209 Metasploit Jobs - Page 6

We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

Description and Requirements "At BMC trust is not just a word - it's a way of life!" We are an award-winning, equal opportunity, culturally diverse, fun place to be. Giving back to the community drives us to be better every single day. Our work environment allows you to balance your priorities, because we know you will bring your best every day. We will champion your wins and shout them from the rooftops. Your peers will inspire, drive, support you, and make you laugh out loud! We help our customers free up time and space to become an Autonomo us Digital Enterprise that conquers the opportunities ahead - and are relentless in the pursuit of innovation! BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles And Responsibilities Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Preferred Skills Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks. Our commitment to you! BMC’s culture is built around its people. We have 6000+ brilliant minds working together across the globe. You won’t be known just by your employee number, but for your true authentic self. BMC lets you be YOU! If after reading the above, You’re unsure if you meet the qualifications of this role but are deeply excited about BMC and this team, we still encourage you to apply! We want to attract talents from diverse backgrounds and experience to ensure we face the world together with the best ideas! BMC is committed to equal opportunity employment regardless of race, age, sex, creed, color, religion, citizenship status, sexual orientation, gender, gender expression, gender identity, national origin, disability, marital status, pregnancy, disabled veteran or status as a protected veteran. If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page. < Back to search results BMC Software maintains a strict policy of not requesting any form of payment in exchange for employment opportunities, upholding a fair and ethical hiring process. At BMC we believe in pay transparency and have set the midpoint of the salary band for this role at 1,638,100 INR. Actual salaries depend on a wide range of factors that are considered in making compensation decisions, including but not limited to skill sets; experience and training, licensure, and certifications; and other business and organizational needs. The salary listed is just one component of BMC's employee compensation package. Other rewards may include a variable plan and country specific benefits. We are committed to ensuring that our employees are paid fairly and equitably, and that we are transparent about our compensation practices. ( Returnship@BMC ) Had a break in your career? No worries. This role is eligible for candidates who have taken a break in their career and want to re-enter the workforce. If your expertise matches the above job, visit to https://bmcrecruit.avature.net/returnship know more and how to apply. Show more Show less

The Security Engineer is responsible for designing, implementing, and maintaining security across all products and infrastructure, with a focus on both blockchain/wallet and general application security. This role requires a strategic mindset, strong risk management skills, and the ability to communicate security concepts to both technical and non-technical stakeholders. The ideal candidate is proactive, detail-oriented, and committed to fostering a culture of security throughout the organization. Responsibilities Develop and enforce security policies, standards and best practices. Lead security architecture reviews and risk assessments. Collaborate with engineering, product, and operations teams to ensure secure design and implementation. Oversee incident response, forensics, and post-incident analysis. Conduct security awareness training and promote a security-first culture. Stay current with emerging threats, vulnerabilities, and security technologies. Ensure compliance with relevant regulations and industry standards. Coordinate with external auditors, partners, and vendors on security matters. Qualifications and Experience Bachelors degree in Computer Science, Information Security, or related field (or equivalent experience). Relevant security certifications (CISSP, CISM, CEH, OSCP, etc.). 5+ years of experience in security engineering or related roles. Demonstrated experience with both blockchain and traditional application/infrastructure security. Experience leading security initiatives and incident response. Deep understanding of security frameworks, standards, and regulations (NIST, ISO 27001, GDPR, etc.). Awareness of current threat landscape and security technologies. Familiarity with blockchain security and smart contract vulnerabilities.

Job Title: Ethical Hacker (Cyber security Specialist) Location: Delhi Job Type: Full time Experience Level: Senior-Level Industry: Information Technology / Cyber security Department: IT / Security About the Role: We are seeking a highly skilled and ethical cyber security professional to join our team as an Ethical Hacker . This role is critical in protecting our organization’s digital infrastructure by identifying vulnerabilities, simulating cyber-attacks, and ensuring we stay one step ahead of malicious threats. If you’re passionate about cyber security, proactive defense, and enjoy solving complex challenges, we want to hear from you. Key Responsibilities: Perform penetration testing on network, web applications, and other systems. Identify, document, and report security vulnerabilities with detailed analysis. Simulate attacks to test the resilience of infrastructure and applications. Collaborate with the IT and development teams to implement security improvements. Stay updated on the latest cyber threats, trends, and technologies. Conduct vulnerability assessments and provide actionable remediation guidance. Maintain confidentiality, integrity, and ethical standards in all assessments. Required Qualifications: Proven experience as an Ethical Hacker, Penetration Tester, or similar role. Strong understanding of network protocols, firewalls, IDS/IPS systems, and operating systems. Familiarity with tools like Metasploit, Burp Suite, Nmap, Nessus, Wire shark, etc. Knowledge of OWASP Top 10 and secure coding practices. Certifications such as CEH (Certified Ethical Hacker), OSCP, or similar are highly desirable. Bachelor’s degree in Computer Science, Information Security, or a related field (preferred). Preferred Skills: Scripting and programming knowledge (Python, Bash, PowerShell, etc.). Cloud security experience (AWS, Azure, Google Cloud). Incident response and forensic analysis skills. Ability to communicate technical information to non-technical stakeholders. Job Types: Full-time, Permanent Pay: Up to ₹50,000.00 per month Schedule: Day shift Morning shift Night shift Rotational shift Work Location: In person

