763 Nessus Jobs - Page 10

Profile - Pen Tester Experience required - 2+ years Location - Dubai We are seeking a experienced VAPT Tester with over 2+ years of hands-on experience in conducting vulnerability assessments and penetration tests across network, web, and mobile platforms. The ideal candidate will have a deep understanding of the latest security threats, vulnerabilities, and mitigation techniques. Key Responsibilities: 1. Vulnerability Assessment: Conduct regular vulnerability assessments on network infrastructure, web applications, and mobile apps. Use a variety of automated tools and manual techniques to identify vulnerabilities. Prioritize vulnerabilities based on risk and potential impact. 2. Penetration Testing: Simulate cyber-attacks on network infrastructure, web applications, and mobile apps to identify security weaknesses. Develop custom scripts and payloads to test the resilience of systems. Document findings and provide recommendations for mitigation. 3. Reporting: Prepare detailed reports on findings, risks, and recommended solutions. Present findings to technical and non-technical stakeholders. 4. Research Development: Stay updated with the latest cybersecurity trends, vulnerabilities, and threats. Test and evaluate new security tools and technologies. Contribute to the organization's knowledge base by documenting new vulnerabilities and attack techniques. 5. Collaboration: Work closely with the development and IT teams to ensure secure coding practices are followed. Assist in security awareness training for staff and stakeholders. Qualifications Bachelor's degree in Computer Science, Information Technology, or a related field. Minimum of 2 years of experience in VAPT with a focus on network, web, and mobile platforms. Certifications such as eJPTx, CEH, OSWE, OSCP, GWAPT, or equivalent are preferred. Proficiency in using security tools like Burp Suite, Metasploit, Nessus, Wireshark, etc and Kali Linux. Strong knowledge of web application vulnerabilities (OWASP Top 10) and mitigation techniques. Familiarity with mobile application security testing for both Android and iOS platforms. Experience with cloud platforms and their security considerations is a plus. Skills: Strong analytical and problem-solving skills. Excellent communication and report-writing skills. Ability to work independently and as part of a team. Ethical mindset with a high level of integrity and professionalism. Additional Information we recommend focusing on the following topics: 1. VAPT (Vulnerability Assessment and Penetration Testing) Basics 2. Network Security 3. Mobile Application Security 4. Web Application Security Please ensure you are well-versed in these areas to demonstrate your skills effectively during the interview. Interested candidate can share their resume on recruitment@safeaeon.com

Location: India- Pune (Amdocs Site) In one sentence Secures enterprise information by developing, implementing, and enforcing security controls, safeguards, policies, and procedures. All you need is... Bachelor’s degree in computer science, Information Security, or related field (or equivalent experience). 3+ years of hands-on experience in information security, with a focus on threat detection, penetration testing, and AI-driven security solutions. Demonstrated experience working in financial or SaaS security environments (e.g., PCI DSS, SOC 2, ISO 27001). Advanced knowledge of networking protocols, encryption, firewalls, IDS/IPS, and VPNs. Strong experience with cloud platforms (AWS, GCP, or Azure), including security configurations, monitoring, and automation. Hands-on experience with security tools such as EDR, SIEM (Splunk, ElasticSearch, etc.), vulnerability scanners (Nessus, Qualys), and threat intelligence platforms. Practical experience in penetration testing (e.g., OWASP Top 10, API testing) and red teaming. Expertise in scripting languages (Python, PowerShell) and automation tools. Security Certifications: CEH (Certified Ethical Hacker), CISSP, CISA, or equivalent certifications (required). Additional certifications in cloud security (AWS Certified Security Specialty, etc.) or AI/ML for security (optional but preferred). What will your job look like? Proactively monitor and assess emerging threats using advanced AI-driven tools. Analyze identified threats and develop effective remediation plans to minimize risk to critical systems and data. Lead proactive threat hunts leveraging AI, machine learning models, and automation tools. Identify Indicators of Compromise (IOCs) and detect patterns to anticipate future attacks. Perform advanced penetration testing exercises to identify vulnerabilities, misconfigurations, and weaknesses in systems. Collaborate in purple team exercises to validate security measures and improve resilience. Participate in risk assessments, ensuring compliance with financial industry regulations (e.g., PCI DSS, SOC 2) and internal security policies. Provide guidance on mitigating risks through the integration of AI-based security solutions. Lead the investigation and response to security incidents. Utilize machine learning and EDR tools to perform in-depth analysis of malware, root causes, and attack methodologies. Conduct continuous monitoring using SIEM (Security Information and Event Management), AI-driven anomaly detection systems, and advanced analytics tools to detect and respond to security events. Collaborate with SecDevOps and Engineering teams to automate security controls, incident responses, and vulnerability management using AI and advanced scripting (Python, PowerShell). Work closely with teams across the organization to integrate security at every stage of development (DevSecOps), ensuring secure cloud infrastructure, services, and APIs. Deep involvement in securing public cloud environments (AWS, Azure, GCP), leveraging AI tools to detect misconfigurations, vulnerabilities, and unauthorized access attempts. Support penetration testing efforts, identifying vulnerabilities within cloud and on-premise infrastructure. Lead and contribute to purple team engagements to test and improve defensive capabilities. Stay current with the latest AI, machine learning, and cybersecurity trends. Actively research emerging threats and innovative tools to protect the organization’s assets. Evaluate and implement third-party security tools, AI-based solutions, and threat intelligence platforms to enhance security posture and detection capabilities. Use AI and behavioral analytics to proactively detect threats that evade traditional security solutions. Develop custom threat detection algorithms where needed. Leverage threat intelligence feeds, machine learning models, and threat-hunting tools to proactively identify and mitigate risks from advanced persistent threats (APTs).

