776 Nessus Jobs - Page 19

Qtech SoftwareCompany Our Solutions PartnersLet's Connect Qtech Software > Careers Careers Nurturing Talent. Creating Possibilities Nurturing Talent At Qtech software, we are invested in employee growth. We offer opportunities that help you explore the limits of your true potential. Our talent is proactively appreciated and developed. Open Door Policy We have an open-door policy and believe in a flat hierarchy. Inputs and feedback are welcome and we encourage a healthy amount of interaction with your seniors and peers. Global Exposure With clients in over 70+ countries, the scope of your achievements and projects is truly global. For those willing to go the extra mile our advancement trajectory is rapid. A young family. Qtech Software is a family of 180+ individuals. We are 19 years young and driven by a passion to digitally empower our customers and communities, transform.Specialized expertise Our teams include product and project managers, business analysts, quality assurance executives, UI & UX Specialists, developers, and testers. Together we offer bleeding-edge, end-to-end solutions for your business goals. Driven by whats next At Qtech we are inspired by the impossible! To solve fundamental real-world problems that remain unchallenged. Our creed Passionate for excellence, united by technology. Stories that Inspire Us Nitin journey at Qtech Software - Marathon of Multiple RolesA marathon of multiple roles Nitin Jain completed 12 years at Qtech Software. Read his amazing journey which involves travel to multiple countries & multi-faceted roles. Read moreVinay Shinde's Career journey ar Qtech SoftwareThe ride of a lifetime Vinay Shinde shares about his 12+ years at Qtech Software. Read this incredible story to find out more about team Qtech and Vinay's journey Read more Current Openings Cybersecurity AnalystConduct Vulnerability Assessments: Identifying potential weaknesses in applications and systems using automated tools and manual techniques. Perform Penetration Tests: Simulating attacks to evaluate the effectiveness of security controls and identify exploitable vulnerabilities. Analyze Findings: Interpreting assessment and testing results to determine the severity and impact of identified vulnerabilities. Report Findings: Documenting vulnerabilities, providing detailed reports with remediation recommendations, and tracking the closure of identified issues. Collaborate with Teams: Working with developers, IT, and security teams to implement security measures and address identified vulnerabilities. Stay Updated: Keeping abreast of the latest security threats, vulnerabilities, and industry best practices. Test Various Application Types: Performing security assessments on web applications, mobile applications, APIs (REST, SOAP, XML, JSON), and potentially cloud-based services. Understand Security Standards and Frameworks: Familiarity with OWASP, NIST, ISO 27001, PCI DSS, and other relevant standards is crucial. Use Security Testing Tools: Proficiency in tools like Burp Suite, OWASP ZAP, Nmap, Nessus, AppScan, Acunetix, Veracode, CheckMarx, etc. Responsibilities: The responsibilities cover the full range of testing work, from websites, mobile apps, and infrastructure testing to social engineering. In this role, the candidate is expected to: test software and hosted platforms, to identify vulnerabilities Carry out penetration testing of web applications, mobile applications, and internal infrastructure analyze code to assess its level of security and to find specific vulnerabilities Manage the security testing process perform complex simulated attacks on networks or systems Stay updated with the latest threats/vulnerabilities produce written technical reports along with an executive summary to a professional standard Research potential vulnerabilities formally brief clients and colleagues Understanding the role of AIML in cybersecurity Qualification: Minimum 3 to 5 years hands-on experience in SAST, DAST, VAPT Certifications like CEH, CompTIA Security+, and OSCP will be considered and added advantages. Familiarity with SAST, DAST, and IAST tools Understanding of Red/Blue teaming and threat hunting Technical skills Using common vulnerability scanning and penetration testing tools, such as NMAP, NESSUS, SQLMAP, and Burp Suite Writing test plans Producing test data Secure code analysis Internal and external penetration testing Behavioral Skills: Ability to work under pressure Good communication skills, with the ability to explain technical issues in a non-technical way, verbally and in writing Influencing internal stakeholders and clients, including those with very different levels of technical knowledge Working to deadlines and prioritizing work appropriately Working independently while remaining part of a team self-discipline to stay strictly within the project scope

About Marvell Marvell’s semiconductor solutions are the essential building blocks of the data infrastructure that connects our world. Across enterprise, cloud and AI, automotive, and carrier architectures, our innovative technology is enabling new possibilities. At Marvell, you can affect the arc of individual lives, lift the trajectory of entire industries, and fuel the transformative potential of tomorrow. For those looking to make their mark on purposeful and enduring innovation, above and beyond fleeting trends, Marvell is a place to thrive, learn, and lead. Your Team, Your Impact At Marvell, we are looking for a Vulnerability Management Professional who will be instrumental in protecting the company’s digital assets. The individual shall come with proven strong technical competence and leadership capability to contribute towards the success of the enterprise-wide vulnerability management program. The ideal candidate will lead the vulnerability management strategy, oversee the identification and remediation of security vulnerabilities, and report on the effectiveness of the program to IT, Engineering, and Product teams. What You Can Expect Lead the vulnerability management program, including developing strategies, policies, and procedures to identify, assess, and remediate security vulnerabilities. Develop and maintain a comprehensive vulnerability management program that aligns with industry best practices and regulatory requirements. Set clear vulnerability management targets and objectives to ensure timely identification, assessment, and remediation of security risks. Collaborate with IT, Engineering, and Product teams to prioritize vulnerability remediation efforts based on risk and business impact. Manage the regular scanning of Marvell’s infrastructure and applications to detect vulnerabilities. Provide leadership and guidance to the vulnerability management team, fostering a culture of continuous improvement and learning. Prepare and present detailed reports on vulnerability findings, remediation progress, and program effectiveness to senior management and relevant stakeholders. Stay abreast of the latest security threats, trends, and technologies to continuously enhance Marvell’s security posture. Collaborate with cross-functional teams to ensure the timely and effective identification and remediation of security vulnerabilities in software, firmware, and hardware products. Conduct regular vulnerability assessments and penetration testing to identify weaknesses and potential threats to Marvell's systems and networks. Work closely with external partners and vendors to ensure that security measures are effectively integrated into Marvell’s products and services. Stay up-to-date on emerging security threats, vulnerabilities, and industry best practices to continuously improve Marvell's security posture. Perform vulnerability risk profiling and prioritization of vulnerabilities. Represent Marvell Semiconductor in security forums, conferences, and industry working groups to share knowledge and expertise in vulnerability management. Lead and manage vulnerability management projects, such as implementing new tools or processes. Metrics, and Reporting: Leverage technology stack to report and manage the requirements of various metrics requested by different stakeholders. What We're Looking For Bachelor's degree in Computer Science, Information Security, or related field. Master's degree preferred. More than 12 years of experience in cybersecurity, with a focus on vulnerability management and penetration testing. In-depth knowledge of common security vulnerabilities, attack vectors, and mitigation techniques. Experience with vulnerability scanning tools such as Qualys, Nessus, or similar. Strong understanding of network protocols, operating systems, and software development processes. Industry certifications such as OSCP, CISSP, GIAC GWAPT, are highly desirable. Excellent communication and interpersonal skills, with the ability to effectively collaborate with technical and non-technical stakeholders. Strong analytical and problem-solving abilities, with a keen attention to detail. Ability to work independently and lead cross-functional teams in a fast-paced environment. Additional Compensation And Benefit Elements With competitive compensation and great benefits, you will enjoy our workstyle within an environment of shared collaboration, transparency, and inclusivity. We’re dedicated to giving our people the tools and resources they need to succeed in doing work that matters, and to grow and develop with us. For additional information on what it’s like to work at Marvell, visit our Careers page. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Show more Show less

Who we think will be a great fit. A passion for information security with a hacker mindset! Self-motivation and Proactiveness Communication skills What we need... We want people with preferably two or more, of the following: 1. Web Application Security Testing. Knowledge about BURP Suite, manual and automated SQLi Bypass filters that detect SQLi, XSS, etc. People who don't think Injection means only SQLi but SSTI, SSJI, ORMi [HQLi], LDAPi, Eli, XMLi etc. 2. Network Infrastructure Testing. Ability to write custom scripts and wrappers. Knowledge of tools like Responder, Ettercap, tcpdump, Empire, etc.not just Nmap and Nessus Have good knowledge about PowerShell scripting and AD/DC infrastructure. 3. Mobile App Testing. Root/jailbreak and Certificate pinning bypass without any automated tool Dynamic instrumentation using Frida De-obfuscation of APK/IPA file 4. IoT Testing. MQTT attacks Fuzzing of IoT devices Firmware extraction 5. Cloud Testing. A good understanding of the cloud infrastructure that includes AWS, Azure and Google cloud. Have a good understanding of microservices architecture. 6. Secure Code Review. Ability to visualize and compile applications without any compiler (in your mind). Has the ability to learn a new programming language on-the-go. Preferred candidate profile : Candidates with relevant professional experience will be given preference.