Looking for a skilled & experienced freelance VA&PT Specialists to perform our VA&PT tasks. Candidate should have minimum 4 years of experience in VAPT roles and should capable to perform VA&PT Tasks independently, and can able to generate VAPT &, CAP reports. Independent VAPT consultants, or a small team of fascinating VAPT experts can apply as a single team. Key Responsibilities • Conduct Vulnerability Assessments using tools like Nessus, Qualys, OpenVAS • Perform Penetration Testing on web applications, networks, APIs, and mobile platforms • Simulate real-world attacks to uncover security gaps and provide actionable recommendations • Prepare detailed technical reports and executive summaries of findings • Collaborate with development, infrastructure, and security teams to address vulnerabilities • Stay updated on emerging threats, vulnerabilities, and attack techniques • Support compliance audits and security assessments (e.g., ISO 27001, PCI-DSS) Skill Set & Requirements • Minimum 4 years of hands-on experience in Red Teaming and VA&PT activities • Ability to independently handle on-call tasks, conduct VA&PT, and deliver comprehensive reports • Deep understanding of network protocols, web technologies, and operating systems • Proficient with tools like Burp Suite, Metasploit, Nmap, Wireshark, Nikto, etc. • Strong knowledge of OWASP Top 10, MITRE ATT&CK, and CVE databases How to Apply Send your CV to careers@isstechnologies.in with Job Code: CVPT4-0625 in the subject line. Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Senior Associate Job Description & Summary We are seeking a highly skilled Sailpoint Developer .If candidate has experience of 2-3 years, he/she must be Sailpoint Certified, above 3 years experience sailpoint certification is not mandatory but good to have. *Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary : We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Responsibilities: Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure . Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements , maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall , web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory skill sets: Bachelor’s degree ( minimum requirement). 2 -8 years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite , Mimikatz , Cobalt Strike, PowerSploit , Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NY-DFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred skill sets: Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.) . Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years of experience required : 2 - 12 + years Education qualification: B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills SoCs Optional Skills Accepting Feedback, Accepting Feedback, Access Control Models, Access Control System, Access Management, Active Listening, Analytical Thinking, Authorization Compliance, Authorization Management Systems, Azure Active Directory, Cloud Identity and Access Management (IAM), Communication, Creativity, CyberArk Management, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Federated Identity Management, ForgeRock Identity Platform, Identity and Access Management (IAM), Identity-Based Encryption, Identity Federation, Identity Governance Framework (IGF) {+ 22 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Senior Associate Job Description & Summary We are seeking a highly skilled Sailpoint Developer .If candidate has experience of 2-3 years, he/she must be Sailpoint Certified, above 3 years experience sailpoint certification is not mandatory but good to have. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary: We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Responsibilities Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure. Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements, maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall, web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory Skill Sets Bachelor’s degree (minimum requirement). 2-8 years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NY-DFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred Skill Sets Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.). Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years Of Experience Required 2-12 + years Education Qualification B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills SoCs Optional Skills Accepting Feedback, Accepting Feedback, Access Control Models, Access Control System, Access Management, Active Listening, Analytical Thinking, Authorization Compliance, Authorization Management Systems, Azure Active Directory, Cloud Identity and Access Management (IAM), Communication, Creativity, CyberArk Management, Cybersecurity, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Federated Identity Management, ForgeRock Identity Platform, Identity and Access Management (IAM), Identity-Based Encryption, Identity Federation, Identity Governance Framework (IGF) {+ 22 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

ISA is a premier technology solution provider for the Aviation industry. We are backed by Air Arabia and headquartered in Sharjah, UAE, while the Research and Development center is located in Colombo, Sri Lanka and Pune, India. We are a 100% owned subsidiary of Air Arabia Location: Pune https://isa.ae/ Address : Smartworks Building, Nexa Soft, Core Ops,5th Floor, 43EQ, Survey No 44, PLOT A, H. No. 8/1 (P, opp. Opp. Ravindranath Tagore School of Excellence, Balewadi, Pune, Maharashtra 411045 Job Title: Security Engineer (Penetration Tester) Job Type: Full-time Reports To: Security Architect Job Overview: We are seeking a highly skilled Security Engineer to design, implement, and manage the security architecture of our organization. The ideal candidate will be responsible for firewall and endpoint security, WAF implementation, VAPT, fraud investigation, dark web monitoring, brand monitoring, email security, and compliance enforcement . The role requires expertise in securing IT infrastructure, conducting risk assessments, ensuring compliance, and implementing Microsoft security layers to strengthen the organization's security posture. Key Responsibilities: 1. Firewall, Endpoint & WAF Security Design, configure, and manage firewalls (Palo Alto, Fortinet, Cisco ASA, Check Point). Deploy and maintain Web Application Firewalls (WAF) for web security (Cloudflare, Imperva, AWS WAF). Implement Endpoint Detection & Response (EDR) solutions like Microsoft Defender for Endpoint, CrowdStrike, SentinelOne . Conduct regular firewall rule audits, optimize configurations, and enforce Zero Trust principles . 2. Microsoft Security Layer Implementation a. Microsoft Email Security Configure and manage Microsoft Defender for Office 365 to protect against phishing, malware, and email threats. Implement Safe Links, Safe Attachments, and Anti-Phishing policies . Monitor and respond to email security alerts in Microsoft Security Portal . Conduct email security threat hunting using Defender for O365 and advanced hunting queries. b. Microsoft Endpoint Security Deploy and manage Microsoft Defender for Endpoint (MDE) to protect corporate devices. Enforce attack surface reduction (ASR) rules for endpoint protection. Configure endpoint compliance policies using Microsoft Intune . Implement DLP (Data Loss Prevention) policies to prevent data exfiltration. c. Compliance & Risk Management Implement and monitor Microsoft Purview Compliance Manager for risk assessment. Enforce Information Protection & Encryption Policies using Microsoft Purview. Configure and manage Conditional Access Policies in Microsoft Entra ID . Ensure compliance with security frameworks like ISO 27001, NIST, CIS, and GDPR . 3. Dark Web Monitoring & Brand Protection Monitor dark web forums, marketplaces, and underground networks for stolen credentials, data leaks, and insider threats. Implement dark web intelligence tools such as Recorded Future, Digital Shadows, or Microsoft Defender Threat Intelligence. Work with threat intelligence platforms to detect and respond to brand impersonation, phishing sites, and fraudulent domains . Collaborate with legal and compliance teams to enforce takedowns of malicious content. 4. Fraudulent Incident Investigation & Threat Hunting Investigate fraud incidents, phishing attempts, and business email compromise (BEC) . Conduct forensic analysis on compromised endpoints, servers, and email accounts. Develop and implement threat intelligence and threat hunting processes. Work closely with SOC teams for incident response and mitigation . 5. VAPT & IT Security Operations Perform Vulnerability Assessments & Penetration Testing (VAPT) on infrastructure, applications, and cloud environments. Implement and manage intrusion detection/prevention systems (IDS/IPS) . Monitor, analyze, and mitigate vulnerabilities from external and internal security scans . Work with teams to remediate vulnerabilities and harden IT assets. 6. IT Security & Compliance Management Develop and enforce security policies, standards, and procedures . Implement Zero Trust Architecture and IAM policies . Conduct security awareness training and phishing simulations. Ensure compliance with ISO 27001, NIST, CIS, PCI-DSS, GDPR, and other industry standards . Required Qualifications & Skills: Technical Skills: ✅ Firewall & Network Security: Palo Alto, Fortinet, Cisco ASA, Check Point ✅ Microsoft Security Stack: Defender for Endpoint, Defender for Office 365, Intune, Purview Compliance ✅ Endpoint Security & EDR: Microsoft Defender, CrowdStrike, SentinelOne ✅ WAF & Web Security: Imperva, AWS WAF, Akamai, Cloudflare ✅ VAPT & Red Teaming: Burp Suite, Nessus, Metasploit, Kali Linux, OWASP ZAP ✅ SIEM & Threat Intelligence: Microsoft Sentinel, Splunk, QRadar, ELK Stack, MITRE ATT&CK ✅ Cloud Security: Azure Security Center, AWS Security Hub, GCP Security Command Center ✅ IAM & Zero Trust: Okta, Microsoft Entra ID, Conditional Access Policies, PAM ✅ Dark Web & Brand Monitoring: Recorded Future, Digital Shadows, Microsoft Defender Threat Intelligence Soft Skills: Strong analytical and problem-solving skills. Excellent communication and stakeholder management abilities. Ability to work independently and in cross-functional teams. Proactive security mindset with attention to detail. Certifications (Preferred, but not mandatory): ✔️ CISSP – Certified Information Systems Security Professional ✔️ CEH – Certified Ethical Hacker ✔️ OSCP – Offensive Security Certified Professional ✔️ CISM/CISA – Certified Information Security Manager/Auditor ✔️ Microsoft Certified: Cybersecurity Architect (SC-100) ✔️ Microsoft Certified: Security Operations Analyst (SC-200) ✔️ Microsoft Certified: Information Protection Administrator (SC-400) Experience Required: 🔹 5+ years of experience in IT Security, Cybersecurity, and Threat Intelligence . 🔹 Hands-on expertise in firewall management, endpoint security, WAF, email security, and compliance . 🔹 Strong experience in fraud investigation, dark web monitoring, and brand protection . 🔹 Proven ability to secure cloud, hybrid, and on-premise environments . . Please send resumes to careers@isa.ae Show more Show less

