770 Nessus Jobs - Page 11

Job Description: We are seeking an experienced and highly skilled Penetration Tester with expertise in mobile application security, specifically for both Android and iOS platforms. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in mobile applications, networks, APIs, and other critical systems. Your primary responsibility will be performing thorough security assessments, including reverse engineering, malware analysis, and incident forensics, to ensure the security and resilience of mobile applications and systems. The ideal candidate should have hands-on experience with penetration testing tools, mobile application testing, and advanced exploitation techniques. You will also be expected to collaborate with various teams, including Red Teams, to develop strategic security initiatives and offer expert-level recommendations for security improvements. Key Responsibilities: Mobile Application Penetration Testing: Conduct in-depth security assessments of mobile applications for both Android and iOS platforms, identifying vulnerabilities and recommending remediation strategies. Red Team Activities: Participate in Red Team exercises to simulate real-world attacks, uncover hidden threats, and assess the effectiveness of security controls. Security Assessments: Perform penetration testing on applications, networks, mobile platforms, APIs, cloud environments, and critical systems to identify advanced threats and vulnerabilities. Custom Exploit Development: Develop custom exploit code and scripts to demonstrate potential security risks to stakeholders and stakeholders, providing hands-on demonstrations of vulnerabilities. Reverse Engineering & Malware Analysis: Use reverse engineering techniques and tools to analyze complex threats, malware, and incidents, providing detailed reports on findings. Collaboration with Leadership: Collaborate with executive leadership and senior management to develop and execute strategic security initiatives and roadmaps to mitigate security risks. Security Architecture Guidance: Provide expert-level guidance on secure coding practices, cryptography, architecture design principles, and implementation to mitigate risks effectively. Tool Development & Automation: Develop custom penetration testing tools and scripts to automate testing processes and enhance capabilities for thorough assessments. Incident Forensics: Lead efforts to analyze and investigate security incidents, determining the root causes and recommending improvements for better prevention. Required Skills and Qualifications: Mobile Pen Testing Expertise: Strong experience in mobile application penetration testing for both Android and iOS platforms. Penetration Testing Tools: Expertise in tools and frameworks such as Metasploit, Burp Suite, Nessus, NMAP, and custom/open-source tools. Red Teaming & Advanced Exploitation: Advanced proficiency in red teaming, black box testing, and using advanced exploitation techniques to identify vulnerabilities. Malware Analysis & Reverse Engineering: Experience in malware analysis and reverse engineering to assess complex threats and incidents. Cryptography & Secure Coding: In-depth knowledge of cryptography, secure coding practices, and secure architecture design principles. Custom Tools & Scripting: Hands-on experience in developing custom scripts and tools to automate testing processes and enhance the effectiveness of assessments. Penetration Testing Methodologies: Expertise in applying penetration testing methodologies, including both network and application-level security assessments. Certifications (Preferred): o OSCP (Offensive Security Certified Professional) o CRTP (Certified Red Team Professional) o eLearn Security Certified Professional Penetration Tester V2.0 o Any other relevant certifications are a plus. Required Experience: Overall Experience: 12+ years in penetration testing, security assessments, and threat analysis. Relevant Experience: 10 years of hands-on experience specifically in penetration testing for mobile applications (Android & iOS), network security, cloud environments, and APIs. Experience working in Red Team environments is a plus.

Introduction At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk. Your Role And Responsibilities Expertise on Endpoint Security as in DLP, AV, EDR/EPP solutions Experience with EDR tools (e.g., SentinelOne, CrowdStrike) and anti-virus/anti-malware solutions. Proficiency in analyzing and mitigating endpoint security threats and managing endpoint protection policies. SIEM and Incident Response: Hands-on experience with SIEM platforms (e.g., Splunk, QRadar, Microsoft Sentinel). Strong skills in incident response, threat hunting, and forensic investigation. Access and Identity Management: Familiarity with IAM concepts and tools, including MFA and SSO solutions. Experience with configuring and troubleshooting access control for network and endpoint systems. Automation and Scripting: Basic scripting abilities (e.g., Python, PowerShell) for automating security processes. Excellent analytical and problem-solving skills. Effective communication skills for interacting with team members and stakeholders. Ability to work in a fast-paced environment and handle high-stakes incidents. Certifications (Preferred) CompTIA Security+, Cisco CCNA Security, Certified Ethical Hacker (CEH), or other relevant security certifications. Preferred Education Bachelor's Degree Required Technical And Professional Expertise 10 years of experience in security & infrastructure administration Experience on any Products for Implementation & Operations in SIEM, Nessus, CEH, Qualys guard, Vulnerability Assessment and Penetration Testing, Network Security, Web Application Expertise of handling industry standard risk, governance and security standard methodologies and incident response processes (detection, triage, incident analysis, remediation and reporting). have shown attention to detail and interpersonal skills and expertise to oversee input and develop relevant metrics and Competence with Microsoft Office, e.g. Word, Presentation, Excel, Visio, etc Preferred Technical And Professional Experience Ability to multitask and work independently with minimal direction and maximum accountability. One or more security certifications. (CEH, Security+, GSEC, GCIH, etc).

We are seeking a knowledgeable and passionate Cyber Security Tutor. The ideal candidate will be responsible for delivering high-quality instruction in cyber security concepts, practices, and tools to students across different levels. This role includes curriculum development, hands-on training, mentoring, and preparing students for industry certifications. KEY RESPONSIBILITIES Conduct live or recorded sessions on cybersecurity topics. Design and update course materials, practical labs, and assessments. Train students in tools such as Kali Linux, Wireshark, Metasploit, and similar platforms. Mentor students and assist them in preparing for certifications like CEH, Security+, etc. Assess student performance through assignments and exams. Offer personalized feedback and academic support. Stay informed about current trends, tools, and best practices in the cybersecurity field. CANDIDATE REQUIREMENTS Bachelor’s or Master’s degree in Computer Science, Cyber Security, Information Technology, or a related field. Industry-recognized certifications such as CEH, CompTIA Security+, CISSP, OSCP, CISM, or equivalent. Minimum of 2 years of teaching or professional experience in cybersecurity. Strong background in network security, ethical hacking, penetration testing, incident response, and threat analysis. Hands-on proficiency with tools like Nmap, Burp Suite, Nessus, Metasploit, and other cybersecurity frameworks. Understanding of firewalls, VPNs, IDS/IPS, SIEM systems, and endpoint security. Working knowledge of scripting languages (e.g., Python, Bash, PowerShell) is an added advantage. Job Type: Full-time Pay: From ₹15,000.00 per month Schedule: Day shift Work Location: In person

