plus. Technical Skills: Proficiency with security tools and frameworks (e.g., Burp Suite, Metasploit, Kali Linux). Expertise in manual testing techniques and exploitation methods. Strong knowledge of OWASP Top 10, SANS Top 25, and the MITRE ATT&CK framework. Experience with scripting and automation (e.g., Python, Bash, PowerShell). Red Teaming Expertise: Proven experience in red teaming and advanced attack simulations. Bug Bounty Programs: Success in bug bounty programs is a significant advantage. Excellent problem-solving skills and attention to detail. Strong written and verbal communication skills. What we Offer: Flexible Work Environment: Remote-first culture with flexible hours. Challenging Projects: Opportunities to work on cutting-edge cybersecurity initiatives. Professional Growth: Access to training resources and certifications for career development. Supportive Culture: A collaborative and encouraging team environment. Competitive Compensation: Attractive salary and benefits package. How to Apply If you’re ready to take the next step in your cybersecurity career, apply now by filling out the Google form: https://forms.gle/9fBrbzuUM86A4pmc6 Join us at AppSecure.Security and make a real impact in securing the digital world!

Job Overview: We are looking for a talented and experienced Application Security Engineer to join our team. The ideal candidate will have a strong understanding of application security standards, tools, and methodologies and will be responsible for conducting security assessments, penetration testing, and vulnerability analysis for web and mobile applications. This role requires hands-on experience with both automated and manual testing tools, familiarity with security mechanisms, and a commitment to improving the overall security posture of the organization. Key Responsibilities: • Conduct security assessments for both web and mobile applications. • Perform vulnerability assessments and penetration tests using tools such as Burp Suite Pro, AppScan, Veracode, Fortify, WebInspect, Acunetix, etc. • Leverage mobile application testing tools like Drozer, Xposed, MobSF, SSLTrustKiller, Frida, apktool, dex2jar, jadx, and IDA for iOS and Android applications. • Conduct thorough testing of APIs to identify security flaws. • Utilize OWASP and SANS standards to guide security practices. • Stay up to date with the latest security testing tools, techniques, and ethical hacking methodologies. • Compile and present risk-based findings to stakeholders, providing detailed reports and suggesting appropriate mitigations. • Provide expertise on penetration testing methodologies, including black box, grey box, and white box testing. • Demonstrate proficiency with common penetration testing tools such as nmap, Wireshark, Kali Linux, Metasploit, OpenVAS, OWSAP ZAP, Accunetix, Nikto, Nessus, and sqlmap. • Assist development teams with implementing penetration tests as part of the Secure Software Development Life Cycle (Secure SDLC). • Create and refine security checklists tailored to organizational needs. • Ensure continuous security improvement by making suggestions for system and process enhancements. • Experience working with SaaS, IaaS, and PaaS environments, helping integrate and optimize security technologies and processes. Skills and Qualifications: • Proficiency with OWASP Top 10 and SANS security standards. • Strong experience in using security assessment tools, including both static (SAST) and dynamic (DAST) application security testing tools. • Hands-on experience with mobile application security testing and mobile-specific vulnerabilities. • Proficient with web technologies such as J2EE, XML, JSON, SOAP, REST, and AJAX. • Basic programming knowledge in Java, JavaScript, and SQL. • Familiarity with encryption, authentication, and authorization techniques for secure software development. • Experience in automating security testing using scripting languages like Python, Bash, or Java. • Knowledge of network security and vulnerability assessment practices. • Experience in Secure Code Review and identifying vulnerabilities in the source code. • Strong understanding of various security techniques and risk assessment processes. Certifications: • Certified Ethical Hacker (CEH) or equivalent certifications related to application security. Desired Competencies: • OWASP, Burp Suite, Web Application Security, Acunetix, Vulnerability Assessment, Network Security, Mobile Application Security. • Proficient in Secure Code Review, Python, Bash, Java, and Automation scripting.