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing. A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity. Roles and Responsibilities: Conduct thorough vulnerability assessments of applications and systems using various tools and techniques. Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities. Provide expert guidance on application security best practices. Research and develop new penetration testing methodologies, tools, and techniques. Qualifications & Skills: 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset. Penetration testing experience is essential; prior participation in bug bounty programs is a plus. Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark). Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities. Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more. Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact. Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings. Ability to think creatively and analytically to identify and exploit vulnerabilities. Strong problem-solving skills when encountering unexpected challenges during testing. Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders. Meticulous attention to detail in documenting findings and creating reports. Effective time management skills to meet project deadlines and testing schedules. High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality. Preferred Skills: Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS). Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.

Position: Security Test Manager Location: Yerwada Pune Experience: 7-10 yrs Work Mode : Hybrid What will be your responsibility: • Lead and perform advanced application security testing (SAST, DAST, IAST) for web, mobile, and cloud-native applications. • Design security test strategies, perform vulnerability assessments, and report findings with risk prioritization and remediation recommendations. • Collaborate with development, QA, and DevOps teams to integrate security testing into CI/CD workflows. • Conduct threat modelling sessions and define security requirements early in the project lifecycle. • Simulate real-world attacks (ethical hacking, red teaming) and ensure application hardening against OWASP Top 10 and CWE vulnerabilities. • Review code, architecture, and infrastructure for security compliance and weaknesses. • Stay updated on evolving security threats, tools, and best practices. • Mentor junior analysts and contribute to the security knowledge base. What is needed from you: • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related discipline. • 7 to 10 years of experience in security testing, application security, or security engineering. • Proficiency in tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Veracode, Metasploit, Kali Linux. • In-depth understanding of threat modelling, risk assessment methodologies, and secure development practices. • Strong knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding practices. • Experience with scripting languages such as Python, Bash, or PowerShell. • Hands-on experience integrating security into DevOps/DevSecOps pipelines (e.g., GitHub Actions, Jenkins, GitLab CI). • Familiarity with cloud platforms (AWS, Azure, GCP) and their security controls. • Certifications like OSCP, CEH, GWAPT, CISSP, or SANS GIAC are highly desirable. What will you get: • Opportunity to work in Product Development and excellent learning opportunities • Healthy work environment, peer to peer collaborative work culture • Individual growth and encouraging opportunities with highly motivated team • Work-Life Balance and utmost effort and environment where you enjoy your work Show more Show less

Job Description: We are seeking a highly experienced VP to lead and enhance our cybersecurity audit and assurance programs. The ideal candidate will have extensive experience in conducting and managing penetration testing, red teaming, social engineering assessments, secure code reviews, and full-scale IT and cybersecurity assessments. This leadership role involves overseeing security audits, and strengthening our client’s overall security posture. #Immediate Joiner. Key Responsibilities: Lead cybersecurity audits and assurance programs across IT systems, applications, and infrastructure for our clients. Oversee penetration testing, red teaming, and social engineering assessments, ensuring effective security testing strategies. Manage secure code reviews and application security assessments to identify and remediate vulnerabilities. Collaborate with SOC teams, vulnerability management teams, and security engineers to enhance threat detection and mitigation. Lead security audit and certification efforts, including ISO 27001, SOC 2 attestations, GDPR etc. Ensure compliance with international security frameworks and data protection regulations (ISO 27001, SOC 2, GDPR, CCPA, NIST, HIPAA, etc.). Evaluate third-party security risks and conduct supplier security assessments. Provide executive-level reports on security assurance findings, risks, and mitigation strategies. Ensure compliance with global security standards and frameworks. Mentor and develop a team of cybersecurity auditors, penetration testers, and security analysts. Qualifications and Skills: 18-20 years of experience in cybersecurity audits, security assessments, and assurance programs. Deep expertise in penetration testing, red teaming, social engineering tactics, and secure coding. Strong knowledge of security frameworks such as OWASP, SANS, CIS, NIST 800-53, ISO 27001, SOC 2, and PCI DSS, HIPAA, GDPR. Experience with security testing tools (Burp Suite, Metasploit, Kali Linux, etc.). Ability to engage with executive leadership and present security risks effectively. Certifications preferred: CISSP, CISA, OSCP, CEH, CRTP, or equivalent. Show more Show less

