209 Metasploit Jobs - Page 8

Employment Type: [Full Time] Job Summary: We are seeking a skilled VAPT Engineer to identify, assess, and mitigate security vulnerabilities in our applications, networks, and IT infrastructure. The ideal candidate will be proficient in conducting manual and automated testing to uncover weaknesses, providing actionable recommendations for remediation, and ensuring the security of our systems against emerging threats. Key Responsibilities: Perform vulnerability assessments and penetration tests on networks, web applications, APIs, mobile applications, and cloud environments. Container Security on Cloud and On Prem Containers Use both automated tools (e.g., Nessus, Burp Suite, Metasploit, Qualys, Acunetix) and manual techniques to identify security vulnerabilities and exploit them in a controlled manner. Develop detailed technical reports on findings, including the severity of vulnerabilities and actionable mitigation strategies. Collaborate with development and IT teams to remediate identified vulnerabilities and enhance security configurations. Conduct post remediation testing to ensure vulnerabilities have been addressed effectively. Stay updated on emerging vulnerabilities, threats, and attack vectors to continuously refine testing methodologies. Coordinating with relevant stake holders/ Application owners for timely closure of vulnerabilities. Ensure compliance with applicable security standards and frameworks (e.g., OWASP Top 10, SANS 25, ISO 27001, PCI DSS). Contribute to the creation and enhancement of security policies and best practices. Required Qualifications: Bachelors degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience). 2 5 years of hands on experience in Vulnerability Assessment and Penetration Testing. Strong knowledge of OWASP Top 10, SANS 25, and common security vulnerabilities and exploits. Proficiency in using penetration testing tools such as Nessus, Burp Suite, Metasploit, Qualys, Acunetix, and others. Familiarity with manual testing techniques, scripting, and basic programming skills (Python, Bash, or PowerShell). Solid understanding of network protocols, operating systems, and security concepts. Strong analytical and problem solving skills, with the ability to explain technical findings to non technical stakeholders. Preferred Certifications: Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) GIAC Penetration Tester (GPEN) CompTIA PenTest+

What youll be doing... Verizon Cyber Security Team is looking for a Penetration Tester to join our Application Pen Test team. Youll be joining a group of talented, creative thinkers who "act like the enemy" to focus on ensuring that infrastructure and applications (web, mobile, and API) are secure by performing penetration testing from both inside and outside of Verizon. . This team isnt a "copy and paste from a scan tool" reporting team, or a cookie cutter just scanning with tools team, or a team that just monitors and supports security scanning tools used by developers. This team is an enterprise-recognized and supported group of skilled, experienced and certified ethical hacking Verizon employees who are trusted to direct themselves with a lot of unknowns. The successful candidate will possess an effective aptitude in thinking like an adversary, security of Web applications, Infrastructure, APIs and Mobile Applications, mentoring and leading junior pen testers and effectively translating highly technical information to internal customers in a way that supports Cyber Security Team and broader Verizon goals. The ability to lead and perform full scope penetration testing on complex web applications, Infrastructure, APIs and Mobile applications. Configuring and safely utilizing attacker tools, tactics, and procedures for Verizon environments. Developing comprehensive and accurate reports and presentations for both technical and executive audiences. The ability to make collaborative decisions on the impact of an exposure to Verizon. Acting as a SME and guide, advising on security vulnerability impact, ratings and remediation recommendations across the organization as needed. Helping define the Pen Test strategy and standards to further enhance the companys security posture. Effectively communicating findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel. Working closely with stakeholders and developers providing risk-appropriate and pragmatic recommendations to correct found vulnerabilities. Developing scripts, tools, or methodologies to enhance Verizons pen testing processes and effectiveness. Driving technical oversight and mentoring junior pen testers on pen test engagements, vulnerability impact and ratings and remediation recommendations. Providing leadership and guidance to advance the offensive capabilities of the team and its subsequent ability to defend the Verizon Enterprise. What were looking for... Youll need to have: Bachelor's degree and four or more years of work experience. Four or more years of relevant work experience. Relevant pen testing or security experience. Deep understanding of OWASP Top 10, OWASP API Top 10, MASVS. Even better if you have one or more of the following: Strong knowledge of tools used for API, infrastructure, web application, mobile, and network security testing, such as Kali Linux, Metasploit, Wireshark, Burp suite, Cobalt Strike, Nessus, Web Inspect, SQLMap. Knowledge of secure software deployment methodologies, tools, and practices. Experience with application security risk procedures, security patterns, authentication technologies and security attack pathologies. Certifications such as: GXPN, GPEN, eWPT, GCIH, GWAPT, OSCP, OSWA, OSCE, OSWE. Service Delivery/Governance: ITILv2/3. Solid understanding of common hosting environments such as containerization platforms (e.g., Docker and Kubernetes) and virtual machines running under hypervisors. An implementation level familiarity with all common classes of modern exploitation. Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell. Programming skills preferred and encouraged, as well as the ability to read and assess applications written multiple languages, such as Python, JAVA, .NET, C#, or others. Experience with system and application security threats and vulnerabilities and secure configuration management techniques, software debugging principles, software design tools, methods, and techniques, software development models (e.g., Waterfall Model, Spiral Model). Knowledge of secure coding techniques. Some experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization). Knowledge of secure software deployment methodologies, tools, and practices. Knowledge in discerning the protection needs (i.e., security controls) of information systems and networks.

Role: Infosec Lead Location: Noida, India www.SEW.ai Who We Are SEW, with its innovative and industry-leading cloud platforms, delivers the best Digital Customer Experiences (CX) and Workforce Experiences (WX), powered by AI, ML, and IoT Analytics to the global energy, water, and gas providers. At SEW, the vision is to Engage, Empower, and Educate billions of people to save energy and water. We partner with businesses to deliver platforms that are easy-to-use, integrate seamlessly, and help build a strong technology foundation that allows them to become future- ready. Searching for your dream job? We are a true global company that values building meaningful relationships and maintaining a passionate work environment while fostering innovation and creativity. At SEW, we firmly believe that each individual contributes to our success and in return, we provide opportunities from them to learn new skills and build a rewarding professional career. A Couple of Pointers We are the fastest growing company with over 420+ clients and 1550+ employees. Our clientele is based out in the USA, Europe, Canada, Australia, Asia Pacific, Middle East Our platforms engage millions of global users, and we keep adding millions every month. We have been awarded 150+ accolades to date. Our clients are continually awarded by industry analysts for implementing our award-winning product. We have been featured by Forbes, Wall Street Journal, LA Times for our continuous innovation and excellence in the industry. Who we are looking A successful Application Penetration Tester working at SEW should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, operating system functionality, application manipulation, vulnerability discovery, and analysis, as well as exploit development. This job requires strong critical thinking skills and an analytical mindset; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could involve penetration testing of both software and network to breach the security of a target system or reverse-engineering an application and encryption method to gain access to sensitive data. If you have experience performing penetration tests against web applications, mobile applications and can present your findings while demonstrating strong analytical skills, then youre the type of Penetration Tester were looking for. Requirements Perform penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and exploit vulnerabilities Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, etc. Detect, identify, and exploit vulnerabilities across various operating systems, applications, and hardware Develop comprehensive and accurate reports and presentations for both technical and executive audiences Effectively communicate findings and strategy to stakeholders Qualifications 5-8 years experience in: Web Application Assessments, Mobile Application Assessments Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, Kali Linux etc. Possess understanding of various penetration testing and hacking methodologies such as OWASP, PTES, NIST SP800-115 Source Code Review & Reverse Engineering Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification preferred Demonstrated experience in one or more computer programming and scripting languages such as Python, Bash, PHP, Java, C#, .NET, Swift, Kotlin, JavaScript, Perl, Ruby Reverse engineering malware, data obfuscators, or ciphers Experience with methodologies pertaining to both static and dynamic analysis for different application types and platforms Strong knowledge of tools used for application testing and testing of different platforms, including those used in both static and dynamic analysis Thorough understanding of network protocols, data on the wire, application design and architecture, and different classes of application security flaws Computer science degree preferred.