Job Title: Senior VAPT (Vulnerability Assessment & Penetration Testing) Engineer Location: Indore Experience Required: 5+ Years Job Type: Full-Time Job Summary: We are looking for an experienced and highly skilled VAPT Engineer with a strong background in cybersecurity and hands-on expertise in conducting vulnerability assessments and penetration testing of IT infrastructure, applications, and networks. The candidate must have in-depth knowledge of CERT-In guidelines, security best practices, and regulatory compliance requirements. Key Responsibilities: · - Perform Vulnerability Assessment & Penetration Testing (VAPT) on web applications, mobile applications, APIs, networks, cloud infrastructure, servers, and endpoints. · - Prepare and deliver detailed technical reports with findings, risk ratings, and actionable remediation recommendations. · - Simulate real-world cyberattacks to identify potential security flaws and vulnerabilities. · - Collaborate with development and IT teams to validate and fix vulnerabilities. · - Implement and monitor secure coding practices and DevSecOps principles during SDLC. · - Ensure all testing activities are in line with CERT-In guidelines and other applicable standards (ISO 27001, OWASP, NIST, etc.). · - Stay up-to-date with the latest threats, vulnerabilities, and attack vectors. · - Prepare reports and evidence required for CERT-In audits and compliance. · - Assist in developing internal security policies and SOPs for secure infrastructure. · - Guide and mentor junior security analysts, if required. Required Skills & Qualifications: · - Bachelor's degree in Computer Science, Information Security, or a related field. · - Minimum 5 years of hands-on experience in VAPT and cybersecurity. · - Expertise in tools such as Burp Suite, Nessus, Nmap, Metasploit, Acunetix, Wireshark, Nikto, OWASP ZAP, etc. · - Strong knowledge of OWASP Top 10, SANS 25, and other industry security standards. · - Solid understanding of network protocols, web application architecture, firewalls, IDS/IPS, and endpoint security. · - Familiarity with scripting and automation (Python, Bash, PowerShell). · - Experience in writing and reviewing security assessment reports for technical and non-technical stakeholders. · - In-depth knowledge of CERT-In audit requirements, documentation, and compliance process. Certifications (Preferred): · - CEH / OSCP / LPT / CRTP / CompTIA Pentest+ · - Any CERT-In empanelment project experience will be a strong advantage. Additional Information: · - Strong communication, documentation, and interpersonal skills. · - Ability to manage multiple engagements and deliver under tight timelines. · - Should be able to work independently or in a team. Job Type: Full-time Pay: ₹30,000.00 - ₹45,000.00 per month Benefits: Provident Fund Schedule: Day shift Work Location: In person

Job description As a Security Engineer - VAPT, you will be responsible for conducting comprehensive security assessments, identifying vulnerabilities, and implementing effective remediation strategies. Leveraging your expertise in penetration testing and ethical hacking, you will play a key role in enhancing the security posture of our clients' systems and networks. This position offers an exciting opportunity to work on challenging projects, collaborate with talented professionals, and contribute to the advancement of cybersecurity practices. Key Responsibilities : Perform end-to-end Vulnerability Assessment and Penetration Testing (VAPT) for clients' IT infrastructure, applications, and networks. Conduct thorough security assessments using industry-standard tools and methodologies, including but not limited to, Nmap, Nessus, Metasploit, Burp Suite, and OWASP. Identify and exploit security vulnerabilities to assess the potential impact on clients' systems and data. Prepare detailed assessment reports outlining findings, risk levels, and recommended remediation measures. Collaborate with clients' IT teams to prioritize and address identified security issues in a timely manner. Develop and implement custom scripts or tools to enhance testing capabilities and automate repetitive tasks. Stay abreast of emerging security threats, vulnerabilities, and industry best practices to continually improve testing methodologies. Provide guidance and mentorship to junior security engineers, fostering a culture of knowledge sharing and skill development within the team. Requirements: Bachelor's degree in Computer Science, Information Technology, or related field. 2+ years of experience in cybersecurity, with a focus on Vulnerability Assessment and Penetration Testing. Proficiency in using tools such as Nmap, Nessus, Metasploit, Burp Suite, and OWASP. Hands-on experience with various operating systems, including Windows, Linux, and Unix. Strong understanding of network protocols, web application architecture, and common security vulnerabilities. Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar certifications preferred. Excellent analytical skills and attention to detail, with the ability to prioritize and manage multiple tasks effectively. Effective communication skills, both verbal and written, with the ability to convey technical concepts to non-technical stakeholders. Proven track record of delivering high-quality security assessments and actionable recommendations. Show more Show less

The role is responsible for assisting with the management of escalated severity 1 and 2 issues as required. Ensuring audits and compliance requirements are reviewed and complied with Working closely with IT Security team in deploying and updating anti-virus agent infrastructure Regular and ad-hoc reporting of server infrastructure vulnerabilities Ensure all server infrastructure vulnerabilities are remediated in accordance to MUFG policies. The role will form part of and collaboratively contribute to the team that is responsible for ensuring all server infrastructures complies with MUFG security policies. Overview The role is responsible for assisting with the management of escalated severity 1 and 2 issues as required. Ensuring audits and compliance requirements are reviewed and complied with Working closely with IT Security team in deploying and updating anti-virus agent infrastructure Regular and ad-hoc reporting of server infrastructure vulnerabilities Ensure all server infrastructure vulnerabilities are remediated in accordance to MUFG policies The role will form part of and collaboratively contribute to the team that is responsible for ensuring all server infrastructures complies with MUFG security policies Key Accountabilities and Main Responsibilities Strategic Focus Compliance with MUFG security policies in regards to all server infrastructures Monitoring of server infrastructure vulnerabilities through regular and ad-hoc reporting Operational Management Available to consistently work outside of normal business hours including weekends to remediate vulnerabilities across the server fleet Supporting the escalation of severity 1 and 2 issues Governance & Risk Ensure adherence to legal and regulatory requirements Support MUFG assurance programs that deliver effective risk management and compliance practices Experience & Personal Attributes Degree-educated or relevant professional qualifications are desirable but not essential 3+ Years of experience in IT with at least 2 years on a server operational capacity Advanced understanding and skills of virtualisation technologies Significant experience displaying an excellent understanding of physical and virtualised server management products Strong understanding of technical issue resolution across multiple OS platforms and core infrastructure technologies A track record in and/or proven ability to manage time, prioritise work, and multi-task workloads A track record in and/or proven ability in understanding of basic network concepts for problem resolution. Personal commitment to and visible role modelling of the organisation's behaviours and values A problem solving mindset, with in depth knowledge of IT Infrastructure technology of multiple operating system platforms and configurations Must have an understanding of Windows Updates including deployment, supporting tools and troubleshooting Ability to achieve targets and deadlines with minimal supervision Experience with virtualisation management tools such as VMware and Azure. Excellent understanding of virtualisation operational components and management of operating systems in virtual environments Excellent understanding of core Microsoft infrastructure technologies including Active Directory, basic networking etc. Understanding of UNIX operating systems (Ubuntu, Oracle, Red Hat, CentOS) general administration, update processes and trouble shooting Highly Regarded: Operational knowledge of HCL BigFix patching management tool including relevance language Advanced skills in Unix platforms including Ubuntu, Oracle, Red Hat and CentOS Advanced skills in Azure or VMware virtualisation management tools Experience with CrowdStrike management portal, sensor deployment and reporting Experience with vulnerability remediation for Windows or Unix platforms Experience with Tenable.IO Nessus configuration and reporting Ability to automate processes through scripting including PowerShell, BASH, dos batch, etc. Show more Show less

