492 Metasploit Jobs - Page 7

Job Title: Security Test Engineer Job Location: Pune (Hybrid) Salary range: As per company standards What will be your responsibility: • Lead and perform advanced application security testing (SAST, DAST, IAST) for web, mobile, and cloud-native applications. • Design security test strategies, perform vulnerability assessments, and report findings with risk prioritization and remediation recommendations. • Collaborate with development, QA, and DevOps teams to integrate security testing into CI/CD workflows. • Conduct threat modelling sessions and define security requirements early in the project lifecycle. • Simulate real-world attacks (ethical hacking, red teaming) and ensure application hardening against OWASP Top 10 and CWE vulnerabilities. • Review code, architecture, and infrastructure for security compliance and weaknesses. • Stay updated on evolving security threats, tools, and best practices. • Mentor junior analysts and contribute to the security knowledge base. What is needed from you: • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related discipline. • 7 to 10 years of experience in security testing, application security, or security engineering. • Proficiency in tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Veracode, Metasploit, Kali Linux. • In-depth understanding of threat modelling, risk assessment methodologies, and secure development practices. • Strong knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding practices. • Experience with scripting languages such as Python, Bash, or PowerShell. • Hands-on experience integrating security into DevOps/DevSecOps pipelines (e.g., GitHub Actions, Jenkins, GitLab CI). • Familiarity with cloud platforms (AWS, Azure, GCP) and their security controls. • Certifications like OSCP, CEH, GWAPT, CISSP, or SANS GIAC are highly desirable. What will you get: Opportunity to work in Product Development and excellent learning opportunities  Healthy work environment, peer to peer collaborative work culture Individual growth and encouraging opportunities with highly motivated team  Work-Life Balance Selection Process 2 technical round,1 Managerial round

GE Healthcare Healthcare Science & Technology Organization Category Digital Technology / IT Early Career Job Id R4016905 Relocation Assistance Yes Location Bengaluru, Karnataka, India, 560066 Job Description Summary As a Product Security Analyst, you will be collaborating with development teams to complete security testing and tool development for our GEHC products. You will be responsible for Performing VAPT for thick and thin clients, webservices, embedded devices and cloud. Conducting Compliance/Benchmark assessments using DISA Stigs/CIS Benchmarks .Review, Test and Suggest best practices for Cryptography, PKI (web and non-web perspective). Conducting Source code review and discuss with development teams in mitigating the issues and eliminating false positives. GE Healthcare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world. Job Description Roles and Responsibilities You are a skilled Analyst who enjoys security work and is an expert in systems security, product / OT security and application security. In this role, you will: Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents. Be responsible for providing technical leadership and defining, developing, and evolving security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure. Work with Cyber Security Leaders and SMEs to understand product requirements Translate security requirements / vision into a prioritized list of user stories, completing work according to required timelines and quality standards Assist security champions in completing Threat Modeling and Architecture Risk Analysis on product features Perform Security Code Reviews, Vulnerability Analysis and research on application code Coach and mentor developers to implement cryptography solutions securely (PKI, Code Signing, Stored Secrets, et cetera) Engage subject matter experts in successful transfer of complex domain knowledge Apply principles of Secure SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project Understand application security methodologies and frameworks Leverage GE Digital's tailored Secure SDL practice into specific engineering engagements Research new application security technologies and implement them to improve application security. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development Promote best practices based on OWASP, SANS Top 25, and the GE Digital SDL. Write fuzz scenarios to see the break network protocol suites such as TCP/IP, IPv6, UDP, TLS, DTLS Ability to automate attack scenarios to avoid repetitive work. Good to have experience in Bluetooth/Wifi or any radio based attacks. Good to have experience in Rest API security testing and recommending best practices while opting for OAuth or OpenId connect Having experience working on IoT platform will be beneficial. Required Skills Professional expertise with Kali Linux, Metasploit, Meterpreter. Hands-on experience in Windows/Linux and network security. Execute Scans using tools such as Nessus, Burp, Fortify/Coverity, Splunk etc. Education Qualification Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with a minimum of 3+ years of experience in systems security, product / OT security and application security. Desired Characteristics Certifications – OSCP, CCSP. Languages – C/C++/Java/Python/Ruby Proven experience in breaking the vulnerable boxes. Adaptable to learn new skills or technologies as per business needs. Detailed working knowledge of two modern programming languages, such as java, python, or ruby Good written and oral communication skills and successful security consulting background. At least 2 years of security consulting involvement with development team(s) that delivered software-based services Experience in developing secure applications A high energy and a result-oriented attitude/approach, with an understanding of release timelines and the need to enable development teams, not slow them down Experience with Security Development Lifecycle processes such as Threat Modeling desired Contribute to and lead discussions and communications within the team and outside, including customers and other business units Excellent knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles Hands-on Experience with developing cloud-deployed applications that utilize oath 2 Hands-on experience with developing RESTful web services Mobile Architecture experience, designing, developing, and integrating solutions. Experience with penetration testing tools, ability to replicate security defects uncovered by groups such as GE's red team Good understanding of security tools and technologies to facilitate secure development Inclusion and Diversity GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity. Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support. #LI-AM11 #Hybrid Additional Information Relocation Assistance Provided: Yes

Opening for Penetration Tester: Amyntor Tech Solutions Pvt Ltd, Thiruvananthapuram Location: Trivandrum Experience: 1 - 2 years Graduation: Bachelor's Degree in a related Cybersecurity/IT/Computer Science field. Full Job Description : We're seeking a passionate information security Pentester to join our team. As a Pentester, you will be responsible for identifying and mitigating security vulnerabilities in our clients' systems. You will work closely with our senior security experts to perform security assessments, develop penetration testing strategies, and contribute to improving client’s security posture. Key Responsibilities: Performs penetration testing and attack simulations on business-critical infrastructure including internal servers, networks and applications to identify and resolve security flaws Utilize penetration testing techniques, including manual and automated methods, on web and mobile (Android & iOS) applications, networks, and systems to simulate real-world cyber-attacks and assess security posture. Executes Red Team exercises and employs Red Teaming tools. Review physical security and perform social engineering tests where appropriate Experiments with various methods attackers could use to exploit information security vulnerabilities Completes threat assessment reports that outline penetration test findings and presents findings to management Collaborate with clients to communicate findings and suggest practical security enhancements. Enhance technical skills & knowledge by Staying up-to-date with emerging threats and vulnerabilities Necessary Skills: At least one, ideally two years of professional experience in Pentesting Knowledge in penetration testing, vulnerability assessment, and ethical hacking. Knowledge in Pentesting of various applications i.e Web, Mobile (Android & iOS), APIs, Cloud (AWS / Azure) etc. Strong knowledge of security assessment tools such as Metasploit, BurpSuite, ZAP, OWASP tools, Kali Linux tools and Fuzzing tools Hands-on experience with manual and automated penetration testing methodologies. Experience in working with Standards such as NIST, OWASP, MITRE CWE etc. Strong understanding of network protocols, operating systems, and web application technologies. Excellent written and verbal communication skills, with the ability to clearly document and communicate findings and recommendations. Preferred Qualification: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field. Relevant certifications such as Certified Ethical Hacker - Practical (CEH - Practical), Certified Red Team Professional (CRTP), Offensive Security Certified Professional (OSCP), or other certifications focusing on application security and exploitation techniques are highly preferred. Experience with cloud security (e.g., AWS, Azure). Understanding of secure coding practices and code review processes. Familiarity with regulatory compliance requirements (e.g., GDPR, HIPAA) A proactive mindset and the ability to work effectively in a team environment. What We Offer: Competitive salary and benefits package. Opportunities for professional growth and development. A collaborative and inclusive work environment. Access to the latest tools and technologies in cybersecurity. Support for continuing education and certification. Interested people can mail us on: hr@amyntortech.com Company Profile: Amyntor Tech Solutions Pvt Ltd steered by young and experienced professionals from different walks of life we offer a plethora of skills. We are headquartered at Thiruvananthapuram, Kerala and got a presence all over India. We are proud to introduce ourselves as sentinel Cybersecurity service provider. We are vehemently endorsed by our customers by giving references from the nook and corner of the world . Job Types: Full-time, Permanent Pay: ₹240,000.00 - ₹300,000.00 per year Benefits: Cell phone reimbursement Commuter assistance Work from home Schedule: Day shift Fixed shift Supplemental Pay: Overtime pay Performance bonus Ability to commute/relocate: Technopark, Thiruvananthapuram, Kerala: Reliably commute or planning to relocate before starting work (Preferred) Education: Bachelor's (Preferred) Experience: total work: 1 year (Required) Penetration testing: 1 year (Required) Work Location: In person