Project Role : Security Engineer Project Role Description : Apply security skills to design, build and protect enterprise systems, applications, data, assets, and people. Provide services to safeguard information, infrastructures, applications, and business processes against cyber threats. Must have skills : Rapid7 Metasploit Good to have skills : NA Minimum 2 year(s) of experience is required Educational Qualification : Related qualifications and certifications Summary :As a Security Engineer, you will be responsible for applying security skills to design, build and protect enterprise systems, applications, data, assets, and people. Your typical day will involve working with Rapid7 Metasploit, identifying vulnerabilities, and providing solutions to safeguard information, infrastructures, applications, and business processes against cyber threats. Roles & Responsibilities: Identify vulnerabilities in enterprise systems, applications, data, assets, and people using Rapid7 Metasploit. Provide solutions to safeguard information, infrastructures, applications, and business processes against cyber threats. Collaborate with cross-functional teams to design and build secure enterprise systems and applications. Conduct security assessments and penetration testing to identify and mitigate security risks. Stay updated with the latest advancements in security technologies and integrate innovative approaches for sustained competitive advantage. Professional & Technical Skills: Must To Have Skills:Proficiency in Rapid7 Metasploit. Good To Have Skills:Experience with other security tools such as Nessus, Nmap, and Wireshark. Strong understanding of security concepts and principles. Experience in conducting security assessments and penetration testing. Knowledge of security frameworks such as NIST, ISO, and CIS. Solid grasp of network and system administration. Additional Information: The candidate should have a minimum of 2 years of experience in Rapid7 Metasploit. The ideal candidate will possess a strong educational background in computer science, information technology, or a related field, along with a proven track record of delivering impactful security solutions. This position is based at our Bengaluru office. Qualifications Related qualifications and certifications

Project Role : Test Automation Lead Project Role Description : Lead the transformation of testing into a continuous and efficient end-to-end quality engineering function through the use of quality processes, tools, and methodologies significantly improving control, accuracy and integrity. Evolve more predictive and intelligent testing approaches based on automation and innovative testing products and solutions. Must have skills : Automotive Functional Safety Good to have skills : NA Minimum 3 year(s) of experience is required Educational Qualification : Bachelor of Engineering in Electronics or any related stream Key ResponsibilitiesAs a Penetration Tester, you will be responsible for identifying and exploiting security vulnerabilities in our systems and applications. You will work closely with IT, development, and operations teams to ensure our infrastructure is resilient against cyber threats. Your expertise in ethical hacking and security assessment will be crucial in safeguarding our digital assets. Technical Experience Proven experience as a Penetration Tester or in a similar role within a complex IT environment. Strong knowledge of penetration testing methodologies and tools, including: * Metasploit * Burp Suite * Nmap * OWASP ZAP * Kali Linux * Wireshark Proficiency in scripting languages such as Python, Bash, or PowerShell, and familiarity with programming languages such as Java, C++, or Ruby. In-depth understanding of network protocols, firewall configurations, and common vulnerabilities. Knowledge of secure coding practices, web application vulnerabilities (OWASP Top 10), and API security. Familiarity with regulatory requirements and standards such as GDPR, ISO 27001, and PCI-DSS. Overall, 3+ years of experience in vehicle security or a related field. In-depth knowledge and practical experience with various vehicle systems, including telematics, CAN bus, remote entry/start, OTA, and EV charging. Familiarity with relevant security standards and regulations, such as ISO/SAE 21434, ISO 27001, NIST Cybersecurity Framework, and UN Regulation No. 155.Professional Attributes Excellent problem-solving skills and attention to detail. Strong communication and collaboration skills to effectively convey technical information to non-technical stakeholders. Excellent communication and interpersonal skills. Motivation to stay updated with the latest cybersecurity trends, tools, and techniques. Ability to work effectively in a cross-functional team environment.Preferred Qualifications Relevant certifications such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), or CompTIA PenTest+. Experience with advanced penetration testing techniques, wireless security assessments, social engineering, and physical security testing.Knowledge of cloud security and experience with penetration testing in cloud environments such as AWS, Azure, or Google Cloud. Qualifications Bachelor of Engineering in Electronics or any related stream

The Selected candidate report to Program Cybersecurity Manager and will work with a highly motivated Cybersecurity team involved in vulnerability monitoring, vulnerability assessment, scanning and penetration testing of Alstom's solutions and products. The candidate will be positioned at Bangalore Technology Center of Alstom Digital & Integrated System division. INTERNAL The candidate will have strong links internally with Cybersecurity Services Center Director EXTERNAL Program Managers Program / Project Cybersecurity Managers Project and Program Teams Product / Software Development Teams Regional Cybersecurity Managers Platform Cybersecurity Managers Alstom IT Organisation OVERALL PURPOSE OF THE ROLE : We are currently seeking individuals interested to maintain and improve security posture of Alstom Products and Solutions. Cybersecurity expected to lead vulnerability assessments for Alstom products and solution, Perform vulnerability scan, policy scan, penetration test and other security assessments. He also performs vulnerability monitoring and alert the Products and Platforms for existing or new vulnerabilities that could potentially impact them. Maintain the vulnerability management system and ensure SLAs of the vulnerability management process. He will also be part of the incident response team (PSIRT), perform first level of analysis and participate in vulnerability remediation workflow. RESPONSIBILITIES : The Cybersecurity Engineer perform the following activities: Work with a team of Cybersecurity Engineers and responsible for the vulnerability assessment and penetration test, vulnerability scan, policy compliance scan and web Application scan with the help of tools like Qualys or any other industry standard tools and provide the analysis to the programs/projects. Responsible to evaluate the system or product security by safely trying to exploit vulnerabilities that may exist in OS, services, application flaws, improper configurations or risky end-user behaviour. Perform vulnerability monitoring on Alstom's solution and projects and alert the responsible teams for existing or new vulnerabilities that could potentially impact them. Monitor published vulnerabilities and security advisories globally and provide communications on discovered vulnerabilities or security threats to internal groups Identify required Cybersecurity tools and practices. Provide documentation and training/guidance to the users of the tool and secure the deployment Part of the incident response team (PSIRT), perform first level of analysis and participate in vulnerability remediation workflow. Provide internal training on Cybersecurity, vulnerability management process and tools. Qualifications & Skills: Prior experience in vulnerability assessment, vulnerability management and application security or demonstrated security experience in either a forensic or an offensive security focused role. Minimum 5 years of experience in performing vulnerability scan, pen tests/vulnerability assessments and vulnerability management, desirable from product development or industrial control system background. Preferable to have from Railway Cybersecurity domain. EDUCATION (Engineer) Bachelors or Masters in Computer Science, Information Technology or equivalent CEH or approved Pen Test equivalent certification is mandatory for this position ISA 62443 certification and/or OSCP certifications preferred. Desirable to have Cybersecurity certification in any one or few of GICSP, CISSP, GSEC, ECSA, CISM, and Comptia Pen test+. TECHNICAL COMPETENCIES & EXPERIENCE Having good experience and able to work independently on atleast few of security tools (Qualys, Kali Linux, Nessus, Netsparker, OpenVAS, Nexpose, Wireshark, Metasploit, IBM AppScan, HP Webinspect, Burp Suite, SQLmap, nmap, fuzzers, password recovery tools and other penetration testing tools). Strong experience in performing penetration tests and/or vulnerability assessments on products, web applications and networks. Prior knowledge of security assessment on SCADA and IOT devices prfrable Under standing of networking (TCP/IP, OSI model), operating system fundamentals (Windows, UNIX, mainframe), security technologies (firewalls, IDS/IPS, etc.) and application programming / Scripting languages (C, Java, Python, Shell). Excellent knowledge on configuration review of Linux, Windows and Network devices with respect to CIS Benchmark. Experience with static analysis tools and software composition analysis tools. Knowledge of Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE) and Common Weakness Enumeration (CWE). A strong understanding of technologies and associated protocols such as HTTPS, TLS, DNS, SSL etc. Considerable knowledge on programming languages (e.g. Java, C, C++, C#.NET, Scripting languages) prfrable. Main standards and regulations such as : ISO 2700X, ISA 62443 and NIST are prfrable. Experience presenting to or training technical audiences a plus. A technical writing experience is a plus. BEHAVIORAL COMPETENCIES: Strong individual and a team Player. Strong autonomy Sense of Service Delivery oriented Capacity to work in complex environment Negotiation skills Problem solving Demonstrate excellent communication skills and able to guide, influence and convince others in a matrix organization. Prior experience in working with European customer is desirable.