Job Information Date Opened 06/18/2025 Job Type Full time Industry IT Services Work Experience 4-5 years City Bangalore State/Province Karnataka Country India Zip/Postal Code 560024 Job Description About Globals: Globals has drastically grown from a small home office to a globally recognized enterprise offering world-class quality solutions on Cybersecurity, Cyberwarfare, ERP Systems, AI, and Enterprise Application Development for various industries including Defence, Education, Government, Financial Services and Transport Industries. Globals has enabled its customers to be game-changers in their industry through its disruptive and innovative solutions. Globals is certified as a "Great Place to Work" organization for its laudable work culture that helps its team members manage work-life, have dedicated hours to upskill and reskill themselves, and most important to ensure that the projects that they are working on are always unique, challenging their status quo every time. Our unique work culture has made us one of the world’s fastest-growing technology companies as recognized and featured by The Economist. Our excellence in technical stewardship and service-offering expertise has facilitated our clients ranging from individual entrepreneurs to Fortune Global 500 – to explore new business opportunities, reduce their operational costs significantly and boost their revenues. Today, Globals enjoys a strong position in the industry as a high-performing leader through its technology innovation and remarkable domain expertise. Globals is a CMMI Level 3 certified company. About the Job Role: We are seeking a skilled Offensive Security Researcher with hands-on experience in penetration testing, vulnerability research, and exploit development with a focus on Windows systems. The ideal candidate will be responsible for identifying and exploiting security weaknesses across Windows systems, applications, and networks to simulate real-world cyberattacks. This role is critical in strengthening our organization's security posture by providing actionable insights, supporting incident response, and contributing to continuous security improvements. You will work closely with security engineers, blue teams, and development teams to bridge gaps between offense and defense. Responsibilities: Identify and analyze vulnerabilities in Windows OS (e.g., Windows 10/11, Windows Server), kernel components, drivers, and user- mode applications. Research zero-day vulnerabilities and develop PoC exploits to demonstrate impact. Analyze patch diffs and reverse-engineer Windows updates to uncover exploitable conditions. Analyze obfuscated malware samples to understand attack vectors and vulnerabilities. Document vulnerabilities, exploitation techniques, and PoC code in clear, reproducible formats. Contribute to vulnerability databases, advisories, or whitepapers with the vendor and to CERT. Conduct comprehensive penetration tests (VAPT) on web applications, APIs, networks, mobile apps, and cloud environments. Collaborate with blue teams to improve defensive controls based on offensive insights. Continuously research emerging threats, attack techniques (TTPs), and security trends to keep tools and techniques up-to-date. Support incident response teams during active breaches with offensive techniques such as attacker simulation and pivoting. Participate in threat modeling and security architecture reviews from an attacker’s perspective. Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience. Deep understanding of Windows kernel, memory management, process/thread handling, security and Windows APIs (kernel32.dll, ntdll.dll) Expertise in writing exploits for Windows vulnerabilities, bypassing mitigations like ASLR, DEP, and CFG. Strong skills in C/C++, Python, and Assembly (x86/x64); familiarity with PowerShell. Knowledge of network protocols and raw packet manipulation for exploit delivery (e.g., using raw sockets or PCAP). Familiarity with offensive security tools like Metasploit, Cobalt Strike, or custom exploit frameworks. Proficiency with tools like IDA Pro, Ghidra, WinDbg, OllyDbg, or Radare2 for analyzing Windows binaries/drivers and dynamic analysis tools (Process Monitor, Process Explorer). Strong proficiency with penetration testing tools such as Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, Nessus, and others. Practical experience in exploit development, reverse engineering, or binary analysis is a strong plus. Familiarity with social engineering techniques and phishing campaigns is a plus. Relevant certifications are highly desirable (e.g., OSCP, CEH etc.,). Apply Now

Job Role Position: Security Engineer (L3): System Compliance and Identity & Access Management Work Location: Mumbai Educational Qualification: Bachelor’s degree in Engineering or equivalent Work Experience: L3 (6+ yrs) Certification: Azure Security certification / GCP Security Certification / AWS Cloud Security Certification or similar certifications Flexible on working hours and ready for 24/7 support model. Knowledge & Skills Good knowledge in Security technologies of Azure or GCP or AWS or on-premises Identity and access management Working knowledge on IAM related protocols such as SAML, SPML, XACML, SCIM, OpenID and OAuth Working knowledge on Windows AD, Windows ADFS, Windows AD Sites and Trusts Working knowledge on various identity providers such as Windows AD, Okta, Oracle, PingID Working knowledge of multi-Factor authentication and Privileged Access Management Good understanding of Identity Protection, Identity & Access Solution Migration System Compliance Working knowledge of one of the technology administration & patching like Windows, Unix, DB, MW, Others Hands-on experience with one or more configuration management systems such as Ansible, Chef, or Puppet Knowledge of vulnerability scoring systems (CVSS/CMSS) Good understanding of Windows and Unix administration & patching Work experience with vulnerability assessment tools like Qualys, Foundstone, Rapid7, Nessus and similar Working experience in Public / Private / Hybrid Cloud solutions and their best practices Hands on experience using the various cloud administration portal Hands-on with PowerShell, Python, or other scripting languages Knowledge on Cloud (Azure, GCP, AWS) Security concepts and technologies Provides remediation guidance and prepares management reports to track remediation activities. Knowledge in information security management, compliance principles, practices, laws, rules and regulations Strong understanding on Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols Knowledge in cloud security standard frameworks, architecture, design, controls, technology solutions and service orchestration Skills: security,powershell,identity & access solution migration,windows adfs,data architecture,aws,windows,information security management,ansible,chef,azure security,cloud administration portals,identity protection,gcp security,identity and access management,compliance principles,iam protocols (saml, spml, xacml, scim, openid, oauth),management,cvss,mfa,azure,python,access,puppet,aws cloud security,patching,system compliance,network infrastructure,privileged access management,vulnerability assessment tools (qualys, foundstone, rapid7, nessus),cloud solutions (public/private/hybrid),windows ad,security certification Show more Show less

About Zeta Zeta is a Next-Gen Banking Tech company that empowers banks and fintechs to launch banking products for the future. It was founded by Bhavin Turakhia and Ramki Gaddipati in 2015. Our f lagship processing platform - Zeta Tachyon - is the industry’s first modern, cloud-native, and fully API-enabled stack that brings together issuance, processing, lending, core banking, fraud & risk, and many more capabilities as a single-vendor stack. 15M+ cards have been issued on our platform globally. Zeta is actively working with the largest Banks and Fintechs in multiple global markets transforming customer experience for multi-million card portfolios. Zeta has over 1700+employees - with over 70%roles in R&D - across locations in the US,EMEA, and Asia. We raised$280 million at a$1.5 billion valuation from Softbank, Mastercard, and other investors in 2021.Learn more @ www.zeta.tech , careers.zeta.tech , Linkedin , Twitter The Role As part of the Risk & Compliance team within the Engineering division at Zeta, the Application Security Manager is tasked with safeguarding all mobile, web applications, and APIs. This involves identifying vulnerabilities through testing and ethical hacking, while also educating developers and DevOps teams on how to resolve them. Your primary goal will be to ensure the security of Zeta's applications and platforms. As a manager, you'llbe responsible for securing all of Zeta’s products. In this individual contributor role, you will report directly to the Chief Information Security Officer (CISO). The role involves ensuring the security of web and mobile applications, APIs, and infrastructure by conducting regular VAPT. It requires providing expert guidance to developers on how to address and fix security vulnerabilities, along with performing code reviews to identify potential security issues. The role also includes actively participating in application design discussions to ensure security is integrated from the beginning and leading Threat Modeling exercises to identify potential threats. Additionally, the profile focuses on developing and promoting secure coding practices, educating developers and QA engineers on security standards for secure coding, data handling, network security, and encryption. The role also entails evaluating and integrating security testing tools like SAST, DAST, and SCA into the CI/CD pipeline to enhance continuous security integration. Responsibilities Guide Security and Privacy Initiatives: Actively participate in design reviews and threat modeling sessions to help shape the security and privacy approach for technology projects, ensuring security is embedded at all stages of application development. Ensure Secure Application Development: Collaborate with developers and product managers to ensure that applications are securely developed, hardened, and aligned with industry best practices. Project Scope Management: Define the scope for security initiatives, ensuring continuous adherence throughout each project phase, from initiation to sustenance/maintenance. Drive Internal Adoption and Visibility: Ensure that security projects are well-understood and adopted by internal stakeholders, fostering a culture of security awareness within the organization. Security Engineering Expertise: Serve as a technical expert and security champion within Zeta, providing guidance and expertise on security best practices across the organization. Team Leadership and Development Make decisions on hiring and lead the hiring process to build a skilled security team. Define and drive improvements in the hiring process to attract top security talent. Mentor and guide developers and QA teams on secure coding practices and security awareness. Security Tool and Gap Assessment: Continuously assess and recommend tools to address gaps in application security, ensuring the team is equipped with the best resources to identify and address vulnerabilities. Stakeholder Liaison: Collaborate with both internal and external stakeholders to ensure alignment on security requirements and deliverables, acting as the main point of contact for all security-related matters within the team. Bug Bounty Program Management: Evaluate and triage security bugs reported through the Bug Bounty program, working with relevant teams to address and resolve issues effectively. Own Security Posture: Take ownership of the security posture of various applications across the business units, ensuring that security best practices are consistently applied and maintained. Skills Hands-on experience in Vulnerability Assessment (VA) and Penetration Testing (PT) across web, mobile, API, and network/Infra environments. Deep understanding of the OWASP Top 10 and their respective attack and defense mechanisms. Strong exposure to Secure SDLC activities, Threat Modeling, and Secure Coding practices. Experience with both commercial and open-source security tools, including Burp Suite, AppScan, OWASP ZAP, BEEF, Metasploit, Qualys, Nipper, Nessus andSnyk. Expertise in identifying and exploiting business logic vulnerabilities. Solid understanding of cryptography, PKI-based systems, and TLS protocols. Proficiency in various AuthN/AuthZ frameworks (OIDC, OAuth, SAML) and the ability to read, write, and understand Java code. Experience with Static Analysis and Code Reviews using tools like Snyk,Fortify,Veracode, Checkmarx, and SonarQube. Hands-on experience in reverse engineering mobile apps and using tools like Dex2jar, ADB, Drozer, Clang, iMAS, and Frida/Objection for dynamic instrumentation. Experience conducting penetration tests and security assessments on internal/external networks, Windows/Linux environments, and cloud infrastructure (primarily AWS). Ability to identify and exploit security vulnerabilities and misconfigurations in Windows and Linux servers. Proficiency in shell scripting and automating tasks with tools such as Python or Ruby. Familiarity with PA-DSS, PCI SSF (S3, SSLC), and other security standards like PCI DSS, DPSC, ASVS and NIST. Understanding of Java frameworks like Spring Boot, CI/CD processes, and tools like Jenkins & Bitrise. In-depth knowledge of cloud infrastructure (AWS, Azure), including VPC/VNet, S3 buckets, IAM,Security Groups, blob stores, Load Balancers, Docker containers, and Kubernetes. Solid understanding of agile development practices. Active participation in bug bounty programs (HackerOne, Bug Crowd, etc.) and experience with hackathons and Capture the Flag (CTF) competitions. Knowledge of AWS/Azure services, including network configuration and security management. Experience with databases (PostgreSQL, Redshift, MySQL) and other data storage solutions like Elasticsearch and S3 buckets. Preferred Certifications: OSCP, OSWE, GWAPT, AWAE, AWS Certified Security Specialist, CompTIA Security+ Experience And Qualifications 12 to 18 years of overall experience in application security, with a strong background in identifying and mitigating vulnerabilities in software applications. A background in development and experience in the fintech sector is a plus. Bachelor of Technology (BE/ B.Tech ), M.Tech , or ME in Computer Science or an equivalent degree from an Engineering college/University. Life At Zeta At Zeta, we want you to grow to be the best version of yourself by unlocking the great potential that lies within you. This is why our core philosophy is ‘People Must Grow.’ We recognize your aspirations; act as enablers by bringing you the right opportunities, and let you grow as you chase disruptive goals. is adventurous and exhilarating at the same time. You get to work with some of the best minds in the industry and experience a culture that values the diversity of thoughts. If you want to push boundaries, learn continuously and grow to be the best version of yourself, Zeta is the place to be! Explore the life at zeta Zeta is an equal opportunity employer. At Zeta, we are committed to equal employment opportunities regardless of job history, disability, gender identity, religion, race, marital/parental status, or another special status. We are proud to be an equitable workplace that welcomes individuals from all walks of life if they fit the roles and responsibilities. Show more Show less