Job Summary : We are seeking a highly skilled and curious Security Researcher to join our cybersecurity team. As a Security Researcher, you will investigate vulnerabilities, analyze malware, and uncover emerging threats to protect our infrastructure and products. This role is ideal for someone passionate about offensive and defensive security, reverse engineering, and continuous learning. Key Responsibilities : Research and discover new vulnerabilities in software, systems, and protocols (zero-day and known CVEs) Analyze malware samples, APT techniques, and exploit kits to understand their behavior and implications Monitor threat intelligence sources to identify trends, TTPs (tactics, techniques, and procedures), and threat actors Develop and refine detection signatures, proof-of-concepts (PoCs), and mitigation strategies Contribute to open-source tools, whitepapers, or technical blogs on cybersecurity topics Participate in bug bounty programs and responsible disclosure initiatives Stay up to date with the latest security technologies, exploits, and research trends Cloud security best practices and CIS benchmark Required Skills & Qualifications: Solid understanding of operating system internals (Windows, Linux, macOS) 5+ years in cybersecurity or related field . Strong knowledge of network protocols, encryption standards, and web/app security Experience with scripting/programming languages (e.g., Python, C/C++, Go, Bash) Familiarity with vulnerability research, fuzzing, and exploit development Comfortable with tools such as Wireshark, Burp Suite, Metasploit, and custom scripts Understanding of MITRE ATT&CK, threat modeling, and IOC analysis Experience with static and dynamic analysis of malware Experience with AWS, Azure, GCP Preferred Qualifications: Contributions to security research communities (e.g., CVEs, open-source tools, DEF CON/Black Hat presentations) Familiarity with cloud security (AWS, Azure, GCP) Exploitation Kubernetes cluster security best practices Experience with binary exploitation, ROP chains, and sandbox evasion techniques Offensive Security certifications (e.g., OSCP, OSCE, OSEP) or GIAC (e.g., GREM, GXPN) Education: Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field or equivalent practical experience Show more Show less

Job Description Develop comprehensive test plans for network equipment, adhering to ITSAR standards. Design and implement methodologies, tools, and frameworks to assess the security of IP Routers, Wi-Fi CPE devices, 5G components and other ITSAR as well . Conduct in-depth security assessments and penetration tests on IP Routers and Wi-Fi CPE devices to identify potential threats and vulnerabilities. Analyze vulnerabilities, misconfigurations, and weaknesses, providing detailed reports on findings. Identify, analyze, and document vulnerabilities in IP Routers and Wi-Fi CPE devices, ensuring compliance with ITSAR security requirements. Collaborate with network architects, engineers, and developers to design and implement secure configurations for network equipment. Develop and propose effective remediation strategies to address identified security issues, improving the overall security posture of network equipment. Provide actionable recommendations to stakeholders and management to enhance network security. Execute vulnerability assessments, penetration tests, and security reviews to identify weaknesses and potential security threats. Validate security configurations, system hardening practices, and patch management processes to ensure they meet NCCS ITSAR standards. Evaluate third-party software and hardware products for compliance with NCCS ITSAR requirements before deployment. Create and maintain comprehensive documentation, including security policies, procedures, audit reports, and technical assessments. Provide regular status updates, risk assessments, and recommendations to senior management on the organization's security posture. Support internal and external audits, ensuring accurate documentation and evidence of compliance with NCCS ITSAR. Stay informed about emerging threats, vulnerabilities, and best practices related to IP Routers, Wi-Fi CPE devices, and related technologies. Participate in incident response activities and investigations related to security breaches or incidents involving network equipment. Act as a subject matter expert on NCCS ITSAR, offering guidance and training to security team members and other departments. Collaborate with software developers, IT operations, and business units to ensure secure design, deployment, and operation of systems. Mentor junior engineers and security analysts, fostering a culture of continuous learning, collaboration, and improvement. Contribute to the development and refinement of security policies, standards, and procedures, with a focus on 5G network security and emerging technologies. Qualifications B. Tech/B.E in ECE/Computer Science/Telecommunication Related field or MCA or MSc (Computer Science or M.Sc. IT) or M.Sc. in Cybersecurity or equivalent. 3+ years of security engineering experience, focusing on system and network security. Proven experience with NCCS ITSAR or similar security assurance frameworks (e.g., Common Criteria, ISO/IEC 27001, Pentesting). Strong understanding of network protocols, encryption technologies, and cybersecurity tools. Proficiency in risk assessment, threat modeling, and vulnerability management. Experience with security testing tools (e.g., Nmap, Nessus, Metasploit, Burp Suite, Nessus and other kali OS tools). Relevant certifications preferred: CEH, CCNA, OSCP, CCNP and eJPT Excellent problem-solving skills, with the ability to work independently and lead teams for the technical aspect in a fast-paced environment. Strong communication and interpersonal skills, with the ability to convey complex technical information to non-technical stakeholders. About Us A global leader in applied safety science, UL Solutions (NYSE: ULS) transforms safety, security and sustainability challenges into opportunities for customers in more than 110 countries. UL Solutions delivers testing, inspection and certification services, together with software products and advisory offerings, that support our customers’ product innovation and business growth. The UL Mark serves as a recognized symbol of trust in our customers’ products and reflects an unwavering commitment to advancing our safety mission. We help our customers innovate, launch new products and services, navigate global markets and complex supply chains, and grow sustainably and responsibly into the future. Our science is your advantage. Show more Show less