Job Overview: We are looking for an experienced and dynamic Freelance Cybersecurity Trainer to deliver high-quality training sessions to professionals and/or students. The ideal candidate will have a solid background in cybersecurity practices, hands-on industry experience, and a passion for teaching and mentoring. Key Responsibilities: Design, develop, and deliver cybersecurity training content (live sessions, workshops, online modules, etc.). Conduct sessions on topics such as network security, ethical hacking, threat analysis, incident response, risk management, and security compliance. Prepare hands-on labs, case studies, and real-world scenarios to enhance learner engagement. Customize training based on audience skill level (beginner to advanced). Evaluate learner progress through assessments, projects, and feedback. Stay up-to-date with industry trends, emerging threats, and latest tools/technologies. Provide mentorship and answer technical questions during and after sessions as needed. Requirements: Significant years of hands-on experience in cybersecurity roles. Proven experience in delivering training or workshops in-person. Proficiency with Cybersecurity tools such as Kali Linux, Metasploit, Wireshark, Nessus, etc. In-depth knowledge of information security principles, risk assessment, and regulatory frameworks (e.g., ISO 27001, NIST, GDPR). Excellent communication and presentation skills. Relevant certifications (e.g., CEH, CISSP, CompTIA Security+, OSCP) are highly desirable. Preferred Qualifications: Prior experience working with training companies or educational platforms. Ability to develop custom course materials and content. Flexibility to conduct sessions across different time zones if needed. Compensation: Competitive freelance/hourly rates (based on experience and course complexity). Show more Show less

Who We Are: Headquartered in Canada with locations across the United States and around the globe with a footprint on six continents, Bulletproof, a GLI company has decades of technology, security, and compliance expertise. Bulletproof’s work in the security space has been recognized nationally and globally with Microsoft’s global Security Partner of the Year in 2021 and five Microsoft Canada Impact Award wins from 2019 to present-day. At Bulletproof, our vision is to serve, secure, and empower the world through people and technology; one customer at a time. We believe everyone has the right to feel safe and secure. Our mission is to serve and protect organizations to ensure their success. What We Have To Offer Challenging Work - We love solving highly complex problems. Across our teams and in all roles, every employee is empowered to bring their best ideas forward and to jump in and solve the problems they're passionate about. Great People - We are stronger, together, when we are open, honest, and above all, real. Every person is valued here and plays an important role in our shared success. Global Impact - As a global team spanning continents, boundaries, and cultures, every day we are inspired by the impact our work has on our colleagues, our customers, our communities, and the world at large. Diversity, Equity and Inclusion - We celebrate each other’s differences, continuously strive for equality and recognize that inclusion makes us stronger as individuals, a company and a global citizen. What the Role Does… As a pentester, you will conduct security assessments by probing for and exploiting security vulnerabilities in web-based applications, networks and systems and finding ways to ensure that any risk to our client is mitigated. We highly prefer if you live in Noida (India) because you will need to be in the office. Duties and Responsibilities include, but are not limited to: Conducts security assessments that can be multi-faceted for a wide variety of assigned clients Defines the scope for security testing assignments Creates quality assurance security test reports and other documentation as needed Works with clients to develop appropriate remediation plans Provides clients with exceptional service in a professional, courteous and timely manner Provides technical support as a subject matter expert in the sale of security testing assignments on an as needed basis Provides thought leadership and direction for the Information Security practice on malware, attack vectors and methods to protect against threats Teams up with colleagues in other lines of services in support of client needs for Information Security services Stays up to date on current tools, technologies and vulnerabilities to incorporate into testing practices Other related duties as assigned Requirements: Degree in Computer Science, Information Systems, Engineering or related major from an accredited University or College Diploma equivalent Experience performing vulnerability assessments and/or penetration tests would be preferred Application and/or infrastructure penetration testing experience above and beyond running automated tools A good understanding of Linux, Windows and network security skills Excellent written and oral communication skills in English Ability to meet deadlines and deliver a high-quality product (reports) Strong attention to detail Ability to work both independently and in a team environment. Familiar with (if not qualified in) test suites such as: Nessus MetaSploit Burp Suite Kali NMap Fortify Acunetix Certifications - One or more of the following certifications are considered an asset: EC-Council Certified Ethical Hacker (CEH) EC-Council Licensed Penetration Tester (LPT) GIAC Certified Penetration Tester (CPEN) IACRB Certified Penetration Tester (CPT) Offensive Security Certified Professional (OSCP) CREST Registered Tester (CRT) CREST Infrastructure Certification CESG CHECK Team Leader CESG CHECK Team Member Tiger Scheme Senior Security Tester Tiger Scheme Qualified Security Tester Any other recognized penetration testing certification/accreditation The following skills are preferred but not required: PCI ASV CREST recognized penetration testing certification/accreditation (CREST Certified Tester (CCT) or CHECK Team Leader (CTL) Experience developing custom scripts or tools used for vulnerability scanning and identification Familiarity with threat modelling and security design review methodologies Support team technical development (e.g. through service development or research) and contribute to company technical processes overall Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, or Java and/or Fortify, Veracode, Brakeman and/or IDA Pro Experience with physical security testing, phishing and social engineering techniques. Experience with mobile applications such as Android DeBug Bridge (ADS), OWASP ZAP, Drozer, Mobile Security Framework (MobSF), Smartphone Pentest Framework (SPF), Burp Suite, Android SDK, Friday, Cydia and/or IDB This job description should not be interpreted as all-inclusive; it is intended to identify major responsibilities and requirements of the job. The incumbent may be requested to perform other job-related task and responsibilities than those stated above. Equal Opportunity Statement Bulletproof is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Bulletproof is also committed to compliance with all fair employment practices regarding citizenship and immigration Show more Show less