Key Job Responsibilities: VOC - VI (Vulnerability Intelligence) & ASM (Attack Surface Management) Analyst Environment / Context Saint Gobain, world leader in the habitat and construction market, is one of the top 100 global industrial groups. Saint-Gobain is present in 68 countries with 171 000 employees. They design, manufacture and distribute materials and solutions which are key ingredients in the wellbeing of each of us and the future of all. They can be found everywhere in our living places and our daily life: in buildings, transportation, infrastructure and in many industrial applications. They provide comfort, performance and safety while addressing the challenges of sustainable construction, resource efficiency and climate change . Saint-Gobain GDI Grou pe (250 persons at the head office, including 120 that are internal) is responsible for defining, setting up and managing the Group's Information Systems (IS) and Telecom policy with its 1,000 subsidiaries in 6,500 sites worldwide. The GDI Groupe also carries the common means (infrastructures, telecoms, digital platforms, cross-functional applications ). IN DEC, the IT Development Centre of Saint-Gobain, is an entity with a vision to leverage India’s technical skills in the Information Technology domain to provide timely, high-quality and cost-effective IT solutions to Saint-Gobain businesses globally. Within the Cybersecurity Department, the Cybersecurity Vulnerability Operations Cen ter mission is to Identify, assess and confirm vulnerability and threats that can affect the Group. The CyberVOC teams are based out of Paris and Mumbai and consist of skilled persons working in different Service Lines . Mission The VOC VI & ASM Analyst will be part of a team responsible for monitoring and identifying vulnerabilities as well as proactively assessing their threat with regards to Saint-Gobain context. The team also provides comprehensive feedback and guidance on detected vulnerabilities to assist Security Officers and Application Manager on the remediationpart. This role takes a holistic approach to identifying newly published vulnerabilities and contextualizing them to Saint-Gobain environment as well as tracking potential external entry points to Saint-Gobain systems anddata. The VOC VI & ASM Analyst is responsible for: Vulnerability Intelligence (VI): Monitor new vulnerabilities and assess their criticality and risk severity based on threat, exploit availability, ease of exploit, impact, …Communicate and publish an assessment on vulnerabilities related to software used in Saint-Gobain's scope Maintain timely, high-quality vulnerability bulletins, prioritizing issues against the Group’s asset exposure Update on a regular basis our software inventory in the scope of Vulnerability Assessment Service Keep the vulnerability database up to date; enrich each CVE and security bulletin with QDS, EPSS, CVSS metrics, … Attack Surface Management (ASM): Operate continuous monitoring of external assets via ASM Security tools Update on a regular basis the coverage of ASM tools, by adding known domains and IP ranges belonging to Saint-Gobain Assess the severity of the findings and confirm their presence (review, challenge, FP assessment, …) Track and report exposure trends; escalate high-risk findings to Blue-Team remediation owners Build and use the external footprint to proactively identify new threats and new vulnerabilities Leverage ASM tools to proactively identify external assets subject to newly published vulnerabilities BlackBox Pentesting: Drive proactive follow-up on detected vulnerabilities, engaging system owners and tracking remediationto closure Active follow up with Application managers to onboard new application in the BlackBox Pentesting service Pentest launch Contract follow-up Tools follow up and maintenance Vulnerability Management:Vulnerability review, recategorization, and false positive identification Proactive vulnerability testingand replayPre-analyze and consolidate vulnerability data from various scanning tools Prepare concise syntheses of available vulnerabilities Offer guidance to the SO and CISO on vulnerabilities Collaborate with key stakeholders to develop strategies for vulnerability management Scripting and automation:Automate data extraction and data push from VI and ASM tools to DataLake tools Build automation workflows to streamline vulnerability identification, assessment, and reporting Collaborate with the offensive and defensive teams to enhance vulnerability assessmentand t esting Skills and Qualifications Bachelor's degree in Computer Science, Information Security, EXTC or related field; relevant certifications (e.g., CISSP, CCSP, CompTIA Security+) are a plusProven experience (6+ years) working within the Cybersecurity field, with emphasis on security platform implementation & administration Experience on Penetration testing actions (web application, infrastructure, …) Experience with security scanning tools Experience with VI and ASM tools Experience in investigating newly published vulnerabilities and assessing their risks and severity Experience with scripting languages (e.g., Python, Bash, Powershell, C#, …) for automation and customization of security processes is a plus Experience with Pentester tools (Burp, SQLmap, Metasploit, Kali environment, …) Strong technical skills with an interest in open-source intelligence investigations Knowledge of NIST CVE database, OWASP Top 10, Microsoft security bulletins Excellent writing skills in English and ability to communicate complicate technical challenges in a business language to a range ofstakeholders. Personal Skills Has a systematic, disciplined, and analytical approach to problem solving with Thorough leadership skills & experience Excellent ability to think critically under pressure Strong communication skills to convey technical concepts clearly to both technical and non-technical stakeholders Willingness to stay updated with evolving cyber threats, technologies, and industry trends Capacity to work collaboratively with cross-functional teams, developers, and management to implement robust security measures Additional Information The position is based in Mumbai (India)

Job Title: IT Security Engineer – Contractual (3+ / 5+ / 7+ Years Experience) Compensation: (6-10Lakh/10-15Lakh/12-18Lakh respectively) Location: New Delhi Type: Contractual [ 2 months contract] Openings: Multiple Domain Focus: Network Infrastructure Security, ISO 27019 Compliance Email: hr@pivotsec.in Note: This is an urgent contractual opening. Immediate joiners will be prioritized. Job Summary: P.I.V.O.T Security is seeking skilled IT Security Engineers for contractual roles with a primary focus on network architecture and infrastructure security reviews, covering routers, switches, firewalls, CCTV networks, and related devices. These roles are part of critical infrastructure security compliance assessments in alignment with ISO 27019 standards. Responsibilities (based on experience level): Review the entire network architecture, including: • Core and access routers & switches • Perimeter and internal firewalls • CCTV and physical security network components • Wireless network segmentation and NAC implementations • Conduct firewall audits, rulebase validations, and segmentation testing • Evaluate security configurations for IoT and surveillance systems (e.g., CCTV NVR/DVR) • Lead or support Vulnerability Assessment and Penetration Testing (VA/PT) of infrastructure • Identify gaps in network design, access control, and compliance with ISO 27019 • Document security weaknesses, propose remediations, and engage with client infra teams • Prepare technical documentation, risk reports, and mitigation strategies Skills & Tools: Assessment Tools: Nmap, Nessus, Burp Suite, Metasploit (based on role level) Device Knowledge: Cisco, Fortinet, Palo Alto, Juniper, Hikvision, Dahua, etc. Review Focus: Routing protocols, VLANs, ACLs, VPNs, NAT policies, CCTV network isolation Scripting (Senior roles): PowerShell, Bash, Python Understanding of critical infrastructure protection and ISO/IEC 27019 Certifications (Preferred): CEH, CompTIA Security+ (3–5 YOE) OSCP, CEH, or equivalent (5–7+ YOE) Candidate Requirements: 3 to 7+ years of experience in IT/network security, architecture assessment Strong knowledge of infrastructure hardening and secure configuration practices Ability to review, assess, and advise on physical and logical security architecture Effective communication and client interaction skills Capable of independently preparing architecture review reports To apply, email your updated resume to hr@pivotsec.in Use the subject line: "IT Security – [Years] YOE" (e.g. "IT Security – 5 YOE")