Position – Cybersecurity Trainer We are seeking a skilled Cybersecurity Trainer with 2–3 years of relevant experience to deliver an industry aligned cybersecurity training program. The trainer will be responsible for conducting practical and theoretical sessions, focusing on system security, ethical hacking, network defense, and emerging cybersecurity threats. Key Responsibilities: • Deliver training for the following curriculum modules: • Fundamentals of Cybersecurity • Network Security and Protocols • Ethical Hacking and Penetration Testing • Cyber Laws and Governance • Real-time Labs: Phishing, Ransomware Simulation, Vulnerability Scanning • SOC Operations and Tools (e.g., Wireshark, Splunk, Burp Suite) • Conduct interactive, hands-on sessions using live lab environments, simulators, or online platforms (TryHackMe, Hack The Box, etc.) Qualifications: - Bachelor’s degree in Information Security, Computer Science, or equivalent field - 2–3 years of experience in Cybersecurity training, IT security, or a related domain with Practical knowledge in Networking security protocols, Penetration testing and vulnerability assessment tools, SOC tools like SIEM. • Operating systems (Linux, Windows Server) and virtual machines and Tools like Kali Linux, Metasploit, Nmap, Wireshark, and Burp Suite. Additional Information: • Location: Tirunelveli Interested candidates should submit their resume to nasar@a2000india.com

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Description As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will be engaged in identifying and mitigating security vulnerabilities across IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments. Your work will involve rigorous security assessments of critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms. You will simulate advanced adversary tactics to expose vulnerabilities and provide strategic remediation guidance. The role is suited for professionals with a deep understanding of both enterprise IT security and industrial/embedded system ecosystems. Responsibilities 1-Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT): Perform black-box, grey-box, and white-box VAPT on: Enterprise IT assets (servers, databases, web/mobile apps, Active Directory, cloud) OT/ICS assets (PLCs, RTUs, HMIs, engineering workstations, protocol gateways) IIoT platforms (MQTT/CoAP-based telemetry, edge gateways, cloud dashboards) Emulate APT-level attacks across air-gapped, segmented, or hybrid IT-OT architectures. Execute Red Team scenarios to simulate insider threats or supply chain compromise. 2- ICS Protocol & Field Device Security Testing: Analyze and exploit vulnerabilities in ICS protocols: Modbus TCP, DNP3, IEC 104, OPC-UA, S7comm, Profinet, BACnet, CIP (EtherNet/IP), MQTT, CoAP Perform live traffic analysis, packet manipulation, and protocol fuzzing to test resilience. Evaluate control logic vulnerabilities in ladder logic, structured text, and function blocks. 3- Firmware & Hardware Exploitation (IIoT/ICS Devices): Extract and analyze firmware from industrial devices using JTAG, UART, SPI interfaces. Perform static and dynamic analysis using Ghidra, Binwalk, Radare2, or IDA Pro. Reverse engineer file systems (e.g., squashfs, cramfs) and analyze web interfaces or CLI backdoors. Exploit misconfigured bootloaders, insecure firmware upgrade mechanisms, or exposed debug ports. 4- Network Architecture & Segmentation Testing: Review and test IT-OT segmentation via firewall ACLs, VLANs, DMZ configurations. Assess trust relationships, weak credential policies, and insecure remote access (e.g., exposed VNC, Telnet, RDP). Identify unauthorized bridging of air-gapped networks or misconfigured routing/switching. 5- Cloud & IIoT Platform Security: Evaluate MQTT brokers, edge-to-cloud telemetry, and analytics pipelines. Test REST APIs, insecure mobile app integrations, and cloud misconfigurations (S3, IAM, IoT Core). Identify insecure certificate handling, default API tokens, and lack of encryption at rest/in transit. Reporting & Mitigation Develop technical and executive-level reports with CVSS scoring, attack paths, and exploitation evidence. Recommend hardening measures for both IT (patches, SIEM, EDR) and OT (control policy tuning, physical zoning, least privilege for operators). Coordinate with ICS engineers, IT admins, and SOC teams for patch validation and monitoring upgrades. Compliance & Framework Alignment Ensure assessments comply with industry and regulatory frameworks: NIST SP 800-82, ISA/IEC 62443, ISO 27001, NERC CIP, SANS ICS Top 20 Map findings to MITRE ATT&CK for ICS and monitor emerging CVEs relevant to industrial products. Eligibility Educational Background: Bachelor’s or Master’s in Cybersecurity, Computer Science, Industrial Automation, Electronics, or a related field. Technical Skills: Deep knowledge of ICS/SCADA systems, embedded architectures, and real-time OS (VxWorks, QNX, FreeRTOS). Hands-on experience with tools: VAPT Tools: Nessus, Burp Suite, Metasploit, Nmap, Nikto, SQLMap ICS Tools: Wireshark, Scapy, PLCScan, ICSFuzz, S7comm Tools, Conpot, ModScan Firmware Tools: Binwalk, Ghidra, Radare2, OpenOCD, Logic Analyzers IIoT Security: Shodan, Censys, MQTTX, Postman, OWASP ZAP Certifications (Preferred): OSCP, GRID, GICSP, CRT, CRTP, CEH, CISSP, or equivalent. Participation in ICS/IoT-focused CTFs or open-source contributions is a plus. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.