About The Position Job Description Snowbit is looking for an experienced Security Incident Responder to join our Managed Detection and Response (MDR) team. This role requires expertise in incident response, threat hunting, and forensic investigations, with a strong emphasis on cloud environments and Kubernetes. You will lead efforts to protect our customers from advanced cyber threats while contributing to the continuous improvement of Snowbit’s methodologies, processes, and technology stack. Requirements What You’ll Do: Leverage Snowbit’s advanced MDR platform to lead large-scale incident response investigations and proactive threat-hunting initiatives. Conduct log analysis, and cloud artifact reviews using EDR and similar tools depending on availability, to support incident resolution and root-cause investigations. Investigate and respond to security incidents in containerized environments, with a specific focus on Kubernetes security and architecture. Research evolving cyberattack tactics, techniques, and procedures (TTPs) to strengthen customer defenses and codify insights for our services. Provide technical and executive briefings to customers, including recommendations to mitigate risk and enhance cybersecurity posture. Collaborate with internal teams, including engineering and research, to enhance Snowbit’s MDR and incident response capabilities. Partner with customer teams (IT, DevOps, and Security) to ensure seamless integration and adoption of Snowbit’s MDR services. Share expertise through presentations, research publications, and participation in the global cybersecurity community. Experience 3-5 years in incident response, threat hunting with strong experience in cloud security (AWS, Azure, GCP) and Kubernetes environments. Proven Incident response experience in complex environments. Technical Skills Demonstrates strong expertise in understanding adversary tactics and techniques, translating them into actionable investigation tasks, conducting in-depth analysis, and accurately assessing the impact. Familiarity with attack vectors, malware families, and campaigns. Deep understanding of network architecture, protocols, and operating system internals (Windows, Linux, Unix). Expertise in Kubernetes security, including container orchestration, workload isolation, and cluster hardening. Experience securing Kubernetes infrastructure, runtime security, and security monitoring. Problem-Solving Ability to work independently and collaboratively in dynamic, fast-paced environments. Communication Excellent written and verbal communication skills to interact with technical and non-technical stakeholders. Preferred Skills Scripting skills (e.g., Python, PowerShell) Experience with Red Team operations, penetration testing, or cyber operations. Hands-on knowledge of attack frameworks (e.g., MITRE ATT&CK, Metasploit, Cobalt Strike). Proficiency in host forensics, memory forensics, and malware analysis. Show more Show less

Responsibilities: • Execute complex Red Team engagement as a penetration tester, simulating real-world ransomware / malware attacker scenarios to uncover critical vulnerabilities • Identify, research, and exploit various vulnerabilities (including zero-days) to gain unauthorized access to systems and data. • Develop custom tools, scripts, and exploit code. • Document findings in a clear, concise, and actionable manner, including detailed reports with working proofs of concept and recommendations for remediation and product improvements • Collaborate with the Blue Team (engineering and QA) to prioritize vulnerabilities, develop mitigation strategies, and improve overall security posture through tangible requirements • Participate in knowledge sharing by mentoring junior team members and presenting findings, including opportunities to document reports for external consumption Qualifications: • Minimum 5+ years of experience in offensive security engagements. • Proven experience in participating in Red Team engagements. • Expertise in various operating systems (Mac, Linux, etc.) and scripting languages (Python, Ruby, etc.). • Coding skills to automate tasks, customize attacks, and create payloads • Solid understanding of networking concepts, such as TCP/IP, DNS, HTTP, FTP, SMTP, and VPN. • Hands-on knowledge on how to use network analysis tools, such as Nmap, Wireshark, and Metasploit, to scan, sniff, and exploit network services and protocols. Ability to discover and map network devices, identify open ports and services, and bypass firewalls and other security measures. • System knowledge . Good understanding of OS concepts • Experience with exploit development and post-exploitation techniques. • Strong understanding of the threat landscape and attacker motivations. • Well-versed in security principles, such as encryption, authentication, authorization, and access control. • Good knowledge of malwares , ransomwares , APTs , Trojans and how they work. • Ability to think outside the box, and come up with innovative and unconventional ways to break into a system or network. • Excellent communication, collaboration, and problem-solving skills. Show more Show less

Job Title: CEH Trainer Job Summary: CEH Trainer designs and delivers training programs to prepare individuals for the Certified Ethical Hacker (CEH) certification by EC-Council. The trainer educates participants on ethical hacking techniques, cybersecurity principles, and tools to identify and mitigate security vulnerabilities in systems and networks. Key Responsibilities: Training Delivery: Conduct virtual CEH training sessions, covering topics like footprinting, scanning, enumeration, system hacking, malware threats, sniffing, social engineering, and penetration testing. Content Development: Create, update, and customize training materials, including presentations, labs, case studies, and practice exams aligned with the latest CEH curriculum. Hands-On Labs: Facilitate practical exercises using tools like Nmap, Metasploit, Wireshark, and Kali Linux to simulate real-world hacking scenarios. Student Support: Provide guidance, answer queries, and mentor students to ensure comprehension and exam readiness. Assessment & Feedback: Evaluate student performance through quizzes, mock exams, and practical assessments, offering constructive feedback. Stay Updated: Keep abreast of evolving cybersecurity threats, tools, and EC-Council updates to ensure training relevance. Collaboration: Work with training coordinators and organizations to schedule sessions, tailor content, and meet client-specific needs. Qualifications: Certification: Valid CEH certification (mandatory); additional certifications like OSCP, CISSP, or CompTIA PenTest+ are a plus. Experience: 3+ years in cybersecurity, ethical hacking, or penetration testing, with at least 1–2 years of training or teaching experience. Technical Skills: Proficiency in ethical hacking tools, techniques, and methodologies; strong knowledge of network security, OS (Windows/Linux), and cloud security. Communication: Excellent presentation, interpersonal, and mentoring skills to engage diverse audiences. Education: Bachelor’s degree (preferred but not mandatory). Soft Skills: Ability to simplify complex technical concepts. Strong problem-solving and time-management skills. Passion for teaching and staying current in cybersecurity trends. Show more Show less

Who We Are Sirion is the world’s leading AI-native CLM platform, pioneering the application of generative AI to help enterprises transform the way they store, create, and manage contracts. The platform’s extraction, conversational search, and AI-enhanced negotiation capabilities have revolutionized contracting across enterprise teams – from legal and procurement to sales and finance. The world’s most valuable brands trust Sirion to manage 7M+ contracts worth nearly $800B and relationships with 1M+ suppliers and customers in 100+ languages. Leading analysts such as Gartner, IDC, and Spend Matters have consistently recognized Sirion as a leader in CLM for its focus on category-leading innovation. About The Role What You’ll Do : Experienced in application security testing (source code review and application penetration tests) – web, mobile, API’s, Plugin’s. Experienced in performing Threat Modelling. Experience with Cloud and Container Security. Experience with Secure Development and Testing processes and detection. Experience in automating security testing and remediation through scripting using languages like Bash, Python and VBScript. Knowledge of secure coding concepts. Good knowledge of OWASP and current and emerging threats Good experience in Security testing tools like Burp Suite/Acunetix/Metasploit/Kali. Understands Security testing requirements and testing strategy. Knowledge on capturing and diagnosing logs for application errors. Good understanding of the entire project life cycle, QA methodologies and processes. Experience with web application firewall, encryption, networking, web services. Create detailed, comprehensive and well-structured Security test plans and Security test cases. Estimate, prioritize, plan, and coordinate testing activities. Strong, effective interpersonal and communications skills; able to interact professionally with customers and team members. What You’ll Need Ability to multi-task effectively and work under pressure Relationship and trust-based information security program (not authority-based) Self-driven and initiator Task finisher Commitment To Diversity And Inclusion We are an equal opportunity employer committed to diversity and inclusion. We do not discriminate based on race, color, gender, religion, national origin, ancestry, age, disability, medical condition, genetic information, military or veteran status, marital status, pregnancy, gender identity, sexual orientation, or any other protected characteristic. We provide reasonable accommodations for disabled employees and applicants as required by law. These principles apply to all aspects of employment, including recruitment, training, promotions, compensation, benefits, transfers, and social programs. Excited about this opportunity? We’d love to hear from you! To apply, simply visit our Careers Page Careers at Sirion page and follow the easy steps to submit your application. Show more Show less