Join our Team About this opportunity We are now looking for a Security Analyst professional. This job role is responsible for monitoring, coordination, support, management, and execution of reactive maintenance activities to ensure that services provided to customers are continuously available and performing to Service Level Agreement (SLA) performance levels. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What you will do Support the following systems and functions: Security event management on 24*7 shift Monitor incoming event queues for potential security incidents Security incident management, 1st level triaging, issues and RCA Perform initial investigation and triage of potential incidents; and raise or close events as applicable Monitor SOC ticket (or email) queue for potential event reporting from outside entities and individual users Support parsers and rules development for the SIEM Raise incidents to respective team for resolution (within SLA) Identity Access Management Create and track the access to customer environments Process improvements Identify improvements in processes and KPIs Adapt to improvement initiatives Shift handover Maintain SOC shift logs with relevant activity from the shift Document investigation results, ensuring relevant details are passed to Security Engineer for final event analysis Update SOC collaboration tool as necessary Vulnerability scanning and reporting Schedule the vulnerability assessment scan for desired frequency based on agreed plan for nodes in scope Track and provide details of the scan planned/ ongoing/ completed status as and when required Governance Reports Preparation of daily, weekly and monthly reports You will bring Basic knowledge of a Security Information and Event Management System (SIEM), such as McAfee, Splunk, Qradar, etc. Basic knowledge of a vulnerability scanning system such as Nessus, Tripwire, etc. Knowledge of both Linux-based and MS Windows-based systems with technical understanding and skills for analytical problem-solving Knowledge of IP networking Ability to work in shifts The ability to work constructively under pressure Ability to work both in a team as well as individually Knowledge sharing & collaboration skills Customer oriented, service minded Deliver results & meet customer expectations Excellent communication skills, English is a must Key Qualifications: Education: Graduate in Computer Science or similar Minimum years of relevant experience: 3 to 5 years with at least 1 year of experience in IT security ITIL certification, CEH, Security +, CCNA Security or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage

Experience Required: - 6 to 8 Years Location:- Noida Role Overview- We are seeking a skilled and driven Sr. Security Engineer with a strong background in penetration testing (web, mobile, and network) . The ideal candidate will have hands-on experience identifying and exploiting vulnerabilities, preparing technical and compliance reports, and guiding clients or internal teams on remediation and governance. Key Responsibilities- • Conduct penetration testing of web applications, mobile apps (iOS/Android), and internal/external networks. • Perform vulnerability assessments and risk evaluations across client environments. • Create detailed technical and executive reports with prioritized remediation strategies. • Assist in SOC 2 readiness assessments, ISO 27001 implementation, and GDPR compliance checks. • Collaborate with cross-functional teams for remedial activities to improve the security posture. • Stay updated with the latest exploits, tools, and compliance updates. Required Qualifications- • 6-8 years of experience in cybersecurity with a focus on penetration testing and compliance. • Proficiency in tools like Burp Suite, Nmap, Metasploit, Nessus, MobSF, and manual testing techniques. • Strong knowledge of OWASP Top 10, secure coding practices, network protocols, and common attack vectors. • Understanding of SOC 2, ISO 27001, GDPR, and associated implementation or audit processes. Certifications (Preferred)- • CEH (Certified Ethical Hacker) • ISO/IEC 27001 Lead Auditor / Lead Implementer • Other relevant certs: e.g., CompTIA Security+, eWPT, eCPPT, GPEN Nice-to-Have Skills- • Familiarity with DevSecOps pipelines, source code reviews, or CI/CD security integration. • Client-facing consulting experience or report presentation skills. • Cyber Security vibe is a must.

Company Description Coredge is a solutions-focused company leveraging AI, cloud, and other digital technologies to solve complex industry challenges. We enable clients to thrive in the digital era by providing innovative solutions that drive efficiency and growth. Our expertise lies in applying advanced technologies to deliver customized, effective results. At Coredge, we are committed to helping our clients navigate and succeed in an ever-evolving digital landscape. Role Description This is a full-time, on-site role for an Application & a Cloud Security Specialist located in Noida. The both Application & Cloud Security Specialist will be responsible for providing application support, troubleshooting technical issues, and delivering technical support to ensure the security of our cloud infrastructure. Daily tasks include analyzing security measures, identifying vulnerabilities, and implementing security protocols. The specialist will also communicate with internal and external stakeholders to ensure the highest level of security and support for our applications and cloud services. Cloud Security Specialist (4–6 Years) Location: Noida | Reports to: Head/CISO Cyber Security 🎯 Primary Role: Secure and govern cloud infrastructure across AWS, Azure, and GCP, ensuring compliance, risk mitigation, and operational security. 🔍 Key Responsibilities: GRC (50%): Define cloud security policies, conduct risk assessments, ensure compliance (ISO 27001, DPDP, GDPR, HIPAA). Security Operations (35%): Implement IAM, SIEM, WAF, CSPM; respond to incidents; integrate DevSecOps in CI/CD. Reporting (15%): Create dashboards, document architecture, track remediation. 🛠️ Must-Have Skills: Cloud security (AWS/Azure/GCP) DevSecOps, Kubernetes, Docker, Terraform Tools: SIEM, WAF, CSPM, VA/PT (e.g., Nessus, OWASP Zap) 📜 Preferred Certifications: Cloud: CCSP / AWS / Azure / GCP Security Compliance: CISA / ISO 27001 Lead Implementer ✅ Application Security Specialist (6–8 Years) Location: Noida | Reports to: Head/CISO Cyber Security 🎯 Primary Role: Embed security into the SDLC of cloud-native applications, ensuring secure design, development, and compliance. 🔍 Key Responsibilities: AppSec (80%): Lead SSDLC, threat modeling, secure code reviews, CI/CD security (SAST, DAST, SCA), pen testing, vulnerability management. GRC (20%): Ensure app compliance (GDPR, HIPAA, DPDP), support audits, align with ISO 27001, PCI-DSS. 🛠️ Must-Have Skills: Secure coding (Java, Python, Go, JS) DevSecOps, Kubernetes, Docker, Terraform Tools: SonarQube, Burp Suite, Veracode, GitLab CI/CD 📜 Mandatory Certification: CEH / OSCP / GWAPT (any one) 📧 Apply Now: Send your resume to hr@coredge.io #CyberSecurityJobs #ApplicationSecurity #CloudSecurity #NoidaJobs #HiringNow #TechCareers

GE Healthcare Healthcare Science & Technology Organization Category Digital Technology / IT Early Career Job Id R4016905 Relocation Assistance Yes Location Bengaluru, Karnataka, India, 560066 Job Description Summary As a Product Security Analyst, you will be collaborating with development teams to complete security testing and tool development for our GEHC products. You will be responsible for Performing VAPT for thick and thin clients, webservices, embedded devices and cloud. Conducting Compliance/Benchmark assessments using DISA Stigs/CIS Benchmarks .Review, Test and Suggest best practices for Cryptography, PKI (web and non-web perspective). Conducting Source code review and discuss with development teams in mitigating the issues and eliminating false positives. GE Healthcare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world. Job Description Roles and Responsibilities You are a skilled Analyst who enjoys security work and is an expert in systems security, product / OT security and application security. In this role, you will: Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents. Be responsible for providing technical leadership and defining, developing, and evolving security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure. Work with Cyber Security Leaders and SMEs to understand product requirements Translate security requirements / vision into a prioritized list of user stories, completing work according to required timelines and quality standards Assist security champions in completing Threat Modeling and Architecture Risk Analysis on product features Perform Security Code Reviews, Vulnerability Analysis and research on application code Coach and mentor developers to implement cryptography solutions securely (PKI, Code Signing, Stored Secrets, et cetera) Engage subject matter experts in successful transfer of complex domain knowledge Apply principles of Secure SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project Understand application security methodologies and frameworks Leverage GE Digital's tailored Secure SDL practice into specific engineering engagements Research new application security technologies and implement them to improve application security. Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development Promote best practices based on OWASP, SANS Top 25, and the GE Digital SDL. Write fuzz scenarios to see the break network protocol suites such as TCP/IP, IPv6, UDP, TLS, DTLS Ability to automate attack scenarios to avoid repetitive work. Good to have experience in Bluetooth/Wifi or any radio based attacks. Good to have experience in Rest API security testing and recommending best practices while opting for OAuth or OpenId connect Having experience working on IoT platform will be beneficial. Required Skills Professional expertise with Kali Linux, Metasploit, Meterpreter. Hands-on experience in Windows/Linux and network security. Execute Scans using tools such as Nessus, Burp, Fortify/Coverity, Splunk etc. Education Qualification Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with a minimum of 3+ years of experience in systems security, product / OT security and application security. Desired Characteristics Certifications – OSCP, CCSP. Languages – C/C++/Java/Python/Ruby Proven experience in breaking the vulnerable boxes. Adaptable to learn new skills or technologies as per business needs. Detailed working knowledge of two modern programming languages, such as java, python, or ruby Good written and oral communication skills and successful security consulting background. At least 2 years of security consulting involvement with development team(s) that delivered software-based services Experience in developing secure applications A high energy and a result-oriented attitude/approach, with an understanding of release timelines and the need to enable development teams, not slow them down Experience with Security Development Lifecycle processes such as Threat Modeling desired Contribute to and lead discussions and communications within the team and outside, including customers and other business units Excellent knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles Hands-on Experience with developing cloud-deployed applications that utilize oath 2 Hands-on experience with developing RESTful web services Mobile Architecture experience, designing, developing, and integrating solutions. Experience with penetration testing tools, ability to replicate security defects uncovered by groups such as GE's red team Good understanding of security tools and technologies to facilitate secure development Inclusion and Diversity GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity. Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support. #LI-AM11 #Hybrid Additional Information Relocation Assistance Provided: Yes

Vulnerability Management: Nessus, OpenVAS, Qualys Incident Response: Root cause analysis, threat containment, recovery planning Operating Systems: Linux Scripting: Python, Bash, PowerShell (basic to intermediate)

We are seeking a skilled SIEM Engineer to join our Managed Security Services team. You will be responsible for designing, implementing, managing, and supporting cybersecurity solutions, with a focus on SIEM tools and incident response. This is a hands-on technical role working with internal teams, customers, and third-party vendors to ensure robust security practices. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Create, tune, and maintain detection rules and dashboards Investigate and respond to security incidents and alerts Participate in security audits, threat hunting, and compliance checks Research emerging threats and enhance detection capabilities Support configuration management, system hardening, and network defense strategies Collaborate across teams to improve security operations and automation Required Skills: Strong hands-on experience with SIEM platforms & SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Deep understanding of security operations , incident response , and network/system security Experience with scanning tools (e.g., Nessus, Qualys ) and PAM solutions (e.g., CyberArk, BeyondTrust ) Solid knowledge of Linux/Windows environments and enterprise networks Familiar with encryption, security controls, and system hardening best practices Excellent analytical, troubleshooting, and communication skills Preferred: Security certifications (e.g., CEH, CISSP, GCIA, GCIH) Experience in automation and scripting for SOC workflows Willingness to participate in on-call support rotation Primary country and city: India (IN) || Noida Req ID: 769625

Join our Team We are seeking a skilled SIEM Engineer to join our Managed Security Services team. You will be responsible for designing, implementing, managing, and supporting cybersecurity solutions, with a focus on SIEM tools and incident response. This is a hands-on technical role working with internal teams, customers, and third-party vendors to ensure robust security practices. Key Responsibilities: Design, deploy, and manage SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Create, tune, and maintain detection rules and dashboards Investigate and respond to security incidents and alerts Participate in security audits, threat hunting, and compliance checks Research emerging threats and enhance detection capabilities Support configuration management, system hardening, and network defense strategies Collaborate across teams to improve security operations and automation Required Skills: Strong hands-on experience with SIEM platforms & SIEM tools (e.g., QRadar, ArcSight, Splunk, McAfee ESM) and log integrations Deep understanding of security operations , incident response , and network/system security Experience with scanning tools (e.g., Nessus, Qualys ) and PAM solutions (e.g., CyberArk, BeyondTrust ) Solid knowledge of Linux/Windows environments and enterprise networks Familiar with encryption, security controls, and system hardening best practices Excellent analytical, troubleshooting, and communication skills Preferred: Security certifications (e.g., CEH, CISSP, GCIA, GCIH) Experience in automation and scripting for SOC workflows Willingness to participate in on-call support rotation Why join Ericsson What happens once you apply Primary country and city: India (IN) || Noida Req ID: 769625

Join our Team About This Opportunity We are now looking for a Security Analyst professional. This job role is responsible for monitoring, coordination, support, management, and execution of reactive maintenance activities to ensure that services provided to customers are continuously available and performing to Service Level Agreement (SLA) performance levels. The professional will work alongside a highly skilled, diverse team, making sure that the information assets, that we are responsible to protect, are secured. What You Will Do Support the following systems and functions: Security event management on 24*7 shift Monitor incoming event queues for potential security incidents Security incident management, 1st level triaging, issues and RCA Perform initial investigation and triage of potential incidents; and raise or close events as applicable Monitor SOC ticket (or email) queue for potential event reporting from outside entities and individual users Support parsers and rules development for the SIEM Raise incidents to respective team for resolution (within SLA) Identity Access Management Create and track the access to customer environments Process improvements Identify improvements in processes and KPIs Adapt to improvement initiatives Shift handover Maintain SOC shift logs with relevant activity from the shift Document investigation results, ensuring relevant details are passed to Security Engineer for final event analysis Update SOC collaboration tool as necessary Vulnerability scanning and reporting Schedule the vulnerability assessment scan for desired frequency based on agreed plan for nodes in scope Track and provide details of the scan planned/ ongoing/ completed status as and when required Governance Reports Preparation of daily, weekly and monthly reports You will bring Basic knowledge of a Security Information and Event Management System (SIEM), such as McAfee, Splunk, Qradar, etc. Basic knowledge of a vulnerability scanning system such as Nessus, Tripwire, etc. Knowledge of both Linux-based and MS Windows-based systems with technical understanding and skills for analytical problem-solving Knowledge of IP networking Ability to work in shifts The ability to work constructively under pressure Ability to work both in a team as well as individually Knowledge sharing & collaboration skills Customer oriented, service minded Deliver results & meet customer expectations Excellent communication skills, English is a must Key Qualifications: Education: Graduate in Computer Science or similar Minimum years of relevant experience: 3 to 5 years with at least 1 year of experience in IT security ITIL certification, CEH, Security +, CCNA Security or similar will be an advantage Basic knowledge of telecommunications networks will be an added advantage

Responsibilities As a member of the incident/Workorder/Change handling team , you will have the following accountabilities: Will be working as an SME for Zscaler Support in Operations for ZIA, ZPA and ZDX. Assess and orchestrate the current and planned security posture for NTT data's Security infrastructure, providing recommendations for improvement and risk reduction. Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk. Support security incident response as required; First line responder to reported or detected incidents. Perform security research, analysis, security vulnerability assessments and penetration tests. Provide security audit and investigation support Monitor and track security systems for Vulnerability and respond to potential security Vulnerability. Provide support for the Vulnerability management program. Provide 24x7 support as operations team working in shifts. Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business. Skills and Experience 4 to 5 years+ in Information Security space. Strong experiance in Service Now Ticketing tool, Dashboards and Integration. Strong experience with Zscaler ZIA, ZPA and ZDX. Strong experience with Vulnerability Management Program. Strong experience with Qualys Vulnerability Management Tool. Some good to have Experience with Crowdstrike EDR and SIEM. Strong experience with multiple network operating systems, including two or more of the following: Cisco iOS, Juniper ScreenOS or Junos, Fortinet FortiOS, CheckPoint GAiA, or Palo Alto Networks PAN-OS; Tanium, Rapid 7, Nessus, Nitro ESM, Symantec SEP, Symantec Message labs, Thales encryption, Allgress, Forecpoint, Blue coat, Firepower, Cisco ISE, Carbon Black, Titus, Encase Strong oral, written, and presentation abilities. Experiance with M365 Copilot. Some experience with Unix/Linux system administration. Strong experience with logging and alerting platforms, including SIEM integration. Current understanding of Industry trends and emerging threats; and Working Knowledge of incident response methodologies and technologies. Desirable Zscaler Certifications Associate and Professional for ZIA, ZPA and ZDX. Excellent Experiance in Zscaler ZIA, ZPA and ZDX. Experiance in Vulnerability Management Program. Experiance in Qualys Vulnerability Management Tool. Well-rounded background in network, host, database, and application security. Experience implementing security controls in a bi-modal IT environment. Experience driving a culture of security awareness. Experience administering network devices, databases, and/or web application servers. Professional IT Accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CompTIA Security) Good to have. Abilities Non customer facing role but an ability to build strong relationships with internal teams, and security leadership, is essential act as Incident co-ordinator, for reviewing all security tools, ingesting incident data, tracking incident status, coordinating with internal and external assets to fulfill information requirements, and initiating escalation procedures. Document daily work and new processes. Embrace a culture of continuous service improvement and service excellence. Stay up to date on security industry trends.

Job Summary : We are seeking a skilled and detail-oriented Information Security Specialist to join our team. This role will focus on implementing and maintaining security measures to protect our organizations digital assets, ensuring compliance with industry standards and mitigating security risks. Key Responsibilities : Develop and enforce security policies, standards, and procedures across the organization. Conduct regular security audits, vulnerability assessments. Identify, investigate, and respond to security incidents and breaches. Manage identity and access controls to safeguard data privacy. Monitor security events and manage incident responses. Collaborate with IT to implement security upgrades and patches. Conduct risk assessments, define security controls, and ensure the organization is compliant with industry standards (ISO 27001, NIST). Establish metrics and reporting for ongoing security assessments and improvements.

Condé Nast is a global media company producing the highest quality content with a footprint of more than 1 billion consumers in 32 territories through print, digital, video and social platforms. The company’s portfolio includes many of the world’s most respected and influential media properties including Vogue, Vanity Fair, Glamour, Self, GQ, The New Yorker, Condé Nast Traveler/Traveller, Allure, AD, Bon Appétit and Wired, among others. Job Description Location: Chennai, TN To deliver the above, we are recruiting for the post of Security Operations Centre (SOC) Analyst. The SOC analyst will, reporting to the SOC Manager, participate in the securing of Conde Nast assets across global markets by delivering a dedicated, focused and high-performing function to the organisation, which includes; Security Event Monitoring Event Triage and Escalation Insider Threat monitoring and management Security Incident Analysis and Response Vulnerability Management Threat Review and Analysis Threat Hunting Escalation point for SOC The SOC Analyst will have the opportunity to develop skills across a broad range of security tools and solutions, many of which will be cutting-edge. Required Skills: Minimum 8 years of Security Operations experience with at least 7 years of experience working with event monitoring and management, preferably in a SOC setting. 24X7 Security Operations Centre (SOC) and ensure seamless delivery of monitoring service and SLA management Coordinate with global stakeholders to understand the infrastructure, application, and business process to understand the threat hunting and SOC Monitoring coverage. Supporting SIEM platforms to ensure adequate log source integrations and fine-tuning Demonstrated experience with endpoint telemetry, Malware analysis tools, Exploit kits and SIEM platforms(Splunk/IBM QRadar/ArcSight/Logrhythm) Tactically supports the Vulnerability Management (VM), in the areas of the security patch and remediation management, must have experience in(Rapid7, Nessus, Tenable or others) Work with the security Engineer to ensure all security tools and solutions are properly configured and maintained. Incident Response - Escalation point of contact for incident response activities and acts as needed as Incident manager to ensure proper protection or corrective measures have been taken, and follows procedures to contain, analyse, and eradicate malicious activity Threat Hunting - Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Experience with TIPs will be beneficial in developing the hypothesis. SPAM/Phishing analysis - Executes analysis of email-based threats to include understanding of email communications, platforms, headers, transactions, and identification of malicious tactics, techniques, and procedures In-depth knowledge of cyber defensive and offensive techniques, malware families and adversary tactics, techniques and procedures, MITRE ATT&CK, NIST Frameworks Knowledge of Cloud infrastructure and security(AWS, GCP and Azure). In-depth knowledge of Antivirus - McAfee/Symantec/Sophos In-depth knowledge of EDR solutions(Sophos XDR/Crowdstrike/FireEye HX/SentinelOne/McAfee EDR/Symantec EDR) Hands-on experience in managing any of the SOAR solutions (Rapid7 SOAR/InsightConnect/Swimlane/IBM Security Resilient) Sound working knowledge of firewalls and VPNs: Palo-alto/FortiGate, VPN: Appgate VPN/Any other VPN Hands-on experience with Network Detection and Response tools (Rapid7, Cortex or any other NDR tools) Fundamental knowledge of the principles of Identity and access management Fundamental knowledge of Encryption & PKI. Good understanding of Proxies, WAF, Cyber deception technology, Windows, UNIX/Linux Security best practices Provides audit, analysis, and material support for cyber-related validation, certification, standards, governance, process, infrastructure, deployment and ongoing maintenance. Experience in using a scripting language to automate tasks. Good communication and presentation skills Experience of working in a fast-paced, globally dispersed environment Good analytical, problem-solving solving and interpersonal skills Educational Qualifications: B.Tech/M.Sc IT Certification CompTia Security+, CompTia CySA+, SIEM Associate Admin or any similar SIEM admin certification SSCP or similar certification What happens next? If you are interested in this opportunity, please apply below, and we will review your application as soon as possible. You can update your resume or upload a cover letter at any time by accessing your candidate profile. Condé Nast is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, age, familial status and other legally protected characteristics.

Job Title: Vulnerability Assessment and Penetration Testing (VAPT) Analyst Experience Required: 3–5 Years Location: Hyderabad Employment Type: Full-Time Job Summary: We are seeking a proactive and technically strong VAPT Analyst with 3–5 years of experience in penetration testing across applications, infrastructure, cloud, and Active Directory environments. The ideal candidate should be proficient in scripting and programming, capable of performing secure code reviews, and confident in engaging both technical and non-technical stakeholders. Key Responsibilities: Perform end-to-end Vulnerability Assessment and Penetration Testing on: Web applications (WAPT) Mobile applications (Android/iOS) Network infrastructure (internal/external) Cloud environments (AWS, Azure, GCP) Active Directory and internal corporate networks Conduct secure source code reviews to identify logic flaws and vulnerabilities. Prepare detailed, high-quality reports with risk ratings, POC, and remediation steps. Communicate findings effectively to development, operations, and management teams. Deliver awareness sessions on secure coding, OWASP Top 10, and general security best practices. Maintain knowledge of current threat landscape, attack techniques, and tools. Required Skills and Qualifications: 3–5 years of hands-on VAPT experience across web, mobile, network, AD, and cloud. Expertise in manual and automated testing methodologies. Proficient in the following tools and technologies: Burp Suite, OWASP ZAP, Nessus, Acunetix, Nmap Static and dynamic code analysis tools Strong programming and scripting skills in: Python, C, Bash, PowerShell Solid understanding of OWASP Top 10, SANS Top 25, MITRE ATT&CK, and secure coding principles. Ability to work independently and manage multiple assessments in parallel. Strong report writing and communication skills for both technical and business audiences. Experience in conducting secure coding and cybersecurity awareness training sessions. Certifications: CEH/eJPT/GPEN/OSCP (Mandatory)

Dear Candidate, We are hiring a Compliance Engineer to ensure code and dependencies meet licensing and audit standards. Key Responsibilities: Track open-source usage and license compliance. Automate compliance scanning and reporting. Assist in security reviews and audits. Required Skills & Qualifications: Familiarity with tools like FOSSA, Black Duck. Knowledge of OSS licenses (MIT, GPL, Apache). Experience with code scanning and SBOMs. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Description As an IT/OT Vulnerability Assessment and Penetration Testing (VAPT) Engineer, you will be engaged in identifying and mitigating security vulnerabilities across IT systems, Industrial Control Systems (ICS), and Industrial Internet of Things (IIoT) environments. Your work will involve rigorous security assessments of critical infrastructure, SCADA systems, PLCs, field devices, gateways, and cloud-connected IIoT platforms. You will simulate advanced adversary tactics to expose vulnerabilities and provide strategic remediation guidance. The role is suited for professionals with a deep understanding of both enterprise IT security and industrial/embedded system ecosystems. Responsibilities 1-Vulnerability Assessment & Penetration Testing (IT + ICS/IIoT): Perform black-box, grey-box, and white-box VAPT on: Enterprise IT assets (servers, databases, web/mobile apps, Active Directory, cloud) OT/ICS assets (PLCs, RTUs, HMIs, engineering workstations, protocol gateways) IIoT platforms (MQTT/CoAP-based telemetry, edge gateways, cloud dashboards) Emulate APT-level attacks across air-gapped, segmented, or hybrid IT-OT architectures. Execute Red Team scenarios to simulate insider threats or supply chain compromise. 2- ICS Protocol & Field Device Security Testing: Analyze and exploit vulnerabilities in ICS protocols: Modbus TCP, DNP3, IEC 104, OPC-UA, S7comm, Profinet, BACnet, CIP (EtherNet/IP), MQTT, CoAP Perform live traffic analysis, packet manipulation, and protocol fuzzing to test resilience. Evaluate control logic vulnerabilities in ladder logic, structured text, and function blocks. 3- Firmware & Hardware Exploitation (IIoT/ICS Devices): Extract and analyze firmware from industrial devices using JTAG, UART, SPI interfaces. Perform static and dynamic analysis using Ghidra, Binwalk, Radare2, or IDA Pro. Reverse engineer file systems (e.g., squashfs, cramfs) and analyze web interfaces or CLI backdoors. Exploit misconfigured bootloaders, insecure firmware upgrade mechanisms, or exposed debug ports. 4- Network Architecture & Segmentation Testing: Review and test IT-OT segmentation via firewall ACLs, VLANs, DMZ configurations. Assess trust relationships, weak credential policies, and insecure remote access (e.g., exposed VNC, Telnet, RDP). Identify unauthorized bridging of air-gapped networks or misconfigured routing/switching. 5- Cloud & IIoT Platform Security: Evaluate MQTT brokers, edge-to-cloud telemetry, and analytics pipelines. Test REST APIs, insecure mobile app integrations, and cloud misconfigurations (S3, IAM, IoT Core). Identify insecure certificate handling, default API tokens, and lack of encryption at rest/in transit. Reporting & Mitigation Develop technical and executive-level reports with CVSS scoring, attack paths, and exploitation evidence. Recommend hardening measures for both IT (patches, SIEM, EDR) and OT (control policy tuning, physical zoning, least privilege for operators). Coordinate with ICS engineers, IT admins, and SOC teams for patch validation and monitoring upgrades. Compliance & Framework Alignment Ensure assessments comply with industry and regulatory frameworks: NIST SP 800-82, ISA/IEC 62443, ISO 27001, NERC CIP, SANS ICS Top 20 Map findings to MITRE ATT&CK for ICS and monitor emerging CVEs relevant to industrial products. Eligibility Educational Background: Bachelor’s or Master’s in Cybersecurity, Computer Science, Industrial Automation, Electronics, or a related field. Technical Skills: Deep knowledge of ICS/SCADA systems, embedded architectures, and real-time OS (VxWorks, QNX, FreeRTOS). Hands-on experience with tools: VAPT Tools: Nessus, Burp Suite, Metasploit, Nmap, Nikto, SQLMap ICS Tools: Wireshark, Scapy, PLCScan, ICSFuzz, S7comm Tools, Conpot, ModScan Firmware Tools: Binwalk, Ghidra, Radare2, OpenOCD, Logic Analyzers IIoT Security: Shodan, Censys, MQTTX, Postman, OWASP ZAP Certifications (Preferred): OSCP, GRID, GICSP, CRT, CRTP, CEH, CISSP, or equivalent. Participation in ICS/IoT-focused CTFs or open-source contributions is a plus. Travel As and when required, across the country for project execution and monitoring as well as for coordination with geographically distributed teams. Communication Submit a cover letter summarising your experience in relevant technologies and software along with a resume and the Latest passport-size photograph.

We are looking for a proactive and skilled Security Engineer with 5+ years of experience to join our cybersecurity team. The ideal candidate will be responsible for maintaining and improving our organization's security posture by identifying vulnerabilities, implementing security solutions, and responding to incidents. Key Responsibilities Design, implement, and monitor security measures for the protection of computer systems, networks, and information. Conduct regular security assessments, vulnerability scans, and penetration tests. Configure and manage firewalls, IDS/IPS, SIEM tools, and endpoint protection systems. Monitor systems and networks for security breaches and investigate violations. Respond to and analyze security incidents, including root cause analysis and mitigation. Develop and enforce security policies, standards, and procedures. Conduct risk assessments and recommend appropriate mitigation strategies. Collaborate with IT and DevOps teams to integrate security best practices across infrastructure and applications. Stay updated with the latest security trends, threats, and technology solutions. Provide training and awareness for internal teams regarding cybersecurity best practices. Required Skills & Qualifications Minimum 5 years of hands-on experience in information security, cybersecurity, or infrastructure security roles. Strong knowledge of network and system security protocols and tools (e.g., firewalls, VPN, IDS/IPS, antivirus, SIEM). Proficiency in scripting or programming (e.g., Python, Bash, PowerShell) for automation and tool development. Experience with security tools like Splunk, QRadar, Wireshark, Nessus, Burp Suite, etc. Familiarity with compliance standards like ISO 27001, NIST, PCI-DSS, GDPR, HIPAA. Understanding of cloud security across platforms like AWS, Azure, or GCP. Strong problem-solving and communication skills. Preferred Qualifications Bachelor's or Masters degree in Computer Science, Information Security, or a related field. Security certifications such as CISSP, CEH, OSCP, CISM, CompTIA Security+. Experience in incident response and digital forensics. Prior experience in SOC (Security Operations Center) environment is a plus (ref:hirist.tech)

Responsibilities As a member of the incident/Workorder/Change handling team , you will have the following accountabilities: Will be working as an SME for Zscaler Support in Operations for ZIA, ZPA and ZDX. Assess and orchestrate the current and planned security posture for NTT data’s Security infrastructure, providing recommendations for improvement and risk reduction. Identify and propose process improvements and identify opportunities for new processes and procedures to reduce risk. Support security incident response as required; First line responder to reported or detected incidents. Perform security research, analysis, security vulnerability assessments and penetration tests. Provide security audit and investigation support Monitor and track security systems for Vulnerability and respond to potential security Vulnerability. Provide support for the Vulnerability management program. Provide 24x7 support as operations team working in shifts. Participate in on-call system administration support including but not limited to weekends, holidays and after-business hours as required to service the needs of the business. Skills And Experience 4 to 5 years+ in Information Security space. Strong experiance in Service Now Ticketing tool, Dashboards and Integration. Strong experience with Zscaler ZIA, ZPA and ZDX. Strong experience with Vulnerability Management Program. Strong experience with Qualys Vulnerability Management Tool. Some good to have Experience with Crowdstrike EDR and SIEM. Strong experience with multiple network operating systems, including two or more of the following: Cisco iOS, Juniper ScreenOS or Junos, Fortinet FortiOS, CheckPoint GAiA, or Palo Alto Networks PAN-OS; Tanium, Rapid 7, Nessus, Nitro ESM, Symantec SEP, Symantec Message labs, Thales encryption, Allgress, Forecpoint, Blue coat, Firepower, Cisco ISE, Carbon Black, Titus, Encase Strong oral, written, and presentation abilities. Experiance with M365 Copilot. Some experience with Unix/Linux system administration. Strong experience with logging and alerting platforms, including SIEM integration. Current understanding of Industry trends and emerging threats; and Working Knowledge of incident response methodologies and technologies. Desirable Zscaler Certifications Associate and Professional for ZIA, ZPA and ZDX. Excellent Experiance in Zscaler ZIA, ZPA and ZDX. Experiance in Vulnerability Management Program. Experiance in Qualys Vulnerability Management Tool. Well-rounded background in network, host, database, and application security. Experience implementing security controls in a bi-modal IT environment. Experience driving a culture of security awareness. Experience administering network devices, databases, and/or web application servers. Professional IT Accreditations (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CompTIA Security) Good to have. Abilities Non customer facing role but an ability to build strong relationships with internal teams, and security leadership, is essential act as Incident co-ordinator, for reviewing all security tools, ingesting incident data, tracking incident status, coordinating with internal and external assets to fulfill information requirements, and initiating escalation procedures. Document daily work and new processes. Embrace a culture of continuous service improvement and service excellence. Stay up to date on security industry trends.

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development Stay updated on the latest security trends, vulnerabilities, and technology advancements. Provide training and guidance to the team and other departments on security best practices. Strategy and Planning Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) Internal/external network penetration, privilege escalation, and lateral movement Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing Working knowledge of Kali Linux and frameworks like MITRE ATT&CK Basic understanding of AI/ML security: adversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: Offensive: Burp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver Reconnaissance: Nmap, Amass, Shodan, OSINT frameworks/tools Vulnerability Scanners: Nessus, Qualys, Nexpose Programming/Scripting: Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills Excellent written and verbal communication skills Strong analytical and problem-solving capabilities Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): Highly Desirable: OSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE Other Considered: EWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers

Role Overview We are seeking a skilled and driven Sr. Security Engineer with a strong background in penetration testing (web, mobile, and network) and an understanding of security compliance standards such as SOC 2, ISO 27001, and GDPR. The ideal candidate will have hands-on experience identifying and exploiting vulnerabilities, preparing technical and compliance reports, and guiding clients or internal teams on remediation and governance. Key Responsibilities Conduct penetration testing of web applications, mobile apps (iOS/Android), and internal/external networks. Perform vulnerability assessments and risk evaluations across client environments. Create detailed technical and executive reports with prioritized remediation strategies. Assist in SOC 2 readiness assessments, ISO 27001 implementation, and GDPR compliance checks. Collaborate with cross-functional teams for remedial activities to improve the security posture. Stay updated with the latest exploits, tools, and compliance updates. Required Qualifications 5+ years of experience in cybersecurity with a focus on penetration testing and compliance. Proficiency in tools like Burp Suite, Nmap, Metasploit, Nessus, MobSF, and manual testing techniques. Strong knowledge of OWASP Top 10, secure coding practices, network protocols, and common attack vectors. Understanding of SOC 2, ISO 27001, GDPR, and associated implementation or audit processes. Certifications (Preferred) CEH (Certified Ethical Hacker) ISO/IEC 27001 Lead Auditor / Lead Implementer Other relevant certs: e.g., CompTIA Security+, eWPT, eCPPT, GPEN Nice-to-Have Skills Familiarity with DevSecOps pipelines, source code reviews, or CI/CD security integration. Client-facing consulting experience or report presentation skills. Cyber Security vibe is a must. (ref:hirist.tech)

Job Title : VAPT Specialist Experience : 3+ Years Location : Mumbai / Thane Notice Period : Immediate Joiners Preferred Work Mode : Onsite Key Skills VAPT, CEH Certification, Penetration Testing, Metasploit, Kali Linux, Burp Suite, Web & Mobile App Security, Network Security, Bash/PowerShell, Linux Job Description We are looking for an experienced VAPT Specialist to join our cybersecurity team. The ideal candidate will be responsible for identifying vulnerabilities across web, mobile, and network environments, and helping mitigate security risks through thorough testing, reporting, and collaboration. Roles & Responsibilities Perform Web Application Vulnerability Assessment & Penetration Testing to uncover application-layer security issues. Conduct Mobile App VAPT on both Android and iOS platforms using tools like MObSF, Androbugs, etc. Execute Network Penetration Testing to assess internal and external infrastructure risks. Reverse engineer malware, identify obfuscation techniques, and analyze cryptographic implementations. Use industry-standard tools including Metasploit, Burp Suite, Kali Linux, SQLMap, Nessus, w3af, Skipfish, and others. Work with Linux/UNIX environments, using Bash and PowerShell scripting to automate tasks and streamline testing workflows. Document findings, write detailed security reports, and support internal teams with remediation steps. Continuously stay updated with evolving threats, vulnerabilities, and tools. Requirements 3-4 years of hands-on experience in VAPT across web, mobile, and networks. Proven expertise in Web and Mobile Application Security Testing. Strong experience with Network Security Assessment and Penetration Testing. Familiarity with malware reverse engineering and cryptographic vulnerability analysis. Proficient with a wide range of VAPT tools and frameworks. Solid understanding of Linux environments and scripting (Bash, PowerShell). CEH certification is mandatory (additional certifications like OSCP are a plus). Excellent analytical and problem-solving skills. Strong verbal and written communication to collaborate with technical and non-technical stakeholders. (ref:hirist.tech)

Hello Visionary! We empower our people to stay resilient and relevant in a constantly changing world. We’re looking for people who are always searching for creative ways to grow and learn. People who want to make a real impact, now and in the future. Does that sound like you? Then it seems like you’d make a great addition to our vibrant team. We are looking for a Penetration Tester. This position is available for Chennai Location. You’ll make a difference by: Having experience in Leading and performing complex penetration testing engagements across enterprise networks, cloud infrastructures, web, mobile, APIs, thick clients, and IoT environments. Having understanding to Simulate sophisticated real-world attacks (e.g., APT scenarios, lateral movement, chained exploits). Conducting Red Team exercises and adversary emulation based on frameworks like MITRE ATT&CK. Identifying and exploiting vulnerabilities using both automated tools and advanced manual techniques. Reviewing, enhancing, and developing custom scripts, tools, and exploits to support internal testing capabilities. Providing expert-level guidance to business units on security risks, remediation strategies, and secure architecture. Actively participating in client discussions, executive briefings, and technical workshops. Delivering detailed and executive-level reports, including risk ratings, business impact, PoCs, and mitigation steps. Maintaining robust documentation of testing methodologies, custom tools, and process improvements. Ensuring all engagements align with internal policies, industry frameworks (e.g., OWASP, NIST, ISO), and client-specific compliance standards. Training and Development Stay updated on the latest security trends, vulnerabilities, and technology advancements. Provide training and guidance to the team and other departments on security best practices. Strategy and Planning Plan and scope penetration testing engagements, ensuring comprehensive coverage and effectiveness. Participate in the development of security policies and standards. Technical Expertise Deep hands-on experience in: Web, API, Thick Client and mobile app security testing (e.g., OWASP Top 10 – Web, Mobile, API) Internal/external network penetration, privilege escalation, and lateral movement Active Directory assessments and exploitation (Kerb roasting, Pass-the-Hash etc.) Familiarity with ICS, SCADA, BACnet protocols, and covert communication channels Wireless, Bluetooth, IoT device, Embedded Security, Cloud (AWS/Azure/GCP), and container security testing Working knowledge of Kali Linux and frameworks like MITRE ATT&CK Basic understanding of AI/ML security: adversarial attacks, model poisoning, and secure deployment of AI systems Proficiency with tools such as: Offensive: Burp Suite Pro, Metasploit, SQLMap, Cobalt Strike, Impacket, CrackMapExec, BloodHound, Sliver Reconnaissance: Nmap, Amass, Shodan, OSINT frameworks/tools Vulnerability Scanners: Nessus, Qualys, Nexpose Programming/Scripting: Skilled in scripting and exploit development using Python, Bash, PowerShell, and occasionally C/C++ or Go Soft Skills Excellent written and verbal communication skills Strong analytical and problem-solving capabilities Ability to explain technical concepts clearly to non-technical stakeholders You’ll win us over by: Having An engineering degree B.E/B.Tech/M.E/M.Tech with good academic record. 6–7 years of proven experience in penetration testing and offensive security Certifications (Preferred): Highly Desirable: OSCP, OSWP, OSWE, GPEN, GWAPT, OSCE, OSEE, GXPN, CPTS, CWEE, CAPE Other Considered: EWPTXv2 or equivalent advanced offensive security certifications We’ll support you with: Hybrid working Opportunities. Diverse and inclusive culture. Great variety of learning & development opportunities. Join us and be yourself! We value your unique identity and perspective, recognizing that our strength comes from the diverse backgrounds, experiences, and thoughts of our team members. We are fully committed to providing equitable opportunities and building a workplace that reflects the diversity of society. We also support you in your personal and professional journey by providing resources to help you thrive. Come bring your authentic self and create a better tomorrow with us. Make your mark in our exciting world at Siemens. This role is based in Chennai and is an Individual contributor role. You might be required to visit other locations within India and outside. In return, you'll get the chance to work with teams impacting - and the shape of things to come. We're Siemens. A collection of over 319,000 minds building the future, one day at a time in over 200 countries. Find out more about Siemens careers at: www.siemens.com/careers

Job Title: QA Tester Location:Gurugram WFO 6 Days Working Job Description: We are seeking a skilled QA Tester with expertise in Vulnerability Testing to ensure the security, functionality, and reliability of our applications. The ideal candidate will have experience in penetration testing, security testing methodologies, automation, and compliance standards. Key Responsibilities: Develop and execute test cases, scripts, and security test plans for applications and APIs. Perform vulnerability assessments and penetration testing on web, mobile, and cloud-based applications. Identify security loopholes, conduct risk analysis, and provide actionable recommendations. Work closely with development and DevOps teams to ensure secure coding practices. Automate security testing and integrate it into CI/CD pipelines. Test applications for OWASP Top 10 vulnerabilities, SQL injection, XSS, CSRF, SSRF, etc. Utilize security tools such as Burp Suite, OWASP ZAP, Metasploit, Kali Linux, Nessus, etc. Conduct API security testing and validate authentication & authorization mechanisms. Document security vulnerabilities and collaborate with teams for remediation. Ensure compliance with industry standards like ISO 27001, GDPR, HIPAA, PCI-DSS where applicable. Required Skills & Qualifications: 3+ years of experience in Quality Assurance with a focus on Security & Vulnerability Testing. Strong knowledge of penetration testing tools and security frameworks. Experience with automated security testing in CI/CD (Jenkins, GitHub Actions, GitLab CI, etc.). Proficiency in manual and automated security testing of web and mobile applications. Familiarity with scripting languages like Python, Bash, or JavaScript for automation. Experience working with cloud platforms such as AWS, Azure, or GCP is a plus. Strong understanding of HTTP, APIs, authentication protocols (OAuth, JWT, SAML, etc.). Knowledge of network security, firewalls, and intrusion detection systems (IDS/IPS). Certifications like CEH, OSCP, CISSP, or Security+ are an added advantage. Job Type: Full-time Pay: ₹200,000.00 - ₹500,000.00 per year Application Question(s): are you okay for 6days working Experience: Penetration testing: 3 years (Required) vulnerability testing: 3 years (Required) Scripting: 3 years (Preferred) Work Location: In person Expected Start Date: 15/07/2025

About the Company - Kempegowda International Airport, Bengaluru (KIAB/ BLR Airport), named after founder of the City – Hiriya Kempegowda – has the unique distinction of being the first Greenfield Airport in India, established on a Public-Private Partnership (PPP) model. This heralded a revolution in Indian aviation, as more airports in the Country were privatised, thereafter. Responsibilities - Managed XDR Operations: Oversee threat detection, threat prevention, identity and access management, and incident response activities. Optimize the performance of managed XDR solutions to proactively identify and mitigate risks. Ensure a well-defined incident response plan is in place and regularly tested through simulations. Continuously improve detection and response capabilities based on threat intelligence and industry trends. Regularly review and update playbooks to address emerging threats and advanced attack techniques. Conduct post-incident reviews to identify lessons learned and improve processes. Monitor and evaluate partner performance, addressing any issues related to quality, cost, or delivery. Manage escalations as per contracted frameworks. Ensure unresolved escalations are tabled in governance forums and taken up for resolution. Drive the resolution of such escalations by working with all concerned stakeholders Review and provide feedback on periodic process, SLAs and KPI reports published by various ICT teams Escalate process compliance issues to senior leadership along with suggestion on remediation plan Review all Change Requests and provide insight & recommendations ensuring CRs/amendments are fit for purpose, negotiated and executed by working with all stakeholders. Execution of Security Projects: Lead and manage the successful delivery of cybersecurity projects, ensuring they align with business needs. Define clear project milestones, KPIs, and timelines to track progress effectively. Collaborate with internal and external stakeholders to ensure smooth implementation. Transition completed projects into ongoing operations with defined ownership and support mechanisms. Anticipate potential challenges and implement proactive risk management strategies. Financial Management: Oversee the development, management, and monitoring of the InfoSec budget, ensuring optimal allocation of resources. Accountability of budgeting and periodic financial forecasting for InfoSec – ensuring that the inputs on budgeting and forecasting are as per agreed frequency. Analyze and report on InfoSec financial performance, providing insights and recommendations for cost optimization, return on investment (ROI) and/ or Value Realization. Prepare and track InfoSec PRs and invoice processing and subsequent payments to partners and vendors. Ensure all InfoSec vendor payments are validated and approved by respective InfoSec teams and are aligned to agreed vendor payments terms and conditions. Track vendor payments against approved amount in InfoSec budget. Publish reports on InfoSec Financial Management to ICT leadership for review Security Architecture: Develop and implement a robust security architecture framework that integrates IT and OT systems. Evaluate and recommend security technologies and tools to improve organizational resilience. Ensure scalability, flexibility, and future-readiness of the security architecture. Conduct regular architecture reviews to ensure compliance with evolving standards and business changes. Provide technical leadership on emerging technologies and trends, such as Zero Trust and Secure Access Service Edge (SASE). Act as the primary SPOC for InfoSec in ARB (Architecture Review Board), ensuring terms and conditions are favorable and aligned with BIAL’s strategic information security goals. Regularly review deployments for compliance with organizational policies, regulatory requirements, ARB approvals and industry standards. Use insights gained from project performance to refine future ARBs, driving continuous improvement in partner selection, infosec requirements, service delivery and cost management. Maintain accurate and up-to-date records of all contractual communications, amendments, and performance evaluations. ICS Security: Develop and enforce security policies and controls for Industrial Control Systems (ICS) and Operational Technology (OT). Work closely with BIAL Projects and E&M teams to design secure processes for OT systems/ ICS. Perform regular vulnerability assessments and penetration testing of OT systems. Ensure alignment with BIAL Operational Technology Cybersecurity Policy and other relevant ICS/OT-specific security standards, such as IEC 62443. Establish monitoring mechanisms to detect and respond to threats in real-time within OT environments. Governance, Risk, and Compliance (GRC): Develop, implement, and maintain information security policies and governance frameworks. Conduct periodic risk assessments and audits to identify vulnerabilities and ensure regulatory compliance, both internally and with external partners. Provide regular updates to executive leadership on the organization’s risk profile and mitigation strategies. Manage relationships with regulatory authorities and ensure timely reporting of compliance metrics. Promote a culture of security awareness and responsibility throughout the organization. Ensure the maintenance of the BIAL’s certifications and standards, including ISO 27001:2022. Strategic Leadership: Provide strategic direction and leadership to the InfoSec team, fostering a culture of excellence and continuous improvement. Drive innovation in information security solutions and practices, ensuring the organization remains competitive and forward-looking. Act as a key advisor to senior management on Information Security matters, contributing to strategic decision-making. Qualifications: Bachelor’s degree in computer science, Information Security, or a related field (Master’s degree preferred). Certifications such as CISSP, CISM, CISA, CEH, or equivalent are highly desirable. A minimum of 12 years of experience in information security, with at least 5 years in a leadership role. Required Skills: Comprehensive understanding of cybersecurity frameworks, technologies, and methodologies (e.g., NIST CSF, ISO 27001, MITRE ATT&CK, ITIL v3, PMP, TOGAF, ISO 20k & 27k and COBIT). Expertise in managed XDR operations, incident response, threat intelligence, and identity management. Familiarity with security architecture principles, ICS/OT security frameworks, and industrial protocols. Strong knowledge of GRC principles and regulatory standards applicable to the industry. Proficient in process improvement and development practices. Strong knowledge of SLA & service management, contract negotiation, and operations management. Knowledge with InfoSec tools like: AV/EDR, Data Leakage Prevention, Metasploit, TripWire, Rapid7, Tenable, Snort, Nessus, Burp Suite, Appscan, Nmap, Wireshark, Firewalls, SIEM, SOAR, , SASE, CASB, PIM/PAM, WAF, O365 suite (Intune, Conditional access, Data classification and protection). Preferred Skills: Experience in driving initiatives centered on continuous improvement, innovation, execution excellence, customer centricity and automation. Leadership and strategic planning skills to align cybersecurity with organizational goals. Analytical and problem-solving skills for assessing threats, vulnerabilities, and risks in complex environments. Exceptional communication and stakeholder management skills to influence decision-making and secure buy-in. Technical expertise in deploying advanced security tools and technologies. Proven ability to lead cross-functional teams, drive organizational change, and manage complex projects. Ability to build and maintain relationships with internal teams, partners, and external vendors.