Flawit InfoSec Services Flawit InfoSec Services is a cybersecurity firm delivering comprehensive, end-to-end security solutions to enterprises, startups, and government organizations. Our core expertise includes vulnerability assessment and penetration testing (VAPT), red teaming, security operations center (SOC) implementation, risk and compliance advisory, cloud and DevSecOps security, identity and access management (IAM), and more. With a client-first approach, our certified professionals apply global frameworks like OWASP, NIST, and MITRE ATT&CK to secure digital environments and build long-term resilience against evolving threats. Role – Penetration Tester (On-site, Nashik) We are looking for a skilled Penetration Tester to join our team and lead offensive security engagements across diverse environments. The role involves simulating real-world attacks, identifying security flaws, and helping clients strengthen their cybersecurity posture through hands-on testing and tailored recommendations. Key Responsibilities: Conduct detailed vulnerability assessments and penetration tests on web applications, mobile apps, APIs, networks, wireless environments, cloud infrastructure, and thick client systems Perform red teaming exercises, social engineering assessments, and adversary simulations Reverse engineer malware and binaries to identify behavior and possible countermeasures Conduct secure code reviews to detect logic flaws, insecure implementations, and potential backdoors Prepare in-depth technical and executive reports, outlining vulnerabilities, impact, and remediation strategies Communicate findings to internal teams and client stakeholders, and support remediation discussions Develop custom scripts and tools to automate or enhance testing methodologies Stay updated with emerging threats, vulnerabilities, and attack vectors through continuous research Required Skills and Qualifications: Proven experience in web and mobile application penetration testing (OWASP Top 10, API Security) Proficient in tools such as Burp Suite, Metasploit, Nmap, Nessus, Nikto, sqlmap, Wireshark, and Dirbuster Understanding of red team operations, adversary tactics, and MITRE ATT&CK framework Hands-on knowledge of reverse engineering and malware analysis Familiarity with cloud platform security (AWS, Azure, GCP) and DevSecOps pipelines Good understanding of network protocols, operating system internals, and scripting languages (Python, Bash, PowerShell) Ability to write detailed documentation and deliver concise, clear reports to technical and non-technical audiences Bachelor's degree in Cybersecurity, Computer Science, or a related field Relevant certifications are a plus (OSCP, OSEP, OSCE, CRTP, eJPT, CEH, etc.)

As a Senior Consultant in the Cyber Security department located in Gurugram, you will be responsible for various tasks and possess a range of skills and experiences. Your role will involve working on programming languages used for storing and processing raw data, having knowledge of operating systems such as Windows, macOS, Linux, UNIX, and other OSs, conducting penetration testing, understanding ethical hacking and coding practices, mastering advanced persistent threat management, ensuring firewall safety and management, utilizing encryption techniques and capabilities, conducting compliance assessments, and working with frameworks like COBIT and ITIL. You should have at least 5 years of relevant experience in cybersecurity, IT systems operation, and IT solutions development and maintenance. You must be well-versed in configuring and troubleshooting vulnerability management platforms like Tenable or Qualys, as well as patch management control platforms such as Microsoft MECM/SCCM. Experience in supporting patch management, vulnerability management, or configuration management programs is crucial, along with troubleshooting patch deployment and installation through log analysis and investigation. Your expertise should include knowledge of OWASP top 10 and other network security frameworks, hands-on experience in VAPT for application and network security, skills in configuration review, policy review, hardening of systems and networks, endpoint review, application code review, and testing tools. You should possess excellent communication and analytical skills to interact with clients directly, experience in Mobile AppSEC for Android and iOS, API testing, willingness to travel, good presentation and report-making skills, research knowledge in cyber security for consulting and customizing services, and hands-on working knowledge of tools like Burp, Nessus, Nmap, Qualys, Acunetix, Metasploit, and other relevant tools. Additionally, you should have knowledge of SIEM/SOAR, DLP, EDR/EPP, Firewall/IPS, Web Servers, and basic scripting knowledge in any language would be advantageous. Your role will also involve being willing to travel and actively participating in pre-sales activities, ensuring the highest level of security for clients and their systems.,

Job description Job description Job Title: Cybersecurity Trainer (Full Time) Company: CliniLaunch Research Institute. Location: Bangalore(In- Office) Position Type: Full time. Compensation: 5LPA-6LPA Job Overview: CliniLaunch Research Institute is seeking a knowledgeable and passionate Part-Time Cybersecurity Trainer to deliver high-quality, virtual training sessions to aspiring cybersecurity professionals. The ideal candidate will have hands-on industry experience and the ability to simplify complex topics while preparing students for globally recognized certifications. Key Responsibilities:  Conduct engaging online training sessions on key cybersecurity topics including: o Ethical Hacking o Network Security o Penetration Testing o Cybersecurity Risk Management o Security Operations  Guide students through hands-on labs and real-world cybersecurity tools (e.g., Kali Linux, Metasploit, Wireshark).  Assist learners with exam preparation and certification readiness (e.g., CEH, CND, ECSA).  Provide regular feedback and assessments to monitor student progress.  Collaborate with the academic team to improve course content and delivery.  Stay current with industry trends, emerging threats, and best practices in cybersecurity. Required Qualifications:  3–5 years of professional experience in the cybersecurity domain.  CEH (Certified Ethical Hacker) certification from EC-Council (mandatory).  Proven experience as a trainer or mentor in cybersecurity.  Strong presentation and communication skills.  Proficiency with cybersecurity tools and hands-on platforms. Preferred Certifications (EC-Council or equivalent):  Certified Network Defender (CND)  Certified Security Analyst (ECSA)  Certified Incident Handler (ECIH)  Certified Disaster Recovery Professional (CDRP)  Certified Chief Information Security Officer (C|CISO) Key Skills & Attributes:  Strong grasp of ethical hacking, network defence, threat intelligence, and security protocols.  Ability to explain technical concepts to non-technical audiences.  Has passion for mentoring, teaching, and preparing students for cybersecurity careers.  Strong organizational and time-management skills for part-time, remote delivery. Mode of Work:  In Office.  Compensation: Based on batches delivered