Eventus Security requires a Technical Manager - Cyber Resilience with strong understanding of cybersecurity practices, extensive experience in vulnerability assessment and penetration testing (VAPT), leadership skills to manage a team of security professionals, and the ability to identify, prioritize, and remediate critical vulnerabilities across an organization's systems and applications, ensuring compliance with security standards and regulations; key responsibilities would include leading VAPT projects, overseeing vulnerability scanning, managing penetration testing activities, generating detailed reports, and collaborating with stakeholders to implement security improvements. Job Title: Technical Manager - Cyber Resilience Experience: 7-15yrs Key Responsibilities: VAPT Strategy Development: · Define and implement a comprehensive VAPT strategy aligned with organizational security goals and compliance requirements. · Establish VAPT methodologies, standards, and best practices for conducting assessments. · Prioritize critical assets and systems for regular VAPT scans. Team Management : · Lead a team of VAPT analysts, penetration testers, and vulnerability assessors. · Assign tasks, monitor performance, and provide technical guidance to team members. · Develop and maintain team skills through training and certifications. · Vulnerability Assessment and Penetration Testing: · Conduct comprehensive vulnerability assessments across networks, systems, applications, and web services using automated tools and manual techniques. · Execute penetration testing engagements to identify exploitable vulnerabilities and assess potential security risks. · Analyze test results, prioritize vulnerabilities based on severity and impact, and generate detailed reports with actionable remediation recommendations. Risk Management: · Collaborate with security stakeholders to assess the risk associated with identified vulnerabilities. · Communicate security risks to relevant decision-makers and advocate for timely remediation. · Track remediation progress and ensure vulnerabilities are addressed effectively. Compliance Management: · Ensure VAPT activities align with industry standards and regulatory compliance requirements (e.g., PCI DSS, HIPAA, GDPR). · Maintain documentation and reporting to demonstrate compliance with security policies. Required Skills and Qualifications: Technical Expertise: · Deep understanding of network security concepts, protocols, and vulnerabilities. · Proficient in various VAPT tools and frameworks (e.g., Nessus, Burp Suite, Nmap, Metasploit). · Familiarity with web application security, OWASP Top 10, and secure coding practices Leadership Skills : · Proven ability to lead and mentor a team of security professionals. · Strong communication and presentation skills to effectively convey technical information to stakeholders. Analytical Skills: · Ability to analyze complex security issues, identify root causes, and prioritize remediation actions. · Critical thinking and problem-solving skills to evaluate potential security threats. Certifications: Relevant cybersecurity certifications such as CISSP, CISA, OSCP, CEH, or equivalent. Show more Show less

About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. Position Summary We are seeking a System Test Engineer with expertise in SaaS applications providing cybersecurity solution to join our dynamic team. The ideal candidate will play a critical role in testing, validating, and ensuring the reliability and security of our SaaS-based cyber security platform. This position requires strong analytical skills, hands-on experience with automation, and a deep understanding of cloud environments, networking protocols, firewalls and security frameworks. Key Responsibilities Design, develop, and execute system-level test plans, test cases, and automated test scripts for a SaaS-based cyber security platform. Validate end-to-end functionality, scalability, and performance of security applications integrated with external ITSM systems. Develop and maintain automation frameworks to streamline test execution and enhance test coverage. Conduct security, performance, and regression testing to identify vulnerabilities, bottlenecks, and reliability issues. Test and validate the functionality of agents that connect with the SaaS platform. Work closely with development, product management, and DevOps teams to troubleshoot issues and ensure high-quality product releases. Implement and execute API testing, system integration testing, and user acceptance testing. Participate in test strategy planning and provide feedback for continuous improvement of the test process. Required Skills & Qualifications A bachelor’s or master’s degree in computer science, electronics engineering or a related field 8-10 years of experience in system testing for SaaS applications and Cyber Security platforms. Strong knowledge of networking protocols (TCP/IP, HTTP/HTTPS, DNS, VPN, IPSec, TLS, etc.). Strong understanding of security concepts such as firewalls, IDS/IPS, zero-trust architecture, and cloud security controls. Hands-on experience with test automation tools (Selenium, Robot Framework, PyTest, etc.). Proficiency in scripting and automation using Python, Bash, or similar languages. Experience working with cloud platforms such as AWS, Azure, or Google Cloud. Familiarity with containerization and orchestration tools like Docker and Kubernetes. Experience with CI/CD pipelines and DevOps processes. Strong troubleshooting and debugging skills in distributed systems and cloud environments. Preferred Qualifications Knowledge of security frameworks such as SOC2, ISO 27001, and compliance standards. Experience with security testing tools such as Burp Suite, Nessus, Wireshark, or Metasploit. Familiarity with Infrastructure as Code (IaC) tools such as Terraform or Ansible. Certifications such as AWS Certified Security - Specialty, CCNA Security, CISSP, or CEH are a plus. Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted. Show more Show less

Ethical Hacking Intern Company: INLIGHN TECH Location: Remote (100% Virtual) Duration: 3 Months Stipend for Top Interns: ₹15,000 Certificate Provided | LOR | Potential Full-Time Offer Based on Performance About the Company: INLIGHN TECH is dedicated to preparing the next generation of cybersecurity professionals by offering hands-on, project-based internships. Our Ethical Hacking Internship provides a comprehensive opportunity to explore system vulnerabilities, learn penetration testing techniques, and gain practical skills essential for the cybersecurity field. Role Overview: As an Ethical Hacking Intern, you'll work closely with our cybersecurity experts to identify and analyze security flaws in systems and applications. This role provides exposure to real-world security challenges and helps you build foundational skills in ethical hacking and penetration testing. Key Responsibilities: Perform vulnerability assessments and penetration tests on simulated environments Analyze system security using tools like Nmap , Burp Suite , Wireshark , Metasploit , etc. Document findings and recommend mitigation strategies Assist in developing scripts or tools for automation of testing processes Stay updated with the latest cybersecurity threats and trends Create reports highlighting attack vectors and potential security improvements Qualifications: Pursuing or recently completed a degree in Cybersecurity , Computer Science , Information Technology , or related field Basic knowledge of ethical hacking techniques , OWASP Top 10 , and Linux commands Familiarity with tools such as Kali Linux , Nmap , Wireshark , and Metasploit Strong curiosity and passion for cybersecurity Good analytical, problem-solving, and documentation skills Internship Benefits: Hands-on training in ethical hacking tools and techniques Certificate of Internship upon successful completion Letter of Recommendation for high-performing interns Opportunity to contribute to real-world security simulations and projects Top interns eligible for stipend and full-time job offers Show more Show less