Opening for Penetration Tester: Amyntor Tech Solutions Pvt Ltd, Thiruvananthapuram Location: Trivandrum Experience: 1 - 2 years Graduation: Bachelor's Degree in a related Cybersecurity/IT/Computer Science field. Full Job Description : We're seeking a passionate information security Pentester to join our team. As a Pentester, you will be responsible for identifying and mitigating security vulnerabilities in our clients' systems. You will work closely with our senior security experts to perform security assessments, develop penetration testing strategies, and contribute to improving client’s security posture. Key Responsibilities: Performs penetration testing and attack simulations on business-critical infrastructure including internal servers, networks and applications to identify and resolve security flaws Utilize penetration testing techniques, including manual and automated methods, on web and mobile (Android & iOS) applications, networks, and systems to simulate real-world cyber-attacks and assess security posture. Executes Red Team exercises and employs Red Teaming tools. Review physical security and perform social engineering tests where appropriate Experiments with various methods attackers could use to exploit information security vulnerabilities Completes threat assessment reports that outline penetration test findings and presents findings to management Collaborate with clients to communicate findings and suggest practical security enhancements. Enhance technical skills & knowledge by Staying up-to-date with emerging threats and vulnerabilities Necessary Skills: At least one, ideally two years of professional experience in Pentesting Knowledge in penetration testing, vulnerability assessment, and ethical hacking. Knowledge in Pentesting of various applications i.e Web, Mobile (Android & iOS), APIs, Cloud (AWS / Azure) etc. Strong knowledge of security assessment tools such as Metasploit, BurpSuite, ZAP, OWASP tools, Kali Linux tools and Fuzzing tools Hands-on experience with manual and automated penetration testing methodologies. Experience in working with Standards such as NIST, OWASP, MITRE CWE etc. Strong understanding of network protocols, operating systems, and web application technologies. Excellent written and verbal communication skills, with the ability to clearly document and communicate findings and recommendations. Preferred Qualification: Bachelor’s degree in computer science, Information Technology, Cybersecurity, or related field. Relevant certifications such as Certified Ethical Hacker - Practical (CEH - Practical), Certified Red Team Professional (CRTP), Offensive Security Certified Professional (OSCP), or other certifications focusing on application security and exploitation techniques are highly preferred. Experience with cloud security (e.g., AWS, Azure). Understanding of secure coding practices and code review processes. Familiarity with regulatory compliance requirements (e.g., GDPR, HIPAA) A proactive mindset and the ability to work effectively in a team environment. What We Offer: Competitive salary and benefits package. Opportunities for professional growth and development. A collaborative and inclusive work environment. Access to the latest tools and technologies in cybersecurity. Support for continuing education and certification. Interested people can mail us on: hr@amyntortech.com Company Profile: Amyntor Tech Solutions Pvt Ltd steered by young and experienced professionals from different walks of life we offer a plethora of skills. We are headquartered at Thiruvananthapuram, Kerala and got a presence all over India. We are proud to introduce ourselves as sentinel Cybersecurity service provider. We are vehemently endorsed by our customers by giving references from the nook and corner of the world . Job Types: Full-time, Permanent Pay: ₹240,000.00 - ₹300,000.00 per year Benefits: Cell phone reimbursement Commuter assistance Work from home Schedule: Day shift Fixed shift Supplemental Pay: Overtime pay Performance bonus Ability to commute/relocate: Technopark, Thiruvananthapuram, Kerala: Reliably commute or planning to relocate before starting work (Preferred) Education: Bachelor's (Preferred) Experience: total work: 1 year (Required) Penetration testing: 1 year (Required) Work Location: In person

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development Stay updated on the latest security trends, vulnerabilities, and technology advancements. Provide training and guidance to the team and other departments on security best practices. Strategy and Planning Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) Internal/external network penetration, privilege escalation, and lateral movement Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing Working knowledge of Kali Linux and frameworks like MITRE ATT&CK Basic understanding of AI/ML security: adversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: Offensive: Burp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver Reconnaissance: Nmap, Amass, Shodan, OSINT frameworks/tools Vulnerability Scanners: Nessus, Qualys, Nexpose Programming/Scripting: Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills Excellent written and verbal communication skills Strong analytical and problem-solving capabilities Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): Highly Desirable: OSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE Other Considered: EWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers

Role Overview We are seeking a skilled and driven Sr. Security Engineer with a strong background in penetration testing (web, mobile, and network) and an understanding of security compliance standards such as SOC 2, ISO 27001, and GDPR. The ideal candidate will have hands-on experience identifying and exploiting vulnerabilities, preparing technical and compliance reports, and guiding clients or internal teams on remediation and governance. Key Responsibilities Conduct penetration testing of web applications, mobile apps (iOS/Android), and internal/external networks. Perform vulnerability assessments and risk evaluations across client environments. Create detailed technical and executive reports with prioritized remediation strategies. Assist in SOC 2 readiness assessments, ISO 27001 implementation, and GDPR compliance checks. Collaborate with cross-functional teams for remedial activities to improve the security posture. Stay updated with the latest exploits, tools, and compliance updates. Required Qualifications 5+ years of experience in cybersecurity with a focus on penetration testing and compliance. Proficiency in tools like Burp Suite, Nmap, Metasploit, Nessus, MobSF, and manual testing techniques. Strong knowledge of OWASP Top 10, secure coding practices, network protocols, and common attack vectors. Understanding of SOC 2, ISO 27001, GDPR, and associated implementation or audit processes. Certifications (Preferred) CEH (Certified Ethical Hacker) ISO/IEC 27001 Lead Auditor / Lead Implementer Other relevant certs: e.g., CompTIA Security+, eWPT, eCPPT, GPEN Nice-to-Have Skills Familiarity with DevSecOps pipelines, source code reviews, or CI/CD security integration. Client-facing consulting experience or report presentation skills. Cyber Security vibe is a must. (ref:hirist.tech)

Job Title : VAPT Specialist Experience : 3+ Years Location : Mumbai / Thane Notice Period : Immediate Joiners Preferred Work Mode : Onsite Key Skills VAPT, CEH Certification, Penetration Testing, Metasploit, Kali Linux, Burp Suite, Web & Mobile App Security, Network Security, Bash/PowerShell, Linux Job Description We are looking for an experienced VAPT Specialist to join our cybersecurity team. The ideal candidate will be responsible for identifying vulnerabilities across web, mobile, and network environments, and helping mitigate security risks through thorough testing, reporting, and collaboration. Roles & Responsibilities Perform Web Application Vulnerability Assessment & Penetration Testing to uncover application-layer security issues. Conduct Mobile App VAPT on both Android and iOS platforms using tools like MObSF, Androbugs, etc. Execute Network Penetration Testing to assess internal and external infrastructure risks. Reverse engineer malware, identify obfuscation techniques, and analyze cryptographic implementations. Use industry-standard tools including Metasploit, Burp Suite, Kali Linux, SQLMap, Nessus, w3af, Skipfish, and others. Work with Linux/UNIX environments, using Bash and PowerShell scripting to automate tasks and streamline testing workflows. Document findings, write detailed security reports, and support internal teams with remediation steps. Continuously stay updated with evolving threats, vulnerabilities, and tools. Requirements 3-4 years of hands-on experience in VAPT across web, mobile, and networks. Proven expertise in Web and Mobile Application Security Testing. Strong experience with Network Security Assessment and Penetration Testing. Familiarity with malware reverse engineering and cryptographic vulnerability analysis. Proficient with a wide range of VAPT tools and frameworks. Solid understanding of Linux environments and scripting (Bash, PowerShell). CEH certification is mandatory (additional certifications like OSCP are a plus). Excellent analytical and problem-solving skills. Strong verbal and written communication to collaborate with technical and non-technical stakeholders. (ref:hirist.tech)