Ethical Hacking Intern Company: INLIGHN TECH Location: Remote (100% Virtual) Duration: 3 Months Stipend for Top Interns: ₹15,000 Certificate Provided | LOR | Potential Full-Time Offer Based on Performance About the Company: INLIGHN TECH is dedicated to preparing the next generation of cybersecurity professionals by offering hands-on, project-based internships. Our Ethical Hacking Internship provides a comprehensive opportunity to explore system vulnerabilities, learn penetration testing techniques, and gain practical skills essential for the cybersecurity field. Role Overview: As an Ethical Hacking Intern, you'll work closely with our cybersecurity experts to identify and analyze security flaws in systems and applications. This role provides exposure to real-world security challenges and helps you build foundational skills in ethical hacking and penetration testing. Key Responsibilities: Perform vulnerability assessments and penetration tests on simulated environments Analyze system security using tools like Nmap, Burp Suite, Wireshark, Metasploit, etc. Document findings and recommend mitigation strategies Assist in developing scripts or tools for automation of testing processes Stay updated with the latest cybersecurity threats and trends Create reports highlighting attack vectors and potential security improvements Qualifications: Pursuing or recently completed a degree in Cybersecurity, Computer Science, Information Technology, or related field Basic knowledge of ethical hacking techniques, OWASP Top 10, and Linux commands Familiarity with tools such as Kali Linux, Nmap, Wireshark, and Metasploit Strong curiosity and passion for cybersecurity Good analytical, problem-solving, and documentation skills Internship Benefits: Hands-on training in ethical hacking tools and techniques Certificate of Internship upon successful completion Letter of Recommendation for high-performing interns Opportunity to contribute to real-world security simulations and projects Top interns eligible for stipend and full-time job offers Show more Show less

Position: VAPT Specialist Experience: 2+ Years Location: Mumbai/ Thane Notice Period: Immediate Joiners Primary Skills: VAPT, CEH Certification, Metasploit, Penetration Testing, Linux Key Responsibilities: Perform Web Application Vulnerability Assessments and Penetration Testing to identify and exploit vulnerabilities in web applications. Conduct Mobile Application Vulnerability Assessments and Penetration Testing on Android and iOS platforms, identifying weaknesses and suggesting appropriate fixes. Lead Network Penetration Testing to evaluate the security posture of internal and external networks. Reverse engineer malware, analyze data obfuscation techniques, and work with cryptographic ciphers to detect and mitigate threats. Utilize industry-leading penetration testing tools such as Metasploit, BurpSuite, w3af, Kali Linux, SQLMap, Skipfish, MObSF, Androbugs, Nessus, and others to automate and perform testing. Leverage Linux/UNIX environments, including proficiency in Bash and PowerShell scripting, to perform testing and automate tasks. Document findings, provide detailed reports, and assist in remediation by working closely with internal teams. Stay up-to-date with emerging threats, vulnerabilities, and penetration testing methodologies. Qualifications & Requirements: 2-4 years of hands-on experience in performing web application, mobile application, and network penetration testing. Strong expertise in Web Application Vulnerability Assessment & Penetration Testing. Hands-on experience with Mobile Application Vulnerability Assessment & Penetration Testing (Android and iOS). Proficient in Network Penetration Testing and Security Assessment techniques. Experience with reverse engineering malware, analyzing obfuscated data, and cryptographic analysis. Strong command of penetration testing tools such as Metasploit, BurpSuite, w3af, Kali Linux, SQLMap, Skipfish, MObSF, Androbugs, Nessus, and others. CEH (Certified Ethical Hacker) certification is mandatory. Knowledge of Linux/UNIX operating systems and Bash or PowerShell scripting. Excellent problem-solving skills and the ability to think creatively in assessing security weaknesses. Strong communication skills for writing technical reports and working with cross-functional teams. Show more Show less

Description Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Requirements Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Job responsibilities Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. What we offer Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally. Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today. Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way! High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do. About GlobalLogic GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services. Show more Show less

Description Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Requirements Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Job responsibilities Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. What we offer Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally. Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today. Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way! High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do. About GlobalLogic GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services. Show more Show less

Description Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Requirements Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Job responsibilities Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. What we offer Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally. Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today. Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way! High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do. About GlobalLogic GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services. Show more Show less

Description Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Requirements Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. Job responsibilities Perform security penetration testing and vulnerability assessment for web and Micro services applications. Able to identify pre-requisites of the test environment , plan, and prioritizes the vulnerabilities based on application architecture and functionality Able to identify the combination of different vulnerability while execution of test scenarios/test cases Good knowledge of automation to be used for security testing. Strong understanding of cloud security practices in environments like AWS, Azure, or GCP. Proven experience in identifying and exploiting business logic and framework related vulnerabilities Vast experience in removing false positives, analyzing dynamic scan web inspect, ZAP reports Knowledge of Secure SDLC and Security standards like OWASP, CWE Provide expert advice and recommendation to the application development team Extensive experience in addressing WEB and API application security issues Strong knowledge of Application Security throughout the SDLC Penetration testing skills including the use of security assessment and hacker tools; e.g. ZAP, ZAP Docker, Qualys ssllabs , SSLYZE, Metasploit etc. Strong knowledge in OWASP TOP 10 vulnerability standards Strong experience in cloud technologies especially in Azure Familiarity with DevSecOps principles and practices, including CI/CD pipeline integration and container security. What we offer Culture of caring. At GlobalLogic, we prioritize a culture of caring. Across every region and department, at every level, we consistently put people first. From day one, you’ll experience an inclusive culture of acceptance and belonging, where you’ll have the chance to build meaningful connections with collaborative teammates, supportive managers, and compassionate leaders. Learning and development. We are committed to your continuous learning and development. You’ll learn and grow daily in an environment with many opportunities to try new things, sharpen your skills, and advance your career at GlobalLogic. With our Career Navigator tool as just one example, GlobalLogic offers a rich array of programs, training curricula, and hands-on opportunities to grow personally and professionally. Interesting & meaningful work. GlobalLogic is known for engineering impact for and with clients around the world. As part of our team, you’ll have the chance to work on projects that matter. Each is a unique opportunity to engage your curiosity and creative problem-solving skills as you help clients reimagine what’s possible and bring new solutions to market. In the process, you’ll have the privilege of working on some of the most cutting-edge and impactful solutions shaping the world today. Balance and flexibility. We believe in the importance of balance and flexibility. With many functional career areas, roles, and work arrangements, you can explore ways of achieving the perfect balance between your work and life. Your life extends beyond the office, and we always do our best to help you integrate and balance the best of work and life, having fun along the way! High-trust organization. We are a high-trust organization where integrity is key. By joining GlobalLogic, you’re placing your trust in a safe, reliable, and ethical global company. Integrity and trust are a cornerstone of our value proposition to our employees and clients. You will find truthfulness, candor, and integrity in everything we do. About GlobalLogic GlobalLogic, a Hitachi Group Company, is a trusted digital engineering partner to the world’s largest and most forward-thinking companies. Since 2000, we’ve been at the forefront of the digital revolution – helping create some of the most innovative and widely used digital products and experiences. Today we continue to collaborate with clients in transforming businesses and redefining industries through intelligent products, platforms, and services. Show more Show less