🚨 We’re Hiring | Penetration Tester 🔐 Join a leading German multinational that’s at the forefront of cybersecurity innovation! We’re on the lookout for a talented and passionate Penetration Tester to help us strengthen our global security posture. 🛡️ Role : Penetration Tester 📍 Location : Pune 🕒 Experience : 5 to 8 Years 📅 Joining : Immediate Joiners only Job Profile for Penetration Tester: Vulnerability Assessment: Identifying & Exploiting Vulnerabilities in Applications (Including Web App), Networks, & Infrastructure. Mobile App Pen Test: Identify Vulnerabilities & Weaknesses in Mobile Applications (Android & iOS Platform) to Protect against Attacks. Simulate Real-World Attacks to find Entry Points & Assess the Security of Mobile Apps, Advising on Security Measures & Remediation Strategies. Penetration Testing: Performing Simulated attacks to Test the Security of Systems & Identify Weaknesses Reporting: Documentation of Findings, including the Identified Vulnerabilities, Level of Risk, & Recommendations for Remediation. Collaboration: Working with Stakeholders to Implement Security Improvements. Staying Up-to-Date: Keeping abreast of the latest Security Threats & Vulnerabilities Validation: Confirming that Security Improvements have been Implemented Effectively Solid understanding of OWASP Top 10, MITRE ATT&CK, and other security frameworks. Proficient in tools such as Burp Suite, Metasploit, Nmap, Nessus, Wireshark, and others. Skills: Web App Pen Test, Network Pen Test, Mobile App Pen Test Solid Understanding of OWASP Top 10, MITRE ATT&CK, & other Security Frameworks. Tool Expertise: Burp Suit Tenable Web App Scanning Nessus Professional/Expert Metasploit, Nmap, Wireshark, & others. Certification: CEH, OSCP #PenetrationTesting #CyberSecurityJobs #EthicalHacking #InfoSec #HiringNow #OSCP #CEH #SecurityAnalyst #CyberSecurityCareers

Vectra® is the leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises. The Vectra AI Platform delivers integrated signal across public cloud, SaaS, identity, and data center networks in a single platform. Powered by patented Attack Signal Intelligence, it empowers security teams to rapidly prioritize, investigate and respond to the most advanced cyber-attacks. With 35 patents in AI-driven threat detection and the most vendor references in MITRE D3FEND, organizations worldwide rely on the Vectra AI to move at the speed and scale of hybrid attackers. For more information, visit www.vectra.ai. Position Overview We are seeking an experienced Threat Detection Engineer to extend Vectra's detection capabilities in partnership with Data Scientists and Security Researchers who are developing our AI-driven Attack Signal. Vectra's Attack Signal Production Group is responsible for building Vectra's core threat detection and prioritization technology, leveraging AI and other methods to alert customers to critical threats in their network and cloud environments. Threat Detection Engineers work closely with Data Scientists who are developing AI models, and Security Researchers who are researching the threat landscape and assisting modeling efforts. Detection Engineers focused on Network attack behaviors complement Vectra's coverage by building Suricata signatures, specifying detection logic in python, and utilizing other available methods. Responsibilities and Accountabilities: Analyze network traffic to identify and document threat patterns. Develop and maintain network-based security signatures in Suricata. Use offensive security tools and techniques to simulate attacks and generate sample network traffic. Collaborate with data scientists and security researchers to support detection efforts and improve detection accuracy. Continuously monitor and assess the effectiveness of network detections, making adjustments as needed. Contribute to threat hunting efforts by identifying new tactics, techniques, and procedures (TTPs) used by attackers. Participate in incident response activities as required. Attitudes and Behaviors: Focus on impact and results; work on the right things and get them done Drive and resourcefulness to persevere and overcome obstacles achieving challenging goals Track record of successfully solving complex and ambiguous problems High integrity and ability to positively collaborate with others Qualifications and Experience 5+ years of cybersecurity experience (preferably focused on threat detection and response) Expertise in writing signatures with Suricata Excellent people, technical and communication skills, and the ability to work collaboratively in a team environment. Advanced knowledge of common operating systems, services, networking protocols, logging, cloud and SaaS environments Knowledge of attacker techniques and tools (e.g., Metasploit, Cobalt Strike), and prior operational experience leveraging threat intelligence to detect and respond to adversaries Familiarity with data utilized by detection technology, for example PCAPs, flow logs, cloud logs, etc. Proficiency with related languages and frameworks, e.g. bash, python, Sigma, YARA-L, Linux/Unix, Wireshark, etc. Scripting, software development, engineering, and/or devops experience; experience with a source control system, preferably Git Optional certifications - OSCP, GCIA, GCDA, GSEC Vectra provides a comprehensive total rewards package that supports the financial, physical, mental and overall health of our employees and their families. Compensation includes competitive base pay, incentive plan eligibility, and participation in the employee equity plan (stock options). Specific benefits offered varies by location, but commonly include health care insurance, income protection / life insurance, access to retirement savings plans, behavioral & emotional wellness services, generous time away from work, and a comprehensive employee recognition program. Vectra is committed to creating a diverse environment and is proud to be an equal opportunity employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