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development Stay updated on the latest security trends, vulnerabilities, and technology advancements. Provide training and guidance to the team and other departments on security best practices. Strategy and Planning Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) Internal/external network penetration, privilege escalation, and lateral movement Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing Working knowledge of Kali Linux and frameworks like MITRE ATT&CK Basic understanding of AI/ML security: adversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: Offensive: Burp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver Reconnaissance: Nmap, Amass, Shodan, OSINT frameworks/tools Vulnerability Scanners: Nessus, Qualys, Nexpose Programming/Scripting: Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills Excellent written and verbal communication skills Strong analytical and problem-solving capabilities Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): Highly Desirable: OSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE Other Considered: EWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers

Job Title: QA Tester Location:Gurugram WFO 6 Days Working Job Description: We are seeking a skilled QA Tester with expertise in Vulnerability Testing to ensure the security, functionality, and reliability of our applications. The ideal candidate will have experience in penetration testing, security testing methodologies, automation, and compliance standards. Key Responsibilities: Develop and execute test cases, scripts, and security test plans for applications and APIs. Perform vulnerability assessments and penetration testing on web, mobile, and cloud-based applications. Identify security loopholes, conduct risk analysis, and provide actionable recommendations. Work closely with development and DevOps teams to ensure secure coding practices. Automate security testing and integrate it into CI/CD pipelines. Test applications for OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, SSRF, etc. Utilize security tools such as Burp Suite, OWASP ZAP, Metasploit, Kali Linux, Nessus, etc. Conduct API security testing and validate authentication & authorization mechanisms. Document security vulnerabilities and collaborate with teams for remediation. Ensure compliance with industry standards like ISO 27001, GDPR, HIPAA, PCI-DSS where applicable. Required Skills & Qualifications: 3+ years of experience in Quality Assurance with a focus on Security & Vulnerability Testing. Strong knowledge of penetration testing tools and security frameworks. Experience with automated security testing in CI/CD (Jenkins, GitHub Actions, GitLab CI, etc.). Proficiency in manual and automated security testing of web and mobile applications. Familiarity with scripting languages like Python, Bash, or JavaScript for automation. Experience working with cloud platforms such as AWS, Azure, or GCP is a plus. Strong understanding of HTTP, APIs, authentication protocols (OAuth, JWT, SAML, etc.). Knowledge of network security, firewalls, and intrusion detection systems (IDS/IPS). Certifications like CEH, OSCP, CISSP, or Security+ are an added advantage. Job Type: Full-time Pay: ₹200,000.00 - ₹500,000.00 per year Application Question(s): are you okay for 6days working Experience: Penetration testing: 3 years (Required) vulnerability testing: 3 years (Required) Scripting: 3 years (Preferred) Work Location: In person Expected Start Date: 15/07/2025

About the Company - Kempegowda International Airport, Bengaluru (KIAB/ BLR Airport), named after founder of the City – Hiriya Kempegowda – has the unique distinction of being the first Greenfield Airport in India, established on a Public-Private Partnership (PPP) model. This heralded a revolution in Indian aviation, as more airports in the Country were privatised, thereafter. Responsibilities - Managed XDR Operations: Oversee threat detection, threat prevention, identity and access management, and incident response activities. Optimize the performance of managed XDR solutions to proactively identify and mitigate risks. Ensure a well-defined incident response plan is in place and regularly tested through simulations. Continuously improve detection and response capabilities based on threat intelligence and industry trends. Regularly review and update playbooks to address emerging threats and advanced attack techniques. Conduct post-incident reviews to identify lessons learned and improve processes. Monitor and evaluate partner performance, addressing any issues related to quality, cost, or delivery. Manage escalations as per contracted frameworks. Ensure unresolved escalations are tabled in governance forums and taken up for resolution. Drive the resolution of such escalations by working with all concerned stakeholders Review and provide feedback on periodic process, SLAs and KPI reports published by various ICT teams Escalate process compliance issues to senior leadership along with suggestion on remediation plan Review all Change Requests and provide insight & recommendations ensuring CRs/amendments are fit for purpose, negotiated and executed by working with all stakeholders. Execution of Security Projects: Lead and manage the successful delivery of cybersecurity projects, ensuring they align with business needs. Define clear project milestones, KPIs, and timelines to track progress effectively. Collaborate with internal and external stakeholders to ensure smooth implementation. Transition completed projects into ongoing operations with defined ownership and support mechanisms. Anticipate potential challenges and implement proactive risk management strategies. Financial Management: Oversee the development, management, and monitoring of the InfoSec budget, ensuring optimal allocation of resources. Accountability of budgeting and periodic financial forecasting for InfoSec – ensuring that the inputs on budgeting and forecasting are as per agreed frequency. Analyze and report on InfoSec financial performance, providing insights and recommendations for cost optimization, return on investment (ROI) and/ or Value Realization. Prepare and track InfoSec PRs and invoice processing and subsequent payments to partners and vendors. Ensure all InfoSec vendor payments are validated and approved by respective InfoSec teams and are aligned to agreed vendor payments terms and conditions. Track vendor payments against approved amount in InfoSec budget. Publish reports on InfoSec Financial Management to ICT leadership for review Security Architecture: Develop and implement a robust security architecture framework that integrates IT and OT systems. Evaluate and recommend security technologies and tools to improve organizational resilience. Ensure scalability, flexibility, and future-readiness of the security architecture. Conduct regular architecture reviews to ensure compliance with evolving standards and business changes. Provide technical leadership on emerging technologies and trends, such as Zero Trust and Secure Access Service Edge (SASE). Act as the primary SPOC for InfoSec in ARB (Architecture Review Board), ensuring terms and conditions are favorable and aligned with BIAL’s strategic information security goals. Regularly review deployments for compliance with organizational policies, regulatory requirements, ARB approvals and industry standards. Use insights gained from project performance to refine future ARBs, driving continuous improvement in partner selection, infosec requirements, service delivery and cost management. Maintain accurate and up-to-date records of all contractual communications, amendments, and performance evaluations. ICS Security: Develop and enforce security policies and controls for Industrial Control Systems (ICS) and Operational Technology (OT). Work closely with BIAL Projects and E&M teams to design secure processes for OT systems/ ICS. Perform regular vulnerability assessments and penetration testing of OT systems. Ensure alignment with BIAL Operational Technology Cybersecurity Policy and other relevant ICS/OT-specific security standards, such as IEC 62443. Establish monitoring mechanisms to detect and respond to threats in real-time within OT environments. Governance, Risk, and Compliance (GRC): Develop, implement, and maintain information security policies and governance frameworks. Conduct periodic risk assessments and audits to identify vulnerabilities and ensure regulatory compliance, both internally and with external partners. Provide regular updates to executive leadership on the organization’s risk profile and mitigation strategies. Manage relationships with regulatory authorities and ensure timely reporting of compliance metrics. Promote a culture of security awareness and responsibility throughout the organization. Ensure the maintenance of the BIAL’s certifications and standards, including ISO 27001:2022. Strategic Leadership: Provide strategic direction and leadership to the InfoSec team, fostering a culture of excellence and continuous improvement. Drive innovation in information security solutions and practices, ensuring the organization remains competitive and forward-looking. Act as a key advisor to senior management on Information Security matters, contributing to strategic decision-making. Qualifications: Bachelor’s degree in computer science, Information Security, or a related field (Master’s degree preferred). Certifications such as CISSP, CISM, CISA, CEH, or equivalent are highly desirable. A minimum of 12 years of experience in information security, with at least 5 years in a leadership role. Required Skills: Comprehensive understanding of cybersecurity frameworks, technologies, and methodologies (e.g., NIST CSF, ISO 27001, MITRE ATT&CK, ITIL v3, PMP, TOGAF, ISO 20k & 27k and COBIT). Expertise in managed XDR operations, incident response, threat intelligence, and identity management. Familiarity with security architecture principles, ICS/OT security frameworks, and industrial protocols. Strong knowledge of GRC principles and regulatory standards applicable to the industry. Proficient in process improvement and development practices. Strong knowledge of SLA & service management, contract negotiation, and operations management. Knowledge with InfoSec tools like: AV/EDR, Data Leakage Prevention, Metasploit, TripWire, Rapid7, Tenable, Snort, Nessus, Burp Suite, Appscan, Nmap, Wireshark, Firewalls, SIEM, SOAR, , SASE, CASB, PIM/PAM, WAF, O365 suite (Intune, Conditional access, Data classification and protection). Preferred Skills: Experience in driving initiatives centered on continuous improvement, innovation, execution excellence, customer centricity and automation. Leadership and strategic planning skills to align cybersecurity with organizational goals. Analytical and problem-solving skills for assessing threats, vulnerabilities, and risks in complex environments. Exceptional communication and stakeholder management skills to influence decision-making and secure buy-in. Technical expertise in deploying advanced security tools and technologies. Proven ability to lead cross-functional teams, drive organizational change, and manage complex projects. Ability to build and maintain relationships with internal teams, partners, and external vendors.