Job Title: Offensive Security Engineer (Ransomware Penetration Testing) Duration: Full time role Location: Hybrid (Pune) NOTE: Need at least 5 years of exp in Pen testing NOTE: Need at least 5 years of exp in Pen testing NOTE: Need at least 5 years of exp in Pen testing Job Description: Responsibilities: Execute complex Red Team engagement as a penetration tester, simulating real-world ransomware / malware attacker scenarios to uncover critical vulnerabilities Identify, research, and exploit various vulnerabilities (including zero-days) to gain unauthorized access to systems and data. Develop custom tools, scripts, and exploit code. Document findings in a clear, concise, and actionable manner, including detailed reports with working proofs of concept and recommendations for remediation and product improvements Collaborate with the Blue Team (engineering and QA)to prioritize vulnerabilities, develop mitigation strategies, and improve overall security posture through tangible requirements Participate in knowledge sharing by mentoring junior team members and presenting findings, including opportunities to document reports for external consumption Qualifications: Minimum 5+ years of experience in offensive security engagements. Proven experience in participating in Red Team engagements. Expertise in various operating systems (Mac, Linux, etc.) and scripting languages (Python, Ruby, etc.). Coding skills to automate tasks, customize attacks, and create payloads Solid understanding of networking concepts, such as TCP/IP, DNS, HTTP, FTP, SMTP, and VPN. Hands-on knowledge on how to use network analysis tools, such as Nmap, Wireshark, and Metasploit, to scan, sniff, and exploit network services and protocols. Ability to discover and map network devices, identify open ports and services, and bypass firewalls and other security measures. System knowledge . Good understanding of OS concepts Experience with exploit development and post-exploitation techniques. Strong understanding of the threat landscape and attacker motivations. Well-versed in security principles, such as encryption, authentication, authorization, and access control. Good knowledge of malwares , ransomwares , APTs , Trojans and how they work. Ability to think outside the box, and come up with innovative and unconventional ways to break into a system or network. Excellent communication, collaboration, and problem-solving skills. Show more Show less

SecureLayer7 is a CREST Certified & Recognized Vulnerability Assessment & Penetration Testing Provider with over 10 Years of Experience Conducting Advanced Pentests for Applications, Infra and All Digital Assets for Businesses of all sizes. Securelayer7 is one of the few companies with an incredibly powerful in-house platform - BugDazz and an in-house team of experienced consultants that makes our security offerings the most comprehensive! Key Responsibilities - Execute full-scope Red Team engagements, including phishing, social engineering, and network penetration. Simulate advanced hacking techniques and replicate adversary tactics to uncover security weaknesses. Work closely with Blue Teams in Purple Team exercises to enhance detection and response capabilities. Develop, extend, or modify exploits, shellcode, or tools to simulate sophisticated attacks. Perform reverse engineering of malware (advantageous but not mandatory). Write clear and actionable reports outlining vulnerabilities, exploitation techniques, and remediation strategies. Stay updated on the latest cyber threats, attack methods, and emerging technologies. Required Skills & Experience - Deep understanding and extensive experience in penetration testing methodologies and tools. Strong technical knowledge of various technologies and the ability to quickly learn and adapt to new ones. A passion for learning new technologies and breaking them apart is essential. Expertise in Active Directory attacks and defenses. Proficiency with tools such as Metasploit, Cobalt Strike, BloodHound, and similar offensive security frameworks. Knowledge of hacking methods and frameworks like MITRE ATT&CK. Strong scripting skills (Python, PowerShell, Bash) and experience in manual exploitation techniques. Certifications such as OSCP, OSEP, CRTO, or equivalent are highly valued. What We Offer Competitive salary and benefits package. Exciting projects that challenge your skills and creativity. A collaborative environment where you’ll learn and grow alongside top talent. Access to cutting-edge tools and resources to stay ahead in the cybersecurity field. Opportunities to shape the future of offensive security and contribute to meaningful projects. Location Onsite/ Workfrom Office. In special case Remote Show more Show less

Job Requirements · The role would require a person with hands-on experience in Vulnerability assessment and Penetration testing program in Enterprise environment having host of tools and technologies. · Must have experience in running Vulnerability Management and Penetration testing program. · Must Have: Experience in Tools for Firewall Evasion, Abuses to IPSec VPN, Border Gateway Protocol, GRE Tunnelling. · Be able to Perform and lead an assessment or penetration test. · Must produce management dashboard for open Vulnerabilities and Risk for enterprise. · Shall be able to provide mitigating controls for open risk and exploits for the enterprise environment. · Shall maintain risk register for open cyber risks in the enterprise. · Be able to lead a red team engagement and participate in a purple team engagement. · Have experience in developing exploits and tooling from vulnerabilities both pre and post exploitation. · Should have experience with tools Burp suite, Metasploit, Tenable, SQL Map, NMAP, SCAPY, and other tools. · Knowledge of TCP/IP and other application and network level protocols. · Conduct vulnerability assessment and penetration testing and configuration review for systems and networks. · Be able to author and issue reports on assigned application and system scan. · Support and recreate proofs of concept from security reports. · Good exposure to Cloud Applications like AWS, Azure and other SAAS Applications · Experience in Automating Security tasks using Python or Java Frameworks is a bonus. · Should be able to think ""Out of the box"". · Possess ability to think and implement new attack approaches/vectors. Skills · Strong oral and written communication, analytical and problem-solving skills, as well as excellent judgment on data analysis. · Proficient in Stakeholder Management and Team Leadership · Tools – Burp suite, Metasploit, Tenable, SQL Map, NMAP, SCAPY, and other tools. Education Qualification: · BE / BTECH · Additional certification would be an added advantage: CEH, CISA, ISO27001, ISO22301, CISSP Experience: · 3-6 years of proven experience as lead in VAPT and areas having hand on experience on various tools. Job Types: Full-time, Permanent Pay: Up to ₹2,000,000.00 per year Benefits: Health insurance Paid sick time Provident Fund Schedule: Day shift Work Location: In person

We are a leading Training Institute committed to building a skilled digital workforce. We are currently looking for a Cyber Security Trainer who can educate and empower learners with real-world cyber defense techniques and strategies. Key Responsibilities: Deliver interactive training sessions on Cyber Security Fundamentals, Ethical Hacking, Network Security, Threat Detection , and Penetration Testing . Cover tools and platforms like Kali Linux, Wireshark, Metasploit, Nmap , etc. Create and maintain training content, hands-on labs, case studies, and assessments. Guide students on industry best practices, compliance standards (ISO, NIST), and incident response. Stay updated with the latest security threats, tools, and technologies. Requirements: Strong hands-on experience in cyber security, ethical hacking, or IT security roles. Proficiency in security tools, Linux OS, and networking concepts. Prior experience in training/mentoring preferred. Excellent communication and teaching skills. Ability to deliver both beginner and advanced-level training. Preferred Qualifications: Certifications like CEH, CompTIA Security+, CISSP, OSCP are a plus. Experience in cloud security, DevSecOps, or security audits. Familiarity with cyber law and regulatory frameworks (GDPR, HIPAA, etc.). Job Types: Full-time, Permanent Pay: ₹10,228.99 - ₹32,802.78 per month Schedule: Day shift Work Location: In person

Job Summary: We are seeking an experienced Cybersecurity Expert to join our team and lead efforts in IT infrastructure auditing, web application security assessments, and compliance readiness. The ideal candidate will possess deep expertise in cybersecurity best practices, hands-on experience in security audits, and hold certifications like CISA, CISSP, or CEH. Key Responsibilities: Perform IT infrastructure audits across network, server, and endpoint environments. Conduct website and web application security audits , including vulnerability assessments and penetration testing. Develop and implement security policies, procedures, and standards aligned with best practices. Assist in achieving and maintaining compliance with standards such as ISO 27001, PCI-DSS, and CERT-In guidelines. Identify risks and propose effective mitigation strategies . Prepare detailed audit reports , risk assessments, and recommendations. Work closely with IT teams to monitor, detect, and respond to cybersecurity incidents. Stay up to date with emerging threats, vulnerabilities, and regulatory requirements. Required Qualifications: Bachelor’s degree in Computer Science, Information Technology, or a related field. 3–6 years of experience in cybersecurity, IT audit, or security assessment. Hands-on experience with security tools like Nessus, Burp Suite, Nmap, Metasploit, Wireshark, etc. Familiarity with CERT-In audit requirements , VAPT, and SIEM tools. Strong understanding of firewalls, IDS/IPS, VPNs , and access control systems. Certifications (Must have any one or more): CISA (Certified Information Systems Auditor) CISSP (Certified Information Systems Security Professional) CEH (Certified Ethical Hacker) Preferred Skills: Knowledge of compliance frameworks (e.g., NIST, GDPR, HIPAA) Experience in cloud security (AWS, Azure) ISO 27001 implementation and auditing experience Strong analytical, communication, and documentation skills Job Types: Full-time, Permanent Pay: From ₹500,000.00 per year Schedule: Day shift Work Location: In person