Job Title: Application Security Expert - Red Team / Ethical Hacker Department: Information Security / Cybersecurity Reports To: Group CISO Job Summary: The Application Security Expert - Red Team / Ethical Hacker is a critical role responsible for proactively identifying and exploiting security vulnerabilities in our software applications throughout the entire Software Development Life Cycle (SDLC). Operating as a key member of the in-house Red Team, this role will focus on simulating real-world attacks, conducting advanced penetration testing, and providing actionable intelligence to strengthen our overall security posture. Responsibilities: Red Teaming & Attack Simulation: Plan and execute realistic attack simulations against our web, mobile, and desktop applications to identify weaknesses and bypass security controls. Develop and utilize custom exploits, tools, and techniques to mimic the tactics, techniques, and procedures (TTPs) of advanced threat actors. Conduct social engineering campaigns to assess employee awareness and identify potential vulnerabilities. Advanced Penetration Testing: Perform in-depth penetration tests of applications, networks, and systems, using both automated tools and manual techniques. Identify and exploit complex vulnerabilities, including those related to application logic, authentication, authorization, and data handling. Develop detailed penetration test reports with clear and actionable recommendations for remediation. Secure Code Review (Offensive Perspective): Conduct code reviews from an offensive perspective, identifying potential vulnerabilities that could be exploited by attackers. Provide developers with guidance on secure coding practices and vulnerability remediation techniques. Develop and maintain secure coding guidelines and checklists. Vulnerability Research & Exploit Development: Stay up-to-date on the latest security threats, vulnerabilities, and exploit techniques. Conduct vulnerability research to identify new and emerging threats. Develop custom exploits and tools to test and demonstrate the impact of vulnerabilities. SDLC Integration & Security Advocacy: Collaborate with development teams to integrate security testing and red teaming activities into the SDLC. Participate in design reviews and provide security guidance on application architecture and design. Promote a security-conscious culture within the development organization. Vulnerability Management (Validation & Verification): Validate and verify the effectiveness of vulnerability remediation efforts. Retest remediated vulnerabilities to ensure they have been properly addressed. Security Tooling & Automation (Offensive Tools): Evaluate, recommend, and customize offensive security tools and technologies. Automate red teaming and penetration testing processes to improve efficiency and coverage. Required Skills and Qualifications: Education: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Experience: 8+ years of experience in application security, penetration testing, red teaming, or a related field. Demonstrable experience conducting advanced penetration tests and red team engagements. Strong understanding of web application vulnerabilities (e.g., OWASP Top 10, SANS Top 25). Experience with various penetration testing tools and frameworks (e.g., Metasploit, Burp Suite, Kali Linux). Experience with exploit development and reverse engineering. Technical Skills: Expert proficiency in one or more programming languages (e.g., Python, Java, C, C++). Strong understanding of web application architectures and technologies. Deep understanding of network protocols and security concepts. Familiarity with cloud security principles and practices (e.g., AWS, Azure, GCP). Understanding of authentication and authorization mechanisms. Certifications (Required/Preferred): Offensive Security Certified Professional (OSCP) - Required Certified Ethical Hacker (CEH) - Preferred GIAC Web Application Penetration Tester (GWAPT) - Preferred Offensive Security Certified Expert (OSCE) - Highly Preferred Offensive Security Web Expert (OSWE) - Highly Preferred