We are looking for highly motivated and technically skilled individuals to join our Cyber Security – VAPT team. This role offers an opportunity to gain hands-on experience in identifying vulnerabilities, performing penetration tests, and implementing security solutions to protect critical systems and data. As part of the Cyber Security team, you will be working on real-time security assessments, analyzing threat vectors, and providing actionable insights to enhance an organization’s security posture. Requirements • Conduct Vulnerability Assessment & Penetration Testing (VAPT) on web applications, mobile apps, servers, cloud infrastructure, and networks. • Identify, exploit, and document security vulnerabilities using both automated and manual tools. • Prepare comprehensive technical reports with clear explanations of findings, risk levels, and mitigation strategies. • Collaborate with development and infrastructure teams to suggest remediation and patch management. • Perform risk assessments and help enforce security compliance as per industry standards (OWASP Top 10, ISO 27001, NIST). • Monitor new cyber threats and assist in creating incident response protocols. • Use tools like Burp Suite, Nessus, Nmap, Metasploit, Wireshark, Kali Linux, etc. • Stay updated with emerging threats, vulnerabilities, and mitigation techniques. • Education: Pass-out or final semester students awaiting results (2023/2024/2025) • Status: Pursuing students (still in college) are not eligible • Should have basic knowledge of networking, firewalls, ethical hacking, and cybersecurity tools • Good understanding of OWASP Top 10, malware analysis, phishing attacks, etc. • Strong analytical thinking and problem-solving skills • Willingness to learn and grow in the cybersecurity domain

Location : Onsite – Dwarka, Delhi Job Type : Full-Time Experience : 1+ years in Cybersecurity Certification Required : EC-Council Certified Ethical Hacker (CEH v11 or higher) About Us We are a cybersecurity-focused organization committed to delivering proactive security services and protecting our clients from evolving digital threats. We work across industries to provide high-impact assessments, advisory, and compliance support. Job Summary We are seeking a passionate and certified Ethical Hacker to join our team in Dwarka (Onsite) . The ideal candidate will have at least 1 year of hands-on cybersecurity experience and a valid CEH certification . You will be responsible for identifying system vulnerabilities, conducting penetration tests, and helping our clients enhance their security posture. Key Responsibilities Perform penetration testing on web, mobile, network, and cloud environments Identify, exploit, and document vulnerabilities in systems and applications Conduct vulnerability assessments using industry-standard tools Simulate cyberattacks and red team exercises as required Assist in incident response and forensic investigations Prepare clear, detailed, and actionable reports Keep up with current security trends, exploits, and threat intelligence Collaborate with internal teams to help fix discovered vulnerabilities Required Skills & Qualifications EC-Council Certified Ethical Hacker (CEH v11 or higher) Minimum 1 year of experience in cybersecurity or ethical hacking roles Familiarity with tools like Burp Suite, Metasploit, Nmap, Nessus, Wireshark, etc. Basic understanding of OWASP Top 10, network protocols, and system hardening Ability to write or understand scripts (e.g., Bash, Python, PowerShell) Strong analytical and problem-solving skills Good communication and documentation skills Preferred (Nice to Have) Exposure to red teaming or bug bounty programs Knowledge of secure coding practices Familiarity with SIEM tools, DevSecOps, or cloud security (AWS/Azure) What We Offer Onsite role with strong mentorship and growth opportunities Exposure to real-world security assessments and client projects A collaborative and skilled cybersecurity team Opportunity to contribute to cutting-edge engagements

Hiring expert Product Security Engineers to be part of a young and leading Enterprise SaaS Product Company that's redefining the Loyalty domain!. At Loyalty Juggernaut, we're on a mission to revolutionize customer loyalty through AI-driven SaaS solutions. We are THE JUGGERNAUTS, driving innovation and impact in the loyalty ecosystem with GRAVTY- , our SaaS Product that empowers multinational enterprises to build deeper customer connections. Designed for scalability and personalization, GRAVTY- delivers cutting-edge loyalty solutions that transform customer engagement across diverse industries including Airlines, Airport, Retail, Hospitality, Banking, F&B, Telecom, Insurance and Ecosystem. Visit www.lji.io to know more about us. As a Product Security Engineer, you'll to ensure the security of GRAVTY- throughout the development lifecycle. In this role, you will work closely with Engineering, DevOps, and Product teams to design and implement security controls, identify vulnerabilities, and drive secure coding practices. Your Responsibilities Will Include And Not Limited To Conduct Vulnerability Assessment and Penetration Testing (VAPT) across web, mobile, API, and infrastructure. Think like an attacker and simulate advanced threat scenarios to proactively identify security gaps. Utilize leading security tools such as Burp Suite, Acunetix, OWASP ZAP, Snyk, Wiz, and others. Leverage offensive security platforms and toolkits like Wireshark, Metasploit, Kali Linux, and more. Perform API and mobile platform security testing, including vulnerability discovery and exploit validation. Execute and document Open-Source Intelligence (OSINT) investigations. Collaborate closely with DevOps/Engineering to integrate security tools into CI/CD pipelines and promote DevSecOps best practices. Contribute to secure coding reviews and vulnerability triage, and assist in patch, compliance, and access control management. Monitor and respond to production security alerts and assist with security incident handling. To be successful in this role, you should have : A Bachelor's degree in Engineering, preferably CS/IT. 3+ years of proven experience in penetration testing and vulnerability management. Minimum of 1-3 years of experience in Red Teaming. Strong coding/scripting proficiency in Python, Java, Ruby, or similar. Familiarity with AWS cloud, Linux systems, Docker containers, and infrastructure security practices. Exposure to DevSecOps, including implementing security tools in CI/CD, and production environment protection. Experience in Secure Development Lifecycles, access controls, and patch & compliance frameworks. Industry-recognized certifications like CEH, eWPT, eWPTX, or equivalent are a plus. Excellent analytical, communication, and collaboration skills. A curious mind, a passion for security, and a knack for staying one step ahead of adversaries. (ref:hirist.tech)