Job Title: Senior SOC Analyst (SIEM, Threat Hunting & Incident Response) Department: Cybersecurity & IT Risk Management Reports To: CISO / Director – Cybersecurity & GRC Location: Manesar, Haryana (On-site at Client Location) Employer: VVNT SEQUOR, Noida Summary: VVNT SEQUOR is hiring a Senior SOC Analyst to strengthen the cybersecurity posture of a leading client in Manesar, Haryana. This is a full-time on-site role requiring deep hands-on expertise in threat detection, incident response, SIEM management, and vulnerability assessments. As a senior member of the Security Operations Center (SOC), you will lead advanced threat-hunting efforts, optimize detection logic, and ensure rapid response to cybersecurity events. Your key responsibilities will include: Leading 24x7 SOC operations , threat monitoring, triage, and escalations using tools like ArcSight, Splunk, and ELK . Creating and fine-tuning correlation rules , dashboards, and playbooks to enhance detection capabilities. Executing proactive threat hunting using MITRE ATT&CK , EDR telemetry, threat intel feeds, and custom threat models. Coordinating and leading incident response , performing forensic investigations using CHFI methodologies , memory analysis, and endpoint data. Performing and overseeing Vulnerability Assessment & Penetration Testing (VAPT) using Nessus, Qualys, OpenVAS, Metasploit , and Burp Suite . Managing EDR and SOAR platforms , integrating automated responses and threat intelligence feeds. Administering and securing firewalls (FortiGate, Palo Alto), WAFs, IDS/IPS, and Anti-DDoS infrastructure. Maintaining compliance with ISO 27001, NIST CSF, and internal security baselines , conducting regular audits and patch validations. Documenting Root Cause Analyses (RCA) , incident timelines, and post-incident review reports. Leading security awareness programs (e.g., KnowBe4) and mentoring junior analysts. We are looking for someone with: Bachelor's degree in Cybersecurity, Information Security, or related field. 7–9 years of SOC and cybersecurity operations experience. Strong knowledge of SIEMs (e.g., ArcSight, Splunk), EDRs (CrowdStrike, SentinelOne) , and log correlation techniques . Proven skills in threat analysis, IOC handling, malware analysis , and incident lifecycle management . Working experience with security automation (SOAR) and scripting (e.g., Python, PowerShell) for response actions. Solid understanding of MITRE ATT&CK, NIST 800-61, OWASP Top 10 , and compliance mandates . Proven experience in writing technical incident reports, security playbooks, and conducting RCA. Bonus points for: Certifications like CEH, CHFI, Security+, GCIA, GCFA, Splunk Certified Analyst, PCNSE . Experience with Tripwire SCM, KnowBe4 , or cloud-native security tools (AWS GuardDuty, Azure Sentinel). Exposure to OT/ICS security , manufacturing, or automotive environments. Familiarity with Purple Teaming, Red Team/Blue Team drills , and Threat Intelligence Platforms (TIPs) . Why join VVNT SEQUOR? Lead and influence real-time SOC strategies for a mission-critical enterprise. Gain hands-on experience with top-tier cybersecurity technologies and threat landscapes. Subsidized Cab and Lunch facilities at client site. Work in a client-focused, innovation-driven cybersecurity environment. To Apply: Please submit your resume along with the cover letter to chaitali@vvntsequor.in or parveen.arora@vvntsequor.in Also, you can connect over WhatsApp +91-9891810196 or +91-8802801739 IMPORTANT: Do mention clearly to Job Role that you are applying for along with your Last Salary Drawn information as well as your Earliest Joining Date in your covering letter or email. Show more Show less

Job Title: Vulnerability Assessment and Penetration Testing Internship for Technical services - (Performance based conversion to full-time Role) Job Location: Mumbai (On-site) Duration: 6 Months Note: Looking only for Immediate joiners (5 Days) Qualifications: BE/B. Tech with specialization in cyber security, MCA, M. Tech / Master’s in Information security, or Forensics Analysis Knowledge. Mandatory Certifications: CEH-EC-council / EJPT / PNPT / EWPT / CRTP Role and Responsibility: • Conduct Network/ System Vulnerability Assessments, Penetration Testing using tools to evaluate attack vectors, identify system vulnerabilities, and provide appropriate remediation plans for mitigation of the identified vulnerabilities. • Conduct Application vulnerability assessments, Penetration Testing for web applications, identify and report vulnerabilities, provide recommendations, and track closure of identified vulnerabilities. • Perform Configuration compliance assessments for Endpoints / Assets /network devices and help maintain the security settings at compliant level with Specific Security Standards. • Perform regular monitoring of patch compliance of the assets in the network, Analyze Patch Advisories and provide remediation steps for the stakeholders. • Performing comprehensive review and threat adversary modeling for web applications. • Conduct Vulnerability Assessments, Penetration Testing, Device Hardening, Application Security Assessments, Log Review, Review of Documents, Network Monitoring and Reporting • Conduct and compile findings on new vulnerabilities, new tools for departmental use. • Create project deliverables / reports and assist the client with remediations and discussions. • Abide by the project timelines and maintain project discipline. Technical Skills Required: • Hands-on Experience in performing Network Security Assessment and vulnerability Assessment. • Good understanding of OSI layers and fundamental Operating system concepts, security settings for various flavors of Windows and Linux platforms. • Sound knowledge about Application vulnerability assessments and relevant knowledge of OWASP top 10 vulnerabilities and SANS. • Hands on knowledge on Tools: Nmap, Kali Linux, Metasploit, Armitage, Maltego, Burp Suite, Paros Proxy Nessus, nexpose, Wireshark, sqlmap etc. • Manual Penetration Testing skills and techniques are required besides automated tools and frameworks. • Familiar working with Publicly available exploits codes. • Sound knowledge about infrastructure vulnerability scans, identifying security vulnerabilities, weaknesses, threats, and assessing related risks that exists within an IT Infrastructure or business processes. • Good understanding of firewalls, Switches, and Router’s configuration settings and policies, relevant experience in performing rule base reviews and configuration reviews for network devices. Show more Show less

Job Title : Ethical Hacking Trainer (Full-Time/Part-Time) Location : Greater Kailash 2, South Delhi Company : DizitalAdda – A Leading Digital & Professional Education Institute About Us : DizitalAdda is a premier digital marketing and professional skills training institute located in the heart of South Delhi. With an established presence in digital education, we are now expanding into the Cyber Security and Ethical Hacking domain. We are currently seeking a skilled and passionate Ethical Hacking Trainer to join our team and deliver hands-on, industry-relevant training to aspiring cybersecurity professionals. Roles & Responsibilities : Deliver engaging, practical, and real-world-based training in Ethical Hacking. Teach topics like: Vulnerability Assessment Penetration Testing Network & Web Application Security Social Engineering Wi-Fi Hacking Cryptography Tools like Kali Linux, Wireshark, Nmap, SQLMap, Metasploit, etc. Create training content, assignments, and live labs for learners. Prepare students for certifications like CEH, OSCP, or CompTIA Security+. Maintain course quality and student satisfaction. Conduct doubt sessions and assessments regularly. Required Skills : Strong knowledge of Ethical Hacking, Cybersecurity, and Penetration Testing. Hands-on experience with real-world attack & defense scenarios. Good communication and presentation skills. Familiarity with Linux OS, Networking basics, and scripting (Python preferred). Previous training experience (offline/online) preferred. Qualifications : Bachelor's in Computer Science/IT/Cyber Security or equivalent. Certifications like CEH / OSCP / Security+ (preferred but not mandatory). 1–3 years of experience in cybersecurity training or real-world cybersecurity projects. Employment Type : Full-Time / Part-Time / Weekend Batch Trainer (Flexible Options Available) Salary : ₹20,000 – ₹50,000 per month (Based on experience & expertise) Why Join Us ? Prime Location: South Delhi (Greater Kailash 2) Modern classrooms & lab setup Freedom to design practical sessions Exposure to corporate clients and real projects Growth opportunities in a fast-growing education brand How to Apply: Send your resume and any certification proof to: 📩 hr@dizitaladda.com 📞 +91-9555393551 🌐 www.dizitaladda.com Show more Show less

Job Description Principal Security Software Engineer Are you interested in building large-scale distributed software for the cloud? Oracle’s Service Cloud team is building Software-as-a-Service technologies that operate at high scale in a broadly distributed multi-tenant cloud environment. Our customers run their businesses on our cloud, and our mission is to provide them with best in class compute, storage, networking, database, security, and an ever expanding set of foundational cloud-based services. We’re looking for hands-on engineers with expertise and passion in identifying and resolving difficult security problems in distributed systems, virtualized infrastructure, and highly available services. If this is you, at Oracle you can design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, still at an early stage, and working on ambitious new initiatives. An engineer at any level can have significant technical and business impact. As a Principal Security Software Engineer you will review the software design and development for all components of Oracle’s Service Cloud team. Develops and execute programs and processes to reduce information security risk and strengthen Oracle’s security posture. You should value simplicity and scale, work comfortably in a collaborative, agile environment, and be excited to learn. Things you'll do: Penetration testing Hardening of network, software and firmware Security tool development (e.g. scanning tools) Security metrics definition and delivery Consult across different software development teams Attack vector modeling Champion secure coding practices Minimum Qualifications: Bachelor’s or Master’s degree in Computer Science or related field 7+ years of experience in software engineering or related field Experience working in a large cloud or Internet software company preferred Strong application/product/software security background Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff Excellent organizational, verbal and written communication skills Ability to succeed through collaboration and working through internal and external organizations and individuals Prior DevOps or continuous delivery and deployment experience preferred Strong security testing experience with Fortify, Burp, Zap or Webinspect. Thorough understanding of latest security principles, techniques, and protocols. Security certifications is a plus. Skills Required: Application architecture and design reviews; Penetration Testing and Vulnerability assessments; Web Services and API security assessments; Product Security Assessments and Threat Modeling; Dynamic Vulnerability Scanning using automated application scanners; Execute Secure Code Audits using manual and automated methods to review product codes; Secure SDLC Processes including DevOps and Agile; Knowledge of languages, including Java, .Net, PHP, C++, and XML; Security Testing tools, including Nmap, Nessus, Web Inspect, BurpSuite, ZAP Scanner, Fortify Secure code scanner, SOAP UI, Kali Linux, and Metasploit; Operating Systems including Windows and Linux; Cryptographic algorithms, hashing algorithms, encryption; and Network and web related protocols, including TCP/IP, TLS/SSL, HTTP, and FTP. Detailed Description And Job Requirements As a member of the software security team, you will assist in defining and developing software for tasks associated with the security testing of software applications. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs. Develop, implement, and enforce Oracle’s security policies. Develop, implement, and manage Oracle’s compliance with operational security procedures. Develop Security Review threat model and operationalization standards for cloud services to be built and deployed into Oracle’s Service cloud. Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law. Career Level - IC4 Responsibilities Supports the strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas. Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs. Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance. Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required. Incident Management and response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents. Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required. Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In Security role, may manage the creation, review and approval of corporate information security policies. Mentors and trains other team members. Compiles information and reports for management. About Us As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s challenges. We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity. We know that true innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing an inclusive workforce that promotes opportunities for all. Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs. We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling +1 888 404 2494 in the United States. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law. Show more Show less