Were looking for an experienced and strategic Cyber Security Engineer with 35 years of hands-on expertise in securing enterprise environments. The ideal candidate will be responsible for enhancing the organizations security posture by proactively identifying risks, implementing defense mechanisms, and driving compliance initiatives across systems, networks, and applications. Experience: 35 Years Location: Indore Job Type: Full-time Bond: 1 Year Key Responsibilities Design, implement, and maintain robust cybersecurity architectures and defense strategies. Lead vulnerability assessments, threat modeling, penetration testing, and risk mitigation. Monitor and manage SIEM systems to detect, analyze, and respond to threats in real-time. Collaborate with infrastructure, DevOps, and development teams to embed security across the SDLC. Define, update, and enforce security policies, SOPs, and incident response plans. Conduct periodic internal/external audits and coordinate compliance efforts (ISO 27001, GDPR, etc.). Investigate security breaches and generate detailed post-incident reports. Evaluate and recommend advanced tools and technologies for endpoint, network, and cloud security. Deliver cybersecurity awareness training to internal teams and stakeholders. Technical Skills Required Strong understanding of security frameworks (NIST, ISO 27001, CIS Controls). Deep knowledge of firewalls, VPNs, IDS/IPS, endpoint protection, and network monitoring tools. Hands-on with tools such as Wireshark, Metasploit, Nessus, Nmap, Burp Suite, and SIEM platforms like Splunk, ELK, or QRadar. Solid experience with cloud security (AWS, Azure, or GCP). Competency in scripting or automation using Python, PowerShell, or Bash. Familiarity with secure configuration management and patch management practices. Excellent analytical, documentation, and incident management skills. Show more Show less

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Manager Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. As a cybersecurity generalist at PwC, you will focus on providing comprehensive security solutions and experience across various domains, maintaining the protection of client systems and data. You will apply a broad understanding of cybersecurity principles and practices to address diverse security challenges effectively. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us. At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations. " Job Description & Summary: We are seeking a professional to join our Cybersecurity and Privacy services team, where you will have the opportunity to help clients implement effective cybersecurity programs that protect against threats, drive transformation, and foster growth. As companies increasingly adopt digital business models, the generation and sharing of data among organizations, partners, and customers multiply. We play a crucial role in ensuring that our clients are protected by developing transformation strategies focused on security, efficiently integrating and managing new or existing technology systems, and enhancing their cybersecurity investments. As an L3 Analyst/SOC Manager, you will be responsible for overseeing regular operations, driving continuous improvement processes, and managing client and vendor interactions. This role involves managing complex incidents escalated from L2 analysts, operating the Security Incident process, and mentoring junior team members to build a cohesive and motivated unit. Responsibilities Review cybersecurity events analyzed by L2 security analysts, serving as the escalation point for detection, response, and remediation activities. Monitor and guide the team in triaging cybersecurity events, prioritizing, and recommending/performing response measures. Provide technical support for IT teams in response and remediation activities for escalated cybersecurity events/incidents. Follow up on cybersecurity incident tickets until closure. Guide L1 and L2 analysts in analyzing events and response activities. Expedite cyber incident response and remediation activities when delays occur, coordinating with L1 and L2 team members. Review and provide suggestions for information security policies and best practices in client environments. Ensure compliance with SLAs and contractual requirements, maintaining effective communication with stakeholders. Review and share daily, weekly, and monthly dashboard reports with relevant stakeholders. Update and review documents, playbooks, and standard operational procedures. Validate and update client systems and IT infrastructure documentation. Share knowledge on current security threats, attack patterns, and tools with team members. Create and review new use cases based on evolving attack trends. Analyze and interpret Windows, Linux OS, firewall, web proxy, DNS, IDS, and HIPS log events. Develop and maintain threat detection rules, parsers, and use cases. Understand security analytics and flows across SaaS applications and cloud computing tools. Validate use cases through selective testing and logic examination. Maintain continuous improvement processes and build/groom teams over time. Develop thought leadership within the SOC. Mandatory Skill Sets Bachelor’s degree (minimum requirement). 5-8 years of experience in SOC operations. Experience analyzing malicious traffic and building detections. Experience in application security, network security, and systems security. Knowledge of security testing tools (e.g., BurpSuite, Mimikatz, Cobalt Strike, PowerSploit, Metasploit, Nessus, HP Web Inspect). Proficiency in common programming and scripting languages (Python, PowerShell, Ruby, Perl, Bash, JavaScript, VBScript). Familiarity with cybersecurity frameworks and practices (OWASP, NIST CSF, PCI DSS, NY-DFS). Experience with traditional security operations, event monitoring, and SIEM tools. Knowledge of MITRE or similar frameworks and procedures used by adversaries. Ability to develop and maintain threat detection rules and use cases. Preferred Skill Sets Strong communication skills, both written and oral. Experience with SMB and large enterprise clients. Good understanding of ITIL processes (Change Management, Incident Management, Problem Management). Strong expertise in multiple SIEM tools and other SOC environment devices. Knowledge of firewalls, IDS/IPS, AVI, EDR, Proxy, DNS, email, AD, etc. Understanding of raw log formats of various security devices. Foundational knowledge of networking concepts (TCP/IP, LAN/WAN, Internet network topologies). Relevant certifications (CEH, CISA, CISM, etc.). Strong work ethic and time management skills. Coachability and dedication to consistent improvement. Ability to mentor and encourage junior teammates. Knowledge of regex and parser creation. Ability to deploy SIEM solutions in customer environments. Years Of Experience Required 7-12 + years Education Qualification B.Tech Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Bachelor of Engineering Degrees/Field Of Study Preferred Certifications (if blank, certifications not specified) Required Skills Application Security, Burp Suite, Network Security, Python (Programming Language), SOC Operations Optional Skills Accepting Feedback, Accepting Feedback, Active Listening, Agile Methodology, Analytical Thinking, Azure Data Factory, Coaching and Feedback, Communication, Creativity, Cybersecurity, Cybersecurity Framework, Cybersecurity Policy, Cybersecurity Requirements, Cybersecurity Strategy, Embracing Change, Emotional Regulation, Empathy, Encryption Technologies, Inclusion, Intellectual Curiosity, Learning Agility, Managed Services, Optimism, Privacy Compliance, Professional Courage {+ 13 more} Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

Penetration Testing in an enterprise, military or law enforcement environment. (required) In-depth security knowledge on one of the following: Active Directory, Critical Infrastructure, or Cloud Infrastructure. Hands-on experience with well-known Red Team tools like Cobalt Strike, Metasploit, Bloodhound, Mythic etc. (required) Proficiency with at least one scripting language (e.g. Python, Bash, PowerShell). (required) At least one of the following certifications or a similar one will be a plus: Security Certifications (Any One): OSCP, OSCE, OSED. CRTP (Certified Red Team Professional) SANS GDAT, GXPN,GPEN Excellent communicator and technical writing skills, able to engage and effectively respond to diverse stakeholders. Experience carrying out social-engineering assessments Skilled in crafting bypass script for AV/EDR Minimum Bachelor degree in Computer Science / IT 2 to 5 years hands-on working experience in Red Team operations and/or in web, network Job Location: Mumbai & Delhi Education: • B.E /B Tech / M Tech /B.Sc Comp/ M.Sc Comp Experience: 2 to 5 years