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Summary Position Summary Red Team — Senior Consultant 1 - Solution Delivery Lead Deloitte’s CyberRiskServices helpourclientstobesecure,vigilant,andresilientinthefaceofanever-increasing array of cyber threats and vulnerabilities. Our Cyber Risk practice helps organizations with the management of information and technology risks by delivering end-to-end solutions using proven methodologies and tools in a consistent manner.Ourserviceshelporganizationsto address,in atimelymanner,pervasiveissues,suchasidentity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries with the goal of enabling ongoing, secure, and reliable operations across the enterprise. Deloitte’s Cyber Risk Services have been recognized as a leader by a number of independent analyst firms. Kennedy Consulting Research & Advisory, a leading analyst firm, recently named Deloitte a global leader in cyber security consulting. Source: Kennedy Consulting Research & Advisory; Cyber Security Consulting 2013; Kennedy Consulting Research & Advisory estimates © 2013 Kennedy Information, LLC. Reproduced under license. Workyouwill do Manages Cyber Threat Management projects, guides the team on a day-to-day basis and ensures that assigned tasks and responsibilities are fulfilled in a timely fashion Demonstrates understanding of complex business and information technology management processes (move it additional skills - if they don’t have this at LSA level, it will be difficult to build and sustain them in the firm) Interacts with clients, managers and partners to build and nurture strong relationships (required with managers at a minimum and clients if they are interacting directly or if deployed on client site ) Assists in implementing standard operating procedures Adheres to Service Level Agreements Identified opportunities for service optimization Tailors firm tools and methodologies as per client requirements Evaluates, counsels, mentors and provides feedback on performance of others Manages day-to-day client relationships at appropriate management levels Participates in proposal development efforts to sell quot;add-on quot; work to clients Identifies opportunities to improve engagement economics Lead practice development initiatives The Team Deloitte’s Red Team is a standardized process, to help clients combat today’s growing array of system threats. We help organizations assess their infrastructure, networks and application environments to identify vulnerabilities and controlweaknesses.Wedevelopanddeploythetechnicalandarchitecturalimprovementsnecessarytoreduceattack exposure OurApplicationandVulnerabilityManagementserviceshelporganizationsidentifythetechnicalandarchitectural improvements needed to minimize exposure to attacks. With our customized methodology, we assess the many aspects of risk to support identification of both internal and external facing threats. Required: - Core Skills: Strong written and verbal communication skills with experience writing comprehensive technical reports and delivering engagement debriefs. Ability to analyze complex attack paths and provide both tactical and strategic remediation recommendations to enhance security. Knowledge and experience in project management, managing complex red team engagements from planning to execution. In-depth understanding of threat analysis, enterprise-level defense mechanisms, and mitigation strategies. Hands-on experience in bypassing security mechanisms such as firewalls, EDR, IDS/IPS, and SIEM solutions (e.g., Splunk, QRadar, ArcSight). Understanding of cyber kill chains and how adversaries can execute multi-stage attacks using open-source tools. Experience in reverse engineering binaries or malware to understand functionality and identify weaknesses. Strong knowledge of cloud penetration testing (AWS, Azure, GCP) and how to conduct adversarial simulation against cloud infrastructures. Strong knowledge of operating systems (Windows/Linux) and networking technologies used in red team operations. Advanced knowledge in Red Teaming, Offensive Security, Adversarial Simulation, and Penetration Testing across various network and application environments. Expertise in reconnaissance, exploitation, lateral movement, and persistence techniques used in red team engagements. In-depth understanding of business and information technology processes, with a focus on bridging the gap between offensive operations and business risks. Deep knowledge of commonly used attack protocols such as TCP/IP, DNS, HTTP/S, and their exploitation. Hands-on experience in conducting social engineering and phishing campaigns, as well as advanced attack scenarios (HTML smuggling, payload delivery, etc.). Strong knowledge of the SANS Top 25 and MITRE ATT&CK framework, and how these apply to real-world adversarial techniques. Hands-on experience in architecting, deploying, and managing Red Team/Offensive Security technology solutions (such as Cobalt Strike, Metasploit, Sliver, Nessus, nmap, Qualys, Tenable). Deep understanding of EDR/AV evasion techniques and OpSec considerations during adversarial engagements. Assist clients by conducting sophisticated adversarial simulations, mimicking the tools, tactics, and procedures of real-world threat actors. Plan and execute complex red team engagements, including phishing, social engineering, network exploitation, and covert lateral movement. Analyze, enrich, and prioritize attack vectors, leveraging real-time threat feeds and tools to enhance the adversarial simulation. Develop detailed engagement reports, providing both actionable remediation steps and strategic recommendations to improve the client's defense. Assist in maintaining red team infrastructure, including command and control (C2) systems, attack vectors, and exploit tools. Engage with leadership and stakeholders to review findings and guide them through the recommendations for improving their security posture. Stay ahead of emerging attack trends and evolve red team tactics accordingly, ensuring OpSec compliance at all times. Collaborate with blue team counterparts during purple team engagements to improve detection and response capabilities. Mandatory Certifications - OSCP, OSWP, GPEN, OSCE, CRTO, GXPN, CREST Certified Simulated Attack Specialist Preferred Certifications - OSCE3, OSWE, OSEP, OSED, CREST Certified Simulated Attack Specialist, SABSA, AWS Security Specialist Preferred: B. E / B.Tech / M.S in any engineering discipline; 5-7 years of cyber risk services experience. Proven ability to emulate sophisticated adversary tactics, techniques, and procedures (TTPs) to identify and exploit weaknesses in organizational defenses. Familiarity with red teaming methodologies, offensive security tools, and frameworks such as MITRE ATT&CK. Experience with tools like Cobalt Strike, Metasploit, and Empire for command and control, exploitation, and lateral movement within environments. Proficiency in scripting languages like Python, PowerShell, or Bash for automation and custom tool creation. Knowledge of evasion techniques to bypass antivirus (AV), endpoint detection and response (EDR), and network monitoring tools. Strong understanding of privilege escalation, lateral movement, and persistence mechanisms in both Windows and Linux environments. Hands-on experience conducting phishing campaigns, social engineering attacks, and delivering payloads via HTML smuggling or other covert techniques. Ability to assess and manipulate Active Directory configurations, conduct password spraying, and exploit common misconfigurations. Strong knowledge of reverse engineering tools such as IDA Pro and Ghidra for analyzing malware or binaries. Excellent ability to create detailed post-engagement reports and recommendations for improving detection and response capabilities. Knowledge of operational security (OpSec) best practices to avoid detection during adversarial engagements. Ability to think creatively in developing offensive strategies and adapting to blue team defenses. Strong desire to continuously learn emerging attack vectors and defensive countermeasures. Outstanding communication skills, with the ability to explain offensive security techniques to both technical and non-technical stakeholders. Howyouwill Grow At Deloitte,we have invested a great deal to create arich environment in whichour professionals can grow.We want all ourpeopleto developin their own way,playingto theirown strengthsastheyhonetheirleadershipskills.And,as a part of our efforts, we provide our professionals with a variety of learning and networking opportunities—including exposuretoleaders,sponsors,coaches,andchallengingassignments—tohelpacceleratetheircareersalongtheway. No two people learn in exactly the same way. So, we provide a range of resources, including live classrooms, team-based learning,and eLearning.Deloitte University(DU):The LeadershipCenter in India,our state-of-the-art, world-class learning centerin the Hyderabad office, is an extension of the DU in Westlake, Texas, and represents a tangiblesymbolofourcommitmenttoourpeople’sgrowthanddevelopment. ExploreDU:TheLeadershipCenterin India . Benefits AtDeloitte,weknowthatgreatpeoplemakeagreatorganization.Wevalueourpeopleandofferemployeesabroad range of benefits. Learn more about what working at Deloitte can mean for you. Deloitte’s culture Our positive and supportive culture encourages our people to do their best workeveryday. We celebrate individuals by recognizing their uniqueness and offering them the flexibility to make daily choices that can help them to be healthy,centered,confident,andaware.Weofferwell-beingprogramsandarecontinuouslylookingfornewwaysto maintainaculturethatisinclusive,invitesauthenticity,leveragesourdiversity,andwhereourpeopleexcelandlead healthy, happy lives. Learn more about Life at Deloitte. Corporate citizenship Deloitte is led by a purpose: to make an impact that matters. This purpose defines who we are and extends to relationshipswithourclients,ourpeople,andourcommunities.Webelievethatbusinesshasthepowertoinspireand transform.We focus on education,giving,skill-basedvolunteerism,and leadership to help drive positive social impact in our communities. Learn more about Deloitte’s impact on the world. Our purpose Deloitte’s purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities. Our people and culture Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work. Professional development At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India . Benefits To Help You Thrive At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you. Recruiting tips From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters. Requisition code: 300440