Description As an Experienced Penetration Tester, You Will: In this role, you’ll be instrumental in identifying, assessing, and mitigating security vulnerabilities across diverse TPD environments. Your expertise in ethical hacking, adversary simulation, and red teaming will be key in strengthening our organization’s security posture. You’ll work alongside security engineers, developers, and leadership teams to test, refine, and enhance our defenses against sophisticated cyber threats. What You’ll Need: Four or more years of hands-on experience in penetration testing & red teaming, Strong understanding of security vulnerabilities, exploitation techniques, and mitigation strategies. Proficiency in penetration testing tools (e.g., Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, BloodHound) Knowledge on AI Security & LLM security – Identify real time threats Good understating of OWASP Top 10 & SANS Top 25 Identify & address to stakeholders on zero day issues to mitigate on time Experience with cloud security assessments (AWS, Azure, GCP) and container security (Kubernetes, Docker). ○ Strong knowledge of Linux, Windows, and Active Directory security principles. ○ Scripting and coding skills in Python, Bash, or PowerShell. Even Better If You Have: Industry certifications such as OSCP, OSEP, OSWE, GPEN, GXPN, or CISSP. Experience with telecommunications security, network architecture, or wireless security Mobile App Security testing (Static & Dynamic Analysis) Hands-on knowledge of cloud security frameworks, DevSecOps, and CI/CD security. Strong communication skills and ability to present findings to technical and non-technical stakeholders. Support teams to fix the security bugs on time. Requirements As an Experienced Penetration Tester, You Will: In this role, you’ll be instrumental in identifying, assessing, and mitigating security vulnerabilities across diverse TPD environments. Your expertise in ethical hacking, adversary simulation, and red teaming will be key in strengthening our organization’s security posture. You’ll work alongside security engineers, developers, and leadership teams to test, refine, and enhance our defenses against sophisticated cyber threats. What You’ll Need: Four or more years of hands-on experience in penetration testing & red teaming, Strong understanding of security vulnerabilities, exploitation techniques, and mitigation strategies. Proficiency in penetration testing tools (e.g., Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, BloodHound) Knowledge on AI Security & LLM security – Identify real time threats Good understating of OWASP Top 10 & SANS Top 25 Identify & address to stakeholders on zero day issues to mitigate on time Experience with cloud security assessments (AWS, Azure, GCP) and container security (Kubernetes, Docker). Strong knowledge of Linux, Windows, and Active Directory security principles. Scripting and coding skills in Python, Bash, or PowerShell. Even Better If You Have: Industry certifications such as OSCP, OSEP, OSWE, GPEN, GXPN, or CISSP. Experience with telecommunications security, network architecture, or wireless security Mobile App Security testing (Static & Dynamic Analysis) Hands-on knowledge of cloud security frameworks, DevSecOps, and CI/CD security. Strong communication skills and ability to present findings to technical and non-technical stakeholders. Support teams to fix the security bugs on time. Job responsibilities Key Responsibilities: Offensive Security Assessments – Conduct network, application, and cloud penetration tests to uncover security flaws before attackers do. Threat modeling – Assess the architecture & Tech stack implementation discover the potential threats Threat Simulation – Emulate real-world attack scenarios to test defensive controls and incident response capabilities. Exploit Development & Tooling – Create or modify scripts and tools to automate and enhance security testing. Vulnerability Research & Reporting – Identify, analyze, and document security gaps with clear remediation strategies. Collaboration & Knowledge Sharing – Work closely with developers, security teams, and leadership to improve security awareness and best practices. Continuous Learning & Adaptation – Stay updated on the latest attack techniques, exploits, and security trends to refine penetration testing methodologies. What we offer Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally. Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today. Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way! High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do. About GlobalLogic GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services.

About Organization: Larsen & Toubro Ltd, commonly known as L&T, is an Indian multinational conglomerate company, with business interests in engineering, construction, manufacturing, technology, information technology and financial services, headquartered in Mumbai. The company is counted among world's top five construction companies. The L&T Group comprises of 93 subsidiaries, 5 associate companies, 27 joint ventures and 35 jointly held operations, operating across basic and heavy engineering, construction, realty, manufacturing of capital goods, information technology, and financial services. Specialties: Aerospace, Infrastructure, Shipbuilding, Construction, Defense, Finance, Forging, Hydrocarbon, Information Technology & Engineering Services, Construction Equipment, Railways, Boilers, Process Plant, Turbines, Power, Renewable Energy, Manufacturing and Green Hydrogen. Job Role - Application Security (Cyber), Corporate IT Educational Qualifications - B.Tech/B.E Experience - Around 2-4 years in (IT) information technology along with information security Job Location - Mumbai Job Profile Sound knowledge of Info Sec standards such as ISO27001 Understanding of technology security architecture concepts Understanding Application Risk Management Framework Should possess good interfacing skills Should possess good application security knowledge, experience on tools & methodologies related to secure software development (OWASP top20, AppScan, Metasploit, WAF) for web, mobility, API, ERP & cloud apps. Job Responsibilities Keep track of latest tools & technologies being introduced in application security arena Roll out "security by design" structure in software projects (secure SDLC) Work with solution providers to conduct limited proof of concept testing for products through well-defined measurement criteria Implement security tools & technologies as per project plans with vendors & partners Conducting software security awareness trainings for stakeholders in respective areas Good communication skills ( verbal / written ) Should be a self-starter, motivated Competencies Required Security certifications (CISSP, OSCP, CEH) desirable

Role Overview As Senior Mananger/AVP – Offensive security services, you will provide strategic and technical leadership for NopalCyber’s Offensive Security practice. You will lead and evolve core services such as Penetration Testing, Red Teaming, Application Security Assessments, BAS, AI Security and Threat Simulation. This role requires deep technical expertise, engagement leadership, and the ability to influence C-level clients while driving operational excellence across service delivery. You will be accountable for the scaling, maturity, and quality of offensive security services across multiple client environments, and responsible for shaping the offensive security roadmap, delivery methodologies, and team capability development. Key Responsibilities Own and lead the Offensive Security & VAPT function, including service line P&L, strategic delivery roadmap, team management, and client satisfaction. Architect and oversee enterprise-scale VAPT and red team engagements, driving delivery excellence across infrastructure, applications, APIs, mobile, and cloud environments. Engage directly with senior client stakeholders (CISOs, CTOs, Risk Leaders) to translate business risk into actionable technical assessments and recommend mitigation strategies. Define testing frameworks and reusable methodologies to standardize and elevate delivery across projects, including red teaming, threat emulation, and advanced attack simulations. Direct a high-performing offensive security team, including Red Teamers, AppSec specialists, and security testers, ensuring their continuous development and engagement. Lead strategic threat modeling and secure design reviews in collaboration with clients' architecture and engineering teams, integrating security into early lifecycle stages. Govern quality of deliverables, including technical findings, risk summaries, and executive-ready reports, ensuring alignment with business impact and remediation feasibility. Drive operational excellence across testing engagements, ensuring timelines, SLAs, and KPIs (e.g., MTTR, false positive rate, TTP coverage) are consistently met or exceeded. Spearhead R&D initiatives to evaluate emerging threats, tools, and offensive capabilities relevant to client environments and evolving attack surfaces. Collaborate with cross-functional internal teams (MXDR, GRC, Incident Response, Product) to align offensive security outputs with broader risk and advisory services. Represent NopalCyber at industry forums, client executive reviews, and security advisory boards as a trusted expert in offensive cybersecurity. Required Qualifications Bachelor's degree in Engineering, Computer Science, or a related field; a Master’s is preferred. 12–18 years of experience in cybersecurity with at least 5 years in leadership roles across VAPT, Red Team, or Application Security domains. Demonstrated experience managing technical delivery and strategic outcomes for multiple clients or large-scale programs. Preferred Certifications Mandatory: OSCP, CEH Highly Desirable: OSCE, OSWE, GPEN, GWAPT, GCIH, GXPN, CISSP Desired Skills In-depth understanding of modern attack vectors, OWASP Top 10, MITRE ATT&CK, and real-world exploitation techniques. Strong command of tools such as Burp Suite Pro, Cobalt Strike, Metasploit, Nmap, Kali Linux, AppDetective, and WebInspect. Proficiency in cloud security testing across AWS, Azure, or GCP; experience with containerized and microservices-based environments. Hands-on exposure to reviewing or attacking applications built using C++, Java, Python, Go, JavaScript, and working within Kubernetes or CI/CD pipelines. Capability to present complex technical findings in clear, business-relevant language to executive stakeholders. Leadership Attributes Strategic thinker with a track record of scaling cybersecurity programs or service lines. Proven ability to lead, mentor, and retain high-performing technical teams. Exceptional client engagement and communication skills. Ability to influence and collaborate across teams and functions to drive security outcomes. #PenetrationTesting #RedTeamOperations #ApplicationSecurity #OffensiveSecurity #CybersecurityLeadership #CloudSecurity #ThreatModeling #OWASP #StakeholderManagement #OSCP #MITREATTACK

At Arctic Wolf, we are redefining the cybersecurity landscape with our global team of Pack members committed to setting new industry standards. Our achievements speak for themselves, from being recognized in prestigious lists like the Forbes Cloud 100, CNBC Disruptor 50, and winning awards like the CRN Products of the Year. We are proud to be named a Leader in the IDC MarketScape for Worldwide Managed Detection and Response Services and to have earned the Customers" Choice distinction from Gartner Peer Insights. Arctic Wolf is not just leading but also shaping the future of security operations. Our mission is straightforward: End Cyber Risk. We are currently seeking a Security Developer to join us in achieving this goal. About The Role As a Security Developer at Arctic Wolf, you will work as a software developer focusing on enhancing the platforms threat, vulnerability, and configuration risk detection capabilities. Your primary objective will be to contribute to making security better for our clients daily. This role involves collaborating with team members, Product Management, Security Services, and other specialists to enhance the coverage and effectiveness of our Manage solution continuously. Your Responsibilities - Collaborate with team members to enhance coverage, efficiency, and deliver customer-facing and internal services. - Engage in the full software development lifecycle. - Develop well-designed, testable, efficient, and secure code for vulnerability and misconfiguration detection in areas such as Classic Endpoint Vulnerability And Config Management, Cloud Config And Posture Management. - Assist operational teams in resolving unexpected results, receiving feedback, and improving detection efficacy. Skills Requirements - Proficiency in at least one backend programming language like Go, Node.js, or Python. - Strong understanding and practical application of secure development practices. - Security-focused mindset with hands-on experience in operational security or security engineering. - Full understanding and use of DevOps methods and practices. - Familiarity with test-driven development (TDD) and robust testing strategies. - Experience with AWS, Docker, Kubernetes, IaC is an asset. Bonus Considerations For - Experience with 3rd Party Vulnerability Management tools, Cloud-based configuration and Security Posture Management tools, open-source vulnerability and pen-testing platforms. - IT Deployment backgrounds leveraging deployment automation tools like Salt or Ansible. Why Arctic Wolf At Arctic Wolf, we nurture a collaborative and inclusive work environment that values diversity of thought, background, and culture. Our commitment to growth and shaping the future of security operations is complemented by our dedication to customer satisfaction, with a vast customer base and global channel partners. We celebrate unique perspectives through our Pack Unity program and believe in corporate responsibility, giving back to the community. All employees at Arctic Wolf receive competitive compensation and benefits packages, including equity, flexible leave policies, training programs, comprehensive private benefits plan, fertility support, and more. Join us in our mission to End Cyber Risk and contribute to a safer digital world.,

Job Description About KPMG in India KPMG entities in India are professional services firm(s). These Indian member firms are affiliated with KPMG International Limited. KPMG was established in India in August 1993. Our professionals leverage the global network of firms, and are conversant with local laws, regulations, markets and competition. KPMG has offices across India in Ahmedabad, Bengaluru, Chandigarh, Chennai, Gurugram, Jaipur, Hyderabad, Jaipur, Kochi, Kolkata, Mumbai, Noida, Pune, Vadodara and Vijayawada. KPMG entities in India offer services to national and international clients in India across sectors. We strive to provide rapid, performance-based, industry-focused and technology-enabled services, which reflect a shared knowledge of global and local industries and our experience of the Indian business environment. Strong understanding of IT security standards and frameworks (OWASP, NIST, CIS) Strong understanding of security risks in networks and application platforms Strong understanding of network security, infrastructure security and application security Strong understanding of OSI, TCP/IP model and network basics Demonstrate technical penetration testing skills on IT infrastructure, web applications, mobile platforms and Red teaming Strong technical skills: Information security, network security, Windows security, UNIX/Linux security, web and mobile application security, Cloud platforms Broad knowledge of security technologies for applications, databases, networks, servers, and desktops Solid technical skills in both information security architecture and penetration testing and ability to assess testing tools and deploy the right ones. Scripting and programming experience is beneficial Ability to perform manual penetration testing Experience in Application Security Testing (Web, Mobile & ERP [SAP]), or related functions Vulnerability Assessment, Penetration testing Perform penetration testing of various thick client software, web applications, and communications infrastructure to assist in hardening the cybersecurity posture against malicious actors Conduct security research on the latest emerging advanced persistent threats (APTs), malware, and other security developments to assist in enterprise security efforts. Apply this security research into assessments. Perform technical writing to communicate the preparation, testing, and recommendation phases for various security tests. Work with stakeholders to remediate system vulnerabilities. Train team members and colleagues on the latest cybersecurity tactics, techniques, and procedures (TTPs) to grow the skill of the firm Understanding of various security technologies including end point security, perimeter security, advanced threat protection, malware defense and security management Expertise in the phases of penetration testing. Familiarity with Kali Linux distribution and the associated penetration testing tools suite. Experience in penetration testing simulations like Hack the Box or Capture the Flag exercises considered a plus. Good Understanding of OWASP top 10 and mitigation techniques Experience in performing web application security assessments using hands on techniques for identifying SQL injections, XSS, Security Misconfiguration, CSRF, authentication/ authorization issues Database testing: MySQL, Oracle, NoSQL Understanding of cyber security management, cyber analytics, security intelligence platforms and threat intelligence frameworks Writing business proposals and response to client RFP/ RFIs Identifying business opportunities and lead delivery and program management for large cyber security programs Delivery team and client relationship management Experience on both commercial, open source tools and frameworks but not limited: Burpsuite, Metasploit, Core-Impact, Kali-Linux, AppScan, WebInspect, SSLScan, Soap UI Pro, SonarQube, Qualys, Nikto, Nessus, nmap, sqlmap, OWASP ZAP Equal employment opportunity information KPMG India has a policy of providing equal opportunity for all applicants and employees regardless of their color, caste, religion, age, sex/gender, national origin, citizenship, sexual orientation, gender identity or expression, disability or other legally protected status. KPMG India values diversity and we request you to submit the details below to support us in our endeavor for diversity. Providing the below information is voluntary and refusal to submit such information will not be prejudicial to you. Qualifications B.Tech, B.E.

As a Detection and Response Analyst at Rapid7's Managed Detection and Response (MDR) team, you will have the opportunity to leverage Rapid7's advanced tools and threat intelligence to investigate and triage high-priority security events in diverse customer environments. In this role, you will be a vital member of the 24/7/365 Security Operations Center (SOC). Your responsibilities will include conducting thorough investigations on various threats such as account compromises and zero-day exploits across workstations, servers, and cloud platforms. You will document your findings using the MITRE ATT&CK Framework, encompassing forensic, malware, and root-cause analysis. Collaboration and communication are key aspects of this role, as you will closely work with Customer Advisors to provide insights and recommendations, and collaborate with fellow analysts to share threat intelligence and best practices. Additionally, you will contribute to enhancing detection capabilities by providing feedback to the Threat Intelligence and Detection Engineering team. The ideal candidate for this position should possess a strong understanding of Windows, MacOS/Darwin, and Linux operating systems. Knowledge of threat actor tactics such as lateral movement, privilege escalation, and persistence is essential. Practical experience with CTF/HTB challenges and penetration testing tools like Mimikatz and Metasploit is highly valued. Hands-on experience with forensic artifact and malware sample analysis is also desired. A passion for continuous learning, effective collaboration skills, and a customer-centric approach are qualities that we are looking for in potential candidates. Rapid7 is committed to building a secure digital world and offers a dynamic and collaborative work environment. Joining Rapid7 means being part of a team that encourages career growth, pushes the boundaries of cybersecurity, and works towards protecting over 10,000 global customers from evolving threats.,

Overview We’re looking for a skilled and experienced VAPT Engineer (Level 2/3) with 8+ years of hands-on experience in vulnerability assessment and penetration testing across enterprise environments. In this role, you’ll lead advanced security testing efforts, simulate real-world attack scenarios, and guide remediation strategies to strengthen the organization’s security posture. Total Experience 8+ years of hands-on experience Job Skills Bachelor’s or Master’s in Computer Science, Cybersecurity, or a related field Strong understanding of network protocols, OS internals (Linux/Windows), and cloud platforms (AWS, Azure, or GCP) Hands-on scripting skills in Python, Bash, or PowerShell Experience with DevSecOps practices, CI/CD integration, and container security (Docker/Kubernetes) Solid grasp of secure coding principles, reverse engineering, and exploit development Relevant certifications such as OSCP, CEH, GPEN, LPT, or CISSP are highly preferred Responsibilities Lead penetration testing across web, mobile, cloud, and infrastructure (Black-box, Grey-box, White-box) Perform manual and automated vulnerability assessments using tools like Burp Suite, Nessus, Metasploit, Nmap, and custom scripts Conduct threat modeling and risk assessments for business-critical systems Document findings with clear, actionable remediation plans and deliver comprehensive technical reports Collaborate with DevOps, IT, and Security teams to prioritize and resolve vulnerabilities Mentor junior VAPT engineers and review their assessment reports for quality and accuracy Stay current with emerging threats, zero-day vulnerabilities, and modern attack techniques Ensure testing practices align with industry standards including OWASP, NIST, ISO 27001 Participate in security audits, incident response activities, and red team engagements Apply Now