Senior Manager, Penetration Testing & Red Teaming What you will do Let’s do this. Let’s change the world. In this vital role has a strong focus on ensuring the organization's infrastructure, applications, and systems are secure from external and internal threats. As a senior-level position, this role involves not only hands-on penetration testing but also overseeing teams, setting testing strategies, and working closely with other security and engineering teams to implement long-term security improvements. The ideal candidate has in-depth knowledge of cybersecurity practices, experience in complex security assessment practices and strong leadership skills. Roles & Responsibilities: Develop and implement the penetration testing strategy in alignment with Amgen’s security framework. Champion a proactive security culture, integrating offensive security principles into Amgen’s broader risk management program. Lead, mentor, and develop a team of penetration testers, fostering a culture of innovation and continuous learning. Provide coaching and training to enhance the team’s technical and strategic capabilities. Build and maintain a high-performance security team, ensuring strong succession planning and career development opportunities. Oversee complex penetration testing engagements, ensuring high-quality execution and impactful reporting. Establish standard methodologies and frameworks for offensive security testing, risk assessment, and mitigation strategies. Ensure penetration testing methodologies align with industry standards (e.g., PTES, OWASP, MITRE ATT&CK). Serve as a trusted advisor to security, engineering, and executive leadership teams on cybersecurity risks and offensive security findings. Advocate for secure development practices and influence secure-by-design principles across engineering teams. Communicate technical security risks in business terms to executive collaborators and senior leadership. Define and enforce security testing policies, methodologies, and compliance requirements. Drive initiatives to enhance security automation and continuous testing frameworks. Ensure penetration testing efforts contribute to regulatory compliance (e.g., ISO 27001, NIST). What we expect of you We are all different, yet we all use our unique contributions to serve patients. Basic Qualifications: Master’s degree and 8 to 10 years of experience in Computer Science, Cybersecurity or Information Systems related field OR Bachelor’s degree and 10 to 14 years of experience in Computer Science, Cybersecurity or Information Systems related field OR Diploma and 14 to 18 years of experience in Computer Science, Cybersecurity or Information Systems related field Must-Have Skills: Proven experience in leading and managing high-performing security teams. Strong ability to influence senior collaborators and drive security adoption across an organization. Ability to translate technical security risks into business-aligned security strategies. Experience building and managing enterprise-wide penetration testing programs. Demonstrated ability to foster a culture of innovation, learning, and collaboration within security teams. Technical & Security Skills Deep knowledge of penetration testing frameworks and methodologies (e.g., OWASP, NIST, MITRE ATT&CK, PTES). Strong understanding of web application, cloud, and infrastructure security vulnerabilities. Experience with security tools such as Burp Suite, OWASP ZAP, Metasploit, Kali Linux. Familiarity with secure coding principles, threat modeling, and adversary simulation. Professional Certifications (please mention if the certification is preferred or mandatory for the role): PreferredOSCP, OSWE, OSWA, eWPTX, GWAPT, GXPN PreferredCISSP Preferred Qualifications: Soft Skills: Excellent analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Ability to manage multiple priorities successfully Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills What you can expect of us As we work to develop treatments that take care of others, we also work to care for your professional and personal growth and well-being. From our competitive benefits to our collaborative culture, we’ll support your journey every step of the way. In addition to the base salary, Amgen offers competitive and comprehensive Total Rewards Plans that are aligned with local industry standards. Apply now and make a lasting impact with the Amgen team. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

ABOUT AMGEN Amgen harnesses the best of biology and technology to fight the world’s toughest diseases, and make people’s lives easier, fuller and longer. We discover, develop, manufacture and deliver innovative medicines to help millions of patients. Amgen helped establish the biotechnology industry more than 40 years ago and remains on the cutting-edge of innovation, using technology and human genetic data to push beyond what’s known today. ABOUT THE ROLE Role Description This role has a strong focus on ensuring the organization's infrastructure, applications, and systems are secure from external and internal threats . T his role is responsible for conducting authorized security tests on IT infrastructure to evaluate the strength of its systems against potential cyberattacks. A variety of automated tools and manual techniques are leveraged to simulate real-world attacks. The penetration tester then works with the organization to prioritize , remediate and report on identified issues, strengthening the overall security posture. Roles & Responsibilities Perform security testing (e.g., penetration testing, code reviews) and ensure continuous security monitoring across the organization’s IT landscape. Identify vulnerabilities in networks, systems, applications, and infrastructure through hands-on penetration testing. Attempt to exploit discovered vulnerabilities to demonstrate their impact and prove their existence (e.g., retrieving sensitive data, elevating user privileges, or gaining access to admin functionality). Perform assessments on web applications, cloud environments, and network infrastructure. Use automated tools and manual techniques to identify security weaknesses. Conduct advanced post-exploitation tasks to simulate real-world attack scenarios. Work with third-party security vendors for audits, product testing, and external assessments when required . Use automated tools (e.g., Burp Suite, OWASP ZAP, or Acunetix ) to identify common vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others. Document identified vulnerabilities in detail, explaining how they were found, their severity, and their potential impact. Include proof-of-concept (PoC) for critical vulnerabilities. Offer actionable, practical solutions for fixing the vulnerabilities , such as secure coding practices, configuration changes, or security controls. Use risk-based prioritization, categorizing issues by their severity and business impact (e.g., high, medium, low) to help the organization focus on the most critical issues. Continuously learn about the latest vulnerabilities, exploits, and security trends. Present the findings to stakeholders, security teams, and management, explaining the business risk and potential impacts of the vulnerabilities discovered. Familiarity with industry standards and compliance requirements (e.g., PCI-DSS, NIST, ISO 27001) and their relevance to penetration testing. Basic Qualifications and Experience Master’s degree with a 1 - 2 years of experience in Computer Science, Cybersecurity or Information Systems related field OR Bachelor’s degree with 2 - 4 years of experience in Computer Science, Cybersecurity or Information Systems related field OR Diploma with 4 - 6 years of experience in Computer Science, Cybersecurity or Information Systems related field Functional Skills: Must-Have Skills: Strong knowledge of common vulnerabilities (e.g., OWASP Top 10, SANS Top 25), network protocols, encryption standards, application security and common penetration testing method ologies (ISSAF, OSSTMM, PTES) . Familiarity with tools like Burp Suite, OWASP ZAP and Metasploit. A deep understanding of web application architecture, databases, and authentication mechanisms. Ability to think critically and creatively when testing and attempting to exploit vulnerabilities. Good-to-Have Skills: Experience with threat intelligence and incorporating emerging threats into penetration testing practices Proficiency in scripting and automation (e.g., Python, Bash) is a plus Professional Certifications Preferred eJPT , eCPPT , eWPT , OSCP, OSWA , GWAPT Soft Skills: Strong analytical and troubleshooting skills Strong verbal and written communication skills Ability to work effectively with global, virtual teams High degree of initiative and self-motivation Team oriented, with a focus on achieving team goals Strong presentation and public speaking skills EQUAL OPPORTUNITY STATEMENT Amgen is an Equal Opportunity employer and will consider you without regard to your race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status. We will ensure that individuals with disabilities are provided with reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request an accommodation . Apply now for a career that defies imagination Objects in your future are closer than they appear. Join us. careers.amgen.com As an organization dedicated to improving the quality of life for people around the world, Amgen fosters an inclusive environment of diverse, ethical, committed and highly accomplished people who respect each other and live the Amgen values to continue advancing science to serve patients. Together, we compete in the fight against serious disease. Amgen is an Equal Opportunity employer and will consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other basis protected by applicable law. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.