About Globals: Globals has drastically grown from a small home office to a globally recognized enterprise offering world-class quality solutions on Cybersecurity, Cyberwarfare, ERP Systems, AI, and Enterprise Application Development for various industries including Defence, Education, Government, Financial Services and Transport Industries. Globals has enabled its customers to be game-changers in their industry through its disruptive and innovative solutions. Globals is certified as a "Great Place to Work" organization for its laudable work culture that helps its team members manage work-life, have dedicated hours to upskill and reskill themselves, and most important to ensure that the projects that they are working on are always unique, challenging their status quo every time. Our unique work culture has made us one of the world’s fastest-growing technology companies as recognized and featured by The Economist. Our excellence in technical stewardship and service-offering expertise has facilitated our clients ranging from individual entrepreneurs to Fortune Global 500 – to explore new business opportunities, reduce their operational costs significantly and boost their revenues. Today, Globals enjoys a strong position in the industry as a high-performing leader through its technology innovation and remarkable domain expertise. Globals is a CMMI Level 3 certified company. About the Job Role: We are seeking a skilled Offensive Security Researcher with hands-on experience in penetration testing, vulnerability research, and exploit development with a focus on Windows systems. The ideal candidate will be responsible for identifying and exploiting security weaknesses across Windows systems, applications, and networks to simulate real-world cyberattacks. This role is critical in strengthening our organization's security posture by providing actionable insights, supporting incident response, and contributing to continuous security improvements. You will work closely with security engineers, blue teams, and development teams to bridge gaps between offense and defense. Responsibilities: Identify and analyze vulnerabilities in Windows OS (e.g., Windows 10/11, Windows Server), kernel components, drivers, and user- mode applications. Research zero-day vulnerabilities and develop PoC exploits to demonstrate impact. Analyze patch diffs and reverse-engineer Windows updates to uncover exploitable conditions. Analyze obfuscated malware samples to understand attack vectors and vulnerabilities. Document vulnerabilities, exploitation techniques, and PoC code in clear, reproducible formats. Contribute to vulnerability databases, advisories, or whitepapers with the vendor and to CERT. Conduct comprehensive penetration tests (VAPT) on web applications, APIs, networks, mobile apps, and cloud environments. Collaborate with blue teams to improve defensive controls based on offensive insights. Continuously research emerging threats, attack techniques (TTPs), and security trends to keep tools and techniques up-to-date. Support incident response teams during active breaches with offensive techniques such as attacker simulation and pivoting. Participate in threat modeling and security architecture reviews from an attacker’s perspective. Requirements Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent practical experience. Deep understanding of Windows kernel, memory management, process/thread handling, security and Windows APIs (kernel32.dll, ntdll.dll) Expertise in writing exploits for Windows vulnerabilities, bypassing mitigations like ASLR, DEP, and CFG. Strong skills in C/C++, Python, and Assembly (x86/x64); familiarity with PowerShell. Knowledge of network protocols and raw packet manipulation for exploit delivery (e.g., using raw sockets or PCAP). Familiarity with offensive security tools like Metasploit, Cobalt Strike, or custom exploit frameworks. Proficiency with tools like IDA Pro, Ghidra, WinDbg, OllyDbg, or Radare2 for analyzing Windows binaries/drivers and dynamic analysis tools (Process Monitor, Process Explorer). Strong proficiency with penetration testing tools such as Burp Suite, Metasploit, Cobalt Strike, Nmap, Wireshark, Nessus, and others. Practical experience in exploit development, reverse engineering, or binary analysis is a strong plus. Familiarity with social engineering techniques and phishing campaigns is a plus. Relevant certifications are highly desirable (e.g., OSCP, CEH etc.,). Show more Show less

Will be working on Application security testing Skills. Strategize and plan static and dynamic application security testing (SAST/DAST / SCA) tools. Will be responsible for Secure Coding Practices Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise BE / B Tech in any stream, M.Sc. (Computer Science/IT) / M.C.A, with Minimum 4 plus years of experience Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST/ SCA) tools. Secure Coding Practices: Knowledge of secure coding standards (e.g., OWASP Top Ten) and experience in reviewing code for security vulnerabilities. Threat Modelling: Ability to conduct threat modelling sessions to identify and mitigate security risks Preferred technical and professional experience Vulnerability Assessment: Experience in conducting vulnerability assessments and penetration testing Application Security Testing: Experience with static and dynamic application security testing (SAST/DAST) tools. Security Tools: Proficiency in using security tools like Burp Suite, Nessus, or Fortify