Job requisition ID :: 81576 Date: Jul 3, 2025 Location: Kochi Designation: Consultant Entity: Deloitte Touche Tohmatsu India LLP Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilient—not only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile. As an Consultant /Assistant Manager / Deputy Manager in our Cyber Team, you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Total 2+years of experience in Cyber security VAPT- Web Application Security Pentesting, Mobile Application Testing, Infra Testing, Source Code Review, Cloud Configuration Review Certification - OSCP, CRTP, CEH, EJPT Understanding of basic business and information technology management processes. Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture. Experience of Web Application Security Testing, Infrastructure VAPT, API testing. Experience on Mobile Security Pen-Testing (iOS and Android). Experience in conducting config reviews of Windows, Linux, UNIX, Solaris, Databases, etc. Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. Experience in basic scripting such as: Shell, Python, PERL, etc. Basic knowledge of Technologies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Desired qualifications B.Tech/M.Tech Candidates must possess security certification of CEH, LPT, OSCP. Good to have security certification for GPEN, CREST/ Your role as a Consultant We expect our people to embrace and live our purpose by challenging themselves to identify issues that are most important for our clients, our people, and for society. In addition to living our purpose, Senior Executive across our organization must strive to be: Inspiring - Leading with integrity to build inclusion and motivation Committed to creating purpose - Creating a sense of vision and purpose Agile - Achieving high-quality results through collaboration and Team unity Skilled at building diverse capability - Developing diverse capabilities for the future Persuasive / Influencing - Persuading and influencing stakeholders Collaborating - Partnering to build new solutions Delivering value - Showing commercial acumen Committed to expanding business - Leveraging new business opportunities Analytical Acumen - Leveraging data to recommend impactful approach and solutions through the power of analysis and visualization Effective communication – Must be well abled to have well-structured and well-articulated conversations to achieve win-win possibilities Engagement Management / Delivery Excellence - Effectively managing engagement(s) to ensure timely and proactive execution as well as course correction for the success of engagement(s) Managing change - Responding to changing environment with resilience Managing Quality & Risk - Delivering high quality results and mitigating risks with utmost integrity and precision Strategic Thinking & Problem Solving - Applying strategic mindset to solve business issues and complex problems Tech Savvy - Leveraging ethical technology practices to deliver high impact for clients and for Deloitte Empathetic leadership and inclusivity - creating a safe and thriving environment where everyone's valued for who they are, use empathy to understand others to adapt our behaviours and attitudes to become more inclusive. How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution. In this regard, you may refer to a more detailed advisory given on our website at: https://www2.deloitte.com/in/en/careers/advisory-for-career-aspirants.html?icid=wn_

Position: Cybersecurity Intern Company: INLIGHN TECH Location: Remote (100% Virtual) Duration: 3 months Top Interns Stipend: 15,000 Potential for Full-Time Employment: Based on performance; Certificate of Internship provided About INLIGHN TECH: INLIGHN TECH provides hands-on experience to students and recent graduates. Our unpaid Cybersecurity Internship offers practical exposure to threat analysis, vulnerability assessment, and security operations. Responsibilities: Assist in identifying and mitigating security vulnerabilities. Conduct penetration testing and ethical hacking assessments. Monitor and analyze security incidents and threats. Support in developing security policies and best practices. Qualifications: Enrolled in/recent graduate of Cybersecurity, Computer Science, or a related field. Basic knowledge of cybersecurity concepts, network security, and threat analysis. Familiarity with ethical hacking tools (Metasploit, Burp Suite, Wireshark, etc.) (preferred). Strong analytical and problem-solving skills. Benefits: ✅ Hands-on experience with real cybersecurity projects. ✅ Internship Certificate & Letter of Recommendation. ✅ Build your cybersecurity portfolio and gain industry exposure. 🚀 Apply now and start your journey in Cybersecurity!

Your potential, unleashed. India’s impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realise your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. Your work profile. Work you’ll do as a part of our Cyber team you’ll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations. You’ll: • Works on projects with clearly defined guidelines as team member with responsibility for project delivery • Works under general supervision with few direct instructions • Performs cyber security assessments which includes vulnerability assessment & penetration testing, network security architecture review, secure configuration / code review, etc. • Understands basic business and information technology management processes. • Demonstrates knowledge of firm's methodologies, frameworks and tools • Participate in practice development initiatives The key skills required are as follows: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Role and Responsibilities: • Understanding of basic business and information technology management processes • Good knowledge of TCP/ IP and Networks including Firewall, IDS/IPS, Routers, Switches, and network architecture • Experience in Infrastructure Penetration Testing and Application Security Testing • Experience in Secure Code Review (Code Security Review) • Experience in conducting configuration reviews of Windows, Linux, UNIX, Solaris, Databases, etc. • Experience with Vulnerability Management tools: Kali Linux, Acunetix, AppScan, Nexpose, Qualys Guard, Nessus, Nmap, Metasploit, Fortify etc. • Experience in basic scripting such as: Shell, Python, PERL, etc. • Basic knowledge of Technoilogies such as: IPSEC, SSL, SSH, VPN, Ethernet Token Ring, WAP, SMTP, FTP, Frame Relay, WAN, ATM, FDDI, DSL, ISDN, HP Openview, Sun NetManage, Cisco Works, Radius, Big Brother, F5 Educational Qualification: Bachelor’s/master’s degree Certifications: OSCP How you’ll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the world’s most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyone’s welcome… entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organization and the business area you’re applying to. Check out recruiting tips from Deloitte professionals.