Requisition Id : 1599689 As a global leader in assurance, tax, transaction and advisory services, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities and creative freedom. At EY, we don't just focus on who you are now, but who you can become. We believe that it’s your career and ‘It’s yours to build’ which means potential here is limitless and we'll provide you with motivating and fulfilling experiences throughout your career to help you on the path to becoming your best professional self. The opportunity : Associate Consultant-National-Forensics-ASU - Forensics - Discovery - Mumbai Your key responsibilities Technical Excellence Assist in conducting security assessments, penetration tests, and red team exercises for clients across various industries. Support the execution of security testing methodologies and frameworks. Participate in source code reviews to identify vulnerabilities and recommend remediation strategies. Collaborate with the team to analyse security findings and prepare detailed reports for clients. Experience with security tools such as Metasploit, Burp Suite, or OWASP etc Skills and attributes To qualify for the role you must have Qualification Strong analytical and problem-solving skills, with attention to detail. Stay updated on the latest security threats, vulnerabilities, and industry best practices. Familiarity with industry certifications such as OSCP (Offensive Security Certified Professional), eJPT (eLearnSecurity Junior Penetration Tester), or equivalent is a plus. Experience 2-3 years of experience in cyber security, with a focus on offensive security, security testing, or related areas. What we look for People with the ability to work in a collaborative manner to provide services across multiple client departments while following the commercial and legal requirements. You will need a practical approach to solving issues and complex problems with the ability to deliver insightful and practical solutions. We look for people who are agile, curious, mindful and able to sustain postivie energy, while being adaptable and creative in their approach. What we offer With more than 200,000 clients, 300,000 people globally and 33,000 people in India, EY has become the strongest brand and the most attractive employer in our field, with market-leading growth over compete. Our people work side-by-side with market-leading entrepreneurs, game- changers, disruptors and visionaries. As an organisation, we are investing more time, technology and money, than ever before in skills and learning for our people. At EY, you will have a personalized Career Journey and also the chance to tap into the resources of our career frameworks to better know about your roles, skills and opportunities. EY is equally committed to being an inclusive employer and we strive to achieve the right balance for our people - enabling us to deliver excellent client service whilst allowing our people to build their career as well as focus on their wellbeing. If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible. Join us in building a better working world. Apply now. Show more Show less

Position Senior Security Engineer - IOT Experience Job Description: 6–10 years of relevant experience in system security, embedded systems, and vulnerability assessments. Key Skills Firmware Analysis Tools: Expertise in using firmware analysis tools such as Ghidra, Binwalk, and Radare2 for static and dynamic analysis of firmware images. Embedded Linux Platforms: In-depth knowledge of embedded Linux, Yocto, and OpenWRT platforms for secure firmware and OS testing. Secure Boot & Firmware Update Mechanisms: Proficiency in testing secure boot processes and firmware update mechanisms, ensuring integrity and authenticity. OS Hardening & Security Configurations: Strong understanding of OS hardening techniques and security configurations to mitigate threats and enhance system integrity. Vulnerability Assessment & CVE Analysis: Extensive experience with vulnerability assessment frameworks and CVE analysis, identifying and addressing security vulnerabilities in embedded systems. Debugging & Emulation Tools: Proficient in using debugging tools and emulators such as QEMU to analyze embedded system behavior. SBOM & Secure Update Protocols: Familiarity with SBOM (Software Bill of Materials), patch management, and secure update protocols to ensure safe software deployments. Firmware Reverse Engineering: Expertise in performing reverse engineering of firmware images to detect vulnerabilities and potential exploits. Penetration Testing Frameworks: Experience using penetration testing frameworks like Metasploit, Kali Linux, and custom tools for system vulnerability testing. Custom Test Case Development: Ability to develop and execute custom test cases to simulate real-world attack scenarios and identify potential risks in embedded systems. Leadership & Mentoring: Strong leadership skills with a proven track record of mentoring junior engineers and guiding teams in advanced security testing methodologies. Technical Writing & Reporting: Excellent technical writing skills, including the ability to produce clear, concise, and detailed reports on security findings and risk assessments. Proactive Security Risk Mitigation: Proactive in identifying and mitigating security risks within embedded systems, ensuring the implementation of security best practices. Responsibilities Leadership in Security Testing: Lead system-level Vulnerability Assessment and Penetration Testing (VAPT) for firmware, operating systems, and embedded software, ensuring thorough security evaluations. Test Plan Development & Execution: Develop and implement comprehensive test plans for secure update and patch validation, ensuring security fixes are applied correctly and without introducing new risks. Firmware Static & Dynamic Analysis: Conduct detailed static and dynamic analysis of firmware images using tools like Ghidra, Binwalk, and Radare2 to identify potential vulnerabilities. Secure Boot & Root of Trust Validation: Validate secure boot implementations and hardware root of trust to ensure system integrity and protection from malicious code injection. OS Hardening & Access Control Testing: Test OS hardening configurations and secure access control mechanisms to strengthen system defenses against unauthorized access and exploitation. Vulnerability Identification & Classification: Identify and classify vulnerabilities and misconfigurations in embedded systems, following industry standards such as CVSS for risk assessment and remediation prioritization. Collaboration with Compliance & Engineering: Work closely with compliance and engineering teams to prioritize remediation efforts, ensuring that vulnerabilities are addressed effectively. Custom Attack Simulations: Develop and execute custom test cases to simulate real-world attack scenarios and evaluate the system's resilience against cyber threats. Rollback & Patch Management Testing: Oversee testing of rollback and patch management procedures, ensuring that system updates do not compromise security or functionality. Mentoring & Knowledge Sharing: Mentor junior engineers in security testing methodologies, sharing knowledge on advanced techniques and tools for improving system security testing processes. CVE Monitoring & Testing Updates: Monitor relevant CVE feeds, integrating new vulnerabilities and security patches into testing procedures to ensure up-to-date protection. Reporting & Risk Assessments: Provide detailed technical reports and risk assessments to stakeholders, outlining identified vulnerabilities, potential impact, and recommended mitigations. Regulatory Compliance: Ensure that all testing activities align with industry standards, including RED 18031 compliance, and adhere to relevant regulatory frameworks. Secure Lab Environment Maintenance: Maintain a secure lab environment for all system testing activities, ensuring that testing procedures are conducted in a controlled and isolated setting. Qualifications & Certifications Education: Bachelor's or Master’s degree in Cybersecurity, Embedded Systems, Computer Engineering, or a related field. Certifications (Preferred): OSCP (Offensive Security Certified Professional) OSCE (Offensive Security Certified Expert) GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) Equivalent certifications in ethical hacking, penetration testing, or embedded system security are also highly valued. Industry Standards Familiarity: Familiarity with security frameworks such as ISO/IEC 62443, RED 18031, and IoT security frameworks. Why Join Us? Opportunity to work with cutting-edge automation technologies in a collaborative and innovative environment. Competitive salary and benefits package. Career growth opportunities in a fast-paced and dynamic industry. A strong focus on work-life balance and employee well-being. Location: IN-GJ-Ahmedabad, India-Ognaj (eInfochips) Time Type Full time Job Category Engineering Services Show more Show less