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Position Overview: F5 is seeking a highly experienced and results-driven Technical Program Manager (TPM) to lead and manage critical programs focused on software security. This is a senior level role that will drive initiatives that enhance F5s security posture by implementing best practices for vulnerability management, security scanners, CVE tracking, Security Software Development Life Cycle (SDLC), and more. The ideal candidate will have a deep understanding of security programs, a strong technical background in software development, and a proven track record of successfully delivering cross-functional initiatives in complex environments. As a trusted leader, you will collaborate closely with engineering, security, product, and operations teams to ensure F5s products and processes meet the highest security standards while enabling business objectives. Key Responsibilities: Program Management: Strategically plan and deliver programs and initiatives across key security and vulnerability management areas, including implementation of security tools (scanners, CI/CD integrations), tracking and addressing vulnerabilities (e.g., CVEs), and enforcing best practices throughout the software development lifecycle. Own program roadmaps, timelines, deliverables, and reporting, ensuring execution aligns with business goals, security requirements, and resource capacity. Drive key metrics and outcomes for security, tracking improvements in vulnerability remediation, compliance, and overall risk reduction. Security SDLC and Vulnerability Management: Partner with engineering and security teams to integrate Security SDLC (Secure Software Development Lifecycle) best practices into the development process, ensuring security is considered and implemented at every stage. Manage programs for vulnerability detection, assessment, and remediation to ensure timely resolution of security risks identified across F5 products and environments. Develop and implement governance processes for tracking and addressing externally reported vulnerabilities, such as Common Vulnerabilities and Exposures (CVEs) , ensuring effective prioritization and swift resolution. Cross-Functional Collaboration: Build strong relationships with software engineering, product management, cybersecurity, IT, and operations teams to foster alignment across security-related goals and projects. Act as the central point of coordination for security initiatives, driving progress and ensuring accountability across stakeholders. Facilitate efficient communication between technical and non-technical teams to ensure clarity around priorities, goals, and timelines. Risk and Compliance Management: Drive alignment on security requirements, risk tolerance, and compliance needs, partnering with internal and external security auditors where required. Ensure teams are meeting corporate and industry security standards, including regulatory and policy compliance, while achieving development velocity. Proactively identify and manage security risks through effective mitigation planning and ongoing tracking. Process Improvement and Tooling: Evaluate current security program practices, tools, and workflows, identifying gaps and opportunities for improvement in efficiency and effectiveness. Lead the implementation of automated tools for static and dynamic code analysis, dependency scanning, and configuration management to identify and address vulnerabilities earlier in the development process. Metrics and Reporting: Define, track, and report on KPIs and success metrics for security efforts, including vulnerability remediation rates, defect density reduction, and SLAs for incident response. Provide clear and actionable updates to executive leadership and key stakeholders on the status of security programs, progress, risks, and outcomes. Qualifications: Education: Bachelors degree in Computer Science, Software Engineering, Cybersecurity, or a related technical discipline (Masters preferred). Experience: 8+ years of experience in program management, with at least 3 years focused on security programs, vulnerability management, or security operations (senior level); 10+ years for principal level. Proven experience implementing Security SDLC processes and collaborating with software teams to deliver secure, production-grade solutions. Solid understanding of security domains, particularly vulnerability scanning tools (e.g., Tenable Nessus, Snyk, Qualys), CVE tracking, dependency management, and secure coding practices. Technical Expertise: In-depth knowledge of software development methodologies, including Agile and DevSecOps principles. Familiarity with CI/CD pipelines, source code repositories, and tools for static/dynamic application security testing (e.g., SonarQube, Checkmarx, Veracode). Understanding of vulnerability databases (e.g., NVD), common exploitation techniques, and secure design principles. Basic understanding of threat modeling and risk assessment techniques (stronger expertise is a plus). Leadership and Collaboration: Experience working in highly cross-functional, multi-team environments, with the ability to motivate, guide, and align diverse stakeholders. Exceptional interpersonal, written, and verbal communication skills, with the ability to convey complex security requirements and issues to non-technical audiences, executives, and engineering teams alike. Demonstrated ability to influence without authority and lead by example. Problem Solving and Decision Making: Ability to analyze complex problems, evaluate trade-offs, and make sound decisions in a fast-paced environment. Strong risk management skills, with the ability to balance security needs with engineering velocity and business priorities. Preferred Qualifications: Project management certification (e.g., PMP, PgMP, or PMI-ACP) or security-related certifications (e.g., CISSP, CISM, or CISA). Experience with cloud security and platform-oriented vulnerability management tools like Bugzilla or similar. Familiarity with emerging cybersecurity trends and zero-day vulnerability exploitation techniques. Knowledge of networking and application delivery technologies (F5 experience is a plus!). The is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change. Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com ) . Equal Employment Opportunity It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates . Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.

Date 31 May 2025 Location: Bangalore, IN Company Alstom At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars. Could you be the full-time Security into Project Specialist in Bangalore were looking for Your future role Take on a new challenge and apply your cybersecurity and project management expertise in a new cutting-edge field. Youll work alongside innovative, dedicated teammates. You'll ensure the robust integration of security within our IS&T projects, safeguarding our digital initiatives. Day-to-day, youll work closely with teams across the business (Security Architecture, GRC and ISMS team, Architects, Project Managers and PMO, Business teams), review and approve security deliverables and much more. Youll specifically take care of validating Security Inquiry for Partners (SIP) and ensuring secure configurations are applied, but also make informed decisions about security acceptance based on residual risk and asset value. Well look to you for: Reviewing and approving security deliverables Ensuring the application of the "Security into Project" policy Validating and signing off on Security Inquiry for Partners Applying secure configurations for projects or business initiatives Making decisions on security acceptance Implementing design patterns and standards All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Degree in Engineering/Technology Experience or understanding of cybersecurity, architecture and design Knowledge of security architecture and infrastructure Familiarity with cloud solutions (Microsoft Azure/O365) A CISSP or CISM certification Ability to analyze technical risks and vulnerabilities Fluency in English Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges and a long-term career free from boring daily routines Work with cutting-edge security standards for rail signalling Collaborate with transverse teams and supportive colleagues Contribute to innovative projects that shape the future of transportation Utilise our dynamic working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development, through award-winning learning Progress towards leadership roles within the cybersecurity domain Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, youll be proud. If youre up for the challenge, wed love to hear from you! Important to note As a global business, were an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.

Date 7 Jun 2025 Location: Bangalore, KA, IN Company Alstom Req ID:478631 Could you be the full-time Cybersecurity Engineer Cyber Applications in Bangalore were looking for Your future role Take on a new challenge and apply your cybersecurity and system/network administration expertise in a new cutting-edge field. Youll work alongside innovative, dedicated, and supportive teammates. You'll maintain and enhance the security of Alstoms products and solutions, ensuring the integrity and resilience of our transport networks. Day-to-day, youll work closely with teams across the business (such as V&V, platform validation, and regional cybersecurity), execute design and deployment activities, and much more. Youll specifically take care of the maintenance of cybersecurity tools and applications, but also prepare and execute design & deployment activities for various projects and programs. Well look to you for: Maintaining cybersecurity tools and applications Preparing and executing design & deployment activities Executing specific testing activities and preparing reports Supporting validation and verification teams Acting as the administrator for cybersecurity applications Identifying cybersecurity tools and practices and providing guidance All about you We value passion and attitude over experience. Thats why we dont expect you to have every single skill. Instead, weve listed some that we think will help you succeed and grow in this role: Degree in Computer Science, Information Technology, or equivalent Experience or understanding of cybersecurity in the context of industrial control systems or network administration Knowledge of design & deployment of NIDS such as Fortinet, Nozomi, Dragos, etc. Familiarity with system administration of Windows or Linux servers/systems A certification like MCSE, RHCE, LPIC, CCNA, or Network+ Preferably a cybersecurity certification like ECSA, Security+ Strong communication skills and the ability to work in a matrix organization Things youll enjoy Join us on a life-long transformative journey the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. Youll also: Enjoy stability, challenges and a long-term career free from boring daily routines Work with new security standards for rail signalling Collaborate with transverse teams and helpful colleagues Contribute to innovative projects Utilise our flexible working environment Steer your career in whatever direction you choose across functions and countries Benefit from our investment in your development, through award-winning learning Progress towards roles of greater responsibility and leadership Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) You dont need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, youll be proud. If youre up for the challenge, wed love to hear from you! Important to note As a global business, were an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. Were committed to creating an inclusive workplace for everyone.

Position: Senior Security Engineer (NV58FCT RM 3325) Job Description: 5–8 years of experience in security engineering, preferably with a focus on cloud-based systems. Strong understanding of cloud infrastructure (AWS/GCP/Azure), including IAM, VPC, security groups, key management, etc Hands-on experience with security tools (e.g., AWS Security Hub, Azure Defender, Prisma Cloud, CrowdStrike, Burp Suite, Nessus, or equivalent). Familiarity with containerization and orchestration security (Docker, Kubernetes). Proficient in scripting (Python, Bash, etc.) and infrastructure automation (Terraform, CloudFormation, etc.). In-depth knowledge of encryption, authentication, authorization, and secure communications. Experience interfacing with clients and translating security requirements into actionablesolutions. Preferred Qualifications: Certifications such as CISSP, CISM, CCSP, OSCP, or cloud-specific certs (e.g., AWS Security Specialty). Experience with zero trust architecture and DevSecOps practices. Knowledge of secure mobile or IoT platforms is a plus. Soft Skills: Strong communication and interpersonal skills to engage with clients and internal teams. Analytical mindset with attention to detail and a proactive attitude toward risk mitigation. Ability to prioritize and manage multiple tasks in a fast-paced environment Document architectures, processes, and procedures, ensuring clear communication across the team. ******************************************************************************************************************************************* Job Category: Digital_Cloud_Web Technologies Job Type: Full Time Job Location: BhubaneshwarNoida Experience: 5 - 8 Years Notice period: 0-30 days

The Information Security team defends the company’s digital infrastructure by designing, implementing, and improving the company’s cybersecurity architecture. This is a critical role responsible for protecting infrastructure, cloud, edge devices, and data against unauthorized use, modification, exfiltration, or damage. This role identifies threats, manages projects and engineers solutions that impact the entire company. An ideal candidate for this role is technical, dedicated to learning new things, security-minded, strong initiative, and able to manage projects autonomously. Responsibilities Engineer security solutions without oversight and collaborate with multiple departments; Analyze security systems and seek improvements on a continuous basis; Research vulnerabilities, perform vulnerability scanning, and mitigate threats; Develop security best practices and policies for the organization; Document new processes, cross-train coworkers, and assist employees on security-related matters; Provide security awareness training and testing for employees to verify proper security protocols are being followed; Staying current with cybersecurity knowledge by participating in educational opportunities, reading professional publications, and participating in professional organizations; Performing cyber security incident response, and remediation activities; and Facilitate access reviews of company data and revoke inappropriate/overprovisioned access in order to drive least privilege access. Qualifications Require at least a bachelor’s degree preferably in Information Technology; Require a minimum of at least 2 years of experience in implementing Information Security solutions; Understanding of security best practices and how to implement them at a business-wide level; Experience with managing, configuring, and deploying enterprise-grade security solutions in some of the following: SIEM Privileged Access Management/Identity Access Management/Multifactor Authentication Endpoint Detection & Response Network Access Control Cloud based architecture such as Azure/AWS Active Directory Soft skills including excellent communication skills, critical thinking skills with the ability to solve problems as they arise, and ability to prioritize projects; and Basic scripting skills, such as PowerShell/Python scripting. Nice to have: Experience with vulnerability assessment tools such as Nessus and Tenable; Experience with enterprise web proxy solutions, web filters, and VPN; Experience with email security solutions; Experience with firewall and network architecture; Experience with administrating Windows environment including GPO and servers; Previous employment or experience in a highly regulated industry such as healthcare, financial, or defense experience with standards such as ISO, NIST, HIPAA, GDPR, SOC Type 2, etc; and Auditing and policy-writing experience. Medpace Overview Medpace is a full-service clinical research organization (CRO). We provide Phase I-IV clinical development services to the biotechnology, pharmaceutical and medical device industries. Our mission is to accelerate the global development of safe and effective medical therapeutics through its scientific and disciplined approach. We leverage local regulatory and therapeutic expertise across all major areas including oncology, cardiology, metabolic disease, endocrinology, central nervous system, anti-viral and anti-infective. Headquartered in Cincinnati, Ohio, employing more than 5,000 people across 40+ countries. Why Medpace? People. Purpose. Passion. Make a Difference Tomorrow. Join Us Today. The work we’ve done over the past 30+ years has positively impacted the lives of countless patients and families who face hundreds of diseases across all key therapeutic areas. The work we do today will improve the lives of people living with illness and disease in the future. Medpace Perks Flexible work environment Competitive compensation and benefits package Competitive PTO packages Structured career paths with opportunities for professional growth Company-sponsored employee appreciation events Employee health and wellness initiatives Awards Recognized by Forbes as one of America's Most Successful Midsize Companies in 2021, 2022, 2023 and 2024 Continually recognized with CRO Leadership Awards from Life Science Leader magazine based on expertise, quality, capabilities, reliability, and compatibility What To Expect Next A Medpace team member will review your qualifications and, if interested, you will be contacted with details for next steps. Show more Show less

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. Attack & Penetration Testing - Staff As part of our Cyber Security team, you shall perform penetration testing which includes internet, intranet, wireless, web application, mobile application, social engineering and physical penetration testing. You shall also perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. The opportunity We’re looking for Security Consultant with expertise in penetration testing. This is a fantastic opportunity to be part of a leading firm whilst being instrumental in the growth of a new service offering. Your Key Responsibilities Perform penetration testing which includes internet, intranet, web application, Mobile app (Android & iOS), APIs, wireless, Cloud Security, social engineering, physical penetration testing. Execute penetration testing projects using the established methodology, tools and rules of engagements. Execute red team assessments to highlight gaps impacting organizations security postures. Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations. Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations. Convey complex technical security concepts to technical and non-technical audiences including executives. Utilize tools such as BurpSuite, Nessus, Nmap, Kali Linux, Metasploit and Nessus for effective vulnerability assessment and penetration testing. Strong knowledge of OWASP Top 10 web and the ability to effectively communicate methodologies and techniques with development teams Understanding of TCP/IP network protocols. Develop automated solutions that mitigate risks throughout the organization. Provide technical leadership and advise to junior team members on attack and penetration test engagements. Skills And Attributes For Success Understanding of web-based application vulnerabilities (OWASP Top 10). Understanding of TCP/IP network protocols. Understanding of network security and popular attacks vectors. Ability to communicate detailed technical information to a non-technical audience clearly Good to have experience with Operation Technology / Internet of Things, Cloud technologies (AWS, Azure, GCP), Active Directory penetration testing Strong understanding of security principles, policies, and industry best practices Demonstrable flair for technical writing, including engagement reports, presentations and operating procedures To qualify for the role, you must have BE/ B.Tech/ MCA or equivalent Minimum of 2 years of work experience in penetration testing which may include at least three of the following: internet, intranet, web app, APIs, Mobile App, wireless, Cloud Security, social engineering, physical and Red Team assessments. One of the following certifications: OSCP, OSCE, CRTP, CRTO, eCPTX, ejpt or eWPTX Knowledge of Windows, Linux, UNIX, any other major operating systems. 2+ years of work experience in performing Penetration testing. Good to have Strong Excel, Word and PowerPoint skills. Ideally, you’ll also have Certifications: ejpt, OSCP, CRTP, ECSA. What We Look For Who can perform penetration testing which includes Network, wireless, web application, mobile application, social engineering and physical penetration testing and provide analysis for the testing results. What Working At EY Offers At EY, we’re dedicated to helping our clients, from start–ups to Fortune 500 companies — and the work we do with them is as varied as they are. You get to work with inspiring and meaningful projects. Our focus is education and coaching alongside practical experience to ensure your personal development. We value our employees and you will be able to control your own development with an individual progression plan. You will quickly grow into a responsible role with challenging and stimulating assignments. Moreover, you will be part of an interdisciplinary environment that emphasizes high quality and knowledge exchange. Plus, we offer: Support and feedback from some of the most engaging colleagues around Opportunities to develop new skills and progress your career The freedom and flexibility to handle your role in a way that’s right for you EY | Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today. Show more Show less

We are looking for a motivated Information Security Analyst to run Information Security processes . The main focus area will be Vulnerability Management . You will be responsible for: - Analysing vulnerabilities, - Providing necessary information and guidance to IT Technology Owners, - Monitoring remediation actions. You will have the ability to continuously learn about technologies and associated vulnerabilities, practice interactions with IT stakeholders and get detailed understanding of corporate processes (e.g. IT Change Management, Software Development). SPECIFIC ASSIGNMENTS: You will be working on running the Vulnerability Management processes. You will participate in assessing and evaluating vulnerabilities. You will have the opportunity to work with vulnerability assessment technologies from industry leaders. Your task will be to get understanding of the issue, inform respective IT Technology Owner and provide guidance on recommended action and monitor the execution. In the constantly changing world of emerging vulnerabilities and bit IT landscape of Eurofins you will have numerous opportunities to learn new aspects of vulnerabilities and get better, in-depth understanding of their underlying details. Your role is strategic for the organization running the vulnerability management process is key to secure the Company, build strong layer of defence and improve Companys external posture! Technical details, leading security products, industry best practices, guidelines - you will be working with them on day-to-day basis to grow your security skills and improve Eurofins IT environment. Experience: If you have: Previous experience in IT Security or Vulnerability Management with having experience (at least 5 years) Willingness to learn and motivation to act towards the achievable goal is key for us! On the role of Senior Information Security Analyst, you can utilize your technical skills: understanding of various IT technologies (IT infrastructure and application level), IT general knowledge, principles of software development and understanding of web technologies, utilizing CVEs, collecting and processing information from vulnerability databases, working with leading industry products and services (e.g. Qualys, Nessus, Security Scorecard, BitSight, ServiceNow etc. ), assessing and evaluating cloud-based solutions and cloud services. As you'll be working in an international environment, your English needs to be excellent . You have to be an effective communicator (both to technical and non-technical professionals), convincing that your concepts are relevant and important for the whole organization. Other skills you'll need are orientation on details, team collaboration, problem solving. Qualifications Educational background in IT or Information Security. Any related IT Security certification would be an added advantage.

We are looking for a motivated Information Security Analyst to run Information Security processes . The main focus area will be Vulnerability Management . You will be responsible for: - Analyzing vulnerabilities, - Providing necessary information and guidance to IT Technology Owners, - Monitoring remediation actions. You will have the ability to continuously learn about technologies and associated vulnerabilities, practice interactions with IT stakeholders and get detailed understanding of corporate processes (e.g. IT Change Management, Software Development). SPECIFIC ASSIGNMENTS: You will be working on running the Vulnerability Management processes. You will participate in assessing and evaluating vulnerabilities. You will have the opportunity to work with vulnerability assessment technologies from industry leaders. Your task will be to get understanding of the issue, inform respective IT Technology Owner and provide guidance on recommended action and monitor the execution. In the constantly changing world of emerging vulnerabilities and bit IT landscape of Eurofins you will have numerous opportunities to learn new aspects of vulnerabilities and get better, in-depth understanding of their underlying details. Your role is strategic for the organization running the vulnerability management process is key to secure the Company, build strong layer of defence and improve Companys external posture! Technical details, leading security products, industry best practices, guidelines - you will be working with them on day-to-day basis to grow your security skills and improve Eurofins IT environment. Experience: If you have: - Previous experience in IT Security or Vulnerability Management with having experience (at least 5 years) Willingness to learn and motivation to act towards the achievable goal is key for us! On the role of Senior Information Security Analyst, you can utilize your technical skills: understanding of various IT technologies (IT infrastructure and application level), IT general knowledge, principles of software development and understanding of web technologies, utilizing CVEs, collecting and processing information from vulnerability databases, working with leading industry products and services (e.g. Qualys, Nessus, Security Scorecard, BitSight, ServiceNow etc. ), assessing and evaluating cloud-based solutions and cloud services. As you'll be working in an international environment, your English needs to be excellent . You have to be an effective communicator (both to technical and non-technical professionals), convincing that your concepts are relevant and important for the whole organization. Other skills you'll need are orientation on details, team collaboration, problem solving. Qualifications Educational background in IT or Information Security. Any related IT Security certification would be an added advantage.

Job Summary We are looking for an Application Security Analyst with 2-3 years of experience in IT and security to strengthen our security team. The ideal candidate will focus on securing web and mobile applications (Android/iOS) by conducting penetration testing, vulnerability assessments, API security reviews, and ensuring compliance with security best Responsibilities Security & Penetration Testing : Conduct security assessments for web, mobile (Android/iOS), and APIs. Identify, exploit, and remediate OWASP Top 10 vulnerabilities. Perform manual and automated security testing to uncover security risks. Conduct secure code reviews to detect application security Security (Android & iOS) : Perform static and dynamic analysis of Android/iOS applications. Identify security risks such as insecure data storage, API vulnerabilities, and jailbreak/root detection bypass. Utilize tools like MobSF, Frida, Burp Suite, Objection, Drozer, Jadx, and apktool. Validate applications against OWASP Mobile Top 10 security Security & Secure Development : Perform API penetration testing using Burp Suite, Postman, OWASP ZAP. Identify critical vulnerabilities such as Broken Authentication, Excessive Data Exposure, and IDOR. Collaborate with developers to implement secure coding practices and remediation Management & Compliance : Conduct vulnerability assessments using tools like Nessus, Acunetix, Nexpose, Rapid7, and Qualys. Ensure compliance with ISO 27001, SOC2, GDPR, and other regulatory frameworks. Work closely with development teams to remediate security Skills & Qualifications : Bachelors degree in Computer Science, Information Security, or a related IT field. 2-3 years of experience in IT, with at least 1-2 years focused on Application Security & Penetration Testing. Strong understanding of OWASP Top 10 (Web & Mobile) vulnerabilities. Hands-on experience with security tools such as Burp Suite, MobSF, Frida, Objection, Drozer, Jadx, apktool. Proficiency in secure code review (Java, Swift, Kotlin, JavaScript). Expertise in API Security Testing and secure development best practices. Strong analytical, problem-solving, and communication Qualifications : Security certifications such as OSCP, CEH, eJPT, OSWE, GMOB (preferred). Experience with bug bounty programs or responsible disclosure & Benefits : Competitive salary based on experience. Career growth opportunities in Application Security & Ethical Hacking. Health & wellness benefits. Access to continuous learning, certifications, and security training programs. (ref:hirist.tech) Show more Show less

Techvantage.ai is a next-generation technology and product engineering company at the forefront of innovation in Generative AI, Agentic AI, and autonomous intelligent systems. We build intelligent, secure, and scalable digital platforms that power the future of AI across industries. Role Overview We are looking for a Senior Security Specialist with 8+ years of experience in cybersecurity, cloud security, and application security. You will be responsible for identifying, mitigating, and preventing threats across our technology landscape - particularly in AI-powered, data-driven environments. This role involves leading penetration testing efforts, managing vulnerability assessments, and implementing best-in-class security tools and practices to protect our platforms and clients. Key Responsibilities Design and implement robust security architectures for cloud-native and on-prem environments. Conduct penetration testing (internal/external, network, application, API) and deliver clear remediation strategies. Perform regular vulnerability assessments using industry-standard tools and frameworks. Lead threat modeling and risk assessments across systems, services, and data pipelines. Collaborate with development and DevOps teams to integrate security in SDLC and CI/CD pipelines (DevSecOps). Define and enforce security policies, incident response procedures, and access controls. Monitor for security breaches and investigate security events using SIEM and forensic tools. Ensure compliance with global standards such as ISO 27001, SOC 2, GDPR, and HIPAA. Provide guidance on secure implementation of AI/ML components and data protection strategies. Requirements 8+ years of experience in information security, application security, or cybersecurity engineering. Proficient in penetration testing methodologies and use of tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, OWASP ZAP, Qualys, etc. Deep experience in vulnerability management, patching, and security hardening practices. Strong understanding of OWASP Top 10, CWE/SANS Top 25, API security, and secure coding principles. Hands-on experience with cloud security (AWS, Azure, or GCP), IAM, firewalls, WAFs, encryption, and endpoint security. Familiarity with SIEM, EDR, IDS/IPS, and DLP solutions. Knowledge of DevSecOps and tools like Terraform, Kubernetes, Docker, etc. Excellent problem-solving, analytical, and incident-handling capabilities. Preferred Qualifications Certifications such as CISSP, CISM, CEH, OSCP, or AWS Security Specialty. Experience working on security aspects of AI/ML platforms, data pipelines, or model inferencing. Familiarity with governance and compliance frameworks (e.g, PCI-DSS, HIPAA). Experience in secure agile product environments and threat modeling techniques. What We Offer A mission-critical role securing next-gen AI systems. Opportunity to work with an innovative and fast-paced tech company. High visibility and leadership opportunities in a growing security function. Compensation is not a constraint for the right candidate. (ref:hirist.tech) Show more Show less

Your potential, unleashed. Indias impact on the global economy has increased at an exponential rate and Deloitte presents an opportunity to unleash and realize your potential amongst cutting edge leaders, and organizations shaping the future of the region, and indeed, the world beyond. At Deloitte, your whole self to work, every day. Combine that with our drive to propel with purpose and you have the perfect playground to collaborate, innovate, grow, and make an impact that matters. The team Deloitte helps organizations prevent cyberattacks and protect valuable assets. We believe in being secure, vigilant, and resilientnot only by looking at how to prevent and respond to attacks, but at how to manage cyber risk in a way that allows you to unleash new opportunities. Embed cyber risk at the start of strategy development for more effective management of information and technology risks Your work profile As Assistant Manager in our Cyber Team youll build and nurture positive working relationships with teams and clients with the intention to exceed client expectations: - Key Responsibilities: Threat Modelling: Conduct threat modelling sessions to identify potential security risks to applications, networks, and infrastructure. Utilize various threat modelling frameworks (e.g., STRIDE, PASTA) to evaluate the risk associated with business processes and IT systems. Vulnerability Assessment & Penetration Testing: Perform regular vulnerability assessments and penetration testing on applications, systems, and networks to identify weaknesses and misconfigurations. Security Risk Analysis: Analyse vulnerabilities identified in VAPT engagements and prioritize them based on risk to the business. Provide recommendations for remediation and mitigation. Incident Response: Assist in responding to security incidents by analysing threat patterns, supporting forensic investigations, and recommending preventative measures. Collaboration with Teams: Work closely with developers, DevOps, and other stakeholders to design and implement secure development practices and advise on secure code development practices. Reporting: Document findings from threat modelling, vulnerability assessments, and penetration tests, and present them to management and other key stakeholders. Security Awareness: Promote awareness of cybersecurity risks within the organization and provide guidance on secure coding and risk mitigation strategies. Required Skills and Qualifications: Strong knowledge of Threat Modelling methodologies and tools (e.g., Microsoft Threat Modelling Tool, OWASP Threat Dragon). Hands-on experience in performing Vulnerability Assessment and Penetration Testing (VAPT) using tools like Nmap, Burp Suite, OWASP ZAP, Nessus, and Metasploit. Solid understanding of common vulnerabilities (e.g., SQL injection, Cross-Site Scripting, Buffer overflows) and security protocols (e.g., TLS/SSL, OAuth, OpenID). Familiarity with network security (firewalls, IDS/IPS, VPNs, etc.) and web application security. Experience in performing risk analysis, writing security reports, and presenting findings to both technical and non-technical audiences. Knowledge of OWASP Top 10, CVE, and vulnerability databases. Proficiency in one or more programming languages (e.g., Python, Java, C, or scripting languages) is a plus. Understanding of security frameworks and compliance requirements (e.g., NIST, ISO 27001, GDPR, SOC 2) is desirable. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. Strong problem-solving skills and the ability to work independently and in a team. Prior experience in BFSI would be preferred. Preferred Qualifications: Certification: Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or similar penetration testing certifications. Certified Information Systems Security Professional (CISSP) or similar information security certifications. Previous experience in threat hunting, incident response, or application security. Understanding of security in Agile/Scrum development processes. Location and way of working Base location: Pune Professional is required to work from office. How youll grow Connect for impact Our exceptional team of professionals across the globe are solving some of the worlds most complex business problems, as well as directly supporting our communities, the planet, and each other. Know more in our Global Impact Report and our India Impact Report. Empower to lead You can be a leader irrespective of your career level. Our colleagues are characterised by their ability to inspire, support, and provide opportunities for people to deliver their best and grow both as professionals and human beings. Know more about Deloitte and our One Young World partnership. Inclusion for all At Deloitte, people are valued and respected for who they are and are trusted to add value to their clients, teams and communities in a way that reflects their own unique capabilities. Know more about everyday steps that you can take to be more inclusive. At Deloitte, we believe in the unique skills, attitude and potential each and every one of us brings to the table to make an impact that matters. Drive your career At Deloitte, you are encouraged to take ownership of your career. We recognise there is no one size fits all career path, and global, cross-business mobility and up / re-skilling are all within the range of possibilities to shape a unique and fulfilling career. Know more about Life at Deloitte. Everyones welcome entrust your happiness to us Our workspaces and initiatives are geared towards your 360-degree happiness. This includes specific needs you may have in terms of accessibility, flexibility, safety and security, and caregiving. Here’s a glimpse of things that are in store for you. Interview tips We want job seekers exploring opportunities at Deloitte to feel prepared, confident and comfortable. To help you with your interview, we suggest that you do your research, know some background about the organisation and the business area you’re applying to. Check out recruiting tips from Deloitte professionals. *Caution against fraudulent job offers*: We would like to advise career aspirants to exercise caution against fraudulent job offers or unscrupulous practices. At Deloitte, ethics and integrity are fundamental and not negotiable. We do not charge any fee or seek any deposits, advance, or money from any career aspirant in relation to our recruitment process. We have not authorized any party or person to collect any money from career aspirants in any form whatsoever for promises of getting jobs in Deloitte or for being considered against roles in Deloitte. We follow a professional recruitment process, provide a fair opportunity to eligible applicants and consider candidates only on merit. No one other than an authorized official of Deloitte is permitted to offer or confirm any job offer from Deloitte. We advise career aspirants to exercise caution.

Line of Service Advisory Industry/Sector FS X-Sector Specialism Risk Management Level Senior Associate Job Description & Summary At PwC, our people in cybersecurity focus on protecting organisations from cyber threats through advanced technologies and strategies. They work to identify vulnerabilities, develop secure systems, and provide proactive solutions to safeguard sensitive data. Those in penetration testing at PwC will focus on penetration testing (or pen testing) which is a security exercise where a cybersecurity consultant attempts to find and exploit vulnerabilities in a computer system. The purpose of this simulated attack is to identify any weak spots in a system's defences which attackers could take advantage of. Why PWC At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us . At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations Job Description & Summary: Job Description & Summary: We are seeking a highly skilled and experienced Cybersecurity/Risk Consulting Senior Associate to join our Risk Consulting team. As a Cybersecurity Senior Associate, you will be responsible for leading and managing a team of consultants to deliver high-quality cybersecurity and risk management services to our clients. Responsibilities: Key Responsibilities: · Good interpersonal skills (written and oral communication) and ability to articulate complex issues · Ability to communicate technical · information clearly and concisely, commensurate with the audience · Conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates. · Good communicator (written and verbal) and listener. · Must be a team player and motivated self-starter with ability to work independently with limited supervision. · Must be assertive, methodical and detail oriented Technical Experience: · Experience in Web and Mobile Application Security Testing, Vulnerability Assessment and Penetration testing · Analyze scan reports and suggest remediation / mitigation plan for security vulnerabilities · Should be aware of tools like Qualys, HP Fortify, IBM Appscan, Burpsuite, Kali Linux suite of tools · Expertise in mobile apps reverse engineering and in-depth knowledge of Android and iOS ecosystems. Knowledge of industry standard tools for mobile pentest. · Thorough understanding of OWASP Top 10 vulnerabilities and their mitigations. Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering) · Conduct penetration test and launch exploits using Nessus, Metaspoilt, kali linux penetration testing distribution tools sets · Conduct Vulnerability Assessments of Network Devices using various open source and commercial tools · Map out a network, discover ports and services running on the different exposed network and security devices · Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption. · In-depth understanding on Common Vulnerability Exposure (CVE)/ CERT advisory database. Broad background of networks, operating systems (Window, Unix, Linux), firewalls and security engineering concepts. · Knowledge of scripting languages (Perl, Python, Shell etc) will be added advantage · Knowledge of Open-Source Security Testing Methodology Manual (OSSTMM) Mandatory skill sets: CEH, ECSA, LPT (any one) Preferred skill sets: OSCP, OSWE Years of experience required: 2-10 Years Education qualification: B.Tec Education (if blank, degree and/or field of study not specified) Degrees/Field of Study required: Master of Business Administration, Bachelor of Engineering Degrees/Field of Study preferred: Certifications (if blank, certifications not specified) Required Skills SailPoint IdentityIQ Optional Skills SoCs Desired Languages (If blank, desired languages not specified) Travel Requirements Not Specified Available for Work Visa Sponsorship? No Government Clearance Required? No Job Posting End Date Show more Show less

The IBM Cloud Platform Compliance team is looking for a talented, innovative and enthusiastic technical professional that will support and improve our compliance posture to ensure our customers succeed. IBM Cloud Platform Compliance has a global cloud presence that continues to grow and expand its reach. Our compliance team is responsible for maintaining compliance at scale for all IBM Cloud platform services. As a trusted platform, first-rate security, fail-safe reliability and exceptional quality is of the utmost importance. As an IBM Cloud Platform Compliance Specialist, you will ensure a risk-free, continuously compliant environment for our customers. Bringing a unique blend of knowledge and skills in both compliance and technology systems, you will play a key role in analyzing business needs, identifying and solving problems, advising and designing automated solutions, developing and testing new processes and procedures, and maintaining well-documented information systems. You will work in an agile, collaborative environment to build, configure, maintain and operate both knowledge and processes systems for IBM Cloud. Working closely with our worldwide teams, you will have a unique opportunity to gain first-hand experience with the latest technologies and be supported by a global team of IBMers to grow your own technical skills and develop your career. Key Responsibilities: Maintaining and enhancing the compliance posture for Platform infrastructure and services Identifying and leading initiatives to drive enhanced automation for compliance activity Timely monitoring and reporting of compliance status Delivering clear and concise responses to audit requests Proactively identifying issues and improvement opportunities Collaborating with other professionals and stakeholder teams to determine functional and non-functional requirements for new processes and automations Working in a global team collaborating with IBMers to share recommendations, solutions and ideas Required education Bachelor's Degree Preferred education Bachelor's Degree Required technical and professional expertise Working knowledge of information security best practices such as: ISO 27000 series, GDPR and compliance programs such as FedRAMP, HIPAA, GDPR, SOC 2, or PCI Ability to develop and implement appropriate processes to achieve and maintain compliance and reduce risk Ability to manage multiple tasks, while ensuring that commitments and timetables are met Excellent written and verbal communication skills as well as flexibility to work with team members in other time zones Knowledge of compliance tools such as vulnerability scanners (Nessus), EDRs, etc. Preferred technical and professional experience Project Management knowledge or experience a strong plus Familiarity with any major cloud provider Scripting skills Understanding of Cloud/DevOps/SRE Knowledge of automation and configuration management tools Familiarity with Kubernetes/OpenShift Experience in programming with Python or Go

As a Cyber Security Analyst you will be responsible for the administration, endpoint protection, vulnerability management, intrusion detection system, security information & event management, Active Directory, Domain Controller and Email Security.