Who Are We: At SecureLayer7, we aim to solve challenging cybersecurity problems and hurdles faced by organizations. We bring bright minds together to provide a smooth experience in cybersecurity and achieve our vision of making organizations secure from cyber-attacks. Our skilled pen testers and security engineers work on projects ranging from cryptocurrency exchanges to IoT devices. SecureLayer7 is also the parent company of cybersecurity products, namely Sensfrx and BugDazz. About the Role: We are seeking a highly skilled Cybersecurity Expert with over 5 years of hands-on experience in offensive security assessments. The ideal candidate will hold elite certifications such as OSCP, CREST, and have published CVE(s). You should possess deep technical knowledge and practical expertise across Web, Mobile, Source Code (SAST), and Thick Client application testing. Key Responsibilities: Lead and manage end-to-end security assessments for web, mobile (iOS/Android), API, and thick client applications. Conduct manual and automated VAPT using industry-standard tools and methodologies. Drive secure development lifecycle (SDLC) practices, including threat modelling, secure code review, and remediation planning. Design and review secure architectures for enterprise applications and network systems. Perform configuration reviews for firewalls, routers, and operating systems (Linux/Windows). Manage and deliver internal and external application security audits (PCI DSS, HIPAA, ISO 27001). Collaborate with cross-functional teams (development, QA, DevOps) to embed security best practices. Lead red team exercises and simulate attack scenarios to identify exploitable gaps. Own client engagement, project planning, delivery, and post-assessment remediation support. Mentor junior security analysts and contribute to internal knowledge-sharing initiatives. Key Requirements: 5 + years of experience in cybersecurity with a strong focus on application security. Proven expertise in: Vulnerability Assessment & Penetration Testing (VAPT) Source Code Review Red Team Exercises Threat Modelling Secure Architecture Reviews Proficiency in using tools like Burp Suite, OWASP ZAP, Nmap, Metasploit, Nessus, etc. Sound knowledge of secure coding practices across various programming languages. Experience managing client projects across BFSI, telecom, and government sectors. Strong communication and reporting skills for both technical and business stakeholders. Preferred Qualifications & Certifications: Bachelor’s or Master’s degree in Computer Science, Information Security, or related field.

About the role: We are seeking a hands-on Security & Compliance Lead to own and execute end-to-end security audits and compliance initiatives across applications, infrastructure, and organizational processes. This role ensures systems, applications, and business operations are secure, compliant, and aligned with both internal policies and regulatory requirements (e.g., RBI, ISO 27001, SOC 2 Type II). Responsibilities: Conduct technical assessments (e.g., VRA, security checklists) required by new BFSI clients. Analyse and complete detailed cloud infrastructure security and compliance questionnaires. Assist in mapping customer security and regulatory requirements (e.g., ISO 27001, RBI, SOC 2 type II) to internal controls. Maintain documentation and templates for commonly requested BFSI assessment artifacts. Manage and complete security questionnaires from clients, vendors, and partners. Evaluate vendor security and compliance by reviewing their responses and supporting documentation. Identify security risks within the company’s IT infrastructure, applications and services. Ensure compliance with security standards such as ISO 27001, GDPR, SOC 2, or any other relevant frameworks. Work with internal teams to maintain compliance with legal and regulatory requirements. Collaborate with the IT security, legal, and procurement teams to address concerns identified in the security assessments. Develop and maintain internal security policies and procedures related to vendor assessments and third-party risk management. Prepare detailed reports summarizing findings from security assessments and risk analysis. Provide recommendations to improve security measures and compliance. Educate internal staff and external partners about security best practices and compliance requirements Support pre-sales and onboarding teams with timely delivery of assessment documentation. Stay updated with AWS best practices, shared responsibility model, and emerging cloud security trends. Good to Have: Bachelor’s degree in computer science, Information Security, Data Science, or a related field 5+ years of experience working with Audit/compliance, application security assessments, AWS cloud security preferably BFSI domain 2+ yrs. of experience on AWS cloud security and risk assessments. Strong exposure to AWS cloud infrastructure (Guard Duty, security hub, inspector, Firewall, IAM, EC2, VPC, S3, Security Groups, etc.). Familiarity with secure coding practices, vulnerability management, and threat modelling. Experience with VRA templates, cloud security checklists, and assessment responses for enterprise or regulated clients. Familiarity with information security standards such as ISO 27001, SOC 2, RBI cybersecurity framework. Strong understanding of data protection, encryptions methodologies Ability to interpret and explain security configurations and policies in layman's terms. Experience with security controls, vulnerability scanning tools (e.g., Nessus, wire shark), or SIEM. Exposure with security tools such as network firewall, IPS/IDS is plus

Role Description Job Title: Senior Threat Hunter & VAPT Specialist – SIEM/EDR Tools Location: [Trivandrum] Experience Required: 5+ Years Department: Cybersecurity / Information Security Employment Type: Full-Time Role Overview We are seeking a versatile and experienced Cybersecurity Professional to join our team as a Threat Hunter and VAPT Analyst . In this dual-capacity role, you will proactively identify and mitigate emerging cyber threats, perform in-depth vulnerability assessments, and help protect critical infrastructure and data assets. This role requires a blend of advanced technical expertise , analytical mindset , and strong collaboration with SOC and incident response teams. Key Responsibilities Threat Hunting Proactively hunt for undetected threats across networks, systems, and endpoints using behavioral analysis and threat intelligence. Identify Tactics, Techniques, and Procedures (TTPs) and anomalies to detect potential threats or APT activities. Leverage threat intelligence feeds and the MITRE ATT&CK framework to build and validate detection use cases. Collaborate with SOC teams to enhance detection rules and reduce false positives. Conduct forensic investigations and perform root cause analysis on incidents and suspicious behaviors. Develop custom scripts and queries (Python, PowerShell, Bash) for automating hunting activities in EDR, SIEM, and XDR platforms. Document and share threat hunting reports, IOCs, and actionable recommendations with relevant stakeholders. Vulnerability Assessment & Penetration Testing (VAPT) Conduct vulnerability assessments and penetration tests on systems, applications, networks, and APIs. Analyze vulnerabilities, assess risks, and deliver detailed, actionable reports to technical teams. Use a combination of automated tools (e.g., Nessus, Burp Suite, Nmap, Metasploit) and manual techniques to identify security flaws. Ensure all assessments adhere to internal policies and regulatory standards. Perform periodic and ad-hoc security assessments for web applications, databases, wireless, and cloud environments. Collaborate with IT teams to validate remediations through re-testing and follow-ups. Stay current on emerging vulnerabilities, exploit techniques, and threat actor tactics. Qualifications & Skills Bachelor’s degree in Computer Science, Information Security, or a related discipline. 5+ years of experience in a cybersecurity role with hands-on work in threat hunting and VAPT. Strong expertise in VAPT tools and methodologies: Nessus, Burp Suite, Nmap, Metasploit, OWASP Top 10. Experience with SIEMs, EDR platforms, and threat intelligence tools. Working knowledge of the MITRE ATT&CK framework. Proficient in scripting languages such as Python, PowerShell, or Bash. Excellent analytical, investigative, and report-writing skills. Strong communication and stakeholder engagement abilities. Preferred Certifications OSCP – Offensive Security Certified Professional CEH – Certified Ethical Hacker GIAC – GCIH, GPEN, GWAPT CISSP – Certified Information Systems Security Professional CESM or other equivalent cybersecurity credentials Skills Soc,TTP,Troubleshooting

Job Description The Application Security Testing Manager will be responsible for leading a team of security testers and ensuring the security and integrity of software applications within G&B. This role involves planning, executing, and overseeing security assessments, identifying vulnerabilities, and driving their remediation. Qualification Details Essential Qualification: Bachelors or Masters degree in computer science, cybersecurity, or a related field. Excellent communication skills. Strong problem-solving and analytical abilities. Preferred Qualification: same as above Experience Details Essential Experience: Proven experience (typically 5+ years) in application security testing and vulnerability assessment. Familiarity with security testing tools such as Burp Suite, OWASP ZAP, Nessus, and others. Proficiency in programming and scripting languages (e.g., Python, Java) for security testing and automation. Strong understanding of software development lifecycles and secure coding practices. Experience with security standards, frameworks, such as OWASP Preferred Experience: same as above Special Skill Excellent communication skills. Strong problem-solving and analytical abilities.

The healthcare industry is the next great frontier of opportunity for software development, and Health Catalyst is one of the most dynamic and influential companies in this space. We are working on solving national-level healthcare problems, and this is your chance to improve the lives of millions of people, including your family and friends. Health Catalyst is a fast-growing company that values smart, hardworking, and humble individuals. Each product team is a small, mission-critical team focused on developing innovative tools to support Catalyst’s mission to improve healthcare performance, cost, and quality. Job Summary/Responsibilities Participate in the entire development lifecycle, from planning through implementation, security, testing, and deployment, all the way to production. Own the ideal pipeline blueprint that developers will base new applications on Own upgrades, manage systems integrations and guide tool selection. Build tools that help engineers rapidly develop new applications and have confidence that their changes will work flawlessly in production. Learn our stack inside and out, and triage cross-cutting issues in our environment. Experienced in Linux platform and shell scripting. Should be able to troubleshoot and perform installation of opensource toolsets in Linux OS. Familiar with CI/CD tools sets like Bitbucket, Jenkins and release process. Familiar with docker containers and deployment with Kubernetes. Qualification/Education Requirements Bachelor’s degree in Computer Science or equivalent. 3+ years of experience in DevOps Engineering. Public Cloud experience on AWS is a must. Experience with continuous integration platforms such as Jenkins, CodeBuild, Gitlab, etc. AWS certification is plus. Requirements Close involvement with developer communities and open-source web technologies. Strong sense of ownership and passion for engineering great products with stellar user experiences. Good background building fully automated CI/CD pipelines. Good DevOps experience, with significant time spent with web services. Experience working on various AWS services such as EKS, CloudFront, Lambda Functions etc. Experience working with Kubernetes Familiarity with agile methodology. Experience with Security and performance tools would be a plus. Key Competencies/Skills Ability to visualize automation in CI/CD. Hands-on experience on containerization platforms such as Docker, Kubernetes, EKS, ECS etc. Good programming skills with scripting languages such as Python, NodeJS, Shell Ability to learn and adapt to new technology. Good knowledge of Continuous Integration environment (i.e., Test and build systems such as CodeBuild, Jenkins, Maven, Ant) Code Quality performance tools integration with build pipelines. (SonarQube, Nessus, Qualys etc) Experience in Linux system administration Ability to follow documented specifications and plans with minimal supervision. Good verbal and written communication skills Good understanding on software development life cycle (analysis, design, coding, testing etc.,) Good experience writing Infrastructure as a Code (IaaC) – Terraform scripts

The IBM Cloud Object Storage team is seeking an experienced Security Developer As a Security developer, you will be part of a highly focused, self-managed team that designs, develops and tests secure solutions created for IBM Cloud Object Storage workloads. Responsible for all aspects of security and compliance activities. Provide feedback to architects regarding any issues that can cause any security and complinace Gaps. Manage projects with various priority levels and timelines from start to finish. Demonstrate best practices in all aspects of administration. Leverage various security tools to secure the offerings and make sure offering is adhered to the best security and compliance priniciples. Continuously stay abreast of new security and complinace guidelines to ensure more secure offering. Must collaborate with other departments to resolve complex issues and be detail oriented. Ability to automate security and complinace solutions to repetitive problems/tasks. Required education Bachelor's Degree Required technical and professional expertise Upto 8+ Years of working experience with Security and Compliance activities Programming Skills: Python Shell Scripting Other Skills: In depth Knowledge of end to end Security and Complinace activities such as Threat Models, Security Privacy by Design. Knowledge of Security scanning tools such as Nessus scanner, SonarQube, NMap. In depth Security concepts (Includes deep understanding of identity mgmt/authentication, authorization, firewall, auditing, secure communication, managing certificates, password management) Excellent presentation and soft skills Security Domain ExpertizeUnderstand of cryptographic key management and it's lifecycle and also security architecture. In depth knowledge of Hardware Security Modules, PKCS #11 APIs, Trusted Execution Environments, Quantum Safe Algorithms Strong English communication skills both written and verbal Preferred technical and professional experience General understanding of private /public / hybrid cloud concepts In depth understanding of HW servers and server components General understanding of open source projects; experience with open source community contribution can be an added advantage Indepth Security concepts and hands on experience on Certificate management/authentication, authorization, firewall, auditing, secure communication, password management)

Vulnerability Identification & Assessment: Manage and oversee vulnerability scanning tools (Qualys, Tenable, Rapid7, etc.). Analyze vulnerability data from multiple sources and assess the impact on business operations. Perform risk assessments and categorize vulnerabilities based on severity and exploitability. Remediation & Risk Mitigation:Collaborate with IT and development teams to ensure timely remediation of identified vulnerabilities. Prioritize vulnerabilities based on risk to the business and potential exploitability. Track remediation efforts and ensure proper closure of security gaps. Process & Policy Development:Define and maintain vulnerability management policies, standards, and procedures. Establish workflows for vulnerability detection, reporting, remediation, and validation. Ensure compliance with security frameworks such as NIST, CIS, ISO 27001, and regulatory standards like GDPR, HIPAA, and PCI-DSS. Security Monitoring & Threat Intelligence Integration:Work with threat intelligence teams to understand emerging threats and vulnerabilities. Ensure vulnerability management aligns with incident response and threat-hunting processes. Continuously enhance detection mechanisms to improve vulnerability discovery and response. Compliance & Audit Readiness:Ensure that vulnerability management practices align with regulatory and compliance requirements. Maintain records of assessments, remediation efforts, and compliance reports for audits. Support internal and external audits related to vulnerability management. Reporting & Metrics: Develop and present vulnerability status reports to security leadership and executive teams. Track key performance indicators (KPIs) related to vulnerability remediation SLAs and risk reduction Provide insights on security posture improvements based on trend analysis. Security Awareness & Collaboration:Conduct training sessions to educate teams on vulnerability risks and remediation best practices. Work closely with DevSecOps, SOC, and infrastructure teams to integrate security best practices into the development lifecycle Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Vulnerability Management Preferred technical and professional experience Qualys

About PhonePe Group: PhonePe is India’s leading digital payments company with 50 crore (500 Million) registered users and 3.7 crore (37 Million) merchants covering over 99% of the postal codes across India. On the back of its leadership in digital payments, PhonePe has expanded into financial services (Insurance, Mutual Funds, Stock Broking, and Lending) as well as adjacent tech-enabled businesses such as Pincode for hyperlocal shopping and Indus App Store which is India's first localized App Store. The PhonePe Group is a portfolio of businesses aligned with the company's vision to offer every Indian an equal opportunity to accelerate their progress by unlocking the flow of money and access to services. Culture At PhonePe, we take extra care to make sure you give your best at work, Everyday! And creating the right environment for you is just one of the things we do. We empower people and trust them to do the right thing. Here, you own your work from start to finish, right from day one. Being enthusiastic about tech is a big part of being at PhonePe. If you like building technology that impacts millions, ideating with some of the best minds in the country and executing on your dreams with purpose and speed, join us! Information Security Engineer Objectives of this Role:  Drive secure system configuration standards (E.g. CIS Benchmarks) implementation and vulnerability management efforts across the enterprise. Primarily in Linuxenvironments  Evaluate and drive implementation of new Information security processes, tools and technologies  Own the implemented solutions end-to-end, right from inception to deployment and monitoring to regular upkeep  Liaise with cross functional teams to increase adoption of Information security standards  Provide security event correlation use cases and logic to generate SIEM alerts  Follow-up and close Information Security incidents/exceptions  Measure and increase efficacy of Information Security initiatives  Bring a DevSecOps mindset to implementations Skills And Qualifications  3+ years’ experience in Information security operations in a Linux heavy environment  Experience with IDS/IPS systems like OSSEC, Wazhu, Suricata, Snort etc.  Experience with Elastic and Kibana  Experience with Vulnerability and Configuration Assessment and Management standards, tools/technologies like – CIS Benchmarks, CVE, OVAL, OpenVAS, Nessus, Qualys etc.  Experience with opensource Identity Management with products like Apache Syncope, OpenIAM, Gluu etc.  Hands-on experience with common Security tools in Linux  Experience with SaltStack (or any other Infrastructure as code tools)  Proficient in at least two of these languages: Python/Go/Java/Perl  Good in basic data structures/algorithms  Hands on experience on web scale production setup  Awareness of cloud technologies, networking fundamentals, Mesos, KVM/QEMU, NodeJS/React will be good to have  Ability to manage small teams PhonePe Full Time Employee Benefits (Not applicable for Intern or Contract Roles) Insurance Benefits - Medical Insurance, Critical Illness Insurance, Accidental Insurance, Life Insurance Wellness Program - Employee Assistance Program, Onsite Medical Center, Emergency Support System Parental Support - Maternity Benefit, Paternity Benefit Program, Adoption Assistance Program, Day-care Support Program Mobility Benefits - Relocation benefits, Transfer Support Policy, Travel Policy Retirement Benefits - Employee PF Contribution, Flexible PF Contribution, Gratuity, NPS, Leave Encashment Other Benefits - Higher Education Assistance, Car Lease, Salary Advance Policy Working at PhonePe is a rewarding experience! Great people, a work environment that thrives on creativity, the opportunity to take on roles beyond a defined job description are just some of the reasons you should work with us. Read more about PhonePe on our blog. Life at PhonePe PhonePe in the news

About the Role We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies Key Responsibilities Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises. Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews. Perform manual security assessments for web applications, APIs, and client-server applications. Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration. Develop and execute custom attack payloads using tools and scripts. Assess physical security controls and implement social engineering assessments when required. Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell. Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit. Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements. Basic Qualifications Education: BE/B. Tech/ MCA/ M. Sc. (IT/Computers) Experience: Required: 2 - 5 years. Excellent communication and collaboration skills. Preferred Qualifications Preferred Certifications: OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO. Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API). 2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains. Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM. Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc. Basic ability to write automation scripts (Bash or Python). Understanding of threat modeling and secure coding practices. Strong understanding of TTPs, threat modeling, and secure coding practices. Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.

Job Description: We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

Job Title: ISMS (Information Security Management System) Location: Airoli, Navi Mumbai Key Responsibilities: ISMS Implementation & Management: Develop, implement, and maintain the ISMS framework, including policies, procedures, and guidelines based on ISO 27001 and other relevant standards. Conduct regular risk assessments to identify vulnerabilities and recommend appropriate controls to mitigate information security risks. Coordinate with other departments to ensure adherence to ISMS protocols and align information security with business goals. 2. Compliance & Audits: Ensure the organization complies with regulatory requirements related information security, privacy, and data protection. Lead internal and external audits to assess the effectiveness of the ISMS, manage audit processes, and work towards continuous improvement. 3. Documentation & Reporting: Maintain comprehensive documentation for all ISMS processes, policies, controls, and audit activities. Prepare reports for senior management, detailing the effectiveness of the ISMS and recommending improvements. 4. Continuous Improvement: Monitor industry best practices and emerging security trends to enhance the organizations security posture. Recommend improvements to the ISMS based on audit findings, risk assessments, and new business requirements. 5. Desired Traits: Proactive and self-driven. Ability to work independently as well as part of a team. Strong collaboration and interpersonal skills to engage with stakeholders at all levels. Regards, Yugant Mirajkar Human Resources Kiya.ai

Category: Infrastructure/Cloud Main location: India, Tamil Nadu, Chennai Position ID: J0625-1351 Employment Type: Full Time Position Description: Responsibilities Direct Responsibilities Operate the log collection platforms: Monitoring of performance and capacity Monitoring of log collection coverage of various sources Update and patching of all components of the collection environment. Working with IT Production teams in case of Incidents to ensure the continuous delivery of log data Monitoring of the pipelines sending log data to the SIEM environments Alignment with Asset Management teams to keep logging baseline up to date. Build and regular update of operational KPI’s Contributing Responsibilities Support CSIRT team in investigations in case local log data is needed Technical & Behavioral Competencies Technical Skills Proven expertise of all components of the Elastic stack – Kafka, Elastic search, Log stash Expertise in Linux server administration and load balancer Familiarity with security tools and technologies such as SIEM, IDS / IPS, firewalls and antivirus systems. Ability to interpret and analyze logs generated by various systems, applications, and devices to detect. anomalies, security incidents, and unauthorized activities. Familiarity with incident response procedures and methodologies. Proficiency in using vulnerability scanning tools such as Nessus, Qualys, or OpenVAS to identify and prioritize security vulnerabilities in systems and networks. Proficiency in deploying, configuring, and managing IDS/IPS solutions to detect and prevent intrusion. and malicious activities on networks. Specific Qualifications (if required) Skills Referential Behavioural Skills: (Please select up to 4 skills) Attention to detail / rigor Ability to collaborate / Teamwork Ability to deliver / Results driven Client focused Transversal Skills: (Please select up to 5 skills) Analytical Ability Ability to develop and adapt a process Ability to understand, explain and support change Ability to set up relevant performance indicators Ability to develop and adapt a process Education Level: Bachelor Degree or equivalent Experience Level At least 5 years Other/Specific Qualifications (if required) Certification like CEH, CompTIA Security+, CISSP could be added advantage Skills: Linux Nessus What you can expect from us: Together, as owners, let’s turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you’ll reach your full potential because… You are invited to be an owner from day 1 as we work together to bring our Dream to life. That’s why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company’s strategy and direction. Your work creates value. You’ll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You’ll shape your career by joining a company built to grow and last. You’ll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team—one of the largest IT and business consulting services firms in the world.

What are we looking for We are seeking a highly skilled and strategic Security Architect to join our team. This role is crucial in defining and driving our security roadmap, designing robust security solutions across on-premises and cloud environments, and ensuring the continuous enhancement of our security posture to meet evolving threats and business requirements. Key Responsibilities: Collaborate with Information Security and IT Leadership to define the security roadmap and drive strategic initiatives. Design, engineer, and implement security solutions that adhere to a defense-in-depth strategy while meeting business requirements and processes. Periodically review existing security solutions to identify opportunities for improvement, enhancing security capabilities and adding value to the enterprise. Assist in designing security elements for on-premises compute, storage, and network infrastructure services. Contribute to the design of security elements for cloud infrastructure and platform services within Microsoft Azure. Work with the Information Security department to design technical security controls that enforce security policies. Support project managers during project planning and execution phases, creating comprehensive documentation for handover to operations teams. Provide regular updates on project tasks and non-project assignments. Support the Security Operations team in investigating major security incidents. Deliver Level 4 (L4) technical support for escalated major incidents and security incidents to restore production services. Stay current on emerging threats, security trends, and risk mitigation strategies, providing recommendations to the Security Operations team as needed. Create detailed Technical Design Documents and other required documentation. Train Security Operations team members on new security solutions relevant to their roles. Collaborate effectively with multi-cultural teams across different time zones. Required Skills & Qualifications: Bachelor's degree in information systems or equivalent. Proven experience architecting and designing security solutions in on-premises enterprise environments that provide technical controls to meet security policy requirements. Demonstrated experience securing Microsoft Azure cloud infrastructure and platform services. Experience with log analytics solutions such as Splunk or Azure Log Analytics . Expertise in securing enterprise and globally distributed networks, including firewalls, IDS/IPS, DDoS protections, encryption tools/protocols, and privilege access management systems. Familiarity with vulnerability management systems such as Rapid7 or Nessus . Knowledge of data in-transit and data-at-rest encryption solutions and key management solutions. Understanding of advanced endpoint protection solutions for zero-day defense against threats. Strong consultative and problem-solving skills at a cross-functional level. Ability to quickly learn, self-start, and work both independently and as part of a team. Excellent verbal and written communication skills. Current security certifications (e.g., CISSP, CISM, CCSP ) are highly desired.

SENIOR EXPERT ENGINEER role for the Vulnerability Management Services team. Designation Senior Expert Engineer Location Mumbai ( Onsite) Experience 5 to 8 years Here are the Job Responsibilities Execute vulnerability scanning and manage VM programs for clients Complete the projects within budgeted efforts and agreed timelines with high quality deliverables - Perform vulnerability scanning using different scanning solutions including SAINT, Nessus, Tenable.io, Tenable.sc, Qualys, etc. - Gain good understanding of client network architecture and infrastructure to be scanned - Be involved in threat identification, vulnerability identification and control analysis - Develop customized reports and dashboards as per client expectations - Be proactive in project planning and execution - Perform likelihood determination, impact analysis and risk determination - Showcase prioritization of risks including solution recommendation and documentation - Identify and infer the business risk posed by the weaknesses identified during the assessments - Engage with both business and technical teams within and outside the organization from a project scope definition, project execution, project closure perspectives Skills required 5+ year of experience in Vulnerability Scanning - Expertise in Vulnerability Scanning tools such as Qualys, Tenable, Rapid7, etc. - Experience with understanding and explaining vulnerabilities to stakeholders - Good knowledge of various platforms such as Windows, Linux, Unix, Mac OS, Cisco, Juniper, etc. - Insights on standards such as PCIDSS, CIS Benchmarks, etc. - Flexible in working on challenging activities and creative in problem solving - Good communication and writing skills with ability to talk fluently

Responsibilities First line review of all incoming cases to the Trust Office in Salesforce. Validate each case for accuracy and prepare for pickup. Responding to requests for information from internal sales teams regarding compliance and security matters for customers and prospects. Prepare and distribute weekly reporting from Salesforce Prepare and send Security and Trust assurance packet (STAP) to customers and prospects. Additional responsibilities and tasks as required and assigned Basic Qualifications Self-starter with excellent communication, collaborative, and presentation skills Minimum of 2 years of relevant experience in computer science, cyber security, governance risk and compliance, or related domains Experience with security control frameworks (e.g. SSAE16, ISO27001, NIST, PCI, SIG, CSA, HIPAA, HITRUST, FedRamp) Experience with Salesforce and Google workspace applications. Professional communicator in both verbal and written English Understanding of compliance and cyber security implications for business Experience with SaaS and cloud solutions environments Experience working with cross functional teams Strong analytical and communication skills Strong attention to detail, excellent organizational skills, and superior time management skills A very strong passion to learn and continuously improve A willingness to contribute to team discussions and challenge views Preferred Qualifications Degree qualified or higher in a relevant field or equivalent work experience Experience working with external customers regarding their compliance assessments and controls Independently driven, resourceful, and able to deliver results with minimal oversight; Strong sense of ownership, urgency, and drive Strong business acumen with the ability to engage with technical teams to present assessment results, risks and to participate in discussions around acceptable and compensating controls Experience working hands-on with cross-functional teams in assessing processes, risks and controls

Job Title: Cyber Security Specialist Location: Ambernath, India Job Type: Full-Time Reporting : CISO, Global IT Governance About Polypeptide Group: PolyPeptide Group AG and its consolidated subsidiaries (“PolyPeptide”) is a specialized Contract Development & Manufacturing Organization (CDMO) for peptide- and oligonucleotide-based active pharmaceutical ingredients. By supporting its customers mainly in pharma and biotech, it contributes to the health of millions of patients across the world. PolyPeptide serves a fast-growing market, offering products and services from pre-clinical to commercial stages. Its broad portfolio reflects the opportunities in drug therapies across areas and with a large exposure to metabolic diseases, including GLP-1. Dating back to 1952, PolyPeptide today runs a global network of six GMP-certified facilities in Europe, the U.S. and India. PolyPeptide’s shares (SIX: PPGN) are listed on SIX Swiss Exchange. Position Overview: We are seeking a diligent and detail-oriented Cybersecurity specialist to join our cybersecurity team. This role is focused on executing vulnerability scans, analyzing results, and coordinating mitigation efforts to reduce risk across the organization. The candidate should be hands-on with tools like NMAP/ Zenmap and able to generate insightful visualizations and reports using Power BI . As the rest of the team is located in Europe (Sweden), flexibility in working times, and to be self-driven and efficient is highly rated. Key Responsibilities: Conduct regular vulnerability assessments using tools such as NMAP/Zenmap to identify security weaknesses in systems and applications. Analyze scan results, assess risk severity, and escalate critical findings to appropriate stakeholders for timely action. Collaborate with IT and application teams to ensure effective remediation of identified vulnerabilities and verify implemented fixes. Track and document remediation progress, ensuring closure of findings and proper risk mitigation. Develop and maintain reports and dashboards (preferably using Power BI) to monitor vulnerability trends, risk exposure, and key performance indicators (KPIs). Continuously improve and standardize vulnerability management processes and workflows, ensuring alignment with industry standards. Stay updated on the latest security vulnerabilities, exploits, and remediation techniques, and apply threat intelligence to prioritize risks. Work in coordination with the Security Operations Center (SOC) to address vulnerabilities associated with active threats. Participate in patch management and configuration compliance cycles, following security benchmarks such as CIS, NIST, or ISO 27001. Maintain an accurate and up-to-date asset inventory, ensuring comprehensive coverage in scanning and remediation activities. Contribute to the development of security awareness materials, particularly focused on vulnerability risks and secure practices. Create and maintain relevant documentation, SOPs, and playbooks for vulnerability scanning, triage, and response procedures. Support third-party risk assessments by evaluating external vendors' vulnerability exposure and security posture. Participate in red/blue team exercises and tabletop simulations to evaluate and improve vulnerability response readiness. Assist during audits and assessments, with occasional travel as required. Be available to contribute during U.S. operational hours at regular intervals, supporting cross-time-zone collaboration and incident response as needed. Qualifications & Requirements: Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent hands-on experience). 2–3+ years of experience in vulnerability management, security operations, or related fields. Strong hands-on experience with NMAP/Zenmap for scanning and analysis. Familiarity with vulnerability scoring systems like CVSS. Working knowledge of vulnerability management lifecycle and remediation workflows. Experience generating actionable reports and insights; Power BI experience is a plus. Strong analytical and communication skills. Strong skills in writing and speaking English Preferred Qualifications: Certifications such as CompTIA Security+, CEH, or equivalent are desirable. Experience with additional scanning tools (e.g., Nessus, Qualys) is a plus. Familiarity with security standards and frameworks (e.g., ISO 27001, NIST); NIS2 knowledge is a plus. Why Join Us at Polypeptide Group: Polypeptide Group offers an exciting opportunity to work at the forefront of peptide-based therapeutics, a rapidly growing and innovative segment of the pharmaceutical industry. As a key member of our Global IT Cyber Security and IT Compliance, you will have the opportunity to contribute to a company that is dedicated to the success of its clients and the advancement of peptide science. Join us and be part of a global organization that is shaping the future of life-saving therapies.

Job Description: We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

Introduction At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk. Your Role And Responsibilities Expertise on Endpoint Security as in DLP, AV, EDR/EPP solutions Experience with EDR tools (e.g., SentinelOne, CrowdStrike) and anti-virus/anti-malware solutions. Proficiency in analyzing and mitigating endpoint security threats and managing endpoint protection policies. SIEM and Incident Response: Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel). Strong skills in incident response, threat hunting, and forensic investigation. Access and Identity Management: Familiarity with IAM concepts and tools, including MFA and SSO solutions. Experience with configuring and troubleshooting access control for network and endpoint systems. Automation and Scripting: Basic scripting abilities (e.g., Python, PowerShell) for automating security processes. Excellent analytical and problem-solving skills. Effective communication skills for interacting with team members and stakeholders. Ability to work in a fast-paced environment and handle high-stakes incidents. Certifications (Preferred) CompTIA Security+, Cisco CCNA Security, Certified Ethical Hacker (CEH), or other relevant security certifications. Preferred Education Bachelor's Degree Required Technical And Professional Expertise 10 years of experience in security & infrastructure administration Experience on any Products for Implementation & Operations in SIEM, Nessus, CEH, Qualys guard, Vulnerability Assessment and Penetration Testing, Network Security, Web Application Expertise of handling industry standard risk, governance and security standard methodologies and incident response processes (detection, triage, incident analysis, remediation and reporting). have shown attention to detail and interpersonal skills and expertise to oversee input and develop relevant metrics and Competence with Microsoft Office, e.g. Word, Presentation, Excel, Visio, etc Preferred Technical And Professional Experience Ability to multitask and work independently with minimal direction and maximum accountability. One or more security certifications. (CEH, Security+, GSEC, GCIH, etc).

We are seeking a knowledgeable and passionate Cyber Security Tutor. The ideal candidate will be responsible for delivering high-quality instruction in cyber security concepts, practices, and tools to students across different levels. This role includes curriculum development, hands-on training, mentoring, and preparing students for industry certifications. KEY RESPONSIBILITIES Conduct live or recorded sessions on cybersecurity topics. Design and update course materials, practical labs, and assessments. Train students in tools such as Kali Linux, Wireshark, Metasploit, and similar platforms. Mentor students and assist them in preparing for certifications like CEH, Security+, etc. Assess student performance through assignments and exams. Offer personalized feedback and academic support. Stay informed about current trends, tools, and best practices in the cybersecurity field. CANDIDATE REQUIREMENTS Bachelor’s or Master’s degree in Computer Science, Cyber Security, Information Technology, or a related field. Industry-recognized certifications such as CEH, CompTIA Security+, CISSP, OSCP, CISM, or equivalent. Minimum of 2 years of teaching or professional experience in cybersecurity. Strong background in network security, ethical hacking, penetration testing, incident response, and threat analysis. Hands-on proficiency with tools like Nmap, Burp Suite, Nessus, Metasploit, and other cybersecurity frameworks. Understanding of firewalls, VPNs, IDS/IPS, SIEM systems, and endpoint security. Working knowledge of scripting languages (e.g., Python, Bash, PowerShell) is an added advantage. Job Type: Full-time Pay: From ₹15,000.00 per month Schedule: Day shift Work Location: In person

Join our Team About this opportunity We are now looking for a Security Analyst professional. This job role is responsible for monitoring, coordination, support, management, and execution of reactive maintenance activities to ensure that services provided to customers are continuously available and performing to Service Level Agreement (SLA) performance levels. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What you will do Support the following systems and functions: Security event management on 24*7 shift Monitor incoming event queues for potential security incidents Security incident management, 1st level triaging, issues and RCA Perform initial investigation and triage of potential incidents; and raise or close events as applicable Monitor SOC ticket (or email) queue for potential event reporting from outside entities and individual users Support parsers and rules development for the SIEM Raise incidents to respective team for resolution (within SLA) Identity Access Management Create and track the access to customer environments Process improvements Identify improvements in processes and KPIs Adapt to improvement initiatives Shift handover Maintain SOC shift logs with relevant activity from the shift Document investigation results, ensuring relevant details are passed to Security Engineer for final event analysis Update SOC collaboration tool as necessary Vulnerability scanning and reporting Schedule the vulnerability assessment scan for desired frequency based on agreed plan for nodes in scope Track and provide details of the scan planned/ ongoing/ completed status as and when required Governance Reports Preparation of daily, weekly and monthly reports You will bring Basic knowledge of a Security Information and Event Management System (SIEM), such as McAfee, Splunk, Qradar, etc. Basic knowledge of a vulnerability scanning system such as Nessus, Tripwire, etc. Knowledge of both Linux-based and MS Windows-based systems with technical understanding and skills for analytical problem-solving Knowledge of IP networking Ability to work in shifts The ability to work constructively under pressure Ability to work both in a team as well as individually Knowledge sharing & collaboration skills Customer oriented, service minded Deliver results & meet customer expectations Excellent communication skills, English is a must Key Qualifications: Education: Graduate in Computer Science or similar Minimum years of relevant experience: 3 to 5 years with at least 1 year of experience in IT security ITIL certification, CEH, Security +, CCNA Security or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage

Experience Required: - 6 to 8 Years Location:- Noida Role Overview- We are seeking a skilled and driven Sr. Security Engineer with a strong background in penetration testing (web, mobile, and network) . The ideal candidate will have hands-on experience identifying and exploiting vulnerabilities, preparing technical and compliance reports, and guiding clients or internal teams on remediation and governance. Key Responsibilities- • Conduct penetration testing of web applications, mobile apps (iOS/Android), and internal/external networks. • Perform vulnerability assessments and risk evaluations across client environments. • Create detailed technical and executive reports with prioritized remediation strategies. • Assist in SOC 2 readiness assessments, ISO 27001 implementation, and GDPR compliance checks. • Collaborate with cross-functional teams for remedial activities to improve the security posture. • Stay updated with the latest exploits, tools, and compliance updates. Required Qualifications- • 6-8 years of experience in cybersecurity with a focus on penetration testing and compliance. • Proficiency in tools like Burp Suite, Nmap, Metasploit, Nessus, MobSF, and manual testing techniques. • Strong knowledge of OWASP Top 10, secure coding practices, network protocols, and common attack vectors. • Understanding of SOC 2, ISO 27001, GDPR, and associated implementation or audit processes. Certifications (Preferred)- • CEH (Certified Ethical Hacker) • ISO/IEC 27001 Lead Auditor / Lead Implementer • Other relevant certs: e.g., CompTIA Security+, eWPT, eCPPT, GPEN Nice-to-Have Skills- • Familiarity with DevSecOps pipelines, source code reviews, or CI/CD security integration. • Client-facing consulting experience or report presentation skills. • Cyber Security vibe is a must.

Company Description Coredge is a solutions-focused company leveraging AI, cloud, and other digital technologies to solve complex industry challenges. We enable clients to thrive in the digital era by providing innovative solutions that drive efficiency and growth. Our expertise lies in applying advanced technologies to deliver customized, effective results. At Coredge, we are committed to helping our clients navigate and succeed in an ever-evolving digital landscape. Role Description This is a full-time, on-site role for an Application & a Cloud Security Specialist located in Noida. The both Application & Cloud Security Specialist will be responsible for providing application support, troubleshooting technical issues, and delivering technical support to ensure the security of our cloud infrastructure. Daily tasks include analyzing security measures, identifying vulnerabilities, and implementing security protocols. The specialist will also communicate with internal and external stakeholders to ensure the highest level of security and support for our applications and cloud services. Cloud Security Specialist (4–6 Years) Location: Noida | Reports to: Head/CISO Cyber Security 🎯 Primary Role: Secure and govern cloud infrastructure across AWS, Azure, and GCP, ensuring compliance, risk mitigation, and operational security. 🔍 Key Responsibilities: GRC (50%): Define cloud security policies, conduct risk assessments, ensure compliance (ISO 27001, DPDP, GDPR, HIPAA). Security Operations (35%): Implement IAM, SIEM, WAF, CSPM; respond to incidents; integrate DevSecOps in CI/CD. Reporting (15%): Create dashboards, document architecture, track remediation. 🛠️ Must-Have Skills: Cloud security (AWS/Azure/GCP) DevSecOps, Kubernetes, Docker, Terraform Tools: SIEM, WAF, CSPM, VA/PT (e.g., Nessus, OWASP Zap) 📜 Preferred Certifications: Cloud: CCSP / AWS / Azure / GCP Security Compliance: CISA / ISO 27001 Lead Implementer ✅ Application Security Specialist (6–8 Years) Location: Noida | Reports to: Head/CISO Cyber Security 🎯 Primary Role: Embed security into the SDLC of cloud-native applications, ensuring secure design, development, and compliance. 🔍 Key Responsibilities: AppSec (80%): Lead SSDLC, threat modeling, secure code reviews, CI/CD security (SAST, DAST, SCA), pen testing, vulnerability management. GRC (20%): Ensure app compliance (GDPR, HIPAA, DPDP), support audits, align with ISO 27001, PCI-DSS. 🛠️ Must-Have Skills: Secure coding (Java, Python, Go, JS) DevSecOps, Kubernetes, Docker, Terraform Tools: SonarQube, Burp Suite, Veracode, GitLab CI/CD 📜 Mandatory Certification: CEH / OSCP / GWAPT (any one) 📧 Apply Now: Send your resume to hr@coredge.io #CyberSecurityJobs #ApplicationSecurity #CloudSecurity #NoidaJobs #HiringNow #TechCareers

GE Healthcare Healthcare Science & Technology Organization Category Digital Technology / IT Early Career Job Id R4016905 Relocation Assistance Yes Location Bengaluru, Karnataka, India, 560066 Job Description Summary As a Product Security Analyst, you will be collaborating with development teams to complete security testing and tool development for our GEHC products. You will be responsible for Performing VAPT for thick and thin clients, webservices, embedded devices and cloud. Conducting Compliance/Benchmark assessments using DISA Stigs/CIS Benchmarks .Review, Test and Suggest best practices for Cryptography, PKI (web and non-web perspective). Conducting Source code review and discuss with development teams in mitigating the issues and eliminating false positives. GE Healthcare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world. Job Description Roles and Responsibilities You are a skilled Analyst who enjoys security work and is an expert in systems security, product / OT security and application security. In this role, you will: Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents. Be responsible for providing technical leadership and defining, developing, and evolving security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure. Work with Cyber Security Leaders and SMEs to understand product requirements Translate security requirements / vision into a prioritized list of user stories, completing work according to required timelines and quality standards Assist security champions in completing Threat Modeling and Architecture Risk Analysis on product features Perform Security Code Reviews, Vulnerability Analysis and research on application code Coach and mentor developers to implement cryptography solutions securely (PKI, Code Signing, Stored Secrets, et cetera) Engage subject matter experts in successful transfer of complex domain knowledge Apply principles of Secure SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project Understand application security methodologies and frameworks Leverage GE Digital's tailored Secure SDL practice into specific engineering engagements Research new application security technologies and implement them to improve application security. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development Promote best practices based on OWASP, SANS Top 25, and the GE Digital SDL. Write fuzz scenarios to see the break network protocol suites such as TCP/IP, IPv6, UDP, TLS, DTLS Ability to automate attack scenarios to avoid repetitive work. Good to have experience in Bluetooth/Wifi or any radio based attacks. Good to have experience in Rest API security testing and recommending best practices while opting for OAuth or OpenId connect Having experience working on IoT platform will be beneficial. Required Skills Professional expertise with Kali Linux, Metasploit, Meterpreter. Hands-on experience in Windows/Linux and network security. Execute Scans using tools such as Nessus, Burp, Fortify/Coverity, Splunk etc. Education Qualification Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with a minimum of 3+ years of experience in systems security, product / OT security and application security. Desired Characteristics Certifications – OSCP, CCSP. Languages – C/C++/Java/Python/Ruby Proven experience in breaking the vulnerable boxes. Adaptable to learn new skills or technologies as per business needs. Detailed working knowledge of two modern programming languages, such as java, python, or ruby Good written and oral communication skills and successful security consulting background. At least 2 years of security consulting involvement with development team(s) that delivered software-based services Experience in developing secure applications A high energy and a result-oriented attitude/approach, with an understanding of release timelines and the need to enable development teams, not slow them down Experience with Security Development Lifecycle processes such as Threat Modeling desired Contribute to and lead discussions and communications within the team and outside, including customers and other business units Excellent knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles Hands-on Experience with developing cloud-deployed applications that utilize oath 2 Hands-on experience with developing RESTful web services Mobile Architecture experience, designing, developing, and integrating solutions. Experience with penetration testing tools, ability to replicate security defects uncovered by groups such as GE's red team Good understanding of security tools and technologies to facilitate secure development Inclusion and Diversity GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity. Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support. #LI-AM11 #Hybrid Additional Information Relocation Assistance Provided: Yes