The IS Analyst- VAPT position is an integral member of the GCS IS team and shall contribute recommendations regarding physical and technical information security best practices. The IS Analyst- VAPT position consults with local offices and their administrators to assist in the implementation of administrative and technical procedures for their networks and applications. The position reports to the Information Security Manager in India. Duties/Responsibilities Key member of the GCS IS Ethical Hacking & Data Protection Team Perform and facilitate network and application penetration tests for internal teams, on a variety of technologies. Perform threat models and security consultations with internal teams, to advise on security best practices. Develop remediation recommendations for IT administrators and developers, tailored to their environment and business needs. Deliver high quality and actional reports for a diverse audience of IT administrators and developers. Monitor for vulnerability trends across the enterprise and notify leadership about opportunities for improvement. Recommend security enhancements and purchases consistent with information security strategy and evolving threats for business units supported. Keep up to date on information security threats and countermeasures and advise technical staff. Participate as a member of the GCS Cyber Security Incident Response Team (CSIRT) as needed to consult on compromise vectors or the cyber kill chain. Required Skills & Attributes Experience with BurpSuite and other web attack proxies. Exhibit skills in the Vulnerability Management lifecycle, including vulnerability scanning, penetration testing, red team engagements, remediation and validation. Technical skills proficiency in the following areas: Web application penetration testing Advanced ability to understand application diagrams and consult on security best practices. Advanced understanding of web application vulnerabilities such as XSS, SQLi, iDOR, and others in the OWASP Top 10. Experience with penetration testing tools such as BurpSuite, Fiddler, ZAP, Metasploit, and exploitDB. Strong proficiency in Linux. Understanding of cloud services (Azure, AWS) and their role in creating a secure application environment. Strong English verbal and written communication skills—including the ability to prepare documentation and ability to clearly and effectively communicate Information Security matters to executives, auditors and end users. Strong ability to work in a team effectively and collaborate across multiple time zones. Required Qualifications Bachelor’s degree or equivalent experience, and 05+ years application penetration testing and/or red teaming experience. Preferred Skills & Attributes One (or more) relevant certifications: GPEN[i], GWAPT[ii],OSCP[iii], CPTE[iv], ITVA[v], CISSP[vi], CTF experience (HackTheBox, VulnHub, OverTheWire, etc) Experience with ISO 27001/2 or other information security industry regulatory controls and compliance. Ability to interpret information security data and processes to identify potential compliance issues. Decision-making and problem solving skills including the ability to clearly define and resolve issues. Assertive and proactive in identifying and resolving issues and concerns. Excellent time management skills including the ability to prepare prioritize and complete work plans. Ability to work with geographically diverse offices in a global organization, with a willingness to work offset hours occasionally to accommodate time zones.

Job Description: Introduction: A Career at HARMAN Digital Transformation Solutions (DTS) We’re a global, multi-disciplinary team that’s putting the innovative power of technology to work and transforming tomorrow. At HARMAN DTS, you solve challenges by creating innovative solutions. Combine the physical and digital, making technology a more dynamic force to solve challenges and serve humanity’s needs Work at the convergence of cross channel UX, cloud, insightful data, IoT and mobility Empower companies to create new digital business models, enter new markets, and improve customer experience. About The Role- Senior Penetration Tester with deep expertise in application security . The ideal candidate will be responsible for planning, executing, and documenting comprehensive penetration tests, including advanced manual testing techniques and contribute to strengthening our security posture by recommending practical solution principles and secure coding practices . What You Will Do Conduct comprehensive penetration tests on web/mobile/cloud applications, firmware, and hardware devices. Perform manual security testing beyond automated tools to uncover complex vulnerabilities. Analize systems and architecture to identify security risks and attack surfaces. Use industry-standard tools such as Metasploit, Burp Suite, Nmap, Wireshark, Nessus, and custom scripts for exploitation and reconnaissance. Simulate real-world attack scenarios to evaluate system resilience. Develop and present detailed reports with proof-of-concept (PoC), risk assessments, and remediation guidance. Collaborate with development and DevOps teams to suggest secure coding practices and fix vulnerabilities at the root. Stay up to date with emerging threats, vulnerabilities, and industry trends. What You Need 8–10 years of hands-on experience in penetration testing (application and hardware). Strong knowledge of OWASP Top 10, SANS 25, and common vulnerability patterns. Deep familiarity with exploit frameworks (e.g., Metasploit), reverse engineering, and hardware-level attack techniques (e.g., JTAG, UART, SPI). Experience analyzing and testing embedded systems, IoT devices, and network appliances. Ability to explain vulnerabilities to non-security stakeholders with clarity. Proven experience in crafting custom exploits or payloads. Solid understanding of secure development lifecycle (SDLC) and CI/CD pipeline integration. Certifications like OSCP, OSCE, GPEN, or similar are a strong plus. What Is Nice To Have Knowledge of containerized environments. Familiarity with secure boot, firmware integrity, and hardware encryption modules. Contribution to bug bounty platforms or CVE submissions. What Makes You Eligible Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen. Dedicated performer & team player with the ability to advocate appropriately for product quality. Relentless learner with a dedication to learn new technologies and test methods Self-driven and Innovative to drive continuous improvements in Test process Resourcefulness in triaging problems and coordinating with multiple teams for issue resolution Strong written, verbal communication and inter personal relationship skills You Belong Here HARMAN is committed to making every employee feel welcomed, valued, and empowered. No matter what role you play, we encourage you to share your ideas, voice your distinct perspective, and bring your whole self with you – all within a support-minded culture that celebrates what makes each of us unique. We also recognize that learning is a lifelong pursuit and want you to flourish. We proudly offer added opportunities for training, development, and continuing education, further empowering you to live the career you want. About HARMAN: Where Innovation Unleashes Next-Level Technology Ever since the 1920s, we’ve been amplifying the sense of sound. Today, that legacy endures, with integrated technology platforms that make the world smarter, safer, and more connected. Across automotive, lifestyle, and digital transformation solutions, we create innovative technologies that turn ordinary moments into extraordinary experiences. Our renowned automotive and lifestyle solutions can be found everywhere, from the music we play in our cars and homes to venues that feature today’s most sought-after performers, while our digital transformation solutions serve humanity by addressing the world’s ever-evolving needs and demands. Marketing our award-winning portfolio under 16 iconic brands, such as JBL, Mark Levinson, and Revel, we set ourselves apart by exceeding the highest engineering and design standards for our customers, our partners and each other.

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in performing advanced penetration testing on networks, web & mobile applications, and systems. Having ability to Identify vulnerabilities, exploit weaknesses, and assess the security posture of various assets. Having ability to develop and maintain automated testing tools and scripts. Creating detailed reports outlining findings, risks, and recommended actions. Having Extensive experience in penetration testing, vulnerability assessment, and ethical hacking. Having Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nmap, Nessus, and others. Strong understanding of network protocols, web and mobile applications, and operating systems. Maintaining documentation of testing methodologies, tools, and processes. Knowledge of scripting and programming languages (e.g., Python, Bash). You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 3-4 Years of relevant experience as Penetration Tester. Having Good command over English language (spoken & written) is non-negotiable. Working closely with business partners to understand their needs and translate them into technical requirements. Communicating findings, risks, and remediation strategies to both technical and non-technical stakeholders. Foster strong relationships with business units to ensure security measures align with business goals. Certification Preferred: Entry level certifications like CEH, eJPT, eWPT. Other certifications like eWPTX, OSCP is an advantage. We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers